#ubuntu-server 2006-05-22
<CarlFK> todays daily ubuntu-server errors on installing the kernel: base-installer: error: exiting on error base-installer/kernel/failed-install
<CarlFK> lots-o-log files http://dev.personnelware.com/carl/temp/May16/c/
<CarlFK> today's dapper-server: "Unable to install the selected kernel - an error was returned while trying to install the kernel into the target system.  Kernel package: linux-386"   details: http://dev.personnelware.com/carl/temp/May17/a
<Tingle> hi i just installed the server of ubuntu because i have a verry slow computer but i would like to run X on it for a browser when i install xserver-xorg i miss all kinds of packages and im not that experienst whit it could someone tell me what to install instead?
<Tingle> maybe xserver-xorg-core?
<J_P> hi all
<infinity> Tingle: You really shouldn't be installing the server edition if you want it for a graphical desktop.
<infinity> Tingle: This is also not a support channel.
<Tingle> infinity: ok
<redguy> howdy
<redguy> i got a question concerning libapache-mod-jk
<redguy> there are two packages providing ajp connectivity for apache
<redguy> libapache-mod-jk and libapache2-mod-jk2
<redguy> the sad thing is that jk2 has been stalled since november 2004
<redguy> and for tomcat 5.5 for example it is not supported anymore
<redguy> yet, when I want to have jk with apache2 I have to use the obsolete jk2 package
<redguy> does this qualify for a bug report?
<redguy> http://tomcat.apache.org/connectors-doc/news/20041100.html#20041115.1 for the curious
<GaiaX11> How do i install a server using ubuntu?
<GaiaX11> Is it as good as debian?
<GaiaX11> Is there a cd for that?
<GaiaX11> And how can i get it?
<redguy> GaiaX11: i should have changed the facoid so that it would point you to https://wiki.ubuntu.com/ServerFaq
<GaiaX11> Any help?
<GaiaX11> What is facoid?
<GaiaX11> I will go there
<GaiaX11> Thanks!
#ubuntu-server 2006-05-23
<tepsipakki> mithrandir: the new user-setup broke preseeding "passwd/make-user boolean false"
<tepsipakki> it still asks for the username
<tepsipakki> duh, wrong channel =)
<CarlFK> what is the name of the package for ubuntu-server kernel 686?
<CarlFK> juser@tsp2:~$ uname -a
<CarlFK> Linux tsp2 2.6.15-21-386 #1 PREEMPT Fri Apr 21 16:43:33 UTC 2006 i686 GNU/Linux
<CarlFK> if I am going to compile a module, is there a different header package?
<fabbione> wrong channel.
<fabbione> -> #ubuntu
<CarlFK> ill give it a shot...
<CarlFK> I think I broke #ubuntu ;)
<Rawh> Is this the right channel for questions about mirroring ubuntu releases ?
<soumyadip> Rawh: nope
<soumyadip> Rawh: debmirror is your friend
<Rawh> hmm, already talking with some other dutch person whois in the list
<Rawh> cheers for the answer though
<CarlFK> is there a -server 'home page' or some good place to start to find info?
<lionelp> CarlFK: probabily the Ubuntu server guide: http://doc.ubuntu.com/ubuntu/serverguide/C/index.html
<lionelp> You alse have the wiki (https://wiki.ubuntu.com)
<CarlFK> thanks
<CarlFK> hmm... looking for what the difference between -server and -desktop
<lionelp> kernel and default installation packages selection
<lionelp> (and support, Dapper server will have 5 years support instead of 3 years for desktop)
<lionelp> CarlFK: this is the first question in ServerFaq: https://wiki.ubuntu.com/ServerFaq
<lionelp> :)
<CarlFK> thanks
<CarlFK> the "Which kernels ?" answer isn't clear
<CarlFK> 1 and 3 don't agee
<CarlFK> wait...
<CarlFK> "386 will be installed", then "The installer is capable of recognizing your cpu and install the "best" kernel for it."
<CarlFK> ah, 1 and 3 are messed up too
<CarlFK> #1 386  required...
<CarlFK> #3 ...i386.deb  needs i686
<lionelp> keep cool :)
<lionelp> the installer (desktop and server) use the same kernel
<CarlFK> I would fix it if I knew what 'right' was, and I don't think I should be guessing :)
<lionelp> but it will install by default another kernel the -server
<lionelp> It do not know if the last is right
<CarlFK> kinda figured
<lionelp> "The installer is capable of recognizing your cpu and install the "best" kernel for it."
<lionelp> Last time I installed, it was not the case
<CarlFK> ditto
<CarlFK> last time I tired, it errored ;)
<lionelp> When did you tried ?
<CarlFK> this morning
<CarlFK> I am doing pxe net install
<CarlFK> https://launchpad.net/bugs/45248
<CarlFK> might have something to do with it
<blue-frog> hi looking to restrict user login session following time of day, anyone could help pls?
<blue-frog> I have strange results
<lionelp> CarlFK: we are talking about Dapper ?
<lionelp> (just to be sure :))
<CarlFK> lionelp: yes - daily
<lionelp> CarlFK: right, you seems to have the same pb
<lionelp> you should probabily try with tomorrow daily :)
<CarlFK> thats the plan
<CarlFK> problem on another box, also -server (from a few weeks ago)
<lionelp> blue-frog: You modified /etc/security/time.conf ?
<CarlFK> yenta_socket module won't load when I boot -server
<CarlFK> insmod errors
<lionelp> let me try
<blue-frog> yes i did user restriction works but..
<CarlFK> but I munst have somehow caused it, because I have this that I cut/pasted from a ssh session over a pccard nic
<CarlFK>  uname -a
<CarlFK> Linux tecra8000 2.6.15-22-server
<blue-frog> as soon as i uncommemt account required pam_time.so in common-account, then I cannot luanch a grphical front-end for synaptic for example, says paasword is incorrect while sudo in console works fine
<CarlFK> so it worked a few hours ago, and now it doesn't, and "I didn't do anything!"
<blue-frog> if I comment "pam_time.so" then gksudo works fine again..
<CarlFK> cept apt-get install linux-686, headers, and some other junk ;)
<blue-frog> it puzzles me a bit to be honest
<lionelp> blue-frog: did you have a look to /var/log/auth.log ?
<blue-frog> right i dind't indeed..
<blue-frog> will go have a look
<blue-frog> one more thing pls
<blue-frog> user time restriction works fine for not login before or after allowed time..
<blue-frog> but if client logs 2 minutes before end of time then there is no time out
<blue-frog> tried timeoutd but obviously must have been missing something in the syntax of /etc/timeouts as nothing happens and timeoutd is running
<lionelp> blue-frog: with so few elements, we can not be very helpfull :-(
<blue-frog> authlog. says there's an authentication failure, well I know that wihtout looking at log...
<blue-frog> ah says couldn't get tty name
<blue-frog> could we talk one/one quickly so i cabn explain without flooding lionel pls?
<lionelp> sure
<blue-frog> .. /join #bluefrog if you don't mind then
<blue-frog> or is it ok i explain from the start in this channel?
<lionelp> CarlFK: modprobe yenta_socket works for me
<CarlFK> yeah, it did for me too - I have no clue how I did it
<CarlFK> when -server will install again, I'll install from scratch
#ubuntu-server 2006-05-24
<KurtKraut> I have Ubuntu running in a desktop CPU. I use this machine as personal webserver. Actually, I'm using Dapper's kernel for desktop. I would have a better performance with linux-image-server ?
<blue-frog> I installed timeoutd on my breezy, there's a script in /etc/init.d . what command must I do for timeoutd to be run at boot time pls? (update-rc?)
<lionelp__> blue-frog: yes, it is update-rc.d
<blue-frog> ty
<infinity> blue-frog: It's not already set up to do so?
<blue-frog> apparently not, timeoutd shows up in /etc/init.d but it's not launched at boot time
<infinity> (base)adconrad@cthulhu:~$ ls -l /etc/rc?.d/???timeoutd
<infinity> lrwxrwxrwx 1 root root 18 2006-05-19 18:47 /etc/rc0.d/K20timeoutd -> ../init.d/timeoutd
<infinity> lrwxrwxrwx 1 root root 18 2006-05-19 18:47 /etc/rc1.d/K20timeoutd -> ../init.d/timeoutd
<infinity> lrwxrwxrwx 1 root root 18 2006-05-19 18:47 /etc/rc2.d/S20timeoutd -> ../init.d/timeoutd
<infinity> lrwxrwxrwx 1 root root 18 2006-05-19 18:47 /etc/rc3.d/S20timeoutd -> ../init.d/timeoutd
<infinity> lrwxrwxrwx 1 root root 18 2006-05-19 18:47 /etc/rc4.d/S20timeoutd -> ../init.d/timeoutd
<infinity> lrwxrwxrwx 1 root root 18 2006-05-19 18:47 /etc/rc5.d/S20timeoutd -> ../init.d/timeoutd
<infinity> lrwxrwxrwx 1 root root 18 2006-05-19 18:47 /etc/rc6.d/K20timeoutd -> ../init.d/timeoutd
<infinity> Well, it's configured to start.
<infinity> update-rc.d won't help you here (since it was already run successfully to do exactly what you want)
<blue-frog> it shows up in all rc* indeed but I still have to start it manually
<lionelp__> infinity: blue-frod is on breezy
<infinity> So, find out why it's not starting, then. :)
<infinity> lionelp__: Makes no difference.  As he says, it has the links in the right place in breezy too.
<lionelp__> oups, i missed it
<infinity> blue-frog: Make the init script log its actions somehwere and see if there's some reason it's dying on boot.
<lionelp__> blue-frog: yesterday you told that you were not sure of your configuration syntax
<lionelp__> that maybe the reason
<blue-frog> config syntax problem is to have timeoutd reading correctly /etc/timeouts
<blue-frog> am not sure about my syntax in /etc/timeouts
<blue-frog> which so far is
<blue-frog> Al:*:joe:*:2:3:5:WARN
<blue-frog> the figures are riciculously low for my tests...
<infinity> blue-frog: Well, does it start correctly with "/etc/init.d/timeoutd start"?  If so, then config syntax won't change how it works at boot versus how it works later.
<blue-frog> otherwise I just installed timeoutd using synaptic and didn't touch anything else
<infinity> If it's failing to start ONLY at boot, then there's something special about the state of the machine at S20 that's making timeoutd not start.
<blue-frog> yes starting manually causes no problem to the daemon
<blue-frog> and I think of it I have a similar problem with ssh and samba as well now
<blue-frog> not starting at boot but starting and working manually ok
<blue-frog> ps ax gives me   8178 ?        Ss     0:00 /usr/sbin/timeoutd
<lionelp> why not :)
<lionelp> did ps show you an init script that is still running ?
<blue-frog> ps gives me bash and ps
<lionelp> ps waux or similar i mean :)
<blue-frog> not sure what am supposed to look for with px waux, gives me shitloads of lines
<lionelp> ps waux | grep init.d
<blue-frog> /bin/sh /etc/init.d/rc 2
<lionelp> Ok
<lionelp> You should not have anything
<blue-frog> aha ah
<lionelp> One of the starting script never ends
<blue-frog> ok i know which
<lionelp> it starts with a letter before "S" :)
<blue-frog> hotkeysetup, i deleted it in /etc/ini.td but dind't take out the links
<infinity> Uhm, if rc is still stuck between runlevels, that's generally considered bad, yes. :)
<blue-frog> so is ther a command to update all rc* or do i have to rm manually the bad links?
<lionelp> you have to do it manually
<blue-frog> ok will do ty for this, now any idea why my /etc/timeouts seems not to be read correctly pls?
<infinity> update-rc.d hotkeysetup remove
<infinity> But why did you remove it in the first place? :)
<blue-frog> was new to linux and kept having lines an d lines in the logs about key not assigned
<infinity> Oh, it's hotkey-setup, not hotkeysetup, according to my system.
<blue-frog> yes sry typo from my part
<infinity> blue-frog: You could have just purges the hotkey-setup package. :)
<blue-frog> that's what i would do now yes, but kind of forgot about waht i did ^ months ago :)
<blue-frog> k links removed
<blue-frog> infinity, are you familiar with time restriction and session timeout pls?
<infinity> I don't use timeoutd, sorry.
<infinity> Just installed it for 20 seconds up there to check on your init.d problem.
<blue-frog> too bad for me, and about account required pam_time.so in /etc/pam.d/common-account?
<blue-frog> I have a weird thing going on with gksudo when I do it
<lionelp> blue-frog: it works for me
<lionelp> I do a simple test with timeoutd
<lionelp> lionel@cigogne:~$
<lionelp> You have exceeded your idle time limit.  Logging you off now.
<lionelp> Connection to cigogne closed by remote host.
<lionelp> Connection to cigogne closed.
<blue-frog> what 's your syntax in /etc/timeouts pls lionel?
<lionelp> Only one line:
<lionelp> Al:*:lionel:*:2:0:0:0
<blue-frog> hum same than me but now as all my daemon were not loaded i may have a problem from ther
<blue-frog> going to load all of them and i'll be back
<infinity> I don't use pam_time either, though it looks somewhat straightforward.
<blue-frog> inifinity, yes it is straight forward
<blue-frog> but as soon as I activate pam_time.so, my admin account is not able to use the graphical frontend for programs such as synaptic
<infinity> Then I suspect you configured it wrong. :)
<blue-frog> while sudo in console stilll works, going to load everything, might be coming from that unachieved boot...
<blue-frog> configured what?
<infinity> pam_time
<lionelp> blue-frog: hunt only one problem at the same time :)
<lionelp> timeoutd and pam_time are two different things
<blue-frog> well as you said straight forward so i din't fiddled with much thing except pam.d/coomon-account...well yes c ya in a bit
<blue-frog> right lionel
<blue-frog> infinity, lionel ty for your help, found the script that was hanging up in rc2, was partimage server...removed it all works fine now, timeouts and so on...will double check in 10 minutes about this gksudo problem
<lionelp> nice
<blue-frog> this timeou thing is most helpful as otherwise someone connectiong 2 minutes vbefore the end of its authorized session can stay connected forever
<blue-frog> still i have to make timeoutd check for time range but i'll get there eventually
<blue-frog> is there a way to accelerate the sudo timeout pls?
<blue-frog> I mean to force it
<lionelp> blue-frog: sudo -K
<blue-frog> ty
<blue-frog> what about gksudo
<blue-frog> don't see anything in man
<blue-frog> and sry for sudo, man would have given me the answer
<lionelp> that is more a desktop issue than a server issue btw
<blue-frog> it is indeed but the problem with the other channels is that they are more into displaying nvidia and ati stuff than anything else unfortunately
<blue-frog> or installing games... :(
<lionelp> i know, i know
<blue-frog> btw regarding timeoutd and pime_time, if I setup damba-ldap pam_time and timeoutd will still work the same correct?
<blue-frog> sry for typos..
<blue-frog> anyway will install it so iw ill see by myself, not thinking straight today..
<lionelp> it is more or less the same
<lionelp> I ma note sure (I do not remember, but samba guide should say) if time policy are realy used bu samba
<blue-frog> it's ok made myself a script that installs/configure samba-ldap in 5 minutes so it's easy for me to check...
<lionelp> blue-frog: does timeoutd covers your needs ? It will logout a user only if he is idleing, right ?
<blue-frog> not only
<blue-frog> you can specify idle, max time in session, max time per day
<blue-frog> and normally it can check as well for time range
<blue-frog> by adding it just after Al for exaple
<blue-frog> testing it right nw, will tell you in a minute
<lionelp> ah yes, okay
<lionelp> I should tell my school to use it instead of rebooting 5 times the workstations until people definitely left the school :)
<blue-frog> hum have to man a bit more to make timeoutd checks the time range
<blue-frog> that's exactly why am looking at it... children :)
<lionelp> :)
<lionelp> you work for a university ?
<blue-frog> but that can be applied to all companies anyway..
<blue-frog> no looking for a job
<lionelp> I am not at school anymore
<lionelp> (so do not call me children anymore ;-))
<blue-frog> and been trainig myself hard on linux, so I am missing a lot of command line, but i can find my way around and perpare a server wihtout problems
<blue-frog> :)
<blue-frog> am not anti windows but pro linux...
<blue-frog> now
<blue-frog> am at a loss to achieve the following. joe can only log in and use gdm from 3pm ot 5pm. if he logs in at 4.45pm he must be disconnected at 5pm. fiddled with pam_time and timeoutd but can't achieve what I want, hints/help most welocmed
<airjump> hello
<lionelp> hi airjump
<airjump> hi lionelp
<BlackHand> hi
<lionelp> Hi BlackHand
<BlackHand> for server what fs can be the recomended for ubuntu
<BlackHand> ext3, reiserfs or xfs ?
<BlackHand> rhel and derived (centos, tao) don't use other thing that ext3 (centos support xfs in unofficial way) in suse i see reiserfs, but some ppls recomends me to stay away from reiserfs in servers
<BlackHand> in the ubuntu server inititative will be a recomended fs  ?
<maswan> My personal recommendation is ext3 or xfs depending if you value stability or performance highest.
<lionelp> BlackHand: there was a rescent article on debian-administration about that
<lionelp> http://www.debian-administration.org/articles/388
<lionelp> it will give you more arguments than I can
<BlackHand> gud
<lionelp> The conclusion is that XFS is the best compromise (for those who are too lazy too read :-))
<lionelp> I personnaly use XFS
<BlackHand> yes i see
<maswan> if you break your storage only slightly, xfs_repair is fairly good at finding your data. I don't have the same confidence in reiser tools.
<BlackHand> and the point about xfs and 4k stacks ?
<maswan> dunno, what was that point?
<BlackHand> for example xfs + lvm or xfs + soft raid or worse xfs + lvm + soft raid, stack exhausting and core dump
<maswan> ok, never seen that happen.
<BlackHand> xfs alone (no other layer for device/filesystem) no probs
<BlackHand> the ubuntu kernel have 4k stacks active ?
<maswan> we run breezy with lvm+xfs and md+xfs and no issues.
<maswan> not sure on lvm+md+xfs in produciton use right now
<lionelp> I have no lvm+md+xfs here
<lionelp> but I have md+xfs on breezy and dapper without probelm
<BlackHand> uhm
<BlackHand> ubuntu dont use 4K stacks i see now
<BlackHand> no risk to reduced stack size for many layers in device/filesystem
<BlackHand> ok
<BlackHand> ^_^
<CarlFK> lionelp: todays server install still failing on installing kernel https://launchpad.net/distros/ubuntu/+source/debian-installer/+bug/45248
<CarlFK> hmm, that may still have been yesterdays .iso
<CarlFK> yep.  let me try again today using today's image ;)
#ubuntu-server 2006-05-25
<CarlFK> still failed
<lionelp> The team is on vacation today
<lionelp> Hope it will be better on monday :)
<pab1> any1 here with some vmware experience
<mgalvin> pab1: what do you need help with?
<blue-frog> is there a network admin (most likely person to have encountered this problem) who could help me with user access restriction based on a time range pls?
<nictuku> blue-frog, we can try
<blue-frog> my problem is
<nictuku> but did you try #ubuntu ?
<blue-frog> am trying all channels since last 4 days..
<nictuku> ahm ok
<blue-frog> unfortunatelu in ubuntu most people deals with graphic cards and games (i exagerate a little yes)
<blue-frog> and user restriction seems to me more a server question than normal
<nictuku> I agree with you, but #ubuntu-server is not a support channel
<blue-frog> hum what is it then?
<nictuku> it's saturday, though
<nictuku> blue-frog, see the topic. But go on
<Rawh> nictuku: i kinda disagree with that
<Rawh> if its not a support channel, then what kind of function would it have
<blue-frog> dev ok then no luck for me ty
<Rawh> there's load of idle channels already....
<blue-frog> well in fact dev could be interested in that though as I find strange the way pam_time works
<Rawh> blue-frog: http://www.ubuntu.com/support
<Rawh> did you try any of those sources already ?
<nictuku> Rawh, I don't agree either. Also, the wiki points to this channel as a support channel. But the topic doesn't say so, and fabbione and other guys seem to consider support off-topic here.
<nictuku> blue-frog, will you discuss your issue or not?
<blue-frog> well I will ask my question as a possible bug or missing implementation , is that ok with you?
<blue-frog> pam_time restrict ppl to log on before and after a time range
<nictuku> blue-frog, see /etc/security/time.conf
<blue-frog> but if ppl logs on 2 minutes before the end of time range then they can stay connected forever
<blue-frog> that is that last part which is bothering me
<nictuku> that is expected. the restriction is for "logon", not usage.
<blue-frog> I half agree with you
<blue-frog> if time range is 3pm to 5pm i expect the user to be disconnected at the end of time range
<nictuku> I don't know if pam can help you with that, but in any case you can make cron do that for you
<nictuku> although that is very disruptive
<blue-frog> so basically my only solution is to have a script checks who's online and checks wht's in time.conf
<nictuku> probably
<blue-frog> hum ty
<Rawh> hmm, i doubt there's someone online who manages mirros ?
<Rawh> mirrors even
<theCore> does someone would like to start a #ubuntu-trivia channel with me?
<theCore> sorry wrong channel,
<Rawh> o_O
#ubuntu-server 2006-05-27
* Starting logfile irclogs/ubuntu-server.log
* #ubuntu-server  [freenode-info]  channel trolls and no channel staff around to help? please check with freenode support: http://freenode.net/faq.shtml#gettinghelp
<davekempe> hey anyone here played with lvm-snapshots much - I have a quick question about i/o memory usage with em
<fabbione> davekempe: just ask...
<fabbione> somebody might answer
<davekempe> hey fabbione - thanks for all your hard work btw
<fabbione> thanks
<fabbione> davekempe: ask your question? :)
<fabbione> i did play a bit with lvm snapshotting
<davekempe> i am just having general troubles with performing lvm snapshots when a server is under heavy load. using breezy with xen 3.0.0 kernel and packages
<fabbione> so i migth be able to answer
<davekempe> i get memory errors and lockups on removing the lvm snapshot
<fabbione> we don't support xen sorry
<davekempe> lvremove hangs indefinitely
<davekempe> yeah i know
<fabbione> there were a lot of bugfixes in dapper for snapshots
<fabbione> you really want to try to upgrade
<davekempe> yeah i upgraded one of my machines to dapper with the debian 2.6.16 kernel today and lvm snapshot seemed to behave better
<davekempe> so thats basically it...
<davekempe> I figured it was going to be upgrade to dapper - not that i mind
<davekempe> just wanted a second opinion
<fabbione> there was a bug where doing a lot snapshots in sequence was giving problems
<fabbione> that's how i got to test it
<fabbione> high load and blablabla
<davekempe> ahh
<fabbione> we had to upgrade to lvm2 2.0.somethingmorenewthanwehad
<davekempe> yeah this machine was rsyncing off an lvm snapshot and the next snapshot hung
<davekempe> yeah 2.0.2 i think
<davekempe> fixes it
<fabbione> yeah something like that
<fabbione> but .15 is good enough to do the job
<fabbione> no need of .16
<davekempe> yeah no xen for .15 though... but its cool. dapper it is :)
<pab1> With VMware, I have no DNS name resolution in my guest.  The DNS servers are valid and I entered them manually.  Using bridged ethernet.  Anyone ever run into this or have any ideas?
<vars> hey i need a ubuuntu server
<vars> here's the good news i'm an idiot
<vars> hey
<vars> beezly, how is this project comming?
<beezly> vars: hi
<beezly> slowly - right now, i'm just looking at what the impacts of running /etc over bzr are
<beezly> i'd like to get dpkg to do a bzr commit after it makes changes, but i don't think there's a low-impact way of doing that - i suspect it needs changes to dpkg.
<infinity> beezly: If you always use apt, you can do it in an apt post-run hook, but there's no sane way to do it in dpkg itself, no.
<beezly> infinity: yeah - i thought that might be the case :/
<mgalvin> fabbione: ping?
<fabbione> mgalvin: pong?
<mgalvin> fabbione: hey
<mgalvin> did you happen to get to read that email the other day?
<fabbione> mgalvin: yes but i am quite busy with the release now
<fabbione> also some of the info you are asking are kind of company only
<mgalvin> fabbione: i understand, was just wondering about a few things since the meeting is coming up
<fabbione> 1 and 2 i can't answer
<fabbione> 3) yes, everything that is supported by a FC-HBA controller should work. I am using Emulex controllers here in my house with an old SAN system.
<fabbione> 4) The suite is tested. i do the tests personally. got bugs and fixed them from other users (positive reports from upstream too about our packaging).
<fabbione> GFS is part of tests of 4
<fabbione> OCFS2 is integrated into 4) and it works
<fabbione> also there.. good test reports from upstream
<fabbione> not just us
<fabbione> let me slam this in the email
<mgalvin> cool, that should be good enough for now... the CIO really just wants to hear some one else (in addition to me) say this stuff works
<mgalvin> thanks a lot fabbione
<fabbione> well i did the packaging..
<fabbione> and tested them
<fabbione> if that's enough....
<mgalvin> when you refer to upstream, does that mean redhat?
<fabbione> for the cluster suite and GFS I mean some of the upstream developers of the suite (ex sistina) that now work for RH
<fabbione> for OCFS2 i mean a couple of developers that works on it
<mgalvin> k cool
<fabbione> but it's not like you will write at info@redhat.com and get these information
<mgalvin> i know :)
<fabbione> ok
<fabbione> just that we understand eachother
<mgalvin> yup
<mgalvin> hopefully jane will be able to get back to me before the meeting, the CIO is actually more interested in some success stories... but this info you are giving me certainly helps too :)
<fabbione> just to make it clear.. i don't know the answer to 1) and 2)
<fabbione> sometimes there are success stories that are not our customers
<mgalvin> yea, i know, no prob, mdz seemed to think jane might be able to help us there, no worries
<fabbione> ok
<mgalvin> thanks again... i'll let you get back to work :)
<fabbione> i am not worried
<fabbione> your CIO is welcome to contact me for more tech info if he wants them
<mgalvin> k cool, i will let him know you offered
<fabbione> mgalvin: or show him my office: http://people.ubuntu.com/~fabbione/office/
<fabbione> that's where the cluster suite is packaged and tested
<fabbione> ;)
<mgalvin> nice!!!
* mgalvin drools
<mgalvin> i want one
<Burgwork> hey all
<infinity> Hey Corey.
<Burgwork> I am about to write you all a shiny new page for the website about why the ubuntu server is great
<Burgwork> but I need some ideas
<infinity> Can you ask me for great ideas tomorrow, when I've had some sleep (and am not innebriated)? :)
<Burgwork> infinity, sure
<Burgwork> https://wiki.ubuntu.com/Website/Desktop <-- something similar to this
<BlankB> Is there a place that describes the differences in the linux-image.2.6.15.-23-XXX images? Like the difference between -server and -server-bigiron?
<mgalvin> BlankB: there is a brief explanation at http://www.ubuntu.com/testing/dapperbeta#head-0267ca58bb4998011f8a1749714aa566d3fd918c
<BlankB> mgalvin: Looking at that now...
<BlankB> mgalvin: That is probalby what I was looking for.
<BlankB> I should look at the differences of the two kernel configs for them and see what the real differences are.
<thefish> anyone got any opinions on which to use between xen and vmware-server?
<beezly> thefish: imho, xen is more elegant, if you can do it. vmware-server is easy.
<spike> thefish: considering vmware-server is vmware playground released with the only intention to not lose too much visibility with Xen increased populatiry, Xen.
<beezly> i would go with Xen too, assuming you can
<thefish> mmm
<thefish> i have only used vmware, and its as easy as peeing into a well, tried xen ages ago and pulled a lot of hair, i guess it has got a bit easier though
<spike> vmware-server is and always will be "beta". Xen is meant to be run in production
<thefish> whats it like to install on ubuntu?
<beezly> spike: is that true?
<spike> beezly: it is
<beezly> my understanding is that vmware server is to replace vmware GSX
<thefish> they recon on their site that Q2 will be final for vmware server, and they will start selling support and maintenance for it
<thefish> beezly: thats what vmware.com says
<beezly> thefish: that's my understanding too
* beezly nods at thefish
<thefish> i like the idea of xen though, a lot of good hackers working on it
<thefish> but i dont want a server to go down and not have a clue about where to start
<beezly> thefish: xen is architecturally much better. it has far lower overhead than vmware.
<thefish> iirc xen vms are moveable to other hosts?
<spike> speaking f overhead, I like openVZ
<beezly> thefish: yes - whilst keeping them running
<thefish> that is sexy
<spike> thefish: as long as they are on the same subnet, yes
<thefish> k
<beezly> i'm not familiar with openvz
<thefish> swsoft/plesk product no?
<spike> beezly: well, when it comes to overhead, the point is you're not running a kernel per guest, which saves a lot
<spike> but architecturally it's completely different, sw Vs hw virtualization
<beezly> spike: ah, I see.. it's quite like Solaris Zones.
<spike> yes, exactly
<spike> about the vmware-server, when it came out afaik it wasnt planned to replae GSX afaik, things might have changed, yet I hardly believe it will ever properly supported
<thefish> apparently there are some nice new cpus coming out with much more support for virtualising on i386
<beezly> thefish: that's true - both AMD and Intel have chips coming along (I think they are due this year) with instructions to support virtualisation.
<beezly> i'm not too sure what the impact of that is though.
<thefish> running windows in xen
<thefish> without modification
<spike> unmodified guests
<beezly> i'm aware of that, but i'm unsure how it achieves that. I've not looked into it that much
<Hardtrac> hello
<Hardtrac> can any1 help me?
<kermit> http://releases.ubuntu.com/dapper/
<shawarma> Just did an upgrade to Dapper on a server with software RAID.. I got a mail with subject: "FW: Debconf: Configuring mdadm -- Initialise the superblock if you reuse hard disks
<shawarma> Does that ring a bell to anyone?
<shawarma> It says that if I'm using a RAID array from an earlier installation I should zero the superblock...
<shawarma> I'm not sure what to make of that.
<trs80> shawarma: it's talking about if you move hard disks used in raid between machines
<xerophyte> is there anything like Fedora Directory server for Ubuntu ???
<crazy_penguin> hi all!
<crazy_penguin> small question if i may. is the apache package for ubuntu preconfigurated to a certain level or it is raw?
<lionelp> crazy_penguin: like Debian package
<lionelp> it serve a localhost (/var/www)
<lionelp> in most cases, it will need a little work for sysadmin :)
<crazy_penguin> lionelp: ok. thx:)
<NobodHere> hey all...is this an OK place to ask about jumbo frame problems?  I have a feeling #ubuntu wouldn't be much help :-|
<NobodHere_> anybody home?
<gpd>  /var/run is mounted as varrun type in dapper
<gpd> which causes ln /var/run/foo /var/spool/bar to fail
<gpd> for a chroot postfix -> courier-authdaemon
<gpd> no idea where to start on this one...
* gpd notes ubuntu not making quite the same impact on the server world :(
<jsgotangco> its pretty new :)
<gpd> not yet released - some might say :)
<fabbione> gpd: how old is your installation?
<fabbione> tmpfs on /var/run type tmpfs (rw)
<fabbione> dapper updated as of today
<fabbione> everything has been reverted to be tmpfs
<jsgotangco> actually this would be the 2nd ubuntu-server release
<jsgotangco> (officially)
<gpd> let me check
<gpd> varrun       tmpfs       57488        76     57412   1% /var/run
<gpd> it's not so much the type that is the problem but the different device
<gpd> and i am current with dapper dist-upgrade
<fabbione> gpd: file a bug on launchpad, add infos, conffiles etc.
<fabbione> assign it to adconrad@ubuntu.com
<gpd> again - not sure if it is a bug or if i am jsut not doing it correctly
<fabbione> gpd: ok, start filing a bug so that somebody will start looking at it
<gpd> chroot postfix and courier-authdaemon normally talk via:
<gpd>  /var/spool/postfix/var/run/courier/authdaemon/socket
<fabbione> timelimit for any upload is tomorrow
<gpd>  /var/run/courier/authdaemon/socket
<fabbione> so you better file a bug or it will pass unseen
<gpd> ok will do
<gpd> what package?
<gpd> initscripts or courier-foo
<fabbione> hmm
<fabbione> courier-foo
<gpd> https://launchpad.net/distros/ubuntu/+bug/46858
<gpd> my first bug report - probably useless :(
<infinity> gpd: Changing that from a hardlink to a symlink should solve the problem.
<infinity> gpd: I can't test that locally, though.
<infinity> gpd: If I make fixed packages, can you test them for me before I upload them?
<gpd> symlink won't work across a chroot :(
<fabbione> gpd: please try what infinity asked
<fabbione> if the symlink was working before, it will work later
<fabbione> it's a matter of creating the proper one
<gpd> no ln was working
<gpd> not ln -s
<gpd> very different
<fabbione> i know the diff
<infinity> No, he's rish.
<infinity> right, to.
<infinity> too,
<fabbione> hmm
<infinity> Argh.  Just woke up.
<fabbione> oh well i need to get ready to fly to london
<fabbione> but a -f might solve
<fabbione> ln -f
<infinity> No, dude.
<infinity> A symlink can't work across chroots, and a hardlink can't be done across devices.
<gpd> fabbione: if you are in a chroot you cannot see outside it
<fabbione> go scott!
<infinity> No worries.  It's fixab;e.
<fabbione> i am not worried
<fabbione> gpd: right...
<gpd> is /var/run mounted as varrun a recent idea?
<gpd> I don't understand what it achieves?
<gpd> is it a security thing?
<infinity> gpd: mkdir -p /var/spool/courier/authdaemon/ ; ln /var/spool/courier/authdaemon/socket /var/spool/postfix/var/run/courier/authdaemon/socket ; ln -s ln /var/run/courier/authdaemon/socket /var/spool/courier/authdaemon/socket
<infinity> gpd: If that makes it work, I'll just do that.
<fabbione> what i don't understand is why gpd keeps having varrun fs
<fabbione> it was changed back to tmpfs naming, wasn't it?
<fabbione> oh well
<fabbione> whatever..
<infinity> fabbione: He doesn't.  varrun is the name of the mount.
<infinity> varrun on /var/run type tmpfs (rw)
<fabbione> bleah
<gpd> varrun       tmpfs       57488        76     57412   1% /var/run
<fabbione> let me tell you something
<infinity> gpd: Can you try the above for me?
<gpd> that was df -T
<gpd> infinity: yes - one sec
<fabbione> i am supposed to be the server project leader to drive infinity ... and given my management position, i am NOT supposed to understand shit :P
<infinity> fabbione: *grin*
<fabbione> infinity: it's all your :) have fun ;)
<fabbione> i need to fly to london
<fabbione> cya late
<infinity> gpd: /var/run on tmpfs makes sense for a varienty of reasons.  It's just a bit of a pain to have to transition everything, that's all.  And this corner case is a fun one we didn't spot.  That's all.
<infinity> variety, too.  I really shouldn't even try typing right after I wake up.
<ajmitch> hm, redhat decided to rewrite authconfig in python
<ajmitch> how useful
<gpd> infinity: gpd@www:~$ sudo  mkdir -p /var/spool/courier/authdaemon/
<gpd> gpd@www:~$ sudo ln /var/spool/courier/authdaemon/socket /var/spool/postfix/var/run/courier/authdaemon/socket
<gpd> ln: accessing `/var/spool/courier/authdaemon/socket': No such file or directory
<gpd> the original socket is in: /var/run/courier/authdaemon/socket
<infinity> Right, what do I need installed to test this locally? :)
<infinity> Oh, the socket is in /var/run?
<infinity> Right, I should have read more closely.
<gpd> postfix, courier-authdaemon, rest of courier
<infinity> What's responsible for doing the above linking magic?
<infinity> Oh, a HOWTO... We don't ship it like this?
<gpd> i had to add it manually to /etc/init.d/courier-authdaemon
<gpd> correct
<gpd> this is to allow courier to work with chroot postfix (which you do ship as)
<infinity> Okay, I see in the howto, lots of ln magic.
<gpd> i would probably not worry too much for the release
<infinity> You'd probably get away with circumventing all of that (for courier, mysql, etc), by just bindmounting /var/run to /var/spool/postfix/var/run
<gpd> i was just encouraged to post the bug
<gpd> you might be right!
<gpd> nope - didn't work
<gpd> /var/run               57M   76K   57M   1% /var/spool/postfix/var/run
<gpd> nevermind
<gpd> have to go - thanks for the help
<infinity> Nevermind, as in "nevermind, it did work", or "nevermind, it didn't"?
<infinity> Certainly looks like it should work.
<infinity> (And if so, I'd recommend you update that wiki to reflect that)
<gpd> infinity: thanks for your help - I got your suggestion to work after a minor chmod on a directory :)
<gpd> chmod 755 /var/spool/postfix/var/run/courier/authdaemon
#ubuntu-server 2006-05-28
<gpd> not as many ppl - which is also nice
<daxxar> I see your point. :-)
<gpd> you should repeat your question in here - they seem to know what they are talking about - although quiet
<daxxar> Okay
<daxxar> What could cause Samba to spontaneously reboot my system? I'm running an Ubuntu Server w/ Dapper RC.
<daxxar> E.g. entering a subdirectory of my share just *reboots* the whole system. My syslog outputs this at the reboot
<daxxar> May 28 00:12:40 datamania mountd[3869] : authenticated mount request from 192.168.0.14:937 for /storage/movies (/storage)
<daxxar> May 28 00:15:45 datamania syslogd 1.4.1#17ubuntu7: restart.
<daxxar> /storage is an LVM mount, it's also exported as NFS.
<infinity> And it's also an automount?
<infinity> samba's a red herring here, I think.  Samba would never cause your system to reboot.
<daxxar> Yeah, it's an automount.
<infinity> mountd could be tickling a kernel bug, though.
<daxxar> Hm, okay
<daxxar> Hmm. Yeah, I think you're right.
<daxxar> I wasn't (previously) able to reproduce this in anything but the samba sessions.
<daxxar> But I attempted a few IO operations via FTP, rebooted it there too now.
<daxxar> Could it be my FS setup?
<daxxar> It's setup for 'largefile' (1mb/inode)
<daxxar> And data written right before the reboot is gone. (Directories created, files created)
<daxxar> Just to have mentioned it, the memory passed a single full pass of memtest86. I didn't test it beyond that.
<daxxar> Okay, it's just not that FS. Could it be my network-card?
<infinity> I don't use automounts at all (haven't for years), so not sure how that could be affecting things.
<infinity> Is it fine if you access non-mountd directories?
<infinity> (Set up a temporary samba share on /tmp, for instance)
<daxxar> No, accessing /home via FTP crashes it too.
<daxxar> :o
<daxxar> Uhm, automounts, is that the same as /etc/fstab-entries without 'noauto', or? :o
<daxxar> (I assumed so when I answered)
<infinity> Well, no.  See the "mountd" in your syslog?  That's not a samba thing.
<infinity> I assumed you were using an automounter of some sort that was mounting filesystems on demand.
<daxxar> Oh, nope.
<daxxar> Or, shouldn't be.
<daxxar> Hrrm. :|
<daxxar> I guess this is HW-related.
<infinity> Oh, wait.  mountd is the NFS automounter.
<infinity> Silly me.
<infinity> You have NFS exports on that machine as well?
<daxxar> "dd if=/dev/zero of=test-big bs=1024K count=500" crashed it after ~300MB.
<daxxar> Yes.
<infinity> Yeah, okay.  The above syslog snippet was when connecting with NFS, not with samba.
<infinity> And now I'm less confused.
<daxxar> Ah, okay. :-)
<infinity> Are you using nfs-user-server or nfs-kernel-server?
<daxxar> kernel-server
<infinity> Kay, that should be the more stable of the two.
<infinity> Anyhow, you already confirmed that connecting some other way (like FTP) also crashed the box, yeah?
<daxxar> Yep, and a dd via ssh.
<infinity> Oh, you just said dd crashed.  I need to wake up a bit. :)
<daxxar> So I Gess it's hw?: (
<infinity> Fair chance it's hardware, then.
<infinity> dd doesn't "just crash"  Ever.
<infinity> It's far too simple to screw up.
<daxxar> dd didn't *crash*, it made the box reboot. :-)
<infinity> Well, same thing.
<infinity> I would only expect dd to bugger the box if either A) you have hardware problems, or B) the kernel REALLY hates you.
<infinity> Are you using an Ubuntu kernel, or hand-rolled?
<daxxar> Ubuntu
<infinity> Our kernels definitely shouldn't explode on filesystem access. :)
<infinity> (This isn't reiserfs, is it?)
<daxxar> Nope, ext3.
<daxxar> Hm.
<infinity> Kay, then I'd look at hardware for sure.
<daxxar> Shutting down the nfs-kernel-server and the smb-server, and running a:
<daxxar> daxxar@datamania:~$ i=1; while /bin/true; do echo "Pass: $i" && dd if=/dev/zero of=test-big bs=1024K count=50 && rm -f test-big && let i++; done
<daxxar> Pass: 1
<daxxar> I'll see if I manage to crash it now.
<daxxar> Pass: 90. *me restarts it with count=100*
<daxxar> Hmm. Now a single process hung, the rm -f test-big at pass #60. strace -p <pid> shows nothing on it.
<daxxar> Can't kill it either.
<frinkillo> maybe you should try running 'badblocks' to see if there's some damage on the HD
<daxxar> Hrm. What piece of HW would you suspect is the most likely factor to be the cause?
<daxxar> The HD was unwrapped ~6 hours ago. :-P
<frinkillo> btw, hi ^^
<gpd> SATA or SCSI ?
<daxxar> IDE
<daxxar> Hi. :-)
<daxxar> Hmm. The console shows some huge amount of activity atm.
<daxxar> Too fast to read.
<frinkillo> I think you should try anyway to eliminate that possibility
<daxxar> http://www.rafb.net/paste/results/z61UNQ99.html
<daxxar>  x ~
<frinkillo> sometimes brand new HDs come faulty from factory (very very rare, but happens)
<daxxar> daxxar@datamania:~$ sudo init 6
<daxxar> Segmentation fault
<daxxar> ...
<daxxar> :-P
<frinkillo> wow
<daxxar> But that's after the syslogmessages I pasted.
<daxxar> It *did* say "a reboot is needed".
<daxxar> "GRUB loading, please wait..." "Error 17"
<Mysta> hey guys, I wanted to install vmware server beta and wanted to know if the server distro or the regular distro better suited me
<frinkillo> daxxar: FS crashed?
<frinkillo> Mysta: I think it doesn't matter as they are almost the same... but IIRC, vmware server comes with a gui, so it could be a better idea installing it on a regular (desktop) system
<daxxar> frinkillo, yep. Seems so.
<daxxar> Can't remount it via the rescue mode from the install CD.
<daxxar> Any way to run badblocks without a full reinstall?
<infinity> Then you either have a bad disk, or something in the CPU->Cache->RAM pipeline is horribly corrupting data before it gets to the disk.
<infinity> (Or the driver for your controller sucks... Which controller is it?)
<frinkillo> yeah, from the rescue CD, try something like 'badblocks -v -s /dev/xxx'
<daxxar> The rescue-CD doesn't have badblocks, it seems. :|
<frinkillo> ugh
<daxxar> http://www.msi.com.tw/program/products/mainboard/mbd/pro_mbd_detail.php?UID=15 - That mobo
<daxxar> 
<daxxar>  Intel ICH2 Chipset Chipset
<daxxar> Onboard ATA controller.
<infinity> Oh, that's very well supported.
<daxxar> Mkay. You saw the error i pasted on rafb.net?
<infinity> So, you're looking at a bad disk, or corruption on the way to the disk (bad CPU/cache, bad RAM, or bad motherboard)
<daxxar> How many passes of memtest86 would be needed to rule out RAM-problems? I ran a full pass, no errors.
<infinity> Yeah, that didn't tell me much.  Bad paging request could be any of the above as well.
<daxxar> Okay.
<infinity> Has that CPU ever been overclocked, by chance?
<Mysta> anyone/
<infinity> Mysta: If you want to use the GUI, go for a desktop install.
<infinity> Mysta: If you want the server kernel on a desktop install, just "apt-get install linux-server"
<daxxar> infinity, underclocked. :o
<daxxar> (AFAIK)
<daxxar> It should be a 1.2GHz P3, but it's clocked at 1.0GHz
<infinity> daxxar: And it's never been overclocked in the past?
<Mysta> thx guys
<daxxar> Not AFAIK. But this CPU was inherited from someone else. ;-)
<infinity> daxxar: Only curious because this smells like "burnt cache", which is a common side-effect of overclocking.
<daxxar> (For some reason, I can't get the multiplier to 9 which it should be, only to 8)
<infinity> daxxar: If that someone else was underclocking it to compensate for overclocking it in the past, that might say something. :)
<daxxar> Mkay. Doesn't memtest86 test cache too?
<infinity> Not reliably, but it tries.
<daxxar> Okay. Should I use the Ubuntu Dapper Desktop to test the disk, or get the Seagate tool?
<infinity> You can disable cache in the BIOS and try to reproduce the crashes, but it'll run REALLY SLOW without a cache.
<infinity> Seagate's tool is more likely to find real problems on the physical disk.
<infinity> badblocks will only find what's exposed to the ATAPI/IDE layer, which should be "nothing" on a modern disk, since the disk's firmware is supposed to be swapping our bad blocks on the fly.
<daxxar> Hm, okay.
<infinity> (Not that this works as well in practice as it's meant to in theory)
<frinkillo> hmm interesting
<infinity> s/swapping our/swapping out/
<infinity> I make more sense with fewer typos.
<daxxar> It made sense before the regreplace too. ;)
<daxxar> SeaTools includes a RAM-test. :p
<Mysta> infinity: i was searching aptitude for that server kernel by searching for linux-server, and came up short, is that the correct name?
<daxxar> Ugh. 1 hour to run a full scan of the disk. :|
<infinity> Mysta: Yeah.  "linux-server" is probably in restricted, though.  If you only have "main" enabled, "linux-image-server" should do.
<Mysta> k, thx
<infinity> Mysta: If you're on breezy and not dapper, ignore everything I've said, there are no server-tuned kernels on breezy.
<daxxar> Thanks a lot for the help frinkillo, infinity, gpd, :-)
<Mysta> infinity: ok, thats why. lol. I just realized i ssh'd to my breezy instead of dapper
<daxxar> I'll let this disktest from Seagate run, see if it finds anything.
<daxxar> If not, I'll run memtest86 for a few hours.
<frinkillo> :)
<daxxar> If not, I'll tear my hair out. :|
<daxxar> If nothing there, *
<Mysta> is there any documentation on what is different in this kernel compared to a regular one?
<Mysta> nvmd, i found something
<frinkillo> https://wiki.ubuntu.com/ServerFaq
<Mysta> that helps too thx
<eimajenthat> the description says "development discussions," is there a general ubuntu-server channel?
<daxxar> Okay.
<daxxar> "Full test" completed, no errors.
<daxxar> So the problem is not controller / disk. *sighs*
<eimajenthat> the description says "development discussions," is there a general ubuntu-server channel?
<daxxar> I bet people actually could see what you said the first time.
<daxxar> infinity, do you think the error could be caused by a defective PSU?
<daxxar> infinity, it doesn't seem to be HD, controller or memory. Could be CPU or MB I guess.
<daxxar> (defective or not powerful enough. It should be 300W.)
<Zambezi> Is it possible to make Ubuntu-server (Breezy) with to modification, more secure? And how? I would like as high security as possible. Please PM or highlight me name so I won't miss an answer.
<phace> well how can i get involved with the ubuntu server development ?
<daxxar> Hm, how strange.
<daxxar> I ran a full pass on memtest86 before installation, no errors. Then, I ran two passes last night before I went to bed, no errors.
<daxxar> Today, I started a pass, and it found 3 errors before it had run for 5 minutes.
<daxxar> If it said it found it at address ~122MB, is it safe to assume there are errors on the memorychip in the first slot, since it's 256MB?
<daxxar> (The 'channel' field of the errors is blank)
<infinity> It's not really save to assume anything, unless you know for sure how the memory controller is interleaving the RAM.
<infinity> s/save/safe/
<infinity> Your best bet it to do repetitive memtest runs on the machine witch each stick installed individually.
<infinity> Pain in the ass, but it's the only reliable way to find a single bad stick.
<daxxar> So I need to run how many passes on each stick?
<daxxar> Since this was found 5 minutes into the 4th actual pass.
<daxxar> = ~5 hours.
<daxxar> Eh, 4.
* infinity shrugs.  Your guess is as good as mine.
<infinity> RAM errors come and go, depending on how well it decides to hold a charge from one moment to the next.
<kermitX_> new default phpmyadmin theme sux.. no width contstraints. inputs on far left & submit on far right...
#ubuntu-server 2007-05-21
* Starting logfile irclogs/ubuntu-server.log
<haffi> if stdlib.h is missing, what do I need to install?
<Kamping_Kaiser> whats the context?
<haffi> i have installed gcc
<haffi> i'm trying to add cpan modules with the cpan tool
<haffi> and I receive error messages stating that stdlib.h and string.h etc. are missing
<Kamping_Kaiser> i thought cpan dealt with its own modules dependancies
<haffi> I seem to have found the solution on the forums
<haffi> it seems that installing gcc wasn't enough... I needed the build-essential package
<stephanbuys> hi all - are there any good options available for virtualization under 6.06 LTS?
<mralphabet> vmware should work
<FlyingSquirrel32> I installed nrpe on my server and installed the /etc/init.d script. When I run it (sudo /etc/init.d/nrpe start) it starts right up. I was suprised that it didn'
<FlyingSquirrel32> didnt start up automagically when I restarted. What do I need to do to get this to happen?
<shawarma> FlyingSquirrel32: Something like 'update-rc.d nrpe defaults'
<shawarma> FlyingSquirrel32: It creates the appropriate symlinks in /etc/rc?.d/. See the update-rc.d man page for details.
<FlyingSquirrel32> shawarma: Great thanks.
<shawarma> FlyingSquirrel32: np
* Starting logfile irclogs/ubuntu-server.log
<nox-Hand> Hey
<nox-Hand> If I accidentally COMPLETELY messed up mysql username, how can I access it and reset it?
<robertj> nox-Hand: thats a question for #mysql
<nox-Hand> robertj: Right, asking there :) THanks
<ivoks> anyway, easily :)
<ph1zzle> hey all
<ph1zzle> does anyone know where I can find out what password debian-sys-maint is trying to use and what it needs in permisions to log in, I just copied an entire mysql database from one server to another and that one was using redhat so I don't have this account setup at the moment
<ivoks> grep password /etc/mysql/debian.cnf
<jordanryanmoore> anyone know how to change the primary IP when you have multiple (virtual) NICs?
<mralphabet> vi /etc/network/interfaces
<ivoks> IP or order of NICs?
<jordanryanmoore> doesn't work
<jordanryanmoore> I have the "real" NIC as eth0
<jordanryanmoore> the virtuals are eth0:1, and eth0:2
<jordanryanmoore> they are in the order of eth0, eth0:1, and eth0:2
<jordanryanmoore> my outbound connections are using the IP from eth0:2
<jordanryanmoore> I need my outbound connections to use the IP from eth0
<ivoks> then your routing table is broken, not IP
<ivoks> your default route is vie eth0
<ivoks> s/vie/via
<jordanryanmoore> that's what i thought
<jordanryanmoore> so, any idea how to fix it?
<ivoks> route replace default gateway eth0:1
<ivoks> heh no replace :)
<ivoks> route del default gw eth0
<ivoks> route add default gw eth0:1
<ivoks> and fix you /etc/network/interfaces
<jordanryanmoore> what's wrong with my /etc/network/interfaces?
<ivoks> remove gateway from eth0:1 and eth0:2
<ivoks> i did a mistake :/
<ivoks> route del default gw eth0:1
<ivoks> route del default gw eth0:2
<ivoks> route add default gw eth0
<jordanryanmoore> ok, i thought so...
<jordanryanmoore> which is why i didn't copy/paste that... :)
<ivoks> :)
<ivoks> ph1zzle: it's Y to all, basicaly :)
<jordanryanmoore> i get an unknown host warning when i enter "route del default gw eth0:1"
<ivoks> try without eth0:1
<jordanryanmoore> this is a live server... saying "try..." scares me
<ph1zzle> ivoks, thanks man
<ivoks> ph1zzle: N for last 5
<ivoks> jordanryanmoore: well, you know you will kill all your connections?
<ivoks> including ssh :)
<jordanryanmoore> yes... but it's a VM and I have access to the VM server
<ivoks> jordanryanmoore: did you fix your interfaces? (removed gateway in eth0:1 and eth0:2)
<jordanryanmoore> doing so atm
<ivoks> when you are done do:
<ivoks>  /etc/init.d/networking restart
<jordanryanmoore> right
<jordanryanmoore> just removing the gateways from /etc/network/interfaces worked perfectly
<jordanryanmoore> thanks a bunch!
<jordanryanmoore> i spent 2 days on this....
<nox-Hand> How would I remove the mysql package completely including configs and then install it again to start over?
<ivoks> you don't know root password?
<ivoks> mysql root
<ivoks> anyway... apt-get --purge remove mysql-server.*
#ubuntu-server 2007-05-22
<Fezzler> File structure question.  Added 2nd hard drive and mounted as /srv to place user server files in /srv/dadfs  /srv/momfs, etc.
<Fezzler> Someone told me it is better to disolve the old /home and rename /srv  /home?
<mralphabet> rename?
<mralphabet> just soft link it
<Fezzler> mra: soft link via smb.conf
<mralphabet> or mount the new drive as /home and recreate the directory structure underneath it
<Fezzler> can I have two /home(s)
<Fezzler> mra: copy everything in current /home to /srv, delete /home, and then rename /srv /home?
<mralphabet> cd /home ; cp -R *.* /srv ; cd ../ ; mv /home /home.backup ; mv /srv /home ; update fstab
<Fezzler> can I cut and paste that?
<mralphabet> probably not
<mralphabet> it's close
<Fezzler> mra: is /srv embedded all over the place?
<mralphabet> uhh . . . only if you put it there
<Fezzler> stefg?
<Fezzler> orlo?
<svschwartz> hi!
<dballester> hi to all
<J_P> hi all
<dballester> hi J_P 
<os_> hello........
<os_> can anyone tell me how do i configure ubuntu server for multiple internet connection?.....
<dballester> os_, define 'multiple internet connection' ;)
<os_> ok......i running a cyber game cafe here........i need to configure the server as a gateway to 2 local ISP here........
<os_> and i want all internet chatting and browsing to be use ISP 1 which local adsl provider....and all other access (online gaming) to use ISP 2...
<dballester> the 2 gateways will be independent or will have the same public ip address ?
<os_> ok i setup my server gateway to have 3 NIC........2 for the each ISP and 1 for all the LAN...
<os_> let say NIC A is for ISP 1 and have a ip address 192.168.11.100/24 and gateway 192.168.11.1/24
<dballester> ok
<os_> NIC B is for ISP 2 and have a ip address 192.168.0.100/24 and gateway 192.168.0.253/24
<os_> and NIC C is for LAN and have ip address 192.168.2.254/24
<dballester> if each router has is own public address and you will have separated traffic, then you can use routing policies and routing tables 
<dballester> it's not necessary to have each gateway in a separated network, if you won't
<os_> yeah i know but my problem is i just know how to setup NIC using ifconfig and know nothing about ip route and iptables and routing table commands....;-)
<dballester> then http://lartc.org/howto/lartc.rpdb.multiple-links.html is for you ;)
<os_> i tried google and got some example and i applied to my server according my setup but it didnt work .....and i dont know why it not work.......
<dballester> read this link, if you've any doubt let me know
<os_> yes........i tried this link before.......but didnt work at all.............i can ping to internet from my server .......but cant ping from windows client to internet
<os_> but my sever can ping my windows client ip address.........
<os_> i set my windows client gateway to the IP address of NIC C above.......
<os_> i going to drive my gf home and be back in about 30 min..........see you guys later....
<os_> ok i am back.........
<os_> any idea?.......
<[miles] > afternoon guys
<[miles] > anyone know where on 6.06 sun java is?
<os_> miles .......did you mean jdk1.6 for ubuntu?.......
<[miles] > just runtime
<[miles] > for a jabber server
<os_> did you try apt-get java install
<[miles] > nope, I'll try that now
<os_> i am not sure is apt-get get gnu java or official sun java runtime.......
<os_> but mine have jdk1.6 runtime install...........but i downloaded it from sun website....
<[miles] > ah it's ok, I've got it sorted
<[miles] > thanks anyway os_
<ph1zzle> hey guys
<ph1zzle> would anyone mind letting me know how I download a package source file with apt?
<lionel> ph1zzle: this is not realy server related, but apt-get source package
<ph1zzle> lionel, true and false, I wanna get postgresql source and the regular ubuntu room is always a pain in the ass
<ph1zzle> I appreciate the input
<ph1zzle> ;)
<lionel> np :)
#ubuntu-server 2007-05-23
<Fezzler> I'm logged in as root in console.  Can I run another instance of nautilus to use drag n drop to work on user dir structures
<danp> hi
<Burgundavia> hey danp
<danp> i'm curious how people are doing automated server installs
<Burgundavia> there are a few ways
<Burgundavia> preseeding, kickstart or fai
<danp> i'll have to check out fai. i haven't had much luck so far with kickstart
<jsgotangco> kickstart doesn't work much in ubuntu compared to how flawless it can be in redhat
<danp> it seems both preseeding and kickstart don't really do partitioning
<Burgundavia> fai has some serious issues in Ubuntu
<danp> i have a lot of two-drive systems and i want to set up RAID and LVM
<danp> am i doomed?
<danp> i've had trouble finding any ubuntu kickstart examples
<danp> i really want to do something like what this guy is doing: http://sial.org/howto/kickstart/
<danp> but he's using redhat/fedora of course
<pschulz01> Greetings..
<svschwartz> hi :)
<pschulz01> Is there anything special to do when adding service files to '/etc/event.d'?
<pschulz01> I have added a file, but it's isn't displayed when I do a 'initctl list'
<qiyong> what is the ubuntu server fs mount layout?
<qiyong> partition layout
<jackie> nrpil go to sleep
<Urme> I've got a IIS server that needs fast and easy access to a Linux fileserver, whats the best way to go about it, Samba, NFS?
<mralphabet> yes
<CarlFK> sdb is currently one big partition sdb1.  I want to shrink it to make a 2nd swap partition.  whats a good way?
#ubuntu-server 2007-05-24
<mayorbuttes> I suppose this might be a bit off topic, but what irc server (if anyone has experience with it) do you guys prefer to run?
<fernando> hey all
<danp> if i wanted to see how kickstart was implemented in ubuntu, what package would i look at? what does the installer run?
<danp> kickseed!
<Burgundavia> danp: debian-installer
<danp> yeah. kickseed is what reads the kickstart file and turns it into a preseed for d-i...that's what i was looking for
<danp> i'm surprised that LVM and RAID support are still missing
<danp> i guess that's just because of the d-i limitations for that stuff
<Burgundavia> lvm and raid are supported by di
<danp> but via preseeding?
<Burgundavia> no idea, I don't preseed
<Burgundavia> small enough install that I can be lazy
<player2> argh, why would pam_ldap (and ldapsearch for that matter) fail to bind as "uid=<my user name>,cn=users,dc=my,dc=server,dc=com" :(
<danp> i have a lot of two-drive servers and i'd really like to be able to automate an install that does something like a 32G ext3 /, 2G swap and the rest a volume group with a logical volume at 80% on /srv or similar
<danp> with RAID1 across the two drives
<Burgundavia> danp: I have no idea. d-i shoudl do that
<Burgundavia> http://www.debian.org/releases/etch/example-preseed.txt
<Burgundavia> player2: what is it looking under?
<player2> eh?
<player2> i'm attempting to set up ldap against an opendirectory server (OS X Server 10.4 to be exact)
<Burgundavia> rifght
<player2> if i do ldapsearch -x |grep dn, i can get my account's dn
<player2> so i know i can at least to a simple bind
<player2> but if i try to use that DN to do a bind, it fails
<player2> claiming that the user doesn't exist
<Burgundavia> opendirectory is just openldap
<player2> am i using the wrong dn when attempting to bind or something equally stupid?
<Burgundavia> that is what I am thinking is happening
<Burgundavia> try without the cn=users
<Burgundavia> just the dc bits
<player2> ldapsearch -D 'uid=kmsluder,dc=wloyx,dc=loyola,dc=edu'
<player2> asks for pw, provided... ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
<player2>         additional info: SASL(-13): user not found: no user in database
<Burgundavia> hmm
<player2|bang-hea> agh forget it
<player2|bang-hea> stupid nickname limit
<Burgundavia> hmm
<Burgundavia> ldap is a fun and sticky problem
<player2> yea, indeed
<player2> i think ldap was invented to torture people into sticking to vendor-supported solutions
<Burgundavia> pretty much
<player2> alright, well if you have no ideas then i have no ideas
<player2> so i might as well go to sleep
<player2> ty for your help
<Fezzler> confused about root in GUI / GNOME
<dsdg> morning, when i am a user and want to su - to root, i dont want to type my passwd....i added the following line to /etc/sudoers but it still askes me for a passwd, any advice? username    ALL=(ALL) NOPASSWD: ALL
<shawarma> dsdg: Are you typing 'su -
<shawarma> dsdg: Are you typing 'su -'?
<dsdg> su -
<dsdg> yes,
<shawarma> you should do 'sudo su -'.
<dsdg> ah,
<dsdg> stupid mistake, i need a coffeee :)
<shawarma> 1) because it's the right way :-)  and 2) because you're fiddling with sudo's config and not su's.
<dsdg> thank you man!
<shawarma> np
<KnowledgEngineer> hello
<KnowledgEngineer> the ubuntu-server installer make more question compared to ubuntu-desktop installer?
<KnowledgEngineer> i can install ubuntu-desktop but i do not know if i can install ubuntu-server
<Stonekeeper> Hi. I'm trying to move from CentOS to ubuntu 6.06LTS for my servers. My primary controller has a binary blob driver (but I'm able to compile a wrapper for ubuntu to get it working). In 7.04 there is the ability to load drivers at install time. Is there a way of doing this in 6.06? Or will i have to slipstream it? thanks.
<Stonekeeper> I'm going to use reconstrunctor
<RobNyc-work> where can I download ubuntu server?
<Stonekeeper> RobNyc-work: www.ubuntu.com
<RobNyc-work> ty 
<lauso> hi guys. I am having some problems with an automatic installation, and thought that you may be able to help me.
<lauso> I am installing a server using using the automatic installation. After reboot, a script is run to finish up the instalation. One of the steps is to install mysql. Unfortunately, a dialog is shown to inform me that if I am using NIS (and I am), I should do some specific configurations.
<lauso> since the script is running by itself, I cannot tab and enter to say "ok".
<lauso> I tryed to redirect the input from a file, but it seems not to work with ncourses interface  of whiptail. Do you have any idea of how could I solve this problem?
<lauso> I though of removing whiptail (linking it to an empty script), but that is not general, and wouldn't work to install java (to accept the agreement).
<Skaag> something is taking up 1.6gb of ram on my server
<Skaag> I stopped mysql, apache, memcached
<Skaag> and still 1.6gb
<`6og> cache?
<Skaag> I have a feeling it's a memory leak
<`6og> try top, then sort by memory usage
<danp> lauso: maybe need to use a preseed file to answer that question
<danp> install it on another machine and then do debconf-get-selections | grep mysql and you might see something about that
<danp> on my machine it looks like it's mysql-server-5.0/nis_warning
<lauso> hi danp. thanks a lot. It was exactly what I needed
<Stonekeeper> hi. does anyone know how i can load a 3rd party kernel module on 6.06 server install? thanks.
<danp> anyone using preseeding for installs and setting up RAID/LVM with the preseed early_command?
<lauso> danp, can I use the preseeding mecanism even after the install is done?
<danp> sure
<lauso> how to I invoke it in script?
<lauso> how do I invoke it in a script?
<danp> hold on a sec
<danp> oh, yeah. you use debconf-set-selections
<lauso> great. It worked like a charm for mysql. Thanks a lot
<danp> np
* Starting logfile irclogs/ubuntu-server.log
<ph1zzle> hey guys, is there a quick way to install mod_rewriet for apache2 on edgy?
<ph1zzle> apt style way?
<foo> ph1zzle: There is no "apt-style way"
<foo> ph1zzle: a2enmod rewrite 
<foo> IIRC
<ph1zzle> a2enmod?
<ph1zzle> huh
<ph1zzle> so that is a command I just found out
* foo nods
<ph1zzle> thanks foo
* foo tips hat
<FlyingSquirrel32> How do I let people know there are problems with the nessusd package?
<mralphabet> launchpad?
#ubuntu-server 2007-05-25
<Fezzler> SWAT keeps asking for Authentification Required?
<dholbach> hiya... is there anybody who knows about packaging 'web applications'?
<dholbach> I have somebody who's interested in getting involved there
<Pumpernickel> That sounds all kinds of complicated, if you're thinking of more than a source tarball.
<dholbach> most 'web apps' come in a tarball, but need not just installation to some random place, but also integration, which is more tricky
<dholbach> I never touched any of those packages at all, so I don't know - but as I said, there's somebody who'd be interested in helping out there - I'm not sure where to point him
<Pumpernickel> The customization might work out if there was a decent script asking where various components should go.
<dholbach> might be... I'm just no expert when it comes to this, so I pointed him to the ubuntu-server@ list
<shawarma> dholbach: The ampache guy?
<dholbach> Charlie Smotherman
<dholbach> not sure if that's the ampache guy
<dholbach> it'd be nice to have at least a list of packages that are good examples of how to get it done
<dholbach> I hope I can get him involved there
<shawarma> Funny, I was going to redirect him to #ubuntu-motu. :)
<dholbach> we have nobody who maintains such packages in a dedicated way
<shawarma> I suppose not. It's a php/mysql kind of thing, iirc?
<dholbach> so I thought the server team (who has some kind of interest in that kind of package) might get some efforts started to have maybe a set of wiki pages that explain something *shrug*
<dholbach> I suppose, yes
<shawarma> Good idea.
<shawarma> I'll probably send him an e-mail later today when I'm rested.
* shawarma -> breakfast
<dholbach> take your time!
* dholbach hugs shawarma
<shawarma> dholbach: :)
<jtole_> I know this probably isn't too server specific but can anyone tell me what command I use to see what packages I have installed
<jtole_> ?
<disposable> i'm trying to enable https on my apache2.2.3. I followed help.ubuntu.com but when i did the final restart of the server, i got: Syntax error on line 7 of /etc/apache2/sites-enabled/000-default  SSLOptions: Illegal option 'CompatEnvVars'   What do i need to do?
<mralphabet> you may want to try #apache
<mh_le> hi how can I check if I'm using the *-server kernel?
<danp> uname -a
<danp> uname -r specifically
<foo> Hm, if a system is pushing 10mbit, and it's capped 10mbit on the switch (or some other hardware), some traffic will be lost, right?
<danp> depending on how the capping is happening, the TCP stack on the system doing the traffic should slow things down
<mralphabet> switch will throw packets away
<mh_le> danp: it seems I'm using 2.6.20-15-386... how can I change it to -server?
<foo> danp / mralphabet: hmm, I see. So, it really depends on the capping, huh?
<mralphabet> well, what happens when the switch throws packets away is the tcp connection on the other end says "hey, I didn't get packet 23482983479, lets re request that" and sends a packet back asking for a resend
<mralphabet> which only adds to the problem
<foo> hmm, I see. 
<danp> they'll figure it out
<danp> mh_le: apt-get install linux-image-server maybe
<mralphabet> IF the application you are using is tcp, if udp then there isn't a re request process
<mh_le> danp: thanks
<foo> mralphabet: right, right. HTTP = TCP, no?
<mralphabet> udp just ignores the missing packets
* foo nods
* mralphabet nods
<foo> mralphabet: Great, thank you!
<mh_le> danp: it's set to manual install
<danp> foo: might check this out: http://www.enterprisenetworkingplanet.com/netsp/article.php/3595616
<foo> danp: thanks!
#ubuntu-server 2007-05-26
<stevenrushing_> howdy howdy, anyone about?
<Burgundavia> on my way out
<stevenrushing_> aaaa
<stevenrushing_> have a moment?
<stevenrushing_> =)
<Burgundavia> if it is quick
<stevenrushing_> how do you access outside of your user folder in server?
<stevenrushing_> i can't access outside.  i can't login as root.  i can sudo things, but can't get out of my folder
<stevenrushing_> (maybe that is quick, not sure.  =)
<Burgundavia> root is disabled
<Burgundavia> if you mean how do you move around, you use cd
<stevenrushing_> i get cd
<Burgundavia> right
<Burgundavia> and it tells you don't have permission to view anything outside /home?
<stevenrushing_> but it won't let me see anything outside my user folder...
<stevenrushing_> right
<Burgundavia> you cannot ls the folders?
<stevenrushing_> =)  thank you very much
<stevenrushing_> sorry to waste your time.  =)
<stevenrushing_> lalala a few moments of someone's time?  =)  simple stuff mostly
<stevenrushing_> as Burgundavia has discovered  =)
<player2> :sigh: Darwin sucks
<player2> back to ubuntu...
<player2> has anyone ever successfully configured pam_ldap and libnss-ldap to talk to a Mac OS X Server OpenLDAP server?
<player2> `ldapsearch -x uid=diradmin |grep dn` gives me 'uid=diradmin,cn=users,dc=wloyx,dc=loyola,dc=edu'
<player2> but `ldapsearch -D 'uid=diradmin,cn=users,dc=wloyx,dc=loyola,dc=edu` fails with 'user not in database'
<stevenrushing_> needing some help making my server accessable outside my network if possible...
<cy_> hello
<cy_> is there a way to install ubuntu-server when i only have ssh access to a started rescue system ?
<h4wk0> Explain further
<cy_> well.. i have a debian system installed on a server.. now i can reboot it into a rescue system (where i can mount my original system lets say under /mnt/debian) .. i would now like to install ubuntu-server from there on..
<cy_> the live system is also based on debian, so there is "debootstrap" present..
<cy_> also: http://ubuntuforums.org/archive/index.php/t-125936.html  ... is a question im asking myself too..
* cy_ pokes you all with a stick
<pipes> ouch 
<cy_> omg
<cy_> youre alife! :D
<cy_> alive*
<cy_> i always get that wrong
<pipes> kinda, as alive as one can be after a few bottles of wine 
<pipes> as to your question. I really dont know =\
<Kamping_Kaiser> with specifiying a range of ports in iptables is it '50-100' or '50 - 100' (spaces or not)
<pipes> 1-2 afaik
<pipes> no spaces 
<Kamping_Kaiser> bugger. oh well
<Kamping_Kaiser> cy_, install ubuntu, then strip out the packages you dont need (should be 5 min job with debfoster)
<cy_> debfoster ? mhhhhhhh
<cy_> yeah i am debootstrapping atm
<cy_> doing a cross install using this tutorial: http://ftp.ubuntulinux.org/ubuntu/dists/warty/main/installer-i386/current/doc/manual/en/apcs03.html  .. seems kinda out-dated .. but we'll see
<cy_> urm
<cy_> any way to select grub as default bootloader and not lilo ?
<Kamping_Kaiser> install it should do
<cy_> yeah i just noticed
<cy_> *g
<cy_> thanks tho :)
<Kamping_Kaiser> :)
<cy_> ok
<cy_> it worked
<cy_> hurray! *g*
<cy_> # apt-cache search ubuntu-server
<cy_> edubuntu-server - edubuntu servers
<cy_> ubuntu-serverguide - The Ubuntu Server Guide
<cy_> but no server package :(
<Kamping_Kaiser> its probalby the -base and -minimal seeds, plus a few extras
<ampache> Is this the right channel to discuss php web app packaging
<mralphabet> try ubuntu-motu
<mralphabet> well that's not the right channel
<ampache> Ubuntu mentoring front desk pointed me here that's why I ask
<mralphabet> I was right, just typed it wrong
<mralphabet> try #ubuntu-motu
<ampache> k thanks
<williubu> Hello to everyone!
<williubu> Ive installed on a Notebook in free partion hda3 ubuntu-server feisty 7.04
<williubu> installation a usual with no problems, 
<williubu> but after restarting, loading grup from mbr, system hangs and shows "Int14: CR2 ..."
<williubu> but if i select the old ubuntu dapper on hda7, no problems at all.
<williubu> Ive check in /boot/grub/menu.lst and cant detect any errors.
<williubu> Any ideas ?
<qman> hello everyone, I was hoping to get some suggestions...I'm trying to set up a ubuntu box as a router/firewall, DNS, and DHCP server for my network, but I'm having a nightmare just trying to get it working. My biggest problem is with firewall software. See, iptables is rather confusing, and I just can't find any firewalling software (or software interface) that's simple enough and works.
<qman> I found some software I liked, called shorewall, but I can't get it working
<qman> No matter what I do, once I start the firewall, no packets will go in our out any interfaces
<qman> So, I was hoping someone here could suggest something else that would be more simple to set up than iptables.
<\sh> qman, firewalls are concepts, what you mean is an easy way to maintain a packet filter 
<qman> yes, that's what I mean
<qman> sorry for the incorrect terms
<\sh> qman, try fwbuilder
<\sh> but it shouldn't be run on your packet filter server
<qman> I did try fwbuilder, but there are so many options, I couldn't figure out how to use it
<qman> the machine I'm working with has four interfaces
<qman> three different internal networks, and the internet
<\sh> qman, don't you have someone who has a clue about network security? because without the knowledge, you are lost anyways,even with a gui...you break more things then you fix
<\sh> first read something about iptables
<\sh> on http://www.netfilter.org/ there are lot of examples and good howtos how to manage netfilter/iptables
<qman> well, I do know a lot about networking, and I have set up iptables before with some simple filtering rules
<qman> but only on a system with one interface
<\sh> try it at home with your local box, to succeed with some easy things, e.g. nat
<\sh> then try to make it big, with more then one interface :)
<\sh> or buy some good things from securecomputing or cisco, even when cisco is crap in things like packetfilters and FW concepts
<qman> well, I guess the major problem is that I have more than two sides 
<\sh> qman, so try to work on the first interface (e.g. the internet one) and then work up to the next three
<qman> shorewall simplified it fairly well, but it doesn't do me any good if it doesn't run
<slackwarelife> qman: you can use arno iptables: http://rocky.eld.leidenuniv.nl/ (there is a pkg build for Ubuntu/Debian). I use it on my Slackware Server ;)
<slackwarelife> the config file is well comment
<\sh> slackwarelife, it won't give him any help....if he has trouble to understand what's going on when he configure 4 interfaces in different ways with different rules, a gui won't help...he should start with the frontnetwork and work up to the other network interfaces
<qman> I understand how it works, at the packet level
<qman> I just don't understand how to actually configure the software
<qman> to do what I want it to do
<\sh> qman, that's what I meant..
<\sh> fwbuilder is quite easy to understand, when you know how netfilter works in general and how the packets flow between the interfaces
<qman> well, the problem with fwbuilder I had, was that I couldn't figure out where to put which rules so that they would be applied correctly
<qman> none of the presets had any relevancy to my goal, so there was no starting ground to go from
<qman> for example
<qman> if I wanted to block traffic from "group 1" to "group 2", would I put the rule in the "group 1" tab, or the "group 2" tab? the software made it possible to do either, and neither seemed more correct
<qman> all the documentation on the fwbuilder site seems to be beyond that level, and I couldn't find any help in that regard
<\sh> you deny in group 2 that traffic flows from group 1
<\sh> or you deny traffic to go group2 in group1 depends what you really want...if you want a deny all all rule in group2 and opening up for special services, then deny all all in group 2 is better then deny all all to group2 in group1, just because it clutter up your rules a lot when you have to let other services go to group2 from group1..but this you have to decide. 
<qman> so it can go either way, even if it makes no effective difference?
<qman> that clears up a lot of the confusion
<\sh> qman, it makes an effective difference, not that you will see it in the first place, but depends on your network traffic...and depends if you want clean rules on different interfaces
<qman> aside from the rules themselves, I didn't understand what the difference was if I denied traffic on it's way out of group 1, or on it's way in to group 2, given that I use specific source and destination of the groups themselves
<\sh>  the packet will stay a bit longer in the kernel ip packet queue
<qman> ok
<\sh> which can take cpu cycles
<qman> so, performance wise, it's probably better to deny it sooner, but otherwise, doesn't really affect traffic
<\sh> depending on your nettraffic
<qman> ok, that really helps
<qman> that was one of the big things I just couldn't rationalize
<\sh> performance wise it's better to use a specialized appliance for this....but the sooner the better...if you don't need any services going to group2 you should block directly on the internet iface 
<qman> well, the box is almost 2GHz, I've only got a 5M/512k internet connection, and the priority is small business, so performance isn't critical
<qman> ok, so now, the only thing left to really clear up, is the way fwbuilder associates an interface with a group and a network
<qman> and I think this pdf should answer that
<peanutb> has anyone gotten a working asterisk install with the asterisk web config?
<Burgundavia> which web config?
<peanutb> i was thinking the digium one, but anything that works.
<Burgundavia> there are two major ones, the digium one and the freepbx one
<peanutb> which is easier to install?
<peanutb> and has the most features?
<foo> peanutb: Go install Trixbox and be done with it.
<foo> ;)
<peanutb> ok
<peanutb> thanks
#ubuntu-server 2007-05-27
<Nafallo> anyone has an IBM IC35L036UWD210-0 that's not in use? :-)
<Nafallo> one of mine just died...
<cy_> what is that ?
<\sh> harddrive i think
<foo> Haha
<h4wk0> Sorry i have a IBM IC35L036UWD210-1
<cy_> *g
<cy_> i wish i'd get a clue out of http://wiki.xensource.com/xenwiki/XenNetworking
<cy_> :/
<cy_> lol
<cy_> nice nick
<cy_> :\
<peanutb> im trying to get a dhcp server on my eth0 interface, with addresses from 192.168.5.2 to 192.168.5.254, and failing miserably. can someone please try to help.
<Kamping_Kaiser> peanutb, whats not working?
<peanutb> it  gives this error: 
<peanutb> Configuration file errors encountered -- exiting
<peanutb> Starting dhcpd failed
<peanutb> Internet Systems Consortium DHCP Server V3.0.4
<peanutb> Copyright 2004-2006 Internet Systems Consortium.
<peanutb> All rights reserved.
<peanutb> For info, please visit http://www.isc.org/sw/dhcp/
<peanutb> /etc/dhcp3/dhcpd.conf line 11: subnet 192.168.2.1 netmask 255.255.255.0: bad subnet number/mask combination.
<peanutb> subnet 192.168.2.1 netmask 255.255.255.0
<peanutb>                                        ^
<peanutb> Configuration file errors encountered -- exiting
* peanutb ment to pastebin that.
<Kamping_Kaiser> peanutb, subnet should be 2.0
<peanutb> just 2.0?
* peanutb feels really stupid
<Kamping_Kaiser> no
<Kamping_Kaiser> 192.168.2.0
<Kamping_Kaiser> not 192.168.2.1
<peanutb> ohh
<peanutb> ok
<peanutb> got it
<peanutb> now it says something about not being able to create a leases file.
<peanutb> and it is not serving ips
<qman> did you start the service, or just run "dhcpd"
<peanutb> i am running it through a gui config interface.
<peanutb> so probably dhcpd
<Kamping_Kaiser> eh.
<qman> try opening a terminal, and running "sudo /etc/init.d/dhcpd restart"
* peanutb messed around with it and now it works
<peanutb> thanks for your help
<qman> the error you got generally means for one reason or another the service doesn't have permission to the lease file or the folder it's in
<qman> which, often, results from running it as your own user instead of the special one, or root
<qman> it can also mean the service is already running, and has a lock on the file
<jtole_> hey guys
<jtole_> real quickly, is there a command to list if you have x package installed on your system
<jtole_> ?
<shawarma> dpkg -l x
<jtole_> thanks
<shawarma> It shows you the install status of the package.
<shawarma> 'ii' at the start of the line means it's installed.
<jtole_> ok
<jtole_> cool
<jtole_> muchos gracias as they say a lot here in miami
<shawarma> np
<steveire> Hey.
<`6og> hi.
<steveire> Hey. I want to install AMP on my laptop to try out some cmses etc. Can you point me to a better more up to date guide than https://help.ubuntu.com/community/ApacheMySQLPHP
<Burgundavia> that is still current
<steveire> Alright. Doesn't seem to know feisty exists though. Should I just install ubuntu-lamp and then pick up somewhere in that page?
<Burgundavia> yep
<Burgundavia> and feel free to fix up that page
<Burgundavia> it is a pubicly editable wiki
<steveire> So Can I configure apache to not start when I boot up? It sounds like a security risk?
<shawarma> steveire: See in /etc/defaults/apache2
<steveire> shawarma: Excellent. Anything else obvious I should do?
<shawarma> steveire: To accomplish what?
<shawarma> steveire: Ubuntu has a no-open-ports by default policy. If you haven't installed anything that listens for connections, then there's shouldn't be any.
<steveire> To get a good security setup.
<steveire> apache does, right?
<shawarma> Yes.
<shawarma> But I suppose you installed it because you want to serve web pages?
<steveire> Not really. I only want to try out some cmses etc on my laptop. I don't want anyone else seeing the content
<shawarma> steveire: Still, in that case you want apache to run, but not listen on anything but the loopback interface.
<shawarma> steveire: I believe it has a Bind directive in its main config.
<steveire> I installed these packages: http://pastebin.ca/514709. Any of them listen?
<shawarma> Only apache.
<shawarma> You can always see what's listening with "sudo netstat -lnp"
<steveire> Great.
<steveire> There's a lot in there.
<shawarma> Try tossing it onto the pastebin.
<steveire> Well I've moved on a bit. I tried editing ports.conf and commenting out Listen 80. Then init.d/apache stop and init.d/apache start. Now I don't think apache will start.
<shawarma> It won't. It checks /etc/defaults/apache2 to see if it should.
<shawarma> You could also 'update-rc.d apache2 remove'
<shawarma> And undo your changes to /etc/defaults/apache2
<steveire> I don't get it. I edited that file so it wouldn't start on every boot.
<steveire> I undid my changes and now I can start it again.
<steveire> Is there a configuration option to not start on boot, but allow it to start?
<shawarma> 'update-rc.d apache2 remove'
<steveire> http://pastebin.ca/514739
<steveire> Won't that just delete the curent configuration options?
<shawarma> 'update-rc.d -f apache2 remove'
<shawarma> steveire: no.
<shawarma> steveire: It'll just make it not start on boot.
<steveire> Really? How?
<ajmitch> by removing the symlinks in the /etc/rc2.d directory, which are used to start services
<steveire> OK. I'm parsing it differently now. Cheers
* ajmitch waves to shawarma 
<shawarma> hi, ajmitch!
<steveire> Now I'm back at wanting to see the server myself, but not broadcast it to the wider internet. Do I edit ports.conf?
<Burgundavia> hey shawarma
<shawarma> Hi, Burgundavia.
<ajmitch> steveire: yes
<shawarma> steveire: Prepend 127.0.0.1: to the port, and you're good.
<steveire> do I need to restart apache or anything?
<ajmitch> sorry, was called away from my desk :)
<ajmitch> hello Burgundavia 
<shawarma> steveire: so that it reads "Listen 127.0.0.1:80"
<shawarma> steveire: Yes.
<steveire> Hmmm. I just ran sheilds up and I'm still running apache and it said nothing was running on 80...
<steveire> I'm getting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName each time I start or stop apache. Is it notable?
<shawarma> steveire: sheilds up?
<shawarma> steveire: Nah, it's ok.
<steveire> http://www.grc.com/default.htm Half way down that page. It scans for open ports
<shawarma> steveire: If it's something that checks for open ports, it's likely to not bother with stuff that only listens on the loopback interface.
<ajmitch> plus it scans from the internet
<shawarma> ajmitch: Oh, I though it was a local program.
<steveire> netstat still says apache is listening on 80.
<shawarma> steveire: The entire point is that when only listening on the loopback interface,it can't be reached from the outside.
<ajmitch> nope, steve gibson's amazing online port scanner with advanced stealth capabilities & several helpings of marketing BS
<shawarma> steveire: Does it say 127.0.0.1:80 
<steveire> So what would it take for that to return a positive on port 80? Before I set it to listen only on lo it didn't detect anything.
<shawarma> steveire: ?
<steveire> shawarma: Yes. It does now
<shawarma> steveire: Are you behind a router or anything?
<steveire> Eh, yep.
<shawarma> That's it then.
<shawarma> You probably can't connect to your machine from the outside at all.
<ajmitch> hm, I suppose I should do a samba merge again
<shawarma> ajmitch: Someone should :)
<steveire> Ah right. Thanks for that. I might try on the other side of a router to convince myself of what I expect to happen.
<shawarma> steveire: knock yourself out :)
<ajmitch> shawarma: since I did the last one, I guess it falls on me again
#ubuntu-server 2008-05-19
<Ashfire908> Ok, I didn't know how to auto config it.
<Centaur5> From the reading that I've done I'm guessing that it would be either complicated or impossible to use ebox, pppoe, and internet sharing (proxy) together. Would I be correct on that?
<lamont> hrm...  for roughly the last 4 hours my server(?) install on hppa has been clearing the serial console... I wonder if that means that it's done... :(
<Kamping_Kaiser> :|
<saylar> hey guys.
<saylar> anyone here familiar with backuppc? this is driving me nuts. when i access the webinterface, apache isnÂ´t responding anymore
<saylar> i really donÂ´t see where this is coming from
<saylar> ok, now i managed to access apache again, backuppc is not running.
<saylar> as soon as i start backuppc again, apache is not responding anymore.
<Ashfire> Will radvd auto configure the 6to4 tunnel if the Base6to4Interface subnet option is set?
<squee> Does anyone here use ufw and nfs?  I'm having issues getting nfs to run while ufw is enabled (nfs is set to allow)
<Mater_TuX> hi alguien habla espaÃ±ol, hola i dont speak english i need help in spanish please
<Kamping_Kaiser> !es | Mater_TuX
<ubottu> Mater_TuX: AquÃ­ solamente hablamos inglÃ©s. Para EspaÃ±ol, por favor entre en los canales #ubuntu-es o #kubuntu-es - allÃ­ obtendrÃ¡ mÃ¡s ayuda.
<karlito> hi, just got a dns server up (BIND9). what is the proper naming of my NS host in the zone file. ns1 or the real hostname. ex : in the zones configuration file. ns1.mydomain.com myhostname.domain.com ?
<AtomicSpark> karlito, the server guide has a good write up on how to configure that
<AtomicSpark> let me get link
<AtomicSpark> karlito, http://doc.ubuntu.com/ubuntu/serverguide/C/dns-configuration.html
<karlito> tk
<karlito> mabey I ask my self to much why ? is that "ns" a convention ? if it is then better to stick with it.
<emgent`UDS> heya
<kraut> moin
<dendrobates> #uds-intrepid-server
<nijaba> nealmcb: http://wiki.lemonldap.objectweb.org
<nealmcb> nijaba: :)
<RockHound> has anyone else run into the infamous openldap syncrepl issues between 2.3 and 2.4? any solutions for this? I too quickly updated one branch office to hardy and now my replications fail which is a pita
<ivoks> do you have a bug report?
 * delcoyote hi
<RockHound> ivoks: ITS#5405
<ivoks> ?
<ivoks> link or something?
<ivoks> http://www.openldap.org/lists/openldap-bugs/200803/msg00019.html
<ivoks> this one?
<RockHound> or better: http://article.gmane.org/gmane.network.openldap.general/42845
<RockHound> http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5426
<ivoks> howard reported it?
<ivoks> heh, nice... he's right next to me :D
<RockHound> ;-)
<ivoks> i'll talk to him...
<RockHound> still at FOSS?
<ivoks> UDS
<RockHound> ah
<RockHound> and yes, I followed all advice which could be found to try and avoid the issue ... it is still there
<uvirtbot> New bug: #227613 in bacula (main) "SIGSEGV in bacula-fd" [Medium,In progress] https://launchpad.net/bugs/227613
<ivoks> ok...
<ivoks> could you please report the bug, and surbscribe me
<ivoks> so we could keep the track of it?
<ivoks> i'll add a patch today or during this week
<RockHound> ivoks: you meant me?
<ivoks> yes
<RockHound> ok will do
<RockHound> done
<CrummyGummy> Hi all, anyone sorted out this problem?
<CrummyGummy> Preparing to replace openssh-server 1:4.6p1-5ubuntu0.2 (using .../openssh-server_1%3a4.6p1-5ubuntu0.3_amd64.deb) ...
<CrummyGummy> Template #4 in /var/lib/dpkg/tmp.ci/templates has a duplicate field "template" with new value "ssh/vulnerable_host_keys". Probably two templates are not properly separated by a lone newline.
<CrummyGummy> dpkg: error processing /var/cache/apt/archives/openssh-server_1%3a4.6p1-5ubuntu0.3_amd64.deb (--install):
<CrummyGummy>  subprocess pre-installation script returned error exit status 255
<mok0> CrummyGummy: what release are you on?
<CrummyGummy> Gutsy
<CrummyGummy> openssh-server/gutsy upgradeable from 1:4.6p1-5ubuntu0.2 to 1:4.6p1-5ubuntu0.3
 * mok0 tries 
<mok0> CrummyGummy: I didn't have that problem
<CrummyGummy> sec
<mok0> This is the current version in gutsy: 1:4.6p1-5ubuntu0.5
<CrummyGummy> apt-get -f install outputs the following.
<CrummyGummy> Preparing to replace openssh-server 1:4.6p1-5ubuntu0.2 (using .../openssh-server_1%3a4.6p1-5ubuntu0.3_amd64.deb) ...
<CrummyGummy> Ok, thats the same as above...
<mok0> CrummyGummy: did you do apt-get update?
<CrummyGummy> yes\
<CrummyGummy> I think my upgrade is still stuck from Friday.
<mok0> CrummyGummy: well, the current release is -5ubuntu0.5
<CrummyGummy> apt-get dist-upgrade :
<CrummyGummy> openssh-server: Depends: openssh-client (= 1:4.6p1-5ubuntu0.2) but 1:4.6p1-5ubuntu0.3 is installed
<mok0> CrummyGummy: why don't you remove openssh-server completely and reinstall
<CrummyGummy> Looks like I need a downgrade
 * CrummyGummy is worried about getting locked out.
<mok0> CrummyGummy: do you have gutsy-updates in your list of repos
<mok0> ... and gutsy-security?
<CrummyGummy> yup
<mok0> ... and not some weird repo mirro that is lagging waay behind Ubuntus?
<mok0> s/mirro/mirror
<CrummyGummy> lemme revert to the original security repos. That could be the problem.
<CrummyGummy> Right, I just had to remove the debs I had in the cache. thanks :)
<mok0> CrummyGummy: good news
<egoleo> how do i install perl modules on ubuntu  since the cpan seems broken is not working for me
<egoleo> hardy server
<Kamping_Kaiser> if its packaged, from apt, otherwise cpan.
<Kamping_Kaiser> what does "broken" mean to you?
<egoleo> is not work
<egoleo> i get this error: Running make install make had return bad status install seems impossible
<\sh> you mean: perl -MCPAN -E ?
<egoleo> yeah
<\sh> which module?
<egoleo> i am now installing cpan itself
<egoleo> with Bundle
<\sh> I'll never do this...I'll package the module rather as debian package ;)
<egoleo> hmm
<egoleo> so where can i find all this debian packaged
<\sh> https://launchpad.net/~perl-jam <- this is the team + ppa for my project....I'll need to announce it still
<\sh> egoleo, if the cpan module is not in our archive, please file a wishlist bug [NEEDS PACKAGING] <perl module name> ... provide all infos (where to download etc.) and I'll probably will take care about it
<egoleo> but i need it now
<\sh> download the tar ball and compile it manually then
<\sh> with cpan
<\sh> perl Makefile.pl is an easy task
<\sh> you should make sure you have all necessary build tools on your system...
<egoleo> and where do i get that from
<\sh> egoleo, if it's not CPAN, you get those modules from www.cpan.org
<\sh> search.cpan.org for a search interface
<egoleo> ok
<egoleo> but how is it done or install cpan for the first time
<\sh> and build system is apt-get install build-essential + necessary -dev packages for the deps
<\sh> cpan is something like perls module management
<\sh> (like gem for ruby)
<\sh> you actually don't need it to build perl moduels
<egoleo> ok
<\sh> anyways../me goes home now, and tries to get some painkillers....
<egoleo> hmm
<egoleo> so how did u install urs
<\sh> egoleo, again...I'll download the tarball of the module and start perl Makefile.pl ; make ; make install (if you want that), or I'll package it cleanly in debian packages and hopefully push it to ubuntu :)
<egoleo> ok
<\sh> egoleo, anyways../me really needs to go to a doctor now...you can reach me via eMail...check LP http://launchpad.net/~shermann
<egoleo> thnx
<sergevn> Is it possible to check your filesystem if it's mounted?
<sergevn> or is this discouraged?
<Alblasco1702> \sh: i want to install mod perl too bud i don no what i had to say when he ask me for: Please provide a full path to 'apxs' executable
<CrummyGummy> Any ideas why ipac-ng isn't in hardy? I don't see anything on lauchpad.
<egoleo> hello
<egoleo> i have finally installed the perl modules through CPAN
<coffeedude> dendrobates:  hey.  How are things  @ UDS ?
<dendrobates> coffeedude: things are going pretty well.  I wish I had a chance to talk to you before I left though.
<sergevn> sorry for disconnects
<coffeedude> dendrobates: if there is a number I can call you at, I will.  Or if you have skype we can do that.
<Lunarizing> Anyone in here feel like helping a newbie?   =)
<Konam> hi, what permissions does --gid 450 give to a certain group?
<giovani> Konam: ... none ... that's telling some application that you want to use group id 450
<giovani> that's not a permissions statement
<Konam> giovani it's just that I saw it here: https://help.ubuntu.com/community/AdvancedOpenSSH#head-bb07462f59fb73d2b3e6b241672a0d09947e619b
<giovani> if you read the instructions: "Finally, in another example, you could configure your OpenSSH server so that only users belonging to a certain system group would be allowed to login via ssh. In this example, we'll perform all the steps required to allow ssh logins only to users who are members of the group sshlogin."
<giovani> it's clear what's going on
<giovani> sudo addgroup --gid 450 sshlogin
<Konam> I know
<Konam> :)
<giovani> the "-gid 450" has nothing to do with permissions
<giovani> ... no ... that's why you asked
<Konam> I just wanted to know what did --gid 450 did
<giovani> I just told you
<Konam> there's no reason to specify anything
<giovani> ... yes there is
<Deeps> system groups are (by convention) < 1000
<Konam> you could just create the sshlogin group with 'sudo addgroup sshlogin'
<Deeps> if you dont specify a group, it'll autopick > 1000
<Deeps> gid*
<Deeps> hense why it specifies
<Konam> thanks Deeps
<giovani> Konam: this has nothing to do with permissions ... you asked about permissions
<Deeps> of course, the problem begins if you already have a gid 450
<Konam> that was what I was asking for
<Deeps> you asked the wrong questions then#
<Konam> my bad
<Konam> sorry
<Deeps> giovani answered your question
<Deeps> np, alls well that ends well
<Konam> what would happen if that group gets a >1000 gid?
<Deeps> ismilar end result to dividing by 0
<Deeps> (the end of the world)
<Konam> jajaja
<Deeps> i kid, nothing, it just gets 'messy'
<Konam> ok
<Konam> and about that link I want to know, I create the sshlogin group but I try to add an user that isn't on the server but on my network, it doesn't work
<Konam> I will have to create an user on the server for every user from what I might login from my network?
<Deeps> unless you use a centralised authentication system like ldap, yes
<Konam> Deeps and there isn't a way to make sshd ask me for a user and a password when login
<Konam> ?
<Deeps> it does that already when you connect and attempt to login
<Konam> it ask for a password but not an user
<InsomniaCity> it gets the user from your local user by default
<InsomniaCity> you can change it with username@host
<Deeps> i defer you to the city that never sleeps
<Deeps> his patience is never ending
<InsomniaCity> his stomach is also hungry, and will shortly departing along with the rest of his body for some dinner
<InsomniaCity> +be
<Konam> InsomniaCity that's a directive included in the default sshd_config file?
<InsomniaCity> Konam: no, thats client behaviour.
<InsomniaCity> for example, ssh on Linux uses your local username by default
<InsomniaCity> putty asks you for it each time, unless you configure it
<InsomniaCity> etc
<Konam> I couldn't notice that it ask for a username and passworkd because I have the same username in the server and in the desktop
<Konam> InsomniaCity how do I add the username@host option?
<Konam> just like that (user@given_host) in the ssh_config?
<fromport> ssh user@host.domain
<InsomniaCity> If you want to configure it, read 'man ssh_config'
<InsomniaCity> If you just want to do it on the fly, just use it on the command line, eg 'ssh differentusername@host'
<bicz> or -l
<bicz> like ssh -l user host.com
<brocebeats> hey I just installed apache and everything works great but i am running a php site that requires db access.  my file with all the passwords is in a folder called includes.  and right now i can go to mywebsite/includes and it gives me a directory listing.  How do i stop that so it just gives an error.
<Mastacheata> You have to disable directory listing for that directory, either by .htaccess or apache configuration
<Mastacheata> But thats merely a Ubuntu Server specific question
<Mastacheata> The Directive is called Indexes
<Mastacheata> You could put <Directory "/PATH/TO/DIR"> Options -Indexes </Directory>
<Mastacheata> hope that helps
<Mastacheata> if not try #apache
<Deeps> brocebeats: better yet, remove the includes directory from being visible to people accessing your website
<brocebeats> i have to have them visible b/c of postcommit jargan
<brocebeats> it was like that before
<Deeps> it's a bad idea
<brocebeats> so I never noticed
<brocebeats> all my dbpasswords require local host and ect
<brocebeats> but i still dont like sharing
<Deeps> what you're suggesting is the equivilant of pinning your passwords on a noticeboard and covering it with a sheet
<Mastacheata> you don't like sharing? You share your passwords in those files with the whole world regardless of removing directory index. everyone can access the files from the web
<Dombre> hey I was wondering is there a way to set up ubuntu server to act as a NAS?
<giovani> Dombre: sure ... all of the different file/block-level servers you could want are provided
<giovani> what kind of protocol are you wanting to use?
<Dombre> samba, its going to be serving windows xp clients
<giovani> well, samba is available in ubuntu ... so there's no problem
<Dombre> cool
<giovani> https://help.ubuntu.com/community/SettingUpSamba
<Dombre> ya I'm doing some work for a company they want a NAS server so I pitched them the idea of useing linux to keep costs down and they liked it.
<giovani> do you have previous experience with samba?
<Dombre> not much more than setting it up for file sharing
<Dombre> I've been runing ubuntu on the desktop end for 3 years now
<Dombre> havn't really done much server work with it.
<uvirtbot> New bug: #232018 in squid (main) "squid 2.6 - can't start with coss file system" [Undecided,New] https://launchpad.net/bugs/232018
<giovani> alright
<uvirtbot> New bug: #232032 in dhcp3 (main) "package dhcp3-server None failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/232032
<seany> any one messed with software raid performance tuning ?
<giovani> seany: google has an incredible amount of information on that topic
<seany> it almost has too much
<Deeps> lol giovani
<seany> i'm just scratching my head as to why this aray is rebuilding @ 100k/s :(
<seany> " [>....................]  resync =  0.0% (74240/245111616) finish=40213.1min speed=101K/sec"
<seany> thats just shy of a month...
<InsomniaCity> seany: are you reading/writing to it at the same time?
<seany> nope
<Deeps> lol, 28 days, nice
<seany> fresh box, no partitions on md0
<ryoohki> i using ubuntu server 8.04( hardy heron) and want to use nis for authentication which apache2 do i need to apt-get install?  this is for twiki-4.2.0
<giovani> ryoohki: there's only one apache2
<ryoohki> giovani: i'm in error, i should have writen "which apache2 module do i need to apt-get install to authenticate against nis password files?  this is for  twiki-4.2.0 on ubuntu server 8.04( hardy heron)"
<giovani> that's probably a question for #twiki
<giovani> as in ... what you need to do authentication to NIS
#ubuntu-server 2008-05-20
<giovani> apache has modules for pam, etc, I don't know how twiki handles all of its authentication
<ryoohki> giovani: thanks!
<giovani> twiki is probably using a perl module, because it's written in perl ... but talk to them
<Konam> ssh doesn't load my rsa key wtf?
<Konam> I can't see what is wrong
<Konam> it tells me 'could not load hostkey: path_to_rsakey_created'
<starz> o:
<karlito>  Hi. I set up a bind server. stop working. syslog = unexpected RCODE (refused) 209.61.242.77#53. is that because my domain is unregister for now and I got kick ? anyway a restart make it work again... I would better like to understand what happen
<starz> hey whats a good free reseller control panel?
<karlito>  I set up forwarder for my ISP, but some of the address I got in the syslog are outside the ISP range I give in the option file
<mathiaz> nealmcb: http://code.google.com/p/pyrering/
<twb> Is there a reasonable alternative to logcheck that isn't so worryingly slow?
<twb> logwatch seems to blow rather hard.
<_ruben> twb: we use SEC here at work without any problems
<twb> _ruben: how hard is it to roll out?
<_ruben> not that hard: sudo apt-get install sec
<twb> _ruben: well yes, but presumably you also configure it a bit.
<twb> _ruben: I mean, just as an example, thttpd has a logwatch ignore entry but not any equivalent for sec.
<_ruben> the config takes a bit of getting used to .. but once you get your head around it, it can do pretty much everything you want
<kraut> moin
<twb> _ruben: I'll take a look at it, thanks.
<_ruben> twb: its performance is quite good imo .. we use it on a central log server for (rough estimate) 150 hosts
<twb> Cool, that's around the order of hosts I am rolling out
<_ruben> (kinda lost count of the number of servers we got)
<twb> I know that it needs to run on the order of ten minutes (rather than hourly/daily), so that our spooks can respond to attacks in "near real-time".
<_ruben> we have it running at 15 minute intervals
<twb> Cool.
<_ruben> hmm .. seems we dont have that much logging traffic as we used to .. only ~30megs a day (mostly windows boxes)
<twb> Oh.
<twb> Here, with a test setup of two hosts, I have 16MB of syslog after about two days
<twb> My plan B is to have syslog-ng filter a bunch of ignorable events out before they get into syslog
<_ruben> 131 unique hosts in yesterday's log
<_ruben> windows servers tend to be rather quiet, logging wise
<_ruben> twb: btw, SEC runs realtime .. we just have it send accumulated reports every 15 minutes
<_ruben> you can have realtime (email/pager/whatever) triggers
<twb> _ruben: OK, that's a Good Thing for my setup.
<_ruben> like when a failed disk message appears in the syslog, it sends out an email to a special mailbox
<_ruben> one downside could be that you'll have to write 99% of the rules yourself, havent seen any packages that came with SEC filters/examples
<_ruben> this opposed to say logwatch, which is very common in having ignore files shipped with packagew
<_ruben> packages
<_ruben> but at least this way you'd know what you do/dont ignore ;)
<ivoks> zul: bug number? :)
<zul> ivoks: https://bugs.edge.launchpad.net/ubuntu/+source/apache2/+bug/230878
<uvirtbot> Launchpad bug 230878 in apache2 "Apache 2 produces an OOM after 4 hours using" [Undecided,New]
<twb> _ruben: oops, guess what
<twb> _ruben: I forgot to remove my simulated DOS attack from syslog
<twb> To wit: yes ATTACK | logger
<milestone> hi all
<twb> Now I only have 3MB of log, not 16MB ^_^;;;
<milestone> i am unable to compile drbd0.7-module-source with ubuntu hardy using module-assistant a-i drbd0.7-source
<milestone> this is my problem http://linux.derkeiler.com/Mailing-Lists/Ubuntu/2008-05/msg01579.html
<milestone> exactly
<milestone> is there any reason that the new drbd module 8.2.5 has not made it into hardy? http://packages.ubuntu.com/search?keywords=drbd8-module-source&searchon=names&suite=all&section=all
<zul> its inclded in the linux-ubuntu-modules you shouldnt need to compile the module
<_ruben> twb: haha ;)
<twb> logcheck is still mighty slow, though :-(
<milestone> my main problem is now that i have compiled the module by hand and when i want to migrate the meta-disk i am getting http://pastebin.com/m1947af59
<uvirtbot> New bug: #232134 in openssh (main) "ssh behaves as if key is encrypted when permissions are set incorrectly" [Undecided,New] https://launchpad.net/bugs/232134
<milestone> zul, 8.0.11 is rather old, don't you think?
<zul> milestone: I dont think so
<milestone> actual released version by linbit is 8.2.5
<zul> you could always grab the source I dont think there will be a newer version of drbd8 in hardy anytime soon
<milestone> zul, is there any reason?
<milestone> incompatibilities
<milestone> ?
<milestone> i think i will just mount the underlying device and use nfs
<zul> milestone: because hardy only gets bugfixes basically
<twb> Which is as it should be, amen.
<stefg> hi, i'm using xrdp for a remote desktop on our samba-server here. The problem i'm facing is that, although i get the Desktop in german (as intended) when logging in locally. the remote session over xrdp/tightvnc always gives me an english session. I'm a bit clueless where to look. Is that an xrdp, a tightvnc or a gnome-session setting which needs to be looked at?
<twb> stefg: what does "locale" report when run in the remote user's shell?
<stefg> ... mom ...
<twb> I do not understand your second remark.
<stefg> twb: a germish acronym for 'wait a moment' ... ah, and i have LANG=<> (nothing) and everything else set to posix ... so you tracked down something it seems
<twb> OK, for a standard shell user, you'd edit ~/.profile or ~/.bash_profile and add something like "LANG=de_DE.UTF-8".
<twb> ...and "export LANG".
<twb> Unfortunately, most X sessions do not read these login scripts.
<twb> If everyone on the remote server should get a German locale, you can try "dpkg-reconfigure locales" to change the default locale; I think this edits /etc/environment.
<twb> Otherwise, you will have to work out which (if any) user dotfiles are read by xrdp... start by looking at .Xclients/.xinitrc/.xsession.
<stefg> twb: that's the point. via ssh or ssh -X everything is nice ... all german. but i need remote access from windows-boxen using the rdp client. and the guy usually taking care of the server isn't any good at english
<twb> ssh -X preserves your LANG variable from the local host.
<twb> IOW it works by accident.
<twb> I still think you should approach the problem by editing dotfiles or reconfiguring the locales package, as I described above.  Do you have a reason to think this will not work?
<stefg> twb: hmmm... so i chose german when installing the server, as default system language, have all lang-packs in place , and everything (including console messages) is german at the local console and via ssh. only xrdp seems to ignore the lang-settings
<twb> stefg: ah, that is useful information.
<stefg> btw, i reconfigured locales just to find ...up-to date
<twb> stefg: what is the contents of /etc/default/locale ?
<stefg> twb: LANG=de-DE.UTF8 , LANGUAGE="de-DE:de:en_GB:en"
<twb> OK, that's good.
<twb> I haven't looked at xrdp lately; have you looked at its config files?  Perhaps it explicitly overrides the locale by default.
<stefg> twb: so it might be some bug with gnome-settings-daemon and xrdp... although i'm not sure if gnome-settings-daemon affects gnomes language setting
<twb> You can check by disabling gnome and using a failsafe xterm session
<stefg> good idea
<stefg> hmm... that's going to take a while.
<stefg> twb: tanks so far, you've put me on the right track. i guess it has something to do with .dmrc not being honored over xrdp
<mm_202> This has probably been asked about 100s of times before, but where can I find a _decent_ guide for dhcp3 + bind9 for 8.04?
<sommer_> mm_202: https://help.ubuntu.com/8.04/serverguide/C/index.html
<sommer_> mm_202: there are seperate sections for DNS and DHCP
<sommer_> mm_202: should get you started anyway
<mm_202> heh, yes. been there.  But its okay.  I'll figure it out.
<mm_202> Thanks.
<sommer_> mm_202: if you have specific questions feel free to ask... someone probably knows the answer :-)
<mm_202> Well Im just trying to figure out why the hell I cant get my dhcp leases to automatically register themselves with bind.
<mm_202> Ive tried it before with 7.10 and Ive never had any success with it.
<ivoks> http://my-mili.eu/matt/docs/dynamic-dns-with-dhcp-and-bind-9/
<sommer_> mm_202: ya, I've never done that myself
<sommer_> ivoks: :)
<Deeps> it's fairly straight forward
 * Deeps looks up his config
<mm_202> hmmm
<mm_202> Deeps: would you mind looking at my config?  Pastebin of course..
<mm_202> Somewhat random question, but does anyone else find apparmor irritating as hell?
<sommer_> nope... see the AppArmor section for more details :-)
<Deeps> mm_202: http://pastebin.org/37244
<Deeps> thats the relevant bits that i have in bind+dhcp that do dynamic zone updating, both forward and reverse
<mm_202> lol, sommer_, Im not new to ubuntu server :P
<Deeps> any windows machines that connect to the network and ask for a dhcp lease automatically get machinename.truman.lan dns forward+reverse assigned
<Deeps> linux machines by default dont due to the way the dhclient defualt config works
<mm_202> hmm, I think I see my problem.  I have {key "rndc-key"; };
<Deeps> send host-name "<hostname>";
<Deeps> i believe is the relevant directive for dhclient
<mm_202> ok, danke, give me a minute to try that.
<ren0r> hi everyone.
<ren0r> i'm using ubuntu-server. when i create a dir under /var/run, the directory is shown and everything is fine. after reboot, the directory is deleted. how can that be?
<mm_202> ren0r: there may be some script in /etc/init.d/ that is clearing it out.
<ren0r> there are a lot of scripts, ye. maybe a script in /etc/rc0.d/? - is there a well known mechanism which controls the contents of /var/run/ or s.th. like this?
<mm_202> Give me a moment and I'll check.
<ren0r> if i'm right, every f*cking startscript in /etc/init.d, which locates it's pid-file in a subdirectory of /var/run/, creates the needed directory itself?
<mm_202> yep.
<ren0r> rofl
<mm_202> I know that almost all the scripts mkdir something into /var
<ren0r> i can't stand that. might be a security-reason, but that sounds wired.
<_ruben> iirc /var/run (and some other dirs) are mounted with tmpfs and thus only exist in memory
<_ruben> got bitten by it the other day .. or well, that was /var/lock/ .. some init scripts dont check for eg /var/lock/subsys/ and dont create it if needed .. worked around it by writing a small bootscript that mkdir'ed /var/lock/subsys
<ScottK-uds> _ruben: If that happens, it's a bug that needs to be reported.  Please report bugs against the package if you didn't already.
<_ruben> ScottK-uds: one of the packages was 3rd party (dell omsa), but openipmi seemed to be affected by it as well
<ScottK-uds> _ruben: I know Dell is interested in getting their stuff correct too, so I'd suggest reporting it to them too.
<_ruben> ScottK-uds: hmm .. wonder why dell isnt offering .deb files themselves then .. the ones i use are made by sara.nl
<_ruben> dell isnt really caring about linux on servers (yet) i think
<ScottK-uds> Ah.  They do have an Ubuntu repository (at least for their desktop offerings).
<_ruben> i hope they'll come up with smth similar for their server stuff
<ScottK-uds> I wonder if it's stuff that could be gotten into the Ubuntu repository?
<_ruben> mostly a licensing issue i guess? all i know they provide rpms for suse and rhel
<ScottK-uds> If the packages are distributable, then it should be possible.
<_ruben> sounds fair enough
<_ruben> once my current projects are finished, i'll take another look at it
<ScottK-uds> They don't yet officially support Ubuntu servers, I can understand why Dell doesn't provide it.
<_ruben> yeah
<ScottK-uds> You might file a 'needs-packaging' bug against Ubuntu about the package.  That will get there to be some visibility to someone that might be interested in packaging it.
<ScottK-uds> Or if you're interested in learning ....
<_ruben> i am, currently dont really have time for it tho .. *cry* .. tho i am getting experience with packaging (mostly fixing custom packages) bit by bit
<ScottK-uds> In #ubuntu-motu we help people with learning how.
<_ruben> did some packaging of openswan 2.4.x/2.5.x/2.6.x versions ..
<_ruben> i know .. been idleing there for some time now
<_ruben> picking up bit of knowledge every now and then :)
<ScottK-uds> Ah.
<ScottK-uds> Great.
<daffy> hi all
<mm_202> Hi daffy.
<daffy> :)
<daffy> i've a problem with a routing isp
<daffy> i've 3 acces internet, wanadoo, free and oleane
<daffy> but the public ip for wanadoo is 217.x.x.x and his gateway is in 193.x.x.x
<daffy> -_-
<mm_202> ok..
<daffy> the problem is, wanadoo is configuring on a virtual NIC
<daffy> and the router don't understand why the gateway is not on a same network of ip public
<mm_202> hmm, I havent messed with virtual NICs, so I dont think I can help you much.  But Im sure someone in here can.
<daffy> ok :)
<daffy> shitting isp ^^ why the gateway is not on the network of ip public xD
<Deeps> if your nic is eth0
<gatewayer> i am on the network ^^
<Deeps> you can make a virtual interface by simply appending :X to it
<Deeps> eg, eth0:1
<daffy> yes i make this Deeps
<daffy> but when a ping the gateway of wanadoo, my source ip adress si eth0
<daffy> not eth0:1
<daffy> :/
<daffy> i've game with ip route , iptable ...
<daffy> but nothing
<Deeps> ping -I eth0:1
<Deeps> or ping -I ip.address.on.eth0:1
<Deeps> force which interface to use
<daffy> yes, it's possible this work
<Deeps> thats a very wierd configuration though, assigning effectively 2 public ips
<daffy> but i would like to do "ip rule add from my_ip_local_network lookup T2" (T2 is the table where is configuring wanadoo)
<daffy> i speack english very bad :/
<mm_202> Deeps: THANK YOU.  That fixed it.
<Deeps> haha, long minute
<mm_202> yeah, had some work problems I had to deal with :)
<Deeps> you'd have probably been able to diagnose that the issue was with the rndc key by looking at syslog btw
<Deeps> dhcpd would have spat out some errors about being unable to update the zone
<mm_202> no, the syslog didnt show anything
<Deeps> you might have needed to enable a higher level of syslog output ;)
<mm_202> But Im sure if I messed with the logging, that I would of gotten it
<mm_202> heh, yeah
<Deeps> all's well that ends well
<cyris|> morning ubuntu server users
<Wicky656> Morning
<mm_202> Mornings suck.
<cyris|> Wicky656, they sure do
<Wicky656> at least I didn't get paged last night
<Wicky656> anyone have problems with apt-mirror hanging when run from cron?
<zul> ivoks: http://people.ubuntu.com/~chucks/bacula.diff
<android6011> what are the disk space requirements for hardy server?
<cyris|> android6011, recommended 8gig
<cyris|> android6011, https://help.ubuntu.com/community/Installation/SystemRequirements
<android6011> ok thank you
 * delcoyote hi
<Zta> How do I regenerate my Courier SSL certificates?
<Zta> /usr/lib/courier/imapd.pem I think
<Zta> found out
<spiekey_> hi
<spiekey_> has anyone an  idea whats going wrong here (vmware module)? http://pastebin.ca/1024013
<RoAkSoAx> spiekey_, http://ubuntu-tutorials.com/2008/05/03/install-vmware-server-105-on-ubuntu-804-hardy/
<spiekey_> thanks
<spiekey_> any idea if vmware server 2.0 works  ?
<spiekey_> (beta)
<stickystyle> spiekey_: my impressions from the server beta forums is that its flakey on all platforms.
<stickystyle> I personly had problmes with it on 6.06
<spiekey_> thanks ;)
<hotmonkeyluv> I can't seem to mount my ntfs partitions when installing 8.04, is that normal?
<good_dana> hotmonkeyluv: no
<hotmonkeyluv> i see
<hotmonkeyluv> good_dana: Might there be a way to force it?
<good_dana> how are you trying to mount them now?
<hotmonkeyluv> here is the error msg: http://ubuntuforums.org/showthread.php?p=5004564#post5004564
<hotmonkeyluv> what do you mean good_dana
<hotmonkeyluv> the options that i have for the partition are: use as=ntfs, mount point=/windows, bootable flag=on
<hotmonkeyluv> good_dana: and I can resize, copy, erase, or delete the partition too. (and resize works)
<good_dana> yeah, that doesnt make sense, do you have any other nfts partitions you can try and mount?
<igor47> does anyone know how to get the ssh-vulnkey utility on an edgy server?
<hotmonkeyluv> I had 2, but i got fed up, so I converted one to ext3
<hotmonkeyluv> I couldn't mount that one either
<hotmonkeyluv> same msg, different numbers
<Nafallo> igor47: edgy is EOL fwiw :-)
<igor47> Nafallo: oh hmm.  i suppose i'd better upgrade that box then
<Nafallo> ya
<hotmonkeyluv> good_dana: do you have any ideas?
<good_dana> hotmonkeyluv: sorry, no
<hotmonkeyluv> good_dana: *sigh*
<hotmonkeyluv> is it easy to manually mount scsi partitions via the cli?
<hotmonkeyluv> good_dana: cause I think i'll just do that
<_CitizenKane_> I just installed pecl onto ubuntu server 7.10 and when I try to run it, it immediately segfaults, does anyone know how to fix this?
<xenocampanoli> Question about user daemons:  Is there a standard tool for making a user daemon part of system startup?  I have a bunch of mongrel servers I want to start simultaneously with apache2 for an internal admin system, but I want them running off their own accounts if I can...???
<ScottK-uds> _CitizenKane_: It works on most hardware.  What is the exact error you're getting (what is the "It" that segfaults)?
<_CitizenKane_> ScottK-uds: the pecl command segfaults
<ScottK-uds> So the basic system runs OK then?
<_CitizenKane_> ScottK-uds: ya, otherwise the system is solid
<ScottK-uds> Pecl isn't an Ubuntu package, though, is it?
<_CitizenKane_> ScottK-uds: it is part of the php-pear packe
<_CitizenKane_> package*
<ScottK-uds> Ah.
 * ScottK-uds isn't a php user.
<ScottK-uds> I'm looking to see if I can find a relevant bug.
<_CitizenKane_> ScottK-uds: thanks
<ScottK-uds> _CitizenKane_: It appears to work for other people.  I'd suggest you file a bug in Launchpad with as much detail as you can muster on what happens and the steps to recreate it.
<ScottK-uds> The server team is usually pretty good about getting to bugs in supported packages.
<_CitizenKane_> ScottK-uds: will do, thanks again
<timboy> I've got a question. my webmail account sends mail fine but when I set up my account in outlook I get the messages back with saying it "was considered unsolicited bulk e-mail (UBE)."
<hotmonkeyluv> I want to install fluxbox, what is the xserver thingie i need to install? is it xorg or X11 or what?
<starz> could someone explain the implications of installing package hardne?
<timboy> I've never seen this before but it never fails from outlook... is it an outlook issue? or is it an issue with my mail server?
<timboy> the dot code is 5.7.1
<timboy> not that I know of. My sister uses outlook 2003 and has no issues...
<ScottK-uds> Dear lamont: Please make hppa buildd able to install base files: base-files: Depends: libpam-modules (>= 0.79-3ubuntu3) but it is not going to be installed
<ScottK-uds> http://launchpadlibrarian.net/14626671/buildlog_ubuntu-intrepid-hppa.libnet-dns-perl_0.63-1build1_CHROOTWAIT.txt.gz
<ScottK-uds> timboy: I'd suggest checking your server logs and see if Outlook is really sending it through your server.
<timboy> ScottK-uds it's not... so it seams it's an outlook issue. I just installed thunderbird and it worked fine...
<ScottK-uds> So look into your Outlook setup.
<ScottK-uds> Moral of this story is, of course, don't use Outlook.
<ScottK-uds> timboy: What version of Outlook and are you using SMTP Auth?
<timboy> scottk-uds: "Gay 2007" i think is the rightful name and yes smtp auth
<ScottK-uds> OK.  If it's 2007 it can use regular starttls.  It doesn't need smtps.  Are you connecting via port 25 or 587?  Port 25 is often blocked or redirected by ISPs.
<timboy> 25
<timboy> but thunderbird worked fine on 25
<lamont> ScottK-uds: sigh
<lamont> ScottK-uds: if you see infinity, feel free to ask him if he knows about that
<ScottK-uds> OK.  Then I guess I'd check and make sure you have the hostnmae right.
<ScottK-uds> lamont: It's gone midnight here, so certainly no time son.
<ScottK-uds> son/soon
<lamont> ScottK-uds: right.
<lamont> and time to fetch kids, I think
<ScottK-uds> Good luck with that.
<ScottK-uds> Not sure if that means you come back with them or not.
<mok0> soren around=
<mok0> s/=/?/
<xenocampanoli> Question about user daemons:  Is there a standard tool for making a user daemon part of system startup?  I have a bunch of mongrel servers I want to start simultaneously with apache2 for an internal admin system, but I want them running off their own accounts if I can...???
* dani changed the topic of #ubuntu-server to: Ubuntu Server discussion and support || For general (not servehir specific) support visit #ubuntu || Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved || Guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html || http://www.catb.org/~esr/faqs/smart-questions.html ||  Be patient.  Don't ask to ask, just ask.  || server guide: http://tinyurl.com/65jzxw || https://wiki.ubuntu.com/ServerTeam
<dani> hi
#ubuntu-server 2008-05-21
<fry_> hi
<fry_> i need some help with a raid 1 /boot partition. sorry if i'm rude.
<mok0> fry_: afaik you can't have /boot on raid
<fry_> well, it worked perfectly until a kernel reinstall
<fry_> (a bad one)
<mok0> fry_: hm, ok
<fry_> i managed to start the system, by touching the grub.lst in one of the hds
<mok0> fry_: great
<fry_> but i didnt touch the other
<fry_> and now something very odd is hapenning with the touched file
<mok0> spooky
<fry_> and i cant restart the system until i make the same process again
<fry_> (sorry 'bout my speech)
<mok0> fry_: but why did you put /boot on a raid1?
<fry_> something to do with a boss
<mok0> fry_: it doesn't need to be fast
<fry_> nope, but they wanted it to be redundant
 * Nafallo will not say anything about hardware raid at this point.
<fry_> well, we tolk a lot
<fry_> and tolk again
<Nafallo> tolk?
<mok0> fry_: if you meddle with the files on one of the volumes you are asking for trouble
<fry_> and we never get to anything
<mok0> talk
<fry_> well, now i know
<Nafallo> ah. that's what I thought
<fry_> and -of course- it is a high availability server whith no downtime. ever.
<ScottK-uds> What does accessibility of /boot to do with reliability?  You don't need /boot to run, just to boot.
<fry_> i'm learning  by the hard way
<fry_> well, ang got to that point, maybe just the valuable data must be mirrored
<ScottK-uds> It's no problem to mirror everything else.  Just not /boot.
<fry_> perhaps gettig / in a standard partition
<fry_> i'd appreciate ideas to get this rebooting alone
<ScottK-uds> It depends on what you are trying to accomplish.
<ScottK-uds> lamont: From the build failure mail I'm getting it may be everything in hppa failing for that reason now.
<Konam> I can't access to ebox, in a default installation in hardy
<Nafallo> you need to install it.
<fry_> hppa ?
<Konam> Nafallo Is installed
<Konam> Â¬Â¬
<Konam> on the server, AFAIK the only place where you have it installed
<Konam> the browser can't find the directory
<fry_> sorry
<Konam> it may well be the port, but I haven't configured or installed a firewall on my server
<ScottK-uds> fry_: hppa is the HP PA-RISC architecture.  It's not doing so well in the development release at the moment.  These things happen.
<fry_> thnx, i did'n want to get in middle
<ScottK-uds> AFAIK, the ubuntu-server channel is unique in that there's development work and user support on the same channel.
<fry_> my politeness needs some rusteeze
<ScottK-uds> fry_: No problem to ask.
<fry_> i'm thinking about removing the buggy sda1 md partition and making an ext3, but i think i can get into more troubles with mdadm
<mr_collins> can anyone help with a compiling question?
<ScottK-uds> He wasn't very patient.
<fry_> no
<fry_> it sound's that bad?
<ScottK-uds> I've never done it, so I've got no opinion.
<fry_> thanx
<dsr2000> hello all
<compaqr4000> I am running open office calc via a ssh session and it keeps "greying out" every about 15 seconds.  It does so for about 10 seconds.  Why would that be?
<uvirtbot> New bug: #232391 in openssh (main) "DSA keys are not immediately rejected by ssh in workstation" [Undecided,New] https://launchpad.net/bugs/232391
<compaqr4000> uvirbot, this is not the problem where you just have to delete the known hosts entry in the .ssh directory?
<Kalamansi> hello i installed ubuntu 8.04. i dont know what key to press in installing all the packages of the server like lamp,openssh printer etc...so i hit the key X - no luck.. i did cntrl+x - same thing no response from the computer.so what i did is i press "enter" and after that done installing..how to install all the list of packages?is it okay i will reinstall the ubuntu server and press the spacebar so i could install all the packages?thanks
<sten_> Hi.  I'm wondering what the easiest to setup mailing list implementation is.  I already have a working postfix + dovecot + squirrelmail
<sten_> (and I don't need virtual users, or domains)
<sten_> can it be done with just postfix and procmail?
<Kalamansi> sten_ all americans here.they must be sleeping now
<Kalamansi> hows canada this time sten_?
<sten_> well, it's just about midnight.  I'm just trying to throw together and quick and dirty mailing list (for a club).  I don't mind if it's completely manual...  Something like adding a user to both an aliases map, and maybe a procmail rule to drop all mail which doesn't come from the manually added list
<sten_> Kalamansi: it's actually going to be using a real user, and fetchmail to get the mail ;-)  (very "not enterprise", but I know it's possible for it to be reliable enough)
<sten_> Kalamansi: what country do you live in?
<Kalamansi> im from philippines and its 2pm here.sunny day damn hot
<sten_> mm, I can imagine.  Humid too.  I'm living in a very dry and windy part of Canada, so -- so long as one drinks enough water -- the heat isn't bad. (40C is about as hot as it gets)
<specialKevin> sten_: I would look at mailman
<specialKevin> sten_: I have always just used mailman when setting up mailing list
<Kalamansi> hi specialKevin
<Kalamansi> i thought yo were in the club
<specialKevin> Kalamansi: what club
<specialKevin> the should be a sleep club ;)
<sten_> specialKevin: I thought that it might be overkill for my small list, but I'll take another look.  Do you know of a good howto?
<specialKevin> sten_: how many people are on this list
<specialKevin> you could just use the alias file
<specialKevin> list: addy1, addy2, ...
<sten_> specialKevin: currently less than a dozen, and certainly never more than 24.
<Kalamansi> specialKevin like going out with friends going to the club, bar hopping, time to relax in the real life and back in internet
<Kalamansi> hehe
<specialKevin> but then you have to manage them all your self
<specialKevin> Kalamansi: well that usually doesn't happen on a Tuesday evening
<specialKevin> and I have been busy working on stuff tonight
<Kalamansi> specialKevin it happens alot here
<Kalamansi> specialKevin stuff like what
<specialKevin> Kalamansi: glad to hear that you think I have a life though thanks ;)
<Kalamansi> cabling?
<Kalamansi> specialKevin server configuration?
<specialKevin> Kalamansi: working of my task for Foresight linux and research radius and splunk
<specialKevin> sten_: https://help.ubuntu.com/community/Mailman
<sten_> specialKevin: hmm.  I guess the big thing for me, is that I don't want list members to recieve spam from non-list members through the list...do you think that mailman is easier than maintaining an ever-growing procmail rule?
<sten_> specialKevin: thanks for the link :-)
<specialKevin> sten_: most likely yes
<specialKevin> sten_: I would setup mailman then it will be easier to maintain
<specialKevin> Kalamansi: your questions above about installation were you able to figure it out
<sten_> specialKevin: I'm going to take your advice.  Here's one caveat though: I'm running this server on a residential cable modem, and the list address is going to be on my ISP's pop3 server.  Can the "list" user have its own /home/list/maildir?
<sten_> (so that fetchmail has somewhere to deliver to...or do I need to worry about this at all?)
<specialKevin> sten_: that I am not sure, that would require a little bit of research
<sten_> specialKevin: ahh.  Maybe this project will take more time than I have tonight...
<specialKevin> my philosphy is I would rather spend more time setting up then maintaining
<sten_> that's a good good philosophy.  I guess, if nothing else, it's work-experience. ;-)
<sten_> (in my case...  I would say that if one has a formal responsibility to maintain something, than it's more than just a good philosophy.  It's wisdom and saving yourself from future headaches and stress)
<sten_> well, I should probably put this off until tomorrow, and get some sleep.
<sten_> specialKevin: thanks for the info!
<specialKevin> sten_: np
<specialKevin> sten_: glad to help
 * rgl waves
<_ruben> crap .. my ubuntu bulkmail server seems to hang (ssh session doesnt respond, nor does snmp) when sending tons of mail to it .. which is strange since when the machine was still under my desk i could stress test it without probs
<_ruben> i *think* the disks are being trashed by the load :/
<_ruben> Activating remote console now.
<_ruben> Remote console is now active and ready for user input.
<_ruben> Remote platform does not accept keyboard input in the current state.
<_ruben> bah
<mathiaz> kees: bug 232391
<uvirtbot> Launchpad bug 232391 in openssh "DSA keys are not immediately rejected by ssh in workstation" [Undecided,New] https://launchpad.net/bugs/232391
<mathiaz> kees: plan to check ssh-vulnkey in ssh ?
<_ruben> hmm .. might need to enable a tty on com2 in order for console redirection to work
<sten_>  /quit sleep takes what is conscious, but gives back more on the 'morrow
<sten_> err
<sten_>  /quit sleep takes what is conscious, but gives back more on the morrow
<danshearer> 'morning all
<soren> Yes, it is.
<_ruben> grr .. stupid serial console
<_ruben> anyone played with serial consoles (on dell machines) ? grub shows up fine, but after that im getting garbage .. and afaik im not using framebuffers or anything
<danshearer> hello uds server track - I'm in three other tracks this morning, I'm not in fact asleep. I'll be back for Identity Management after the break
<sommer> cool
<ScottK-uds> danshearer: Nice bot so you can sleep in.
<danshearer> ScottK-uds: Absolutely. While he's asleep I'm also testing the installer.
<kraut> moin
<Alblasco1702> \sh: i had read this week that you have mod perl installed with the tarbal.
<Alblasco1702> \sh: i had trying to do that bud i had no succes.
<\sh> Alblasco1702, hmm??? I don't use mod_perl ... what you've read was about "cpan module installation, and cpan not working"
<Alblasco1702> \sh: don work for me ether
<Alblasco1702> *cpan don't
<\sh> Alblasco1702, that's why I said: use the modules tarball, install all pre-requisites for this module (build tools, needed build deps for this module etc.) and try to compile it.. or file a "[Needs packaging]" wishlist bug for this module..and I'll deal with it
<Alblasco1702> \sh:  bud mod_perl is one module of cpan richt?
<\sh> Alblasco1702, nope
<\sh> mod-perl is an apache module
<Alblasco1702> oh sorry
<\sh> and that's working out of the box with apt-get install libapache2-mod-perl2
<Alblasco1702> \sh: thnx for your help and advice.
<\sh> Alblasco1702, you're welcome
<Alblasco1702> \sh: do you now how to install apache asp?
<\sh> Alblasco1702, apt-get install libapache-asp-perl
<\sh> I think you meant this asp? :)
<Alblasco1702> yes i mean that
<Alblasco1702> thnx
<Alblasco1702>  Kon pakket libapache(2)-asp-perl niet vinden
<\sh> Alblasco1702, it's in universe...you need to enable the universe repository
<\sh> and it's only "libapache-asp-perl"
<Alblasco1702> how must i do that via the command line
<Alblasco1702> ?
<\sh> Alblasco1702, if you can access the internet directly...just make sure you have something like this in your /etc/apt/sources.list
<\sh> http://paste.ubuntu.com/13643/
<\sh> Alblasco1702, check the url...and this content you need inside your /etc/apt/sources.list
<\sh> replace archive.ubuntu.com hostname with your local mirror
<\sh> after that you do "apt-get update"
<\sh> but all this is somewhere documented on help.ubuntu.com e.g. here: https://help.ubuntu.com/8.04/add-applications/C/index.html
<LeChacal> i have quandary i would like peoples input on (i wont be here all day but just leave input and ill read it later). I have/setting up a mail/web sever that was on two different machines before, so i own two public ips one for each server. But since i have started rebuilding with both on the same box it kind of looks i could get away with and maybe have less confusion at times if i just use one public ip. What do you all think is b
<ScottK-uds> LeChacal: Personally, I try to avoid running mail servers on boxes that are also web servers.
<ScottK-uds> You might do it with two VMs on the one physical box.
<Alblasco1702> \sh: heb libapache-asp-perl geinstalleerd maar asp werkt nog niet moet ik nog iets configureeren?
<Alblasco1702> \sh: *sorry i have libapache-asp-perl installed have i some configurations to make?
<\sh> Alblasco1702, sorry...but I don't use those tools...so I can't give you any good advise
<cjsstables> Morning all.  Is this the proper room to ask questions about setting up an Ubuntu LTSP server and client?  If it isn't can someone direct me to the proper channel?
<anabolix> ok noob question: what can i do with a server that i cant do with the desktop version of ubuntu?
<\sh> anabolix, on a server you don't need any -desktop stuff...and ubuntu-server only means: a well choosen kernel for real server hardware..which differs from desktop machines...and you don't have any -desktop blow up
<phil^> anabolix: http://www.ubuntu.com/products/whatisubuntu/serveredition/features
<\sh> regarding server....did anybody try to run adobe flashmediaserver on ubuntu these days?
<anabolix> but could i fiddle around with the ubuntu server on a desktop computer with no problems?
<\sh> anabolix, yes..if you do know how to administer a linux system from the cli...
<cjsstables> can anyone helpme set up Ubuntu 8.04 ltsp server
<anabolix> well im learning how to use linux... im prgressing through bash and picking up things here and there about the file system... but im just asking what are the simplest things accomplished with a server cli?
<phil^> like it says in the topic: "Don't ask to ask, just ask." :)
<zul> mathiaz: for the samba bugs if it works with smbclient but it doesnt work with nautilus then forward the bug to nautilus right?
<cjsstables> does anyone know the chat channel for Ubutu ltsp server
<adam_> All of a sudden I can't scp to/from my server. It says: "/usr/bin/scp: No such file or directory" (on the server). Same goes for /usr/bin/ssh and /usr/bin/sshd, though permissions are correct. Can't even do it as root.
<adam_> In dmesg, I see "[1722872.168983] ssh-scan[31460]: segfault at 0 rip 8048e33 rsp ff962a80 error 4
<adam_> lots
<adam_> chkrootkit finds nothing. Any ideas?
<mindframe-> try rkhunter?
<mindframe-> hehe
<adam_> No luck
<cyris|> morning everyone
<adam_> Okay, the rootkit scanners found nothing, but there is a directory called "/etc/rpm" which has executables in it ("scp", "sftp", "ssh", "sshd") which are timestamped to 2008-04-06, yet the directory itself has a timestamp of 2008-05-18
<ScottK-uds> Have you ever used any RPM based install tools?
<adam_> Google finds nothing.
<adam_> ScottK-uds: Certainly not this Sunday.
<ScottK-uds> I'd tend to be quite suspicious then.
<ScottK-uds> adam_: Do you have physical access to the server?
<adam_> ScottK-uds: No, but I do have someone on the inside....
<ScottK-uds> adam_: At this point I'd suggest booting it to a live CD and running your tools from the live CD.
<adam_> ScottK-uds: Gotcha. Thanks....
<ScottK-uds> If you are running a compromised system (I don't know if you are) I'd not be inclined to believe any good news from that system.
<adam_> !
<adam_> EEP, another machine has /etc/rpm/ssh also
<ivoks> problems :)
<ivoks> check /var/log/dpkg.log
<ivoks> maybe someone installed rpm tools
<adam_> Nope
<adam_> And I cannot move /usr/bin/ssh away
<ivoks> does anyone else has an access to those machines?
<adam_> Yes, but they are in use and it would be *hell* to reboot them.
<ivoks> let me rephrase it
<adam_> (This, despite /bin/mv and /bin/rm acting rootkit-ed)
<ivoks> does anybody else has root access to those machines
<adam_> yup, one other. He's talking with me.
<ivoks> what's the md5sum of /bin/mv?
<Deeps> ...and can you be sure your md5sum binary hasn't been compromised?
<adam_> Deeps: Hehe, I'm paranoid now :)
<ivoks> you can't, but let's check...
<adam_> On the compromised server: 82eb04fee93c4c08407592891f22341d
<ivoks> that's i386? hardy?
<adam_> yup
<adam_> On *my* desktop, it's 33830461a75c9cf32f4631b6d6cbbd16
<ivoks> that's not md5 of hardy's /bin/mv
<ivoks> that one's right
<Deeps> heh, shutdown time then
<adam_> There's another server which also has an /etc/rpm/ssh, but it's got the proper md5sum
<ivoks> you've been owned
<ivoks> you use ssh keys?
<adam_> yes, but passwords are also enabled
<ivoks> ssh keys with passwords?
<ivoks> or ssh and passwords
<adam_> publickey,keyboard-interactive
<ivoks> ps ax | grep ssh
<ivoks> ps is probably compromised, but, well...
<ivoks> anyway, your only option is to reinstall
<ivoks> but you'll have to find a backdoor, otherwise, attacker could get in again
<adam_> yup
<adam_> Whee, fun
<cyris|> http://www.ubuntu.com/usn/usn-613-1
<cyris|> apparently you have to reboot after installing this update *sigh*
<specialKevin> cyris|: yea I read that, it sucks I didn't have to reboot all my machines today
<cyris|> specialKevin, oh well, I was able to reboot 2 of our servers this morning, have to wait till noon for our samba DC
<ivoks> is that a ssl thing?
<specialKevin> cyris|: yea I am able to hit some of our machines now, luckily most of the students are gone so there isn't much load on our servers
<cyris|> specialKevin, yeah :/
<daffy> hi all
<daffy> can you help me for routing isp ?
<lamont> ScottK: any thoughts on #482173
<lamont> ?
<soren> bug 482173
 * soren kicks uvirtbot
<phil^> hm - "No results for search 482173".
 * phil^ comforts uvirtbot
<mm_202> ugh, I know this is off-topic, but how the hell do you negate a group in regex?
<soren> No need to fucking swear.
 * mm_202 meekly mutters 'sorry'
<soren> What exactly do you mean by negating a group?
<mm_202> soren: (\(paused\))([\s\w:\(]*(Disposition))  I need the second group, to NOT be found. "(\(paused\))([\s\w:\(]*(Disposition)){0}"  should work, but doesnt.
<soren> Why should that work?
<mm_202> well, because {n} specifies now many times it should be matched.  I want it matched zero times.
<soren> And it does.
<soren> "" matches "(stuff){0}"
<soren> Why wouldn't it?
<soren> Er..
<soren> "stuff" matches "(stuff){0}"
<mm_202> ah.  Hrm, damn lack of sleep.
<soren> For instance, you'll notice that between 'u' and 'f', it doesn't say "stuff". Hence, it matches.
<mm_202> okay, well how would I get it to make "cat" in "cat and mouse", but not in
<mm_202> in* "cat and dog" ?
<mm_202> basically, I just need a way to say that if a certain word is found, to fail the regex.
<soren> ...
<soren> Er..
<mm_202> Yeah, tell me about it.
<soren> Seriously?
<soren> grep cat | grep -v dog
<mm_202> LOL
<mm_202> well this is for mysql / php :)
<soren> Then you are *soooo* in the wrong channel.
<mm_202> awww, come on....
<mm_202> Its running on a ubuntu server :D
<soren> if (preg_match("/cat and/", $str) and !preg_match("/dog/", $str))
<soren> or whatever.
<soren> It's been a while since I did php.
<mm_202> Know I know that Im being an asshole, but the regex is in a db field, so I have to do it all in one regex 'call'
<soren> If you want php expertise, ask in a php channel. I don't mean to be (very) rude, but surely you're likely to get better responses there.
<mm_202> Now* I know
<SuperLag> soren: haha
<SuperLag> soren: you're funny
<SuperLag> 09:26 < soren> No need to fucking swear.
<soren> I'm actually very boring.
<SuperLag> that part was funny
<soren> It's well-documented.
<mm_202> soren: k, just thought that you guys would know, or that I would get a faster reply.
<soren> Than in a php channel? Why, oh why?
<soren> And we probably do know.
<soren> It's just not very easy when we have to go through (so far) 3 iterations, before you actually tell us your problem.
<mm_202> Because its not for php.  Its for mysql. But whats its for doesnt even, since I need to do it in on regex string.
<mm_202> Anyways, fuck it.
<soren> 1. Figure out what you mean by negating a group, 2. figure out that it's php, 3. figure out that it's not actually php,but mysql.
<soren> Great, another satisfied customer.
<cyris|> http://www.ubuntu.com/usn/usn-612-8
<cyris|> a couple updates this morning already, busy day
 * delcoyote hi
<psufan> yo
<psufan> is there some guide somewhere on all the scripting you can do to the install
<psufan> like this one
<psufan> url --url=
<psufan> works great for the pxeboot network install first part since the blades are headless
<psufan> problem is when it's done installing it sets that to the default location for apt in all the lines
<psufan> so if you don't still have the local pxe server running you are dead in the water
<psufan> espically if you can't handle vi like me and no way to apt-get install nano
<psufan> :p
<psufan> also is there a way to make it auto append a line to the boot options after the install
<psufan> dead day
<adamh> My server (which was rooted this weekend) is listening on port 58009 TCP for connections. When I telnet to it, I connect but after typing anything other than a newline, it closes the connection. netstat does not show what process is listening on that port. How can I find out?
<psufan> mabye it's got a rootkit on it
<psufan> might need to boot the machine from a clean os livecd and do a scan
<adamh> It's possible. I'm trying to avoid taking the server down if possible. The sk who logged in managed to forget to clean the logs (even after downloading a log-cleaning program), so my expectations aren't high.
<psufan> I dunno what else
<adamh> Could it be nfs?
<adamh> Port 2049 shows the same behaviour.
<InsomniaCity> adamh: your expectations may not be high, but the box has still been compromised.... you should take it down and wipre it
<InsomniaCity> *wipe
<adamh> I'm on contract for 1 afternoon of disaster recovery. I have 2 hours left. I can give my suggestions, but I can't wipe it.
<adamh> Gotta do the best I can with the time I have.
<InsomniaCity> fair enough
<InsomniaCity> a livecd reboot would seem to the best option then
<nealmcb> adamh: sudo netstat -tlp doesn't tell you the process?
<adamh> nealmcb: Correct.
<adamh> It doesn't show the process for nfs, either, though.
<nealmcb> adamh: hmm - without sudo I get just "-", but with sudo I get the right processes for all of them
 * adamh shrugs
<adamh> I've tried sudo lsof, also.
<adamh> The server at port 58009 behaves identically to nfs (port 2049)
 * faulkes- yawns
<anabolix> how do i connect to a remote computer on LAN or via internet? and what is a pub/priv authentication key, or what is it used for? and how do i set those keys up?
<mm_202> Hello boys and girls.
<mm_202> Question: has anyone else had problems with sox?  I keep getting this error (regardless of the wav file): "sox soxio: Failed reading `./sounds/en_US/MelanieTaylor/inithelp.wav': unknown file type `auto'"
<osmosis> im trying to get PDO working as a pecl module, but phpinfo shows,  PDO drivers 	no value
<uvirtbot> New bug: #233853 in samba (main) "[intrepid]: nmbd fails to start" [Undecided,New] https://launchpad.net/bugs/233853
<soren> osmosis: I saw your libvirt munin plugin. I like it.
<soren> osmosis: I've made a few changes, and I'll probably include it in an upcoming virt-goodies package or something.
<sten_> Hi.  I've been using Postfix's sender_canonical to re-write my user-initiated email addresses, but how can I configure mailman to display long.email.blah.blah@myISP.net instead of list@myFQDN.dynalias.net
<sten_> specifically, I want the listinfo page to display the myISP.net address (which I pull from myISP.net's pop3 server and send to list@localhost)
<ScottK-uds> I expect you'd have to do the rewrites before you shoved the message into Mailman
<ScottK-uds> It's been ages since I've done anything with Mailman, so I don't really know though.
<osmosis> soren: cool
<osmosis> soren: i also made an if_all plugin that graphs all the network interfaces on a single graph, works well in conjunction with libvirt.
<sten_> ScottK-uds: ahh.  I know emails originating from me will be re-written before mailman recieves them, and that I can re-write Mailman's From: adresss...it
<sten_> it's just that webpage which bugs me..
<sten_> (and will probably confuse my non-technical group of users...it's just a hack of a list for a university club)
<sten_> (run from a residential line ;-)
<sten_> maybe I should just make a note in the "About list" section...
<specialKevin> sten_: you could just update the actual webpage, but you would have to change it every time you upgrade mailman
<sten_> specialKevin:  Hmm...  Too much of a hassle.  I think I'll just post a warning like "Any emails sent to foojin@bar.dynalias.net WILL DISAPPEAR INTO THE ETHER OF THE INTERNET. FOREVER. NEVER TO BE SEEN OR HEARD FROM AGAIN. YOU HAVE BEEN WARNED. "
<anabolix> would it be unwise to run a server version of 8.04? do i lose any functionality doing so? and considering im running 8.04 desktop edition on my machine... should i expect the same from the server??????
<ScottK-uds> I'm not sure what you mean?  Unwise compared to what?
<sten_> anabolix: 8.04 is the first release since Dapper (what was that 6.04?) to support many tape drives
<ScottK-uds> Dapper was 6.06
<sten_> oh yeah, it was delayed!
<anabolix> sten_: i currently have desktop edition installed on my laptop, im happy with the way things are running... but i recently DLed the server edition and have burned it to a disc... and ive been given the option to upgrade once i put the disc in... so the question is... will i loose anything? or will it just add itself onto my system while preserving current environment?
<sten_> anabolix: I'm not sure.  As far as I know, the difference is mainly the kernel, and a few security things.
<ScottK-uds> anabolix: If you want to upgrade, you don't need a disk.  Just open a console window and run do-release-upgrade.  There's a gui way to do it too, but I don't know it.
<ScottK-uds> Server edition doesn't have a desktop environment, but I suspect if you used a server CD to upgrade a desktop system, it would grab the desktop updates online.
#ubuntu-server 2008-05-22
<jammin> I'm having some trouble with bacula installation on hardy.  Had no problems of this sort on... um... I think it was actually fiesty before this round of upgrades.
<jammin> It seems the bacula-director-mysql package doesn't work.  It doesn't create the db it is supposed to, and doesn't give any error messages to imply there is any trouble.
<jammin> I've been poking around at this thing for way to long... help?
<ScottK-uds> jammin: Look for ivoks when he's on this channel.  He did some significant rework on the package for Hardy to get it to meet security requirements for Main.
<jammin> ScottK-uds: thanks.  I'll come back to try to catch him.
<jammin> That's cool.  I'm just venting I guess.  :)  I'd hunt down further, but this is for work, and there's plenty of other stuff I really should be attending to instead.
<jammin> I don't really know the packaging system well enough to dig into it efficiently.  I could probably do it, but it'd take me forever...
<ScottK-uds> jammin: Just catch ivoks later.  I'm pretty sure he'll either point you in the right direction or start working on a fix.
<jammin> Sounds good.  Except I should be sleeping myself in 8 hours. :)  Maybe I'll still be up...
<ScottK-uds> We have a 9 hour work day here at UDS, so he should still be around when you wake up.
<keithclark> Is there a database out there for linux that is easy to use and as powerful as access?  I've tried to use Base, but it is not supported all that well.
<keithclark> ok, I guess not, back to windows and access for me.  Thanks for listening though!
<hads> heh
<hads> There are excellent database servers which run on Linux. The issue is that Access isn't really a database server.
<hads> It's more of a thing that does database stuff (badly) and also GUI forms etc.
<keithclark> I did not say server
<hads> I did
<keithclark> I would like to have a single user database to run on my server
<ajmitch> no, but you're in the server channel
<keithclark> See above
<hads> keithclark: SQLite is an excellent non-server database :)
<keithclark> hads:  I've tried all the linux stuff, but I need something simpler....with an easy to use interface.
<keithclark> No scripts and such
<hads> keithclark: You'd possible be better off asking in a desktop channel then. This is the server channel, most people running servers don't have a GUI interface and instead rely on scripts and such.
<keithclark> Ah, but I need it to run on my server and be available via ssh
<hads> So, something like Access that runs via ssh from your server?
<ajmitch> those few of us that are alive here probably aren't like to know of basic GUI database frontends
<keithclark> Yeah, too much?
<hads> I don't know about too much, I just don't get it.
 * hads goes back to work
<keithclark> ?
<keithclark> Thanks for making fun of someone new....have a good night.
<hads> keithclark: I wasn't making fun of you. I don't get what you're tring to do. Like I said, probably better to ask elsewhere, GUI apps typically aren't server related.
<keithclark> No worries, thanks for trying.
<Kalamansi> hello how to know if i installed the openssh?
<Kalamansi> during the installation, i press spacebar.
* You're now known as ubuntulog
<fromport> dpkg -l ssh\*
<fromport>  dpkg -l openssh\*
<sunny> is ubuntu server compatible with rhel?
<sunny> anyone home?
<dthacker> sunny: compatible in what way?
<sunny> i am not sure either, i get an advise from other saying that centos is preferred over ubuntu when compatible with rehl is considered
<sunny> i am trying to setup a server with other rehl server existing.
<dthacker> ubuntu uses a different package management system than rhel.  CentOS uses the same packaging system.
<sunny> so will i be able to link them together?
<dthacker> So in that way, CentOS is more compatible.
<dthacker> afk 10 mins.  storm coming in must close windows
<sunny> what is the difference anyway?
<uvirtbot> New bug: #233983 in samba (main) "Wrong source code in repository" [Undecided,New] https://launchpad.net/bugs/233983
<zatic> anyone here know good root (ubuntu) server hosting in the US?
<spiekey> Hi
<spiekey> why do i need #rootbinddn cn=nssldap,ou=DSA,dc=hardy,dc=net
<spiekey> ?
<spiekey> whats it good for? I commented it out any everything still seems to work
<Alblasco1702> hallo is somebody here they now samething about postfix?
<_ruben> i started using postfix only recently (currently in the process of stresstesting a bulk mailer based on postfix), so i gathered some knowledge, but not much, yet :)
<Alblasco1702> i want to use another drive dan de home dir bud i don't now how i had to configure that.
<_ruben> use for what? storing the emails?
<Alblasco1702> yes
<_ruben> with a defailt install the mail's stored in /var/spool/mail/username i thought
<_ruben> procmail is used as delivery agent by default, with /etc/procmailrc you can configure where your email ends up
<Alblasco1702> ok i have a special partition for my email that i wil use.
<Alblasco1702> _ruben: thnx for your help for so far
<_ruben> Alblasco1702: i'd mount that under /var/mail/ (/var/spool/mail is symlink to that dir) and have postfix/procmail deliver it to /var/mail/username
<RockHound> Alblasco1702: do a man 5 postconf and search for directory ... you can figure almost any paths that postfix uses
<cyris|> morning everyone
<RockHound> afternoon
<RockHound> ;-0
<cyris|> RockHound, i guess it depends where your situated :D
<RockHound> hehe
<vhristev> hi ...
<vhristev> can anybody help me with NGINX or HAPROXY
<cyris|> man i'm love the ubuntu server guide, if i need to reference anything, bam its there
<jjesse> cyris|: great to hear... sommer_ did a lot of work on it for this release
<jjesse> cyris| any changes that need to be made please submit them as bugs against ubuntu-docs
<jjesse> and that way we can take care of them next
<cyris|> jjesse, i dont think i've spoken to sommer_ before :/
<cyris|> jjesse, forsure
 * delcoyote hi
<LeChacal> hey i just did 'ls -la' in the direct that has my maildir in it and i got a strange file permission of drwx--S--- and drwxrwsr-x what does the s and S mean?
<LeChacal> never mind i found on google
<Eddy> Anyone know of a TUI for adding users?
<blue-frog> eddy what are you looking for?
<bordy> Afternoon folks... anyone have any experience with Dell's CERC raid controller?
<bordy> Our IT guy is having a heck of a time with it, giving him more of an excuse to bash Linux :-X
<jammin> Dang, looks like I missed ivoks.  Had some major stuff needing immediate correction this morning (RFP related), and couldn't get on earlier.  Bummer.  :(
<LeChacal> i my web/mail server has two NICs a different public IP  for each i am trying to setup the mail server part using
<LeChacal> i my web/mail server has two NICs a different public IP  for each i am trying to setup the mail server part using (postfix and Courier IMAP) but i get blocked when send emails to comcast because the server is sending the mail through the web IP so the DNS isnt for mail and comcast blocks email from it. So how can i make the mail serves go through one and web go through the other?
<figaro> Hi, how can install vmware tools on ubuntu server 8.04 without a GUI....all the guides references to the desktop
<spiekey> Hi
<spiekey> soren: you there? :)
<leonel> figaro:  you can  use  qemu with  vnc
<emgent> heya
<spiekey> whats the easiest way to add a splash boot screen?
<CarlFK> Where can I find the files needed to do a net install of u-server?  for instance, u-desktop's are http://archive.ubuntu.com/ubuntu/dists/hardy/main/installer-i386/current/images/netboot/
<CarlFK> I think they might be on the u-server CD, but my goal is to not have to dl the cd
<phynix> anyone willing so answer some questions about using ubuntu as an internet gateway
<Deeps> dont ask to ask, just ask
<phynix> ya sorry i just saw that
<phynix> ok i have a computer that has two nics
<phynix> one to the outside world
<phynix> and the other connected to the router
<phynix> i can connect just fine to the outside but computers cannot connect to the internet
<Deeps> cat /proc/sys/net/ipv4/ip_forward
<Deeps> and urr, 'router'?
<gladk> hi all!
<phynix> it is wireless router/switch
<phynix> my ultimate goal is to is add dhcp to its lists of jobs
<Deeps> might i recommend simplifying things initially, and juts having a single computer connected directly to your internal nic
<Deeps> and getting that second computer able to access the internet first
<Deeps> before you start playing with complicating it
<gladk> Can anybody help me with the next problem: "aptitude" shows that linux-image-2.6.22-14-server is partly installed, so when I try to add some packages, it adds and after that is trying to complete installation linux-image but with no success. Does anybody khow what the problem can be? Thank you
<phynix> good idea
<phynix> well i think my problem is somewhere with the second interface
<phynix> i tried editing the second interface eth0 in /etc/network/interfaces but i don't know what to put there
<Deeps> look for a guide to create a router with ubuntu
<Deeps> there are lots detailing all the steps you need to take
<phynix> ya been doing it
<Deeps> the basic key needs are
<Deeps> /proc/sys/net/ipv4/ip_forward should be 1
<Deeps> and iptables -I POSTROUTING -o <extenral interface, eg. eth0> -j MASQUERADE
<phynix> wow ok thanks for the direction
<Deeps> and avoid webmin
<phynix> just curious
<phynix> why
<stefg> ebox is quite nice
<Deeps> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<stefg> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<phynix> ok duly noted
<Deeps> you're better off doing it all from the CLI if you're capable
<phynix> ya I would rather do it that way so I know how it works
<phynix> i just didn't know where to start
<Deeps> that's what guides are for ;)
<phynix> the keyword in the search was router
<phynix> before that wasn't finding anything
<phynix> thanks for the help
<timelost> anybody use fail2ban? does this logfile look normal (notice the number of ssh bans) http://rafb.net/p/0ySG3o92.html
<Wicky656> what is popularity-contest
<InsomniaCity> Have you tried googling it?
<Wicky656> yeah and apt doesn't want you to remove it
<Wicky656> seems very MSish
#ubuntu-server 2008-05-23
<jammin> ScottK-uds:  I missed ivoks. (Had issues with an RFP that needed immediate attention, so got on late.)  Are ya'll gonna be in that time zone for a while?
<ScottK-uds> UDS is all day tomorrow.  His home time zone is one hour different than this one.
<ScottK-uds> jammin: Did you install the mysql packages?  They aren't required since the database may be remote.
<uvirtbot`> New bug: #234171 in mysql-dfsg-5.0 (main) "mysql server 5.0.22 CREATE statements not replicable" [Undecided,New] https://launchpad.net/bugs/234171
<ScottK-uds> When I discussed it with him today, he ran the script and created a database successfully on his laptop as a test.
<jammin> Yep.  Mysql is up, running and available, and not serving any other purpose beyond becoming the catalog for bacula.
<jammin> Checking the databases (and user table) before and after the config shows nothing happened.
<ScottK-uds> OK.  Well I know it works in at least some cases because he did it.
<ScottK-uds> I'd try to catch up with him then.
<jammin> I don't get any errors (or anything in logs I've found so far) to indicate why.
<ScottK-uds> I don't know much about it, so I don't have any further suggestion.s
<ScottK-uds> .s/s.
<jammin> I figure it must work for most, since searches aren't turning up many people sqawking about it.  But uninstalling everything related (with a purge) including mysql and starting over from scratch gives the same result.  Pretty weird.  Yeah, I probably need to catch him.  Would email be appropriate, or just check in here when I can?
<ScottK-uds> I'd suggest either catch him here or file a bug.
<ScottK-uds> I did discuss it with him, so he's familiar with the problem and knows your IRC nick.
<jammin> Cool beans.  I'll try to catch here.  Maybe type up all I can think of beforehand for reference, and/or for filing as a bug if it turns out it is. Thanks a bunch.
<jammin> Hey ScottK-uds, you'll never guess what just happened.
<ScottK-uds> It works?
<ScottK-uds> jammin: ^^^
<jammin> Heh... yep.  I blew it all away for the third time, in order to document it nicely as I went along.  Of course that meant it would work.   :)
<ScottK-uds> All's well that ends well.  Any idea what was different?
<jammin> I've been writing up both experiences from memory now, and the only thing I can think of is...
<jammin> This last time when I apt-get purged it all, I double checked to see that it did exactly that.
<jammin> In starting over, wanted to be sure it was truly starting over.  The /etc/bacula directory was still there, with everything in it.
<ScottK-uds> Interesting.  Did you have bacula installed before you upgraded to Hardy?
<jammin> I do know that on a previous try I'd emptied that by hand, excepting some examples I stuffed in a subdir.
<jammin> Yes... I upgraded (in two dist-upgrade steps) from 6.10 to hardy, and bacula had been working before then.
<jammin> I wasn't too suprised when it no longer did.  That's why I stashed my old configs for reference and tried to blow it away and start over.
<ScottK-uds> OK.  That's worth knowing.  If you removed stuff from /etc by hand, that can get things confused.
<daveosx> HI All
<jammin> That was after apt-get purging it, though.  (I think.  It was at least a remove.)
<daveosx> Got a strange network pulsation any Ideas ?
<ScottK-uds> If you apt-get remove, remove conffiles by hand and then reinstall, it can get confused.
<daveosx> Intel MB dual wan two different servers two different locations
<jammin> Yeah, that's why I usually use a purge.
<jammin> I wonder if I just slipped somewhere.
<ScottK-uds> OK.  I'll mention to him that it might be an upgrade issue then.
<jammin> When I did the reinstall, everything was fine, except it failed to create /etc/bacula/bacula-dir.conf.   The other conf files were there.
<jammin> Because that file was missing, the bacula-director-mysql threw an error message about it.
<jammin> I put a fresh file in that place (from /usr/share/bacula-common/defconfig), and after that doing a dpgk-reconfigure on bacula-director-mysql was successful... but never actually touched the database.
<jammin> I was pretty positive I started over completely (with purges) to try it again, but with the same result.  I must not have, since on this third try I somehow got it right.  :)
<ScottK-uds> Odd.
<jammin> Thanks for listening, anyway.  Sometimes just bouncing it all off of someone elses head clears up the cruft in ones own, I guess...
<daveosx> Any help on network issues?
<jammin> shoot
<ScottK-uds> Sure.
<ScottK-uds> Good night.  I need to get to bed.
<jammin> dang, I gotta run... thanks yall
<daveosx> Got a pulsation on my network full to 0 once a second
<mralphabet> daveosx: how in the world are you measureing that
<daveosx> system monitor
<daveosx> mralphabet what about flow control settings?
<uvirtbot`> New bug: #234196 in openldap2.3 (main) "dnPrettyNormal: Assertion `pretty != ((void *)0)' failed." [Undecided,New] https://launchpad.net/bugs/234196
<flyback> yo
<flyback> is there any guide to all the install options you can script
<cyris|> hows everyones evening?
<cyris|> whoa what a day :/
<cyris|> I'm trying to install ebox using the ubuntu server guide, but I keep getting the following errors, any ideas anyone? http://rafb.net/p/sE5RJr45.html
 * flyback is having such a bad anxienty attack about events from many yrs ago he is not sure he's going to live to see tomarrow
<cyris|> sounds pretty ruff flyback
<cyris|> nm about my ebox problem, i think i got her fixed
<cyris|> UGH maybe not
<keithclark> Ok, I've tried my best to find a replacement for Access and I cannot.  I choose not to crawl back to Windows so I guess I have no choice but to learn the command line driven mySQL.  Anyone know of a great beginners tutorial out there?  Something that really explains the whole thing really well and easy?
<uvirtbot`> New bug: #231898 in evolution-exchange "evolution-exchange-storage SIGABRT (dup-of: 215904)" [Unknown,Confirmed] https://launchpad.net/bugs/231898
<_ruben> hmm .. my need to tweak my /var/log filesystem .. syslog stopped logging to some files which reached 2G
<_ruben> s/my/may
<kraut> moin
<kaii> _ruben: you may just want to rotate earlier
<zul> mathiaz: #234171 mysql sru?
<mathiaz> zul: may be - the diff should be looked at first
<zul> mathiaz:  yep
<oly-> does anyone know a location i can get hardy server netboot files other than the cd ?
<oly-> i can get the desktop ones from http://archive.ubuntu.com/ubuntu/dists/hardy/main/installer-i386/current/images/ for example
<oly-> or do i just pass a parameter to the standard desktop installer to do a server install
<hads> I don't know but I'm interested. How about the jeos image?
<hads> (which is at http://cdimage.ubuntu.com/jeos/releases/8.04/release/ if you're interested)
<oly-> well thats for an iso not for the netboot files
<oly-> i would be intrested in knowing where i can get netboot files on the web for jeos as well
<oly-> aha looks like you just use the standard netboot image with extra parameters  when launching it
<Kanashimi> Hi there. I just upgraded a Ubuntu server edition system to 8.04. In the same it decided to remove tmda from the system, which is a required package for the system in question. Is there any way to install tmda in hardy at the moment through apt-get? Or do I need to build the sourcecode myself outside the package system?
<Kamping_Kaiser> can you give more info?
<Kanashimi> I ran 'do-release-upgrade' on the system, which was I think 7.04 originally. At the end of the process it decided to list tmda and python-tmda as packages to remove.
<ivoks> so, you are at 7.10 now?
<Kanashimi> Tried to reinstall by 'apt-get install tmda' but getting 'Package tmda is not available, but is referred to by another package.'
<ivoks> there are no tmda related packages in 8.04
<Kamping_Kaiser> what is tmda? (sorry my ignorance)
<soren> tagged message delivery something, probably.
<Kanashimi> Tagged Message Delivery Agent, an anti-spam solution for whitelisting/autowhitelisting/blacklisting.
<Kanashimi> Challenge system, etc.
<\sh> looks like it's removed from the archives
<Kamping_Kaiser> nod
<Kanashimi> Hmm, rather inconvenient for the package to suddenly disappear like that without anything to replace it. Seems like I'll have to set it up from source then?
<ivoks> http://www.mail-archive.com/tmda-workers@tmda.net/msg03100.html
<Kanashimi> Ah.. I see, hm. Yeah, I guess I'll have to do the source install. Thanks for the info.
<Kamping_Kaiser> MIA maintainers are a bit of a problem :/
<Kanashimi> Mm, indeed.
<Kanashimi> Was a bit nasty surprise as such.
<Kamping_Kaiser> i have the same problem with bugzilla3
<Kanashimi> Hm, oh? Package obsoleted due to maintainer missing?
<ivoks> due maintainer missing and nobody wanted to maintain it
<ivoks> so, if there's no intrest in public, why maintain it?
<Kamping_Kaiser> Kanashimi, in bugzillas case, no one is packaging it (the bugzilla2 maintainer abandoned the package)
<Kanashimi> Heh, well, I do find tmda at least quite useful myself. First I heard about the whole thing now, having been happily using it before this upgrade.
<Kanashimi> Kamping_Kaiser: Ah, I see :/ I guess there's the sourcecode solution if nothing else at least.
<Kamping_Kaiser> Kanashimi, yeah, which is what i'm going to be deploying. (i have zip packaging skills unfortunately)
<Kamping_Kaiser> more annoyingly, it looks like the debianisation of bugzilla3 started, and after a weekish was abandoned (12 months ago)
<Kanashimi> There we go, back in action with the filter again. Challenges and passthroughs working.
<Kamping_Kaiser> \o/
<Kanashimi> :)
<Kamping_Kaiser> :)
<Kanashimi> Ah *nods*. Well wish you good luck with getting it running. Is of course a lot more inconvenient to have to manage packages manually. One of the big reasons why I set up the system with Ubuntu in the first place -- the earlier system was built from scratch, with all manual updating. Interesting project and was very customized, worked well. But just came to be too much
<Kanashimi> work.
<Kamping_Kaiser> yeah, source packages are a pita
<soren> wuh?
<Kanashimi> Hm?
<soren> Source packages are a pita?
<ivoks> yeah... pita, in croatian, means - a pie
<ivoks> :D
<Kamping_Kaiser> ivoks, rofl
<Kamping_Kaiser> soren, er, 'packages' wasnt meant to be there
<soren> Ah.
<soren> Well, source is sexy, too.
<Kamping_Kaiser> wonder if it would be worth making recompiled packages for calendarserver (from sid) available for people, or just let them use a tarball. its not like they need a backport, just a recompile
<vhristev> hi
<vhristev> can someone help me with Load balancing
<Kanashimi> What kind of load balancing are you referring to?
<Kanashimi> I'm not terribly familiar with the subject but maybe I can give some pointers in the right direction.
<vhristev> Kanashimi
<vhristev> For now i use 1 box with HAPROXY + apache web servers
<vhristev> but I want to switch to nginx web servers
<vhristev> and Im not sure if nginx can use Haproxy cookie
<Kanashimi> Ah, not familiar with haproxy/nginx unfortunately.
<vhristev> what you use
<vhristev> I think in future to switch everything to be with NGINX
<vhristev> now I search for solution with Nginx
<vhristev> Nginx reverse proxy (some kind upstream )
<Kanashimi> Well, theres round robin DNS setups and such with multiple systems.
<vhristev> yeaa but its not good idea
<vhristev> its too slow to up and down servers
<vhristev> i have 6 box with for 1-n site
<vhristev> 1 haproxy + web
<vhristev> + 3 webs
<vhristev> + 1 Mysql
<vhristev> + 1 memcache + flash server
<vhristev> servers are different
<vhristev> one with Xeon other Quad Xeon more memoryh
<vhristev> memory
<vhristev> In haproxy I have optin WEIGHT 1~250
<vhristev> I can make more connections to go on Quad Xeon server
<vhristev> 9;
<uvirtbot`> New bug: #234268 in mysql-dfsg-5.0 (main) "mysql online help out of date: help min does not work" [Undecided,New] https://launchpad.net/bugs/234268
<Kanashimi> Hm, well unfortunately not very familiar with the subject myself. Wish you good luck though.
<Kanashimi> Take care all.
<faulkes-> INBOX: Downloading message header 65229 of 2023552
 * faulkes- sighs
<Kamping_Kaiser> faulkes-, you should use your inbox for ssl entropy :)
<faulkes-> were this my inbox rm -rf would suffice
<Kamping_Kaiser> hahaha
<faulkes-> unfortunately this is a customers
<Kamping_Kaiser> are you doing a sitei visit, or reading their email for some other reason?
<faulkes-> we process there mail for them
<faulkes-> well, I don't, my staff and our application does
<Kamping_Kaiser> nod
<faulkes-> they unfortunately never automated removal of old messages from the inbox
<_ruben> kaii: rotating more often is smth i thought of, then again, rotating more than once a day doesnt appeal much to me
<faulkes-> hrmm, think I just killed thunderbird telling it to drop 50k messages
 * faulkes- waits for it to come back
 * Kamping_Kaiser has had problems with t.bird expireing mail after a week.
<faulkes-> well, I only use it when I have to manually go in for stuff
<faulkes-> heh, it's making the fan on the laptop turn on
<uvirtbot`> New bug: #227464 in php5 (main) "PHP 5.2.6 fixes important security bugs" [Unknown,Fix released] https://launchpad.net/bugs/227464
<psufan> got a problem
<psufan> my pxe boot server auto scripts ubuntu 6.06lts and gives it -url 10.10.10.whatever which works great for the installer cycle but once you are at a command prompt then it's hosed if you still don't have that pxe server vm up
<psufan> how can I tell it NOT to change the installed apt-get sources.list file when done installin
<psufan> it's also a mega pain because I can't handle vi :P
<Deeps> learn vi, use 'easier' editors like nano/pico
<gegema> My ubuntu 8.04 server install's current time is 5 minutes later that what it should be. Shold I force in a new time entry or is there a way to synch it with a time server?
<Deeps> see the ubuntu server guide for information about ntp
<gegema> Deeps: Will Do . Thanks
<psufan> deeps
<psufan> I can't use nano if I can't apt-get anything
<psufan> see my problem? :P
<ivoks> no
<psufan> I can't apt-get to install nano
<psufan> and I need nano to fix apt-get
<ivoks> nano is installed by default
<ivoks> as vim-tiny
<psufan> well then my installer is canucking something up then
<psufan> nope nano not installed
<psufan> mabye that's the problem I need to adjust the installer script to make sure it does install nano
<psufan> or something
<psufan> can someone look at this install script and tell me if it
<psufan> is doing minimal install or something
<psufan> http://pastebin.com/m2c06340c
<ivoks> it installs almost nothing
<psufan> ah
<psufan> so what should I change it to
<ivoks> what do you want to install?
<ivoks> ubuntu server, ubuntu desktop?
<psufan> I don't know how to script it I was relying on the uba14 vm pxe server
<psufan> server
<psufan> it's on headless blades
<ivoks> put ubuntu-minimal and ubuntu-standard for packages
<psufan> any way to make it avoid changing the sources.list to what the installer used
<ivoks> you can setup your own sources.list
<psufan> so put those 2 lines right under the packages line?
<ivoks> but i mostly user preseeding, not kickstart
<psufan> well default is fine I just don't know how to tell it that
<psufan> ugh
<psufan> i'm blind
<ivoks> psufan: remove all the packages you added and put just those two
<psufan> had to take a full dosage of a digestive system pill and it makes my vision blurry for a while
<psufan> I didn't put those the pxe appliance did :P
<psufan> but gotcha
<ivoks> pxe appliance?
<psufan> uba14
<ivoks> uba14?
<ivoks> ??
<psufan> it has os templates for several windows and linux versions
<psufan> it extratcs tje kernel sets up pxe boot, scripts the install and waits for a machine to pxe net boot
<ivoks> you know there's a GUI for setting up kickstart in ubuntu?
<ivoks> system-config-kickstart
<ivoks> with it you can setup your own kickstart file
<psufan> yeah well this is fine for now I think
<psufan> other than fixing that sources.list file also hmm
<psufan> how do I add a line to that script to auto add a bootoption to grub
<psufan> console=ttyS0,38400 in this case
<psufan> it has a line for the pxe startup but I don't think it's perm
<bordy> hey folks
<psufan> think I found it
<psufan> bootloader --location=mbr --append="hdd=ide-scsi ide=nodma"
<psufan> thx
<psufan> you mentioning kickstart was what I needed to google for
<phil^> someone mentioned the browser based game desktop tower defense in some bug on launchpad..
<gegema> My apache access and error logs are being rotated with a 2 day difference. I touched access.log1 with error.log1, assuming logrotate looks at the date stamp of those files when running... but still, my error.log is being rotated 2 days after my access log >> this becomes a problem when trying to figure something out and one thing is in one file in access log but in 2 different files in error log for the same time period... any ideas how to get these
<phil^> (which lowers my efficiancy at work quite a lot :p )
<Deeps> link
<phil^> http://www.handdrawngames.com/DesktopTD/Maps.asp
<phil^> but don't make me responsible :)
<dthacker> gegema: look in /etc/logrotate.d/apache2 and check the policies
<phil^> sorry, it's /game.asp
<Deeps> yep i'm there
<gegema> dthacker: What is the pastebin used in this chan? so I can post my logrotate.d apache2 policies (which are pretty much what comes with the default install, except for a prerotate script I added for awstats)
<dthacker> hmm, my link has disappeared.
<dthacker> oops, he's gone
<dthacker> he's back!
<dthacker> gegema: use anything, I'm not picky
<gegema> sorry... went to #ubuntu to get the pastebin site and closed the wrong tab :)
<gegema> dthacker: http://paste.ubuntu.com/14095/
<dthacker> gegema: so the goal is "All apache logs should be rotated once per week, unless empty."
<gegema> correct
<gegema> but somehow, access log and error log are being rotated in different days
<dthacker> have you tried running manually with the -f option to force rotate?  That my synchroize the status.
<dthacker> btw that's kept in /var/lib/logrotate/status
<gegema> dthacker: checking ..
<dthacker> oh my spelling has gone to heck....
<gegema> :)
<gegema> In the logrotate status, both acess and error log have the same  date stamp
<gegema> dthacker: so your suggesting I try -force rotating all my logs and see if that syncs up the two apache logs?
<dthacker> I the error log ever empty?
<dthacker> gegema:  yes. Then see if the behavior continues after the force.
<gegema> alrighty  - thanks for the tip dthacker!!
<dthacker> np. :)
<dthacker> gegema: one other possiblity.   Apache may have logrotate directives as well, I think.  Take a look at your config.
<dthacker> maybe not.
<cyris|> http://www.lessaid.net/fun/apt-get-wife.png
<dthacker> I don't see a rotate directive in the apache docs.  Ignore that advice
<dthacker> cyris|: made my day.  :)
<cyris|> dthacker, made my too :D
<gegema> are there any known issues of using screen within PuTTY? I have tried using it a couple of times and when trying to re-attach a screen, PuTTY just freezes... could be key-bindings I guess
<Deeps> the issue almost certainly isn't putty
<alex_joni> any pointers on setting up software RAID5 on a new 8.04 server install?
<gegema> Deeps: what would it be in your opinion then?
<Deeps> gegema: depends on what you mean by 'freezing'
 * alex_joni has 3 x 500G HDDs.. what would be the best way to set things up?
<psufan> anyway to keep the --url line in kickstart from becoming the default sources.list
<psufan> in the installed os
<psufan> bbl
<gegema> dthacker: Still around?
<phil^> gegema: I use putty sometimes in combination with screen. like screen -R asd [...] <ctrl>+<A> - <D> (to detach)
<phil^> never saw anything freeze at that point
<psufan> as part of the automated install process for pxe booted machines and headless uda14 pxe server vm, scripts ubuntu 6.06lts with this line
<psufan> url --url=http://10.0.0.104/ubuntu/ub606s/
<psufan> which works great for the install but breaks the system's apt-get if the vm pxe server is no longer running
<psufan> any way to tell it to stick to the default urls after the install is done
<psufan> it changes all the lines in sources.list to 10.0.0.104
<CarlFK> psufan: um... huh?
<CarlFK> forgive my ignorance, but are you using a preseed file?
<CarlFK> my problem: tar czvf foo.tgz bar errored: invalid option -- c
<psufan> what is a preseed file?
<CarlFK> psufan: preseed stuff: https://help.ubuntu.com/community/Installation/LocalNet#head-52c4d21520b498e09fe97a2eed47bd4942c35295
<CarlFK> psufan: "d-i     mirror/http/hostname foo" is related to what you are talking about, which is why I asked.  but if you aren't using a preseed file, then it doesn't matter
<phil^> when using md5sum on a file I get different results on 2 servers (one is ARM the other x86 arch.)
<phil^> but when I just pipe some random text to it - the hash is equal on both servers
<psufan> I just want the sources.list to be the installer defaults
<psufan> and not get changed to the 10.0.0.104 used during install
<phil^> I'm just asking myself what could be the reason for this behaviour...
<psufan> once it's installed to hard disk I want the default sources.list
<psufan> uh I know it's cause of --url but you need that for the install
<psufan> I am not stupid
<psufan> stoned out of my skull right now cause I had to take a full strength bentyl but otherwise ok
<DarkJustice> I was wondering if anyone could point me to very specific instructions on how to set up a web server and nameserver for kubuntu .. such as Nameserver for Dummies or something. I'm brand new to linux. Also is there any program like cPanel for kubuntu that is free? Thanks
<CarlFK> DarkJustice: the hard part of both of those is figuring out what you wan to do.  how you do it is much easier once the goal is well defined
<psufan> ugh
<psufan> all I want to do is have a stock sources.list after the install and it seems impossible to find out how
<DarkJustice> CarlFK: ohh sorry I should have been more specific. I'm trying to host 3 websites of my own on my kubuntu box. And I'd like my domain names to point to the box as well.
<CarlFK> sounds like you don't really need to do your own DNS, so don't
<DarkJustice> well that would eliminate a step, tha'ts always good
 * psufan smashes his head into the wall
<mdz> phil^: a bug
<mdz> phil^: or, a difference between the files
<CarlFK> DarkJustice: sudo apt-get install apache2
<phil^>  the file had been copied via scp to both hosts
<DarkJustice> CarlFK: ok thank you I am going to get a coffee refill after I run that and will brb
<DarkJustice> ok seems apache installed fine
<stefg> Hi, i've spent the whole day trying to get WinXP clients to authenticate against a hardy-box with ebox in order to have access to their samba /home-shares. Since i'm inexperienced with ldap (that's what ebox uses) i'm a bit lost. Do i need to touch smb.conf manually to get it going, or am i simply making a mistake in setting up the accounts in ebox?
<stefg> so accessing group (samba) shares works, but trying to access the users /home/samba/<user>  share always prompts me for user/pass, and won't accept even the right password. i can connect from another ubuntu-box, so there must be something garbled with accepting the authentication from the win clients. Anyone who can shed some light on this (google can't really)
<cyris|> stefg, make sure that the windows accounts have the same user/pass as the accounts in ldap
<stefg> cyris|: of course i did... so i even had a spare (win-) laptop where i could setup test accounts to test authentication.... no go ...
<cyris|> stefg, so the win clients can access shares expect for the ones in /home/samba/%username% ?
<cyris|> stefg, sorry have to go, i wasn't helping anyways :D
<stefg> cyris|: right. they can access a 'public' share (which i set up manually in smb.conf, made browsable and writable) and they can access a group folder set up in ebox. but they can't access their personal /home-share
<stefg> cyris|: thanks for tryinf anyway
<psufan> is this the correct syntax for kickstart for ubuntu server
<psufan> bootloader --append console=ttyS1,38400
<psufan> cause the installer is saying unrecongised option
<voidwalker> hello. i want a hassle-free apache mysql php mail server installed
<voidwalker> will ubuntu do this for me?
<voidwalker> i mean, the hassle-free part
<W8TAH> hi folks -- im adding a user on a hardy server -- i want this user to be equivalent in rights etc to the one that is created during start up -- can someone point me to the right howto?
<nicolab80> Hi! I'm trying to install hardy server under VirtualBox but I've just experienced a lot of different errors
<nicolab80> the installtion hang
<nicolab80> any idea?
<phil^> yay! week is finally over... happy weekend to everyone ;)
<CarlFK> voidwalker: yes.
<psufan> why do you nimrods default ubuntu-server to quiet and splash on a server?
<psufan> espically since a large number of servers are headless
<gegema> in my iptable, I just added a DROP rule for an IP to test >>> however, packets are still not being dropped from that source and the IP can still access webpages on the server...anyone intesreted in helping me figure this out?
<alex_joni> did you add it to the beginning of the chain?
<alex_joni> iptables -I 0 ... ?
<alex_joni> if you do iptables -A .. then it gets appended to the end, so it might catch another ACCEPT rule first
<gegema> alex_joni: well... the reason I am doubting the whole process is, because I am not manually adding the rules, it is being added by fail2ban in a fail2ban-web chain, which fail2ban gets from a Mediawiki extension ... the idea being , to ban people who try to brute force my wiki login
<alex_joni> gegema: that beats me then..
<alex_joni> I always do "iptables .." by hand :)
<gegema> give me a short sytax to add ip 123.45 to chain foo-bar with  target DROP please
<alex_joni> iptables -I 0 foo-bar -s 123.45 -j DROP
<alex_joni> or something similar (but man iptables usually is helpfull enough ;)
<psufan> WHAT
<psufan> THE
<psufan> FUCK
<psufan> why would the grub options quiet and splash actually make console=ttyS1,38400 work!??!?!
<psufan> fuck me gently with a chainsaw
<psufan> wait now it's working without it
 * psufan is about to kill himself
 * alex_joni puts the chain-saw back
<psufan> this is the most screwed up shit I have seen in 15+ yrs of it
<psufan> the only logical thing I can come up with is grub corrupts it's config fiiles randomly during a install
<psufan> - /boot/grub/menu.1st is the correct file to edit right?
<alex_joni> yah
<psufan> then wtf
<psufan> ugh
 * psufan throws in the towel
<Miguel`> Hi
<Miguel`> Is it possible to reinstall Ubuntu Server trought SSH?
<ScottK-uds> Miguel`: Not with the standard CD image.
<Miguel`> Problem is I don't have a CD Reader on my server
<ScottK-uds> How about USB?
<ScottK-uds> Miguel`: ^^^
<Miguel`> That's a possibility
<ScottK-uds> There is a wiki page on wiki.ubuntu.com that tells you how to make a bootable USB image out of a standard Ubuntu ISO.
<Miguel`> But would it be possible w/o attaching a screen & keyboard?
<ScottK-uds> Probably not.
<Miguel`> Cauze if I do all the trouble to get my server out of the closet, I wouldn't mind wiring it up
<ScottK-uds> Why do you have to reinstall?
<Miguel`> Because I first installed it to test some things out, now I want a fresh start
<ScottK-uds> OK.  Generally with Ubuntu you can just change it to be what you want and end up in the same place with much less effort.
<Miguel`> I would like to return to the basic install with SSH
<ScottK-uds> Then just purge the packages you added.
<Miguel`> And all the files I edited/added, they would also stay on the hard disk
<ScottK-uds> If you purge, then the config files would go.
<ScottK-uds> Up to you of course, but I don't typically reinstall for such things.
<Miguel`> Is there a way to see all the packages that aren't installed 'standard'?
<ScottK-uds> I think so, but I don't recall exactly how.
#ubuntu-server 2008-05-24
 * flyback sticks a bunch of corroded nicd cells into hcl acid and yells "you go to hell and you die"
 * flyback waits for them to get cleaned or go boom
 * delcoyote hi
<hotmonkeyluv> if I have a 32bit server platform, and I use ubuntu with pae, can one application access over 3gb of ram?
<egoleo> hello
<egoleo> is there a way to check for the integrity of CPAN on ubuntu
<nicolab80> Hi, I can't install hardy as a guest on virtualbox. The installation hangs and virtualox take 100% of cpu.
<nicolab80> Any idea? There useful log file that I can use to fill a bug report?
<bip> anybody around using vmware-server ?
<nicolab80> bip: yes
<nicolab80> but not with ubuntu
<nicolab80> do you need help?
<bip> fixed it
<bip> after googling
<bip> the 64bit version has a PAM bug
<\sh> hmm?
<\sh> vmware-server has a 64bit version?
<\sh> (I mean not running 64bit os guests)
<\sh> the whole crap is mostly i386 code ;)
<bip> it has
<bip> i m running it right now
<bip> on a quad core xeonn server
<\sh> bip, yes..with a whole lot of i386 packages on amd64 ;)
<bip> well ...
<bip> i just need it as virtualization host
<\sh> bip, if you can afford a quad...why bother with vmware-server and not directly go to esx? it's much better in resource management
<bip> well
<bip> because i broke the piggy bank to buy the server
<bip> and now i dont have any pig left tto buy a esx licence
<\sh> hehe
<gcleric> bip: on a lighter note you can port vm's created on the free vmware-server to esx using the free vmware converter.
<gcleric> at a later date...
<bip> i know i wont throw away when i will find the piggies gcleric ;-)
<bip> i have been using vmware since workstation 2 o 3
<bip> I have forgot when exactly ;-)
<gcleric> if an when you do go esx budget for 2 to 3 server lic.  load balancing resources with DRS clustering is a must.
<gcleric> ...and shared storage too.. =)
<\sh> shared storage...
<\sh> hp bl35c center + netapp == platin
<bip> i know i was doin some readin about SAN
<bip> and blade servers
<gcleric> yup... a NFS, iSCSI, FCP storage that can be shared between the ESX servers...where the VM's will be stored.
<bip> i wonder if my next empoyer will buy me trhat stuff
<bip> right now
<\sh> for only some 2 or 3 servers, some up2date raid 5/6 sata storage boxes with iscsi on board can be enough for the first step
<bip> i have to uuse 2 dell 1800 with dual xeon for lan and dmz server
<bip> but we r a low traffic network
<bip> more a testing network then a real network
<\sh> gig ethernet doesn't cost the world anymore
<gcleric> for the vmware esx cluster you only need servers that have the same cpu family.
<bip> so  I mnot sure we really need the big miscle required to run virtualized srvers
<bip> gig nics will be bought
<bip> what i highly doubt is getting shared storage soon
<\sh> bip, believe me, when you run several vmware-server guests, and your systime on the guests is running out of sync ... then it's time, really
<bip> u mean time out of sync is  a i/o issue ?
<bip> well as I said no one of my guest boxes is really under heavy usage ...
<\sh> you never tried to run an oracle db server under sles9 on vmware-server  ;)
<bip> i have to balance a bit between hardware resouces my boss wont buy and the sort of network I need to run
<bip> no
<bip> and I don t plan to
<bip> i have a few mysql server backing web apps
<bip> but hey mu network serves 16 users
<bip> so I don t think there is much justification for overspending on hardware
<gcleric> bip you can build an esx -- sort -of -- using the free version vmware-server 3 servers.
<bip> we have 3 vmware server already running
<gcleric> one server as a shared storage via NFS.
<bip> one is hosts our lan boxes
<bip> the other one ha the dmz machines
<gcleric> two servers running vmware-server mounting the vm's via the NFS share.
<bip> then w e have an old crappy pc for testing
<gcleric> the shared storage PC dose not need to be beefy....just a lot of storage and a good nic or two...GigE.
<bip> i know i have been thinkin about settin up some sort of home made NAS
<gcleric> bip that would do...
<bip> do u think that one of those contemporary mobo with 6 sata slots will be enuff for runnin about ten low usage vms ?
<bip> i mean 6 disks maybe setup as riad 5
<bip> raid 5
<bip> sata 2 disks ?
<gcleric> what flavor of raid?
<bip> raid 5 i think
<gcleric> ya...
<bip> to optimize storage
<\sh> 16 500g sata drives, a fast raid controller which can support 16 sata channels...(e.g. areca or whatever) and push some openisci linux on it..voila best storage ever...cheap
<bip> i could prolly do 10
<bip> they wont buy me those toys \sh sorry
<bip> i have to survive with what i can scrap
<\sh> bip, http://www.ccsstore.de/shop/article_IServ000001/Industrie-Server-2x-AMD-Opteron-2,2-GHZ,-3HE,-16x-500GB-HDD.html?shop_param=cid%3D49%26aid%3DIServ000001%26
<\sh> sorry only german
<gcleric> raid 5 should work  using something like freeNAS.
<bip> yeah my colleague will love that
<bip> even if it appears like developent on freenas has stopped
<gcleric> the vmware-server front end servers will not require much storage locally if you have a shared storage backend that the front end servers mount the storage from.
<gcleric> also if one of the frontend servers dies you can remount the vm's on the remaining running server.
<bip> \sh, I ahve an idea u go an ask my boss for Preis EUR 2.796,50
<bip> if i says yes ...
<bip> I come in too ;-)
<bip> I know the theory gcleric , just money is the issue
<gcleric> sorry...I'll shut now...
<bip> it s ok
<\sh> bip, check this out: http://www.presseportal.de/pm/60208/866278/combots_ag/ <- my former DC :)
<bip> maybe my next employer will be less cheap ;-)
<\sh> 638 of those servers you could buy there...16x 638 500GB Sata Drives :) a lot of storage..
<bip> listen I backup only the bare minimum because they wont give more the 2 36GB dat tapes for week
<bip> our work is saved on a raid file server rsynced every hour to an othere raid server, while I hope the y dont break ;-)
<gcleric> I would get an email from your bosses stating why they won't covert the butts in the event of disaster... to cover you butt.
<bip> my butt and the whole company seem to be pretty gone
<bip> last monday a colleague told me that the company will be sold or go belly up ...
<bip> :(
<\sh> sysadmins are always to blame if something goes wrong
<bip> right now I mworking on my home server, just to keep my skills sharp since sounds like I gonna be job hunting pretty soon
<bip> we r always to blame
<bip> so i sorta ignore em until they start kickin me ;-)
<\sh> "You were at fault..that's why our company lost and died" "But Boss, you didn't give me the money to buy...." "Don't come with this money shit..." "But..." "NO But, you're fired, cowhead"
<bip> they can t fire me
<bip> since they never hired me ...
<bip> I m a self employed contractor formally ;-)
<gcleric> with luck they can't sue you either...
<bip> no they cannot ...
<bip> but they r nice bastards ...
<bip> I know they wont ;-)
<\sh> last words of a dead man;)
<bip> what do u know about mailserver working with dydndns ?
<bip> do they work ?
<bip> they dont ?
<bip> they do but are a pain in the ass ?
<\sh> dyndns is hobby..no serious company is relying on this
<bip> I m not talkin about a company \sh
<bip> I m talkin about runnin a server of my own mainly for testing purposes
<\sh> bip, it works...
<bip> I know that is noy something to be used for production server
<bip> ok
<bip> somebody told me then some smtp server wont accept mail comin from dynamic ip
<\sh> bip, yes..from dynamic ips it's mostly not working (sending mail) .. I was more talking about receiving
<freeflying> \sh: some dynamic dns provider may make it work
<bip> u mean it is not the same with every dynamic dns provider freeflying ?
<freeflying> bip: maybe
<\sh> freeflying, how, when you directly send out your mails from your own server on a dsl line with dynamic ip? you need a relay
<freeflying> \sh: they will provider ur dns resolve
<\sh> freeflying, resolving is not the problem...most likely they make a reverse lookup (in-addr.arpa lookup) and they you are stuck
<bip> well the reversse lookup is screwed with loto of staic ip too
<bip> but they might blacklist known dynamic ip ranges
<bip> we discovered this yesterday one reverse lookup resolves to our isp name
<bip> even if we own a block of 8 public ip
<stiv2k> anyone here good at configuring sendmail?  Hotmail denies all the emails I send to them from my server....
<bip> are u using dynamic ip stiv2k ?
<stiv2k> bip: no
<bip> or your ip reverse lookup doesnt resolve to your ip for some reason stiv2k ?
<stiv2k> bip: its hosted on a dedicated server
<stiv2k> bip: its at rickb.net
<stiv2k> you can test the DNS for yourself
<bip> oh well ...
<stiv2k> i can send email to anywhre but hotmail
<bip> i can
<bip> ok
<stiv2k> it says this
<stiv2k> May 24 12:53:15 x2 sendmail[30557]: m4OGrDRT030557: to=neoturbine@hotmail.com, ctladdr=apache (48/48), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=32716, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m4OGrDfv030558 Message accepted for delivery)
<stiv2k> May 24 12:53:16 x2 sendmail[30560]: m4OGrDfv030558: to=<neoturbine@hotmail.com>, ctladdr=<apache@gline.org> (48/48), delay=00:00:03, xdelay=00:00:01, mailer=esmtp, pri=122929, relay=mx3.hotmail.com. [65.54.245.72], dsn=2.0.0, stat=Sent ( <200805241653.m4OGrDRT030557@gline.org> Queued mail for delivery)
<stickystyle> anyone know off the top of there heads what version of debian Dapper pulled its upstream packages from?
<stiv2k> any ideas?
<Deeps> whatever was testing at the time, i'd guess
<Deeps> lenny
<Deeps> no, i lie
<Deeps> at a guess, was etch when it was in testing
<stickystyle> yeah, looking at the timeline now..looks like it would have been etch.
<emgent> hello
<TechieDragon> I have a script issue that I can't seem to resolve.  The line that seems to be at issue is ls -l %1.  If I pass in no params it works fine.  If I pass in z* I get one file listed.  If I pass in 'z*' I get all the files starting with z - any ideas?
<Deeps> yes, the * is being evaulated by your shell
<Deeps> pass '*' or \*
<Deeps> to avoid it happening
<Deeps> maybe
<TechieDragon1> Ok.. lost my connection
 * flyback going outside for a bit, bbl
#ubuntu-server 2008-05-25
<The-Kernel> What's a good free alternative open source program to cpanel/directadmin?
<d34th> hello
<d34th> i could use some help with the installation of the server
<udaho> what's the problem?
<d34Th1> when i try to install it to giveme the error Cannot Find CD-Rom
<udaho> are you installing this to an actual PC or virtually?
<d34Th1> actual pc
<d34Th1> ive done it on virtual with no problem
<d34Th1> i have the other box right here
<d34Th1> its a Compaq Presario s4000nx with a ram and mobo upgrade
<udaho> so the PC boots to the cd rom, you choose install from the menu, and it errors out at that first step when it's checking for the cd rom drive?
<d34Th1> it does the keyboard then kicks out
<d34Th1> saying the cdrom isnt in there
<udaho> have you tried testing the disc from the server install main menu?
<d34Th1> actually no
<d34Th1> let me do that not
<d34Th1> **now
<d34Th1> it didnt give me the option
<udaho> are you using the latest version 8.04?
<d34Th1> yea
<udaho> what options do you have on the main menu?
<d34Th1> i have no main menu
<udaho> so after booting the PC with your disc did you ever see the menu that has install ubuntu server, check cd for defects, etc?
<d34Th1> no it just went straight to installation
<udaho> when you successfully installed virtually was it with this same disc?
<d34Th1> no, it was with the .iso
<d34Th1> but i burnt the .iso to disk and tht didnt work so im using syslinux to boot it
<udaho> when you installed with the .iso did it go straight into the install like it is now? I'm not sure if you are using the alternative installation image or what but my suggestion would be to burn another copy of the disc, possibly on another medium (eg. cd-r instead of cd+r). If that doesn't work I would download the installation .iso again. Best of luck to you, I've got to go now.
 * delcoyote hi
<jay2> Do you guys change the support information for help files on Ubuntu main site?
<jay2> If not do you guys know where there is a irc chat channel for support forums?
<Kamping_Kaiser> dont understand the first question
<Kamping_Kaiser> and both #ubuntu-forum and #ubuntu-forums exist
<jay2> well what I was trying to say Kamping_Kaiser is this most of the install instructions are really confusing thats all
<jay2> like documentation
<jay2> that was the main one
<stiv2k> is there a way I can reconfigure my dovecot-server thru dpkg?
<stiv2k> for example, the SSL/TLS certs are expired.
<shifty1b> i am installing the ubuntu server, it gets stuck at 42% @ scanning the mirror <--- anyone knows how to fix this ?
<AlexC_> hey all,
<AlexC_> my server appears to be restarting its self every day at roughly 00:37-00:38. I can't see anything in the logs to being an explanation to this - I'm hoping someone can help me find out what is causing this =)
<AlexC_> actually, ignore that - I was reading them wrongly
<hads> syslog probably
<uvirtbot`> New bug: #234732 in samba (main) "Upgrade gutsy -> hardy, faled for packages: samba-common, smbclient, ubuntu-desktop, bash-completion " [Undecided,New] https://launchpad.net/bugs/234732
 * delcoyote hi
<h1d> hello, does ubuntu have a package for phpbb3? it seems there is one for debian
<shiftysg> i am installing the ubuntu server, it gets stuck at 42% @ scanning the mirror <--- anyone knows how to fix this ?
<shifty> hey anyone out there?
<bimberi> shifty: yes
<shifty> hi just installed the lamp server
<shifty> where is the config file for the apache server located at ?
<bimberi> at a guess, somewhere within /etc/apache2
<hads> /etc/apache2
<bimberi> phew :)
<hads> :)
<shifty> hey how do i edit port.conf it's read only
<emgent> heya
<hads> shifty: sudo
<shifty> ok got it
<shifty> ar ha
<bimberi> !sudo
<ubottu> sudo is a command to run programs with superuser privileges ("root"). Look at https://help.ubuntu.com/community/RootSudo for more information.
<uvirtbot`> New bug: #234786 in dovecot (main) "dovecot-auth: pam_smbpass(dovecot:auth): unrecognized option [missingok]" [Undecided,New] https://launchpad.net/bugs/234786
<GreeneMile> hey, anyone in here have experience with streaming audio servers?
<Ko_deZ> Hi
<Ko_deZ> I have a "noob" question that I am having a hard time figuring out. I have added a /dev/sdb1 line in fstab for an USB disk that I want automounted at boot. This works nicely, but as it is a usb disk, I also want to boot without it connected from time to time. That is my problem. It goes to maintainence mode (ctrl+d to continue). How do I avoid this?
<faulkes-> iirc you shouldn't have to put it in /etc/fstab
<faulkes-> it should simply automount itself if you insert it
<faulkes-> granted, it will likely mount to the default mount point
<Ko_deZ> faulkes-: really?
<faulkes-> yes, really, at least that has been my experience so far
<Ko_deZ> Does this also happen to HDD trays? That is my second "hurdle" =)
<Ko_deZ> Except, those has to have a reboot I guess, as it is not USB.
<ivoks> nxvl: damn you :) i'm sick as hell :D
<Ko_deZ> faulkes-: I am having issues with this disk-tray thing. If I have a line in fstab I get the same issues as with the usb disk. I get into maintainance mode (ctrl+d to exit) if the disk is not there.
<Ko_deZ> I am well aware of the disk being removed. I just want it to finish booting even though there is a disk missing.
<sergevn> anybody familiar with this error message? http://pastebin.ubuntu.com/14565/
<waydot> hello
<waydot> anyone here got into setting up custom apparmor profiles and got into problems with apparmor skipping those profiles?
<waydot> nevermind... "typo" error
<Centaur5> I followed this site http://trac.ebox-platform.com/wiki/Document/HowTo/TransparentProxyAndHTTPS but I still can't seem to get it to work. I configured the rules underneath the one for internal networks was that the right one?
<blue-frog> tar --diff -vf test.tar .test/ gives me the same result as tar -tf test.tar. I was expecting it to pinpoint the new file that is in .test/ and not in test.tar. An idea?
<adinx> hi. i was told by genii from #kubuntu to ask for help over here.. i have a problem with apachefriend's lampp server. i can't connect to localhost if i unplug my network cable
<phynix> do dhcp servers need two nics?
<Deeps> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<Deeps> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<Deeps> user is in group 'admin', the following line is in /etc/sudoers (added using visudo, rather than editting the file directly):
<Deeps> %admin ALL=NOPASSWD: ALL
<Deeps> yet sudo <anything> still requests a password
<Deeps> is there anything i need to rehash/restart to make this change effective? (user has tried logging out and in again, no joy)
<bimberi> Deeps: No, it should just work(tm).  Check for typos, correct group memberships etc.
#ubuntu-server 2009-05-18
<lcarsos> Hi, I'm a total newbie so this is a very elementary question, I have a fresh install of server  on a box sitting not two feet from me. It's set up as a web server, but I'm just using it to teach myself php. Anyway, I can SSH into it, and I can SCP into my user directory, but I can't SCP files into /var/www what am I doing wrong?
<sommer> lcarsos: does your user have write access to /var/www?  usually /var/www is owned by root
<lcarsos> I don't believe so, and I can't figure out how to give it write access
<sommer> you could change the owner and group to the www-data user (the user apache runs as) then add yourself to the www-data group
<sommer> sudo chown www-data.www-data /var/www; sudo adduser $USER www-data
<storrgie1> How can I scan for network interfaces in ubuntu server?
<sommer> lcarsos: the chown command changes file/directory ownership, and the chmod command will change permissions
<lcarsos> It says it added me to the group, but /var/www is still owned by root and won't let me copy in
<jmarsden> lcarsos: Then the   sudo chown www-data.www-data /var/www    did not work.  Did you get an error from running that command?
<lcarsos> were they supposed to be typed in seperately?
<lcarsos> I'll try that
<jmarsden> The ; should have separated the two commands, but go ahead and try the sudo chown www-data.www-data /var/www
<lcarsos> I just refreshed WinSCP and it says now that /var/www/ is owned by www-data
<lcarsos> It still says permission denied
<jmarsden> What does   ls -ld /var/www/    display?  And did you close and reopen winscp -- an old connection from it will not realize you are now a member of the www-data group.
<lcarsos> I closed it down and reopened from the start menu
<lcarsos> ls -ld /var/www says: drwxr-xr-x 2 www-data www-data 4096 2009-05-17 15:12 /var/www
<jmarsden> Ah.  sudo chmod g+w /var/www/    so that the group can write to it.
<lcarsos> Cool, thanks so much!
<lcarsos> just for my reference does this impact the security of the server?
<jmarsden> No problem.  In a "real" server, you'd not have a single end user be able to write there, you'd give them a virtual web server underneath there, say /var/www/someuser and make that dir owned by and so writeable by someuser...
<jmarsden> Well, it means that the current user who can now write to /var/www has the power to wipe out all of the web data on it...
<jmarsden> This isn't what I'd suggest on a production web server, but you are just doing this for learning PHP locally, so it's fine.
<lcarsos> So, if this were a production box I would create a subdirectory and give myself ownership of that?
<jmarsden> Yes, and then set up a virtual host under /etc/apache/sites-available to use that subdir for "your" www domain...
<jmarsden> perhaps www.someuser.org  :)
<jmarsden> if you were doing this larger scale you'd use another app to manage all of the virtual hosts, creating a web control panel so users could manage their own web site but not mess with other people's...
<lcarsos> Alright, thanks again.
<jmarsden> If you want to start down that road, check out ebox .  No problem.
<wizardslovak> i want to open a log
<wizardslovak> but log is just tooo long thousands of lines
<wizardslovak> is there command which will show me just the end of log?
<thewrathjr> yes trying to think abou tit
<thewrathjr> tail is the command to show the last 1 lines
<jmarsden> You can also use less to view a file and then move to the end with the G command, search for strings with /somestring, and so forth...
<wizardslovak> damn
<wizardslovak> "telnet localhost imap" connection refused
<wizardslovak> does anyone knows what could be problem
<yann2> sudo netstat -l | fgrep imap ?
<wizardslovak> nothing happens
<yann2> sudo netstat -l | fgrep 143 ?
<wizardslovak> nothing
<yann2> are you sure the server is running?
<jmarsden> wizardslovak: Sounds like imap is not running on your server, or if it is you forgot to open a hole in the firewall to make it visible?
<wizardslovak> ufw firewall has 143 port open
<wizardslovak> but for localhost it shouldnt make difference
<ajmitch> and which imap server do you have installed?
<wizardslovak> dovecot
<ajmitch> I haven't played with its configuration lately, but have you set it to listen for imap connections?
<wizardslovak> whats the command
<ajmitch> the configuration file is /etc/dovecot/dovecot.conf
<ajmitch> you may want to look up info about it on the wiki, I'm not using a standard ubuntu configuration of it, so I can't recall what's on by default
<wizardslovak> i got listen = *:143
<jmarsden> wizardslovak: check the protocols= line; default in Jaunty is none... did you change that?
<ajmitch> and protocols?
<wizardslovak> no
<wizardslovak> i didnt chanGE no protocols
<jmarsden> If you want some protocols, you need to :)
<wizardslovak> ok so what line am i looking for?
<jmarsden> The one that starts with protocols= :)
<wizardslovak> ok i see imap protocol
<wizardslovak> i see login_executable, mail_executable
<jmarsden> In the default /etc/dovecot/dovecot.conf file, there is a line protocols=none   you can comment that out and replace it with the line above it instead (remove the # from that one)
<wizardslovak> i have protocols=imap
<wizardslovak> should i change it to none?
<wizardslovak> pastebin from dovecot -n http://pastebin.com/d2ee23ce3
<jmarsden> line 4 of that pastebin says you do not really have protocols=imap :)
<wizardslovak> jmarsden: http://pastebin.com/m511ebec6
<wizardslovak> it does
<jmarsden> That looks better.  Now restart dovecot and see what is listening on port 143 and 993
<wizardslovak> whats command for liten those ports/.'
<jmarsden> sudo netstat -ntlp  # will list all listeners on TCP ports
<wizardslovak> nope
<wizardslovak> i dont see 143 nor 993
<jmarsden> Hmmm.  Can you do   egrep -v "^ *#|^$" /etc/dovecot/dovecot.conf >/tmp/dovecot-no-comments.conf   # and then post the /tmp/dovecot-no-comments.conf file to pastebin ?
<ajmitch> did you restart dovecot?
<wizardslovak> yes '/etc/init.d/dovecot restart"
<jmarsden> Wait... do you have a file called /etc/dovecot/dovecot-postfix.conf ?  It overides dovecot.conf ...
<wizardslovak> yes i do have postfix
<jmarsden> Then look in that one not in dovecont.conf... set the protocols= line in there and restart dovecot.
<jmarsden> This is a new thing in Jaunty...
<wizardslovak> yes
<wizardslovak> it works!!!!!!!!!!!!!!
<jmarsden> Good.
<wizardslovak> thanksss
<wizardslovak> people on dovecot caht couldnt help me for last couple days cause they didnt know
<wizardslovak> ubuntu is the best
<wizardslovak> heheh
<wizardslovak> one more think
<wizardslovak> squirrelmail
<wizardslovak> it works but i cant connect/login
<jmarsden> How did you configure it?  (It's been a while since I configured squirrelmail...)
<wizardslovak> well i installed it and set it for dovecot imap
<wizardslovak> and apache
<wizardslovak> domain.com/squirrelmail works
<wizardslovak> but i cant log in
<wizardslovak> i am getting this error "
<wizardslovak> Error connecting to IMAP server: tls://localhost.
<wizardslovak> 0 :
<jmarsden> The tls: looks odd...
<jmarsden> Just tried it here, sudo apt-get install squirrelmail ; sudo ln -s /etc/squirrelmail/apache.conf /etc/apache2/conf.d/squirrelmail.conf ; sudo service apache2 restart
<jmarsden> and then I can browse to localhost/squirrelmail and log in as me just fine.
<jmarsden> (Oh, I did configure it as using dovecot with sudo /usr/sbin/squirrelmail-configure   )
<wizardslovak> you login with your username?
<jmarsden> Yes.  Is your dovecot listening on 993 as well as 143 ?
<wizardslovak> how can i check it?
<wizardslovak> no 993 doesnt conenct
<jmarsden> By default squirrelmail uses 993 (for security)... so that's your issue.
<wizardslovak> i still can change it in postfix-dovecot.conf right?
<jmarsden> Yes.  Try setting that protocols line to    protocols = imap pop3 imaps pop3s managesieve     and restart dovecot.
<jmarsden> BTW that is the default when I installed dovecot-postfix... so I'm not sure why you are needing to edit that...
<wizardslovak> jmarsden:  you are genius
<wizardslovak> it works!!!!
<jmarsden> :) No, I have just been doing this for a long time :)
<wizardslovak> ok now i got other error
<wizardslovak> i tried to send message
<wizardslovak> "error message not sent ,server replied"
<jmarsden> That sounds like you have a messed up postfix configuration, too... but I need to do some other things for the next 2 hours or so... if I am back here (and you are also here) in about 2 hours, ask about it then.
<wizardslovak> ok
<wizardslovak> just for that i will be here
<jmarsden> :)
<Chriz1212> can i ban all people not from russia
<steelcityjim> I need some help updating my internet connection info in ubuntu server
<steelcityjim> on the install it automatically configured
<steelcityjim> I have recently changed and need to update it
<steelcityjim> can anyone assist
<Chriz1212> ifconfig?
<jmarsden> steelcityjim: I can't stick around and help right now, but did you read the Server Guide?  See https://help.ubuntu.com/9.04/serverguide/C/network-configuration.html
<steelcityjim> yea thats not really helping
<jmarsden> steelcityjim: What exactly are you trying to change that is not documented in there?
<steelcityjim> well im going from pppoe to dhcp
<steelcityjim> and changing int providers
<jmarsden> steelcityjim: And you hook the server directly to the public Internet -- no router/firewall ?  Should be fine, the server guide has sample configs for DHCP and static IPs ...
<steelcityjim> not a static
<jmarsden> OK, so use the DHCP example right on the page I pointed you to... ?
<jmarsden> Two lines in /etc/network/interfaces -- did you try that?
<steelcityjim> ok so is it sudo /etc/network/interfaces
<steelcityjim> then I enter this into the file?
<steelcityjim> auto eth0
<steelcityjim> iface eth0 inet dhcp
<jmarsden> You need to use an editor to edit a file... recheck your sudo command :)
<steelcityjim> ok so i need to edit the /etc/network/interfaces file?
<jmarsden> Yes.
<steelcityjim> to include the two lines
<jmarsden> Yes.  That is what the server guide said, right?
<steelcityjim> ok i can probably get through that
<steelcityjim> now I was using no-ip to host my server and my isp blocked it
<steelcityjim> so I recently switched to comcast
<steelcityjim> does comcast use the 80 port ?
<jmarsden> No idea.  Read your ISP's acceptable use policy to find out what they permit.
<steelcityjim> I don't believe they care just not sure how to set it up
<jmarsden> If they don't block it and they truly don't mind servers on their home customers setups (most ISPs *do* mind this), then there is nothing to set up... port 80 will "just work".
<jmarsden> Just set up whaetver web server you want to run on port 80.
<steelcityjim> Would that be enabling my personal web page
<steelcityjim> no thats not it
<jmarsden> You had a web server running on port 80 before, right?  So leave it running :)
<tonyyarusso> I can save you some time:  Comcast's AUP does not allow running servers on residential plans, but does on business plans (which are way more expensive).  Qwest does allow servers on residential plans.  Verizon FiOS currently does not.
<steelcityjim> well my no ip acct terminated because the isp was blocking it
<tonyyarusso> mobi-sheep: although re: the "just work" comment, you will usually need port forwarding on your router at least.
<tonyyarusso> errr, jmarsden rather - tab-complete fail.
<mobi-sheep> tonyyarusso: And you pinged me.  I was watching the anime. :)
<steelcityjim> so tonyyarusso if I foward the port will it work on comcast?
<tonyyarusso> sowwies
<tonyyarusso> steelcityjim: It might work (I don't think they actually block it), but it would violate their terms.
<steelcityjim> im just using it to do some basic file sharing and a basic web page
<steelcityjim> my old provider blocked it
<jmarsden> re port forwarding... that means you have a router, so you do not need to change the /etc/network/interfaces ... I though I asked if if you connected the server directly to the public Internet earlier...??
<steelcityjim> yes I have a router
<steelcityjim> so If i just enable a new no-ip account it should work with the new isp as previously configured
<mobi-sheep> tonyyarusso: It's a good Failz.  :) --- steelcityjim:  And I do use occasional server for basic file sharing.  I also have Comcast.  As expected, the hosting is awful slow but nevertheless it still work.  Assuming you did the port forward and use no-ip.  That's about it.   Right.  no-ip account can be updated at interval of your choice.
<steelcityjim> cool
<steelcityjim> so as far as the isp change do I need to update anything on my server?
<jmarsden> steelcityjim: No.  Just in the router.
<steelcityjim> ok i updated thr router to dhcp an its working
<steelcityjim> but i cant ssem to acess my server via the web
<steelcityjim> I can access the server via my network
<wizardslovak> did you open port 22?
<jmarsden> steelcityjim: Does the router have an appropriate port forward from port 80 to the server's IP address?
<jmarsden> wizardslovak: port 22 is ssh port 80 is web... :)
<steelcityjim> it should it was previously working
<steelcityjim> 22 and 80 are both enabled in the router
<wizardslovak> jmarsden: so youre here
<jmarsden> I was across the room... working on some hardware stuff (paid consulting...)  I'm half here...
<wizardslovak> hehe
<wizardslovak> i found what could be problem
<wizardslovak> but i still cant find whats wrong with it
<wizardslovak> its "SASL suthentication mechanisms"
<jmarsden> installing the dovecot-postfix package *should* set that up for you...
<wizardslovak> it worked before
<wizardslovak> do i have to reinstall it?
<TimReichhart> hi guys I am haivng problems with this code "mysqli_stmt_execute""
<steelcityjim> yea won't connect via the web
<jmarsden> wizardslovak: I doubt it... I'm still kind of busy... give me a bit more time ... my client just called me wanting it "done"... :)
<wizardslovak> ok
<wizardslovak> take your time
<jmarsden> steelcityjim: Are you sure you have the port forwarding correct in the router?  ...
<steelcityjim> external port 80 to internal port 75
<steelcityjim> no-ip acct set up as port 80 redirect
<steelcityjim> ip address is correct on no-ip acct
<TimReichhart> is there anyway to remove the Suhosin patch?
<wizardslovak> TimReichhart: what is reason to remove it?
<jetole> does anyone know how to make crontab -e with vim use syntax highlighting in ubuntu server 9.04?
<TimReichhart> well I am having a problem with a code that somebody wrote for me and I am getting this error: Fatal error: Call to a member function execute() on a non-object   and I spoke to the person who wrote it and he told me he thinks its that patch is causing that error because the code works fine on his server
<steelcityjim> do I possibly need to reboot the server after the ip change?
<jetole> TimReichhart: it looks like execute is part of a library that was not linked in to the compile
<jetole> steelcityjim: no
<jetole> steelcityjim: wait, how did you change the IP?
<steelcityjim> I got a new provider
<TimReichhart> so could you tell me how I can fix this library?
<steelcityjim> I have not changed anything on the server
<jetole> steelcityjim: no I mean how did you change the IP on the server?
<steelcityjim> only the router
<steelcityjim> I did not
<jetole> ok...
<steelcityjim> thats what I think the problem is
<jetole> steelcityjim: how do you access the server?
<jmarsden> steelcityjim: OK, so check the IP of the server PC and the IP you told the router to forward port 80 to... are they the same?
<jetole> actually jmarsden has a point, if you are using NAT then you don't need to change anything
<jmarsden> If not then correct the port forward in your router... :)
<oh_noes> is it possible for vmbuilder to create a thin vmdk file?
<jetole> oh_noes: that doesn't really have anything to do with ubuntu server
<jetole> oh_noes: try #vmware
<jmarsden> or #ubuntu-virt
<oh_noes> vmbuilder is ubuntu server, nothing to do with vmware
<oh_noes> well definitely not in relation to how vmbuilder creates the vmdk, but thanks yeah already asked in virt
<steelcityjim> server ip is correct in router
<steelcityjim> forwarding port 80 to port 50
<TimReichhart> hey jetole how can I get that library to get install or upgraded
<jmarsden> steelcityjim: OK.  and there is a running web server on the server PC, listening on port 75 (since that is what you redirected to, for some reason)
<jetole> oh_noes: vmdk file are vmware virtual disks
<steelcityjim> how do I know if its listening?
<jetole> TimReichhart: ask the developer
<jetole> TimReichhart: I have no idea what library it is
<jetole> TimReichhart: execute() is not a function I have ever heard of
<jmarsden> steelcityjim: Point a browser at it, or telnet to it, or  sudo netstat -ntlp and look for it in the output...
<jetole> TimReichhart: exec(), execve(), system() etc are normal C execute functions and part of posix, never heard of execute()
<TimReichhart> like I said I already asked the person who wrote the code and he thinks its that patch because he gots the same mysql and apache
<TimReichhart> but he is using FC9
<jetole> TimReichhart: ask him where he got the execute function from
<jetole> I don't care if he us using BSD 4.4
<jetole> ask him where the function came from
<jetole> or look for it in the header files since the name of the header file might help
<jetole> TimReichhart: or just google it
<steelcityjim> ok did the sudo netstat -ntlp
<TimReichhart> he is a Zend PHP5 Certified Engineer
<jetole> TimReichhart: and?
<steelcityjim> got 6 different lines
<jmarsden> steelcityjim: So... is there an httpd listening on port 75...?
<steelcityjim> all in the listen state
<jetole> TimReichhart: if he is barack obama or linux torvalds that doesn't solve your problem
<jetole> *linus
<steelcityjim> no 80 and 22
<jmarsden> Then why did you redirect port 80 on the router to port 75 on the server??
<TimReichhart> he is the one who created the code and here is the code what it looks like here is his site:http://white-box.us/manage/index.php    this is what it post to do this guy wrote the code just for me
<jetole> TimReichhart: is he dead? why are you not asking him?
<steelcityjim> well I had it at 80 originally and was not working so thought I would try another
<TimReichhart> I been asking him asking about this all day along
<jetole> TimReichhart: thats not code, thats a php page, you posted a C or C++ error
<steelcityjim> so im assuming thats not the problem
<TimReichhart> and only thing he can think of is that dam patch
<jmarsden> steelcityjim: fix the port forward to it forwards port 80 on the outide to port 80 on your server...
<jmarsden> Do not guess and port numbers or change them randomly!
<jmarsden> s/and/at/
<wizardslovak> i really dont know what happened
<jetole> TimReichhart: I hate to sound cruel but you have no idea what caused it so now that we have that clearified stop making that assumption
<wizardslovak>  i checked everything and it seems fime
<steelcityjim> ok fixed in router
<wizardslovak> still cant sent mail out nor receive
<jetole> makes it harder to solve when you guess what the problem already is
<steelcityjim> external 80
<steelcityjim> internal 80
<jmarsden> OK.  Now test it from the outside... any better?
<TimReichhart> dude its working on FC9 with same mysql and apache as I am using its something to do with that patch
<steelcityjim> no still not finding my page
<jmarsden> What do you see?  a 404?  Or what?
<jetole> TimReichhart: if it's the same mysql and apache you are using then that means you compiled it yourself or he compiled it himself on the same server and all libraries that it links to
<steelcityjim> no page not found taking me to some lame-delegation domain .com
<TimReichhart> I mean I got one page is working great
<jetole> TimReichhart: I doubt it's even the same versions, I mean so essentially just made a comparison of Windows ME and Windows server 2008 being the same
<TimReichhart> but the others is not
<jetole> TimReichhart: which program is crashing specifically?
<TimReichhart> its my index page and edit page
<TimReichhart> but my add page works alright
<jetole> TimReichhart: no. you posted a C or C++ error
<jetole> I recognize the error, it means a function that was properly coded in but relies on an object that was not linked
<jmarsden> steelcityjim: if you browse using your public Ip instead of a domain name does it work?
<TimReichhart> ok go to this site: http://white-box.us/manage/index.php  you see its working great on his server but I get the error message of:Call to a member function execute() on a non-object in
<TimReichhart> on my server
<wizardslovak> jmarsden: http://pastebin.com/m62907dff i think sasl is problem
<jetole> on second though that's not quite the error I thought it was
<jetole> TimReichhart: what is your site?
<TimReichhart> alright hold on I have to change something then you will get to see it
<jetole> on second though, and I may have been a little too overzealous, that sounds like a php error
<steelcityjim> yes if I type in the ip address in the browser it comes up
<steelcityjim> but won't come up by the name
<wizardslovak> dns
<jmarsden> wizardslovak: Yes, I agree, looks like postfix is not configure correctly for SASL auth (which squirrelmail is trying to use.).
<jetole> TimReichhart: also say my handle before every comment, it highlights the line and makes it easier for me to follow your posts
<jmarsden> steelcityjim: OK, so go to the no-ip.org web site and manually associate your current public Ip with your domain name :)
<jmarsden> Thatr is not an issue with your server or your router!
<wizardslovak> steelcityjim: i had same problem ,  in your domain name reg you gotta change IP for your domain
<steelcityjim> it is correct on my no-ip acct
<wizardslovak> http://pastebin.com/m34fb3e8b this is my postfix conf sasl
<wizardslovak> steelcityjim: you gotta wait for dns server 20min to 6 hours if i am not mistaken
<steelcityjim> oh change don't take effect right away
<steelcityjim> that had the account flagged for termination because of inactivity
<steelcityjim> I re-activated it earlier
<jmarsden> steelcityjim: what is your domain name?
<steelcityjim> 6burgh.no-ip.org
<TimReichhart> ok jetole go to 206.51.163.236:8080
<jmarsden> steelcityjim: Then if your public IP is 98.227.145.211 you should be fine now.
<steelcityjim> thats what the ip is now
<steelcityjim> and thats what shows on my acct
<jmarsden> Then try browsing from the outside to http://6burgh.no-ip.org now
<jetole> TimReichhart: can you post the code on pastebin.com?
<TimReichhart> there jetole http://pastebin.com/m44b3280b
<steelcityjim> ok appears to be working now
<jmarsden> steelcityjim: Yes.  Looks like you are all set, I can see your site at http://6burgh.no-ip.org
<steelcityjim> maybe it just took some time at no-ip to update
<ajmitch> TimReichhart: perhaps checking to see what the error is after line 121 would help
<TimReichhart> alright I will post it again on pastebin
<steelcityjim> thanks jmarsden
<jmarsden> wizardslovak: does    postconf -a   output two lines that say cyrus and dovecot ?
<jmarsden> steelcityjim: no problem.
<ajmitch> what I mean is that the $db->prepare() is failing somehow, and it's not checking for what the error is at that point
<wizardslovak> jmarsden: no only cyrus
<TimReichhart> this is the part here it gets the error jetrole http://pastebin.com/m86cd3b
<TimReichhart> jetole*
<ajmitch> yes, I could see that, there's no error checking
<wizardslovak> jmarsden: in conf i had dovecot so i change it into cyrus , not when i try to send email ill get "
<wizardslovak> Requested action not taken: mailbox unavailable
<wizardslovak> 550 5.1.1 <test@server1.wizzy.us>: Recipient address rejected: User unknown in local recipient table
<wizardslovak> and i am sending test main to my gmail abount
<jmarsden> wizardslovak: No, don't make random changes...!  You are running dovecot, so setting it to cyrus is by definition incorrect.
<jmarsden> wizardslovak: Do postconf -n and pastebin the output please?
<TimReichhart> so any ideas there jetole
<jmarsden> TimReichhart: follow the suggestion of ajmitch -- add some error checking so you can see what the code is doing :)
<TimReichhart> how would I do that jmarsden
<wizardslovak> http://pastebin.com/m612c9b8a
<jmarsden> Either learn PHP or ask your programmer to add error checking to his code.
<TimReichhart> alright I will ask about it
<jmarsden> TimReichhart: I can't teach you PHP programming here on IRC :)
<TimReichhart> alright I will see what the guy will do
<TimReichhart> but like he told me its that patch
<wizardslovak> jmarsden: i think problem might be in smtpd_sasl_path
<jmarsden> wizardslovak: Yes... who put that there?  Try      smtpd_sasl_path = private/dovecot-auth
<jmarsden> There are a couple of other things different from the default setup, but I think those are fairly harmless...
<jetole> TimReichhart: I was busy doing something else, let me look now
<TimReichhart> k
<wizardslovak> jmarsden: ok so i changed and restarted postfix but still
<wizardslovak> cant send mail
<jmarsden> wizardslovak: Is the error in the maillog the same as before?
<wizardslovak> yes
<wizardslovak> same think
<wizardslovak> "no sasl authentication mechanism"
<jmarsden> Hmmm... OK, I'll try it here in a bit.. need to get back to my hardware stuff for a short while first...
<wizardslovak> ok
<jetole> TimReichhart: this code sucks
<jetole> TimReichhart: I see no real error checking within the code so far
<jetole> althoug I did miss one, there is one error check that I didn't see
<TimReichhart> what is that jetole
<jetole> well no, I saw a part at the top where I thought he didn't check the mysqli connect for errors but he used a different method then I use and I was only skimming at first so I missed it
<jetole> let me keep reading
<jetole> TimReichhart: I just changed the code, try running this (backup the original) and see what happens => http://pastebin.com/m77aa15d9
<jetole> TimReichhart: That might give you a new which if it does then good however I have other stuff I do have to do now and PHP is not my strong point
<wizardslovak> damn this is making me nuts
<TimReichhart> now I get this jetole Parse error: syntax error, unexpected $end in /var/www/index.php on line 139
<jmarsden> wizardslovak: Hmmm, postfix and dovecot and squirrelmail "just work" for me here on Ubuntu Jaunty 9.04...
<wizardslovak> hmmm
<wizardslovak> i wodder why myne doesnt work
<jmarsden> wizardslovak: See http://pastebin.com/m216396f1 and put that into your /etc/dovecot/dovecot-postfix.conf file (copy the one you have now to some other filename first, just in case!)
<TimReichhart> alright jetole I tried it on my other server same error
<jetole> TimReichhart: actually that last error was a mistake on my part, forgot a closing }
<jetole> TimReichhart: http://pastebin.com/m2dfb1f2e
<TimReichhart> well now I got a text saying: Prepare error  jetole
<jetole> TimReichhart: thats what I thought you would get and he never did a check of prepare so when calling execute based on the prepare statement you get your previous error so execute isn't the problem, prepare is
<TimReichhart> so what should I tell him
<TimReichhart> or how can i fix that
<TimReichhart> there jetole
<jetole> TimReichhart: try this => http://pastebin.com/m6f969623
<jmarsden> wizardslovak: Any progress when you use my dovecot-postfix.conf file from the pastebin?
<wizardslovak> jmarsden: i dont have dovecot-auth
<wizardslovak> delete all my and replace with yours
<TimReichhart> tired it jetole still same message as before
<jmarsden> Well, renane yours to dovecot-postfix.conf.wizzy and then use mine... that way you still have yours if you need it!
<jetole> TimReichhart: not sure why prepare is failing
<wizardslovak> i did backup but trying to put yours
<jetole> let me look into it
<wizardslovak> give me a minute
<jetole> TimReichhart: http://pastebin.com/m6dbac8fa
<wizardslovak> nah it wont work
<Alex_21> Hi, All,
<TimReichhart> still getting same error message jetole
<jmarsden> wizardslovak: Same error, or a different one?
<Alex_21> M main server just went down. I can't figure out why I can't SSH into it. I get "Connection to: 192.168.0.1 port 22: Connection Refused"
<wizardslovak> it didnt want to read conf file at all
<Alex_21> Please help
<jmarsden> wizardslovak:  Are permissions on it the same as the perms on the original one?
<wizardslovak> yes
<jetole> TimReichhart: don't know what to tell you then, prepare is failing and I don't know why and unlike decent programming prepare has no way to tell you what error it is so perhaps uninstall the suhosin patch
<Alex_21> I lost my DHCP, Media server, AFP Server, ... ETC.
<jmarsden> wizardslovak: but you got an error that it can't read the config file?
<TimReichhart> how do i unstall that jetole?
<jetole> TimReichhart: http://www.ambitonline.com/nextrelease/archives/113-How-to-Ubuntu-PHP-Remove-Suhosin.html
<wizardslovak> give me sec
<jetole> again, thats all the help I can give, I do have other stuff to do so I hope that helps
<Alex_21> Does anyone have an idea?
<Alex_21> Please
<jmarsden> Alex_21: Can you log into your server at its console (from its own keyboard and screen)?
<Alex_21> Nope
<jetole> Alex_21: SSH isn't running
<Alex_21> That is the problem
<jetole> Alex_21: Connection refused means the server is up and the port is closed
<Alex_21> Neither is HTTP it seems
<jetole> so log on to the console and see why
<jetole> maybe it's fdsk
<jmarsden> What do you see on its screen... not over the network, but on a screen connected to the server itself...
<jetole> *fsck
<Alex_21> FSCK?
<Alex_21> There is no monitor connected to it physicaly
<jetole> Alex_21: it's a disk checking program that runs every so often on boot and delays the start time while it scans your disks
<jmarsden> Alex_21: Then add one :)
<jetole> Alex_21: Then add one :)
<jetole> sorry, had to be said twice :P
<Alex_21> I'm blind :(
<jetole> Alex_21: is that a joke?
<Alex_21> I don't see what difference it is if I have a screen plugged in
<jmarsden> Can you attach a screen reader widget to it?  or to its serial port and redirect the console to the serial port?
<twb> Alex_21: fsck will probably run before brltty is fully initialized
<jetole> Alex_21: the difference is you cannot connect to it remotely
<Alex_21> I can't run a screen reader because serial widgets were out of date in the early nineties
<jetole> and if you really are blind then you have my sympathy since I am deaf but without being able to see the console and without being able to connect then you may be blind in more ways then one
<jmarsden> Alex_21: You can't get at it over the network, and we don't know why and can't tell you why.  And yes, it's been a while since I helped out a blind friend with his setup...
<twb> Alex_21: are you using a braille display, a screen reader, or what?
<Alex_21> Yeah. I have a screen reader on this machine but not on my servers
<jetole> Alex_21: can you move it to the server?
<Alex_21> I use SSH for all of them
<Alex_21> No, it is a software program not hardware
<jetole> Alex_21: well you can't ssh so unless you find a way to "see" the screen then there really is no solution
<Alex_21> I'm back in
<Alex_21> I guess it was FSCK
 * jetole thinks fsck then
<twb> Alex_21: OK.  Things you can do are: 1) wait, and hope that fsck finishes and booting continues normally; 2) find a sighted person to connect an LCD to the server and see what's happening; and finally 3) get a braille reader, and set up brltty on all your servers so you can read what's happening next time, by connecting it.
<twb> Note that braille readers usually support USB as well as the serial port.
<Alex_21> I know that but I didn't know about BRLTTY
<Alex_21> Thanks
<jetole> I hope I never lose my sight, no offense but I am already deaf so if I went blind I would be fscked
<twb> If you're permanently blind, setting up all your machines for braille (and buying a braille display) is definitely worth it.
<twb> Assuming you can read braille, of course...
<Alex_21> $800 for one display just so you know
<twb> Yeah, I know
<jetole> Alex_21: how do you know whats on the screen without some sort of device?
<Alex_21> So luckily I have one but options are limited. I'll for sure look into it
<twb> There's some cool recent research that will eventually make them cheaper, by using a rotating drum
<twb> jetole: he uses ssh and a screen reader on the ssh client end, e.g. JAWS
<jetole> what is a screen reader?
<Alex_21> Not JAWS. Ick, ... No. Voiceover
<twb> jetole: it's a program that turns text on your screen into speech.
<jetole> ah
<Alex_21> Voiceover is a software application that runs on My Mac and allows me to read what is on-screen
<twb> GNOME has one, too, but I forget its name.
<twb> JAWS is the ridiculously expensive one that all the Windows people use
<Alex_21> Orca. It is ok for most things except administration under Ubuntu
<twb> Alex_21: yeah
<Alex_21> TWB: JAWS and Window-Eyes are the expensive ones. Voiceover is free, built into OSX and actually works the way that sighted see the screen.
<twb> Alex_21: granted.
<Alex_21> Voiceover allows me and my sighted coligues work in the same way
<Alex_21> I Wish ORCA worked that way or some Linux one worked like Voiceover
<twb> Alex_21: patches welcome!
<Alex_21> I'm forced to use Orca in my Lab
<Alex_21> TWB: Lol. I am developing my own for ICEWM because ICEWM is light weight
<Alex_21> But if there is a patch I can make be sure I will be the first to submit one
<Alex_21> TWB: ARe you blind yourself?
<benkant_> when i use touch to create a new file it's always, i want it to be group writable... what that umask thing again?
<benkant> sorry that made no sense
<twb> Alex_21: no, but I am an ornery bastard and I usually use visual impairment as an excuse to yell at stupid web devs
<twb> "Your site doesn't work in w3m!  If I was visually impaired, I wouldn't be able to use it!"
<Alex_21> I do that all the time
<Alex_21> Web Devs can be stupid
<Alex_21> Flash is inaccessible in all but JAWS and Window-eyes
<twb> I tried to learn emacspeak, but its code is horrible and I couldn't make it use festival/mbrola instead of flite.
<jmarsden> benkant: Maybe you want to do    umask 2
<Alex_21> Because Adobe is rediculous
<twb> And I haven't gotten around to buying a hardware synth and braille reader (because they're expensive).
<Alex_21> Get a software Synth
<twb> Alex_21: I'm using software synths.
<Alex_21> Cepstral or something make a High-Quality one for Linux for $30
<twb> Alex_21: but I won't use a proprietary synth.
<Alex_21> I worked on eSpeak and actually still head one of the projects at eSpeak
<Alex_21> I can't say it is the best voice, but it is what we use for Kurdish in our Planned Labs
<Alex_21> It is better than Microsoft Sam though :)
<twb> I wouldn't know, I don't use Microsoft stuff.
<Alex_21> Ubuntu/Edubuntu is what we use in our Planned Labs
<Alex_21> I remember the days of Microsoft Sam *Alex Shudders*
<jmarsden> wizardslovak: What exact error are you seeing when you try to use my dovecot-postfix.conf file?
<Alex_21> Mac OSX is by far the best for accessibility
<Alex_21> TWM: Good on you for hounding Web Devs
<Alex_21> TWM: You should join my team of people who do the same thing and make the changes on many sites
<Alex_21> Or at least try to
<Alex_21> Lol :)
<jetole> Alex_21: what do you do for a living?
<benkant> how do i make any new file i touch be owned by a group other than my own user's ?
<jetole> benkant: change the group after you touch it
<jetole> chgrp command
<benkant> is that the only way?
<Alex_21> I work with an advocacy organization I cofounded and I also am a student
<jetole> benkant: why do you need another way?
<Alex_21> Lol: And I am involved with a lot of Open-Source
<jetole> Alex_21: Ah. I was hoping you were gonna say programmer and I was gonna say why don't you write a program like voiceover but guess not
<benkant> jetole: just that everytime i create a new file i need other users in my group to be able to write to it... and i create a lot of files, and don't want to have to chgrp every time
<Alex_21> Write a script maybe?
<jetole> it's created with your primary group so change your primary group or create a cronjob to keep them all up to date
<benkant> yeah primary group is what i was thinking
<Alex_21> Well, I am, but it is going to be written for the Android PHones
<jetole> Alex_21: well you were just saying you wish there was something like that for windows and linux and I was thinking if all the blind people wanted it then it would be a good way to make money or you could just do it open source if you prefered but if you don't program then not much you can do about it
<jetole> Alex_21: cool
<jetole> Only thing I can think of to make being deaf better is under testing in two universities right now and 2 - 4 years from hitting the market so unless I get an MD and a doctorate in ICs then I can't think of anything else
 * jetole shrugs
<Alex_21> Well, I plan to move into the desktop soon
<jetole> Alex_21: how did you lose your sight anyways
<Alex_21> Desktop market
<Alex_21> Genetic condition
<jetole> Ah
<Alex_21> I have less than 5% and it is progressive though it has been stabel for some years now
<jetole> I got t-boned by a drunk driver and wound up in a 3 week coma and lost my hearing
<Alex_21> Oh, ... No!
<Alex_21> That sucks
<jetole> I lost all hearing but got a cochlear implant which allows me to hear when I wear the hearing aid looking peice but it's muffled at best
<jetole> usually I understand 1/10 sentances the first time I hear it and 3/10 I just can't understand no matter how many times it's said or how slow
<jetole> well I am at the office so stepping outside for a smoke, bbiab
<Alex_21> Ok
<Alex_21> Bye
<jetole> actually, closing IRC
<jetole> need to focus on work
<jetole> ttyl
<Alex_21> Lol
<Alex_21> Good idea
<Alex_21> Thanks for your help
<Alex_21> Good night
<twb> Fuuuuuck
<twb> http://www.humanware.com/en-australia/products/blindness/braille_displays/_details/id_71/brailleconnect__12.html
<twb> The smallest resolution braille display; they want nearly four grand for.
<uvirtbot> New bug: #370464 in samba (main) "package samba 2:3.3.2-1ubuntu3 failed to install/upgrade: subprocess post-installation script returned error exit status 139" [Undecided,Invalid] https://launchpad.net/bugs/370464
<jetole> does anyone know why I would suddenly start getting an error of "no route to host" for all hosts on my network however the gateway seems to be working fine on this same subnet and I can connect to the rest of the net fine
<jetole> this host is also a ids/firewall that uses eth0/eth1 as a bridge and continues to work for accessing all hosts on that network from computers outside of the net and has been setup like this for about 18 moths now
<jetole> Ah screw it. I'm driving to the data center to route a wire around the machine and then rebooting it and hoping that helps
<jetole> that helped :D
<isaac> jetole: :D
<jetole> isaac: :D
<jetole> on another note I switched from mutt back to thunderbird after using mutt for 6 months and I am still used to :x at the end of each e-mail message
<twb> What does :x do?
<jetole> ever used vim?
<twb> No, only ed and vi.
<henkjan> jetole: why did you downgrade to thunderbird?
<jetole> vi = vim... sorta
<twb> vim is for little girls
<jetole> henkjan: html, mark folders as read, etc
<twb> ed is a MAN'S editor
<jetole> I did an html wrapper for mutt but for some messages it just wasn't the same
<twb> jetole: you need to fix your customers so they don't send you HTML email
<jetole> twb: guess you don't use ubuntu then since you can't install vi, only a symlink to vim :P
<henkjan> indeed, no trouble with htmlmail overhere :)
<twb> jetole: you can install nvi and busybox vi.
<jetole> anyways, :x on vi(m) is close message and save if you made changes
<jetole> twb: didn't know that
<twb> jetole: vi is only a symlink to vim on YOUR system because you have vim installed.
<jetole> :x on vi is the same as :w :q
<jetole> twb: vim comes installed
<twb> jetole: depending on how you install Ubuntu, sure.
<jetole> how do you install ubuntu?
<twb> via netinst.
 * jetole shrugs
<jetole> is that part of an IPX setup?
<jetole> er, not ipx
<jetole> or is it, the protocol that allows you to netboot from POST?
<jetole> post POST
<twb> You can netboot from the PXE ROM stored on your NIC, if your NIC has one.
<jetole> PXE, thats the protocol I was thinking of
<jetole> so do you use netinst as part of some PXE install system you have setup
<jetole> ?
<twb> netinst is just a kernel and ramdisk that you load via a PXE bootloader.
<jetole> ok
<twb> That ramdisk contains d-i and network drivers.  The rest of the installer is anna-installed.
<jetole> ok
<twb> It's basically the same code as on mini.iso
<jetole> mini.iso?
<jetole> haven't heard of it
<jetole> just found the page for it
<twb> e.g. http://mirror.internode.on.net/pub/ubuntu/ubuntu/dists/karmic/main/installer-amd64/current/images/netboot/
<jetole> I was looking at https://help.ubuntu.com/community/Installation/MinimalCD
<frojnd> Hello there
<frojnd> Yesterday I couldn't see mydomain.net/phpmyadmin, I did restart /etc/init.d/apache2 restart just to see what's going on, maybe apache2 doesn't allow something: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName httpd (pid 11643?) not running
<frojnd>    ...done.
<frojnd> Is this cosing the phpmyadmin not to show when I go to mydomain.net/phpmyadmin?
<Kamping_Kaiser> lamont, are you the bind9 maintainer?
<jpds> 9
<jpds> Whoops, sorry about that.
<Kamping_Kaiser> :)
<sluimers> Hi, I've got problems connecting to my mail accounts using squirrelmail and receiving e-mails.
<sluimers> http://paste.ubuntu.com/174853/
<macno> sluimers: which imap server do you use?
<sluimers> courier
<macno> sluimers: do you have also pop enable?
<sluimers> SquirrelMail version 1.4.15, postfix 2.5.5, courier 0.60, ermm... I wouldn't know, I'm a newbie at this. How can I see if it is enabled?
<sluimers> enabled where?
<sluimers> I installed courier-pop
<macno> slide: telnet localhost 110
<macno> slide: sorry sluimers:  telnet localhost 110
<sluimers> Hello there
<sluimers> :)
<sluimers> that works :)
<sluimers> +OK Hello there.
<macno> sluimers: ok, now try to login via pop to see the mailbox
<sluimers> how would I login via pop?
<macno> sluimers: http://paste.ubuntu.com/174860/
<sluimers> logins fail
<sluimers> -ERR Login failed.
<lamont> Kamping_Kaiser: yes
<Kamping_Kaiser> lamont, wow... i didnt realise :/
<uvirtbot> New bug: #377913 in bacula (universe) "package bacula-director-mysql 2.4.4-1ubuntu5 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/377913
<tadeu_> guys, i just installed a LTS but the server has no window manager, but i want gnome in clients. What i have to do? chroot to /opt/ltsp/ and install gnome ?
<_dthacker_> tadeu_: yes you will need to pull in gnome.  No x-windows managers by default.
<tadeu_> _dthacker_, well, any idea how to install a "minimal" gnome environment ?
<tadeu_> "apt-get install x-window-system-core xserver-xorg gnome-desktop-environment" will download 238MB =s
<_dthacker_> no, sorry.  don't run x-windows on servers in my environment.
<yann2> _dthacker_ > installing it doesnt mean it is actually running.
<_dthacker_> agreed.  I do not install x windows on servers in my environment.
<j0nr> hi all. I recently acquired a VPS running Ubuntu 8.04. When I ssh into the server, the very first thing I noticed is that I cannot use the tab key very well to auto-complete things...for example, 'apt-g'+tab will complete 'apt-get', then followed by 'in'+tab would usually fill in the command 'install' but it isn't and if i just type it in , whats worse is not being able to then use tab completion to find packages...
<dguitar> j0nr, apt-cache search
<dguitar> you sure it's not a Debian VPS?
<j0nr> dguitar: shouldn't be, I have just rebuilt it again definately selecting ubuntu
<j0nr> #:q
<sluimers> Hi, I've got problems trying to setup a mail server. I'm trying to look at my mail accounts using squirrelmail, but instead I get an error -> http://paste.ubuntu.com/174853/. My e-mails seem to end up in /var/mail/vmail. I don't know if that's good thing. I use SquirrelMail 1.4.15, postfix 2.5.5, courier 0.60, mysql, phpmyadmin and ispconfig 3.
<stickystyle> I can't recall if 8.04 did the package completion.  But if its a VPS the person may have installed JeOS and you may not have the bash-completion package
<dguitar> VPS owners tend to do funky things also...
<dguitar> Apt-cache is the best way around this.
<Daviey> It's often for VPS's not to be the "real deal".. if you check out #centos, they won't support people on VPS's for this reason.
<Daviey> Except they are just unhelpful :(
<dguitar> lol
<j0nr> is it because i am root
<dguitar> j0nr, I believe you are correct.
<dguitar> su - gives me no tab completion in apt-get
<j0nr> aha i have it sorted
<j0nr> via: http://forums.debian.net/viewtopic.php?t=26648
<j0nr> thats better :)
<a_ok> what is the difference between -386 and -generic kernel? (besides that -generic boots and -386 does not)
<ball> hello a_ok
<a_ok> hi
<joe-mac> is there anyone at all who can possibly help me to get preseeding partman-auto-raid to work in 8.04 LTS? i'm not a noob, but I can't for the life of me get this to work. it's been months of trying and putting it away and going back and now i really kinda need it.
<joe-mac> anybody? http://www.pastie.org/481529 thjere is my preseed. funny thing is debconf-set-selections -c on it fails at line 66 and 67 (the partman-auto-raid recipe), however if i put it all on one line it parses. then when i get to thei nstall debian-installer complains my preseed is corrupt
<fevel> hello
<fevel> my syslogd restarted at 7:21 brazillian time... how can I check logs before syslogd restarted?
<fevel> found it
<fevel> ssyslog.o
<ScottK> o/0
<godsyn> please assist. My google-fu is weak. Looking on how to format a new disk. (ext3, mount, etc)
<ball> mkfs?
<joe-mac> godsyn: http://www.skullbox.net/newsda.php
<joe-mac> "adding a new hard disk to linux" has 9 million results
<joe-mac> i find it hard to belive you googled at all
<godsyn> ok.. how can I tell what drive is what? I'd hate to format /dev/hdc and later realize it is my root partition.
<joe-mac> godsyn: ah, now that's a better question, type fdisk -ls to list all your drives
<joe-mac> you should be able to deduce which is the drive you want to format, if not, take a look at the output of 'mount' which will tell you waht current drives you have mounted. from there, you can rule out that drive as a contender for getting formatted
<godsyn> exactly what I needed. Thank you joe-mac.
<joe-mac> np
<godsyn> yay, question after question.. I'll try googleing 1st.. (partition)
<godsyn> one more question.. your opinion on ext4. Is it too new? or stable enough for a home server..
<ball> I'm running it.
<ball> It's not given me any grief, but ymmv
<joe-mac> i will probably migrate to it in a few motnhs, since performance on my crappy consumer pc at home is god awful and i'm hoping i can get some better io with ext4
<godsyn> reformatting to ext4, then :)
<godsyn> well... after the 1tb format of ext3 finishes.. Thanks again for the hand holding.
<joe-mac> np, i would be careful to backup my data though sicne ext4 is pretty new
<godsyn> noted. ciao.
<ball> joe-mac: you might boost your performance by adding a second hard disk.
<ball> ...or just buying a single faster one.
<joe-mac> ball: my speeds are even low going to an external raid5 volume through sata. the machine just sucks.
<joe-mac> i'm ditching it for an ultra 45 once i am caught up on some bills
<ball> joe-mac: RAID5 may be slower than RAID1
<joe-mac> uhhhh
<ball> joe-mac: how is it connected?
<joe-mac> sata. and how would raid5 ever be slower than raid1
<joe-mac> ?
<ball> joe-mac: Perhaps I should have said RAID 1+0
<joe-mac> well, barring hardware differences i meant. yea.
<oruwork> can someone recommend a web based project management software ?
<joe-mac> oruwork: a lot of people use trac.
<joe-mac> idk if i'd 'recommend' it though lol
<oruwork> heh
<oruwork> i need a task management tool for our small organization
<oruwork> to assign to tech and sales guys.
<joe-mac> tghere's also jira, the devs here use that
<yann2> you still can use launchpad, there is also redmine
<rkitect> i have a quick Ubuntu Server 9.04 install question if someone has a sec
<rkitect> when the install hits CD Drive detection phase, it can not detect the cd drive, yet it's loading the setup from the cd drive.  Any ideas as to what the mishap is here?
<W8TAH> hi folks -- on last friday i had a hard drive that is part of a lvm fail.  One of the members of the room helped me make a copy of the data from the lvm group using dd  the command was  (i think) dd if=/dev/sda conv=noerror,sync |gzip -9 >/media/photos/sda.dd  i did that, then repaired the server (new drive) rebuilt it -- installed a raid this time, and configured...
<W8TAH> now im moving the data back, i tried just unzipping the file, but it doesent seem to be working as i expected
<oruwork> can someone recommend a web based project management software ?
<W8TAH> so what should i be doing
<oruwork> for a small organization to assign tasks and their priority and dead lines to our tech and sales guys
<phaidros> oruwork: 3 things. 1. trac is python, good community, lots of plugins http://trac-edgewall.org
<phaidros> oruwork: 2. redmine, is rails, multiproject, looks pretty complete though, but .. rails .. http://redmine.org
<phaidros> oruwork: 3. drproject is a 'fork' of trac+tracforge, just got moved to django, might be worth a look http://drproject.org
<phaidros> all those have tickets, sourcecode viewer for different repository types, gantt charts, timelines, roadmaps, milestones ..
<phaidros> .. if that was what you were looking for ..
<oruwork> phaidros-> i apreciate your advice
<phaidros> oruwork: I was just researching alot about all three, which to choose :)
<rkitect> any advice on cdrom not being detected during ubuntu server isntall?
<rkitect> from a cd
<oruwork> is track a wiki like software ?
<phaidros> oruwork: trac has also a wiki part. but it is *lot* more
<oruwork> i need to set up a easy to use task management tool to use within my 9 people organization, easy to use meaning none-tech guys should be able to use it with ease
<phaidros> tasks can be anything, tickets for example. tickets are usually parts of milestones & components, so you can see how many open and such ..
<phaidros> so, trac would be a do-it-yourself thing, brilliant lot of plugins, just take what you need. the basic trac is very useful for start, though
<phaidros> there are webbased groupwares out there, never used one which I liked.
<phaidros> there might be some thing out there, what one can call project management software. but that's a broad term, and I for myself like the trac thing (or alike).
<criminy|w> I'm reading the LDAP section on the ubuntu 8.04 server guide. It talks about Push and Pull LDAP configurations. Can this be done over SSH without a manually run SSH tunnel?
<criminy|w> I've got machines inside of networks I don't run myself, so I can't get 389 (or more likley the SSL ldap port 636) open. It was hard enough just getting the ports we have now.
<W8TAH> hi folks -- on last friday i had a hard drive that is part of a lvm fail.  One of the members of the room helped me make a copy of the data from the lvm group using dd  the command was  (i think) dd if=/dev/sda conv=noerror,sync |gzip -9 >/media/photos/sda.dd  i did that, then repaired the server (new drive) rebuilt it -- installed a raid this time, and configured...
<W8TAH> now im moving the data back, i tried just unzipping the file, but it doesent seem to be working as i expected
<W8TAH> so what should i be doing
<oruwork> phaidros-> trac looks a little too much and too complicated of what i'm looking for
<rkitect> where can i find error code listings for ubuntu server?
<rkitect> also, any advice on cdrom not being detected during ubuntu server isntall?
<phaidros> W8TAH: you should unzip the data and pipe that into dd, which is writing it onto a partition or lvm ..
<W8TAH> OHHHH -- ok - -im currently unzipping -- so its gonna be in a dd file of some sort?
<W8TAH> so id use dd of=/sda.dd
<W8TAH> of some sort?
<oruwork> phaidros-> looking for something like this http://www.workzone.com/images/PT-advanced-1005.gif
<rkitect> any advice on cdrom not being detected during ubuntu server isntall?
<yeason> question... what do you guys use/recommend for an irc server. I tried ircd-hybrid which worked, but I'm wondering if there's anything better?
<W8TAH> yeason: im using charybis and atheme -- works great -- good support -
<yeason> W8TAH: cool, I'll look into those, thanks
<PhotoJim> yeason: I use ircd-ircu because that's what the other servers on my network use, but it has some issues right now on Debian and Ubuntu.
<PhotoJim> I filed a bug report, which is being ignored :)
<yeason> W8TAH, is charybdis in the repos...? I'm not finding it
<phaidros> yeason: I always liked ngircd
<yeason> I'm basically looking for something fairly simple and easy to setup, this irc server will probably not be under much load, and thanks to those of you who have already given some ideas
<cemc> yeason: I'm using unrealircd
<W8TAH> yeason: no - -you have to set it up from source (its easy)
<rkitect> any advice on cdrom not being detected during ubuntu server isntall?
<W8TAH> check and make sure its plugged in, connected etc
<W8TAH> try a diff cdrom drive in case the one you have is bad
<PhotoJim> drive not detected, or media not detected?
<rkitect> drive no detected, but it's loading the setup from the drive it's not able to detect
<W8TAH> ive got the contents of a drive that i backed up using dd  and gzip -- need some help with the command syntax to get it back
<rkitect> bios is detecting the drive fine, just the ubuntu instal that can't detect it or load correct modules for it
<yeason> W8TAH: I kind of thought that... after some googling, but the home page is not loading
<stefg> What do you guys think about running a firewall distro inside a VirtualBox machine on a fileserver? I'd like to get rid of the old boxes running endian and consider setting up ebox and put the firewall/gateway/proxy into a virtual machine instead of a separate box. Insecure? Broken thinking? Or green IT (by having 2 boxes less to run) ?
<W8TAH> http://www.stack.nl/~jilles/irc
<W8TAH> check that out
<W8TAH> i copied a drive with dd piping it to gzip -- im having problems reversing the process -- can someone please help
<jmedina> stefg: I run firewall/router inside virtualmachine usin Xen
<jmedina> I think it is the same in vbox
<stefg> jmedina: i was looking at that, too. But xen ruled itself out by the 'old-kernel-issue' and (more important) by having a co-admin which is quite clueless on the cli ... a Gui would come in handy
<yeason> W8TAH: that is the page that wont load for me... I'm not sure why
<W8TAH> try #charybdis on irc.staticbox.org
<yeason> thanks, I'm trying out a few of the other suggestions, if they don't pan out I'll give that a look
<W8TAH> i copied a drive with dd piping it to gzip -- im having problems reversing the process -- can someone please help
<ivoks> zcat file | dd
<W8TAH> thanks
<W8TAH> ivoks: that sent it to the console window -- i need to write the files to my hdd
<W8TAH> i tried zcat file |dd of=/dev/md1 and it says permission denied
<ivoks> zcat cat gziped file
<ivoks> are you root?
<W8TAH> yes
<W8TAH> i tried zcat file |dd /data and it complained that that was a directory
<ivoks> zcat file | dd of=device should work
<W8TAH> hummmmmm
<W8TAH> thats what i would have thought too --
<W8TAH> is it possibly a problem that the gzipped file is on that partition already?
<ivoks> lol
<ivoks> yes
<W8TAH> oh -- ok -- i'll put it back on a portable then
<ivoks> you can dd only too unmounted device
<ivoks> to
<W8TAH> ohhhhh - so i'll need to boot to a live cd to take care of this then?
<W8TAH> since the os is also on that raid
<ivoks> well, think for a minute
<ivoks> dd is a raw copy of device
<W8TAH> ohh -- ok - -i didnt know that
<ivoks> it will replace everything on your disk
<ivoks> even the partition sizes
<ivoks> and types
<W8TAH> ugh
<W8TAH> not at all what i wanted to have happen
<ivoks> eh
<ivoks> you can do something else
<ivoks> you could gunzip the file
 * W8TAH is all ears
<W8TAH> ok
<ivoks> and mount it
<W8TAH> mount the file?
<ivoks> and then copy files to partition
<ivoks> yes
<ivoks> mount -o loop file /mnt/dir
<W8TAH> cool
<W8TAH> and can it be on the raid or should it be on a portable drive to do that?
<ivoks> it can be on raid
<ivoks> did you dd partition or the disk?
<W8TAH> at the time it was a disk (part of a lvm that corrupted itself)
<W8TAH> ive replaced the bad disk
<W8TAH> and built it in a raid 1 this time
<W8TAH> and im trying to restore the data
<W8TAH> (i had a backup system failure at the same time)
<ivoks> so you dd if=/dev/sda
<ivoks> not if=/dev/sdaX
<ivoks> dd isn't for backup
<ivoks> dd is raw copy
<ivoks> that's not backup
<W8TAH> dd if=/dev/sda conv=noerror,sync |gzip -9 >/media/photos/sda.dd
<ivoks> why not tar contents of the disk? cccc
<W8TAH> ya -- i know its not - -my backup (tape drive) failed at the same time -- thats why im not just restoringing from tape
<ivoks> dd is for bare metal recovery
<W8TAH> someone here pointed me in that direction
<W8TAH> the drive was failing badly with read errors all over the place
<ivoks> ok
<ivoks> did you gunzip it?
<W8TAH> just getting ready to start now -- its 40 gb
<ivoks> you'll have to find partitions in the image first
<ivoks> fdisk -u -l dd_image
<W8TAH> before i mount it?
<ivoks> you can't mount disk, only partitions
<W8TAH> ok
<ivoks> when you get to that part, ping me
<W8TAH> ok
<W8TAH> its a machine full of our students home directories -- i just sent out a message to see if any teachers have students with anything critical on that drive -- ive spent 2 full days and parts of 2 more working on this -- and im beginning to wonder about the expendature of time
<ivoks> don't worry
<W8TAH> ok
<ivoks> if data is safe in that image, you'll recover it
<W8TAH> ok - -cool
<joe-mac> anybody around who has actually got partman-auto-raid going with 8.04? i have a preseed that looks like it should work, but it doesn't
<ivoks> W8TAH: how's it going?
<W8TAH> bout half done unpacking
<yeason> does ngircd have a nickserv or is that what atheme-services is for?
<W8TAH> that would be what services are for
<yeason> hmm... fun times... *looks for man page...*
<yeason> thanks again
<yeason> funny how a simple idea of starting your own server turns into a full time project
<W8TAH> ya -- it took quite a bit of work, but mine is up --
<ivoks> brb
<W8TAH> ivoks: ive gotta go do bus dismissal duty back in 15 mins or so
<ivoks> well, it's 9:20pm here
<ivoks> so, don't expect me to be here for long :)
<nat2610> if in a firewall rule I don't specify a a port, will it grant that rule to all the ports (iptables)
<RoAkSoAx> ivoks, heya master how's it going...?
<ivoks> RoAkSoAx: good, how about you?
<ivoks> RoAkSoAx: did you solve ftbs?
<RoAkSoAx> ivoks, busy as hell... when do you a little time to work on FTBS?
<ivoks> not today :/
<RoAkSoAx> ivoks, nah I've been busy with work, some paperwork, and other personal stuff
<ivoks> sorry, i have lots of work to do
<RoAkSoAx> ivoks, yeah, me too, that's why i was asking when do you have a little time?
<ivoks> tomorrow?
<ivoks> at this time
<RoAkSoAx> ivoks, ok, awesome
<ivoks> or later
<RoAkSoAx> ivoks, ok i'll be around :)
<wizardslovak> jmarsden: well i didnt install clean 9.04 i upgraded to it , so it might not work lol
<W8TAH> ivoks: still around?
<ivoks> W8TAH: yes
<W8TAH> cool - ok its done extracting - -im getting ready to mount it
<W8TAH> i did the fdisk thing and i see the partitions
<ivoks> nice, paste the output on paste.ubuntu.com
<W8TAH> ok -- hang on -- im working between 3 computers here --
<W8TAH> http://paste.ubuntu.com/175157
<W8TAH> there ya go
<ivoks> urgh..
<W8TAH> uh oh
<ivoks> hard to read
<W8TAH> oh -- want me to try another pastebin?
<ivoks> so, which partition do you want to mount?
<W8TAH> sda.dd3
<W8TAH> the lvm partition
<ivoks> ok
<ivoks> do this:
<ivoks> mount -o loop,offset=21494970 -t auto image_filename /mnt/dir
<W8TAH> ok
<ajmitch> if it's really LVM, wouldn't it make sense to activate the volume in it?
<W8TAH> says i need to specify the filesystem time
<W8TAH> errr type
<ivoks> ajmitch: :)
<ivoks> right
<ivoks> but... how?
<ivoks> hm hm
<ajmitch> create a loop device from it, pvscan, vgscan, etc?
<ajmitch> it's been too long since I did it though :)
<ivoks> loop device from part of the image
<ajmitch> creating a loop device would be done with losetup --offset (I think)
<ajmitch> or... I could be completely wrong
<ivoks> there's kpartx
<ajmitch> I only did this a couple of years ago with an image from a dying drive
 * ajmitch is also horribly lagged on IRC trying to dput a package
<ivoks> W8TAH: apt-get install kpartx
<W8TAH> ok
<W8TAH> done
<ivoks> losetup -f dd_image
<W8TAH> done
<ivoks> losetup -a
<ivoks> /dev/loopX - X is ...?
<W8TAH> //dev/loop0
<W8TAH> one slash -- sorry
<ivoks> kpartx -a -v /dev/loop0
<W8TAH> tholmes@srvfs-02:/data$ sudo kpartx -a -v /dev/loop0
<W8TAH> /proc/misc: No entry for device-mapper found
<W8TAH> Is device-mapper driver missing from kernel?
<W8TAH> Failure to communicate with kernel device-mapper driver.
<W8TAH> /proc/misc: No entry for device-mapper found
<W8TAH> Is device-mapper driver missing from kernel?
<W8TAH> Failure to communicate with kernel device-mapper driver.
<ivoks> don't paste here
<W8TAH> Incompatible libdevmapper 1.02.20 (2007-06-15)(compat) and kernel driver
<W8TAH> device mapper prerequisites not met
<W8TAH> 
<W8TAH> sorry
<ivoks> you should load device-mapper module
<W8TAH> modprobe?
<ivoks> dm-mod
<ivoks> modprobe dm-mode
<ivoks> modprobe dm-mod
<W8TAH> ok - got some adds
<ivoks> kpartx finished?
<W8TAH> yup
<ivoks> go to /dev/mapper
<ivoks> ther should be loop0p1 p2 and p3
<W8TAH> control loop0p1 and loop0p2
<ivoks> right, two
<ivoks> hm...
<W8TAH> device-mapper: reload ioctl failed: Invalid argument
<W8TAH> showed up during the kpartx run
<ivoks> vgchange -a -y
<W8TAH> not installed -- do i want to install lvm2?
<W8TAH> (im guessing yes)
<ivoks> yes
<yeason> I'm playing with ngircd, does somebody know of an irc services package that works with it...?
<W8TAH> the vgchange command choked -- invalid arguement -y
<W8TAH> error during parsing end of command line
<ivoks> -ay
<W8TAH> no volume groups found
<ivoks> or...
<ivoks> vgchange a y
<ivoks> -ay
<ivoks> bah...
<ivoks> :)
<ivoks> run kpartx again
<W8TAH> same command?
<ivoks> yes
<W8TAH> done -- still got the reload ioctl failed result
<ivoks> could you paste the output of kpartx on paste.ubuntu.com?
<W8TAH> http://paste.ubuntu.com/175167/
<W8TAH> there ya go
<ivoks> then, there are three, not two
<W8TAH> ya --but only 2 show up in /dev/mapper
<ivoks> ok
<W8TAH> the unzip option gave an unexpected end of file -- might that be the issue?
<ivoks> hopefully not
<ivoks> vgchange -a y
<W8TAH> no volume group found
<ivoks> bah...
<W8TAH> ive another file but its 120gb so i was messing with this one first -- as its smaller
<W8TAH> far as i know that one is ok
<ivoks> 120gb of gziped data?
<W8TAH> yes
<ivoks> is your new disk bigger than the old one?
<W8TAH> no
<ivoks> uh
<W8TAH> in the old system, there were 2 250 gb hdd in a lvm configuration -- in the new system, there are 2 250gb disks in a raid 1
<ivoks> since dd is a disk image, extractd it's size is size of the disk
<W8TAH> oh gag
<ivoks> how come you managed to reduce it to 40GB?
<W8TAH> thats the other disk -- we are working on the image of sda the large one is sdb
<ivoks> ok
<W8TAH> im guessing wondering / guessing that either it was so corrupted that it didnt get it all -- or possibly the portable i was extracting to filled up
<ivoks> find /dev -name loop0p3
<W8TAH> ok
<W8TAH> nothing
<ivoks> so, it knows about partitions, but can't access them
<ivoks> hm
<W8TAH> im starting to get the feeling that that image is hozed
<ivoks> could be
<W8TAH> dd could be used as a linux equivalent of ghost couldnt it
<ivoks> that's the disk with bad sectors?
<W8TAH> b had the bad sectors yes
<ivoks> dd is exactly that
<W8TAH> ok
<ivoks> i'm out of ideas
<ivoks> anyone?
<Mick27> hi eveeryone
<W8TAH> i didnt realize that dd was making a copy of the entire disk -- id have handled things differenty :(
<Mick27> anyone playing with vmbuilder those days ?
<ivoks> W8TAH: eh...
<W8TAH> well.... from what the faculty has told me -- only one student has a critical project on it -- i talked to that teacher and she can grade it another way if necessary
<W8TAH> im beginning to think that just scrapping and picking up with life might be the best way to go
<ivoks> :)
<W8TAH> and making darn sure the backup system is working right :D
<W8TAH> (which it is now)
<ivoks> sorry, but kernel can't read that partition
<W8TAH> ya - i understnad
<W8TAH> its ok -- i appreciate all the help
<W8TAH> ive learned a lot
<ivoks> too bad you can't use new knowledge for this problem :/
<W8TAH> ya -- however i am using some to prevent it from happening again -- my new servers will be getting raids across the board - -then i'll be going back and where possible installing raids on existing ones
<ivoks> note: raid is not backup
<W8TAH> i know this
<W8TAH> but in this case -- it would have saved my butt
<ivoks> raid saves the day for most hardware disk failures
<W8TAH> yup -
<W8TAH> a combination of that and a valid backup would have made a huge difference
<GullyFoyle> good cheap domain registrar? my domain name is available again
<W8TAH> godaddy.com
<ivoks> 'night all
<W8TAH> night -- thanks again
<W8TAH> ok -- for all you admins out there -- im this week receiving a server with 5 150gb disks -- initially i was going to combine them under LVM and make one monster (3/4tb) file server -- the events of the last week have changed my mind -- how would you configure the system? im thinking a raid 5 (3 disks (critical data)) and a raid 1 (2 disks (os and not as critical data))
<W8TAH> comments or suggestions?
<nks-> is there any good documentation for the dovecot-postfix meta package?
<Mick27> anyone has managed to use vmbuilder with lvm without having to convert the image ?
<nks-> is there any good documentation for the dovecot-postfix meta package? does the username&passwords match dose of the real users?
<TimReichhart> hey jetole I finally got my problem fix
<TimReichhart> but now I cant login to my roundcube
<wizardslovak> sooo
<wizardslovak> anyone is here?
<ajmitch> yes, but some of us are working
<wizardslovak> ok
<phaidros> +1
<ericjoseph> is it possible to install ubuntu server from a live cd using ssh?
<MianoSM> No.
<MianoSM> You would need sshd installed and running in order to even get a session, right?
<ericjoseph> well is it possible to install ubuntu server from an ubuntu desktop live cd if you download some additional files?
<PhotoJim> possible, in a sense... not recommended though
<ericjoseph> so install from CD is really the only supported method?
<PhotoJim> the only easy supported method
<PhotoJim> you'd need to be very familiar with Ubuntu to easily change a desktop install to a server install
<PhotoJim> besides, you probably don't want a GUI on a server
<PhotoJim> better to keep the horsepower and RAM for serving instead of eye candy
<ericjoseph> well i noted that you can install ubuntu desktop from the live cd (booted into the live cd environment, there's an install shortcut on the desktop)  just wondering if other installs are possible from that environment
<PhotoJim> not really.  you install a desktop system.  and then you can add and remove packages to make it whatever you want.
<PhotoJim> on the other hand, you can use the alternate install CD to readily easily install whatever sort of system you need.
<PhotoJim> but the server install CD is optimized to create a server.  it's definitely the best way.  and the only way I'd recommend to someone without deep Linux knowledge.
<ericjoseph> well i'm used to doing gentoo installs... boot up the livecd and ssh in and you can do the whole install from ssh.  i'm sure it can be done in ubuntu as well but probably more of a pain.
<PhotoJim> just do a really minimal install off the alternate CD, then ssh in and actually set up your system.  not quite the same, but similar.
<andol> ericjoseph: Well, if you want something really similiar to just booting up and connecting by ssh you can always boot up any live cd and do a manual install using debootsrap.
<andol> ericjoseph: Just not sure if it is worth the effort :)
<ericjoseph> thx andol.  i'll look into that
<ericjoseph> well i don't have a CD drive in the system i want to install ubuntu on.  i do have a persistent ubuntu 8.1 live CD on an external usb drive though that i can boot off of
<andol> s/debootsrap/debootstrap/
<Nafallo> hmm. we didn't release any Ubuntu in January 2008.
<Nafallo> I wonder if it might be 8.10 that's meant...
#ubuntu-server 2009-05-19
<aaron__> Hi, does anyone know a good ISP?
<aaron__> I am looking for one that allows servers.
<aaron__> I currently am with WOW (wide open west)
<aaron__> I looked at comcast but they are expensive and won't tell you the total amount unless you place an order.
<wizardslovak> can i connect external hard drive to ubuntu server and use it as NAS?
<wizardslovak> i am running web server and email server on it already
<wizardslovak> will it be able to run all those aplications?
<wizardslovak> or samba?
<Kamping_Kaiser> wizardslovak, yes
<wizardslovak> so i plugged external hard drive but server doesnt see it
<Mick27> anyone knows a way to automate fdisk in one line ? I would like to erase all old partition, create a new one with the entire disk and set it as 8e (lvm)
<Kamping_Kaiser> wizardslovak, 'doesnt see it'?
<wizardslovak> yes
<wizardslovak> i see only disk OS is installed on
<Kamping_Kaiser> what does "see" mean?
<twb> Is there an Ubuntu equivalent of RHCE?
 * twb finds https://wiki.ubuntu.com/Training
<twb> Seems that's training for desktop users, not admins.
<ajmitch> I believe there's certification
<ajmitch> based on the ILP exams
<ajmitch> sigh
<ajmitch> LPI exams
<ajmitch> http://www.ubuntu.com/training/certificationcourses
<twb> Thanks.
<twb> The trick was to search for "ubuntu certification" instead of "ubuntu training".
<wizardslovak> damn $2500
<wizardslovak> can i just take test without class?
<ajmitch> no idea
<wizardslovak> http://shop.canonical.com/product_info.php?products_id=481&osCsid=97ca5543b693aeaca13d933713db193d
<twb> wizardslovak: surely that *is* just the test
<twb> I would expect the study materials to be cheap (or even free of charge), and the final test to be expensive.
<wizardslovak> twb: same here , i would rather go for test lol
<wizardslovak> i am just checking amazon for some good ubuntu server book
<wizardslovak> what do you say??
<twb> Hopefully someone in here has cowritten one and can recommend it!
<wizardslovak> http://www.amazon.com/Beginning-Ubuntu-Server-Administration-Professional/dp/1590599233
<wizardslovak> i have that official ubuntu book but they cover server quickly
<twb> wizardslovak: look for one that specifically mentions U199 or whatever the code thingy is
<wizardslovak> well right now i just want to get better with ubuntu , then ill look for test
 * ajmitch doesn't expect the test to be overly easy
<wizardslovak> http://www.amazon.com/Ubuntu-Administration-Network-Professionals-Library/dp/0071598928/ref=sr_1_5?ie=UTF8&s=books&qid=1242695433&sr=1-5
<wizardslovak> or this
<wizardslovak> http://www.amazon.com/Ubuntu-8-Server-Administration-Reference/dp/098177783X/ref=sr_1_3?ie=UTF8&s=books&qid=1242695433&sr=1-3
<twb> Man, amazon's site is fugly if you're using w3m.
<wizardslovak> is there better site for books?? well no really
<twb> I don't know; I generally only read public domain and copyleft material.
<wizardslovak> well
<wizardslovak> i prefer chat tho
<wizardslovak> best way to learn
<wizardslovak> but when i am on road to work i prefer read paper books
<twb> Searching amazon for "ubuntu 199" gets three items, all being Michael Jang's UCP Study Guide.
<uvirtbot> Launchpad bug 199 in baz ""baz export" doesn't add to the revision library" [Medium,New] https://launchpad.net/bugs/199
<twb> uvirtbot: shut up
<uvirtbot> twb: Error: "shut" is not a valid command.
<twb> Bah.  If tell fsbot to shut up, it apologizes.
<ajmitch> uvirtbot is not that smart
<uvirtbot> ajmitch: Error: "is" is not a valid command.
<twb> Ha!
<twb> If freenode had its shit together, it'd provide a unified infobot for all channels.
<wizardslovak> soo
<wizardslovak> http://www.amazon.com/Ubuntu-8-Server-Administration-Reference/dp/098177783X/ref=sr_1_3?ie=UTF8&s=books&qid=1242695433&sr=1-3
<wizardslovak> ill takr this
<thewrathjr> whats on the agenda for tomorrow?
<wizardslovak> what subject?
<thewrathjr> i was just wondering what would be discussed tomorrow
<ajmitch> if you're referring to the weekly meeting, the next one won't be until the 2nd
<wizardslovak> w/e u have problem with
<wizardslovak> weekly meeting??
<wizardslovak> where?
<thewrathjr> ajmitch why not tomorrow
<thewrathjr> on the schedule its tomorrow
<ajmitch> thewrathjr: because of people travelling, UDS, etc
<thewrathjr> oho k
<thewrathjr> thats fine
<thewrathjr> ajmitch what time is the meetings usually EDT?
<ajmitch> wizardslovak: in #ubuntu-meeting
<ajmitch> thewrathjr: no idea, I only know it's 15:00 UTC
<ajmitch> I presume that's about 8:00 EDT
<ajmitch> but I don't live in that timezone
<wizardslovak> damn i didnt know that there are meetings
<ajmitch> wizardslovak: it's just to plan out development
<thewrathjr> ajmitch: http://www.timeanddate.com/worldclock/fixedtime.html?month=6&day=2&year=2009&hour=15&min=0&sec=0&p1=0
<thewrathjr> 11am
<ajmitch> ok
<ajmitch> I was thinking PDT
 * ajmitch lives in NZST, so conversion to UTC is easy
<thewrathjr> ah
<wizardslovak> ok so
<wizardslovak> i found why my email server doesnt send nor receive emails
<wizardslovak> failed sasl autherization
<wizardslovak> what should i do? can anyone helpme to fix i t?
<wizardslovak> postfix and dovecot + squirrelmail
<ScottK> wizardslovak: Look in your logs and give us the exact error.  Also pastebin the output of postconf -n
<wizardslovak> postconf http://pastebin.com/m158b1e2f
<wizardslovak> mail.err http://pastebin.com/m1391d2bf
<wizardslovak> error i am getting when sending email is "message not sent.Server replied"
<wizardslovak> so anyone?
 * ScottK looks
<wizardslovak> ScottK:  thx
<ScottK> wizardslovak: deliver(root) is dovecot telling you it doesn't know where to send mail for postmaster.
<ScottK> wizardslovak: Which release are you running?
<wizardslovak> i dont really know how to chceck it
<ajmitch> but you know which cd you installed from
<ajmitch> weren't you running 9.04, and using dovecot-postfix?
<ScottK> wizardslovak: What does less /etc/lsb-release tell you?
<wizardslovak> yes i upgraded from 8.04 so i had to install postfix-dovecot
<wizardslovak> ubuntu 9.04
<wizardslovak> i got imap so i can use squirrelmail
<wizardslovak> so problem will be in dovecot-postfic.conf
<ScottK> wizardslovak: You edited /etc/postfix/main.cf, didn't you?
<wizardslovak> yes
<ScottK> Why did you change smtpd_recipient_restrictions?
<wizardslovak> i didnt change that
<wizardslovak> it was there
<wizardslovak> is something wrong with it
<ScottK> You have smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
<wizardslovak> yes
<ScottK> dovecot-postfix installs smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
<wizardslovak> so i chould put those
<wizardslovak> let me do it
<wizardslovak> ok i changed it to those you sent me
<ScottK> That's not directly related to your problem at hand, but those are better.
<wizardslovak> yes
<ScottK> Can you pastebin /etc/dovecot/dovecot.conf
<ScottK> I use cyrus-sasl for SASL, so I may not be able to help you with this part, but let's have a look.
<wizardslovak> how should i copy all conf for pastebin?
<wizardslovak> btw dovecot.conf wont help you that much
<ScottK> It wont?
<wizardslovak> dovecot-postfic.conf is the one which will dovecot use
<ScottK> Where's the dovecot sasl stuff then?
<ScottK> OK.  I'll take that one.
<ScottK> Install the package pastebinit
<ScottK> Then do:
<ScottK> pastebinit $FILENAME and give me the url it gives back\
<wizardslovak> http://pastebin.com/f357c4df8
<ScottK> wizardslovak: Line 860 is the one I was looking for.  You do have sasl mechanisms defined.
<ScottK> wizardslovak: Look in /var/log/mail.log and get the entire transaction around one of those sasl errors
<wizardslovak> http://pastebin.com/m5dde9574
<wizardslovak> btw how can i go to line 860 quickly?
<ScottK> vim $FILENAME +860 does it for me, but then I use vim.
<wizardslovak> u mean mechanisms = plain login
<ScottK> Yep
<ScottK> The complaint in the error was that there weren't any mechanism defined.  There are.
<wizardslovak> hmm maybe mine are wrong or something
<ScottK> That's why I want the rest of the log entries around the error to see what else is going on
<wizardslovak> mail.log or mail.err?
<ScottK> mail.log
<wizardslovak> it wont pastebin
<ScottK> Not the entire file
<ScottK> Find the entry from mail.err (one of them) and get as many lines as you can before that
<wizardslovak> http://pastebin.com/m795d92bd here is tail of mail.log
<wizardslovak> http://pastebin.com/m15b08974 tail from mail.err
<ScottK> wizardslovak: I need the bits around 23:30:40 server1 postfix/smtpd[24058]: fatal: no SASL authentication mechanisms
<ScottK> Submit a correction or amendment below (click here to make a fresh posting)
<ScottK> Oops
<wizardslovak> how to get those bits?
<ScottK> wizardslovak: Your snippet ends at May 14 22:33:00
<wizardslovak> i know
<ScottK> That's not the end of the file.
<ScottK> I can't help you further without the log and I'm really up to explaining how to get it.
<ScottK> If you get it, feel free to ping me.
<wizardslovak> hmmm
<wizardslovak> can i use cyrus sasl?
<ScottK> It's harder to set up
<ScottK> I only use it out of ineertia
<wizardslovak> http://pastebin.com/m62b3c1ab
<wizardslovak> i think this will help the most http://pastebin.com/mce5e11f
<ScottK> looking
<ScottK> Now we're getting somewhere
<wizardslovak> it says connect to private/dovecot-auth failed.no such file directory
<wizardslovak> means i am missing folder
<ScottK> In 8.10 it was different
<ScottK> In /etc/postfix/main.cf try smtpd_sasl_path = private/auth-client, postfix restart, and then see what happens
<wizardslovak> i have it there already
<ScottK> Which?  auth-client or dovecot-auth?
<wizardslovak> ooo i got dovecot-auth
<wizardslovak> ok still doesnt work
<ScottK> OK.  Same error (look in mail.log)?
<wizardslovak> http://pastebin.com/m2b555149
<Doonz> sorry guys have a lame question but im stumped. my server (i just upgraded to 9.04) i cant seem to access the internet from it
<Doonz> locally im fine (on the lan)
<wizardslovak> did you assign ip and open 80 for it?
<Doonz> i mean just to update like apt-get and stuff
<wizardslovak> so you cant apt-get install anything??
<Doonz> i cant ping any internet adresses from the box itself
<ScottK> wizardslovak: What does postconf  |grep queue_directory produce?
<wizardslovak> ScottK: queue_directory = /var/spool/postfix
<ScottK> wizardslovak: OK. That's what it should be.
<ScottK> wizardslovak: How about ls -l /var/spool/postfix
<ScottK> Pastebin that please.
<Doonz> wizardslovak: any chance it installed a firewall?
<wizardslovak> http://pastebin.com/m60d34031
<ScottK> Doonz: Ubuntu Server does not activate the included firewall.
<Doonz> hmm
<Doonz> im confused
<wizardslovak> Doonz: try sudo ufw status numbered
<ScottK> wizardslovak: ls -l /var/spool/postfix/private
<Doonz> wizardslovak: status inactive
<ScottK> So no firewall.
<wizardslovak> Doonz: so no you dont have firewall
<Doonz> ok
<wizardslovak> damn couple weeks ago i didnt know nothing about ubuntu and now i know something heheh
<Doonz> im completely stumped
<ScottK> Doonz: It worked fine in 8.10?
<wizardslovak> ScottK: http://pastebin.com/m69cbdfb7
<Doonz> ScottK: yep
<Doonz> im confused
<wizardslovak> try ping server ip
<wizardslovak> does router have port 80 open for server?
<Doonz> im connect remotely through ssh into the headless server
<Doonz> but im only on the local lan
<ScottK> Doonz: You can connect to it on the local lan?
<Doonz> i am
<ScottK> wizardslovak: So you problem is that dovecot isn't listening there.
<ScottK> you/your
<wizardslovak> did you config static ip on server?
<Doonz> yep
<ScottK> wizardslovak: His server has an IP, he couldn't ssh to it if it didn't.
<ScottK> Doonz: So you problem is from your server outbound?
<wizardslovak> ScottK: how can i fix it then?
<ScottK> wizardslovak: Now we get to the part where I say "Dunno.  I don't use dovecot."
<ScottK> wizardslovak: Look for ivoks around tomorrow and ask him.
<wizardslovak> ivoks?
<wizardslovak> ok
<Doonz> ScottK: yes
<ScottK> Yes, he's they guy that wrote dovecot-postfix script.
<ScottK> Doonz: Can you ping your router?
<wizardslovak> ScottK:  do you have his email?
<Doonz> ScottK: think i got it
<Doonz> thanx alter
<ScottK> wizardslovak: He lives in Croatia, he'll be sleeping right now.  He's usually here during his day.
<wizardslovak> hmm i know i want to leave im message tho
<Doonz> ive got other wierd things happening
<ScottK> wizardslovak: I don't have it, but that's enough information to find it in Launchpad.
<wizardslovak> Doonz:  ??
<wizardslovak> ScottK: launchpad?
<Doonz> cant assign manual ip, webmin isnt able to installl mdadm module
<ScottK> wizardslovak: launchpad.net, the Ubuntu bug tracker.
<ScottK> Doonz: We don't support webmin, so I can't help you there.
<Doonz> Yeah i kno
<wizardslovak> hmmm
<wizardslovak> ScottK: where are you from tho
<ScottK> I live outside Baltimore, MD, USA
<wizardslovak> and you still dont sleep
<ScottK> Nah.   Sleep is for the weak.
<wizardslovak> yeap
<wizardslovak> i never been on launchpad and it says my email is registered
<ScottK> That's the Ubuntu bug tracker and lots more.   If you're going to use Ubuntu, you probably want to register
<wizardslovak> ScottK: i wrote him email
<ScottK> OK
<wizardslovak> i did include tail from mail.warn
<wizardslovak> so hopefully he will answer
<wizardslovak> ScottK: if i am not that big headache for you i would like to ask more questions
<ScottK> You can ask.  No promises on answers.
<wizardslovak> i connected external hard drive to server but server doesnt see it "df -h"
<wizardslovak> can i set it up for samba?
<ScottK> I know zip about Samba
<wizardslovak> zip mean nothing?
<ScottK> Yep
<wizardslovak> ok well nothing so far
<wizardslovak> what about NAS?
<ScottK> Nope.  In server terms I'm pretty much a mail server guy
<wizardslovak> sysadmin?
<ScottK> That underlies all of it, so sure.
<wizardslovak> hehe
<wizardslovak> i ordered couple books so cant wait to read them
<ScottK> Professionally I'm a system engineer, but I also know a bit about running systems.
<wizardslovak> apache2 , mysql,ubuntu server
<wizardslovak> whats system engineer? A+??
<kgoetz> whats A+?
<wizardslovak> kgoetz: http://certification.comptia.org/a/
<kgoetz> hm
<twb> wizardslovak: you can be employed and have a title without any certification.
<wizardslovak> twb: really? usually they ask for those
<wizardslovak> at least here in NY
<twb> Norway?
<ScottK> New York
<wizardslovak> lol
<ScottK> I'm old and crusty enough to tell them where they can put their certifications.
<wizardslovak> heheh
<twb> ScottK: ever get your sleeve caught in a disk drive?
<wizardslovak> i always wanted to learn ubuntu server and couple weeks ago i say i gotta do it before i will be too old hehe
<ScottK> No, but I did drop a deck of punch cards I'd failed to number.
<wizardslovak> only think i did for servers were power circuits
<twb> ScottK: that's why you draw a diagonal line down them
<wizardslovak> and i did hate that IT dumbass
<ScottK> twb: Yeah, well one learns after.
<wizardslovak> funny think ubuntu was much easier then windows
<ScottK> Of course
<twb> It depends if you like using a mouse, or like adding 500 users in twenty minutes
<ajmitch> twb: don't remind me of days gone by when I got to help with administering NT domains at a school
<twb> Ah, well, it's all LDAP now...
<sluimers> hello there
<sluimers> Hi, I've got problems trying to setup a mail server. My e-mails seem to end up in /var/mail/vmail. They should go to /home/vmail/user.
<sluimers> /home/vmail/mydomainname/user
<sluimers> I use postfix 2.5.5 and courier 0.60,.
<Tuxist> hi
<cef> Just been playing with kvm/libvirt and python-vm-builder, I can't see how the system would shut down any running vm's when you issue a reboot. I can't see anything that could do it in the init.d scripts. Any ideas?
<twb> No.
<twb> No.
<a_ok> should i install linux-server or stick with the -generic kernel?
<ddoom_> I tried to setup a software raid 5 with lvm on it, installed fine and grub ran but I got an error: device-mapper: table 252:0 raid45: unknown target type - after the error it drops to BusyBox - ubuntu server 9.04 amd64
<tadeu_> guys, i installed ubuntu server and "gnome-desktop-environment" package. Do you know what are the language packages ? I'd like PT_BR language
<tadeu_> my shell is in PT_BR, just gnome isn't
<dguitar> Why don't u just use Ubuntu desktop?
<ScottK> tadeu_: Gnome is off topic for the server channel in any case.
<gaveen> ddoom_, better try to install with a /boot partition outside the lvm configuration. Just a small /boot with something like 50MB would do
<ddoom_> pretty sure thats what i did
<juxta> I just added a new drive to a raid 5 array and reshaped the array to fill the extra space. Now i'm trying to resize the filesystem to use the extraspace using resize2fs, but it says 'nothing to do' and doesn't see the extra space.
<nickoe> Hi
<nickoe> I got a IBM eServer xSeries, how do I install Ubuntu on it?
<Jeeves_> surf to http://releases.ubuntu.com/
<Jeeves_> Download and burn the iso of your choice
<Jeeves_> install Ubuntu
<a_ok> Jeeves_: if i recall properly you where good with mysql
<Jeeves_> a_ok: I doubt that :)
<a_ok> Jeeves_: hmmm glad databases are usually more releiable than my memory
<Jeeves_> a_ok: :)
<a_ok> Jeeves_: i did a realease upgrade on one of my servers now all the sudden my starting relay-bin log is gone...
<Jeeves_> a_ok: That's too bad. But I'm really no mysql guru :)
<a_ok> Jeeves_: yeah figured that
<a_ok> Jeeves_: I think i have it fixed
<Pres-Gas> Hey, if /usr/local is expoted wiht nfs and root_squash to a client, can a file that is setuid and owned by root on the share be acted on or does root_squash only act when, say root on the client tries to rm the same file on the share?
<Pres-Gas> I don't think the man page for exports is clear on this.
<greenfly> Pres-Gas: from my understanding, root_squash prevents root on the client from being root
<stickystyle> root_squash acts whenever the effective uid is 0
<greenfly> but doesn't affect root on the server
<Pres-Gas> So, gentlefolk, if there is a file that needs to be setuid and owned by root to work on the share (/usr/local/bin for example), it should work properly?
<Pres-Gas> Cos that was my interpretation from the man pages...but really wanted to fact-check myself
<Pres-Gas> ...if I wanted to remove it as root from the client, I would get denied, right?
<stickystyle> Pres-Gas:  No, it will not work.  if the file is 700 root:root on the NFS server and a client has it mounted, and the client trys to execute it as their local root it will not work
<Pres-Gas> I have someone who is attempting to share the juniper networks ssl-vpn "Network Connect" client and it seems to work with my testing, though stickystyle.
<Pres-Gas> Hmmmm....
<stickystyle> Well, to be honest....I'm not 100% on what would happen with a setuid file...
<Pres-Gas> Gerr...no one is.  I guess it is time to play some more.  ;)
<greenfly> Pres-Gas: it's possible that it will work in that root_squash ignores when the client claims it is uid 0
<Pres-Gas> nfsd bases its access control to files on the server machine on the uid
<Pres-Gas>         and gid provided in each NFS RPC request.
<Pres-Gas> ...from the man page....
<greenfly> but yeah, I'm not quite sure what it would do if a non-root user on the client executed that setuid file that's on the server
<Pres-Gas> So, I would interpret that as the mapping is only on the server side...the client should still see it as owned by root and can act on it (reading the file/executing) no problem...
<Pres-Gas> Hey, I have some vms set up...going to try and act on, then remove some files...bear with me.
<Pres-Gas> I did not really want to manipulate them...but sounds like we should all find out eh?
<stickystyle> Yeah, your hypothesis sounds correct.  Lets all watch and find out :)
 * Pres-Gas is futzing about with his vm's now...please hold...
 * Pres-Gas turns on the muzak
<beawesomeinstead> does anyone know if $5000/month for 100MBit/s is ok?
<Jeeves_> beawesomeinstead: Ehm, it's a bit much :)
<Jeeves_> beawesomeinstead: Depending on where you live
<beawesomeinstead> Jeeves_: europe. they told me this also includes 2U spot for a server. i could negotiate this, and wonder how much 100Mbps usually cost?
<beawesomeinstead> (400W max)
<Pres-Gas> Okay, the setuid worked and I cannot delete it from the client as root.
<Jeeves_> beawesomeinstead: Can you do 100mbit/s all the time?
<Jeeves_> beawesomeinstead: Also, europe is kinda big :)
<beawesomeinstead> Jeeves_: unmetered
<stickystyle> Pres-Gas:  Cool.  Good to know for sure.
<Pres-Gas> So, once you execute a file, and the client sees the file as setuid and owned by root, the CLIENT acts as if it is local...no rpc calls to the server except for reading really...
<Jeeves_> beawesomeinstead: We ask EUR 2000 for 100mbit, or so
<Pres-Gas> It is when you are making a write/remove type rpc call to the server when the SERVER maps root to nobody...then the server reports back to the client Permission Denied.
<Pres-Gas> I feel better now....and this is logged somewhere so others may know as well.
<uvirtbot> New bug: #378367 in samba (main) "package samba 2:3.3.2-1ubuntu3 failed to install/upgrade: subprocess post-installation script returned error exit status 139" [Undecided,New] https://launchpad.net/bugs/378367
<oruwork> hi, can someone recommend a web based task management program to schedule tasks and deadlines for a small organization?
<genii> oruwork: phprojekt is not bad
<stanman1> hi, am trying to install 8.04 LTS on a proliant DL140 G3, but the installer can't find the nic's, can i just continue with installing and then add the nics later?
<joe-mac> hey is anyone here that is knowledgable on network preseeding? I have other preseeds working but this one is failing at install but parses on the build server with debconf-set-selections -c <file>. I need to know what steps to take to get some debug logs out of this. i've done it before but i can't recallf or the life of me and didn't easily find it on the google.
<joe-mac> heading to lunch, if anyone feels like they want to help, feel free to just say my name in your message, will respond when i get back, thanks
<tchough> does anyone know what the preferred method of launching a process as a certain user from an init script is?
<tchough> i'm guess it's not "su -" because that requires a system user's shell to be something other than /bin/false
<stanman1> how do i get embedded nics to go up?
<jmedina> stanman1: what you mean with "embedded nics"?
<genii> tchough: man start-stop-daemon        Then also take a look at /etc/init.d/skeleton
<tchough> genii: unfortunately, start-stop-daemon won't work for me... the program i'm trying to run barfs when start-stop-daemon tries to background it... is there another alternative?
<tchough> genii: su would fit the bill, but it barfs because the system user's shell is /bin/false, which i'd rather not change
<genii> Odd. postfix for instance has no valid shell yet start-stop-daemon can use it
<genii> tchough: You could use the script in rc.local and from there the su part for specific user. If no shell for a user, specify something like: su -c "bash whatever/command" username
<genii> jmedina: He has dual Broadcom 5721 nic on a Proliant DL140 G3
<jmedina> genii: and what is the problem?
<tchough> genii: no luck with su -c... i think su will only pass arguments directly to the user's shell
<jmedina> stanman1: what is the problem?
<tchough> genii: ah, i got it... su -s /bin/sh -c whoami user does it for me... thanks for your help!
<genii> tchough: np
<al_paun> Hi everybody. Can you please guide me to install a usb modem on ubuntu server?
<al_paun> I plan to make it work as a fax modem.
<al_paun> Can you please guide me to install a usb modem on ubuntu? I plan to make it work as a fax modem.
 * jmedina never required to use modem in linux in 8 years
<al_paun> I intend to use as a fax modem
<al_paun> fax server
<al_paun> hylafax
<jmedina> al_paun: which model?
<jmedina> is detected when you plug it in?
<jmedina> dmesg output
<al_paun> i don't have ubuntu desktop
<jmedina> ?
<al_paun> it's only comand line ubuntu
<al_paun> i mean without xwindows
<jmedina> well connect it and see dmesg output
<jmedina> firt check if is detected
<jmedina> al_paun: is it listed in lspci?
<jmedina> could you pastebin its output: dmesg and lspci
<al_paun> i got no dmesg message
<al_paun> i got a message in kern.log
<jmedina> probably you dont have usb support loaded or your usb modem is not supported
<al_paun> I'll paste what is in kern.log
<al_paun> new full speed USB device using uhci_hcd and address 2
<al_paun> usb 2-2: configuration #1 chosen from 1 choice
<jmedina> al_paun: use pastebin
<al_paun> Ok, I'll use but it was only two lines :)
<al_paun> sorry
<stickystyle> al_paun:  After you plugged it in, did you check to see if you got any new /dev/tty* devices?  It may just work.
<al_paun> no
<al_paun> i didn't check
<al_paun> i have ttyS0
<al_paun> which was rewriten
<al_paun> i think this one is using
<stickystyle> Do you have a serial port on this machine?  if so, ttyS0 is probably the serial port and not the usb modem
<al_paun> no I don't
<al_paun> it's a new computer
<al_paun> only usb ports
<al_paun> i even don't have paralel port
<al_paun> no paralel and no serial port
<al_paun> and the modify date of ttyS0 was changed today 20 minutes ago when I pluged in the modem
<al_paun> so I think this one is
<jmedina> al_paun: try lsusb
<al_paun> what should i search for
<al_paun> I have a list of 8 usb bus
<stickystyle> try connecting to it with screen then.  $screen /dev/ttyS0 9600
<al_paun> Bus 002 Device 002: ID 190d:0001
<stickystyle> send "AT" and see if it comes back with "OK"
<al_paun> this one is different than 0000:0000
<al_paun> just a second (installing screen)
<al_paun> when i open screen it's just a blank window with no posibility to enter anything
<stickystyle> Then I'm guessing that /dev/ttyS0 is not your modem. It was worth a shot.
<al_paun> hmm
<al_paun> thanks anyway
<jmedina> al_paun: you dont show requiered output from lspci, lsusb or full output from dmesg, it is hard to guess
<al_paun> in dmesg i get no message
<al_paun> where is lspci output?
<al_paun> i can send you lsusb output via pastebin
<al_paun> also lspci output
<al_paun> http://pastebin.ubuntu.com/175836/
<al_paun> the modem specifications sais that is AT  command compatible
<al_paun> its a ITU-T V.92/V.90 modem
<slestak> hey guys.  I am using this  last -n 500 | grep still | sort |  awk '{ print $1; }' | uniq -c | uniq -d  to find users logged in more than once.  It is returning me the username, but I would like the result of id for each of the returned results.
<slestak> nevermind, works in linux, fails wher im running it (aix)
<Lichte> My company just brought our web app over to 8.10 server from suse enterprise 10, and the web app keeps timing out users;  I've used the same settings for apache, and the web app doesn't time out on  the suse box;  any ideas ???
<Lichte> BTW: the web app is written in php
<genii> Lichte: Possibly the "max_execution_time ="         variable in /etc/php5/apache2/php.ini
<Lichte> genii, I've cranked that up I think....I'll look at it again
<Lichte> genii, it's *WAY* higher than the max setting on the suse box
<genii> Lichte: There is also a socket timeout value which may require setting.
<Lichte> genii, yeah, I've set those too
<Lichte> the only size difference between the two boxes is the garbage collection time
<Lichte> for session garbage collection
<genii> Maybe their session becomes invalid before the script finishes
<Doonz> hey uys, my server just locked up on me and had to be manually reboot. what log could i look at to see what caused the lock up?
<Lichte> genii, ok, I've cranked up the gc time to match the suse box.....hope that does it!
<genii> Interesting. Looks like some probing for "/bin/msgimport" going on in this: http://paste.ubuntu.com/175877/
<genii> Looks related: http://isc.sans.org/diary.html?storyid=5659
<FFForever> i never set the mysql password, how can i set it now?
<genii> FFForever: http://dev.mysql.com/doc/refman/5.1/en/resetting-permissions.html           oldie but goodie
<FFForever> genii, there is just no way to bring up the password option?, right now the password is blank and the mysqladmin won't accept it =(
<genii> FFForever: don't use the "-p" then
<Doonz> Does anyone here know of a way to get vmware remote consoles to work through a proxy?
<Iceman_B1SSH> how do I upgrade from 8.10 to 9.04 ?
<yeason> ircd-ratbox... any thoughts opinions? I'm trying to find a good irc server daemon, preferably one that works with a services daemon such as atheme-services...
<Doonz> Hey guys im running the new 9.04 server edition. The server become unresponsive. I cant ssh into it or anything. When i look at the monitor is got a bunch of info but i cant type anything
<Doonz> im able to ping the server from my windows box bu thats about it
<yeason> I'm having similar issues with another system... I wish I could tell you what the problem is
<yeason> another system as in not server...
<Doonz> im so confused
<Doonz> the only fix i can do is to reboot the bloody thing but thats not a solution
<Doonz> thats a windows fix
<yeason> yea... some of the symptoms include you can connect through ssh, it prompts for u/n and p/w but never gives you a prompt or an error, randomly locks up and nothing will work except ping and the reset switch?
<Doonz> except for i cant connect through ssh now
<yeason> =/
<yeason> lol, if you find a solution let me know...
<phaidros> hm, is there an out of the box solution to give users access to certain init scripts?
<phaidros> Doonz: server should be LTS ;)
<Doonz> it is
<phaidros> ??? 00:11 < Doonz> Hey guys im running the new 9.04 server edition.
<phaidros> 9.04 is LTS ?
 * phaidros didn't realize that .. 
<phaidros> so, seems alot of upgrading is necessarry :(
<Doonz> i though t9.04 is lts and 9.10 is the other
<phaidros> LTS .. Long Term Support .. 9.04 *and* 9.10 ?
<stickystyle> LTS is currently 6.06 and 8.04
<phaidros> nope, all I read was from Mark referring to 10.10 as next LTS ..
<phaidros> stickystyle: thanks! *phew*
<Doonz> ahh shit
<phaidros> he was writing the other day, that postponing to 10.10 would help synchronising work with debian guys
<phaidros> Doonz: ;)
<phaidros> downgrade
<Doonz> oh well lts version has a busted version of mdadm in it so yeah
<Doonz> 8.04*
<phaidros> 8.04 has well running mdadm, for me at least ..
<Doonz> dont screw up a grow operation
<Doonz> cause you will have to downgrade to 2.6.4
<phaidros> ok, good to know
<Doonz> yeah
<Doonz> not fun... not sure how that big time mess made it through
#ubuntu-server 2009-05-20
<phaidros> hm, is there an out of the box solution to give users access to certain init scripts?
<yann2> etc/sudoers magic maybe?
<phaidros> yann2: I am looking more for a "config infrastructure" for that purpose, so, creating init scripts for a user/service pair and enable them ..
<phaidros> hm, how do you guys enable users to restart a fastcgi app? (in an ideal world this app is handled by initscripts, so it comes up after a reboot e.g.)
<yann2> ah now thats a different question
<yann2> I'd like the answer to that
<yann2> people usually used killall :)
<phaidros> hm, that sucks somehow :D
<phaidros> yann2: http://www.undefinedfire.com/lab/user-init-scripts/
<phaidros> try that :)
<jumbers> I'm having issues with rewriting from domain.com/folder to www.domain.com/folder. domain.com to www.domain.com works just fine, but it does not work with any folders. I'm running Apache2
<slestak> hey guys, i am tinkering with libvirt and kvm on jaunty.  I have used python-vm-builder to create a jaunty server vm that exists in ~/ubuntu-kvm.
<slestak> i see that the virsh define command is neccesary to register the xm, but there is no xml file with confg for this machine.
<slestak> do i need to make that, or is the xml file a need for a differnt (virt-install) tool?
<sommer> slestak: the xml files should be in /etc/libvirt/qemu
<slestak> ok, i see default.xml.  it only specs bridge networking using dhcp.  I specified the ip address of my vom on the command line when I built it.
<slestak> i am trying to determine if I need to define the vm in virsh before i can run it?
<slestak> this is how i created it http://pastebin.com/m6eded9ef
<sommer> slestak: do you have a bridge setup on the host?
<sommer> slestak: the vm should be defined by vmbuilder
<slestak> sommer: i dont htin I do yet.  It is a new install.  Sorry for the elementary questions.  I am in a little overload with the multitude of option in the server docs.  It is difficult to tell which instruction pertain to which method
<sommer> slestak: in the networking section of the serverguide there is information on setting up a bridge on the vm host
<slestak> sommer: ok, i just made sure kvm waast started, I do have a virbr0 on a 192.168.122.1 network, which is the dhcp range spec'd in the /etc/libvirt/qemu/networks dir
<slestak> yes, i see it for 8.10 here https://help.ubuntu.com/8.10/serverguide/C/jeos-and-vmbuilder.html
<slestak> im going to see if ther eis updated docs for 9.04
<sommer> slestak: there is also information in the 9.04, but it's been rearranged a little
<ScottK> sommer: Comment for you on the mail server section of the server guide: I don't think the smtp auth stuff should have been removed in favor of just using dovecot-postfix as not everyone wants a local delivery agent.  Just setting up smtp auth is a useful set of information.
<sommer> ScottK: ya, it's on my list to revisit that section in light of the new dovecot stuff
<sommer> ScottK: I think the dovecot section can actually be merged with the postfix section, but you're right the smtp auth does stand alone at times
<ScottK> Also having the detail about settings is important for troubleshooting.
<ScottK> I was helping someone last night and I had to go read the source to dovecot-postfix to help him.
<sommer> gotcha, I'll update that for karmic
<ScottK> Cool
<daniel010101> how do i make a lamp system with asp
<cef> slestak: you playing with kvm/libvirt too? in virsh, you need to do a 'list --all' to  show inactive machines. the python-vm-builder seems to create the vm with an ID of 'ubuntu' by default
<cef> slestak: it actually defines it, but doesn't enable/start it by default 'if' you tell python-vm-builder to register the machine with libvirt for you
<cef> (either the [libvirt] section of your config, or the --libvirt option on the cmdline)
<slestak> cef: thx, yeah, i started looking at vmware-server, but i hate the way they gutted all the shell tools in the free product.
<slestak> cef: so i am now looking at libvirt + kvm for my comanies needs.
<twb> vmware blows
<twb> Especially vmware-server
<slestak> sommer: i have copied the xml file into libvirt/templates the way the wiki mentions, but the example has most of the settings in thre with secions commented out
<slestak> sommer: do i uncomment the line that starts with #if $bridge?  the wiki doesnt really specify
<cef> if you're going with a bridge (rather than behind nat), then you should really make a local copy and reference it in your own templates.
<cef> (that way, if the templates get changed thru an upgrade, you don't lose your changes)
<slestak> i did make a local copy to ~/VMBuilder/plugins/libvirt/templates/
<cef> ahh yup yup
<cef> you've since rebuilt the install using vmbuilder?
<slestak> cef: but the template uses $bridge, I assume that may be an arg
<cef> oh and you've created the bridge device?
<slestak> not after changing this, i need to locally cache this stuff, dl it is slow for me.  That is actually the first vm I am makign with jeos is an apt-proxy server
<slestak> for my lan
<cef> which webpage are you referencing atm?
<slestak> https://help.ubuntu.com/9.04/serverguide/C/jeos-and-vmbuilder.html
<cef> ok.. yeah that guide is for 8.10.. you can now tell vmbuilder that you want a bridge rather than the default. hold a sec
<slestak> ive updated my pastebin with my vmbuilder command, my ifconfig for virbr0, and the interface ection of VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl
<slestak> its at http://pastebin.com/m31f73c3f
<slestak> beer time
<cef> so either you can change that config and remove the if/else stuff (making it just that entry), or you can use the new commands (which I think go into the .cfg - can't see it in the man page.. time to look at other docs methinks)
<cef> heh
<slestak> is my virbr0 at 192.168.122.1 going to cause a problem, I want to use 192.168.21.35 as a staic ip for this vm, already have a dns pointer to it.
<slestak> i think i need to delete that interface and recreate it maybe?
<cef> you need to create a bridge. look at the link in https://help.ubuntu.com/9.04/serverguide/C/libvirt.html#virtual-networking
<cef> cos the bridge needs to include the 'outside' interface that you want to bridge the clients to (eg: eth0)
<slestak> i take it this is dangerous work remotely, lol.  i thinkn i did this a while back and had to drive to the console to fix.  At least this machine is sonly 3 miles away, instead of 6 states.
<cef> well, double check things. :D
<slestak> i just upped the ram in my desktop at work so i will be on this machine in about 8 more hours.
<slestak> i am redmond free at my desk, life is good
<cef> :D
<cef> I have too many machines around me (including one machine which is doing kvm, but has no X on it)
<slestak> this is interesting, i have no bridge entries in netowk/interfaces, but i do have brctl installed.  I have a virbr0, but this is jaunty desktop, and dhcdbd is not installed
<cef> which is fine, but none of the other machines has the right combo of X and jaunty on it so that I can see a console. made finding a typo in my firstboot script a right pain
<slestak> i guess the bridge that is running was purely from the vmbuilder defaults and is not fiunctional
<cef> well libvirt sets it up by default I think
<slestak> now, this is where it gets tricky, my desktop is on our desktop subnet, 192.168.20.0, however, I want this server to respond to 192.168.21.35.  THink that looks questionable?
<slestak> my dom0 is 192.168.20.207
<cef> it's useful for testing stuff if you don't want it to be contactable from remote (eg: if you don't care if it's behind a firewall
<slestak> all of this is for internal use, i have to vpn in to see any of this
<cef> as long as the upstream router will allow it on that network interface, shouldn't be an issue
<slestak> but I do want this to be reachable by any team member
<cef> what's the netmask? /24? /23 or less?
<slestak> as long as dom0 is still functional, I can adjust or move the dom1 later to that othe rsubnet.
<slestak> cef: im not sure, sorry.  networkign is not my strong point
<cef> slestak: ok, 255.255.255.0 or something else?
<slestak> i can start my vm's on the desktop subnet, and move them to my production server an reconfigure them
<slestak> 255.255.255.0, yep
<cef> ok.. cos it's a mask. 192.168.20.x masked with 255.255.255.0 means that you can only communicate with machines that the last number (x) differs. otherwise it has to go through a router somewhere
<cef> ipcalc is a useful tool for finding out that sort of thing btw
<cef> so you can put it on the same network card, but nothing will be able to talk to it
<cef> but hey, it should boot, and as long as you can do console, it'll be fine
<slestak__> i missed the last thing you said I think.  restarting networkign lost my remote session
<cef> ipcalc is a useful tool for finding out that sort of thing btw
<cef> so you can put it on the same network card (using a bridge), but nothing will be able to talk to it
<cef> (and then what I just said)
<slestak__>  * Reconfiguring network interfaces...
<slestak__> Ignoring unknown interface eth0=eth0.
<cef> pastebin your /etc/network/interfaces file
<slestak__> well, its 12:30am, i'll pick it up tomorrow.  thx for your help.  I cant righ tnow, that machine is not available until i can reach the console
<slestak__> i can recreate it though
<cef> no probs..
<cef> got a few hrs before I head home (.au here)
<slestak__> do you have my oastebin url still?
<slestak__> http://pastebin.com/m6730b2a4
<slestak__> and eth0 = 192.168.20.207  <-- different subnet from guest.
<slestak__> what is the biggest, baddest kvm machine you guys have ever built?
<slestak__> we have an olap tool (MITS) that currently runs on our aix box with our erp system.  I am entertaining the idea of running this on a rhel dom0 with kvm dom1.
<ajmitch> a hefty 512MB guest windows XP install in kvm
<ajmitch> yes, I barely use kvm
<slestak__> the data needs are trmendous, (for me) 32G of db, and 136G of indexes and cubes.
<cef> ahh yeah.. you need to set it up as 192.168.20.x (the bridge replaces the 'eth0' address)
<cef> then when you 'add' ip's to the bridge, they aare their own (ie: defined in each vm)
<slestak__> i wonder if virtualization can scale up to that?  I have my eye on a fiber channel jbod from a friend that has 5.6Tb (14 x 400g sata) that i can stripe some and use lvm snapshots onto another set nightly.
<slestak__> cef: so each vm will redefine its own br0, or will i need br0, br1, br2 for 3 vm's?
<cef> I'm still playing.. the issue is data movement.
<cef> slestak: each machine will create another ip and add it to br0 (eg: br0:0, br0:1)
<slestak__> im not super concerned with performance.  My other choices beside virtualization are to use either one of our two older prod boxes, two aix machines, 1x800Mhz or 2x450Mhz, At least the dom0 is a modern poweredge that can take 4 Xeon's.  Hopefully it can hang
<cef> main issues (IMO) are going to be disk speed access and network speed. you might need to look at virtio to improve the network access
<slestak__> i need one of those ip kvm switches (other definition of kvm) so when I do this to my poweredge, I can reach the console from Michigan.  the server is in Maryland
<cef> yeah.. always a pain..
<slestak__> Can I use a ramdisk in a virtual machine?
<slestak__> My plans is twofold.  I plan on striping this data only,  no mirror, no parity.  Set up it with max read/write speed.  I can alway rebuild my cubes from source data if I suspect them.  Use an lvm snaphot nightly to another set of disks in the jbod, so I basically mirror it once per day, instead of on every write
<slestak__> s/is/are
<slestak__> i need to cruise.  ty for your help cef
<ivoks> RoAkSoAx: hi
<RoAkSoAx> ivoks, heya master, how's it going
<ivoks> RoAkSoAx: sorry, i couldn't come yesterday
<RoAkSoAx> ivoks, it's ok :)
<RoAkSoAx> ivoks, do you have time now?
<ivoks> yes :)
<ajmitch> hi ivoks
<ivoks> ajmitch: hi
<RoAkSoAx> ivoks, this is the FTBFS: https://launchpad.net/~andreserl/+archive/ppa/+sourcepub/634425/+listing-archive-extra
<ivoks> RoAkSoAx: let me boot the karmic server and check that ftbs
<RoAkSoAx> ivoks, i think it would have been a sync, but it FTBFS
<ivoks> RoAkSoAx: what time is it in your timezone?
<RoAkSoAx> ivoks, midnight
<ivoks> so, 7 hours diff
<RoAkSoAx> oh really.. what are you doing up so early :)??
<ivoks> documentation for one project :D
<ivoks> i hate writting documentation :/
<RoAkSoAx> ivoks, i hate to getting up so early.. i can get up before 9 :) hahaha and yes.. i hate documentation too
<RoAkSoAx> s/can/cant/
<ivoks> i'm grabing paraview
 * ajmitch prefers those easy merges :)
<ivoks> ajmitch: well, RoAkSoAx is my student and we are at the leason 'How to fix FTBFS' :)
<RoAkSoAx> indeed :)
<ajmitch> heh
<ajmitch> ivoks: I'm at the stage of 'deciphering libtool changes' :)
 * ajmitch needs to finish off, test & upload the php5 merge
<ivoks> ajmitch: what do you think about having PPA for PHP5 packages?
<ivoks> tested and approved newer versions of php for older releases
<al_paun> do you know if it's complicate to install a pci serial in ubuntu?
<ajmitch> I think it'd certainly be useful to have them
<ivoks> some web devs complain all the time about old php5
<ivoks> al_paun: with most of them it's just plug and play
<ajmitch> I don't think it should be too hard to arrange a PPA for it either
<ivoks> al_paun: some, otoh, require binary driver which kills linux's native serial driver and, basicaly, renders your system unusable
<ivoks> ajmitch: i'll try creating backported php packages for hardy, just to see how it works
<ajmitch> there aren't too many things in PHP dependencies that should stop that from just working
<ivoks> that's right; that's way i had that idea...
<ivoks> RoAkSoAx: i'm pulling required packages to build paraview
<RoAkSoAx> ivoks, k :)
<ivoks> RoAkSoAx: it was a clean merge...
 * ajmitch is merging 5.2.9.dfsg.1-4 at the moment, nothing jumps out as unbackportable
<al_paun> I plan to install a fax modem on a server. Since the computer doesn't have any serial what do you suggest?. I've tried with a usb-modem and the modem couldn't be recognized.
<al_paun> maybe a hardware modem on pci?
<RoAkSoAx> ivoks, i thought that too, but having taking a better look... seems like a sync...
<al_paun> I already have a serial modem
<al_paun> which I know it's working on linux
<ivoks> al_paun: try with pci serial ports
<al_paun> ok tks
<ivoks> al_paun: and, leason learned, newer ever buy another server without serial port
<al_paun> the new mainboards removed serial port
<al_paun> motherboard
<ivoks> maybe desktop boards...
<al_paun> yeah but I
<al_paun> yeah but it's already bought
<RoAkSoAx> ivoks, my debdiff does not show any changes... because 1. ubuntu-use-ffmpeg-swscaler has been included in debian, so we drop that patch, then debian has dropped gcc4.3.patch and ffmpeg_writer.patch, and it has also dropped ffmpeg from Build-Depends and I'm taking debian changes on mpi... so after that.. no ubuntu change...
<ivoks> RoAkSoAx: we'll see :)
<ivoks> well, there's a quite big diff
<ivoks> ubuntu uses ffmpeg, debian doesn't
<ivoks> RoAkSoAx: anyway, that's for ubuntnu-motu :)
<billybigrigger_> hey all
<billybigrigger_> does anyone here use godaddy??? i registered a domain through them and can't figure out for the life of me how to setup a subdomain, i want forums.mydomain.com to point to mydomain.com/forums (ie. /var/www/forums)
<ivoks> does anyone uses latex|tetex|texlive|*ex* for writing documentation?
<twb> ivoks: nope; I prefer python-docutils and rst2pdf now.
<twb> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<ivoks> twb: hehehe
<ivoks> i'm interested in editors people use for tex
<twb> ivoks: #emacs
<stanman1> df
<stanman1> hi
<cef> can you get vmbuilder to build images directly onto an lvm lv in raw format? everything I've seen says to use qemu-img to convert the default file from qcow2 to raw after the fact, which is just a pain.
<stanman1> how can i install a broadcom netextreme nic with ubu?
<stanman1> the installer doesn't see the embedded nics.. :(
<henkjan> cef: on intrepid building images to lvm failed for me
<kgoetz> stanman1: your NICs require non-free firmware. Not sure if your release of Ubuntu ships with it
<stanman1> kgoetz: somehow ifconfig eth0 up worked and i could set a static ip, etc
<stanman1> strangely the installer didn't recogize the nics...
<stanman1> now it's working
<kgoetz> stanman1: the kernel used during isntall may not have the firwmare loaded. I'd agree its trange though
<stanman1> i must say, i did an install off an usb stick (no cd in the box), later after booting off the hdd's it worked
<alterlaszlo> hi, i'm giving eucalyptus a try but i have problems handling user registration mails. Where are the mails gone?
<ulel> hi
<ulel> anyone running clusters here
<ulel> needed soem advice on hardware
<celephais> Hi, how do you control log on multiple servers?
<ddoom_> I have 3 1TB sata drives, ubuntu server is intalled on a partition of 1 of them. If i unplug one of the non-boot drives, it works fine.but if i have all 3 connected it comes up with raid45: unknown target type errors and drops to EasyBox (I think its called). My bios has fakeraid which I have turned off, any ideas?
<alterlaszlo> celephais: i use syslog-ng and centralize all logs on a log-server
<celephais> alterlaszlo, and how do you parse the logs?
<celephais> alterlaszlo, i mean how do you know if something is going wrong?
<alterlaszlo> celephais: with syslog-ng it-s quite easy to create filters
<celephais> alterlaszlo, ok thank you , i'll check the documentation
<alterlaszlo> celephais: that's a great question: it dipends on how much time you have to check them ;) if you have few time just parse errors and warnings
<celephais> alterlaszlo, is there a program that automatic parse log and look for ad-hoc pattern such , a.e, brtue forcing on ssh?
<alterlaszlo> celephais: for brute-force attacks i use another package called fail2ban, it's him that check logs and creates autoamtically iptables rules to ban the attacker ip
<alterlaszlo> it-s great against script kiddies
<celephais> mm ok i'll check
<LMJ> Hi
<LMJ> I'm modify my syslog and now, no more email activities are logged  :-/  Here is my conf : http://pastebin.com/db1c69d3 and you will see file priviledges too
<ivoks> -?
<ivoks> -/var/log/mail.log
<LMJ>  - means not sync or something like this
<ivoks> right, without it, syslog won't buffer logs
<LMJ> I don't want to log in /var/log/mail.log but in /var/log/mail/mail.(err|log)
<ivoks> those files exist?
<ivoks> owned by syslog:adm?
<LMJ> yes, look below in my pastebin
<ivoks> oh, sorry
<LMJ> np
<LMJ> don't really understand what it doesn't work
<LMJ> no errors in syslog just in case
<ivoks> did you check syslog?
<ivoks> ok... :)
<LMJ> I've broken something somewhere but I don't know what
<LMJ> let's double check if postfix handle syslog facilities
<ivoks> how about:
<ivoks> mail.info -/var/log/mail/mail.log
<ivoks> mail.warn -/var/log/mail/mail.log
<ivoks> mail.err /var/log/mail/mail.err
<LMJ> ok, let's try
<LMJ> hold on
<ivoks> make that mail.warning
<LMJ> ho
<ivoks> so, you don't want errors in the same file as other?
<LMJ> no
<LMJ> syslog and postfix restarted and I can see the postfix restart notification in mail.log
<LMJ> nice ;)
<LMJ> mail sent
<LMJ> and log'ed
<LMJ> damned, thanks you bro
<ivoks> np
<ivoks> ubuntu's default syslog.conf had that example
<ivoks> :D
<LMJ> yes
<LMJ> I removed it
<billybigrigger_> does anyone here use godaddy??? i registered a domain through them and can't figure out for the life of me how to setup a subdomain, i want forums.mydomain.com to point to mydomain.com/forums (ie. /var/www/forums)
<giovani> billybigrigger_: this is very much not the place to ask -- godaddy has technical support
<giovani> however, forwarding a subdomain to a url is not typically done at the DNS provider
<kees> ivoks: sweet, I see you're trying to get xattr tar working sanely upstream.  how's that going?
<stickystyle> billybigrigger_:  once you figure out the godaddy subdomain issue, your going to want to learn about mod_rewrite to handle the forums.mydomain.com -> mydomain.com/forums transition.
<billybigrigger_> eh?
<billybigrigger_> what do i need to know?
<billybigrigger_> well i got it working, it only took 48 hours to update...so if i visit forums.mydomain.com now, its just a redirect and the address bar shows mydomain.com/forums
<billybigrigger_> so all that effort was pointless :P i thought the address bar would show the subdomain as forums.mydomain.com
<ivoks> kees: it's basicaly redhat's patch
<ivoks> kees: upstream did some changes to it
<ivoks> kees: debian maintainer pushed it there
<ivoks> kees: to be honest, i didn't check how are things going now, but i do know that fedora is interested in that too
<ivoks> kees: http://lists.gnu.org/archive/html/bug-tar/2009-03/msg00036.html - that's the last news :/
<kees> ivoks: yeah, that's what i was reading.  Jorg is totally right, btw.
<kees> i.e. the memcpy vs strcpy bit.
<kees> I don't know about the DIR part
<orudie> is there a way to hide the whois information of the domain ?
<jpds> orudie: Whois guard at best.
<stanman1> hi, i installed ubuntu 8.04 LTS off an usb stick, but now when i remove the usb stick I get an error 15 at grub, how can i solve this?
<ivoks> stanman1: remove grub from hard disk
<stanman1> ok, apt-get remove grub?
<stanman1> then reboot?
<ivoks> no
<ivoks> grub is installed on MBR of your hard disk
<RoAkSoAx> ivoks, heya master i'm back :)
<ivoks> you have to clear hard disk; install another boot loader there
<ivoks> RoAkSoAx: hi
<kees> ivoks: should we carry the xattr patch in Ubuntu, you think, to give it a wider audience?
<ivoks> kees: that was my idea; that's why i asked debian dev about that
 * kees nods
<ivoks> kees: he said he won't introduce changes that aren't from upstream
<kees> we'd want jorg's patches too.
<ivoks> kees: so, we could do it... but we would be alone there :)
<kees> ivoks: sure, but we do that in other places too.  :)
<ivoks> kees: note that 'my' patch was extracted from redhat's tar
<kees> ivoks: right, sure.  we'd want Jorg's fixes, though, too.
<ivoks> kees: right
<kees> I'm surprised RH hasn't run into more problems with it -- the strdup vs memcpy issue is rather nasty.
<ivoks> if we do that for tar, we could enable acl by default on all partitions
<kees> ivoks: it seems that acls work already, but that useracl is what's non-default currently.  is that right?
<ivoks> acls don't work
<kees> hm, ok
<ivoks> you can't set acl on files
<ivoks> but (almost) all programs are compiled with support for it
<kees> yeah
<kees> I'm curious about it for fscaps, which uses xattrs
<ivoks> don't know what's that :)
<RoAkSoAx> ivoks, when we are dropping a patch, should I just remove it from the debdiff or should i delete it from debian/patches?
<ScottK> RoAkSoAx: Why are we dropping it?
<ivoks> RoAkSoAx: debdiff is diff between debian and ubuntu
<RoAkSoAx> ScottK, because debian merged it
<ivoks> RoAkSoAx: if ubuntu is droping patch, then it exist in debian
<ivoks> RoAkSoAx: therefor, it's not in debdiff
<ivoks> RoAkSoAx: but if your debdiff removes patch that debian did, then you are probably doing something wrong
<ivoks> do you understand what i'm trying to explain? :)
<RoAkSoAx> ivoks, in paraview.. i need to drop ubuntu-use-ffmpeg-swscaler becuase debian has merged it (use-ffmpeg-swscaler.patch) so I need to drop the ubuntu patch.
<RoAkSoAx> ivoks, i remove it from the debian/patches/series file, and when I do the debdiff.. it still appears on the debdiff... know what i mean?
<ivoks> all you have to do is note in changelog explaining that you droped a patch cause debian include it
<ivoks> RoAkSoAx: don't remove it
<ivoks> RoAkSoAx: you don't quite understand whole concept, i'm affraid...
<RoAkSoAx> ivoks, i mean in the diff i'm trying to remove the patch that ubuntu did.. let me show you just a aset
<RoAkSoAx> sec
<ivoks> RoAkSoAx: i'll be back in 20 minutes
<duvnell> any idea how to get new dmesg message to go to a tty so I can what what was happening just before this box became unresponsive?
<duvnell> s/message/messages/
<Ash-Fox> How do I disable ssh's stupid check on file permissions on certificates? - I am trying run backups under a specific user and I use ACLs to grant it read access to everything and SSH refuses to work when the ACLs are set on the files.
<ivoks> RoAkSoAx: cluster stack session got approved for UDS
<RoAkSoAx> ivoks, awesome.. has it been scheduled yet?
<jpds> Probably not.
<ivoks> not yet
<RoAkSoAx> ivoks, hopefully they scheduled on of the lasts sessions so that I can attend :)
<ivoks> RoAkSoAx: i was thinking of that... what's the time you would like it to be?
<ScottK> RoAkSoAx: If you subscribe to the spec and tell LP when you will be there, that does bias the scheduling algorithm.
<RoAkSoAx> ivoks, do you know what's the timezone there?
<ivoks> same as here
<ivoks> that's -7 for you
<ivoks> CEST
<ivoks> sommer: rain on sunday in barcelona...
<RoAkSoAx> ivoks, at what time is the last session?
<jpds> 4:00pm
<RoAkSoAx> jpds, 4 to 5 right?
<RoAkSoAx> ivoks, yep, I guess it will need to be at 4pm, since it will be 9 am for me
<jpds> Yes.
<RoAkSoAx> k
<jpds> RoAkSoAx: You lazy thing! I wake up at 6am.
<RoAkSoAx> jpds, hahahaha i usually wake up at 9.30
<ivoks> RoAkSoAx: still teenager? :)
<RoAkSoAx> ivoks, almost 24 :P
<RoAkSoAx> ivoks, just "unemployed"
<jpds> ivoks: What do you mean by that? :P
 * jmedina is 26 and also wakes up at 9:30 :)
<ivoks> lol i'm old
<jmedina> ivoks: RoAkSoAx where can I find info about proposed cluster stack
<ivoks> jmedina: we have to discuss it
<RoAkSoAx> jmedina, that's what is going to be discussed during the UDS
<jmedina> Im learning about HA setups
<ivoks> jmedina: stop right there
<ivoks> ups
<jmedina> O_O
<ivoks> never mind
<RoAkSoAx> ivoks, should I report it like this: http://pastebin.ubuntu.com/176497/ ?
<jmedina> I need to setup a few services in a HA setup, I already have SAN(FC) shared storage, multipath and bonding/vlans for the setup
<RoAkSoAx> jmedina, i've already added howto's for heartbeat: https://wiki.ubuntu.com/UbuntuHighAvailabilityTeam/Heartbeat I've to review them
<ivoks> but don't use hearbeat
<ivoks> it's dead
<jmedina> :S
<RoAkSoAx> ivoks, there's going to be a heartbeat version 3.x
<ivoks> RoAkSoAx: yeah, it's ok; but debian might not accept it
<jmedina> RoAkSoAx: thanks
<ivoks> RoAkSoAx: there will be 3.0, since 2.99 is out for some time
<ivoks> RoAkSoAx: but there are no intentions to continue with it
<RoAkSoAx> ivoks, who's the upstream developer, horms?
<jmedina> ivoks: I need to use hardy for the setups, so what is the choise for hardy lts?
<RoAkSoAx> jmedina, heartbeat or rhcs
<jmedina> One of the things still confuse me is shared storage and cluster filesystem
<jmedina> do I need gfs clvm?
<jmedina> this HA setup is going to run under  a virtualized setup in bladecenter
<RoAkSoAx> jmedina, you need to use cluster filesystem when you have master / master configs... such as 2 file servers serving as active / active
<ivoks> gfs and ocfs are clustered filesystems
<ivoks> they enable you to write at the same time to same filesystem from different machines
<ivoks> if you want that, i'd suggest using gfs, and thus rhcs
<ivoks> you might try ocfs too
<jmedina> Im not doing active/active only active/standby
<ivoks> then you can use 'normal' linux filesystems
<RoAkSoAx> jmedina, yes.. check out my tutorials.. they will give you and insight of how active / passive works with heartbeat... btw... if you want to have data replicated between two nodes in active / passive, you can use DRBD...
<jmedina> then I read about locking or corrupted FS when a node a failed node is not fenced or something
<ivoks> ha isn't replacement for backup
<ivoks> if your SAN fails, all you have then is backup
<jmedina> I have 4 redundant paths to the san and using multipath
<ivoks> still, fire in SAN means no data
<jmedina> raid10 in san, and of course backups
<ivoks> error on filesystem means no data
<phreestyle-work> I'm having trouble with eBox and need help. For some reason, I can't update eBox in Ubuntu Hardy. It is holding back the packages and squid and dansguardian won't work because eBox is writing incompatible config files
<RoAkSoAx> jmedina, yes but first you need a technology that allows you to replicate data... this technlogy could be DRBD..., it provides a "fencing" mechanism that tries to prevent from split-braining.. it is called dopd...  i'll soon add a howto on how to do that
<ivoks> RoAkSoAx: ha has SAN(FC)
<ivoks> he
<RoAkSoAx> ivoks,  I thought that blade centers had that issue resolved already
<RoAkSoAx> i mean data replication and that stuff
<ivoks> RoAkSoAx: http://en.wikipedia.org/wiki/Storage_area_network
<ivoks> RoAkSoAx: there's no need for drbd and replication with san
<RoAkSoAx> ivoks, yes...
<RoAkSoAx> ivoks, that's why i though that blade centers had that issue resolved already since they do not need of a data repliucation technology such as drbd
<jmedina> this blades dont have local disk, im using boot from san
<resno> I am looking for a way to get more information then the webalizer main page will give. I am looking for stats on a specific page.
<ivoks> awstats
<resno> ivoks: my server has webalizer on it speficially.
<ivoks> that's stoping you from using awstats?
<jmedina> the current setup is like this: http://tuxjm.net/wp-content/themes/Ghacks2/images/Esquema_Storage_Fisico_con_redundancia.png
<resno> ivoks: I guess. I dont admin the server, so I dont know of any features installed on it. I was hoping webalizer allowed this type of access by passing it a parameter or something.
<ivoks> resno: awstats doesn't do that either, iirc
<ivoks> resno: you could parse logs :/
<resno> ivoks: I need stats on one page, but its deep within the site and I am not sure how to get those stats. Its not a highly visited page, which creates the problem.
<ivoks> jmedina: right... so, what would you like to achive?
<ivoks> resno: awstats and webalizer are domain-aware, not site-aware
<resno> ivoks: oh I see.
<ivoks> resno: so, if you want something for specific site, you should parse logs
<ivoks> resno: or, with awstats, grep normal apache log, look for specific site
<ivoks> resno: paste that into new file
<ivoks> resno: and tell awstats to check out that file
<ivoks> resno: then it will tell you stats for domain, but since that spcific page is the only page in that log, all stats would be for that page
<jmedina> ivoks: this is going to be a virtualized enviroment with live migration providing kind of manual high availability
<ivoks> jmedina: so shared storage should have a filesystem that all of them can access, but not at the same time
<jmedina> now I want to give some redundancy for services like proxys, fileservers, routers
<ivoks> jmedina: ext3 sounds quite ok for that
<ivoks> jmedina: you could use heartbeat; it should be easier to set up
<ivoks> jmedina: or red hat cluster suite, which is a bit heavier beast
<ivoks> you'll also find more howtos with heartbeat than rhcs
<jmedina> ivoks: I've been playing with heartbeat but for simple setups, only using network resources: routers, firewalls
<ivoks> then again red hat cluster suite is in main, while heartbeat is in universe
<jmedina> my main concert is about storage, I want to avoid two nodes access data at the same time
<ivoks> jmedina: i hope you don't think about doing this in production :)
<ivoks> jmedina: test it somewhere else :)
<jmedina> ivoks: nop I have a bladecenter H with 14 blades to play
<ivoks> jmedina: if you put ext3 there, they can't access it at the same time
<ivoks> jmedina: kernel will refuse to mount it
<ivoks> jmedina: idea is that service moves from one server to another
<ivoks> jmedina: service can be filesystem or some real service
<jmedina> yeap
<ivoks> so, you can't mount them at the same time
<ivoks> i use gfs just so i could mount and use them at the same time
<ivoks> never had any problems
<sommer> ivoks: rain on sunday... doh
<sommer> ivoks: well I need a new jacket anyway :-)
<RoAkSoAx> ivoks, i paraview has failed to build again
<sluimers> Can someone help me with ispconfig3? My mails get stuck in var/mail/vmail
<RoAkSoAx> ivoks, http://pastebin.ubuntu.com/176542/
<ivoks> RoAkSoAx: so...? you know where the problem is?
<RoAkSoAx> ivoks, no, but i was thinking it was because python needs to be a builddepdns?
<ivoks> RoAkSoAx: it's obvious that's the problem
<RoAkSoAx> ivoks, i did that i'm just waiting to see if it builds
<ivoks> ok
<RoAkSoAx> ivoks, would that be something that will need to be forwarded to debian too?
<ivoks> RoAkSoAx: i'll tell you when i see the debdiff
<RoAkSoAx> ivoks, in debian they use python-dev which install python (2.6) and python2.6-dev, during building it says that python2.5 has not been found.. so there are too possible solutions right? making it use python2.6 or installing python2.5, which one do you think is the best one?
<ivoks> RoAkSoAx: make it depend on python2.5
<RoAkSoAx> ivoks, i did that. I will need to remove python-dev from Build-Depends and add python2.5-dev and python2.5 right?
<ScottK> RoAkSoAx: Make it work with 2.6 is a better answer.
<ScottK> ivoks: Why do you say depend on 2.5?
<ivoks> ScottK: i would leave that to upstream
<ivoks> python2.5 -> python2.6 isn't that simple
<ScottK> Is it 2.5 due to upstream or packaging from Debian?
<ivoks> upstream
<ScottK> Ah.
<ScottK> Well generally it's better to use system default, but maybe not in this case.
<ivoks> if it can work with 2.6, then yes
<ivoks> but that would require some seding all over the place :)
<ScottK> So RoAkSoAx check if it works with 2.6.
<ivoks> RoAkSoAx: you could try that :)
<ivoks> right, 'grep -sr python2.5 *'
<ivoks> :D
<ivoks> RoAkSoAx: it turns out that paraview is great exercise :)
<RoAkSoAx> haha
<RoAkSoAx> indeed
<RoAkSoAx> ivoks, http://pastebin.ubuntu.com/176550/
<ivoks> hm
<ivoks> so, debian's the devil :)
<ivoks> try it
<ivoks> replace python2.5 with python
<RoAkSoAx> ivoks, ok
<RoAkSoAx> ivoks, where?  :)
<gene420> anyone have a good website or lead myself in the right direction to setup a redundant web server I have just aquired a second IP address and would like to use it for a redundancy for my existing apache virtual domain  system
<giovani> gene420: "redundant" isn't explanatory enough
<ivoks> RoAkSoAx: sed -i -e 's/python2.5/python/g' debian/paraview.lintian*
<giovani> you want them both sharing the load? you want failover when one dies (one is primary, one is secondary)
<giovani> ?
<giovani> explain a bit
<gene420> sharing the load
<giovani> gene420: the cheap and simple way is to use round-robin dns
<ivoks> there's even cheaper way :)
<giovani> where you put two A records in for the hostname
<gene420> I have each website with godaddy
<ivoks> apache has mod_proxy_balancer
<ivoks> http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html
<giovani> ivoks: that's not cheaper nor more simple
<giovani> I'm not saying it's a bad solution
<ivoks> hehe
<giovani> but it's hardly the simple method
<gene420> so then just add a second A name record to godaddy and schedule rsync to keep them synced
<giovani> and I wouldn't recommend it to a random new admin
<giovani> gene420: heh, what kind of data are you trying to sync?
<gene420> I have 4 customers with simple drupal websites...
<ivoks> are you certain you need load balancing?
<giovani> you won't be keeping backend DBs consistent with rsync, sorry
<ivoks> he'll need mysql master-master replication
<giovani> if he's using mysql, sure
<ivoks> er...
<ivoks> gene420: do you have 2 servers at all?
<ivoks> or one with 2 IPs?
<gene420> eserver 335 and hp proliant dl-590
<ivoks> ok
<ivoks> so, two of them
<ivoks> which database do you use?
<gene420> two static ips with bell business...in seperate locations
<gene420> mysql...
<ivoks> separate... like couple of miles away or room next door?
<gene420> sorry kinda of new to this side of things
<gene420> same building upper and lower level
<RoAkSoAx> ivoks, i'll have to do the change in debian/rules too right?
<gene420> so I could pull an ethernet cable between them
<J_P> Hi all
<giovani> gene420: you're hosting websites on an office internet connection
<giovani> ?
<gene420> yea ....
<ivoks> RoAkSoAx: you didn't paste everything right?
<ivoks> pih...
<RoAkSoAx> ivoks, yes, but in debian/rules they use a PVER = 2.5
<RoAkSoAx> so I just bumped it to 2.6
<ivoks> RoAkSoAx: good catch ;)
<giovani> gene420: why not use some VPSes instead?
<J_P> Is possible Real time linux with the new ubuntu 9.04?
<gene420> just for small business so far things have been working fine...6Mpbs dsl connection
<giovani> you'd get far more bandwidth, far more reliability, at far less hassle
<giovani> not to mention true redundancy, by putting them in totally separate cities/countries/datacenters
<gene420> just trying to keep the cost down ....and figured it would be a good learning experience
<ivoks> gene420: with 6mbit/s your server will serve web site without a sweat
<giovani> the cost will be lower with VPSes, I assure you
<giovani> the power required to run two full servers
<giovani> is far more costly than two VPSes
<giovani> not to mention bandwidth
<giovani> gene420: same learning experience, just physical location is different
<J_P> anyone?
<gene420> power and resources aren't really an issue becaue they need the servers running for other services like network backup and samba domain policy logins with xp
<giovani> heh
<giovani> ok
<gene420> i know what you mean thou I kinda of should just use godaddy to host them would save me some hassle
<giovani> heh, no I wouldn't ever recommend that
<giovani> I'd stay away from godaddy at all costs
<RoAkSoAx> ivoks, ok, so in case it builds, I'll just have to update the changelog saying: Bumped python version from 2.5 to 2.6?
<ivoks> RoAkSoAx: yes
<ivoks> RoAkSoAx: including a list of files where you changed that
<ivoks> RoAkSoAx: rules, control and paraview.lintian-overrides
<RoAkSoAx> ivoks, i would also need to update README.Debian ?
<ivoks> RoAkSoAx: good question...
<ivoks> ScottK: what's your opinion?
 * ScottK reads
<ScottK> RoAkSoAx: Does README.Debian currently say anything about specific Python versions?
<ivoks> ScottK: yes
<ScottK> Then I would update it.
<ivoks> it states that paraview is built with 2.5
<ScottK> Keep in mind that README.Debian is for users and not devs.
<RoAkSoAx> ScottK, it says this:  Paraview is built against python2.5 only (it works with python2.4, but you would have to compile it yourself, changing build depends and debian/rules).
<ScottK> RoAkSoAx: Alternatively you could make it build against both 2.5 and 2.6 and remove that bit entirely
<ScottK> 2.4 isn't supported Jaunty and later.
<RoAkSoAx> ScottK, doing that will imply modifying debian/rules right?
<RoAkSoAx> since there it specifies which version of python should be used
<RoAkSoAx> in a PVER variable
<ScottK> RoAkSoAx: Alsmost certainly (keep in mind I didn't look at this package)
<ivoks> you have to update both files
<ivoks> and mention that in changelog
<RoAkSoAx> ok i'll first finish building with python 2.6 and create a debdiff so you can see it
<niekie> Greetings..
<niekie> Does anyone know if Ubuntu is currently vulnerable to http://www.theregister.co.uk/2009/05/19/open_ssh_hack/ ?
<niekie> And if a fix is in the works if so?
<ivoks> kees: ^^
<ScottK> Considering the Debian package we're derived from was uploaded in January and there's a later upstream release available, I'm guessing the news isn't good.
<ScottK> I suspect cjwatson_ will be interested too
<ivoks> according to article, it's a design flaw
<kees> niekie: it requires an active MitM attack
<kees> niekie: so, as such, it is a very hard to exploit issue, but does need fixing.
<niekie> kees: I know. But still I'd feel a lot safer if it wouldn't be there ;)
<kees> niekie: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5161   no one has released fixes for it
<uvirtbot> kees: Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algori
<kees> niekie: yeah, I'd be curious to find out if the 5.2 changes can be backported easily.
<kees> niekie: as a work-around, you can follow the recommendations at the end of http://openssh.org/txt/cbc.adv
<niekie> kees: Ah! Thank you very much.
<ivoks> hip hip... hooray!
<ScottK> kees: Any idea what the downside of the workaround is (i.e. why it's not just made default)?
<niekie> The "workaround" doesn't seem to be a total fix though. In that suggested "Ciphers" list I can still see aes in CBC mode.
<niekie> So it will prefer other non-vulnerable ciphers first, but will fall back to the vulnerable ones.
<kees> ScottK: I don't, but I'd like to understand what they did to fix it in 5.2.
 * ScottK decides not to panic
<niekie> ScottK: I wouldn't worry that much about it.
<kees> yeah, we classified it as "low" when it was announced.
<niekie> I mean, the connection needs to be killed several times apparently for this to work.
<niekie> If you open a SSH session and you're suddenly disconnected, you usually don't try to reconnect another 11355 more times ;)
<niekie> (though automated stuff might, which is where this issue is more serious, AFAIK)
 * ivoks trusts kees and jdstrand with his life, so... no worries
<niekie> Heh.
<ivoks> kees: feeling pressure? :D
<kees> ivoks: yikes!
<niekie> Yeah, I've heard the legends :P
<kees> ivoks: I don't have any real medical skills.  :)
 * kees heads to dinner
<niekie> Have a great one! :)
<ivoks> kees: oh, barcelona already? :)
<ivoks> take care, /me goes to a movie
<ivoks> the movie
<ivoks> or whatever
<billybigrigger_> how would i go about setting up my mailserver if my isp is blocking port 25????
<billybigrigger_> is there a way i can use a different port? like outbound 700 or something??? cause i can recieve mail inbound but cannot send any mail
<ScottK> billybigrigger_: You would need a server outside your ISP listening on that port to relay to 25.
<billybigrigger_> do you know of any free bounce servers or anything i could use?
<jmedina> billybigrigger_: you can configure your MTA to use submission service
<billybigrigger_> what is submission service?
<jmedina> it is the recommend way, so your server users tcp/25 for receiveing mail and tcp/587
<jmedina> it is the same that smtpd but is used for other purposes for example for mail relaying using smtp+auth
<billybigrigger_> ok
<maxb> jmedina: That would not work, and is not recommended.
<jmedina> here in MÃ©xico all ISP block outgoing TCP, so we use tcp/587
<maxb> 587 is intended for *submission* from MUAs, *not* for MTA to MTA communication
<jmedina> maxb: ok, I tought he wantted submission from MUAS
<billybigrigger_> i just need outgoing port 25
<billybigrigger_> since outbound 25 is blocked
<stickystyle> billybigrigger_:  You need to look at setting a smarthost
<stickystyle> the smarthost being your ISP
<billybigrigger_> so use my isp for outbound mail?
<jmedina> for postfix I have this config it uses SMTP-AUTH to auth agains your smart host
<jmedina> http://tuxjm.net/2008/11/26/postfix_como_enviar_correo_a_traves_de_un_servidor_externo_usando_sasl_y_tls/
<billybigrigger_> would my mail come from billy@isp.com or billy@mydomain.com
<billybigrigger_> ?
<stickystyle> billybigrigger_:  Yes.  you basically relay your mail through your ISP.
<J_P> Anyone can tell me if Is possible Real time linux with the new ubuntu 9.04?
<jmedina> billybigrigger_: it depends on how your ISP is configured
<billybigrigger_> jmedina::: do you have an english translation of that page :P
<stickystyle> Since the From: header is set in the MUA, it wont matter what your ISP does.
<jmedina> billybigrigger_: not, probalby google :D
<billybigrigger_> jmedina::: i know thanks :P
<billybigrigger_> jmedina::: actually already have a spanish to english trans plugin in firefox...was looking at moving to mexico :P but the job fell through :( kinda sad about it :(
<ScottK> J_P: There is a RT kernel if that's what you mean?
<jmedina> billybigrigger_: good, what is that trans plugin?
<billybigrigger_> babelfish
<billybigrigger_> just highlight certain words in the page and pop-up comes up with the translation, or you can translate the whole page
<billybigrigger_> pretty useful
<billybigrigger_> works in a ton of languages too
<J_P> ScottK: RT kernel? where I start with RT kernel?
<billybigrigger_> can anyone suggest a good tutorial or package for configuring a turn-key mailserver? i don't need to much fancy stuff, just a simple home mail server
<ScottK> billybigrigger_: Most or all of what you need should be in the Ubuntu Server Guide.
<billybigrigger_> im not too worried about security, i just need something quick and easy, that will let me to setup this smarthost you guys talk of
<billybigrigger_> would dovecot-postfix suffice?
<stickystyle> billybigrigger_:  Wrong words to say, you should always think about security.
<stickystyle> dovecot-postfix is a very nice solution.
 * stickystyle runs dovecot + postfix for his company.
<J_P> ScottK: are you tell me about a RTAI for example?
<ScottK> J_P: I know little about it, just that it exists.
<J_P> ScottK: ok.
<W8TAH> for a dual xeon server -- should i be running 32 bit server or 64 bit?
<maxb> I think that isn't enough information to know
<stickystyle> W8TAH:  depends if the xeon's are 32 or 64 bit.
<W8TAH> oh -- ok
<W8TAH> i'll keep diggin
<philsturgeon> whats the best approach for installing mod_security in 8.04? seems to be the only version without it in the repo
<jmedina> I would compile mod_security by hand
<philsturgeon> looks like its going to be that way. was wondering if its sat in a different repo anywhere, but no worries
<maxb> Check for a PPA? If not, create a PPA!
<philsturgeon> PAA?
<philsturgeon> PPA*
<maxb> Personal Package Archive, a facility of launchpad.net by which *anyone* can have their own subsidiary Ubuntu package archive with automatic builds of uploaded source for i386 amd64 and lpia
<philsturgeon> ha, nice
<ScottK> philsturgeon: It had licensing problems and got removed.  They got fixed, but not in time for 8.04
<philsturgeon> ScottK: Indeed
<philsturgeon> unfrtunate
<billybigrigger_> stickystyle::: ok, i've setup dovecot-postfix with a smarthost, being my ISP's smtp server...
<billybigrigger_> stickystyle::: which ports do i need forwared? my mailserver is behind a router...just my imap port needs to be forward right? since outbound is handled via my isp?
<billybigrigger_> how do i find out what security postfix was built with in the dovecot-postfix package?
<billybigrigger_> im trying to setup evolution here and i want to use pop3s
<billybigrigger_> or imaps
<hggdh> billybigrigger_, dovecot-postfix does not embed either dovecot or postfix, they are depends
<hggdh> so it is whatever is the current dovecot and postfix packages
<billybigrigger_> so installing dovecot-postfix without anything else doesn't enable tls or ssl?
<hggdh> the dovecot-postfix package carries an upodated dovecot configuration. If you already have one, you will have to match & mix
<hggdh> in my case, I have to update the SSL certificates in use (so that dovecot would use mine)
<billybigrigger_> hmm
<billybigrigger_> bah this is confusing
<billybigrigger_> should a default apt-get install of dovecot-postfix work out of the box?
<billybigrigger_> i think i have my mx record set...and used a relayhost of my isp's smtp server...
<hggdh> billybigrigger_, as long as you do not have any customised dovecot or postfix, yes
<billybigrigger_> i can't seem to login via evolution using either imap or pop3
<billybigrigger_> won't accept plaintext passwords, and i can't find out what authentication type it uses
<billybigrigger_> nmap shows imap, imaps, pop3, and pop3s ports open
<hggdh> make sure you have, in your dovecot configuration, "mail_debug=yes" and "vebose_ssl=yes"; if you do not, add them in, and bound dovecot (sudo service dovecot restart)
<hggdh> s/bound/bounce/
<hggdh> then try again, and look at /var/log/messages for dovecot messages
<hggdh> and go from there
<hggdh> argh! "verbose_ssl=yes", not "vebose_ssl"
<billybigrigger_> looking at /var/log/mail.log messages right now
<billybigrigger_> hmmm
<billybigrigger_> i sent a message out to a hotmail account, and i recieved it
<billybigrigger_> now sending from hotmail to my mailserver isn't working...or hotmail is slow...
<billybigrigger_> or maybe i have something eff'd up somewhere
<billybigrigger_> dig MX mydomain.com doesn't show an MX record...
<billybigrigger_> probably why it's not working yet eh? and that's why i can send out mail, through the isp's smtp
<philsturgeon> trying to install mod_security from source on ubuntu 8.04. run ./configure and get "configure: error: libxml2 library is required".
<philsturgeon> i have libxml2 installed at /usr/lib/libxml2.so.2
<hggdh> philsturgeon, you probably also need to install libxml2-dev
<philsturgeon> done. thanks :)
<philsturgeon> next is ./Makefile right?
<sluimers> Does anyone here have experience with ispconfig?
<sluimers> ispconfig 3?
<hggdh> philsturgeon, you re-ran ,.configure, correct?
<hggdh> (and select whatever options would apply)
<philsturgeon> yes indeed. makefile was a silly guess, but it needs another step i think
<philsturgeon> ahhh... think i need to move the mod_security into apache first. oops
<philsturgeon> im confused :$
<hggdh> philsturgeon, now run "make"
<philsturgeon> ahh there we go
<philsturgeon> not done much compiling without tutorials. not a noob, i consider myself a guru in training :-)
<hggdh> :-)
<philsturgeon> make & make install were both happy. job done, thanks
<hggdh> philsturgeon, good luck now ;-)
<maxb> philsturgeon: Have you considered backporting the package from intrepid instead?
<philsturgeon> maxb: I asked on here for ideas, people just said to compile my own
<philsturgeon> done it now :p
<maxb> Yes, well, that's what I meant
<maxb> compile your own as a package :-)
<phreestyle-work> hey everyone, I was looking at the forums for a way to clear our residual config files left over from removed packages. I found a thread that tells you to use Synaptic, but is there any way to do this from the command line?
<jmedina> phreestyle-work: use purge option for dpkg
<jmedina> dpkg wont delete config files if they where modified after instalation unless you use purge option
<phreestyle-work> jmedina: can u give an example please?
<jmedina> dpkg -P packagename
<phreestyle-work> but the packages are already gone and I don't know the names of them all
<jmedina> mmm probably you can get a list from /var/log/dpkg.log
<jmedina> I dont know another way
<phreestyle-work> but the purge command from dpkg will work if the packages has already been removed, right? because if I do something like: apt-get purge old-package it won't work because the package is already been removed
<Ash-Fox> Hi, is there a way I can shut down a system as root without physical access to it without the halt, poweroff, reboot, init, runlevel, shutdown? Why am I asking? Because the server I'm in is suffering numerous drive issues and I can't shut it down via those commands, but many others are workign currently
<thirsteh> Ash-Fox, got 'cat'?
<Ash-Fox> thirsteh, yep.
<jmedina> Ash-Fox: what about ctrl+alt+supr?
<jmedina> ohh it is remote
<thirsteh> Ash-Fox, I -think- this will work, but it's a long time since I've used this. No matter what, it's temporary anyway;
<thirsteh> echo 1 > /proc/sys/kernel/sysrq
<thirsteh> echo o > /proc/sysrq-trigger
<thirsteh> that will shut down the machine entirely
<jmedina> :O
<thirsteh> to reboot, echo 'b' instead of 'o'
<jmedina> thirsteh: good tip, what does it do>?
<Ash-Fox> thirsteh, it didn't like that.
<thirsteh> Ash-Fox, how so?
<Ash-Fox> "input/output error"
<Ash-Fox> I did however find a way around it
<jmedina> Ash-Fox: which one?
<thirsteh> jmedina, the same as sysrq, o, but without physical keyboard access
<Ash-Fox> Mounted /media/cdrom as tmpfs, copied poweroff from my laptop to it, executed ./poweroff -f
<thirsteh> you almost definitely need to echo that as root by the way
<thirsteh> ah okay
<Ash-Fox> That was fun
<billybigrigger_> what kind of authentication does dovecot come with?
<billybigrigger_> im trying to configure evolution with my mailserver and i just have plaintext passwords setup as of now...
<billybigrigger_> which for obvious reasons is no good
<giovani> that's all in the documentation
<billybigrigger_> yeah but evolution is showing that no auth types are supported
<giovani> very easy to find, took me less than 10 seconds on the dovecot site: http://wiki.dovecot.org/Authentication/Mechanisms
<giovani> well check your dovecot configuration -- you have to tell it which authentication methods to allow obviously ...
<billybigrigger_> and i highly doubt the default ubuntu config for dovecot comes with plain text enabled by default
<giovani> you do? why would you highly doubt that?
<billybigrigger_> well ya i see that, but why are plain text enabled by default?
<XiXaQ> billybigrigger_, what ubuntu and how did you install it?
<giovani> because many people use it
<billybigrigger_> 9.04
<billybigrigger_> sudo apt-get install dovecot-postfix
<giovani> XiXaQ: it's not a debate ... it is enabled by default
<XiXaQ> billybigrigger_, then the secure protocols should be enabled by default.
<billybigrigger_> no, plaintext password authentication is enabled by default
<giovani> billybigrigger_: yes, we already discussed this
<giovani> that's normal, and expected
<billybigrigger_> yes, im talking to XiXaQ
<giovani> stop talking about it like it's a bug
<giovani> why don't you spend 10 seconds looking at your dovecot config
<giovani> to find out which auth mechanisms it's supporting
<billybigrigger_> ya thanks tips
<billybigrigger_>   #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
<billybigrigger_>   #   gss-spnego
<giovani> why is there a comment mark there?
<billybigrigger_> cause its in the comments maybe?
<giovani> then why are you pasting it?
<billybigrigger_>   mechanisms = plain
<giovani> that's not relevant
<giovani> ok, so add the method you'd like to use ...
<giovani> and remove plain
<billybigrigger_> oh? the list of supported auth types are relevant?
<billybigrigger_> ok
<billybigrigger_> haha thanks tips
<giovani> the list of supported auth types are in the URL I pasted minutes ago
<billybigrigger_> [16:28] <billybigrigger_> yeah but evolution is showing that no auth types are supported
<giovani> we want to know what's listed in your config as the mechanisms in use
<giovani> right, clearly because of your mechanisms line
<giovani> why is it that you can't just resolve this?
<giovani> clearly you know what the supported auth types are ... you want to show them to me? just select the one(s) you'd like to use
<billybigrigger_> i can, thanks
<billybigrigger_> i confused myself over something...
<billybigrigger_> thanks, sorry to piss you off and waste your time
<billybigrigger_> k, now i have a question of opinion, these are something i know nothing of, and have no care about...but what is a better auth method, cram-md5 or digest-md5 for a home mail server?
<giovani> if you read the link I pasted: http://wiki.dovecot.org/Authentication/Mechanisms
<giovani> you'll see a very simple rundown and comparison of the different auth types
<giovani> such as:
<giovani> # CRAM-MD5: Protects the password in transit against eavesdroppers. Somewhat good support in clients.
<giovani> #
<giovani> DIGEST-MD5: Somewhat stronger cryptographically than CRAM-MD5, but clients rarely support it.
<billybigrigger_> giovani::: thanks...maybe i should check out your post :P
<billybigrigger_> does it have a section in there about setting up MX records? :P i think i have mine screwed up, as im not recieving any mail, but i can send out
<billybigrigger_> so upon a quick read, cram-md5 is secure enough for a home server and most likely the most supported...am i correct in assuming this?
<giovani> no, dovecot is completely unrelated to MX records
<giovani> if you read the dovecot link, you'd know that, yes
<billybigrigger_> ya
<billybigrigger_> why so serious?
<billybigrigger_> :)
<billybigrigger_> i know mx and dovecot have nothing to do with each other, it was a joke, hence the smiley face at the end, but thanks
<mobi-sheep> I'm a bit confused.  I use a script that add a bunch of blacklisted servers to my /etc/hosts --> redirected to 127.0.0.1 so they would redirect themselves to nowhere.  Useful to ban ads.  However, that do not work as I still see the ads... in Prism.
#ubuntu-server 2009-05-21
<owh> Having some "fun" with postfix. Last week, email was being filtered because an ironport server decided I had a "poor reputation" - which turned out to be because emails to root were being sent to the internet. I fixed that by setting "mydestination = localhost.localdomain, localhost" in main.cf - all good ...
<owh> Now I have a problem where mail is filtered because my local mail name does not match my dns mail name, as-in, post fix identifies itself as: "localhost.localdomain", not my dns name. How do I fix this?
<giovani> owh: set mailname
<owh> Well, to fix the first problem, that is now set to localhost.localdomain, rather than my dns name which is what it was.
<owh> If I set it to my dns name, then mail to root gets routed along the internet.
<giovani> it shouldn't
<giovani> that doesn't make any sense, honestly
<giovani> where is this mail being 'routed" to on the internet?
<giovani> what's the destination address?
<owh> To an external SMTP server, initially it was being sent to the non-existent address root@mydomain
<giovani> to WHAT external smtp server?
<giovani> if it's being sent to root@mydomain.com and you own mydomain.com -- this cannot earn you a bad reputation, since nobody but you will see that mail
<owh> The one that is in the MX record for mydomain.
<giovani> wait ... you didn't set mydomain?
<giovani> sigh
<owh> Well, I'm not the smtp server for my domain.
<owh> This is a stand-alone server that sends out VoIP logs every week.
<giovani> why do you need postfix to send out logs?
<giovani> that's serious overkill
<owh> The reputation was because of a poor configuration on the external smtp server.
<owh> This server will eventually become the local mail server within the organisation.
<owh> Is the problem because mydestination *had* mydomain as an endpoint, until I changed it?
<owh> You wrote: "wait ... you didn't set mydomain" -- what did you mean?
<owh> Other than that it made you sigh :)
<owh> When it was broken, before last week, /etc/mailname was set to mydomain.com and mydestinations was localhost.localdomain, localhost, mydomain.com -- that sent root emails to root@mydomain.com, which was being sent to the internet.
<owh> If I set /etc/mailname to mail.mydomain.com, then mail to root gets sent to root@mail.mydomain.com, not to the local server.
<owh> Do I also need to change my hostname and domain, in addition to the postfix settings?
<owh> I really don't want to do that, the machine is known by its local name, not as mail.mydomain.com
<jmedina> owh: so you want mails sent to root go to the local root?
<owh> Yes - in essence.
<Rafael_> can somebody provide help with backups or sync of data files with an NAS?
<jmedina> owh: what I do is create a transport entry for root
<jmedina> I add this to /etc/postfix/main.cf
<jmedina> transport_maps = hash:/etc/postfix/transport
<jmedina> and then create /etc/postfix/transport with the follow content:
<jmedina> root@mydomain.com      local:
<jmedina> and:
<jmedina> postmap /etc/postfix/transport
<jmedina> restart postfix and you are done
<jmedina> of course I recommend to create a local alias for root
<jmedina> this way postfix wont try to send root's mail to a external account when mydomain is hosted in a external server
<jmedina> Rafael_: dont you NAS provide a backup system/feature?
<Rafael_> jmedina: it is a linksys nas 200, i believe they only do it for windows, my server is ubuntu, and i would like to backup the data only from the server to the NAS
<mattt> anyone here running a xen dom0 on jaunty?
<owh> jmedina: Hmm, that's an interesting approach. I think I've managed to find out what is wrong at this end though. dpkg-reconfigure postfix showed me a different mailname than /etc/mailname, and I suspect that this is what caused the problem. Now that I've made them both the same, it *appears* to work :)
<owh> Rafael_: Does the NAS run rsync ? I have a WD MyBook World Edition II and after some "tweaking", it now runs rsync and I backup to it with a simple rsync command.
<owh> Rafael_: The alternative is to mount it with samba and copy to the mount point.
<jmedina> yeap mount it and backup
<jmedina> smbmount //NAS/share /mnt/NAS -o username=writeuser
<jmedina> you need smbfs package
<Rafael_> owh: how can i know if it runs rsync?, i have ubuntu server and on top while i learn i have the desktop version, i have samba install and i can see it from Ubuntu desktop on the network area. how can i see it form the command prompt?
<Rafael_> owh: does the rsync needs to be installed on the NAS or on the ubuntu serever?
<owh> Rafael_: An rsync server needs to be running on the NAS for rsync to work.
<owh> Rafael_: Your ubuntu workstation/server then needs to run an rsync client to talk to the rsync server. samba is simpler.
<jmedina> you can mount the share and then use rsync to copy/sync data
<Rafael_> owh: if i can see now the NAS from the desktop version, isisnt it already connected thru samba?
<owh> Rafael_: Well possibly, it's more likely connected via gnome_vfs.
<Rafael_> other question i have, does rsync makes a backup copy or i will be able to see the data, if you dont mind let me elaborate a little bit more
<Rafael_> i have windows clients connecting to the ubuntu server (i am a newby), they store data like word, jpeg, pdf files in the server, lets say this files are saved in the folder called "main", i would like "Main"to be copy to the NAS so if the server is down my window client can see them from the NAS
<jmedina> Rafael_: so, why dont you mount your NAS share, and then cp -a /sambadata/main /mnt/NAS/
<jmedina> or even better
<jmedina> rsyn -a /sambadata/main /mnt/NAS
<jmedina> so next time you can only backup only changed data
<owh> +c
<owh> Rafael_: You need to understand that there are two "modes" in which rsync operates, local and network mode, I was talking about the network mode, jmedina is talking about the local mode.
<Rafael_> jmedina: Thanks, but can you said it in simplier to understand..(sorry for my being newby), and is the data store as is or as a backup extention, also looking over the net i have seen unison and synkron..what would be the direrence
<Rafael_> Also, i am planning to palce a second NAS at home to also do the sma thing from the ubuntu server..will this be easy with rsync?
<jmedina> Rafael_: I already give you a full solution
<owh> Rafael_: Most of the tools you'll find on the net, with whatever name they dream up, are using rsync underneath - that's a wild assumption, but more or less valid. jmedina provided you with the outline of what is needed. If you're going to do this across the Internet, you'll likely have issues with exceeded bandwidth limits, timeouts and backups going longer than 24 hours.
<owh> Rafael_: You'll also have to deal with the "first" backup, the one where the NAS is empty. And finally, you'll need to deal with users moving a whole tree, which rsync won't notice, it will see new files and deleted files, not moved files.
<owh> Using a NAS as a failover is not really a smart solution. Making your server more robust is likely more effective. A NAS in your stated environment is better suited to an archival backup IMHO.
<owh> A NAS for a few users, fine, it's like a baby server. Once you hit multiple users, not so fine.
<owh> Unless you have a real NAS :)
<Rafael_> owh and jmedina: thanks so much, so far you 2 have help me a lot, my plan was not for users to use the NAS but the server, in case of crash or server down then the clients can acess the NAS
<owh> Is it on purpose that /etc/mailname and dpkg-reconfigure postfix [mailname] are not the same, or is that a "feature"?
<jmedina> owh: probably postfix is charooted and then /etc/mailname is /var/spool/postfix/etc/
<ScottK> Yes, we chroot Postfix by default.
<jmedina> I never use myorigin = /etc/mailname
<jmedina> I prefer to use myorigin = mydomain.com directly
<owh> So, is this a trap for young players, or did I do something wrong?
<owh> Or does /etc/mailname not matter and I used it as a red herring?
<Rafael_> owh: I was planning to do the backup process at nigth and if i do the first backup of the NAS insde the netwrok and tehn take at home for nigth backups and incremental will there be bandwidth problems?
<Rafael_> jmedina: one more tiem thanks...i knwo you give me directions but for somebody like me new, how should i implemtn and do this in an easy way, were should i start?
<jmedina> Rafael_: if you want automatic backups full/incremental you can install backuppc it support backup on shared folders using cifs+rsync
<owh> Rafael_: That depends on how much data there is, how wide your pipe is, how much data is moved and if network outages occur. In some parts of the world bandwidth is charged by Mb, so you might also see a data charge which might run into thousands of dollars if you're unlucky. Let me say this again:
<jmedina> your NAS provides cifs shares
<jmedina> I think is easier and with a web interface
<owh> Rafael_: ** YOU CANNOT GUARANTEE ** that a backup completes in 24 hours, so running multiple backups over the top of each other is a recipe for problems.
<owh> Rafael_: Over a slow WAN, this is especially true. Over a LAN it's possible, but not probable.
<owh> Rafael_: All I'm saying is "Administrator Beware".
<Rafael_> owh: do not understant your last line, please expalin?
<owh> Rafael_: When you are the administrator of a system, you are responsible for the pitfalls of that system. If you create an elephant, you are in charge of its nurture. If you create a backup system that explodes, it's your neck. So, "Administrator Beware".
<Rafael_> ok i got it
<owh> Rafael_: The minefield you just stepped into is one where great pain awaits if you're not careful.
<Rafael_> so is the solution that jmedina gave me better with bckuppc?
<owh> backuppc uses rsync :)
<Rafael_> owh: so in your opinion, where should i start, and how should i do this?
<Rafael_> owh: in relation to 24h backup...if i bring the 2nd NAS at the office and do the first backup there woulnd the incremental be faster over the net?
<owh> Rafael_: Start as jmedina suggested. Mount the NAS partition locally on your server using samba. use rsync to backup to it. Monitor the backups and see what you learn about the behaviour of your users. Expand the system as required.
<owh> Rafael_: In a small LAN I run there is a NAS used like you're proposing. In addition there are two physical drives that alternate daily - a user comes in and removes the old drive and adds the new one. The server has RAIDed disks.
<Rafael_> owh: thanks so much and sorry for so many question...how do i mount the nas on the server?
<owh> On the Phone
<Rafael_> owh: on the phone...i can call if you tell me where?
<jmedina> :D
<ScottK> Rafael_: He's saying he's on the phone and can't pay attention right now.
<Rafael_> thanks ScottK, i guess was a dum comment mine/,
<ScottK> It's not a problem.
<Rafael_> do you know how to  Mount the NAS partition locally on your server using samba.
<ScottK> I don't know a thing about Samba.
<owh> Rafael_: jmedina gave you the basics of the mount command. I suggest you look for some examples in the manpage.
<Rafael_> in the mainpage of ubuntu, samba or rsync?
<owh> samba
<Rafael_> Also he said:  cp -a /sambadata/main /mnt/NAS/ and then he said better rsyn -a /sambadata/main /mnt/NAS, so should i try the later one?
<owh> Rafael_: The first command copies all the files. The latter will only copy the difference, but the command is rsync, not rsyn, and you should also look at the --delete flag.
<Rafael_> what do you mena with "delete flag
<owh> Rafael_: read the rsync manpage
<Rafael_> ok will do my homework, thanks so much
<owh> Excellent.
<Rafael_> owh is very hard to find people as helpfull and friendly as you, thnaks so much
<owh> And here I thought I was being abrupt :)
<Rafael_> absolutely not
<owh> Give it time :)
<TimReichhart> hey guys I am just wondering if you guys could help me out I want to know if there is anyway that I can watch my incoming and outgoing mail logs on dovecot/postfix?
<owh> tail -F /var/log/mail.log
<TimReichhart> alright can I do that in a link some how?
<giovani> what do you mean by a link?
<TimReichhart> like say domain.com/smtp then it will show the logs
<giovani> you mean you want your mail logs displayed via a web server
<giovani> I wouldn't advise that
<giovani> what's wrong with sshing into the server and looking at the logs?
<TimReichhart> well see only people with admin rights will be able to see it
<ScottK> Right.  That's a feature, not a bug.
<giovani> how are you authenticating them?
<giovani> it seems overly complex to set up an entirely separate auth system on a web server just so that people can see logs they can see right on the server with proper permissions
<TimReichhart> there is only going to be 2 admins so when they click on the link its going ask for a password
<TimReichhart> its going to be setup as .htaccess
<giovani> TimReichhart: well, you can create a symlink to the file if you really want
<giovani> but I don't see the advantage here -- it only increases risk
<TimReichhart> well can you please tell me how to do that giovani
<giovani> ln -s /var/www/smtp-log /var/log/mail.log
<giovani> or whatever your mail log is named
<TimReichhart> alright thanks
<giovani> oh I apologize
<giovani> that's backwards
<giovani> ln -s /var/log/mail.log /var/www/whatever
<TimReichhart> thank you for your help
<owh> I'm in the process of investigating implementation of google apps for a client domain. There is a local ubuntu server within their lan, but they like the integration that google offers. What I'd like to figure out is: "If I migrate them all to google apps, how can I configure the ubuntu server to act as their local mail server, so internal email stays on the LAN and they have local IMAP access?" or am I creating a world of pain?
<ScottK> It's doable within the constraints of Gmails IMAP implementation is weird.
<owh> Is that sentence missing a word or two ScottK?
<ScottK> Not particularly.
<ScottK> Just Google has an odd approach to IMAP (I don't recall the details), so test first.
<owh> Ah, right. Yes, it hasn't got folders, it has "labels".
<ScottK> You would have to figure out how to fetch the mail from Gmail.
<owh> fetchmail :)
<ScottK> Fetchmail comes to mind, but then you get into Gmails POP implementation is weird.
<ScottK> So I'd test first.
<owh> Same weirdness AFAIK.
<ScottK> It's been a while since I was required to care, so I don't remember.
<owh> Fair enough.
<owh> So, if I use google as my smarthost, then if I'm not careful, the email will be going out as "on behalf of", or does that no longer happen if you are running premier edition?
<owh> Or should I avoid google as my smarthost altogether?
<twb> What are google apps?
<owh> twb: Google offers a whole bunch of integrated cloud applications under the name of google apps.
<owh> Things like gmail/contacts/calendar/sites/moderator/ etc.
<ScottK> owh: All large scale commercial mail providers have at best mediocre reputations from a spam scoring perspective.  If you have a decent volume, you can do better.
<owh> ScottK, hmm, I've seen exactly the opposite, as-in, I've been using google for domain clients with excellent results and very little mis-representation. Local spam filters on the other hand appear to be an ongoing maintenance headache.
<ScottK> I guess i wasn't clear.
<ScottK> I meant the other way around.
<owh> Ah, as a sender?
<ScottK> If you use Google outbound, your reputation looks mediocre
<ScottK> Yes.
<owh> Right.
<owh> Well, that's an interesting observation.
<owh> And on the up-side, it means I can control sending limits locally :)
<owh> I'll mull over that for a bit. Tah.
<ScottK> That too.
<ScottK> owh: If you do it yourself, please do outbound virus scanning.
<owh> Local workstations are running AVG 8.5, are you suggesting additional scanning?
<ScottK> One way you can shoot yourself in the foot very quickly is to have a compromised windows box spew through your relay.
<ScottK> Yes.
<ScottK> I like AVG, but Windows has inherent zero day risk even with good scanning.
<ScottK> I use clamav + clamsmtp with good effect.
<owh> That's true, but that opens up a whole can of worms in terms of keeping the additional AV scanner up to date and functioning.
<ScottK> Not really.
<ScottK> One of the good things about Ubuntu is we basically do that for you.
<owh> Well clamav will need to be kept up to date won't it?
<ScottK> Yep.
<owh> As in, the database.
<ScottK> By default, freshclam checks for new signatures every hour
<ScottK> We also update the engine once the new ones are tested.
<ScottK> Unlike most packages, with A/V "stable" means falling behind, so you have to try to pace the threat.
<owh> So, the engine package is updated regularly with database updates which replicate the freshclam updates?
<owh> Or am I misunderstanding?
<ScottK> Database (signature) updates come based on the freshclam check.
<ScottK> Engine updates are regular package updates and come that way.
<ScottK> First we have them in a PPA for integration and testing, then in *-backports, and finally to *-updates/security after thorough testing.
<owh> So, does the security updates contain the database updates as well, or is one supposed to run freshclam *and* update the package regularly?
<owh> I think I got waylaid when you said: "One of the good things about Ubuntu is we basically do that for you."
<ScottK> On the phone
<owh> I took that to mean the signatures and the application, but I'm suspecting that's not the case.
<owh> c.
<owh> ScottK, sure I'll phone you <grin>
<ajmitch> owh: as long as you're willing to pay for the phone call :)
<owh> ajmitch: It was a reference to a previous comment where I was on the phone, typed "Phone" and the person I was talking to thought I was offering to support them via the phone. sk came along to clarify - I was having a little dig :))
<ScottK> owh: Back.
<owh> Hey
<owh> Having fun with ajmitch :)
<ScottK> owh: What I meant was that all you need to do to keep your clamav up to date is do your normal system updates.
<ScottK> If you look at the package history, you'll see we update clamav a lot; https://launchpad.net/ubuntu/+source/clamav/+publishinghistory
<owh> Right, but freshclam does the signatures separately in addition to that -- right?
<ScottK> Yes.
<owh> Now I'm on the same page :)
<owh> It's old age, gets you every time. Next my hair will start falling out I'm told :)
<owh> So, run an smtp server locally, run clamav, run fetchmail to google, deliver to imap, sounds too simple :)
<ScottK> Also if there is a security issue with a particular module in clamav, upstream can turn that module off remotely via the updates so the insecure code doesn't run.
<ScottK> Then when we issue the security patch, we can turn it back on.
<owh> That sounds excellent.
<owh> With the risk of getting my head bashed in. The server is currently offering workgroup file/print services. I've been steadily cleaning up the workstations to the point where I'm getting ready to run as a domain controller so I can centrally manage the lot. When I create user accounts in that scenario, it would be grand if their imap accounts were part of the same account.
 * owh is guessing that I'm going to need to run openldap to achieve that.
<ScottK> So now you're getting into stuff I don't know a lot about.
<owh> Lets stay on your solid ground. IMAP accounts?
<owh> Can they be "virtual", as in, not mapped to linux user accounts.
<ScottK> Yes
<owh> They're then stored somewhere on the file-system in a tree right?
<ScottK> Yes.
<owh> Or in a database?
<ScottK> Dovecot handles all that.
<owh> Cool.
<ScottK> I think in the file system.
<owh> How do I manage users?
<owh> Is there an RTFM I should be consulting>
 * ScottK is finding said FM ATM
<owh> Phone
<ScottK> owh: What release of Ubuntu will you be using?
<ScottK> owh: (assuming 9.04): Here is where I would start - https://help.ubuntu.com/9.04/serverguide/C/email-services.html
<owh> 8.04lts - still phone
<ScottK> https://help.ubuntu.com/8.04/serverguide/C/email-services.html then
<ScottK> Also http://www.postfix-book.com/ is a must.
<Rafael_> owh: i was chtting with somebody on the samba chat, can you take a look at: http://paste.ubuntu.com/176861/ accessing the nas, should the user be with passowrd or not
<carlgibson> hellos
<carlgibson> anyone available for a quick question?
<ScottK> !ask | carlgibson
<ubottu> carlgibson: Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<carlgibson> i just placed some automount lines in fstab, and rebooted the system.  The mounts failed to occur, but now the physical drive is not appearing in the /dev folder and fdisk is failing to fins the physical drive and the partitions.  Any suggestions on where to go from here?
<carlgibson> at this point i have restored fstab back to its original state without the lines i added
<carlgibson> the mounts were working when i did them manually before placing the lines in fstab
<Rafael_> i just connected with putty and see on the terminal prompt that i have "new mail"how can i check it
<tomsdale> what would you guys recommend as a cheap webserver (rackmount) to install ubuntu on? get a used dell powerblade off ebay? any other tips?
<Alex_21> Hi, when launching Songbird I get "songbird: error while loading shared libraries: libjemalloc.so: cannot open shared object file: No such file or directory"
<Alex_21> Please help
<ScottK> Alex_21: How is that related to Ubuntu Server?
<Alex_21> It is on my media server. I asked in #Ubuntu but being blind I find it to be too high traffic
<Alex_21> So I asked in here
<ScottK> Alex_21: What Ubuntu release are you running?
<ScottK> Alex_21: If you are running Jaunty, 9.04 you need to install xulrunner-1.9
<uvirtbot> New bug: #378920 in samba (main) "WebDAV fights Samba, WebDAV wins, Windows looses. Blame it on RUN_MODE=inet." [Undecided,New] https://launchpad.net/bugs/378920
<owh> Right, finally off the phone.
<owh> Thanks for your links ScottK.
<ScottK> owh: You're welcome.
<owh> Did I mention how much I *love* USB modems and NetworkManager? I've been on the phone attempting to determine why NM decided that the USB modem should stop working for no apparent reason. Lovely. Suffice to say that the Sierra Aircard is not stable under Hardy :( --- meanwhile back at the ranch, it's time for lunch :)
<oh_noes> is it possible (even via a special kernel or something) to allow a non root PID to bind to priviledged ports?
<ScottK> oh_noes: What problem are you trying to solve?
<owh> Is there any particular reason you need to do this, to me it looks like a security breach waiting to happen.
<oh_noes> because we're an ISV and we have our own listeners, syslog, ntp etc.
<oh_noes> at the moment we're running as root
<oh_noes> the priv ports is the ONLY reason it needs to run as root, so I'd like to get around it
<oh_noes> solaris has net_priv_auth permisisons which makes it really easy
<oh_noes> and we know solaris is 74x more advanced than linux, but iwas hoping there was a project in the midst that could handle this
 * owh scratches head and chews on lunch.
<ScottK> Could be, but I haven't needed such a thing, so I don't know.
<owh> ScottK, does postfix run as root?
<ScottK> Some parts of it do.
<ScottK> It's got a segmented architecture and each bit runs with the minimum needed permissions.
 * owh guesses that the listener is part of that part :)
<owh> Could you forward services to unprivileged ports?
<ScottK> Sure.
<ScottK> Or via some other kind of socket.
<owh> I suppose you could make an iptables rule that did that, so ntp would magically appear on a non-privileged port.
<owh> oh_noes: Would that help you?
<oh_noes> not really
<oh_noes> It's a workaround
<oh_noes> the crust of the problem is all our apps are java, and in java there is no conception of 'start as root, then spawn a non root pid' (like what apache does)
<owh> Ahh.
<oh_noes> iptables wont help because the app is running as non-root.   And I doubt a non-root user can modify iptables
<owh> oh_noes: So, what about running two independent processes, one as root, one as non-root.
<owh> The iptables would be a one-off configuration, something the administrator does once. Not a dynamic thing.
<oh_noes> well thats the problem, our stuff can bind to any port at any time
<owh> What does the java code actually do?
 * owh is thinking that inetd opens and closes privileged ports on demand. Or is that the wrong end of the conversation?
<oh_noes> Stuff that doesnt need root permissions
<owh> oh_noes: Let's approach this from another angle. How does sloaris deal with this?
<oh_noes> usermod -K defaultpriv=basic,net_privaddr NONROOTUSER
<oh_noes> done
<oh_noes> they can now bind to < 1024
<owh> Well, google came up with this: http://www.debian-administration.org/article/Running_network_services_as_a_non-root_user.
<owh> And the first idea is an iptables rule :)
<owh> But there are other ideas too :)
<owh> And here is another: http://www.jscape.com/secureftpserver/docs/index.html?runningasnon_rootuserinun.htm
<owh> It talks about using xinetd to do the redirect.
<rcsheets> i'm looking for an MTA (or better yet an example postfix configuration) for a development server, where i want mail to look like it's sent successfully to any address, but where it's actually just all dumped into one mailbox, so it doesn't escape into the wild.
<ScottK> I recall discussions of a setup for doing that with postfix, but not the details.
<rcsheets> believe it or not i'm a little lost on what to google for...
<ScottK> heh.
<rcsheets> can you think of any terms you'd use to describe that?
<ScottK> Look on postfix.org in the add-ons section.  Maybe it's there.
<rcsheets> hmm ok
<ScottK> oh_noes: The authbind thing sounds at least vaguely like what you were looking for.
<owh> When google doesn't tell you the answer, you know that the question's the problem :)
<rcsheets> yeah, definitely :)
<rcsheets> i was hoping there would be some commonly used term for this kind of configuration. it seems like it would be useful in a lot of cases.
<owh> Yay! PPC-1 has landed in Sydney - we're going to get connected to the Internet thingy soon :)
<rcsheets> yay the series of tubes!
 * owh is currently typing via string.
<owh> rcsheets: You sure have a tricky question to google for :)
<rcsheets> yeah i've noticed... :-\
<rcsheets> man, it's a lot more calm in here than in #ubuntu
<owh> rcsheets: postfix force local delivery came up with: http://www.softwarefreedom.org/blog/2008/jan/09/postfix-secondary-mx-local-deliver/
<rcsheets> i also just found tihs: http://thedrupalblog.com/configure-your-development-server-deliver-all-mail-locally
<owh> I have no idea if it's gonna help, but it might :)
<rcsheets> thanks i will look at that
<owh> oh_noes: Did you see the links?
<oh_noes> yep ta
<oh_noes> probably not what i want and def overkill
<oh_noes> but might suffice for a workaround
<wizardslovak> hello people
<owh> oh_noes: I saw a reference to privileged tcp ports, but I think it's a red herring: http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1242882365194+28353475&threadId=615536
<owh> wizardslovak: No people here, just monkeys :)
<wizardslovak> owh: i knew monkeys are great with ubuntu
<owh> wizardslovak: We eat them among ourselves :)
<wizardslovak> owh: roasted tastesss soo good, back to ubuntu tho
<owh> wizardslovak: For that to happen you need to actually ask a question.
<wizardslovak> well so far i have none tho , still cant make dovecot work
<rcsheets> beautiful. got it working.
<owh> rcsheets: For the logs, how did you do that?
<rcsheets> oww. and then i jabbed the corner of a motherboard into my leg.
<rcsheets> fsck
<rcsheets> started with a "local delivery only" postfix configuration
 * owh shudders to imagine the state of the development server and the blood coming from rcsheets' leg.
<wizardslovak> lol
<rcsheets> then created this /etc/postfix/transport file (2 lines):
<rcsheets> rcsheets@fry.localdomain local:
<rcsheets> * discard:
<wizardslovak> only think i am looding are nervers
<ScottK> It all MTA configuration wanted was a little blood, then it's user friendly.
<ScottK> It/If
<owh> Hey, we're not talking about sendmail here :)
<rcsheets> which configures mail destined for my address *only* to use the local transport, and for everything else to be discarded
<rcsheets> then added to the end of /etc/postfix/main.cf the following two lines:
<rcsheets> transport_maps = hash:/etc/postfix/transport
<rcsheets> always_bcc = rcsheets
<owh> Niiice.
<rcsheets> and finally reloaded postfix with:
<rcsheets> sudo postmap /etc/postfix/transport
<rcsheets> sudo /etc/init.d/postfix reload
<rcsheets> and voila!
<rcsheets> i get this in the logs for the discarded original...
<rcsheets> May 21 01:29:31 fry postfix/discard[11151]: 76D125FE2B: to=<test@example.com>, relay=none, delay=0.1, delays=0.09/0.02/0/0, dsn=2.0.0, status=sent (example.com)
<rcsheets> (note the postfix/discard)
<ScottK> rcsheets: One caution:  If the always_bcc deliver fails, it will create a real bounce message.
<rcsheets> and my copy:
<rcsheets> May 21 01:29:31 fry postfix/local[11150]: 76D125FE2B: to=<rcsheets@fry.localdomain>, relay=local, delay=0.12, delays=0.09/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
<rcsheets> ScottK: won't that real bounce message just get discarded?
<ScottK> No.
<rcsheets> where would it go?
<ScottK> It may, but I'm not sure.
<wizardslovak> its making me nuts, 2nd week and still cant make it work
<rcsheets> well, how shall i make that happen... change the always_bcc to a nonexistent username?
<rcsheets> might as well find out how it fails now rather than later
<ScottK> rcsheets: Make it fail on a message from an address that it won't be embarassing to have get the bounce.
<rcsheets> which from are we talking about?
<rcsheets> sendmail -f <this?>
<ScottK> Mail From
<ScottK> rcsheets: Yes
<rcsheets> k
 * ScottK goes off to be.
<ScottK> be/bed
<rcsheets> well, please don't stop doing that
<ScottK> Proving i should
<ScottK> Good night
<rcsheets> thanks for the advice :)
<wizardslovak> when i send mail to my gmail account , i am getting user@server1.wizzy.us as sender, what should i change to be user@wizzy.us?
<wizardslovak> change hostname?
<rcsheets> you shouldn't need to change the machine's actual hostname
<rcsheets> how are you sending the mail?
<wizardslovak> from shell
<wizardslovak> mail user@wizzy.us
<lamont> see /etc/mailname
<wizardslovak> ok i changed /etc/mailname and it wrks
<wizardslovak> thx ;)
<rcsheets> with always_bcc = nonexistent, the bcc copy is discarded as well as the original
<rcsheets> so no mail is generated
<rcsheets> just two discards
<rcsheets> cool! :D
 * rcsheets hugs postfix
<wizardslovak> what do you use with postfix cyrus or dovecot?
<rcsheets> i have always used dovecot, though on my production mail system i now use dbmail
<wizardslovak> i am having problems with dovecot
<wizardslovak> http://pastebin.com/m39cc404
<rcsheets> perhaps you should try setting postmaster_address ?
<wizardslovak> ??
<wizardslovak> my problems are ssl
<rcsheets> well it does mention
<rcsheets> Fatal: postmaster_address setting not given
<rcsheets> SASL != SSL
<rcsheets> i would fix the obvious one first
<rcsheets> which is simply "please set this setting or i won't work"
<wizardslovak> ok  can you help me with it?
<rcsheets> with setting postmaster_address?
<wizardslovak> yes
<rcsheets> this seems relevant. http://www.dovecot.org/list/dovecot/2007-March/020434.html
<rcsheets> which directs the user to read the dovecot wiki about lda
<rcsheets> i have never used dovecot's LDA, so i'm not particularly experienced with that, but you might start on the dovecot wiki
<wizardslovak> i ordered book about postfix and dovecot
<wizardslovak> can you actually help me?
<wizardslovak> i like to chat more then read whole book to find one little think
<rcsheets> i have suggested reading the dovecot wiki entry about lda. did you want me to read it for you?
<wizardslovak> nooo
<rcsheets> i don't know how to fix your problem. i would have to do the same research to fix it that i'm suggesting for you to do.
<wizardslovak> ok what about sasl?
<rcsheets> have you googled for that error message? i've never seen it before.
<wizardslovak> for about 2 weeks i did chat with couple people here about it , but i cant make it work
<wizardslovak> i will post it on launchpad
<wizardslovak> maybe there
<rcsheets> this mailing list thread may be helpful. https://lists.ubuntu.com/archives/ubuntu-users/2007-July/118466.html
<wizardslovak> i am on wiki.dovecot.org and there are lots names with lda
<wizardslovak> which should i read?
<rcsheets> i would think http://wiki.dovecot.org/LDA and http://wiki.dovecot.org/LDA/Postfix
<rcsheets> the other ones (when i search for lda) seem to be mostly LDAP and other MTA specific things
<rcsheets> like qmail, exim, etc.
<rcsheets> you're using postfix so you don't need to worry about qmail, exim, etc.
<wizardslovak> well i am trying to use squirrelmail
<rcsheets> ok...
<wizardslovak> i can log in and check mail , i cant send or receive mail tho
<rcsheets> i would tackle sending and receiving separately
<wizardslovak> i left note on launchpad.net so hopefully ill ge answer
<wizardslovak> if not i will have to "reinstall" dovecot+postfix
<uvirtbot> New bug: #358616 in php5 (main) "php5 crashed with SIGSEGV in start_thread()" [Medium,New] https://launchpad.net/bugs/358616
<uvirtbot> New bug: #360947 in php5 (main) "php5 crashed with SIGSEGV in curl_global_cleanup()" [Medium,New] https://launchpad.net/bugs/360947
<uvirtbot> New bug: #356359 in php5 (main) "php5-cgi crashed with SIGSEGV in vspprintf()" [Medium,New] https://launchpad.net/bugs/356359
<uvirtbot> New bug: #284661 in php5 (main) "php5 crashed with SIGSEGV in execute()" [Medium,New] https://launchpad.net/bugs/284661
<kwork> http://paste.ubuntu.com:80/177027/ <--- any suggestions ?
<macno> kwork: LTS does not upgrade automatically https://help.ubuntu.com/community/IntrepidUpgrades#Network%20Upgrade%20for%20Ubuntu%20Servers%20(Recommended) , and if you're root you don't need sudo ;)
<kwork> macno, tnx, just too used to sudo lately :P
<kwork> otherwise i do know that sudo runs command as root
<jetole> does anyone know how to get vim to recognize crontab syntax in server 9.04, I set syntax on in vimrc and when I run crontab -e, it says that command is not supported in this version
<jetole> nevermind, just figured it out by editing ~/.selected_editor to just say vim
<kwork> i have two nics both have diffrent ips on diffrent networks
<kwork> i need diffrent gateways for diffrent interfaces
<kwork> but when i add gateway to both interfaces i can access only one interface
<kwork> rather then both
<PhotoJim> kwork: you can't have two default gateways.  you have to create routing rules to decide which traffic goes onto which NIC.
<kwork> the thing is i can set route to network without gateway just fine
<kwork> but when i specify gw
<kwork> route add -net networkadr/prefix gw gwip dev ifdev
<kwork> and i get no such proccess
<j0nr> hi all. I am trying to set up my own web server, (basic user here) so taking it slowly step by step. I just installed apache2 and as far as I am aware, as default shouldn't I be able to view /var/www/index.html now from the web?
<kwork> if its running
<kwork> netstat -an | grep 80
<kwork> netstat -an | grep www
<kwork> one of them
<j0nr> what will that do?
<j0nr> well both return nothing
<j0nr> so what does that mean...port 80 not open or something?
<kwork> you dont have webserver running probably
<kwork> /etc/init.d/apache2 start
<j0nr> i did do that tho...
<W8TAH> ive gotten 4 used servers -- they are dual xeon 2.0 or 2.4 ghz -- because they are used, i dont have original system specs etc.   How can i tell if i should be running 32 bit or 64 bit server edition?
<macno> W8TAH: uname -a
<W8TAH> theres no os installed on them at this time
<W8TAH> im still in setup phase
<giovani> you boot into a livecd
<W8TAH> oh - -ok - -makes sense -- thanks
<giovani> and cat /proc/cpuinfo
<kwork> j0nr, check the apache error log then
<W8TAH> thanks giovani
<W8TAH> :)
<j0nr> [Thu May 21 12:08:12 2009] [alert] No active workers found... Apache is exiting!
<j0nr> but that was over an hour ago
<j0nr> i have tried /etc/init.d/apache2 start since then and no error message
<niekie> Odd.
<macno> j0nr: /etc/init.d/apache2 status what returns?
<j0nr> macno: no status command available
<j0nr> how can i check if apache is running or not?
<macno> j0nr: ps -ef | grep apache
<niekie> Uhh... uname -a won't tell you if you should be running 32 bit or 64 bit.
<niekie> It will tell you *IF* you're running 32-bit or 64-bit.
<macno> j0nr: which version are you using?
<niekie> It'll say nothing about if your processor is capable of 64-bit.
<niekie> W8TAH: I'd consider just trying out booting 64-bit. You'll find out soon enough if it fails. (might waste a CD that way, though :\)
<j0nr> macno i did apt-get install apache2
<niekie> W8TAH: you can also run 32-bit Ubuntu on a 64-bit system fine.
<j0nr> macno: no result from ps
<niekie> W8TAH: but you'll miss specific features offered by 64-bit platforms though.
<j0nr> macno: root@server:/var/log/apache2# /etc/init.d/apache2 restart
<j0nr>  * Restarting web server apache2
<j0nr> httpd (pid 27714?) not running
<j0nr>    ...done.
<niekie> W8TAH: like being able to address a bigger amount of memory.
<j0nr> [Thu May 21 12:19:06 2009] [warn] pid file /var/run/apache2.pid overwritten -- Unclean shutdown of previous Apache run?
<j0nr> [Thu May 21 12:19:06 2009] [notice] Apache/2.2.8 (Ubuntu) configured -- resuming normal operations
<j0nr> [Thu May 21 12:19:06 2009] [alert] (12)Cannot allocate memory: apr_thread_create: unable to create worker thread
<j0nr> [Thu May 21 12:19:06 2009] [alert] (12)Cannot allocate memory: apr_thread_create: unable to create worker thread
<j0nr> [Thu May 21 12:19:08 2009] [alert] No active workers found... Apache is exiting!
<macno> j0nr: have you edited apache2.conf or something else?
<j0nr> macno: only looked thru it, didn't think I changed anything
<Eoch> Is there a way to tunnel traffic through ssh without having to redirect through local host?  I have an app that uses like tcp 4000 and 6000 and it goes from one machine out to many machines on the same ports, so I don't really want to create separate redirective ports and send to localhost if I don't have to.
<j0nr> macno: sorted, apache2-mpm-prefork solved it. thanks :)
<W8TAH> hi folks - -i booted a live CD did cat / proc/cupinfo looking for info as to wether my cpus are 64 bit or 32 bit pentiums - its not specifically listed that i can see - -i also tried uname -a and the only indicator in there was that it mentioned i686
<W8TAH> can someone help me out please?
<aptanet> is dmidecode on there? that has a detailed section on the cpu
<W8TAH> is that a piece of software?
<aptanet> yup, it's in /usr/sbin on my debian box
<W8TAH> yup - -its there - got multiple screen fulls of info - will it come right out and say 64 bit processor?
<akince1> I have a script that keep kicking out with "Unexpected end of file" when it hits an if [ <condition> ] portion of the code despite there having been many other such constructs previously in the file
<akince1> Anyone think they might know why?
<aptanet> W8TAH, not sure, I don't have a 64 bit cpu to test it on, although it doesn't specifically state 32 bit
<W8TAH> ok -- this one specifically says neither
<W8TAH> its an older dell power edge 2650
<W8TAH> so im going to guess at 32 bit
<aptanet> you may have to use the info there to check using google
<W8TAH> ok
<aptanet> looks likely to be a xeon cpu, so http://en.wikipedia.org/wiki/Xeon may be of help
<macno> who create links in /dev/disk/by-uuid/ ?
<ScottK> macno: What problem are you trying to solve.  My prediction is that if you have to ask that question you don't know enough to mess with it directly (me neither)
<W8TAH> ya - -i was looking at that
<macno> ScottK i added a first lvm disk to a test system, get uuid, modify fstab and try to mount it by mountpoint but fails with http://pastebin.ubuntu.com/177229/
<macno> ScottK i'd like to add other disks but i dislike to reboot to test if it works
<ScottK> Did you try the mount again after reboot?
<macno> I have the row in fstab
<ScottK> So it mounted?
<macno> yes it is
<ScottK> OK.  So the real question "If I and an lvm disk, how do I get the UUID to be availalbe without reboot"
<macno> ScottK yes, right
<ScottK> OK, i don't know that answer to that question, but that's a much better question.
<macno> ScottK ok,  I understand
<ScottK> Now that you have a better question, you may have more luck with Google too.
<Sangrial> Good Morning, I was wondering how can I uninstall ubuntu-server 9.04? windows xp wont let me reformat over it.
<Sangrial> Anyone know?
<uvirtbot> New bug: #379061 in apache2 (main) "Please merge apache2((2.2.11-4)(main) from debian unstable(main)" [Undecided,In progress] https://launchpad.net/bugs/379061
<acalvo> Hello
<acalvo> I need some advise, I want to know, fom your POV, which is the best solution for a mail server (pop3/imap/smtp). Thanks!
<ScottK> acalvo: The standard Ubuntu choice for this is Postfix (smtp) + Dovecot (pop3/imap).  In Jaunty the postfix-dovecot package (or is it the other way around) automates a lot of the setup for you.
<acalvo> ScottK, thank you, you said what I wanted to hear :-)
<\sh> Sangrial: delete the partitions with <insert fdisk on xp or whatever os you are using>
<\sh> Sangrial: the linux partition I mean
<radovan> hi
<radovan> looking for some kvm guru. got some serious issues with kvm-84 in 9.04
<eolo999> hi, i tried changing loglevel from debug to warn but still get debug messages in /var/log/eucalyptus/*log. where am i wrong?
<eolo999> obviously in /etc/eucalyptus/eucalyptus.con
<eolo999> f
<billybigrigger_> is it possible to setup an alias, or subdomain or something in apache2, so that, for example, im trying to setup webmail, using roundhouse, now instead of having users go to mydomain.com/webmail, can i setup http://webmail.mydomain.com????
<billybigrigger_> im not sure what this is called, or where to find info on it
<yann2> virtual hosting :)
<billybigrigger_> ahh :P
<yann2> search for virtual hosts in apache documentation
<\sh> billybigrigger_: it's called "virtual hosting" and "subdomains" and yes it works
<billybigrigger_> also, before i can any further...i have setup dovecot and postfix already...
<billybigrigger_> i have a working mail server...but is it too late to configure virtual users for my webmail?
<billybigrigger_> or does anyone know if roundcube does its own virtual users?
<macno> billybigrigger_: how many users?
<billybigrigger_> hmmm, ~10-20
<billybigrigger_> no, less than 10, sorry
<macno> billybigrigger_: with less then 10 you can create them as linux users
<billybigrigger_> i could just make system users i guess for that little of users...but i do have mysql so...
<billybigrigger_> ya
<billybigrigger_> k, thanks
<uvirtbot> New bug: #379093 in nagios-plugins (universe) "check_by_ssh does not populate output file in passive mode" [Undecided,New] https://launchpad.net/bugs/379093
<W8TAH> anyone have a dell power-edge 2650 and able to answer a few questions in PM?
<|eagles0513875|> hey guys i have a question if i setup dhcp can i get it to use mac addresses to get the same ip's instead of using my router
<Sam-I-Am> usually those router boxes support static addressing if you give them mac addresses
<|eagles0513875|> can i use it as more then a router box though then install firewall etc
<Sam-I-Am> ubuntu or the router box?
<|eagles0513875|> ubuntu-server but right now dont have it installed
<Sam-I-Am> sure ubuntu can do firewall/router activities
<Sam-I-Am> iptables and whatnot
<|eagles0513875|> i was thinking for firewall shorewall + snort +snortwall
<|eagles0513875|> which would be better shorewall or iptables as a firewall
<Sam-I-Am> shorewall is its own OS
<Sam-I-Am> and just runs iptables internally
<|eagles0513875|> ahhhh ok
<|eagles0513875|> might have an issue then with iptables as i have never setup iptables before :(
<Sam-I-Am> its not too bad... there are several utils out there to automate firewall building with it
<|eagles0513875|> on ubuntu-server
<Sam-I-Am> probably
<|eagles0513875|> Sam-I-Am: i did find shorewall in ubuntu repos
<Sam-I-Am> yeah there seems to be some stuff
<|eagles0513875|> what would you recommend cuz im kinda torn between shorewall and iptables
<Sam-I-Am> ubuntu tends to use 'ufw'
<|eagles0513875|> ufw??
<Sam-I-Am> shorewall is iptables
<Sam-I-Am> its just a glorified configuration mechanism
<|eagles0513875|> gotcha
<|eagles0513875|> then ill probably stick with iptables
<Sam-I-Am> ufw is like shorewall
<Sam-I-Am> its a configuration utility for iptables
<|eagles0513875|> gotcha
<|eagles0513875|> ill have to get working on it later ill be back if i have any questions thanks Sam-I-Am
<Sam-I-Am> sure
<|eagles0513875|> Sam-I-Am: i found a how to on howtoforge on setting samba as a domain controller does that work with active directory
<Sam-I-Am> define work with active directory...
<|eagles0513875|> sweet ok
<Sam-I-Am> if you use samba as a DC, you dont need AD
<Sam-I-Am> samba works as an NT domain controller, not an AD domain controller... until samba4, which isn't really out yet.
<|eagles0513875|> ahh ok
<W8TAH> hi folks - -im running 8.04 server on dell power edge 2650 servers -- ive gotten it installed -- and now when i try to start the machine -- i get as far as the remote access controller initializing and then it stops -- any suggestions?
<Sam-I-Am> W8TAH: sounds like the virtual decides for the RAC rearranged which device grub sees as your boot device
<Sam-I-Am> or the kernel sees...
<W8TAH> ive got the RAC disabled within its setup
<Sam-I-Am> so does it start booting the kernel and then hang or not even boot?
<W8TAH> never goes to grub as far as i can tell
<Sam-I-Am> hmm, it should at least get to grub
<Sam-I-Am> grub might puke, but it should start
<W8TAH> unless the different hardware means i need to install grub manuall -- ive never had to install manually for any other server install ive done
<dethredic> Hey guys, I am having some DNS issues
<Sam-I-Am> only thing i've seen with some dell hardware is the RAC's virtual devices causing device names to change between install and first boot
<W8TAH> ok -- how do i fix it?
<dethredic> I can type in my IP and get to my site, I can type in my nameservers and get to my site
<Sam-I-Am> depends if thats the problem
<dethredic> but my domain name doesn't take me to my site
<W8TAH> how can i diagnose?
<Sam-I-Am> at a minimum you'd see grub trying to load
<|eagles0513875|> dethredic: do you have anything in /etc/resolv.conf
<W8TAH> ok -
<W8TAH> hummmmmm
<Sam-I-Am> does it say 'missing operating system' ?
<dethredic> |eagles0513875|, yes, something with my ISP and then nameserver somerandomeiphere
<W8TAH> no -- it says nothing - -but i did just find something where an embedded bios device was above the hard drives in one of several boot orders
<W8TAH> so i changed that and im trying again
<dethredic> This thread might help clarify things
<dethredic> http://ubuntuforums.org/showthread.php?t=1161316
<|eagles0513875|> dethredic: i have noticed on kubuntu not sure about ubuntu yet but resolv.conf can only have one namserver ip of your isp for some strange reason
<Sam-I-Am> you can have more than one resolver in resolv.conf
<|eagles0513875|> Sam-I-Am: strange
<dethredic> |eagles0513875|, can you try reading the thread, it was working before but now it doesn't
<|eagles0513875|> on jaunty i cant
<dethredic> just cause of my IP change
<|eagles0513875|> dethredic: can you ping with the name of the site
<|eagles0513875|> dethredic: wait
<|eagles0513875|> you have dyndns not sure on your router but can you have it update the dyndns info with the new ip
<Sam-I-Am> hatchseadgroup.com has address 24.150.41.56
<dethredic> ya
<Sam-I-Am> thats what dns returns fro me
<dethredic> that is my old IP
<Sam-I-Am> so dyndns is broken
<|eagles0513875|> my router auto logs into my dyndns account and updates with the new ip
<Sam-I-Am> they didnt update your record
<Sam-I-Am> this has nothing to do with your client
<|eagles0513875|> ya probably need to go to their site and update it or seems like certain routers can do it for you
<dethredic> Well
<dethredic> After my IP changed I went to the DynDNS site
<dethredic> and changed my IP on my nameservers
<dethredic> as you can see in the pictures
<Sam-I-Am> and its got about half a day TTL left
<Sam-I-Am> you might want to send them another update
<dethredic> Sam-I-Am, so try updating my DynDNS records again?
<Sam-I-Am> yes
<Sam-I-Am> this isnt an ubuntu problem
<dethredic> even though the IP in those records are correct
<Sam-I-Am> yeah, but whats coming out of DNS isn't
<dethredic> well
<dethredic> If I type in one of my nameservers into my address bar (from DynDNS)
<dethredic> I am taken to my site
<Sam-I-Am> one of your nameservers?
<dethredic> hsg1.shacknet.nu
<W8TAH> Sam-I-Am: i wonder if i didnt set the bootable flag on the software raids
<W8TAH> its startin to look like that
<Sam-I-Am> heh
<Sam-I-Am> well, usually thats set automatically
<Sam-I-Am> or grub is too far away from the part of the drive the bios will read for booting
<Sam-I-Am> dethredic: that doesnt appear to be a nameserver to me
<dethredic> Sam-I-Am, What do you mean? DynDNS gave it to me.
<dethredic> Here is another one I got: hatseadgroup.servebbs.org
<Sam-I-Am> are those just servers or name servers?
<dethredic> I thought they were name servers
<dethredic> This method worked before
<dethredic> Sam-I-Am, They are under the section "Host Services" in DynDNS
<Sam-I-Am> those are just hostnames you have... not nameservers
<dethredic> ohhhhhhhh
<Sam-I-Am> hosts that resolve to your IP
<dethredic> Sam-I-Am, So what do you propose I do?
<Sam-I-Am> hsg1.shacknet.nu has address 24.150.45.130
<dethredic> ya
<dethredic> that is my IP
<Sam-I-Am> so that one apparently updated correctly
<Sam-I-Am> the other one didnt
<Sam-I-Am> so just re-update dyndns
<dethredic> ok
<dethredic> I reupdated them all
<Sam-I-Am> if it still doesnt work, email them and ask why its broken
<dethredic> Ok
<Sam-I-Am> but its not an ubuntu thing
<dethredic> Sam-I-Am, alright. So I can use them as nameservers?
<Sam-I-Am> theyre not nameservers
<Sam-I-Am> er, dyndns... or those hosts?
<dethredic> hmm
<dethredic> hsg1.shacknet.nu is first on my list for nameservers
<dethredic> And I used them as nameservers before
<dethredic> I am very confused >.<
<Sam-I-Am> well, maybe i just cant get there from here
<Sam-I-Am> but if that hostname points to you, you're just using yourself as a name server
<Sam-I-Am> anywho, i'm off to a meeting
<dethredic> ok
<dethredic> thanks for your help
<chmac> echo $PATH doesn't return what's set in /etc/environment, the sbin paths are missing. Any suggestions on where to investigate?
<simplexio> chmac: fast fix: export PATH=$PATH;/sbin/;/usr/sbin
<chmac> simplexio: Yeah, I thought about that, or about hacking it into ~/.bashrc or something
<chmac> simplexio: Kinda curious to know why it's not working by default though
<chmac> Looks like there's other weird shell ness going on also, when I start screen, there's no shell on screen0, but screen1 works fine
<Holmen> I just installed a guest system on my 9.04 host...when I try to connect to it thru ssh I get connection refused ...is that the guest system blocking or network bridge that doesnt work?
<chmac> Holmen: I'd guess it could be either, but I'm no expert. Can you ping the guest?
<W8TAH> Sam-I-Am: i found it
<W8TAH> ubuntu cant boot when / or /boot are on raid 5
<W8TAH> so i'll have to make a small partition for them to be on
<Holmen> chmac: right...yea, ping went thru so looks like it's the settings on the guest system
<ScottK> W8TAH: I think it's just /boot that's a problem.
<W8TAH> its software raid
<W8TAH> and i dont put /boot on a separate partition - - i just leave it in the same partition as /
<ScottK> Yes.  If it was hardware raid you could have / and /boot on the array because Ubuntu wouldn't even know there was raid.
<W8TAH> ok
<simplexio> chmac: it works for me :) .. it could be that your user isnt in sudo group or similiar problem
<chmac> simplexio: I do have full sudo via the admin group, but I manually created that group, so I think you're onto something...
<simplexio> chmac: created ? in ubuntu systems it ther eis allready sudoers group for that, or it is admin group can recall it right now
<ivoks> admin
<ivoks> users in admin group have 'sudo privileges'
<simplexio> :)
<simplexio> there  is debian way and ubuntu way
<dethredic> Hey guys, I am having a problem connecting to my server.
<dethredic> This thread outlines my problem better than I can do here
<dethredic> http://ubuntuforums.org/showthread.php?t=1161316
<Sam-I-Am> and an hour later its still not an ubuntu problem :P
<dethredic> well I don't know where else to go to get help
<dethredic> gota any suggestions
<Sam-I-Am> did you contact dyndns?
<dethredic> sent them an e-mail
<Sam-I-Am> think thats about all you can do at this point
<W8TAH> Sam-I-Am: fixed it
<Sam-I-Am> what was it?
<W8TAH> ubuntu cant bood with /boot and / on a software raid 5
<W8TAH> so i put them on a raid 1
<W8TAH> works perfectly
<Sam-I-Am> linux can't boot with that either
<Sam-I-Am> in general
<W8TAH> ok
<Sam-I-Am> but yeah, that'd do it
<W8TAH> oh well - -1 down 3 to go
<W8TAH> :D
<chmac> simplexio: Yeah, /etc/lsb-release says it's Ubuntu, but root was active and no admin group existed when I was given the login
<chmac> It's a VPS a friend is hosting for me, so I've asked him how he installed it, doesn't seem like "stock" ubuntu / ubuntu-server
<LHC> hey
<LHC> anyone run their own email server?
<ScottK> LHC: Lots of people do.  If you have a question, just ask it.
<billybigrigger_> bah
<billybigrigger_> anyone here use apache's virtual hosting?
<billybigrigger_> LHC::: i just set one up yesterday...
<billybigrigger_> i have created /etc/apache2/sites-available/thefrozencanuck.ca and linked it to /sites-enabled/thefrozencanuck.ca .... now im trying to create 2 subdomains, forums.thefrozencanuck.ca and webmail.thefrozencanuck.ca
<billybigrigger_> here's the pastebin of my sites-available/thefrozencanuck.ca
<billybigrigger_> http://pastebin.com/f6ef0ec5c
<billybigrigger_> and here's what happend after /etc/init.d/apache2 force-reload....ignore the awstats aliases errros
<billybigrigger_> http://pastebin.com/m44f48301
<LHC> cool
<LHC> ahh Im thinking of settin up my own webhost, small time. and im was wondering about email
<LHC> I should maybe buy cpanel but I wanna do as much as I can :X
<billybigrigger_> ???
<LHC> im thinking of settin up my own email server and sell it with my hosting
<billybigrigger_> i setup a mailserver yesterday...it was fairly painless...
<LHC> ssl?
<LHC> what do you use to access it
<billybigrigger_> i skipped ssl/tls
<billybigrigger_> its my home mail server
<billybigrigger_> google, lots of tutorials out there...howtoforge has  a good one
<LHC> kk thanks
<LHC> I just wanted to know if it was possible haha
<billybigrigger> sure it
<viezerd> billybigrigger: maybe try as root
<billybigrigger> s/it/is
<billybigrigger> viezerd::: ?
<billybigrigger> viezerd::: try what as root?
<viezerd> billybigrigger: http://pastebin.com/m44f48301
<billybigrigger> doh
<billybigrigger> hmm
<billybigrigger> can't connect to the site now
<heath|work> Hello. I keep reading articles at HowToForge.com and most of them say to disabled app armor to run thing in a chroot jail, but is this really necessary?
<LHC> dam I hate IE
<Bizzeh> hi, i have just installed ubuntu server 8.04 and i was wondering if there was any way to set the power profile to "ondemand"
<LHC> anyone know a little php?
<LHC> cant get into php chan
<billybigrigger> viezerd::: those aren't working
<billybigrigger> viezerd::: still can't get those virtual hosts working correctly....
<LHC> billybigrigger, do you know how to make unlimited subdomains?
<LHC> I never did anything like that before so im curious
<billybigrigger> im trying to setup subdomains right now with apache
<billybigrigger> its just a virtual host file...
<billybigrigger> that goes in /etc/apache2/sites-available
<billybigrigger> ie. /etc/apache2/sites-available/subdomain.domain.com
<billybigrigger> and in there it sets the parameters for the virtual host...then create a sym link to /etc/apache2/sites-enabled
<billybigrigger> but its not working out too good for me :P
<billybigrigger> http://httpd.apache.org/docs/2.2/vhosts/
<Bizzeh> LHC: subdomains has nothing to do with php, its apache
<orsogrigio> Hi I just install ubunto server on virtualbox vm, how can i test if apache is working?
<orsogrigio> thanks
<billybigrigger> visit http://localhost
<LHC> Bizzeh, yeh the php thing I was trying to figure out was adding header and footer to each page
<orsogrigio> billybigrigger: no browser instal on ubunto-server
<LHC> like 10 pages with 1 external header and footer
<LHC> billybigrigger, yeah I spent 6 hours figuring out vhost, then turns out one line was commented out xD
<billybigrigger> orsogrigio::: ping localhost:80
<billybigrigger> LHC::: which line may i ask? hehe
<billybigrigger> orsogrigio::: nvm
<LHC> haha
<LHC> the one with # at the start :P
<billybigrigger> orsogrigio::: you can use nmap or netcat
<billybigrigger> s/netcat/netstat
<LHC> howtoforge is awesome
<centaur5> Is there a way in the alternate install to make apt do a --fix-missing on a package it fails to download?
<massctrl> hi i have a couple of kvm ubuntu jeos machines running, all works fine except that they mount but often not an nfs share defined in fstab... .when I do a mount -a afterwards all works fine, ... anyone knows about this?
<LHC> hey again
#ubuntu-server 2009-05-22
<billybigrigger> how can i backup my mysql db's without a root mysql user?
<giovani> billybigrigger: backing up your mysql db doesn't require a root user
<Lord_Devi> What might cause apache2 to not be able to "reliably determine the server's FQDN"? My FQDN is resolving/working fine. hostname -f shows the correct resolving ubuntu01.example.lan..
<Lord_Devi> I don't understand why apache couldn't find it if hostname -f can. I would prefer to avoid adding the ServerName directive to my apache2.conf..
<giovani> unless the .len tld is resolvable ... that's not a FQDN
<giovani> however, you might want to set servername in the apache config
<giovani> s/len/lan/
<Lord_Devi> the .lan is resolvable though. I use it for everything..
<giovani> ok, so set servername
<Lord_Devi> There is a working bind9 server up, configured to serve example.lan/192.168.156.0/24
<Lord_Devi> Yeah that worked fine, but I shouldn't have to..
<giovani> I don't know why you think you shouldn't have to
<Lord_Devi> Well it's a symtom of something else being broken I think. I've never had to do that before with 8.04
<giovani> it's possible that apache is sanity checking the hostname against internet tlds to determine if it's a FQDN
<Lord_Devi> hrmm.. maybe. That's still new behaviour
<Lord_Devi> Oh well I guess I can just deal with having ANOTHER file I have to edit to set up servers..
<giovani> new doesn't necessarily mean a bug
<Lord_Devi> Just already have like 30+ configs I need to localize for these installs, Iike to keep that down as much as I can
<Lord_Devi> Oh well thanks for the input giovani, it's appreciated.
<Lord_Devi> Do you know if there would be any problems with setting ServerName to localhost?
<Lord_Devi> ..rather than the FQDN
<giovani> localhost should be fine
<Lord_Devi> Well one way to find out.. Thanx
<Lord_Devi> Ah very nice, seems to work like a charm.
<bin10101> hey guys
<bin10101> I am running ubuntu server in a Virtualbox VM for development....I created a small VM with LAMP
<bin10101> i have two ethernet connections for ubuntu server 9.04 in a VirtualBox VM.  Even if I set both connections to NAT, one is defined as eth0 and the other as vibr0.  I can't seem to get vibr0 to work in any configuration.  Is this a limitation of ubuntu server?  It seems to give eth0 to the main ethernet and vibr to all others.
<bin10101> I expected to see eth0 and eth1
<bin10101> I also tried to setup the vibr0 in the /etc/network/interfaces as auto vibr0 iface vibr0 inet dhcp and that failed to work as well....anyone else see this behavior?
<bin10101> is there a way to make vibr0 become eth1?
<bin10101> sorry...been typing it wrong in chat....make that virbr0
<bin10101> i checked it was right in the /etc/network/interfaces
<bin10101> looks like if eth0 is turned off that virbr0 will not work :(
<giovani> virbr is probably "VIRtual BRidge"
<bin10101> i am trying a reinstall with the emulated nics being different
<bin10101> see if I can get it to see both eth0 and eth1
<bin10101> that is so bizarre
<giovani> this sounds like a virtualbox problem
<giovani> try asking them
<bin10101> why would does the install ask for the main nic
<giovani> huh?
<giovani> it wants to know which nic to use ... obviously
<giovani> for internet access
<bin10101> it could set them both at inet dhcp and you would still get to the same internet
<giovani> but there's no advantage to that
<bin10101> well I guess one of them would fail
<giovani> that complicates things for no gain during an install
<bin10101> but both Nics have different MAC addresses....wonder why its deciding to have one eth0 and the virtual bridge?
<bin10101> http://www.riccardoriva.com/archives/693 I see here that you can have multiple nics...wonder why this isn't working
<giovani> of course you can have multiple nics
<bin10101> does ubuntu-server uses just the MAC address to determine uniqueness in the nic, right?
<giovani> uh
<giovani> I don't know what you mean by "determine the uniqueness of the nic"
<giovani> nics are hardware devices, the computer doesn't need to use a MAC to know that there's two
<bin10101> well the actuall machine I am using only has one nic
<bin10101> okay
<giovani> I've recommended that you talk to the virtualbox folks a number of times
<bin10101> both are emulated nics
<giovani> why don't you do that?
<bin10101> k.
<billybigrigger> is anyone aware of a way to get my phpmyadmin/mysql back to stock?
<billybigrigger> ie, clear all db's, users, and start fresh?
<billybigrigger> i've tried apt-get purge mysql-server and phpmyadmin
<billybigrigger> then apt-get install mysql-server and phpmyadmin, but my db's are all still there with the same users
<ajmitch> billybigrigger: there's a debconf setting for mysql-server-5.0 that controls whether databases are wiped on a purge
<ajmitch> the easy way to change that may be to dpkg-reconfigure mysql-server-5.0, and see if it asks that question about it
<billybigrigger> just asked me for a password with dpkg-reconfigure
<billybigrigger> ok new question
<billybigrigger> all my mysql locale settings are ending with _ci
<billybigrigger> and its displaying some wierd stuff for characters
<billybigrigger> err for collation
<billybigrigger> what should i be using?
<stickystyle> ci means 'case insensitive'
<stickystyle> The weird stuff may be a an issue of some UTF-8 chars in a latin1 encoded field.
<stickystyle> very common.
<billybigrigger> so _ci is fine to use
<stickystyle> yes
<billybigrigger> roger, thanks
<stickystyle> np
<billybigrigger> also...
<billybigrigger> im trying to install roundcube...its a webmail frontend...anywho....
<billybigrigger> its root dir is /var/www/webmail, and it needs to be able to write to /var/www/webmail/temp and /logs
<billybigrigger> what would be the best way about giving the correct perms...chown'ing it to the webserver or chmod'ing it so that anyone can write to it?
<stickystyle> chown or chgrp to the www-data user or group
<billybigrigger> thanks again :P
<billybigrigger> anyone here use roundcube?
<twb> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<twb> Oh, sorry.
<Znuff> Hi there.
<Znuff> I'm not really sure how SELinux works, but isn't this SELinux related? [2603183.964203] audit(1242955897.392:147): type=1503 operation="inode_permission" requested_mask="rw::" denied_mask="rw::" name="/home/mysql/ibdata1" pid=20006 profile="/usr/sbin/mysqld" namespace="default"
<twb> Znuff: selinux is off by default on Ubuntu.
<Znuff> that's what I knew
<Znuff> and I'm pretty sure I haven't enabled it :-/
<Znuff> twb, why would I be getting audit messages in my dmesg if I don't have selinux enabled?
<twb> Presumably, they are from some other subsystem.
<twb> For example, apparmour seems to be installed by default...
<Znuff> yup, so it was
<Znuff> ^^
<uvirtbot> Znuff: Error: "^" is not a valid command.
<Znuff> ow
<Znuff> ^version
<uvirtbot> Znuff: The current (running) version of this Supybot is 0.83.3.  The newest version available online is 0.83.4.
<cef> yup.. apparmor generates audit entries in your logs
<Znuff> holy s*
<Znuff> update to supybot o.O
<Znuff> thanks twb & cef
<billybigrigger> who's familiar with apache's virtual hosts?
<billybigrigger> im trying to setup a subdomain for /var/www/webmail
<billybigrigger> i want to set it up as webmail.mydomain.com
<billybigrigger> not www.mydomain.com/webmail
<billybigrigger> now the apache doc's aren't clear as where to put this virtual host file or what to name it
<billybigrigger> anyone?
<cef> billybigrigger: 'man a2ensite'
<cef> billybigrigger: gives you the help for the wrappers used by apache2ctl that help manage sites. very useful.
<billybigrigger> cef
<billybigrigger> a2ensite webmail.mydomain.com
<billybigrigger> ?
<billybigrigger> hehe not much of a man page
<billybigrigger> does that create the file in sites-available?
<billybigrigger> or do i have to create the file?
<billybigrigger> ie i have nothing in sites-available, a2ensite webmail.mydomain.com will create the file, and input the correct vhost data, and then sym link it to sites-enabled?
<billybigrigger> or is all a2ensite do is sym link an already created file?
<cef> no, you need to create the file in sites-available
<cef> using a2ensite will then enable that site
<cef> (sorry, stepped away from the keyboard.. work does that to you)
<billybigrigger> ahh
<billybigrigger> hehe
<billybigrigger> hmm
<cef> I tend to copy the default file and then edit that
<billybigrigger> i see lots of examples in apaache docs that explain multiple domains for 1 ip, or 1 domain for multiple IP's
<billybigrigger> i just want to add a bloody subdomain
<cef> as everything is pretty much there and you can tweak it however you like. esp if 90% of the time they're the same details
<billybigrigger> ok, ill edit the default then
<cef> no, copy the default
<billybigrigger> yeah, my bad
<billybigrigger> thats what i meant :P
<cef> then edit it with your settings, then run 'a2en filename'
<billybigrigger> ok, 1 more question that apache docs aren't too clear on...does the name of the file have to be subdomain.domain.com or can it be ilovecheese
<billybigrigger> ?
<cef> though making the filename something that'll identify what it is in it is useful. doesn't have to be the domain name
<cef> yes, it can be 'ilovecheese' or even 'ihavenopants' if you like
<cef> and yeah, 'a2ensite fillename' even. oops
<billybigrigger> ok
<billybigrigger> so using the domain or subdomain is usefull for identifcation only
<billybigrigger> thanks
<cef> same deal for modules too, but they're usually auto-created by packages, and you can a2enmod and a2dismod them by name.
<cef> no probs
<billybigrigger> ok
<cef> whatever is in the '-available' of each (sites and mods) are available to be used, but only what is symlinked in the '-enabled' are in use.
<billybigrigger> right
<billybigrigger> ok now this submdomain could be as simple as adding ServerName subdomain.domain.com and DocumentRoot /var/www/webmail inside of <VirtualHost></VirtualHost> tags correct?
<billybigrigger> or it can be as elaborate as the default
<billybigrigger> ?
<billybigrigger> dammit, after a2ensite, it still doesn't work
<billybigrigger> or can i do this right in my httpd.conf?
<cef> did you reload apache?
<billybigrigger> yes
<billybigrigger> the a2ensite doesnt work
<cef> hrm weird. pastebin the contents of the file
<billybigrigger> and adding a vhost in apache2/httpd.conf after a restart doesn't work either
<billybigrigger> which file?
<cef> the site file
<billybigrigger> http://guide.opendns.com/?url=webmail.thefrozencanuck.ca
<billybigrigger> err
<billybigrigger> http://pastebin.com/f6846476a
<cef> <VirtualHost *:80> should be <VirtualHost webmail.thefrozencanuck.ca:80>
<billybigrigger> oh
<billybigrigger> can i remove directory / and directory /var/www and create one for /var/www/webmail since thats the docroot?
<cef> yup
<billybigrigger> will keeping them hurt anything?
<billybigrigger> or is this config only for webmail.
<billybigrigger> like the default config in sites-enabled still overrides this config correct as 000-default is loaded first?
<billybigrigger> and do i have to do anything with my domain provider? ie godaddy where i purchased the domain...do i have to link this subdomain somewhere or is it all done through apache?
<billybigrigger> here's the updated file
<billybigrigger> http://pastebin.com/f546dd67d
<billybigrigger> do i have to run a2ensite again?
<billybigrigger> it should already be enabled, just an apache2 force-reload eh?
<cef> just reload
<cef> or restart
<billybigrigger> are vhosts handled all by apache? theres nothing i have to do in godaddy's domain manager correct?
<cef> afaik correct
<billybigrigger> hmmm
<billybigrigger> well still not working
<cef> you should just need to point the subdomain at that machine though
<cef> eg: give it a CNAME or A record)
<billybigrigger> wtf
<billybigrigger> mail.tfc.ca
<billybigrigger> works
<billybigrigger> but webmail does
<billybigrigger> i have a CNAME for mail that points to @
<cef> do you have a cname for webmail?
<billybigrigger> no
<billybigrigger> why do mail.tfc.ca take me to /var/www/webmail though?
<cef> well, how can the dns name resolve? you need a CNAME (or A) record
<cef> possibly a config issue
<billybigrigger> i changed mail to webmail
<billybigrigger> i had a cname for mail, not webmail
<billybigrigger> but mail pointed to /var/www/webmail, does this make sense to you?
<billybigrigger> http://mail.thefrozencanuck.ca/
<billybigrigger> haha, wierd
<cef> it means you have a config that has changed the docroot to that...
<billybigrigger> ???
<billybigrigger> where
<billybigrigger> all configs i have setup where for webmail to /var/www/webmail
<billybigrigger> s/where/were
<cef> yeah, your www. points to webmail now too
<billybigrigger> hmmm
<cef> put defaults and webmail sites files on pastebin
<billybigrigger> http://pastebin.com/f1c46a366 <---default
<billybigrigger> http://pastebin.com/f6672cc99 <---webmail
<billybigrigger> maybe i should have left the directory / and /var/www in my webmail config and just added a directory for /var/www/webmail
<billybigrigger> ???
<billybigrigger> im lost haha
<cef> no it looks like it might be because you don't give the default a 'servername', or because webmail.tfc.ca isn't in the /etc/hosts file and it thinks it's the default.
<cef> I've seen someone have this issue before but I don't know what fixed it (work intervened)
<billybigrigger> ok
<billybigrigger> i will give default the servername of www.tfc.ca or just tfc.ca?
<billybigrigger> i don't think i have either webmail. or tfc.ca in /etc/hosts
<billybigrigger> http://pastebin.com/f2f8a4155
<billybigrigger> ok
<billybigrigger> adding servername to default got my index.html page back
<billybigrigger> now webmail.thefrozencanuck.ca doesn't work
<tonyyarusso> Is Jamie or Kees around?  I'm wondering if there's any response yet to the SSH vulnerability discussed on http://news.zdnet.co.uk/security/0,1000000189,39653852,00.htm ?
<twb> tonyyarusso: the SHA-1 vulnerability?
<twb> tonyyarusso: try #ubuntu-hardened?
<tonyyarusso> twb: I think this is a separate thing actually.
<twb> That seems to be the security team's channel.
<tonyyarusso> fair enough
<billybigrigger> cef::: added webmail.thefrozencanuck.ca   /var/www/webmail to /etc/hosts
<billybigrigger> correct?
<billybigrigger> bah
<billybigrigger> stupid ass subdomains...who thought this would be so bloody hard
<tonyyarusso> billybigrigger: um, no...
<tonyyarusso> billybigrigger: subdomains go in your apache config, not /etc/hosts.  /etc/hosts does name resolution for machines.
<billybigrigger> <cef> no it looks like it might be because you don't give the default a 'servername', or because webmail.tfc.ca isn't in the /etc/hosts file and it thinks it's the default.
<billybigrigger> i don't know, im reaching right now...so im trying any and all suggestions
<billybigrigger> i can't get this to work for the life of me
<billybigrigger> is there anything im missing besides my .../sites-available/webmail.tfc.ca
<billybigrigger> ?
<billybigrigger> do i need to call that config in httpd.conf somewhere?
<billybigrigger> like a subdomain should be simple, i want webmail.tfc.ca to point to /var/www/webmail
<billybigrigger> create the config in .../sites-available then a2ensite webmail.tfc.ca and then reload apache...correct?
<tonyyarusso> billybigrigger: okay, sites-available should have stuff about the subdomain, and /etc/hosts should have IP addresses - could you pastebin your configs?
<billybigrigger> <billybigrigger> http://pastebin.com/f1c46a366 <---default
<billybigrigger> <billybigrigger> http://pastebin.com/f6672cc99 <---webmail
<billybigrigger> thats my /sites-available dir
<billybigrigger> aparrently it doesn't resolve...and the httpd guys are telling me to make it resolve hehe
<KurtKraut> What were the boot scripts afected by the change from bash to dash that happened in Ubuntu some time ago? Only those located in /etc/init.d ?
<twb> KurtKraut: why do you ask?
<tonyyarusso> billybigrigger: Is 68.146.139.247 the correct IP address for webmail.thefrozencanuck.ca ?
<billybigrigger> yes
<billybigrigger> do i need a CNAME or an A record for webmail? maybe thats my problem
<KurtKraut> twb: I'm willing to request the same migration from dash to bash to other distros and I've realised that most scripts placed on /etc/init.d call /bin/bash directly instead of /bin/sh.
<billybigrigger> ohhh
<tonyyarusso> billybigrigger: I'm reasonably certain you want an A record for this.
<billybigrigger> im about to get a boot from #httpd...hehe chalk that up as #2 for the day :P
<billybigrigger> ok
<billybigrigger> i think thats my problem...
<billybigrigger> i have a CNAME for webmail to my ip
<billybigrigger> ie....webmail @
<KurtKraut> twb: In other to understand better the impact on making such change, I'd like to know if there other scripts related to boot that are not located in /etc/init.d that would impact on boot performance by this sort of change
<tonyyarusso> billybigrigger: The usual wisdom is "If you don't know why you need a CNAME, you don't want a CNAME."
<twb> KurtKraut: well, I believe Debian recently (as in, the last twelve months) fixed that issue.
<billybigrigger> tonyyarusso::: cause i have cnames that where set when i got the domain for www and ftp....so i assumed a cname for webmail would work for webmail.mydomain.com
<billybigrigger> :P
<twb> KurtKraut: stuff like RHEL is simply fucked; they have a LOT more bashisms in their code.
<twb> KurtKraut: and they have no convention of actually, you know, making packages that adhere to a comprehensive integration policy.
<KurtKraut> twb: I see. Bu do you know what scripts are run at boot besides those located in /etc/init.d?
<twb> KurtKraut: that depends on many things.  But I suspect you want the system to do more than just boot.
<billybigrigger> tonyyarusso::: why did you ask about my ip address?
<billybigrigger> tonyyarusso::: and also should the host be webmail.tfc.ca or just webmail?
<tonyyarusso> billybigrigger: Because you mentioned that it wasn't resolving.
<billybigrigger> tonyyarusso::: ahh
<tonyyarusso> billybigrigger: the full thing.
<billybigrigger> tonyyarusso::: k, well i added it
 * billybigrigger waits
<billybigrigger> soab
<billybigrigger> webmail.thefrozencanuck.ca now points to thefrozencanuck.ca
<billybigrigger> it points to /var/www
<KurtKraut> twb: what I'm trying to test/measure is the impact of the migration from bash to dash on boot. And what I want to know at the moment is how many *boot* scripts declare they need precisely bash instead of /bin/sh
<billybigrigger> not /var/www/webmail
<twb> KurtKraut: OK, what you want to do is get the checkbashisms(1) script and run it over, basically, all of /etc/.
<KurtKraut> twb: that sounds great. Thanks
<twb> KurtKraut: from the list it emits, it should be obvious which files AREN'T used during boot.
<twb> KurtKraut: note that checkbashisms will not report on e.g. /etc/sysconfig/networking, because those files don't have shebangs -- but I bet they are sourced by a sh script.
<twb> The other obvious thing to do, is just make sh -> dash, and see what breaks when you reboot.
<KurtKraut> twb: this would be the step 2 of my experiment, seing what breaks
<KurtKraut> twb: but the first data I want to collect is how many scripts right at the begining say they need bash to run instead of /bin/sh, that would in theory and in a ideal world, mean that they don't have bashisms
<billybigrigger> i want to strangle all the smartasses in #httpd
<twb> KurtKraut: oh, then try something like grep -rn /etc '^#!.*bash' | grep :1:
<twb> Oops, swap the pattern and /etc around, etc.
<KurtKraut> twb: what a curious result. In Ubuntu, only 9 files found. In Mandriva, 290.
<twb> KurtKraut: culturally, Debian packages are encouraged to avoid bash and bashisms.
<twb> I don't think policy actually REQUIRES them to avoid bash shebangs...
<KurtKraut> twb: those data were really helpful. Thanks a lot for your help and commands.
<twb> KurtKraut: no worries.
<ScottK> In Ubuntu the default /bin/sh is dash, so we've been trying to get rid of bashisms for some time.
<a_ok> what script or process is supposed to make /var/run/apache2?
<ScottK> a_ok: Generally the init script should handle that.
<ScottK> I'm not sure specifically about apache2
<unewbie> i installed squid and i want to authenticate with ncsa, my users still can connect to internet and never authenticate with ncsa. what could be wrong? i use 8.04.2
<unewbie> i followed some tutorials to edit my squid.conf and it's still no result
<unewbie> !squid
<ubottu> squid is a caching proxy for the Web.  See: https://help.ubuntu.com/community/SquidGuard  See: http://www.squid-cache.org
<unewbie> !ncsa
<ubottu> Sorry, I don't know anything about ncsa
<unewbie> anyone?
<jmarsden_> NCSA?  The people that brought us the Mosaic browser in 1993?  http://www.ncsa.uiuc.edu/Projects/mosaic.html ?
 * jmarsden would suggest not using a discontinued and very very old browser...?  Or is the NCSA you refer to something else?
<cef> I think he means an auth mechanism
<cef> what's the MS one?
<cef> ntlm?
<jmarsden> cef: Yes, but that means he got only one out of 4 letters correct in the acronym, which is pretty poor spelling?
<cef> jmarsden: I've seen worse.. ;)
<jmarsden> Maybe something like http://www.opensourcehowto.org/how-to/squid/squid-with-ntlm-authentication.html would help, then?
<cef> wow, NSCA also made a httpd server. never knew that
<jmarsden> Yes, wasn't that the one the pile of patches turned into "a patchy" server, which became Apache?
<cef> probably
<jmarsden> I ran that, back in about 1994 or so, on NetBSD :)
<cef> ahh back then, I was still running a BBS.. those were the days
<unewbie> it's solved
<jmarsden> unewbie: Are you really using NCSA ?  The web server or the Mosaic browser?
<unewbie> i put the http_access allow ncsa_users exactly below the acl ncsa_users proxy_auth REQUIRED
<unewbie> i used ncsa module at /usr/lib/squid/ncsa_auth
<cef> hrm! there ya go (??)
<unewbie> thanks guys
<unewbie> :)
<cef> oh bah..it's just a module that reads any ncsa compliant passwd file (eg: htpasswd)
<jmarsden> Yes... squid "NCSA" auth is what most of us would call "Basic Auth"
<cef> yup
<unewbie> i'm thinking using ldap authentication
<unewbie> any advice?
<jmarsden> unewbie: If you have to authenticate using LDAP before you can think, you are in deep trouble :)
<jmarsden> I need to go to sleep... but if you already have an LDAP server set up and working, it probably makes sense to use it for Squid auth too.  If not... it's a fair amount of work to set one up.
<uvirtbot> New bug: #379320 in mysql-dfsg-5.1 (universe) "mysql-server-5.1 not installed" [Undecided,New] https://launchpad.net/bugs/379320
<unewbie> jmarsden: thanks for the advice
<unewbie> looks like i need someone to teach me to install and configure openldap :D
<uvirtbot> New bug: #379329 in openssh (main) "Security flaw in openSSH prior to 5.2" [Undecided,New] https://launchpad.net/bugs/379329
<heath|work> Hello. I keep reading articles at HowToForge.com and most of them say to disabled app armor to run thing in a chroot jail, but is this really necessary?
<infekteddeath> anyone familiar with ispconfig
<infekteddeath> 3
<infekteddeath> i need help with setting up ispconfig3 and godaddy
<infekteddeath> am i talking to ghosts
<infekteddeath> hell?
<infekteddeath> hello?
<ScottK> infekteddeath: Ubuntu doesn't (last i looked) ship an ispconfig package, so this may not be the best place to ask.
<timedout_> does this channel deal with just the software side of servers?
<ewook> it deals with the content of the inhabitants brains more or less
<ewook> and I doubt that's limited to software only.
<ewook> :)
<timedout_> alright
<timedout_> well i'm looking at picking up a multiprocessor server, supposedly rated at 550mhz
<timedout_> would that be the same effectively as having a single 2.2ghz processor?
<timedout_> and would ubuntu run on such a server?
<ScottK> How much RAM?
<timedout_> 3.5GB
<ScottK> It's not the same as a single 2.2ghz processor.  In some ways it will be better, in some ways worse.
<ScottK> Do you know if the BIOS is from before 2000 or after?
<ScottK> timedout_: If it's before 2000 (and thus won't use acpi), Hardy is the last release it will run on.  If it's new enough to use ACPI, then it should run on any Ubuntu release.
<ewook> timedout_: i'd say that there isn't that much value in a old PIII with that low frequency.
<ewook> and ScottK is right.
<timedout_> thanks
<timedout_> ewook: it's bascially just for learning purposes
<ScottK> It's fine for that.
<ewook> timedout_: for learning it's neat :)
<ScottK> I have an old dual PIII 450 machine that I use for backups (new hard drives).
<uvirtbot> New bug: #379412 in openvpn (universe) "openvpn server startup script broken" [Undecided,New] https://launchpad.net/bugs/379412
<timedout_> anyone know of some resources for finding used network components? servers, routers, switches, etc
<timedout_> other than craigslist
<ScottK> Ebay?
<jetole> has anyone install cacti on 9.04
<jetole> ?
<jetole> I seem to have an issue where it is not showing graphs on the main page but if I click on the missing graph like object it shows graphs
<jetole> ah screw it. I am re installing from source
<RoAkSoAx> ivoks, heya master... have some good new for you :)
<ivoks> RoAkSoAx: do you?
<ivoks> RoAkSoAx: i can't merge anything now... i'm at the airport
<RoAkSoAx> ivoks, not merge related... last night I've talked with horms, the heartbeat Debian mantainer (i think hi's also upstream??)... and well he said something that will make our lives easier
<ivoks> what?
<ivoks> horms was at last uds, iirc
<RoAkSoAx> ivoks, they are waiting for final test on heartbeat / pacemaker / openais to get them in Debian archives.
<ivoks> oh, nice...
<RoAkSoAx> ivoks, and they are going to create a debian-ha group to maintain heartbeat / pacemaker / openais ... and I also said we had the same project, and that now we can work close together
<ivoks> great
<ivoks> i was expecting something like that
<RoAkSoAx> ivoks, yep, I'll email you my conversation
<ivoks> great
<\sh> ivoks: on your way to pretty barcelona? :)
<jpds> Today? I hope not.
<ivoks> \sh: yep
<RoAkSoAx> ivoks, done :)
<ivoks> \sh: i'm in bonn
<\sh> ivoks: WHAT? just drive 300km down to KA and visit me ;)
<ivoks> :D
<ivoks> \sh: if only you said that 3 hours ago :)
<\sh> ivoks: and it's cologne/bonn airport ;) it's more cologne then bonn ;)
<ivoks> \sh: i doubt i'll make it to you and back in 60 minutes, without a car
<ivoks> \sh: i know it as Koeln :)
<\sh> ivoks: yeah...well hopefully next year I'm able to attend another UDS myself..
<RoAkSoAx> ivoks, and here are the packages that might go to Debian archives: http://packages.vergenet.net/experimental/
<\sh> ivoks: drink some "kÃ¶lsch" beer ;) (1. reissdorf 2. FrÃ¼h 3. Sion) ;)
<RoAkSoAx> those are apt-gettable so we can test them
<ivoks> RoAkSoAx: great job!
<ivoks> \sh: on my way back, maybe :)
<\sh> .oO(dojotoolkit package looks like it's ready for upload...just a few lintian messages to fix)
<RoAkSoAx> ivoks, so anyways... as you said, our cluster stack should be around as heartbeat / pacemaker /openais as long as Debian supports it
<\sh> guys...any status on mysql-cluster for karmic?
<ivoks> what's wrong with it?
<ivoks> time to go...
<ivoks> take care guys
<RoAkSoAx> ivoks, have a good flight
<ivoks> thanks
<\sh> ivoks: give a hug to ogra from me, pls :)
<ivoks> hehe
<aljosa> anybody using rabbitmq on ubuntu intrepid? is there an apt repository?
<teddy__> I need to do RAID 1 with 9.04..Do I need the Ubuntu-server standard or the alternate?
<teddy__> To answer my own question, either Server Edition or alternate will do RAID 1. User Server Edition...
<heath|work> Hello. I keep reading articles at HowToForge.com and most of them say to disabled app armor to run thing in a chroot jail, but is this really necessary?
<hkais> hello
<hkais> is there a hook, there I can hook in on every user logoff (forced by timeout, or manually by userrequest)?
<radovan> hkais: http://thedaneshproject.com/posts/how-to-set-default-session-timeout-in-linux/
<radovan> hkais: worth trying
<jpds> heath|work: Pardon?
<zanberdo> I have mysql 5.0.51a installed on ubuntu server 8.04. when I attempt to stop mysql using /etc/init.d/mysql stop I get the message * Stopping MySQL database server mysqld [fail]. I'm trying to track down why it's failing and how to fix it
<zanberdo> note: I have asked at #mysql and they recommend that I ask here.
<zanberdo> also note: /var/log/mysql/mysql.err and mysql.log are both 0 byte files
<zanberdo> also note: syslog makes no mention of mysql
<zanberdo> correction: /var/log/mysql.err and /var/log/mysql.log are 0 bytes. there are no files in /var/log/mysql/
<w3wsrmn> zanberdo: on ubuntu, mysql logs to /var/log/syslog by default
<zanberdo> right, so I've read. sadly, I'm getting no data in syslog
<zanberdo> relating to mysql
<zanberdo> it's clearly running
<genii> zanberdo: This sometimes happens if for instance the pid file is bypassed. If you manually ran the mysqld directly for instance instead of using the init.d method. In this type of case you have to manually kill the process and start it properly from the init script.
<zanberdo> genii, thanks for the suggestion. No, I did not start it manually, though I suppose I will kill the pid's and see if I can start it again.
<jeiworth> hi all, having a little problem with cups on my server, i activated remote administration throuh cupsctl --remote-admin but when i try to login, all i get is a measly 403 forbidden :( any ideas where i can fix it, or what i have to put into the cupsd.conf file to make it work? this is before even the login page is shown
<jeiworth> maybe it has to do with the installed apache server?
<jeiworth> or that i am in a different subnet....hmmm
<radovan> jeiworth: have you tried to restart the service?
<radovan> cups have apache style configuration file, so maybe you should check there
<jmedina> it is documented in ubuntu server guide
<jeiworth> radovan: hmm coming to think of it, i didnt restart it after the cupsctl command, i thought cupsctl would take care of that for me, let me check
<jmedina> the thing about cups
<jeiworth> well, appears to be the subnet, if i access from a virtual machine in the same subnet i can configure it
<dayo> i'm looking for a tool that let's me send a popup msg to all systems on my lan, e.g. "Rebooting proxy in 5 minutes. Please stand by."  any ideas?
<jmedina> dayo: what kind of systems?
<dayo> jmedina: ubuntu desktops and laptops. 8.04
<jmedina> dayo: so you want to send this messages when you reboot your proxy (squid)?
<jmedina> if so, you can redirect your users to a mainteinance web page
 * jmedina loves virtualization (cero downtime)
<dayo> jmedina: that was just an example. sometimes i need to let all my users know things like "The ISP is here. Expect about 20mins downtime, while we install the new router"  stuff like that
<jmedina> mmm then I dont know
<jmedina> we use internal IM with jabber, I can send broadcast messages
<jmedina> or you can try something like this:
<jmedina> autologin with ssh and something like: "logger -t adminmessage -p local7.emerg "The ISP is here....!!!:"
<jmedina> by default most syslog daemons logs emerg messages to everything
<jmedina> for example, KDE launches a little window with the message, not sure about gnome
<jmedina> then you can use something like parallel ssh connections and automatic login using rsa keys
<radovan> dayo: http://www.manpagez.com/man/1/xmessage/
<alienseer23> when I install postgress with apt, there is not /etc/postgres/* directory, and nothing works...I am stuck here, asking for direction, why would this happen, how to fix it?
<alienseer23> could postgres have used another directory for the config files for some reason?
<chemfun> 'lo all.  if you could bear with me...I haven't used IRC for about a half decade
<chemfun> I was sent here by #ubuntu
<chemfun> I'm the tech guy at a school.  Really new to linux.  I purchased 4 Asus eee PC 4G.  Hated the native OS so I installed Ubuntu and followed the instructions to get the Kernel that works best with the eee pc's.  I'd love to be able to use our server (2003) to allow the students to login with their windows username.  I discovered the activedirectoryhowto on the wiki.  Unfortunately it states...
<chemfun> ...that I need ubuntu server to connect to AD.  Is there a way that I can connect to AD with Ubuntu Desktop, or is there an easy way to configure the server to have a x windows environment?
<chemfun> I've currently got server installed on my test eee box, but before I blow away another, I'd like to ask those that know more than I.
<chemfun> I was told that desktop and server are the same, but server has some extra packages installed
<radovan> AD is ldap
<chemfun> Could anyone point me towards a wiki that would explain what to install to get a GUI environment to talk to my server2003 box?
<radovan> login go throug PAM, so you need to update your pam config
<chemfun> or....is it possible to have an eee pc talk with the server via wifi at boot so that they can login with their AD username and pwd?
<radovan> http://ldots.org/ldap/
<radovan> section 2 is interesting one
<chemfun> looking at it
<radovan> afaik there is no exact howto do it. maybe google will help you, but AD is ldap.
<chemfun> without creating users on each eeepc will they be able to log in?
<chemfun> or would it be easier to create users on a box and image the other comptuers?
<radovan> yes, they will be able to log in
<chemfun> sweet
<chemfun> second question, if you've got time
<radovan> yes?
<chemfun> once logged in, would I be able to connect them to their windows home folder on the server, or would I need a separate NFS share that would be publicly accessed?  Did that make sense?
<radovan> you san use existing samba share, but i'm not sure single sign on will work, so they may need to authenticate to samba share
<radovan> or you can use nfs on windows, but generally that's not a good idea
<radovan> implementation really sux :)
<chemfun> why?
<chemfun> :)
<radovan> windows implementation of course
<chemfun> right
<radovan> i've tryed it and had performance issues
<chemfun> Maybe I'm working at it backwards...I've already created a share for them on the windows box
<chemfun> I don't know a lot about samba
<chemfun> or linux for that matter
<chemfun> We've got a linux firewall with dansguardian, but I only know enough to be dangerous
<chemfun> I'll keep digging.  Thanks for the pointers
<radovan> no prob :)
<yeason> does anybody know if there is a good irc-services package for ngircd? I'm not having luck finding one
<uvirtbot> New bug: #379488 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 None [modified: /var/lib/dpkg/info/mysql-server-5.0.list] failed to install/upgrade: el subproceso pre-installation script devolvi? el c?digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/379488
<j0nr> Hi all, question: I have just set up apache/mysql/php to enable a simple webserver. /var/www/ is the web root. So if I put index.html in there it gets displayed to the web. But sometimes you want things higher up than that, i.e. on other hosted sites, the web root is not accessible by the public and youu have a public_html folder where the public acessible info goes...how do I make a folder within /var/www/ be the default 'public_html'?
<j0nr> is it something like editing /etc/apache/sites-available/default and adjusting the root directory?
<maxb> Erm
<maxb> That's a slightly weird thing to do
<maxb> Put the things which are not part of the website somewhere other than /var/www
<stickystyle1> j0nr:  If your looking for per-user public_html folders (which is the only place I know of that dir name being used) you need to look into mod_userdir for apache
<j0nr> ok, but somethings are part of the website... maybe I am just confused (n00b)... I am trying to install gallery software... the frontend of it is in a sub-directory of the webroot as it is viewable by the public, but the data for it, i.e. the raw images, are stored outside the document root...think I am answering my own question a bit...
<j0nr> i can just tell it where they are in relation to  '/'
<j0nr> this is just because its my own server rather than a hosted one
<j0nr> ok no worries... :)
<stickystyle1> for gallery, the standard place to store the data (i.e. photos) files is /var/lib/gallery2/g2data/  and that is something that you set in the config.php
<stickystyle> FWIW, gallery is already in the repos so you don't have to manage all this yourself.
<stickystyle> under 'gallery2'
<bin1010> howdy all
<bin1010> I got the two nic thing to work
<bin1010> thanks for the help
<bin1010> how do I tell ubuntu server to do certain requests on one nic and all the others on another?
<bin1010> can someone just point me in right direction?  Not sure what to search for as far as effective keywords...keep getting #$@#Q!!#.  Thanks
<jmedina> bin1010: what do you exactly want to do?
<bin1010> I am using one nic mainly for incoming requests on local network and the other nic for internet.  Sometimes when the server makes a request like for aptitude update, it has to wait for some timeout before it gets the information it seeks.  I want to go ahead and tell server for most requests uses nic 2 and only use nic 1 for these specific things.
<bin1010> did that make sense?
<stickystyle> bin1010:  which nic is your default gateway?
<bin1010> good question...hold on
<stickystyle> and it sounds more like a DNS resolution issue.
<bin1010> well one nic can see a local network just fine....but it can't get to the internet at all.  The other is hooked directly to our internet infrastructure
<jmedina> or probably both interfaces connected to same switch and same broadcast domain
<stickystyle> bin1010:  does this computer serve as a gateway/firewall for computers on the the LAN side?
<bin1010> ip addresses are 192.168.56.101...thats the local network guy....and the other is 10.0.2.15 which has the ability to get to internet.
<bin1010> no...no gateway/firewall
<bin1010> i am using it as local web development environment...so I only allow connections to it via the local network NIC
<bin1010> connections to the machine work greate
<stickystyle> but apt-get updates take a while to get going?
<bin1010> yes. it hangs for a time, then goes...kindof like a timeout
<bin1010> remember when firefox had a similar problem...it would hang on a socket drop
<stickystyle> The DNS server(s) set in /etc/resolv.conf, are they on the internet or local?
<bin1010> the one it is pointed to is the one that can get to the internet....I just use the boxes ip address to check the webpage...sorry
<stickystyle> BTW, there is no 'timeout' type thing with having more than one NIC.  You have a set of routes that the computer tries, and then the default gateway.
<bin1010> okay....cool  That's much better ;)
<stickystyle> To expand upon that, if your DNS server is not on those predefined set of routes (which it sounds like it is not) then the computer will always use the default gateway interface.
<bin1010> that makes sense
<stickystyle> I'm leaning towards a DNS issue if you haven't noticed ;)
<bin1010> is see that
<bin1010> LOL
<bin1010> yes...the local network NIC will not be able to get to the DNS server in resolv.conf
<bin1010> so that is the problem...but there is no way for me to get that NIC to that DNS server or even the gateway...they are really setup for the internet nic
<bin1010> sorry the DNS and Gateway are setup for the "internet"nic...
<stickystyle> that sounds like a valid setup from what you have described so far.
<bin1010> but wont both nics try to use those settings?
<bin1010> sorry for my ignorance...I am more of a developer than a linux admin.  I can get around most things, but I still get lost/confused on occasion. :)
<stickystyle> Yes, the OS will handle which NIC to use for a particular request.
<stickystyle> No worries.
<bin1010> sweet...thanks
<stickystyle> how many DNS servers do you have in resov.conf ?
<bin1010> just one
<stickystyle> Just for fun... change it to '4.4.4.2' (that is verizion's DNS server), we won't leave it on that but just for testing lets see what happens.
<stickystyle> Whoops.  I meant to type 4.2.2.2
<stickystyle> He'll be back :)
<tadeu_> guys, i just create a .iso with remastersys, when i boot it the boot process stop in "configuring network interfaces", any idea ?
<tadeu_> "ctrl+c" does not work.. the boot just keeps stuck
<slestak> i have just picked up likewise open for my workstation.  I have a primo setup I dont want to lose.  I figured our winbind usermap, so when I log in as AD username, it appropriately comes in as the local user, but I think that is a bandaid.
<ivoks> sommer: here? :)
<slestak> is it safe to cp -R ~ to the ad users homedir, chown it all, and expect gnome settings and seuch to be safe?  Think gconf will have a conniption?
<RoAkSoAx> ivoks, heya master... any news on the HA track for the UDS?
<ivoks> RoAkSoAx: i haven't checked
<RoAkSoAx> you already in barcelona?
<ivoks> yes
<RoAkSoAx> awesome
<RoAkSoAx> I wish I can attend to an UDS someday :(
<RoAkSoAx> hahaha
<ivoks> work hard and you might :D
<RoAkSoAx> indeed
<RoAkSoAx> I think they have not scheduled the HA talk just yet
<hkais> radovan: thx! I will give it a try
<WebcamWonder> Question: I tried shutdown -F, touch /forcefsck on separate occasions. Neither triggered a fsck on the reboot, any ideas how to do so?
<Artemis> hello
<Artemis> hello
<Artemis> exit
<Mendrinos> hi, I have installed through aptitude mysql-server-5.1.13
<Mendrinos> but I cannot find php5-mysql for the version of 5.1.13
<Mendrinos> as a result
<Mendrinos> to have a php mysql client 5.0.x and not in the same version of the db server
<Mendrinos> does anyone know how to upgrade php mysql client to 5.1.13?
<phaze74> Hi. I have my own private repository and I'm trying to permanently remove a package. I'm running "reprepro -b . remove jaunty packageName" and it looks like it succeeds. But when I do an apt-get update and an apt-cache search on one of my servers I can still see the package. Is there something I'm missing?
<phaze74> Anyone?
#ubuntu-server 2009-05-23
<uvirtbot> New bug: #379574 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10 [modified: /var/lib/dpkg/info/mysql-server-5.0.list] failed to install/upgrade: subprocess pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/379574
<fbc-mx> Is there a command to tell the server to search for the closest mirror and use it?
<jmarsden> fbc-mx: Not really; the Debian packages which do that have not yet been fully/correctly ported to Ubuntu, as far as I know.
<fbc-mx> jmarsden, thanks.. well, I guess it's not mission critical.. just a luxury feature really.
<jmarsden> fbc-mx: Yes.  netselect is one of the Debian packages, if you want to keep an eye on it... maybe one of these days I'll get inspired to have a look at porting it :)
<fbc-mx> jmarsden, yes, I've used it before on my debian servers. I've just upgrade from etch to lenny and it was very instumental in helping me find a fast mirror.
<twb> IME all the good ISPs have their own mirrors anyway :P
<jmarsden> twb: Verizon FIOS is pretty good, but I doubt they have a Ubuntu mirror... might be fun to ask them though :)
<twb> Why wouldn't they?
<jmarsden> All they know about and support is Windows.
<twb> Then they are not a good ISP, obviously.
<jmarsden> I don't need them to know about Ubuntu, just reliable fast connectivity at a price I can afford...
<twb> I bet you don't even expect an ISP to provide a usenet node!
<jmarsden> No, I just expect a connection to the Internet, which is what the I stands for :)  If I want email I find an email provider, if I want Usenet I find a provider of that... (or of course I provide those services myself, if I so choose)...
<twb> Then they would be an Internet Connection Provider :P
<jmarsden> Sure, works for me.  Especially if it lowers the price compared to what an ISP would charge for the same connection :)
<jmarsden> I admit it is convenient when your connectivity provider provides DNS servers you can use to resolve names with, but even that is not 100% necessary.
<twb> And doesn't, for example, use a transparent caching proxy for HTTP.
<twb> And not having to pretend to be using Windows when you call their tech support people.
<twb> And actually having the connection be up more often than down, and not massively oversubscribed...
<twb> Sure, I'll pay a 20% markup for such stuff.
<axisys> how do I make sure only radius auth works and not allow local passwd auth .. here is my /etc/pam.d/sshd http://pastebin.com/f17b84ac7
<fbc-mx> jmarsden, BTW do you know if PPPOECONF creates another interface? If so, would it be like a new on eth1 or would it create a virtual one like eth0:1?
<jmarsden> fbc-mx: I don't know... I'd guess it creates a ppp0 interface??
<fbc-mx> jmarsden, great! thanks..
<Rafael_> when i open the command line thru putty i see "You have new mail.
<Rafael_> " how can i check this?
<Shinu> mail
<Shinu> or
<Shinu> nano /var/mail/yourloginname
<fbc-mx> I have the sound card of my ubuntu server connected to my stereo amp. Is there an PHP app that I could load that would allow my wife to search/queue up songs?
<fbc-mx> Like a PHP jukebox program or something?
<p_quarles> ampache, I think, would fit what you're after
<fbc-mx> p_quarles, awesome thanks.. I look at but could not find where it had a LOCALPLAY option. I figured it was streaming only, but now after careful examination, I see that it does have a local play option.. thanks again.
<twb> axisys: generally, you should not have your own auth/session/whatever entries AND include the common-foo files.  Do one or the other.
<fbc-mx> p_quarles, my ebox/ubuntu jaunty server rocks! I've never been able to do so much home automation, ever. I think pretty soon, I'm gonna start looking for a program to turn it into an answering machine for my phone line. Now if only I could find a way to connect my USB-B2K Skype adapter and run a remote skype service and control it from my pc.
<twb> Why Skype and not a free implementation (like Asterisk) of an open protocol (SIP)?
<fbc-mx> p_quarles, but I don't think there is anyway to run skype as a daemon. You might need a full gnome GUI setup for that.
<twb> fbc-mx: you could use Xorg's vfb backend, so that skype thinks there's a display, but there isn't.
<fbc-mx> twb, Because skype is what people really know..  I guess I could use asterisk, but that would mean I'd have to pay for a number somewhere. The skype would be a free pc2pc call.
<fbc-mx> twb, vfb?? cool.. I gotta look into that... let me google it. I love ubuntu!!
<p_quarles> you could also just use ssh X11 forwarding, no?
<fbc-mx> p_quarles, that would be over my head. I'd have to find a guide or howto for that.. I'm good with the server services stuff, like bind,apache,samba, but X11 fluency has always eluded me.
<fbc-mx> p_quarles, from the reading about that I've just been doing , I don't need to tunnel it through ssh because it will be strictly a local lan based usage. So encryption is not really necessary.
<fbc-mx> BRB
<twb> p_quarles: assuming you were running X somewhere else, sure.
<twb> p_quarles: I thought he wanted a headless system
<p_quarles> twb: you don't need an X server for X forwarding, though; just the libs
<p_quarles> twb: well, not a server on the remote machine, anyway; just on the machine with the actual display
<twb> p_quarles: you need an X server *somewhere*
<twb> Not that it matters; he's gone
<p_quarles> twb: ah, re-reading, I see what you mean; I missed the part about the answering machine
<p_quarles> I thought he wanted to run skype remotely as an attachable client, a la irssi
<unewbie> is there a web management tool for squid proxy?
<Mal3ko> wth..ufw cant block ip..
<Mal3ko> sudo ufw deny from 60.51.117.96
<Mal3ko> but i could logon the server after reload the rules
<Mal3ko> could still*
<Mal3ko> what's wrong
<LHC> hey
<Mal3ko> ?
<LHC> anyone know how to host different mysql databases for different users on a server
<LHC> question time haha
<LHC> http://www.howtoforge.com/virtual-hosting-with-pureftpd-mysql-on-ubuntu-8.10
<LHC> but mines on a dedicate dhaah
<LHC> oops thats wrong sry
<axisys> twb: thanks a lot.. that was it
<axisys> Mal3ko: i think u probably need to pick a protocol
<axisys> Mal3ko: no i am wrong
<Mal3ko> hmm
<Mal3ko> To                         Action  From
<Mal3ko> Anywhere                   DENY    60.51.117.96
<axisys> Mal3ko: same here .. did not work for me .. even with proto tcp
<Mal3ko> ahh..i think ive found the answer
<axisys> Mal3ko: reload ?
<Mal3ko> https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw
<Mal3ko> read from the line 'So if you started with default deny and added in port 80 for a public server :'
<Mal3ko> You need to edit /etc/ufw/before.rules and add a section "Block IP" after "Drop INVALID packets" :
<axisys> Mal3ko: ah ha.. unless u specify the port number
<axisys> Mal3ko: nawp.. i am wrong again..
<Mal3ko> what does this mean..
<Mal3ko> "If you simply add the deny rule the allow would have been above it and been applied instead of the deny "
<axisys> i see you have to update the ufw* tables with are placed before INPUT table
<axisys> so bottom like need to comply with iptables orders .. make sense to me
<axisys> s/like/line/
<Mal3ko> iptable orders?
<axisys> Mal3ko: i meant iptables -L .. still learning
<Mal3ko> where is iptable rules stored in?
<genii> See manpages for iptables-save and iptables-restore
<twb> iptables-save rocks
<twb> Even just for READING rules -- it beats -vnL by far.
<Mal3ko> howso
<twb> Mal3ko: the output density, and the syntax matches what you actually type, rather than being an isomorphic dialect.
<twb> The main thing you lose is packet counts per rule.
<twb> Oh, and you don't need to remember to check eack table type separately.
<twb> (e.g. -t mangle)
<SineDeviance> hi all
<SineDeviance> currently i am running a WAMP server. i want to switch to a LAMP server
<SineDeviance> with windows i use a package called Bitnami WAMPstack
<SineDeviance> essentially, it's a one-click WAMP server installer/configurator
<SineDeviance> if i installed ubuntu server would it be ready to go right out of the box or would there be a good amount of configuring involved?
<jmarsden> It depends what you want to do with the server.  You can easily get the stack included at initial installation time, and it runs "out of the box".
<jmarsden> Bear in mind there will be no "one click", since Ubuntu server comes with no GUI -- it is command line driven.
<SineDeviance> jmarsden, i'm going to be running wordpress and eyeOS. eyeOS only requires php iirc
<SineDeviance> jmarsden, right but i can install a windowmanager right?
<unewbie> i need to copy some part of pdf file which is passworded, anybody know how?
<jmarsden> SineDeviance: Sounds very doable to me.  You can add a GUI, but then you don't really have Ubuntu Server any more...
<unewbie> as i remember i need to convert to some 'ps'
<SineDeviance> jmarsden, yeah but if i was running blackbox it would still be leaner than, say, ubuntu-desktop
<SineDeviance> i'm mainly doing it for the security anyways
<SineDeviance> i'm not too trusting in windowsxp's security ability
<jmarsden> It's your call.  GUI questions are not generally handled in #ubuntu-server.  You've been running a *server* on Win XP? Yes, Ubuntu Server will generally speaking be more secure, assuming equivalent care and attention from the system admin.
<jmarsden> Ubuntu Server is not just without "a window manager", BTW.  It is without an X server at all...
<SineDeviance> jmarsden, right. i'm running a server on winxp pro sp2. everything was fine at first but my router is crap so now i have to run my server in the DMZ. which basically means no firewall
<SineDeviance> you can surely see my predicament ;)
<jmarsden> Not a good thing to do.  By all means try Ubuntu server.  It works well.  But if you add X and a GUI to it... well, you're in a sort of half way house between Server and Desktop, so you'd better know what you are doing...
<SineDeviance> okay
<SineDeviance> hmm, maybe for now i'll stick with windows and run a software firewall like comodo. i'm really not familiar with ubuntu-server so i dont want to go rushing into this blind
<jmarsden> You could run your LAMP stack on Ubuntu Desktop, too.  The Server Guide is at https://help.ubuntu.com/9.04/serverguide/C/ if you want to start learning about Ubuntu Server.
<SineDeviance> jmarsden, that's a thought but it's quite an old system. it has 512 meg of ram and a 1500mhz athlonxp. ubuntu desktop has serious performance issues on this thing... winxp is actually much faster (i know, crazy innit?)
<jmarsden> The RAM may be your limiting factor there... adding another 512MB for say $30 would probably help significantly.  Or consider Xubuntu for a lower footprint Ubuntu with a GUI.
<SineDeviance> jmarsden, well see this is pc133 ram. it's almost impossible to fine
<SineDeviance> find*
<SineDeviance> but yeah
<SineDeviance> i guess i could try xubuntu
<jmarsden> OK.  BTW, I see several PC133 RAm modules on newegg... see http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&N=2010170147%201052107967%201052407863&name=PC%20133
<SineDeviance> jmarsden, holy crap
<jmarsden> That's just one of many online stores... one I use myself...
<SineDeviance> hmm i looked on newegg last year and they didnt have crap, i thought pc ram was dead
<jmarsden> It is, pretty much, but you can still find it.
<SineDeviance> yeah maybe i'll upgrade this system a bit
<SineDeviance> jmarsden, thanks
<jmarsden> No problem.
<WayneK> I'm trying to find out what the default groups are for the first user created during installation on Hardy Server (I used usermod without -a - d'oh!) : I found this link but I'm not sure if this applies to Server also: http://ccollins.wordpress.com/2007/07/02/restore-default-ubuntu-groups/
<pspsampsp> mysql wont start without root or on boot , how can i fix this?
<pspsampsp> mysql wont start without root or on boot , how can i fix this?
<LHC> hey
<uvirtbot> New bug: #369351 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30 hangs during installation" [Undecided,New] https://launchpad.net/bugs/369351
<LHC> anyone know how to limit bandwidth of a user in ubuntu server
<twb> That is non-trivial, I think.
<twb> Though if you work out how, I'd be interested to read an article on the implementation.
<LHC> yeah it seems very handy
<twb> Actually what I really want is monthly network quotas on a per-host basis (identified by MAC).
<twb> So that I can essentially sub-let my monthly download cap to flatmates; currently there's no easy way to tell WHICH asshole left bittorrent running overnight and blew away the cap.
<twb> One of the guys at work tells me it can be done, I just haven't bothered yet.
<giovani> twb: sure it can be done -- most bandwidth tracking apps use IPs though
<twb> Easier to spoof IPs than MACs, though.
<twb> Oh, and I want to do this on a 16MHz MIPS system :-)
<giovani> that's false
<ScottK> twb: IP spoofing is only somewhat doable in real life if you control both IPs.
<giovani> I doubt he's even talking about "spoofing"
<twb> Well, I use the term `spoofing' loosely
<giovani> he's talking about changing it
<ScottK> Ah.
<ScottK> Yeah.  That's easy enough.
<giovani> twb: if you can't trust them enough to rely on these metrics, then you're in far more trouble
<ScottK> Changing MAC isn't hard either.
<twb> You'd manually set your own IP to be the IP of someone else's laptop, when the other laptop isn't connected.
<giovani> twb: it sounds like your problem is not bandwidth tracking, but trust
<giovani> there's no bandwidth-tracking system that can ensure they aren't doing all sorts of weird things to get around it
<giovani> so, there has to be some level of established trust
<twb> Yeah, that's what I've already found :-(
<giovani> right ... so no need to look for a piece of software
<giovani> that's not what's needed
<twb> The implied goal was to make it more hassle than it was worth to circumvent it
<giovani> unless you can lock up the switch, and employ 802.1x
<giovani> that's your only bet for end-to-end security
<twb> Actually I suppose it won't be a problem when I switch to ADSL2, since even the throttled speed is fast enough for my needs, which are basically ssh and imaps.
<infekteddeath> anyone familiar with ispconfig 3
<mdlueck> I just installed my first Ubuntu 9.04 server edition. What is suppose to replace dselect?
<giovani> mdlueck: uhm ... apt?
<mdlueck> I guess I expected as much. Then I will pull down dselect with apt in that case.
<mdlueck> Thanks!
<giovani> mdlueck: what are you attempting to do exactly?
<mdlueck> Use what I am used to... been using dselect since the release before Debian Sarge... forget its name.
<giovani> apt "replaced" dselect years ago
<mdlueck> Is there anything wrong with adding dselect back to server 9.04?
<mdlueck> apt is completely command line, I can not browse through the packages.
<giovani> I'm unclear on why you think it's "gone" from ubuntu 9.04
<giovani> it's right there in the repository
<mdlueck> Gone meaning not installed by default
<giovani> heh
<giovani> it's an application almost nobody uses
<giovani> I don't want its 2MB bloating my install
<giovani> if you do -- install it
<mdlueck> "except me"
<giovani> so then you can install it ...
<giovani> that's why it's there
<giovani> default installs are not supposed to provide the packages only some people want
<mdlueck> I was asking because I thought there might be a new wiz-bang UI to package management
<giovani> there is ... it's called apt & co.
<mdlueck> co = dselect?
<giovani> & co = aptitude, etc
<mdlueck> aptitude I thought was the "GUI dselect" that the GUI versions of Ubuntu have, correct?
<giovani> no
<giovani> aptitude is terminal-based
<mdlueck> Oh, I did not know that.
<giovani> ncurses based to be exact
<giovani> you're probably thinking of synaptic
<giovani> which is a gnome/gtk GUI
<mdlueck> So there is something besides working with apt-get from the command line
<giovani> yes
<mdlueck> That's the anem1
<mdlueck> "name!"
<mdlueck> OK, I will check out what aptitude looks like then...
<giovani> http://algebraicthunk.net/~dburrows/projects/aptitude/aptitude-screenshot.png
<giovani> it looks like that
<giovani> or this: http://en.wikipedia.org/wiki/File:Aptitude.png
<giovani> aptitude is far from new though ... so I'm a little surprised that you're a hardcore dselect user and don't know of it
<mdlueck> Looks like what I was after... THNKA
<mdlueck> THANKS!
<mdlueck> For servers we still have Debian Sarge in production... migrating to 9.04 this weekend
<giovani> have fund with that
<giovani> big move
<mdlueck> Aptitude... "What the...?!?!"
<giovani> mdlueck: ?
<mdlueck> Says 2 packages are security updates, like 10 should be updated, when I press "g" then it seems to want to install 1928 packages!
<mdlueck> Things like apache which I do not want on this server...
<giovani> you probably selected some meta pkg
<mdlueck> "Will take some getting used to I guess". I have exited and gotten back in, same thing. Must have saved the meta pkg. Anyway to track down what I asked for?
<Gargoyle> Afternoon all
<mdlueck> Handy - Action \ Forget... slick!
<Gargoyle> Can I get older PHP releases from anywhere?
<mdlueck> Anyone here using djbdns? Trying to install on 9.04, relies on daemontools, and that is fussing as it can not find /etc/inittab
<mdlueck> Ooops, seems to be already a known issue --> [Bug 179251]
<uvirtbot> Launchpad bug 179251 in daemontools-installer "daemontools package fails to handle nonexistent /etc/inittab" [Low,Confirmed] https://launchpad.net/bugs/179251
<ssm> mdlueck, if you mark one of the extra packages with "deinstall" after you hit "g", it should also deinstall dependencies, which would be the meta package, that may help you find it
<ssm> meh, had pagedup a bit, didn't see you got a solution :P
<mdlueck> ssm, thanks for the suggestion!
<ssm> mdlueck, just touch inittab, so "make setup check" can add to it.  Then you'd need to add something for upstart
<ssm> ls that an ubuntu daemontools package you're installing?
<mdlueck> ssm, Great idea. I will try it, then reinstall those packages
<ssm> I like djbdns, but it's kind of picky when it comes to the environment it's running in.
<ssm> mdlueck: I see the "daemontools-run" package needs an inittab change, the "daemontools" package does not
<mdlueck> ssm, seems to have worked, no more grumbling
<mdlueck> Thanks!
<ssm> mdlueck, you need http://pastebin.com/m777e9230 and a "mkdir /etc/service"
<ssm> save the url as /etc/event.d/daemontools, and then you can do "start daemontools"
<mdlueck> All right, thanks for the addl pointers.
<slestak> hey guys.  i am trying my 1st kvm vmbuilder vm, and I have it booted, but sth is flukey with networking.  I can ping my dom1 from dom0, but I cannot ping anything but localhost from dom1.
<slestak> doth dom1 and dom0 have the same default gateway.  I confogured this with bridging, so I have a br0 interface on dom0
<slestak> ok, reading the fin manual , i see icmp doesnt work through bridge
<slestak> ok, more specific question, I cannot reach the outside lan from within vm.  1st activity I attempted was an adptitude update, and it cannto reach canonical.  hence the ping attempts
<uvirtbot> New bug: #368491 in open-iscsi (main) "Cannot mount partition on iSCSI LUN" [Undecided,New] https://launchpad.net/bugs/368491
<fbc_> How do I do this to pulseaudio from the command line? "enable network access to local sound device"
<antonsetiady> # join
<antonsetiady> hi...
<antonsetiady> dddddddddddddddddasda
<antonsetiady> halllo
<antonsetiady> anybody online??
<fbc_> ask what you need to know
<fbc_> has anyone installed mpd mpc pulseaudio on ubuntu server and got them to play nice? I can get any sound. Could someone point me in the right direction?
<mikegriffin> hiya, what is the name of the webmin like thing that ubuntu puts out? i wanna try it out today
<ScottK> mikegriffin: ebox
<mikegriffin> thanks ScottK
<mikegriffin> played with it?
<ScottK> Not.  My favorite server gui is vim.
<MianoSM> vim is a gui now?
<ScottK> GUI enough for me on a server.
<mikegriffin> agreed, but it is nice to let others manage email adds and such
<ScottK> Sure.
<MianoSM> Webmin works like a charm for me still, and having junior admins only accessing through usermin is great. ;)
<giovani> heh
<mikegriffin> *min kinda sucks as it tries to do too much, apache configuration through it is terrible
<mikegriffin> same with mysql really
<giovani> all of these interfaces suck
<psylance`> giovani, agreed
<fbc_> anyone know how to test alsa sound from the command line?  Line just make it go beep or something so that I know it's working and configured properly?
<mikegriffin> mpg123?
<giovani> fbc_: any audio player will work
<fbc_> giovani, ok, I loaded mpg123 and played an mp3. It said it was playing but couldn't hear a thing? How would I trouble shoot a problem with alsa audio?
<mikegriffin> alsamixer?
<mikegriffin> this is so not a server question.. try #ubuntu?
<MianoSM> apache config through webmin is great, as long as you compile from source
<mikegriffin> MianoSM: how do you add a RedirectPermanent without manually typing that in? :)
<MianoSM> are you asking simply to ask, or do you really want to know how to do it through webmin?
<mikegriffin> basically, anything you want to do in apache is going to be just modifying to conf manually through webmin in my experience
<MianoSM> right
<MianoSM> However with webmin, you can have a quick and easy way to access and administer your servers through a web browser in a pinch. It's a nice backup to have  in my opinion, and has always worked with a very small foot print.
<atomic__> you can't see its hands though ;)
<giovani> MianoSM: a backup to what exactly?
<pisi_> A ubuntu server started to play tricks after an upgrade. Outgoing connections (like telnet) pick the address of eth1:1 instead of eth1 so i get kicked out of IP-filtered services.
<MianoSM> backup to needing :22
<giovani> the web server hosting webmin is going to be LESS reliable, and never available when SSH is not
<pisi_> Why does it happen and how can I prevent it/tweak it
<MianoSM> Like when I'm at school?
<giovani> pisi_: just check your default route
<MianoSM> Or when I'm in a government building that states I can't plug in my usb drive to open putty on one of the windows machines?
<giovani> hah
<giovani> use your own computer
<pisi_> giovani: 0.0.0.0         X.X.X.X  0.0.0.0         UG    100    0        0 eth1
<MianoSM> ....
<MianoSM> using your own computer is not always an option, thus the "backup"
<pisi_> just as it should be. I've had interface-swapping kind of problems before (which are annoying) but never so that IP addresses get mixed.
<mikegriffin> giovani: it runs its own 'webserver', a perl script
<pisi_> giovani: a reboot for example fixed it for now, but I can't explain why it acted like it did for one reboot
<giovani> mikegriffin: how is that a statement of reliability?
<giovani> MianoSM: there are ways to deal with all of the limitations you discussed
<MianoSM> Sure, to each their own for sure - that is the essence of the movement I think ;)
<giovani> a) putty doesn't need to be saved/installed onto the machine you want to run it on -- firefox/ie can run it directly out of the temp folder
<giovani> MianoSM: sure ... and to educate those who misunderstand things :)
<MianoSM> You can not bring flash devices into a secure area
<giovani> MianoSM: I wasn't recommending that you do so
<giovani> if you read my statement
<MianoSM> that's execution of a remote app in their eyes however
<giovani> then you should not be accessing your server from said computer
<giovani> I'm sure it's a violation of their policies based on this information
<MianoSM> It is not.
<giovani> I bet it is
<MianoSM> Ok.
<giovani> anyhow -- there are java/whatever ssh apps
<giovani> that can be loaded in a web browser
<MianoSM> So many different ways to do the same thing. :)
<giovani> that's not the same thing as using webmin
<MianoSM> ebox wasn't for me - I simply offered a different solution.
<MianoSM> An argument to argue is not my inclination at the moment though. :(
#ubuntu-server 2009-05-24
<slestak> anyone in the know got an opinion on kvm network bridge setup getting any easier or reliable?  I am at a decision point in a potential p2v covnversion of several machibes, but i am killing way too much time in configuring fraking br0
<slestak> vbox and vmware seem to have it pretty brainless.  ive gotten 2 workdays (not full, but a good bit) intil pythin mbuilder, and proper host bridging has been the biggest hangup
<slestak> s/intil/into
<slestak> seems like i have seen a couple of workarounds to get it working (this one worked) http://blog.loftninjas.org/2009/04/06/quick-bridging-with-kvm-on-ubuntu-jaunty/  but i really like the idea of templated builds for our dev team.  i havn't seen a way to get the br-ifup script knitted into the libvirtxml.templ.  may not be possible.
<slestak> doesanyone havr it working?  i cant be the only onewith difficulty here
<MTecknology> Anyone know of any nice walkthroughs for setting up an email server with multiple domains that doesn't use actual system user accounts (virtual domains/users instead)?
<keshik> i'd like to know of one as well that supports pop/smtp and webmail, MTeck
<MTecknology> This looks pretty solid... https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto
<keshik> thanks for the information, MT
<arrrghhh> hey, has anyone deployed openchange server on their ubuntu installation?  i found it was in the repo's for 9.04...
<MTecknology> So... I setup postfix and everything along with it for filtering and I never need to think about dovecot. It's not until I want to start reading email that dovecot matters, right?
<HaliFax> ihaven
<HaliFax> Â´t gotten to that part
<HaliFax> i keep getting the relay error
<MTecknology> I haven't touched anything yet - just reading
<HaliFax> yeah well i get that error i'll check again in the morning
<uvirtbot> New bug: #377322 in openssh (main) "my sftp conncection breaks spontaneously after a while, I have to re-login to fix it." [Undecided,New] https://launchpad.net/bugs/377322
<ivoks> nxvl: you have 25670 new emails
<slestak> quiet this morning.  does anyone have python-vmbuilder created vm + bridged networking working?  I have it working kinda, but what i have will be hard to duplicate (which is the whole point of the templated setup)
<ttx> ivoks: where are you dude ?
<Rafael_> i am trying to make backups from my ubuntu server into a NAS linksys, somebody told me on this chat to mount as: mount -t cifs -o username=foo host:/share /mnt/point), but my question is if i have samba already install i should still do the same command?
<infekteddeath> im using mydns and in the terminal i get servfails trying to reach my site can anyone help
<giovani> is your dns server running?
<infekteddeath> yes
<giovani> and the port is open?
<infekteddeath> yes
<infekteddeath> im using mydns and ispconfig3
<giovani> did you set up dns for your domain properly?
<giovani> I don't know what ispconfig3 is
<infekteddeath> its web gui control panel
<giovani> ok, I can't help you with that
<infekteddeath> well i dont think its a web gui problem
<infekteddeath> i think mydns isnt configured proprerly or something
<giovani> can you give me the dns server ip, and the domain you're trying to resolve?
<infekteddeath> infekteddeath.com
<giovani> what's the dns server address?
<infekteddeath> 173.30.111.134					
<infekteddeath> ns1.infekteddeath.com
<infekteddeath> ns2.infekteddeath.com
<infekteddeath> im trying to completely run my .com nameservers, mail, everything
<giovani> yep, you probably misconfigured the mydns config
<infekteddeath> have any idea how i can fix this
<giovani> I've never used mydns though, it's not a common dns server
<giovani> try #mydns
<infekteddeath> ok
<giovani> or try looking for a syntax-checking option in it
<giovani> to see if it can tell you where the error is
<infekteddeath> whats a common dns server
<giovani> bind
<giovani> by far the most common dns server
<infekteddeath> thanks
<infekteddeath> sorry for buggin again but could having no virtual host be bad?
<Rafael_> can somebody tell me how to do to see samba shares from the command line
<Rafael_> can somebody tell me how to do to see samba shares from the command line in ubuntu
<giovani> Rafael_: mount -t cifs -o username=user,password=pass //server/share /path/to/mount
<Rafael_> giovani: this is to mount or to see network places
<pmatulis> Rafael_: install smbclient package and then man this stuff: '$ dpkg -L smbclient | grep bin/'
<giovani> Rafael_: that mounts -- it's like smblient -L //server or something to get shares
<giovani> as pmatulis said -- man smbclient
<Rafael_> if i have installe samba before do i have still to install or just do the mount
<giovani> you said you wanted to browse shares
<giovani> we've told you what tool you need, and where to read about its options
<Rafael_> thnks
<ackers> need shell TO UPLOAD, please pm me. willing to buy now
<ackers> need shell TO UPLOAD, please pm me. willing to buy now
<ackers> i want to buy shell. please do pm me. if u have for sale
<ackers> i want to buy shell. please do pm me. if u have for sale
<ackers> i want to buy shell. please do pm me. if u have for sale
<niekie> ackers: Uh. We don't sell "shells" here.
<ackers> where can i get
<ackers> can u direct me to a room/channel
<ackers> plz
<ackers> i want to buy shell. please do pm me. if u have for sale
<weiser> Hey, I have an Ubuntu server 8.04 (Hardy) and want to run this command "sudo /usr/local/devmon/devmon --readbbhosts >>/var/log/devmon-readbbhosts.log" but I get a "-bash: /var/log/devmon-readbbhosts.log: Permission denied". Is it Apparmor? And if it is do it have a log where I can see what it is blocking?
<ackers> i want to buy shell. please do pm me. if u have for sale
<ackers> i want to buy shell. please do pm me. if u have for sale
<weiser> hmm, sometimes I just want to kick my self, it helps to change the premissions to write acces to the log file...
<incorrect> *cough* has anyone tried getting windows 7 running under kvm?
<giovani> incorrect: google has
<incorrect> i know google has
<giovani> well google's first result happens to be on Ubuntu Intrepid
<giovani> and the answer is yes it works
<giovani> so I figure the answer is yes
<incorrect> i know it works, there seem to be a fair number of different experiences
<giovani> hmm, ok
<incorrect> I was thinking about using it to test builds
<giovani> test builds of?
<incorrect> just some code i am working on
<giovani> I'd stick with virtualization software that's more tested for that
<incorrect> it is not super important to be stable
<giovani> ok, why testing on windows 7?
<incorrect> for giggles
<ackers> 	
<ackers> m.hunter009
<jetole> does anyone know of a cheap humidity monitor that I can plug into a server?
<jetole> or that I can somehow query remotely?
<giovani> jetole: cheap? no
<MTecknology> What's that app that sends you regular system log data
<MTecknology> I think it just sends you a message daily from when you got from the end of what you got the day before
<MTecknology> Heading to nappy ville - please hilight me if you guys have any answer.
<giovani> MTecknology: you may mean logwatch
<aka> hey guys I am trying to get PATH_INFO working with apache2 which is installed from the ubunutu package.  I have AcceptPathInfo directive in my httpd conf file but it still isn't pulling.  I am wondering if there is a known issue or quick way to get PATH_INFO available?
<jetole> MTecknology: logwatch?
<jetole> oh
<jetole> giovani said it
<sivang> hi all
<baran> hi! I added second ethernet card on vmware but when I write ifconfig I can't see the second one
<baran> what should I do?
<Nicke_> does it show if you run ifconfig -a ?
<baran> yes :)
<baran> but there is no ip
<baran> how can I take ip from dhcp or how can I config ip address
<Nicke_> check the file /etc/network/interfaces
<Nicke_> where that can be configured
<Nicke_> (also see "man interfaces")
<baran> thanks alot now it is OK :D
<Nicke_> nice :)
<baran> is there a web gui for iptables?
<Nicke_> I have no idea
<MianoSM> no there is no web gui for iptables natively.
<giovani> ebox appears to have an iptables management feature
<giovani> not sure if it's part of the default ebox install though
<giovani> http://trac.ebox-platform.com/browser/trunk/client/firewall/src/EBox/Iptables.pm
<MianoSM> as does webmin ;)
#ubuntu-server 2010-05-24
<ne7work> hello all
<ne7work> i need help please
<corpse> Hey, I am trying to install ubuntu server via USB using UNetbootin. When i get the the Unetbooting boot screen it does nothing when i click on install. I can only do default and then that freeze up when i get to the language selection screen. any ideas?
<hankhill> upon placing a new upstart job in /etc/init/, it vanished upon reboot. how can I prevent this? (or properly add an upstart job, if I'm doing it wrong)
<killown> i am trying create a ubuntu-server cd customized and i would like know where i found the script dialog ubuntu-installer 'Ubuntu Installer Main Menu'  i need know that to change somethings.. do anyone know?
<ScottK> corpse: Try using usb-creator to make the image (or usb-creator-kde on 10.04).  Those seem to work better.
<chrismsnz> RoyK: found my problem with the innodb plugin
<chrismsnz> had to add apparmor rules in to allow mysqld to mmap/dlopen the .so files
 * chrismsnz ffuuu
<elnur> Which FTP server would you recommend?
<jpds> vsftpd.
<lifeless> 'one that works' ? :P
<bc> elnur: vsftpd
<bc> elnur: with chroot enabled
<elnur> lifeless, yea :)
<elnur> jpds, bc, thanks
 * SpamapS has always been a proftpd man
<SpamapS> but vs has a bit better record w/ security
<SpamapS> and probably these days just as many great features. :)
<elnur> i've tried pureftpd once and have no xp with vsftpd. anyone ever used pureftpd to be able to compare it to vsftpd?
<bc> SpamapS: On a high traffic server, with typical users, I haven't seen anything vsftpd didn't solve.
<bc> I'm about to fall out of the chair. Talk with you tomorrow,
<elnur> Okay. Then goes vsftpd. Thank you, guys.
<elnur> What is the difference with ftp and sftp? Why I get chrooted to my home dir with ftp but don't with sftp?
<jpds> elnur: sftp happens over SSH.
<elnur> jpds, huh. so ftp and sftp are handled with different services?
<jpds> Yes.
<jpds> elnur: You might want: http://www.debian-administration.org/articles/590
<SpamapS> there's also that magical FTPS that happens via SSL.. but thats always produced odd reactions when I suggest people use it.
<SpamapS> mostly because client support is pretty hard to find
<elnur> jpds, yea, i want that. thanks
<RoyK> bc: vsftpd is probably the most used on larger sites - take a look around :)
<uvirtbot> New bug: #584862 in libvirt (main) "libvirt launches dnsmasq for non-dhcp networks." [Undecided,New] https://launchpad.net/bugs/584862
<FireCrotch> I have a Ubuntu 9.10 server. It's a VPS running under OpenVZ. I'm trying to set up quota during the install process of ISPConfig 3, but I have a problem...  / is not in fstab, and I'm supposed to add ",usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0" to the entry
<simplexio> FireCrotch: define your problem again? you should be able just edit fstab and add mentioned line to options
<FireCrotch> simplexio: my fstab doesn't have an entry for the root filesystem though
<simplexio> FireCrotch: ah.. mount should tell you needed ifrmation which to add into fsab
<simplexio> FireCrotch: but 'mount' command tell you that you have / mounted
<FireCrotch> yes, mount says that / is mounted... /dev/simfs on / type reiserfs (rw,usrquota,grpquota)
<FireCrotch> Note that that's before I've done anything related to quota (so anything relating  to quota is a result of my webhost's config)
<simplexio> could it be that you need define root partition options in openvz virtualmachine settings or something
<FireCrotch> Yeah... I don't think I'll be able to use quota with this setup that they have. No big deal. But thanks for the help, simplexio
<simplexio> and if you can toy wth installation, so you sont loose anything if it isnt working anymore, you could just try add / to fsab
<simplexio> or try use mount -o remount,moreoptions /
<RoyK> wtf is simfs?
<uvirtbot> New bug: #584907 in postfix (main) "package postfix 2.7.0-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/584907
<uvirtbot> New bug: #584910 in libvirt (main) "libvirt can't add host definitions to DHCP without network restart" [Undecided,New] https://launchpad.net/bugs/584910
<ploum_> hello
<ploum_> can anybody point me to a doc to allow name+mailbox@domain handling of mail on a dovecot/postfix ubuntu server ?
<ploum_> where  name+mailbox@domain send your mail to name@domain and put it directly in the mailbox folder
<Daviey> ploum_: i would use procmail or sieve for that
<ploum_> Daviey, I know that it is done in the dovecot-postfix package, that's why I'm asking (because installing this package breaks my config)
<Daviey> ploum_: pass then, sorry.
<ploum_> how would you do that with sieve ? Afaik, the mail will be refused by Postfix (name+mailbox is not a valid user) before being received by sieve
<lunaphyte_> why do you think that?
<RoyK> ploum_: doesn't postfix have some rewrite magick like old sendmail?
<lunaphyte_> he's yet to say why he thinks postfix will refuse such mail.
<Italian_Plumber> good morning.  I've been getting an error when using apt-cacher-ng... "Signatures were invalid"
<Italian_Plumber> http://ubuntuforums.org/showthread.php?t=1491239
<Italian_Plumber> any help would be greatly apprecaited.
<bogeyd6> Italian_Plumber, invalid signing key
<Italian_Plumber> yes
<bogeyd6> clear the file and put the right one in its place
<bogeyd6> which i assume you just download the file from either the ubuntu archive or a similiar mirror
<Italian_Plumber> where is the file?
<bogeyd6> Italian_Plumber, where did you setup apt-cacher-ng to put the debs?
<Italian_Plumber> I don't know.  wherever the default is.  I just typed "apt-get install apt-cacher-ng"
<Italian_Plumber> I think it's /var/cache/apt-cacher-ng
<bogeyd6> yeah
<Italian_Plumber> There's  a file there "_impkeycache"
<bogeyd6> ubuntu/dists/hardy
<Italian_Plumber> is that it?
<bogeyd6> ubuntu/dists/hardy-updates it would seem
<Italian_Plumber> Here's what in the directory:
<Italian_Plumber> /http://pastebin.com/0R3xxYUV
<bogeyd6> sudo mv _impkeycache _impkeycache.old
<bogeyd6> then i would somehow resync or whatever with like an apt-get update and then check to see if it worked
<Italian_Plumber> awesome
<Italian_Plumber> I'll try that
<Italian_Plumber> I'm waiting right now for the client VM that I'm testing this with to finish resuming
<Italian_Plumber> well it might be a while because my speeds between here and that machine suddenly took a crap. :(
<Italian_Plumber> Unfortunately I still see the error.
<Italian_Plumber> http://pastebin.com/KRk8SJ5J
<sommer> morning
<jpds> Italian_Plumber: sudo apt-get update -o Acquire::http::No-Cache=true
<Italian_Plumber> jpds: thanks... should I do that on the client or server?
<jpds> Cliet.
<Italian_Plumber> Unfortunately I still see the error
<Italian_Plumber> Here is the entire command: http://pastebin.com/46QPMciU
<achilles> hello, is there a way to let users use my network printer without the need to install a driver for each client machine ? I tried cups, but it looks to me like just defining printers and let others use it via samba, am I correct ?
<ploum_> RoyK that's what I'm trying to find
<ploum_> but I don't even know the name of this feature ;-)
<uvirtbot> New bug: #584949 in vsftpd (main) "package vsftpd 2.2.2-3ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 3" [Undecided,New] https://launchpad.net/bugs/584949
 * ccheney will be headed to doctor in about an hour
<hggdh> kirkland: are you OK with your assignment on bug 584497? In other words, can I mark it in-progress?
<uvirtbot> Launchpad bug 584497 in landscape "The EC2 endpoint should be HTTPS by default" [High,Confirmed] https://launchpad.net/bugs/584497
<kirkland> hggdh: leave triaged
<kirkland> hggdh: assigned to me is fine
<hggdh> kirkland: thanks
<linxeh_> is the ubuntu server guide still available as a pdf? I can't seem to find it for 10.04, only older releases
<StrangeCharm> On a shiny new server, I used tasksel to install the LAMP server software. While trying to set up Wordpress, going to locations like 'blah/install.php' my browser downloads the file, rather than displaying a dynamically generated page. This makes me think that PHP isn't installed correctly, but I assume that it should be. What's going wrong here?
<sommer> linxeh_: working on getting it uploaded
<sommer> linxeh_: bug 575771 has details if you're interested
<uvirtbot> Launchpad bug 575771 in ubuntu-docs "No PDF version available for 8.04 and 10.04 Server Guide" [High,Fix committed] https://launchpad.net/bugs/575771
<sommer> StrangeCharm: might double check that the php5 module is loaded... also try restarting apache
<StrangeCharm> sommer, how do i check that?
<sommer> ls /etc/apache2/mods-enabled/ ... should see php5.conf and php5.load symlinks
<uvirtbot> New bug: #364898 in vm-builder (universe) "python-vm-builder depends on kvm" [Wishlist,Triaged] https://launchpad.net/bugs/364898
<cemc> how can I disable framebuffer at boot?
<cemc> it doesn't work because I have crappy vidcard, but it still tries and loads a bunch of modules
<StrangeCharm> sommer, yep, seem to be there
<sommer> StrangeCharm: I'd try sudo /etc/init.d/apache2 restart then... tasksel may have not restarted apache
<StrangeCharm> sommer, nope, still getting the install.php file
<StrangeCharm> sommer, any other ideas?
<sommer> StrangeCharm: not sure... is there any errors in your /var/log/apache2/error.log?
<StrangeCharm> sommer, nothing interesting. it does say "[notice] Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.1 with Suhosin-Patch configured -- resuming normal operations" after a restart though, which bodes well for the presence of php
<sommer> StrangeCharm: yep, might be something with the configuration then... might check the settings in /etc/php5/apache2/php.ini
<simplexio> Â§wÂ§wÂ§wstr
<StrangeCharm> sommer, i have no idea what i'm looking for
<simplexio> StrangeCharm: check that you have php5 files in /etc/apache2/mods-enabled/ and write file index.php containing phpinfo(); in www-root
<simplexio> that is easiest way to test php install
<sommer> StrangeCharm: I agree with simplexio :-) was about to recommend that
<simplexio> for soereason php has been allways kinda hit and miss instal, attleast for me. it works or you just cant figure what you missed
<StrangeCharm> sommer, simplexio it just renders that string
<simplexio> so basicly your config dosent recognioze that .php endin files are phph
<simplexio> StrangeCharm: so you have two php files in mods-enabled ?
<sommer> StrangeCharm: you might also look at the Server Guide: https://help.ubuntu.com/10.04/serverguide/C/php5.html
<simplexio> StrangeCharm: and i assume that you have restarted apache after you installed php
<StrangeCharm> simplexio, i have restarted apache
<SpamapS> StrangeCharm: are your files possibly stored in a directory other than /var/www, but referenced by symlink?
<simplexio> and php5.conf and php5.load in mods-enabled
<StrangeCharm> SpamapS, my files are certainly in /var/www
<SpamapS> StrangeCharm: try putting a file in /var/www/test.php , have it just one line:    <?php phpinfo();
<crb> 'lo.
<SpamapS> StrangeCharm: if you point your browser at that, does it show?
<simplexio> StrangeCharm: and est string foe index.php is <php>phpinfo();</php>
<SpamapS> StrangeCharm: or rather, does it show a giant page of PHP information, or just the line as-is.
<SuperLag> SpamapS: hey man. How goes it?
<SpamapS> SuperLag: :) it goes well thanks.
<StrangeCharm> SpamapS, that renders a whole load oh php info
<crb> I'm looking for a simple recipe for central auth on Ubuntu 10.04.  I have found some pages talking about there being a blueprint for this targeted at Lucid; anyone know if this was implemented?
<simplexio> :) is little while when i wrote php
<simplexio> StrangeCharm: so its working
<crb> Seems to relate to mathiaz and Puppet.
<StrangeCharm> simplexio, yes, that would be my broad conclusion
<StrangeCharm> so, why am i downloading files from /var/www/wordpress/wp-admin ?
<simplexio> some times i feel that there should be somekind standart test to take, so you could allways point first at your score when asking questions
<StrangeCharm> simplexio, why not write a wiki page for that?
<simplexio> StrangeCharm: i assume that they are .php, cant rememeber but does apache need .php files to be executable
<StrangeCharm> simplexio, it is a .php file: it's called install.php
<MTecknology> I need entropy on my server for gpg --gen-key. I can't use user input for it either... So.. I found ekeyd-egd-linux which seems like it might be useful but it seems under documented. Any ideas how I can either use this or do something else to get the entropy I need?
<SpamapS> StrangeCharm: are you sure /var/www/wordpress is not a symlink?
<simplexio> StrangeCharm: try give it execue rights
<StrangeCharm> SpamapS, i'm sure. i just downloaded a compressed file into /var/www, then decompressed it
<StrangeCharm> simplexio, what's the command for that?
<simplexio> and im using shell over gprs so  typo more than normal
<SpamapS> StrangeCharm: hmm
<simplexio> chmod uag+x file
<simplexio> its little overkill, and you should drop rights that are too broad. if it works
<SpamapS> uag ?
<SpamapS> you mean a+x ?
<SpamapS> Is that a Suhosin thing, php scripts have to be +x ?
<simplexio> dunno. its just my nesxt best quess
<StrangeCharm> that did not help
<SpamapS> hmm no
<SpamapS> StrangeCharm: who owns the wordpress dir / files?
<StrangeCharm> SpamapS, who should?
<SpamapS> StrangeCharm: depends on your strategy for security, but probably root
<simplexio> well apache can read it, so t should not be problem..
<SpamapS> StrangeCharm: or "not www-data"
<SpamapS> StrangeCharm: I missed the beginning of this.. is this the default Lucid setup?
<smoser> kirkland, ping
<StrangeCharm> SpamapS, i hope so. the os came reinstalled from my web-host
 * ccheney back
<SpamapS> StrangeCharm: any .htaccess files in there maybe screwing you up?
<StrangeCharm> SpamapS, in where?
<SpamapS> StrangeCharm: wordpress
<Italian_Plumber> wow... does every package need to set a locale?
<StrangeCharm> SpamapS, don't think so
<SpamapS> StrangeCharm: can you move that test.php into the wordpress dir and see if it works there?
<kirkland> smoser: yo
<AlienPenguin> hi ppl, i have a HP Proliant ml350 G& server with two sata 500gb drives in raid 1+0 (hp hardware p410i controller)
<AlienPenguin> there have been a spike and now my ubuntu 9.10 server does not boot anymore
<AlienPenguin> (kernel panic vfs not syncing)
<AlienPenguin> i can mount the partition, i did e2fsck, fixed a few inodes etc.
<smoser> kirkland, did you open a blvueprint for lxc work ?
<StrangeCharm> SpamapS, test.php works when its in the same directory as the file i'm trying to open
<AlienPenguin> i even tested grub,
<smoser> i thought you had done that, memory ill.
<smoser> but i didn't see one when i lookd
<AlienPenguin> but it keeps giving me that error, any hints?
<kirkland> smoser: hmm, i think it was bob blair (smoothstone) that did
<smoser> different lxc
<smoser> thies was per ensemble.
<smoser> i thought you had told niemeyer that you would ompen one
<StrangeCharm> SpamapS, which suggests that there's something deeper broken
<smoser> (same lxc different context)
<SpamapS> StrangeCharm: indeed
<SpamapS> StrangeCharm: are there any errors in /var/log/syslog?
<kirkland> smoser: i filed one for the last uds on lxc, though
<smoser> no problem.
<kirkland> smoser: oh, hmm
<kirkland> smoser: give me a sec
<smoser> i was just not wanting to duplicate work if you'd done seomthing.
<StrangeCharm> SpamapS, nothing in the last 20 mins, though i certainly tested later than that
<kirkland> smoser: yeah, i filed an ensemble one for Gustavoe
<kirkland> smoser: https://blueprints.edge.launchpad.net/ubuntu/+spec/server-maverick-ensemble
<SpamapS> StrangeCharm: permissions maybe? What are the perms of the file that works, and the files that don't work?
<StrangeCharm> SpamapS, how do i check permissions?
<SpamapS> kirkland: heh.. btw, I'm full time byobu now on my personal servers.. and I keep typing 'clear' every time I ssh in.. force of habit..
<smoser> kirkland, ok. thanks.
<kirkland> SpamapS: heh, thanks ;-)  file bugs as you see them
<StrangeCharm> SpamapS, i don't know how to see the permissions on a file
<cloakable> ls -l <filename>
<StrangeCharm> SpamapS, install.php has -rwxr-xr-x 1 flamsmark www-data 6547, while test.php has -rw-r--r-- 1 flamsmark flamsmark 17
<StrangeCharm> not sure what that means, though
<SpamapS> StrangeCharm: try doing 'chmod a-x install.php'
<SpamapS> StrangeCharm: any different?
<SpamapS> though I think realistically thats there because you did uag+x earlier
<StrangeCharm> SpamapS, no change
<SpamapS> so if that doesn't work.. I'm really confused
<StrangeCharm> two files, in the same directory, with the same owner, and the same extension. php executes one, but not the other
<SpamapS> StrangeCharm: yeah I think PHP is being told not to execute install.php somehow..
<StrangeCharm> how would it know?
<SpamapS> thats why I suggested looking for .htaccess
<StrangeCharm> SpamapS, can you think of any other methods by which that could be occurring?
<qman__> try chgrp www-data test.php
<SpamapS> yeah thats worth a shot didn't think of that..
<SpamapS> but it would be.. confusing
<qman__> yeah, it doesn't make a lot of sense why it would work like that, but it could, and testing/eliminating that is important
<SpamapS> :)
<StrangeCharm> after running that command, test.php still renders
<SpamapS> StrangeCharm: and still nothing in /var/log/apache2/error.log ?
<StrangeCharm> SpamapS, no, looks not
<SpamapS> StrangeCharm: there's a logical explanation of this, but the usual reasons don't seem to be causing it...
<StrangeCharm> SpamapS, there is an explanation, because computers don't act of their own accord
<linxeh_> sommer: ah ok thanks
<sommer> np :)
<StrangeCharm> SpamapS, is there any way that something knows that i created test.php, but downloaded the wordpress files?
<SpamapS> StrangeCharm: no
<SpamapS> StrangeCharm: You *could* try the ubuntu wordpress packages
<SpamapS> just to see if they work instead of the downloaded version
<SpamapS> mv wordpress wordpress-downloaded before that though
<StrangeCharm> SpamapS, is there an ubuntu wordpress package?
<cloakable> Yes, but it'll put wordpress in /wordpress rather than in the main site
<cloakable> If I recall :)
<StrangeCharm> oh, so there is
<StrangeCharm> cloakable, well, i can always move it back
<cloakable> :)
<StrangeCharm> SpamapS, the ubuntu package gives me http://pastebin.com/Hj1fgnYX
<SpamapS> StrangeCharm: doh
<SpamapS> there goes those recommends installs
<StrangeCharm> ?
<StrangeCharm> SpamapS, sorry, i don't understand
<SpamapS> StrangeCharm: recommended, but not 100% *required* packags are installed by default
<SpamapS> you probably don't need dovecot
<SpamapS> StrangeCharm: add --no-install-recommends to your apt-get line
<linxeh_> apologies if this is touching on religious ground - but is there any group calendar server software available in lucid, that can be accessed over a network (ideally ssl) to clients such as MS outlook ? :o
<SpamapS> actually probably already installed and just dovecots are broken. :(
<SpamapS> linxeh_: its actually a point of much interest for the current release cycle
<linxeh_> I've been looking at egroupware and zimbra, but they seem a bit heavy handed (using dovecot atm for the mail)
<linxeh_> and with the apple caldav server being opensource etc, though not found any really supportable packages for that yet
<StrangeCharm> SpamapS, it still tries and fails to install dovecot
<SpamapS> linxeh_: I saw Kolab suggested but I think its kind of big too
<SpamapS> StrangeCharm: apt-get remove dovecot-common
<uvirtbot> New bug: #585026 in clamav (main) "freshclam won't execute /etc/clamav/onupdateexecute.d scripts" [Undecided,New] https://launchpad.net/bugs/585026
<StrangeCharm> SpamapS, then try again?
<linxeh_> this kind of thing https://wiki.edubuntu.org/CalendarServer
<linxeh_> SpamapS: yes, I looked at kolab but it seemed like the wrong solution for me
<StrangeCharm> SpamapS, now wordpress doesn't complain during the install
<StrangeCharm> however, going to /wordpress downloads a file for me, rather than rendering a page
<SpamapS> StrangeCharm: after install, did you restart apache2 ?
<StrangeCharm> SpamapS, no, i'll do that now
<StrangeCharm> SpamapS, i'm still downloading a file
<uvirtbot> New bug: #585027 in multipath-tools (main) "Race condition with dmsetup causes 'map already present' messages" [Undecided,New] https://launchpad.net/bugs/585027
<SpamapS> StrangeCharm: is the file the contents of index.php ?
<StrangeCharm> SpamapS, roughly. it's a file called download.php, and it claims to be the wordpress master file that loads whatever other file is needed for the page
<hggdh> smoser ping
<smoser> hggdh, yo
<hggdh> smoser: ok, I confess. I cannot get the bloody vmbuilder to build for ec2
<hggdh> smoser: so... how do they do it? I installed python-vm-builder and -ec2
<smoser> i'm consused as to what you're after. you want to build a ec2 vm ?
 * SpamapS wonders if the FilesMatch isn't working the way it should
<hggdh> smoser: yes, this was my intention...
<SpamapS> StrangeCharm: try creating a file, /etc/apache2/conf.d/something.conf   with this line:
<SpamapS> AddType application/x-httpd-php .php
<smoser> hggdh, i have not actually done this with vmbuilder 0.12 . the nightly builds use 0.11. the code that invokes it is at https://code.launchpad.net/~ubuntu-on-ec2/vmbuilder/automated-ec2-builds
<LinuxAdmin> hi all
 * SpamapS is a bit confused at the use of FilesMatch which seems.. more confusing
<smoser> hggdh, that said, why do you want to do that i wonder ?
<LinuxAdmin> I'm configuring ocfs2 file system
<hggdh> smoser: verifying a bug that states cannot build ec2 images ;-)
<smoser> is there something insufficient with the existing images ? i find it generally easier (and faster) to start with that base image and modify it.
<LinuxAdmin> although I get no error I'm missing something
<smoser> hggdh, ah. well, then.
<smoser> :)
<hggdh> which, I guess, I *am* confirming
<LinuxAdmin> isn't supposed that any file change be replicated through all the servers?
<StrangeCharm> SpamapS, do i need to activate it in nay way, or can i just restart apache?
<LinuxAdmin> I mean, if i create a new file in on machine of the cluster, it should be visible on the other node of the cluster, because we're talking about a shared storage. wright=
<StrangeCharm> SpamapS, just restarting apache doesn't solve the problem
<LinuxAdmin> wright?
<LinuxAdmin> when I create a file on one of the nodes, I can't see it on the other node
<LinuxAdmin> I've got the same config on both
<LinuxAdmin> can someone help me?
<LinuxAdmin> is there any other channel where I should post?
<tyska> hi guys
<tyska> im having troubles with node registration in UEC. I cant register my node, when i run euca-describe-availability-zones verbose i get 0/0
<tyska> someone can help me?
<tyska> additionally my nc doesn't have the nc.log, despite the eucalyptus-nc service is running
<SpamapS> StrangeCharm: I'm at a loss. This really makes no sense at all.
<smoser> tyska, you're on 10.04 ?
<tyska> yeah
<smoser> could you please open a bug ? ubuntu-bug eucalyptus-common
<smoser> please answer yes to 'attach logs'
<StrangeCharm> SpamapS, this is most frustrating. the problem persists after reinstalls
<tyska> i had the UEC working with 9.10, then i decided update my UEC
<smoser> this is something we've seen, but dont have a bug for. we need to address it.
<StrangeCharm> SpamapS, that is, os reinstalls
<tyska> ok
<tyska> where i open a bug?
<binBASH> tyska: I had the same
<binBASH> deregister and register the cluster controller again fixed it for me
<tyska> the cluster?
<tyska> hmm
<tyska> i do it with the node
<tyska> deregister and register the node
<tyska> i will try with cluster
<SpamapS> StrangeCharm: may be time to open a bug if a brand new install can't run from the packaged wordpress
<tyska> binBASH: your UEC is working with ubuntu 10.04?
<smoser> tyska, run it on the CC
<StrangeCharm> SpamapS, where should the bug go? wordpress? lamp? tasksel? php?
<smoser> (the ubuntu-bug)
<SpamapS> StrangeCharm: not sure
<tyska> smoser: oh ok
<smoser> and i will second that you might have success with deregister and register of node
<smoser> but please open bug (first)
<tyska> smoser: i've tried deregister and register the cluster, now im rebooting
<SpamapS> StrangeCharm: take a look in /usr/share/doc/wordpress before you do anything else
<SpamapS> StrangeCharm: start with README.Debian
<binBASH> tyska: Yup, it was
<binBASH> I switched to simple kvm virtualization though
<binBASH> don't need a cloud really
<tyska> smoser: deregister and register cluster does not worked! =(
<tyska> smoser: now i already did the ubuntu-bug that you said
<tyska> smoser: it's very weird, because i run euca_conf --register-nodes NODE_IP, receive a success message
<tyska> smoser: but when i run euca_conf --list-nodes i receive nothing
<bkingx> How do I set the landing directory on a chroot'ed sftp server?
<smoser> tyska, i'm really sorry. i don't really have more suggestions atm
<tyska> smoser: =(
<tyska> smoser: ok, thanks anyway
<smoser> thank you for opening the bug.
<binBASH> tyska: Here I deregistered all nodes via euca_conf then deregistered the cluster controller, registered the cluster controller again and also readd the nodes.
<tyska> smoser: you're welcome. i hope with it, the problem can be found.
<binBASH> but I didn't use webiface
<tyska> binBASH: im trying everything
<binBASH> just euca_conf
<tyska> binBASH: the sad is that i have all working with 9.10
<binBASH> like mine ;)
<binBASH> You describe exactly what I have encountered
<tyska> binBASH: but now i cant use UEC with ubuntu 10.04 =(
<binBASH> tyska: I was able to use it with what I described ;)
<tyska_> binBASH: i run euca_conf --deregister-cluster 192.168.1.1
<tyska_> binBASH: receveid this message: SUCCESS: cluster '192.168.1.1' successfully deregistered.
<tyska_> binBASH: and the run euca_conf --list-clusters
<bogeyd6> what is the name of the proggy that allows you to send ssh commands to multiple servers at once
<smoser> tyska_, that shows none ?
<tyska_> binBASH: and received:  registered clusters:    c3cluster2  192.168.1.1
<smoser> ah. ok.
<smoser> and then you register node and nothing
<smoser> right ?
<tyska_> o.O
<tyska_> smoser: yeah
<tyska_> if i register a node, i have success message but no nodes are showed with --list-nodes
<smoser> do you have important data here ?
<smoser> or images/instances ?
<binBASH> bogeyd6: ClusterSSH
<tyska_> smoser: no
<bogeyd6> pssh
<bogeyd6> binBASH, thanks
<binBASH> 19:30 < binBASH> tyska: Here I deregistered all nodes via euca_conf then deregistered the cluster controller, registered the cluster controller again and also readd the nodes.
<smoser> i'd recommend trying: sudo eucalyptus stop CLEAN=1 && sudo eucalyptus start CLEAN=1
<smoser> wait
<tyska_> binBASH: but i cant deregister the cluster
<binBASH> for me it did work then
<smoser> sudo stop eucalyptus CLEAN=1 && sudo start eucalyptus  CLEAN=1
<tyska_> binBASH: i run the command and the cluster is still there
<smoser> and same with the eucalyptus-nc
<tyska_> smoser: i will try it
<tyska_> smoser: progress, --list-clusters showed nothing
<smoser> :)
<tyska_> smoser: now i will run the same command in the nc
<smoser> yeah:  sudo stop eucalyptus-nc CLEAN=1 && sudo start eucalyptus-nc CLEAN=1
<tyska> smoser: there is one thing very weird
<tyska> smoser:  my cc.log there is nothing writed since may 20
<tyska> smoser: is that normal?
<smoser> probably no.
<smoser> that is the symptom we're seeing
<smoser> in a fresh install cc.log will not even exist.
<smoser> wait.
<smoser> maybe i've seen this with nc.log
<smoser> ugh.
<uvirtbot> New bug: #585067 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/585067
<bkingx> How do I set the landing directory on a chroot'ed sftp server?
<tyska> smoser: i think cc.log always exist, including it is update all the time
<tyska> s
<uvirtbot> New bug: #452219 in samba "SMB Browser Printer Queues Not In Alphabetical Order" [Undecided,New] https://launchpad.net/bugs/452219
<SpamapS> ohnoes
<sommer> heh
 * ccheney bbl, headed to austin
<SpamapS> so.. I'm working on this https://blueprints.launchpad.net/ubuntu/+spec/server-maverick-uds-web20-workloads spec
<SpamapS> at the UDS session we presented conflicting package lists and concepts..
<SpamapS> at the session we all agreed that we should push for libmemcached based solutions..
<SpamapS> but none of the listed language bindings are libmemcached based..
<SpamapS> worse, none of the libmemcached based language bindings except php5 are even in debian/ubuntu...
<SpamapS> Wondering if I should rethink having all of the language bindings in main.. given that they will be new packages.. :-P
<savid> I have a pool of web servers for which I need to keep media files (images, etc) in sync.   Is there a way to automatically monitor a directory for changes, and then sync those changes with the server pool?
<binBASH> savid: use drbd
<SpamapS> thats pretty low level
<binBASH> or something like shared storage example glusterfs
<SpamapS> and not active/active last I checked
<SpamapS> savid: gluster is an excellent choice
<SpamapS> its in universe in lucid, and works great
<binBASH> I'm using glusterfs myself ;)
<SpamapS> binBASH: how long have you been using it?
<SpamapS> https://blueprints.launchpad.net/ubuntu/+spec/server-maverick-cloud-gluster  .. I'm drafting that btw.. ;)
<SpamapS> actually I think its about ready for review
<binBASH> Not long. Just from 3.x
<SpamapS> Hopefully w/ Maverick we'll be able to build nodes in the cloud that automatically mount/export gluster volumes
<binBASH> SpamapS: Here I run a geoip based setup with gluster
<SpamapS> binBASH: *nice*
<SpamapS> binBASH: so your storage volumes are spread out over multiple data centers?
<binBASH> some varnish servers which loadbalance some webservers. Clients are sent to the varnish hosts via geoip dns
<binBASH> SpamapS: No
<SpamapS> that would be pretty cool though. ;)
<binBASH> I have here only 100 Mbit gluster though :p
<SpamapS> savid: the simplest way btw, if you just have 2 or 3 servers, is choose one as the write-master, and just rsync to the others periodically.
<SpamapS> savid: but if you have millions and millions of files, that won't work too well
<SpamapS> binBASH: are you using the packages from lucid or your own?
<binBASH> so the varnish cache the small files in local storage
<binBASH> SpamapS: gluster from lucid
<savid> SpamapS,  the main requirement is to have it sync whenever there are changes
<SpamapS> binBASH: its good to know its already getting usage. :)
<binBASH> the varnish I packaged myself, because the ones from lucid are a bit broken
<SpamapS> savid: yeah, you probably want gluster
<SpamapS> binBASH: do tell?
<binBASH> SpamapS: Well the ones at lucid (2.1.0) have some issues with esi.
<savid> What's the difference between glusterfs and gluster-platform?
<binBASH> the varnish developers recommended me to use 2.1.2
<SpamapS> savid: gluster-platform is a management node to help you setup gluster
<jeiworth_> hi guys, i am trying to set up pure-ftp on a server behind an internet router using an alternative port but i am having problems connecting fromthe internet since it appears that pure-ftp sends the local ip back to the client which obviously doesn't work :-/ another problem is that if i use the standard port, for some strange reason pure-ftp doesn't chroot the users although correctly configured, using the alternative port it works!?
<SpamapS> binBASH: is that a known bug or just something you ran into?
<binBASH> SpamapS: Like, I said the developer told me that is a known bug.
<binBASH> it's not a special under ubuntu bug :p
<binBASH> the varnish release has that bug
<savid> hmm..  I'm not sure exactly where my starting point is..  gluster-platform seems pretty low-level, I mean it's talking about making disks bootable, etc...     I'm running my sites on  virtual servers,  so not sure if that's applicable or not
<binBASH> savid: Just install glusterfs-server
<binBASH> it's very easy to setup
<savid> k
<binBASH> savid: http://www.gluster.com/community/documentation/index.php/Storage_Server_Installation_and_Configuration
<binBASH> I setup mine, on 6 nodes within 10 minutes.
<savid> binBASH, So do I do one server,  and a client for each node?
<binBASH> savid: If you want to use only the storage of one server.
<binBASH> if not you can run server on each node, and have the storage in raid 10
<binBASH> then you have failover + redundancy
<binBASH> also more server nodes give more speed
<savid> ah, ok
<tyska> smoser: can you see my logs and conf files and see if you find something wrong? You can found all here: http://forum.eucalyptus.com/forum/no-nclog#comment-11351
<smoser> tyska, did you open a bug ?
<tyska> smoser: the command ubuntu-bug?
<smoser> yeah
<tyska> yeah i've opened.
<smoser> number ?
<tyska> i dont know
<tyska> wait a minute, i will send you the link
<tyska> the link is https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+filebug/egx0regnhFORcAJyCYITaE8R4Vg?
<tyska> i cannot access because i dont have an account
<smoser> oh. well, that doesn't open a bug then.
<smoser> :)
<smoser> you have to then fill out the bug report.
<smoser> ubuntu-bug just collects information and directs you on where to go
<smoser> i'd really appreciate it if you could create an account and file the bug.
<tyska> smoser: hmm, then i will do this
<smoser> and please link to this trehad in the bug report
<tyska> smoser: i dont know why, but now i get it work
<smoser> yeah :-(
<tyska> smoser: finally get the node registered
<smoser> please do open the bug and link to that thread. thats the only way we're actually going to get it fixed in lucid.
<tyska> smoser: that's right, i will do this now
<zul> SpamapS: maybe get it into universe first and go from there
<binBASH> savid: Did you setup glusterfs now?
<savid> binBASH,  nope, I went to lunch :-)
<binBASH> ahh :p
<SpamapS> zul: yeah thats what I'm thinking too.. its far more important that we get the right things in than we get the wrong things into main.. so I'm wondering if we should just let the other ones stay in universe
<savid> binBASH, now I'm reading the docs to try and get a handle on how it works
<SpamapS> lunch.. what a good idea
<zul> SpamapS: probably...i wonder how many people use it though
 * binBASH had lunch some hours ago ;)
<savid> lunch -- it's the new breakfast
<SpamapS> zul: memcached or libmemcached?
<zul> SpamapS: either or
<SpamapS> zul: memcached is in every single web shop I've talked to for the last 3 years
<SpamapS> zul: it has become ubiquitous
<binBASH> SpamapS: What a surprise :P
<zul> SpamapS: meh ;)
<SpamapS> in fact, "use something like memcached" has become one of those LAMP best practices that you get tired of hearing about at LAMP meetups/conferences
<binBASH> too bad ubuntu has not s3fs yet
<tyska> smoser: its done
<tyska> smoser: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/585108
<uvirtbot> Launchpad bug 585108 in eucalyptus "Problems with node registration" [Undecided,New]
<smoser> thank you
<SpamapS> google for "memcached appliance" ... at least 5 companies have created them. Once people are quitting their day jobs to create things around a technology.. it has achieved ubiquity. :)
<tyska> smoser: you're welcome
<SpamapS> like spam filtering in the early '00s
<tyska> smoser: i have another doubt, now on the manage of the cloud
<tyska> smoser: ive used a centos 5.4 image to create a instance
<tyska> smoser: how can i know what is the user of this image?
<smoser> you mean what user launched the image ?
<tyska> smoser: no, what user i need to use to login into the instance via ssh
<smoser> theres no magic
<tyska> smoser: in the uec ubuntu images, i use ssh -i mykey.priv ubuntu@IP
<smoser> if you didn't configure a user, then there is no user
<tyska> smoser: but how i configure a user?? I've downloaded the image from the tab extras on web interface of the cloud
<tyska> smoser: then i try to login with ssh -i mykey.priv IP, without user, then it ask for password
<smoser> oh.
<smoser> i'm sorry.
<smoser> its probably root then.
<smoser> if it came from eucalyputs
<smoser> i've not used that much.
<smoser> i'm generally unfamiliar with web UI.
<smoser> i thought you were saying you created the centos image yourself.
<tyska> smoser: ok, will try with root
<tyska> smoser: are you there?
<smoser> i'm here.
<tyska> smoser: worked with root! =D
<tyska> smoser: thanks
<uvirtbot> New bug: #585121 in bind9 (main) "rndc.key permission denied" [Undecided,New] https://launchpad.net/bugs/585121
<tyska> smoser: now im having problem with EBS volume, i attached it, create a partition with cfdisk, but i cant mount it
<tyska> smoser: it saids i need to specify a filesystem. What is the default filesystem type for Linux?
<ChmEarl> tyska, mount  -o offset=32256
<ChmEarl> if that fails, try offset=16384
<tyska> ChmEarl: mount: you must specify the filesystem type
<ChmEarl> tyska, use what you had before but add the option
<ChmEarl> still fails with the option? then check fdisk on the volume, and get the cylinders and size
<tyska> ChmEarl: i've used just adding the option
<tyska> ChmEarl: the number of cylinders is 10240
<xperia> hello to all. i have big problems to install the new ubuntu-server LTS edition on a Proliant ML530 G2 Server. it say me allways it can not find the Network Interface. Need to return to Network Recognisation Step to load some Kernel Modules but this dont help
<xperia> sound like a hardware recognisation failure. have aborted the install process now and landed in the terminal modus.
<ChmEarl> tyska,  use fdisk -l -u dev  (and get the sector size and start)
<xperia> can anybody help me with this Problem
<SpamapS> xperia: do you know what chipset it uses?
<smoser> tyska, in the instance, when you get an ebs volume, you get an empty disk
<tyska> already solved
<smoser> so you have to partition it (cfdisk / fdisk / sfdisk ... )
<smoser> ok.
<smoser> yeah, mkfs.ext3 or mkfs.ext4
<tyska> yeah
<tyska> mkfs.ext3 solved my problem
<tyska> tks anyway
<smoser> or if you want to see if you can lose your data mkfs.btrfs
<smoser> :)
<tyska> smoser: how can i install LAMP in my EBS? i found a page teaching how to install but using debian
<smoser>  i can't really help you with how to install centos lamp stack, sorry, its just not my expertise ;)
<xperia> Spamaps: have saved the install debug log but to see what exact the problem is but the information are shown too fast. tryed cat with | less but less dont exist on the cdrom
<smoser> but if you wanted a generally functiona lampstack, i would suggest getting the uec image from uec-images.ubuntu.com/releases/lucid
<smoser> then 'apt-get update'
<smoser> and tasksel
<smoser> select "LAMP Server"
<xperia> and i dont know how to find out the type of the network card. maybe dmesg ?
<cloakable> lspci
<JanC> dmesg or lspci should both work
<JanC> with lspci it's less scrolling  ;)
<xperia> okay will try that but what can i doo to see the output only page by page. normally i use less for that
<JanC> you can try more
<xperia> okay lspci has outputed some information
<xperia> Host Bridge: Broadcom CMIC-HE ( Rev 22)
<tyska> smoser: not centos, i wanna install LAMP on ubuntu
<xperia> ISA Bridge: Broadcom CSB5 Southbridge (rev 93)
<smoser> well, follow above.
<tyska> smoser: but dont know how to do this on a EBS volume
<smoser> i dont know what that means "on an EBS volume"
<savid> binBASH, I'm still confused about how I should be setting up glusterfs.   Am I supposed to set up NFS on all my servers?
<tyska> smoser: look this http://open.eucalyptus.com/wiki/install-service-ebs-volume
<binBASH> savid: No ;)
<tyska> smoser: instances are transient, if i install LAMP on a instance of ubuntu image, when the instance terminate, or when the cloud machines are turned off, i lost all my files and configuration
<cloakable> xperia: You'll want one with Ethernet in the line
<binBASH> savid: You just run the client to mount the share
<xperia> cloakable: strange thing is it dont exist such a line in the output but i am able to ping the server
<cloakable> xperia: hmmmm
<cloakable> odd
<cloakable> what does ifconfig say?
<savid> binBASH,  oh I see -- so the server sets up the share and the client mounts the share
<xperia> and the ethernet lamps do light up when i plugin the ethernet cable. one moment i will see what ifconfig output
<binBASH> savid: Yup
<xperia> cloakable: ifconfig does not exist :-(
<xperia> any other suggestion
<smoser> tyska, the general process shown there will probably work.
<tyska> smoser: yeah, but i will install debian squeeze. do you know some way to install lucid instead?
<smoser> s/squeeze/lucid/
<xperia> okay with dmesg | more i have found now some lines that are related to the network
<cloakable> aha
<xperia> TCP Cubic registered
<xperia> Net registered protocol  family 10
<cloakable> hmm
<xperia> lo: disabled Privicy extensions
<xperia> Net registered protocol family 17
<xperia> Using IPI no shortcut mode
<xperia> that is more or less all
<SpamapS> xperia: there's no ethernet adapter listed in lspci, that would explain why the system can't find the driver... are there any "unknown", or similar, lines ?
<SpamapS> oh my
<xperia> will look again but i did not find any line that would have words like "eth" or net
<SpamapS> xperia: is that a very old server?
<xperia> it has a 3ghz xeon Processor 6 GB Ram
<xperia> and a lot of Harddisk space
<xperia> buyed it over ebay for 60 USD :-)
<xperia> it works great. had windows on it
<SpamapS> xperia: I'm asking because HP's site has no drivers past RHEL4
<xperia> i have read on the ubuntu forums that other people have succesfull installed ubuntu
<SpamapS> xperia: but, according to specs, it should have an e1000 or tg3 .. which are pretty typical adapters for the time
<SpamapS> Maybe its disabled in the BIOS?
<xperia> on the "Proliant ML530 G2" server
<xperia> hmmm okay will check out the Bios then
<xperia> SpamapS: Bingo ! you was Right ! Compaq NC3163 Fast Ethernet  NIC deactivated
<SpamapS> xperia: ^5
<savid> binBASH,  so, do I even really need a glusterfs client?  If all I'm doing is keeping files in sync accross the pool,  shouldn't that work as long as I have the just the glusterfs server installed on all servers?
<SpamapS> savid: no
<SpamapS> savid: you need the client to mount the exported filesystem
<savid> I'm still confused then.
<SpamapS> savid: it doesn't "keep the files in sync"
<savid> The directories that contain the files already exist
<SpamapS> savid: it is a clustered filesystem, the data is spread out over all servers
<savid> SpamapS,  ok,  then maybe glusterfs is not what I need
<savid> oh
<savid> I see.
<SpamapS> savid: so there is a single filesystem that appears the same on all servers
<killown> ldapsearch: not compiled with TLS support .. ldap from ubuntu lucid... do i need compile ldap to get TLS support? i don't understand why ldap from ubuntu-server 10.04 has no support for
<savid> SpamapS,  Ok,  so I would have a client and server on every server?
<SpamapS> savid: if you so choose.. you can, of course, have more clients than storage servers.
<SpamapS> savid: or more storage servers than clients
<savid> So,  I guess I need to make sure the "volume" that I set up on each server is set up using the same parameters?
<savid> ie, when I do glusterfs-volgen
<SpamapS> savid: you need to read the manual. :)
<SpamapS> savid: like, the whole thing. :)
<SpamapS> http://www.gluster.com/community/documentation/index.php/Storage_Server_Installation_and_Configuration
<SpamapS> at least chapters 1 and 2
<savid> Yeah,  I did read through that....
<savid> oooh I think I see now
<SpamapS> savid: and then this one too: http://www.gluster.com/community/documentation/index.php/Client_Installation_and_Configuration
<uvirtbot> New bug: #585053 in ntp (main) "no user interface to configure whether time synchronisation is always made on establishing the network connection." [Low,Triaged] https://launchpad.net/bugs/585053
<savid> I run the daemon on each server,   and then run volgen once and that sets up the volume that's distributed across all servers?
<SpamapS> savid: right
 * savid 's light bulb finally goes off
<SpamapS> savid: you can put the "client volume file" on all the servers, and then when you point clients at it (mount -t glusterfs server_ip /mnt/clustered_data) it will "just work"
<SpamapS> one thing I don't know is how to handle adding/subtracting servers
<xperia> question. does anybody know where to download the the cd rom image "SmartStart V5.5"
<xperia> have set the Bios Password and full forget it now
<xperia> for the server :-(
<SpamapS> xperia: http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3285467&prodTypeId=15351&prodSeriesId=316545&swLang=8&taskId=135&swEnvOID=2025
 * SpamapS should definitely have bit.ly'd that doh
<lenios> hp website is not SEO
<tyska> smoser: do you know how can i use VNC to connect in the instances?
<MTecknology> !samba
<ubottu> Samba is the way to cooperate with Windows environments. Links with more info: https://wiki.ubuntu.com/MountWindowsSharesPermanently and https://help.ubuntu.com/10.04/serverguide/C/windows-networking.html - Samba can be administered via the web with SWAT.
<SpamapS> lenios: Search Engine Optimized? HP's website is better, it is SGWSO (Super Genius Web Surfer Optimized!)
<xperia> SpamapS: woow you are great man. need to learn how to search better in google. just downloading it at the moment. very slow however
<xperia> bookmarked the site just in the browser. looks like need to flash the bios tooo
<SpamapS> xperia: that bookmark probably won't work after a while
<SpamapS> HP's website is weird that way
<lenios> oh, you bookmarked it, you could have just remembered the url
<SpamapS> google "Proliant ML350 G2" was enough
<SpamapS> lenios: I dare you to remember the *hostname* of that url tomorrow. ;-)
<xperia> hmm i have searched for SmartStart V5.5
<SpamapS> xperia: with HP, its all centered around your model number
<lenios> maybe it's easier to remember the ip
<xperia> hope to remember the password again for the server. i wanted it to write it down but thinked ehh this thing i can remeber in some hours later without any problems and now exactly i cant remeber that thing
<smoser> tyska, you cannot without hacking
<smoser> or enabling vnc server in the guest
<smoser> (ie, installing vnc server and running one)
<savid> hmm,  I don't see the command glusterfs-volgen in ubuntu
<bondiblueos9> is there output to the serial port during boot?
<SpamapS> bondiblueos9: you'd need to setup a serial console in grub to do that.
<SpamapS> bondiblueos9: you can add it to the commandline for the kernel.. console=ttyS0,115200n8 .. make sense?
<bondiblueos9> what sort of interface would it give me? I mean, would it be a full terminal? would I be able to see all the services starting up (or failing to start up)? if it boots but ssh or the network is down, will I have a full terminal?
<SpamapS> bondiblueos9: if you set the console to the serial port, then instead of the keybaord/monitor, you get all the boot messages on the serial port.
<bondiblueos9> ok; do I set that in grub.conf? can I have both ther serial port and the monitor?
<MTecknology> So... An Ubuntu client can connect to an Ubuntu Samba server - A Windows 7 client can connect to it and see shares - but can't connect to any of the shares. Any ideas what I'm missing here?
<tyska> smoser: if i install vnc server on the instance and run it, should i get connect directly or i have to do something else?
<savid> SpamapS,  is the glusterfs-volgen command supposed to be included with gluster-server ?
<bondiblueos9> of course, now that I went and got the montior, cleared off space to set it down, and hooked it up; ssh is working fine
<SpamapS> savid: dpkg -S `which glusterfs-volgen`
<SpamapS> glusterfs-client: /usr/bin/glusterfs-volgen
<SpamapS> savid: technically you don't need -volgen to run a server.. so it makes sense it would be in the client package
<savid> SpamapS,  I have glusterfs-client installed... odd.
<savid> no /usr/bin/glusterfs-volgen
<SpamapS> savid: on lucid?
<SpamapS> savid: dpkg -L glusterfs-client ..
<SpamapS> .. not included ;)
<StrangeCharm> apache is telling me that it can't reliably determine my server's fqdn, even though i have a servername set in my vhost file. what's going wrong?
<savid> http://dpaste.com/198734/
<savid> SpamapS,  I'm on 9.10
<SpamapS> StrangeCharm: run 'hostname -f' .. if there are no .'s in there.. you don't have a real server fqdn.
<SpamapS> savid: *ahh*
<lenios> StrangeCharm, maybe /etc/hosts is wrong
<StrangeCharm> SpamapS, that command returns "hostname: Name or service not known"
<SpamapS> savid: consider going to 10.04 .. seeing as it will be supported longer, and includes glusterfs 3.0, which is what you really want at this point.
<StrangeCharm> lenios, i'm not sure what to do with /etc/hosts
<savid> SpamapS,  hmm..  is it difficult to do a dist upgrade?  will anything get messed up?
<lenios> you should have your hostname is there associated to your ip
<SpamapS> savid: it *should* work fine, but it might break stuff.. so if the boxes are already production.. I'd be cautious.
<lenios> in*
<savid> hmm
<StrangeCharm> lenios, if there are multiple subdomains, should they be listed independently?
<SpamapS> savid: the usual "do a full backup first" disclaimer should be enough to keep you safe. ;)
<SpamapS> savid: also backporting wouldn't be all that hard.
<lenios> only the domain, i guess
<StrangeCharm> lenios, what if multiple subdomains map to other hosts?
<lenios> i didn't go that far, use a search engine on how to configure /etc/hosts
<StrangeCharm> fair enough
#ubuntu-server 2010-05-25
<tauren> I cannot perform any write operations on my drive anymore. This is a KVM host. Other KVM hosts on the server are operating properly.
<tauren> I tried stopping the host (virsh shutdown hostname),and it stopped.
<tauren> But now it won't start back up:  virsh start hostname says: "error: failed to create logfile /var/log/libvirt/qemu/hostname.log: Read-only file system
<SpamapS> tauren: maybe you need to fsck it?
<tauren> And trying "sudo fsck /dev/vol/partitionname" returns with "Superblock invalid"
<tauren> fsck.ext2: Bad magic number in super-block while trying to open /dev/mapper/vol-hostname
<tauren> The superblock could not be read or does not describe a correct ext2
<tauren> SpamapS, that's what I'm thinking too. Any ideas why fsck would fail?
<tauren> again, the rest of the server is working fine, so I think its related to just this one partition.
<SpamapS> I've not done such things with kvm.. but I'd suspect there's a partition table on the lvm block device maybe?
<tauren> hmm, maybe so. not sure how to check that.
<tauren> SpamapS, yeah, from my notes I built it with a root, swap and /var partition
<tauren> so do you know how I would run fsck on those partitions from the host system?
<SpamapS> tauren: maybe kpartx?
<tauren> ah, yes. it's been years since i used that. I'll have to figure it out again. thanks for the idea!
<SpamapS> http://ubuntuforums.org/showthread.php?t=1262207
<SpamapS> got the idea from that
<tauren> thanks, looks like that will help
<tauren> I have a remote ubuntu 9.10 server and I need to run fsck on its partitions. Do i have to physically go to the server with a recovery CD, or can I remotely change to single user mode, run fsck, then switch back to normal operation?
<bogeyd6> tauren you can reboot into safe mode with ssh
<bogeyd6> its on the server guide
<bogeyd6> g2g
<tauren> bogeyd6, I'd like to force fsck to run at boot, but my drive is read-only now, and I can't change /etc/default/rcS or touch /forcefsck
<tauren> bogeyd6, sorry, misread your post. I'm not finding info in the server guide about doing that. Without write access on my drive, how would I remotely reboot into safe mode with ssh?
<cybrocop> Hello all, I'm having libvirt problems. Can anybody help me?
<jiboumans> cybrocop: best to just ask your question. The local expert is soren though who should be soon asleep right now  (he's in CEST)
<cybrocop> jiboumans: Here is my issue http://open.eucalyptus.com/forum/libvirt-operation-failed-failed-retrieve-chardev-info-qemu-info-chardev#comment-11359
<cybrocop> I'm also discussing this on #eucalyptus, but they are puzzled as well. This is I guess more of a libvirt issue than eucalyptus anyway
<uvirtbot> New bug: #585208 in openldap (main) "slapd becomes non-responsive after several weeks runtime" [Undecided,New] https://launchpad.net/bugs/585208
<SamuelPeterson> I ran "sudo ifconfig eth2 hw ether 00:00:00:00:00:10" on a computer to spoof it's mac address, but it returned "siocsifhwaddr: too many open files in system." I had eth2 down before doing this. I ran ifconfig and the mac did change, but I can not connect to any networks.
<SamuelPeterson> Would anyone happen to know what the issue is?
<uvirtbot> New bug: #585212 in apache2 (main) "Apache2 userdir does not like encrypted home directories" [Undecided,New] https://launchpad.net/bugs/585212
<solarion> question: how do I change the upgrade policy to make sure to stya with LTS releases?
<solarion> /etc/update-manager/release-upgrades Prompt?
<ScottK> solarion: If you are on an LTS release you won't be automatically offered the chance to upgrade except to the next LTS.
<solarion> aah, ok
 * solarion is a fan of things Just Working. :)
<solarion> in 2 years hopefully I'll be buying the 12-way Atom nettop. :)
<solarion> with 128GB RAM
<solarion> thanks
<ScottK> solarion: If you want to check, that file should have "Prompt=lts"
<solarion> yeah, that's what it has
<ScottK> (if you're on an LTS)
<solarion> yeah
<Geekman> Hi everyone, need some help regarding RAID on Ubuntu server 10.04.  I'm working with Ubuntu's software RAID 1 right now, and it works fine, however I'm running into problems when needing to partition a fresh drive to add to the array for re-building -- having just removed one of the original drives.  I've used the command sfdisk -d /dev/sdb | sfdisk /dev/sda to partition the new drive and it works fine, but I'm doubting that's going to wo
<Geekman> I'm trying to use fdisk to partition the new drive, but can't seem to create the extended partition as per the other drive -- the original drives were partitioned automatically by the installer.
<Geekman> The following shows the partition table: http://pastebin.com/ajyDieuk -- I can create the partition sda1 just fine, but then when trying to create sda2 as an extended partition, cylinder 120675 is out of range I.  I am forced to enter 120676 but this means the second partition is slightly too small and hence rejected by MDADM.
<Geekman> I've tried using sectors as the view in fdisk hoping that would be more specific, I was able to create the extended partition, but then had the same issue when trying to create the logical partition.  Is there some way I can force fdisk to do what I want?  Or is there a better utility for me to partition the drive like this?
<Geekman> Or even, is there a hardware RAID controller that someone can suggest which is compatible with Ubuntu server?
<bogeyd6> Geekman, almost any storage works card like a 400 or 420
<Geekman> What Vendor are we talking about?  I'm fairly new to Hardware RAID.
<Geekman> I was looking at MegaRAID which seems to be used by Dell servers, but it looks like the drivers only natively support SUSE/Redhat.
<twb> I wouldn't trust anything with third-party drivers.
<twb> (OTOH, lots of people seem to LIKE using ATI and Nvidia GPUs, so I'm pretty conservative.)
<Geekman> I want to obviously try and ensure that at 2am, when we are going to have to do a re-build, that things just work.  Same goes for installing a new machine, because who knows if we'll have a time crush when doing so.  So I definitely don't want to go with anything that isn't isn't natively supported, if I can help it.
<Geekman> ATI and NVidia have worked well for me in the past, but I also remember how much I had to tweak things back in 6.06, so I wouldn't use them in a production server environment.
<Geekman> So if anyone knows of a RAID card they've used with Ubuntu that "just works", I'd appreciate it.
<foxbuntu> Geekman, are you talking enterprise Cards or Desktop cards such as you mentioned?
<Geekman> Well, depends on the cost.  But it's for our servers which are about to be put in some rack space in a data centre - so I'd assume enterprise.
<foxbuntu> Geekman, i.e. Adaptec/LSI vs ATI/nVidia
<Geekman> I had no idea that the MegaRAID stuff was for desktops.
<foxbuntu> Geekman, I would assume fairly good results with many recent Adaptec/LSI Logic cards
<Geekman> Thanks man, I'll look into that.
<foxbuntu> np
<foxbuntu> Geekman, I would suggest googling the model number of the card you look at prior to purchase just to double check
<twb> Personally, I use md raid.
<Geekman> twb, you mean Ubuntu's software MDADM RAID?
<twb> It means I don't need to buy backup controllers, or worry about drivers.  The servers aren't doing anything for which I/O is critical -- just mail, file sharing, serving website, etc.
<twb> Geekman: the kernel's md layer, yes.
<Geekman> I've set that up at the moment, but as I stated above, I'm having issues with partitioning a clean drive to match the partition table correctly.
<twb> Geekman: RAID1 or RAID5?
<Geekman> Other than that, it does work fine.  But I/we just don't want to have to mess with it at 2 in the morning if it doesn't work just right.
<Geekman> RAID1
<twb> Are both disks from the same batch?
<Geekman> The disks are identical - if I use sfdisk to clone the partition table onto the fresh drive it works, but trying to use fdisk to do it manually, I run into problems.
<twb> Why are you using fdisk?  It's unmaintained.  Use something based on libparted -- parted, gparted, gnu fdisk
<Geekman> Which, if I could trust that all drives in future were identical, using sfdisk would be fine - but I obviously can't gauruntee in future that a spare drive is going to be identical.
<Geekman> fdisk is just what I've always used.
<twb> Or: how, exactly, is fdisk failing
<Geekman> http://pastebin.com/ajyDieuk
<Geekman> That's the partition table on one of the original disks.
<twb> What of it?
<Geekman> As you can see, sdb2 starts on 120675, with sdb1 ending also on 120675
<Geekman> fdisk won't let me do that.
<Geekman> It says 120675 is out of range.
<twb> Are you using the right units?
<twb> Does /proc/partitions reports that both disks are the same size?
<Geekman> I got around that by setting fdisk to use sectors instead, but ran into a similar issue when trying to setup the logical partition sdb5
<twb> In the past I've found e.g. 250GB drives varying in size by a few MB.
<Geekman> Just a sec, SSHing in to check /proc/partitions.
<Geekman> I do recall sfdisk reporting that both drives had the same cylinder count, though.
<Geekman> So you said fdisk is out of date, is there any of the utilities you listed that you can suggest to replace it?
<Geekman> I always assumed gparted was GNOME parted and hence required a GUI - don't have one of those.
<twb> C/H/S is totally meaningless in a modern system
<twb> gparted is a GUI for libparted; parted is a CLI for it.
<twb> The parted UI isn't very nice, so maybe you would prefer to boot a live CD or move the disks into another host to run gparted -- I don't really care.
<Geekman> I probably would like that, but the server's don't have CD drives, so that would be a hassle.  I'll try doing it with parted and see how it goes.
<Geekman> Thanks for all your help.
<twb> I just think switching to hardware RAID because you can't partition a disk is a bit of a leap
<Geekman> I think you're right, but nobody wants me to sink any more time into trying to get it to work ok - so we figured hardware RAID would work better without a fuss.
<Geekman> But I'll take another look when I get a spare moment.
<twb> BTW, for RAID1 you don't *need* each node to be exactly the same size
<twb> md will just use the smallest
<Geekman> I know, but the way fdisk was working for me, the swap partition - sda5 always ended up being 1 cylinder too small or something.
<Geekman> Oh and for the record, both the drives are reported as being the same size in /proc/partitions.
<twb> There's usually no point RAIDing swap
<twb> Especially RAID0 -- linux swap is automatically striped
<Geekman> So, if one of the disks die at runtime, it's not going to corrupt the swap partition?  How can that be if it's not mirrored?
<Geekman> .../part of the RAID array.
<twb> I suppose so
<twb> To be honest, since 2.6 came out, I have lost faith in swap *at all*
<Geekman> Heh.
<Geekman> In terms of what?  Application crashes when they fall back to swap?
<Geekman> The only thing I want to avoid is having the OS crash because something's using swap and one of the drives has died, which has destroyed the swap.
<twb> AFAICT when my hosts start swapping, they're too fucked to respond to fork a "telinit 6"
<Geekman> I figure if the swap partition is part of the array, it'll prevent that.
<Geekman> Well yeah that's true.
<twb> So I might as well not have swap at all
<Geekman> But just because you're swapping doesn't necessarily mean that you're swapping constantly, in my experience.
<SpamapS> swap is *completely* worthless with RAM prices of today
<SpamapS> there's no server app that does well when memory page fetches take longer than 1ms
<SpamapS> even 1ms is pushing it quite a bit
<SpamapS> Geekman: I prefer to think ahead.. build a system to run at 30% capacity 95% of the time.. and the other 5%, never over 50% capacity. If you breach either of those thresholds, the system cannot stand up when the business becomes a success.
<twb> swap really means "I need more RAM than I can afford"
<twb> And as you say, RAM is pretty damn cheap now
<SpamapS> http://www.crucial.com/store/mpartspecs.aspx?mtbpoid=FF101E53A5CA7304
<SpamapS> 16G for $1400 US ...
<SpamapS> and thats 2x8G sticks
<Geekman> How have you guys found Ubuntu to handle 32-bit apps in 64-bit?  The decision was made to stick with 32-bit for now as it's only going to be a web server, we don't think any of our core servers should really need more than 4GB.
<twb> I don't run any 32-bit apps.
<Geekman> But personally I'm a little uncomfortable with being limited to 4GB.
<Geekman> You've never run into a situation where you've had to search the net because some app doesn't natively support 64-bit well?
<twb> There are only three cases where biarch is useful: proprietary software, compilers that only support -m32, and development jails.
<Geekman> I don't mind having to do that myself - it is Linux - but I guess business is business and we can't be having to do that if we need something running urgently.
<SpamapS> Geekman: you're not limited to 4G
<twb> scsh and scheme48 fall into the second category, and on some hosts I use the third.
<twb> SpamapS: yeah, but PAE is such a kludge
<SpamapS> kludge or not..
<SpamapS> its better than replacing entire working systems
<twb> Geekman: IMO your "rule of thumb" should be to use 64-bit
<SpamapS> nobody should *design* to use PAE
<SpamapS> but its certainly a decent plan B
<SpamapS> twb: depends on how you want to scale
<Geekman> PAE, I assume that's what I was reading about regarding the ability to use more than 4GB under 32-bit using some kind of emulation, albiet more slowly?
<twb> SpamapS: granted
<SpamapS> twb: 32-bit has some advantages when you need crazy high concurrency
<twb> 64-bit also means you can simply assume things like SSE2
<twb> That's less of a problem on Ubuntu, where i386 really means i686 nowadays :-/
<SpamapS> Geekman: its a small memory access trade off that allows the OS as a whole to use more than 4G, but processes still only have a limited 32-bit address space.
<Geekman> I see.
<SpamapS> twb: yeah I think as of Maverick i586 is dead in ubuntu
<twb> SpamapS: I saw the GCC changelog go through
<SpamapS> I'm sure someone somewhere is cursing their Geode SOC design. ;)
<foxbuntu> Geekman, PAE can break some apps too, although its usually poorly written apps misusing memory marshaling and threading
<Geekman> Well in our case I think that if we're hitting a wall where we need more than 4GB, it's probably time to start looking at a higher spec server overall.  I don't have the specs with me, but they're not high end.
<twb> Fortunately my Atom not-quite-SOC is x86-64.
<SpamapS> foxbuntu: PAE *exposes* buggy apps... it doesn't break them. :)
<foxbuntu> SpamapS, thats also a wa of looking at it
<foxbuntu> way*
<twb> foxbuntu: if apps were well written they wouldn't need >4 GB!
 * twb kicks the entire java community
<foxbuntu> twb, lmao
<foxbuntu> twb, im not sure thats quite the case with things like Oracle
<twb> Yeah, I know
<SpamapS> twb: SOLR is the first java server app that I trust completely... somehow, they got it right, a nd it doesn't even eat *ALL* of your RAM. ;)
<twb> I'm just sick of those kids with the mindset that making everyone buy more RAM is cheaper than their time to solve a problem properly.
<foxbuntu> twb, agreed
<SpamapS> twb: PHP devs have the same mindset. ;)
<foxbuntu> twb, many apps do not/should not require that much RAM
<twb> Especially when the first-year java lecturers explicitly TEACH that mindset >:-/
<twb> foxbuntu: Emacs is only "Eight Megabytes and Constantly Swapping"
<SpamapS> yeah they'll say things like 'RAM is 500 times faster than disk, so you should never use disk unless you absolutely must'
<twb> SpamapS: ugh.  Block caching is the kernel's job, not the apps
<SpamapS> its ok for an app to swap a little out.. I don't use the calendar in evolution, so it probably drops any bits I'm not using in swap. Its just not ok to PLAN for that.
<foxbuntu> twb, unfortunately I work in the windows world (as many do :( ), and I have seen some really bad .Net apps (yeah yeah, bear with me here) that will crush a system under load to the point where x64 can even save the system
<SpamapS> twb: tell that to InnoDB. :)
<twb> Or like the Zimbra support company that tells us "you should deploy zimbra on its own host.  Zimbra assumes that the host its on is dedicated to JUST running zimbra"
<foxbuntu> twb, more java!
<foxbuntu> twb, feed the monster
<twb> Well, Zimbra is mainly postfix and openldap.  The java is just their shitty "value added" glue
<twb> Flipping calendaring
<foxbuntu> twb, yeah, tis true, but the java magic is the main sludge in the system
<twb> Granted.
<foxbuntu> wtf?!
<foxbuntu> speaking of witch
<foxbuntu> which rather
<foxbuntu> maybe both
<foxbuntu> lol
<foxbuntu> trying to convert a VM from Xen to VMWare and it keeps imploding
<twb> foxbuntu: qemu-img convert ? ;-)
<foxbuntu> twb, its windows
<foxbuntu> :(
<twb> You poor bastard
<foxbuntu> twb, lol
<foxbuntu> something like that
<foxbuntu> doesnt help that the VM host that Xen is on is a turd machine
<twb> Tell me about it
<foxbuntu> the client expected miracles on an array of 5400 SATA disk
<twb> We have two hosts that can run KVM, but I can't use either.  One is running a Windows VM to talk to the tax office (sigh), and the other was stolen to run a flipping pppoe session (FFS!)
<twb> "modprobe kvm" on the vmware/openvz host causes the entire system to hard hang
<foxbuntu> pppoe, ugh
<foxbuntu> awesome
<twb> foxbuntu: exactly.  The pppoe could be done by a 200MHz MIPS system -- it doesn't need a 3GHz quad-core
<foxbuntu> twb, lol
<twb> But that's what was sitting on the test bench when $coworker needed a host
<twb> And we can't take it out because it's mission critical
<foxbuntu> twb, I am swaping this server over to a box with SAS 10k Spin and Dual 6-Core Opterons
<twb> Nice
<foxbuntu> yeah, gonna run much better
<twb> Hopefully not running 2k8, tho
<foxbuntu> not to mention the hypervisior wont suck either now
<twb> Or whatever the hell is the current Windows Server
<twb> Oh, right, you said vmware, so it's probably esxi
<foxbuntu> well the guests at Win 2k8, but the host is VMWare ESXi
<foxbuntu> yea
<twb> I never tried that, only "vmware server".  Gods, that's an awful piece of shit
<foxbuntu> they only have the one box, so no reason to buy ESX
<foxbuntu> VMWare server == full blow job
<foxbuntu> (and not the good kind)
<foxbuntu> ESX/ESXi are really nice
<twb> 2.x wants you to run tomcat and a client-side java app just to talk RFB
<foxbuntu> lol
<foxbuntu> if you are gonna run a bunch of *nix guests stick to KVM (or similar) but if there are any windows hosts get ESXi
<foxbuntu> er guests that is
<twb> I like qemu a lot more because I can run it entirely in userspace (including userspace networking), and it's easy to get serial or the 80x25 VGA console inside your xterm -- nice and fast, rasterizing the ascii
<twb> *no rasterizing
<twb> (kvm just being fast qemu)
<foxbuntu> yeah
<twb> All my $coworkers love vbox because it has a GUI and generally targets desktop-in-desktop virtualization :-/
<foxbuntu> yea
<twb> At least qemu 0.12 can read/write to vbox images natively
<foxbuntu> Im thinking more along the lines of bare metal hypervisor
<foxbuntu> like ESXi
<foxbuntu> though kvm really isnt either
<foxbuntu> I am just not a huge fan of the userspace VM hosts
<foxbuntu> for production systems
<twb> Yeah, I agree
<twb> I have lots of ephemeral VMs for scratch work, so userspace is simple and convenient for me
<foxbuntu> indeed
<twb> For permanent systems my preference would be for jails, or failing that a lightweight hypervisor (like xen)
<foxbuntu> yea
<foxbuntu> is the ubuntu xen kernel still around these days?
<foxbuntu> I havent looked in a long time
<twb> No idea; I'm still on 8.04
<foxbuntu> ah
<foxbuntu> I run dev on my laptop
<foxbuntu> always dive into the ver. around A2
<foxbuntu> mostly because its a PITA to deal with VMs for my little bit of devel
<twb> I run sid on my laptop because I'm not a GUI weenie :-P
<foxbuntu> lmao
<foxbuntu> while I *could* run sid, I like things that *just work* I spend too much time fixing c*&$ already
<twb> AFAICT non-LTS releases are as flaky as debian/testing
<foxbuntu> I learned on gentoo a long time ago, and that was enough of the whole build it when you need it thing for me
<jmazaredo> i need to load balance 2 backend servers (web) what could be the best on ubuntu
<twb> e.g. "oh hey, we moved openldap config into the database against upstream's advice.  HAND!"
<twb> I was running testing with a handful of sid pins, but it was too reliable and  boring. :-)
<foxbuntu> jmazaredo, define what you see as load balanced
<foxbuntu> twb, lol, ok you got me on that one, things do like to change
<foxbuntu> ...in Ubuntu
<foxbuntu> ...allot
<foxbuntu> not that I have anything against it
<twb> More to the point, they change without much discussion or testing, AFAICT
<foxbuntu> twb, no, not true
<twb> Which is actually convenient for me, because it means that Ubuntu users are on the front line, testing stupid ideas before they hit Debian/testing
<jmazaredo> balancing http request
<foxbuntu> twb, people assume that but lots of those (most) decisions get made in UDS
<foxbuntu> jmazaredo, go on, do you mean one request comes in and the next goes to another server
<foxbuntu> jmazaredo, or do you mean the load gets calculated and weighted to pick the correct server
<jmazaredo> request ----> goest ro balancer ---> spreads to two servers
<jmazaredo> like balanceNG and nginx
<jmazaredo> free balanceNG only has 1, Niginx need to configure every balance i do
<jmazaredo> can iptables do the trick?
<foxbuntu> jmazaredo, dont think for what you want it will
<foxbuntu> jmazaredo, you might be able to do it with squid
<twb> netfilter/iproute can perform some kinds of load balancing, yes.
<twb> An application-level (e.g. nginx, pound, haproxy) load balancer is more conventional.
<|corpse|> my PC must hate me, iv been trying to set up a file srver for 5 days now and i can not, for the life of me, get an istallation to work
<killown> is there any option to encrypt entire / during ubuntu-server install?
<twb> Block-level encryption is possible
<twb> I don't know the details, especially I don't know if the release you're using supports it directly in the d-i UI
<killown> twb, i need do something to not allow peoples of chroot my / partition from a live distro
<twb> Do you *really* want to encrypt the OS filesystem of a server?
<killown> twb, there is another way to block chroot instead encrypt?
<twb> Why do you want that?
<twb> What attack are you trying to prevent?
<killown> twb, i need protect the information into my system
<twb> What information?  The user data, or the OS?
<killown> i am doing a proxy solution
<killown> i thinks /etc /var
<killown> think*
<twb> Why?
<killown> twb, to not allow peoples to copy conf content...
<killown> /var for openldap
<twb> What configuration could you possibly have that needs to be protected against physical attack?
<killown> and etc for confs
<killown> twb, i am just figure out anyway to protect my conf content
<killown> twb, think about, you have a proxy solution for a vpn with 15 networks, so if you configured the master and the first network slave, why would anyone will need of you for finish the job??
<twb> If your core routers aren't behind a locked door, you're probably screwed
<killown> twb, encrypt etc and var is not a good idea?
<killown> twb, hello
<twb> Sorry, I don't have time to help you now
<killown> change the phrase for: sorry, i don't know about that.
<killown> twb, you are good for questions, but answers....
<RoyK> any idea how I can find out which swap device this is about? http://pastebin.com/Hvmg4SUY
<uvirtbot> New bug: #585264 in freeradius (main) "package freeradius-mysql 2.1.8+dfsg-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/585264
<cemc> RoyK: you have more swap devices?
<cemc> I mean more than one?
<RoyK> cemc: ubuntu 9.04 standard, somehow - /dev/ramzswap0 and a partition
<RoyK> swapping to compressed memory before using the disk
<cemc> huh? :)
<cemc> swapping to where?
<twb> RoyK: /proc/swaps?
<twb> compcache is ramzswap, so it's clearly not talking about /dev/sda2 or whatever
<twb> The 251 and 0 looks like major and minor block device numbers, so you could also ls -l /dev and look for 251,0
<RoyK> from /proc/devices 251 ramzswap0
<RoyK> wierd
<twb> Whoops, I can't modprobe ramzswap until I reboot.
<twb> Stupid ricer kernel...
<qman__> killown, encrypting your root directory won't help against online attacks of any kind, as the files have to be readable by the system in order for it to work
<qman__> it would only offer protection against attacks from physical access
<qman__> but, if you don't have physical security, you're basically screwed anyway
<qman__> I suggest you get a locked room
<qman__> it's a great option for laptops, but not so much for servers
<xperia> does anybody know how can i reset the bios password on a hp proliant ML 530 G2
<qman__> probably a better question for google, that sort of thing tends to get very hardware specific
<qman__> if it's not a simple jumper setting, anyway
<qman__> perhaps searching for a manual for that server would help
<xperia> qman: thanls for the info. looking at google since hours. thinked maybe some person is here with experience background about this topic
<qman__> yeah, sorry, never used one of those
<qman__> I've got a DL380 but I've never had to reset the BIOS
<xperia> qman: me stuipid have set extra a password for the bios and forgot it now. need to enable the netwrok card for installing ubuntu-server
<cemc> RoyK: is there any howto on setting that thing up?
<RoyK> cemc: setup what?
<xperia> qman: i was able to reset the bios password with the smartstart cd. needed to erase everything.
<qman__> ah, figured it'd take more than pulling the battery
<twb> Usually there's a jumper on the motherboard
<twb> Which is why physical security is critical
<twb> Jumper the bios password away, then change the boot device, then you have root access to the hard disks (unless there's block-level encryption).
<cemc> RoyK: nvr mind, found it
<Pirate_Hunter> I keep getting 404 error every time I try to connect to localhost through lightpd on  port 8080. lighttpd restarts without a problem so I cannot understand why I can't connect through its port can anyone suggest something
<cloakable> Pirate_Hunter: 404... not found. Check to see if your docroot exists.
<xperia> qman_: very cool ! ubuntu server LTS Edition runs now on my professional server proliant ML530G2 :-)
<xperia> qman_: is there any possibility to controll the speed of the main fans. they run allways full and poduce a lot of noice. system temperature is 8 Celcius
<xperia> so the fans dont need to run 100% when the temperature is such low
<Pirate_Hunter> maybe im doing something wrong but if I wanted to access lighttpd through my browser wouldn't it be something like httP://localhost:8080?
<lenios> xperia, aptitude show cpufreqd
<lenios> or maybe with acpi
<cloakable> Pirate_Hunter: 404 means "File Not Found" lighttpd is not finding what you pointed it at.
<lenios> aptitude show lm-sensors too
<lenios> to change fan speed
<twb> Bugger the cpufreqd package.
<twb> Current kernels default to the kernel-space ondemand governor, which is a reasonable default.
<twb> xperia: fan control depends on what kind of fan setup you have.  Sometimes it's uncontrolled, sometimes it's controlled by firmware, sometimes it's controlled by the kernel.
<twb> xperia: if the fan connects to the motherboard with only two pins, you're probably screwed.
<twb> xperia: otherwise you could find /sys/ -iname '*fan*'
<jo-erlend> how do I find all files and folders that have been created or changed during the last 30 minutes?
<twb> find -mtime -1 is "last 24 hours"
<twb> Dunno if it takes other units
<twb> Ah, -mmin 30
<pmatulis> jo-erlend: man find
<jo-erlend> -mmin did the trick. Thanks. :)
<twb> Yeah, manpage is your friend
<jo-erlend> of course I read it before I asked. I didn't understand it, that's all. :)
<jo-erlend> I'm writing a script to automate creation of a virtual machine I've created. I need to reconfigure all the services before the first boot. What I'm doing now, is to simply install the services one by one and noticing which files change as I configure them, and how they change.
<jo-erlend> any better ideas?
<xperia> twb: lenios: thanks for the tips. will report back what i have for a fan
<sommer> morning
<bogeyd6> When I put username=blah,password=blah in my fstab file for mounting a samba share in my log it says it is connecting as user nobody. How can this be?
<rgreening> kirkland: hey. In the upstart job for libvirt-bin, when it shut's down, are the currently running VM's shutdown or is there a way to make them come down gracefully?
<rgreening> rather than manually going to each VM and shutting down?
<dantti> I'm looking for a web tool to handle virtual machines (KVM or Xen), but one important thing would be that it has webbrowser plugins like VmServer (since I'm moving from it), does some one knows a tool that has something like that?
<dantti> I'm trying openQRM but it's not populating my postgres db.. :/
<fairview_> Thank you sommer for creating the ubuntu server guide.  very helpful
<sommer> fairview_: welcome :-) glad it helps
<fairview_> I have lots of learning to do so it will
<Knifa> PHP is disabled by default for Apache 2 user directories. Despite following the instructions to re-enable it again, PHP files still don't work in user directories. I followed these instructions: https://wiki.ubuntu.com/UserDirectoryPHP
<Knifa> Am I missing anything out?
<Knifa> It tries to make me download the file instead of running it.
<Knifa> But PHP works fine in the root web folder.
<ivoks> did you restart apache?
<Knifa> yes
<Knifa> about eighty times.
<Knifa> but it doesn't make a difference
<ivoks> and it offers downloading .php file
<ivoks> ?
<Knifa> yes
<Knifa> rather than processing it
<Knifa> but it processes it on /var/www
<ivoks> which ubuntu?
<ivoks> version
<Knifa> 10.04
<ivoks> paste /etc/apache2/mods-enables/php5.conf to pastebin
<ivoks> enabled
<Knifa> http://pastebin.com/KWs66qyd
<Knifa> I tried setting it it to On with it uncommented
<Knifa> but that didn't help either.
<ivoks> do you have .htaccess file in public_html/?
<Knifa> nope
<ivoks> ok, create a file names
<ivoks> named
<ivoks> rnd246.php in public_html
<ivoks> put in it:
<ivoks> <? phpinfo(); ?>
<ivoks> and try accessing it
<Knifa> it tries to download it
<ivoks> hm
<Knifa> really no idea what's going on
<Knifa> it should work
<ivoks> let me try it
<ivoks> works
<Knifa> kk
<Knifa> man what :[
<ivoks> sudo service apache2 stop
<ivoks> sudo killall -9 apache2
<ivoks> sudo service apache2 start
<Knifa> i tried rebooting the server for the sake of it (it is not an important machine)
<Knifa> so apache should have been proeprly restarted
<ivoks> and access that file with w3m
<LinuxAdmin> hi  guys
<ivoks> Knifa: do you have additional configuration in conf.d/ or sites-enabled/?
<Knifa> nope
<Knifa> this is a fresh apache2 install
<Knifa> i had lighttpd before.
<ivoks> prefork?
<Knifa> i have no idea
<LinuxAdmin> I'm trying to use ocfs2 on top of drbd. everything went well on first node but when I tryed to mount the partition on the second node I get this error:
<LinuxAdmin> mount.ocfs2: I/O error on channel while opening  device /dev/drbd0
<ivoks> Knifa: dpkg -l | grep apache2-mpm
<LinuxAdmin> can someone help me?
<Knifa> yeah it's prefork
<ivoks> LinuxAdmin: is drbd master/master?
<ivoks> er... primary/primary
<LinuxAdmin> I think so. Where can i see that?
<ivoks> cat /proc/drbd
<Knifa> ...
<Knifa> I tried reinstalling the php5 module for apache2
<Knifa> now it spontanously does not work at all.
<Knifa> anywhere.
<ivoks> Knifa: libapache2-mod-php5 is the name of the package
<LinuxAdmin> ro:Secondary/Primary
<Knifa> yeah
<Knifa> that's the one.
<LinuxAdmin> where can I define this?
<ivoks> LinuxAdmin: there you go, second node isn't primary
<ivoks> LinuxAdmin: and cannot write to device
<ivoks> Knifa: check /var/log/apache2/error.log
<LinuxAdmin> I wan to have the capability to write to the shared storage from both of nodes, that's why I created an ocfs2 clustering file system
<ivoks> LinuxAdmin: drbdadm primary <resource>
<ivoks> LinuxAdmin: but you have to set up drbd to work in primary/primary node first
<ivoks> LinuxAdmin: ocfs is just a filesystem
<LinuxAdmin> ok
<ivoks> LinuxAdmin: drbd is the device
<LinuxAdmin> yeah
<ivoks> have you followed any documentation?
<LinuxAdmin> yes
<ivoks> then you added needed stuff to drbd's config?
<LinuxAdmin> ubuntu server official book, and ocfs2 how to
<LinuxAdmin> I configured drbd and it synchronized well in both hosts
<Knifa> ivoks access logs for php files in user directories aren't showing up
<Knifa> but there are no errors.
<ivoks> LinuxAdmin: but did you add allow-two-primaries to drbd's config?
<ivoks> and become-primary-on both
<LinuxAdmin> no
<ivoks> LinuxAdmin: configs for drbd for ext3 and ocfs2 aren't the same :)
<ivoks> LinuxAdmin: https://wiki.ubuntu.com/ClusterStack/LucidTesting#Pacemaker,%20drbd8%20and%20OCFS2%20or%20GFS2
<LinuxAdmin> should I configure it on common section?
<ivoks> check '3. Configure drbd'
<Knifa> ivoks sigh. turns out firefox is caching the fucking download mimetype thing.
<Knifa> ugh.
<ivoks> Knifa: i said use w3m
<ivoks> Knifa: for a reason :)
<Knifa> oops :p
<Knifa> thanks :3
<jo-erlend> this was informative.. I didn't know drbd allowed both hosts to be primary at the same time.
<ivoks> jo-erlend: it does; but then you need clustered file system
<ivoks> jo-erlend: and stonith, and lrm and everything
<jo-erlend> then it will simply work both ways?
<jo-erlend> I'm not familiar with lrm. What's that?
<LinuxAdmin> ivoks, do I have to configure pacemaker?
<LinuxAdmin> can I avoid it?
<ivoks> LinuxAdmin: you don't have to, but it might be a smart thing to do :)
<LinuxAdmin> can you please tell me what pacemaker do?
<ivoks> uh
<ivoks> http://clusterlabs.org/
<LinuxAdmin> it's another tool like heartbeat?
<LinuxAdmin> ok
<ivoks> it's not another
<LinuxAdmin> I go read there
<ivoks> it replaces heartbeat
<LinuxAdmin> ok
<cdubya> We have a Domain Controller setup with Exchange on the same machine. I'm wondering if there is a good method of setting up a fallback for a failure to that machine, but obviously Exchange is an issue. Are there any good methods to resolve something like this using ubuntu?
<tschundeee> how can I add the usergroup www-data?
<tschundeee> I havent installed nginx via apt-get
<ivoks> addgroup --system www-data
<tschundeee> instead i compiled it myself... so i need to set its default user and chown the www-data folder to this user and its group... so I need to know if the group exists
<tschundeee> ivoks: thx man :)
<tschundeee> btw... where is the equivalent file to /etc/passwd?
<tschundeee> for groups?
<ivoks> guess :)
<tschundeee> hmm
<ivoks> what would be a first thing you would think of?
<ivoks> /etc/webserver?
<tschundeee> etc/groups
<ivoks> :D
<ivoks> there you go
<ivoks> without s
<tschundeee> okay sry
<tschundeee> i tried to edit with s and so I found nothing lol
<ivoks> tab is your friend
<ivoks> anyone knows where are defined options libvirt passes to kvm?
<ivoks> how does it generates command line from xml
<uvirtbot> New bug: #585456 in samba (main) "E: /var/cache/apt/archives/samba-common_2%3a3.4.7~dfsg-1ubuntu3_all.deb: non c'Ã¨ alcuno script nella nuova versione del pacchetto - saltato" [Undecided,New] https://launchpad.net/bugs/585456
<uvirtbot> New bug: #387708 in apache2 "ProxyPassMatch does not work" [Undecided,Invalid] https://launchpad.net/bugs/387708
<MTecknology> Do you guys know if it's possible to setup the user/group that's accessing a samba share on the filesystem?
<MTecknology> or does samba default to existing?
<webPragmatist> is there a sample partition schema available for using drbd
<webPragmatist> Is it common to put /var /home /etc on these?
<MTecknology> webPragmatist: I'd exclude var
<MTecknology> webPragmatist: I'm going to play with that nifty little thing eventually.. but it mostly just depends on what needs to be sync'ed - probably /home and /etc only - maybe /var/www or something specific in /var - you don't want to sync /var/logs - that could get ugly
<webPragmatist> right hrm
<webPragmatist> MTecknology: okay my next question is how am i mounting each of these specific folders to this separate partition
<MTecknology> webPragmatist: hm?
<MTecknology> webPragmatist: just make one partition for each thing you want to sync
<MTecknology> probably easiest
<webPragmatist> so a bunch of logical volumes?
<MTecknology> ya - probably easiest
<webPragmatist> seems kinda hard to tell what the partition size should be for each
<MTecknology> beyond that though - i can't tell you much because i haven't done it yet
<ivoks> i responded on #ubuntu-ha :)
<webPragmatist> oh okay
<R0d> Hi all
<R0d> does anyone know how can I configure Ubuntu to route trafic between 2 private nets, like 192.168.0.X and 192.168.1.X
<ivoks> route add net 192.168.0.0/24 dev eth0
<ivoks> route add net 192.168.1.0/24 dev eth1
<ivoks> or -net
<ivoks> -net :)
<mcas> ivoks: echo "1" > /proc/sys/net/ipv4/ip_forward
<MTecknology> Is it possible to have a Win7 user not have to type in credentials to log into a share? (Their system account) I have this in the config http://dpaste.com/199062/  I want adam to be able to seamlessly connect to the share.
<R0d> ivoks, and with these 3 steps (route add & ip_forward), Clients from 0.X could access to clients from 1.X and vice versa?
<zul> hey mathiaz
<ivoks> mcas: /etc/sysctl.conf
<mcas> ivoks: right
<ivoks> R0d: if your server is their router, yes
<R0d> ok, perfect :)
<hackeron> hey, now that ubuntu has done away with hal - I'm trying to use gudev to get information about devices - I tried query_by_subsystem("sound") under gudev Client, but how do I filter just the capture devices from the list?
<zul> hggdh: ping
<hggdh> zul: pong
<ivoks> hackeron: udevadm monitor
<R0d> and... If after that, there is a Gateway to internet? For Example... [A Clients] - [Ubuntu Router] - [B Clients] - [Gateway] - INET... Being A= 1.X, B= 0.X and Gateway LAN IP= 0.1
<zul> hggdh: can you nominate 551097 for lucid for me please?
<hggdh> bug 551097
<uvirtbot> Launchpad bug 551097 in mysql-dfsg-5.1 "start & stop hang on mysql-server (10.0.4 upgrade from 8.04) (dup-of: 551130)" [Medium,Fix released] https://launchpad.net/bugs/551097
<uvirtbot> Launchpad bug 551130 in mysql-dfsg-5.1 "infinite loop in /etc/init/mysql.conf if mysqld is not running." [Medium,Confirmed] https://launchpad.net/bugs/551130
<hackeron> ivoks: so how do I get alsa capture devices with udevadm?
<ivoks> R0d: than ubuntu router will have default route to 0.1
<hggdh> zul: you actually want me to nominate 551130, correct? 551097 is a dup of 551130...
<zul> hggdh: yes
<ivoks> hackeron: i'm afraid i don't understand you :)
<R0d> ivoks, Wow... Awesome! Thank you very much!!
<hackeron> ivoks: something similar to: hal-find-by-capability --capability alsa | grep capture
<ivoks> alsa, hal... what are these words? :)
<zul> hggdh: thanks in advance
<hggdh> zul: done, and you are welcome
<ivoks> hackeron: don't know
<hackeron> anyone? - before lucid, I used to do hal-find-by-capability --capability alsa | grep capture -- what do I do now to get alsa capture devices?
<xperia> hello to all. i was able sucessfull to install ubuntu-server LTS on a proliant ML530 G2 Server. it works everything like it should beside one small problem. everytime i poweroff the server and start it from new it hangs on the boot proccess asking me if i want to go into bios settings or if i want to continue. as long as keyboard and Monitor are attached to the Server this is no Problem but...
<xperia> ...if this devices dont exist i cant boot really in Ubuntu. anybody know how to solve that ?
<SpamapS> xperia: this actually sounds more like a BIOS issue
<xperia> yeah it is na
<xperia> a bios thing
<SpamapS> xperia: you saying when you halt windows/redhat/etc it doens't do that?
<darkscrypt> hey. I did not install lamp in the installer when it came up
<darkscrypt> but now i want it
<darkscrypt> how do i install the lamp package with apt-get
<darkscrypt> is there like a group install?
<ivoks> sudo tasksel install lamp-server
<ivoks> is that right?
<ivoks> it is :)
<xperia> Spamaps: yes if i sutdown the server with poweroff and after a while power on the server i get three lines on the server that ask me if i want to continue or to go in to bios. normally after 30 seconds the server boot direct in to ubuntu but in my case it just sit there without doing anything. now i have changed a setting in the bios and need to look if this will help to resolve the Problem.
<xperia> booting ubuntu is no problem
<darkscrypt> .thanks
<hackeron> anyone? - before lucid, I used to do hal-find-by-capability --capability alsa | grep capture -- what do I do now to get alsa capture devices?
<darkscrypt> never used tasksel before is that specific to ubuntu?
<xperia> the thing is that it dont do it automatic after 30 seconds or so
<ivoks> darkscrypt: all debian derivates have it
<darkscrypt> <-- rpm / red hat guy
<xperia> SpamapS: fixed it in the Bios settings. there was one Line with "F1 prompt" that was activated have now deactivated it and it works. so now after poweron of my server ubuntu boot automatic without any user interaction on my Proliant ML530 G2 Server :-)
<killown> ehy, i would like know how encrypt /var and /etc partitions.. does ubuntu server allow it during installation?
<pmatulis> killown: in combination with lvm, yes
<killown> i will try , thanks
<SpamapS> xperia: excellent, please if you would give us warning in here before you take over the world. :)
<eagles0513875> how can i change the sources list to a better mirror?
<eagles0513875> im currently on lucid
<Overand> Has anyone had any luck with using 10.04 exporting an NFS datastore for VMWare ESX/ESXi?
<pmatulis> eagles0513875: with a text editor edit /etc/apt/sources.list
<ikonia> eagles0513875: it's a text file
<eagles0513875> ikonia: i know so i would have to look at the ubuntu mirrors list to determine the address of the mirror i want then?
<ikonia> eagles0513875: it's that simple, yes
<eagles0513875> ikonia: i have kinda gotten spoiled using kpackagekit
<Overand> Oh for pete's sake, I had a type-o in my exports line.
<pmatulis> typo, typographical error
<Overand> pmatulis: thanks, that correction is both very helpful to my frustrated state, and very topical.
<RoyK> anyone here using hardy on a Xen DomU?
<MTecknology> Any ideas what's wrong with this config? A user can authenticate to the samba server, but the shares don't seem to exist. http://dpaste.com/199082/
<RoyK> MTecknology: which user is authenticating?
<MTecknology> RoyK: kalliki-docs
<RoyK> dies it work with adam?
<MTecknology> RoyK: hm.. yes it does
<RoyK> perhaps trying with a username without a dash works better
<RoyK> just a hunch
<MTecknology> RoyK: I also removed the printable part - i guess i'm not sure what that did
<uvirtbot> New bug: #585501 in samba (main) "mounted cifs share failed to ls dir with cyrillic filenames" [Undecided,New] https://launchpad.net/bugs/585501
<RoyK> shouldn't mean much - see man smb.conf
<Italian_Plumber> are there any disadvantages to using the 64 bit OS instead of 32?
<smoser> flash will be your biggest sticking point
<smoser> but for server... no
<atomic__1> \
<danutz> hello all ,I have a question..I have a vps and a domain...I created the name server at the domain registers ns1.mydomain.com and ns2.mydomain.com that goes to the vps ip and then set the domain to these nameservers the problem is that is not resolving..what do I have to do next?
<Italian_Plumber> I just got a new motherboard/CPU and I thought it was 32 but now I've discovered it's 64, and I'm trying to decide if I want to install 32 bit or 64 bit Ubuntu (server)
<hggdh> Italian_Plumber: probably you would want 64
<Italian_Plumber> mmkay
<uvirtbot> New bug: #584428 in samba (main) "Lucid server upgrade login times out" [Undecided,New] https://launchpad.net/bugs/584428
<sabator2> Does anyone uses Promise RAID card with Ubuntu ?
<Overand> sabator2: there are many different Promise RAID cards - most of which are not 'really raid' - i.e. they're "FakeRAID" - only a few are hardware-assist or really RAID
<Overand> sabator2:  take a peek at https://help.ubuntu.com/community/FakeRaidHowto
<Italian_Plumber> BTW... you can kill the Fake Kraid with a simple ice beam or wave beam shot -- no need for missiles.
<Overand> Italian_Plumber: generally speaking, I'd go for 64 bit on a server, and 'debate it' only on a workstation
<Overand> Italian_Plumber: Unless you have very esoteric hardware, that's the route I'd go - I've actually been running ubuntu-server 64 bit on 8.04 for quite some time - and if I recall correctly, the machine was actually originally installed with a prior release
<sabator2> Promise provide "FastTrak TX4310 Partial Linux source code", do I need to compile driver or Lucid will support it?
<zul> you will have to compile the driver
<Overand> Italian_Plumber: some of the files on that system were created 2006-04-19 - I may have in fact installed 6.06 LTS on it
<Overand> sabator2: May I make a suggestion?
<Italian_Plumber> Hardware is ASUS M4A785-M, AMD Phenom X4 9650, 2048MB PC6400 DDR2
<Overand> sabator2: http://www.lmgtfy.com/?q=ubuntu+TX4310
<Pici> Overand: Thats not helpful.
<Italian_Plumber> I'll be running Hardy Server ...  DNS, 24/7 bitTorrent, apt-cacher-ng, svn, vmware ... no webserver.
<Overand> Pici: It's one click away from some discussions on the particular harwdare
<Pici> !lmgtfy
<ubottu> Acronyms or statements like noob, jfgi, stfu, or rtfm are not welcome in this channel. Period.
<Pici> er,
<Pici> !google
<ubottu> While Google is useful for helpers, many newer users don't have the google-fu yet. Please don't tell people to "google it" when they ask a question.
<Overand> Pici: Alright.
<Overand> Would providing a direct link to the google response that lmgtfy proviced be acceptable?
<ivoks> sabator2: is that the driver for 2.4 kernel?
<Overand> Italian_Plumber: given what you've described, that's so nearly identical to what I run that I'd say 'go for it'
<Overand> Italian_Plumber: just do a stress test on it before you put it into production.  Also - since you're using apt-cacher-ng, you should be aware that the 32 and 64 bit packages will be different, so you're not going to get much benefit for the 64 bit box if everything else is 32, etc.
<sabator2> Do we need to setup Kernel Compile Environment with Lucid like we do in Suse with "make mrproper" command ?
<mathiaz> zul: I've nominated/accepted bug 577165
<uvirtbot> Launchpad bug 577165 in vsftpd "Typo in etc/init/vsftpd.conf" [Low,Fix released] https://launchpad.net/bugs/577165
<zul> mathiaz: thanks
<Overand> sabator2: Just a question - before you start digging into this- have you tried the card yet?
<Italian_Plumber> what would the stress test tell me?
<Overand> Italian_Plumber: it's just a good way to poke around for unexpected incompatabilities - it's probably unneeded 'specifically' for a 64 bit system, but it's never a bad idea
<Italian_Plumber> gotcha
<sabator2> Overand: No, I thought I had to load the driver prior to boot with the Lucid.
<Overand> sabator2: have you verified that the array you build *doesn't* show up in the lucid installer?
<Overand> I'm just trying to make sure you're not trying to fix something that's already working, that's all
<BigThetan> Hello all
<BigThetan> can anyone tell how to print from command line
<BigThetan> I do not have gui installed on my server
<ivoks> lpr
<BigThetan> is ther a man for lpr?
<pmatulis> BigThetan: i beg your pardon?
<savid> Hi all.  I'm trying to get glusterfs set up.   When I run sudo /etc/init.d/glusterfs start,  nothing happens,  and when I run /etc/init.d/glusterfs status,   I get "GlusterFS server is not running"
<BigThetan> i was trying to see if there was a manual for lpr but I founs it thanks
<savid> using ubuntu 10.04
<pmatulis> savid: strace perhaps
<sabator2> Overand: I'm not installing Lucid on RAID5, I'm just accessing data on it.
<uvirtbot> New bug: #585522 in ntp (main) "Somes bad var values and old name calling in lucid" [Undecided,New] https://launchpad.net/bugs/585522
<smoser> name calling is just not nice
<pmatulis> yeah
<savid> pmatulis,  http://dpaste.com/199112/
<webPragmatist> is a grow partition always logical?
<imthenachoman> anyone used webmin?
<pmatulis> savid: i would research the "Inappropriate ioctl for device" part
<webPragmatist> if you guys were trying to cluster two servers would you try to share /etc between the two?
<SpamapS> webPragmatist: /etc contains a lot of local configuration settings, so thats usually not advisable
<SpamapS> webPragmatist: typically when clustering you need to identify shared, and local configs
<webPragmatist> SpamapS: do you have an resources on doing this?
<SpamapS> savid: do you have config files created in /etc/glusterfs ?
<imthenachoman> is ufw better than Shorewall?
<SpamapS> webPragmatist: clustering is a very broad topic... one which I don't have a definitive source for information on.
<webPragmatist> SpamapS: well what I am using is drbd as that seems a common solution...
<webPragmatist> and i am just using typical web services
<webPragmatist> apache2, mysql, pgsql, svn
<SpamapS> webPragmatist: ahh drbd is a high availability failover solution
<webPragmatist> right
<RoAkSoAx> webPragmatist: if you want to keep config file in sync within various nodes, you can take a look to csync2
<webPragmatist> RoAkSoAx: whats your take on using drbh
<webPragmatist> drbd*
<RoAkSoAx> webPragmatist: if've used it before but to replicate data as in Web Server data and MySQL
<RoAkSoAx> webPragmatist: but never for /etc. However, I strongly recommend DRBD. I really like it.
<RoAkSoAx> webPragmatist: for config files, I'd recommend you to take a look to csync2
<RoAkSoAx> webPragmatist: here's a howto I did couple years ago: http://www.roaksoax.com/2008/06/cluster-sinchronization-tool-csync2
<webPragmatist> RoAkSoAx: so you just replicate the individual service data?
<webPragmatist> like /var/www
<RoAkSoAx> webPragmatist: something like that yes
<webPragmatist> did you just tell the service to store it's data in a different location?
<webPragmatist> also how did you go about upgrading the serviceâ¦ it seems like you could easily fubar your data that way if you don't upgrade both services to the same version?
<webPragmatist> (at the same time)
<RoAkSoAx> webPragmatist: For multiple webservers, since they needed the same data, I use two nodes with DRBD, exporting the data with NFS, the same for MySQL. Two nodes. Then the webservers only mounted the exported NFS data and connected to the MySQl
<RoAkSoAx> webPragmatist: in my case, I used csync2 to sync up apache config file's between servers
<RoAkSoAx> webPragmatist: each apache web server, mounted the NFS share and set it as the root for apache
<webPragmatist> does it sync the entire /sites-available?
<RoAkSoAx> webPragmatist: check out the post. You can either sync single files, or complete folders
<webPragmatist> oh okay
<webPragmatist> so really theres three "nodes" because of your NFS?
<webPragmatist> i mean whats the point of the nfs
<awb> Hello
<pmatulis> awb: 'wassup?
<webPragmatist> RoAkSoAx: ?
<awb> Does anyone know how to setup a Primary Domain Server on Ubuntu Server 10.04 from Scratch (I want to be able to join windows clients to it)
<RoAkSoAx> webPragmatist: Two nodes in HA, replicating data with DRBD. used as NAS. Then various loadbalanced webservers accesing the shared data through the NFS export
<pmatulis> awb: search "ubuntu server guide"
<RoAkSoAx> webPragmatist: keep in mind that webservers nodes are in a different level of storage servers
<guntbert> !serverguide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<webPragmatist> RoAkSoAx: ohh i seeâ¦ so you just used the drdb as a centralized file storage
<webPragmatist> for some dummy web servers
<RoAkSoAx> webPragmatist: The architecture I used is explained here: http://www.roaksoax.com/2008/07/ubuntu-in-my-thesis-part-2
<webPragmatist> RoAkSoAx: what would you do if you just had 2 serversâ¦.. or rather $500 bucks a monthish heh
<webPragmatist> best bang for buck
<RoAkSoAx> webPragmatist: to servers for what? Web serverS?
<webPragmatist> web/db
<akincer> is there a way to create custom commands with eBox like you could with Webmin?
<webPragmatist> postgresql, mysql, apache2, streaming video files (mp4s), other junk
<webPragmatist> all related to the webserver
<webPragmatist> svn
<webPragmatist> thats it
<RoAkSoAx> webPragmatist: webPragmatist you want loadbalacing?
<akincer> similarly, is eBox the preferred Ubuntu web based config tool these days?
<webPragmatist> RoAkSoAx: not really necessary
<webPragmatist> availability is key
<webPragmatist> it's an ecommerce website
<RoAkSoAx> webPragmatist: if you only want two webservers in HA, with active/passive, I'd just go for DRBD to replicate the shared data (mysql, apache data and etc)
<webPragmatist> could i do more with 500 bucks a month (dedicated hosting) â¦ ? We send out a hefty bit of dataâ¦. about 8TB a month
<webPragmatist> that's my original plan
<webPragmatist> was to just get drdb working
<RoAkSoAx> webPragmatist: well other thing that you could do, if you have really good hardware, is setup virtualization and set everything in VM's
<webPragmatist> not sure if i'd do thatâ¦ seems a bit pointless
<RoAkSoAx> webPragmatist: not really
<webPragmatist> unless i was just running something that was terrible at threading
<RoAkSoAx> webPragmatist: setting multiple VM's gives you the possibility to have different VM's for each service
<RoAkSoAx> webPragmatist: for example, you could even have a loadbalanced webserver that provides scabalability by adding VM's running apache
<RoAkSoAx> and stuff like that
<webPragmatist> I guess it could help allocate the resources better
<webPragmatist> but in the long run you might end up just limiting one services resources to gurantee anothers
<webPragmatist> atleast this is how i see it
<webPragmatist> no matter what you have 8gb of ram to work withâ¦.. partitioning it off using a vm doesn't improve anything
<awb> What do I actually need to install to make a Ubuntu Server PDC for Windows Machines, I have Samba 4 already is this all I need to install?
<akincer> awb: I believe there is info on the Samba Wiki if you feel like digging into the documentation there. Once upon a time, you had to install Kerberos and a few other packages. I want to say that is all built in to Samba 4, but you will want to check the docs to be sure
<webPragmatist> RoAkSoAx: did you end up with a crapload of logical partitions
<webPragmatist> using lvm
<webPragmatist> for your drbd partition
<webPragmatist> oh wait just /srv or something
<webPragmatist> hrm
<webPragmatist>  hrmmmmmmmmmmmmmmmmmmmmmmm
<webPragmatist> so much
<webPragmatist> lets see if this idiot guy can setup a web server
<webPragmatist> with drbd
<RoAkSoAx> webPragmatist: i didn't use lvm
<RoAkSoAx> webPragmatist: it is not hard :) it is fun
<webPragmatist> RoAkSoAx: just a big ol' drbd part?
<RoAkSoAx> webPragmatist: yep. I just used ext3 over drbd
<RoAkSoAx> s/over/on top
<webPragmatist> RoAkSoAx: with your scaling idea how did you propose to keep all the service updated?
<webPragmatist> with each node
<webPragmatist> RoAkSoAx: would you bother to raid mirror 1 your cluster
<webPragmatist> nodes
<webPragmatist> i'm thinking it's a waste of sapce
<webPragmatist> space*
<RoAkSoAx> webPragmatist: take a look to something like glusterfs
<RoAkSoAx> webPragmatist: or a cluster filesystem on top of DRBD
<webPragmatist> well this is a hardware raid
<webPragmatist> so that would be only somewhat equivalent
<webPragmatist> gfs though hrm
<RoAkSoAx> webPragmatist: oh well then. I think you should evaluate what is best form you then given the hardware you have and what you want to implement
<webPragmatist> i just don't want crap to break
<webPragmatist> but in the 3 years i've been running this server it's only hardware mirror and it's never broke :(
<webPragmatist> but we have another server that we are only using to backup to which i've never had to use either
<MTecknology> my linode seems to be really slow on the disk :S
<akincer> OK, a quick check of eBox shows me that #1 it is feature anemic and #2 it is NOT a suitable replacement for Webmin in any sense of the word. At least not for what I need it for
<MTecknology> akincer: learn to use the command line?
<guntbert> akincer: yes (I see it similarly) but webmin *is* bound to damage your system some time
<akincer> MTechnology: That is a complete non sequitur WRT my needs. I can use the CLI just fine
<akincer> guntbert: Not using it for system configuration but rather to restart some services using custom commands. Was hoping to move to eBox since its interface is much nicer looking than Webmin. But eBox sticks you in a box and holds you there
<guntbert> akincer: the services management will not work for long any more - the move from sys-v to upstart is fully under way and webmin has no idea of that
<akincer> guntbert: The fact that Webmin will execute any shell command I want it to says otherwise
<akincer> I really was just hoping eBox had the same flexibility
<akincer> perhaps one day
<guntbert> akincer: as long you not only know what you are doing but also what webmin is doing ... :-)
<akincer> haha true enough. I just configure custom commands to be executed from the CLI and create a single click button to get it to do that. For example: /etc/init.d/myservice restart
<qman__> if all you need is a web-based terminal, there's always ajaxterm
<akincer> so long as it does nothing more than do what I tell it to on the CLI, we're all good
<akincer> no, this is for people who know zero about the CLI to be able to do handy things like restart some custom software services I have
<qman__> but frankly, I'd put my own interface together before I used any of the above
<akincer> also to let them edit some config files for those services with the web based text editor
<qman__> a simple PHP script with some exec()s wrapped around the service command
<akincer> yeah, as soon as I get some time, I'm going to do just that
<qman__> handle auth with apache
<akincer> Nah, I'm going to make a Joomla plugin to do it
<akincer> I just find it very puzzling that you can't restart system services with eBox unless there are predefined plugins specifically for those services
<akincer> Seems like absurd overkill to essentially just have something behind the scenes do /etc/init.d/blahblah restart
<qman__> well, that's not even the correct way anymore
<qman__> because of upstart
<qman__> so the service command, now included, is the 'right' way
<akincer> I guess I don't know much about upstart
<qman__> because it can handle both sysv scripts and upstart scripts
<qman__> or at least it's supposed to
<qman__> I haven't done enough investigating to find out whether it actually works
<akincer> So if I have a script that has stop/start/restart defined, once upon a time I would use update-rc.d myscript defaults to register the service and use /etc/init.d to control it
<akincer> You are saying that is now the wrong way. What's the right way?
<qman__> well, that'll still work
<qman__> but only with sysv scripts
<qman__> upstart scripts are handled differently
<qman__> I don't know how to register one, but an upstart script is handled via "start <script" and "stop script"
<qman__> however, the service command is supposed to handle both upstart and sysv
<qman__> service <servicename> [start|stop|restart]
<akincer> Well I know next to nothing about upstart so if that's now the "preferred" way or whatever, guess I'll have to read up on it
<qman__> sysv style still works for now
<qman__> but it's getting phased out
<qman__> and actually, the current setup is just a compatibility layer on top of upstart
<qman__> actual sysvinit is gone
<akincer> right, it's the "for now" part that moves me to think learning upstart would be wise
<ScottK> Just don't get too attached to Upstart as it is now, since it's promised to change a lot by 12.04.
<akincer> Well then I'll just wait a bit to worry about it
<qman__> I think the safest bet is to write your stuff around the service command, since that should be updated to handle whatever comes
<qman__> but, just my opinion
<akincer> I won't have to worry about it for now since 10.04 seems to honor the old ways
<akincer> I'll just test out the non-LTS versions as they come along, play with it and then when the next LTS nears, I'll see what I need to know
<qman__> yeah
<akincer> thanks for the info though
<savid> Ok,  so on ubuntu it installs   /etc/glusterfs/glusterfsd.vol --   but, it looks like those are example files.  I have my own files in that folder that I generated using glusterfs-volgen.    The problem is that the init script seems to be using the glusterfsd.vol file when it starts.   How do i make glusterfsd just use all the config files?
<Tweeda> savid, I move the default files in /etc/glusterfs/ out of the way and sym-link /etc/glusterfs/glusterfsd.vol to the file generated by glusterfs-volgen and refer to the glusterfs-client files by name in /etc/fstab
<savid> Tweeda,  When I did glusterfs-volgen,  it generated three files.    I did "glusterfs-volgen --name=slurpee_media --raid 1 slurpee-web1:/export/slurpee_media slurpee-web2:/export/slurpee_media".     It created  slurpee_media-tcp.vol,  slurpee-web1-slurpee_media-export.vol,   and slurpee-web2-slurpee_media-export.vol.
<savid> Not sure which of those is the client file,  or which of those is the server file :-P
<savid> very confusing
<Tweeda> savid, one sec
<Tweeda> savid, the /etc/glusterfs/glusterfsd.vol should contain something like "option directory /export/data0/data0" in the volume block.  that eventually gets shared out as a 'brick'
<jo-erlend> what is the dyngroup schema for in an LDAP directory?
<Tweeda> savid the glusterfs.vol will list the servers and describe how to assemble the bricks into a filesystem
<savid> Tweeda, are you talking about the default glusterfsd.vol that's included when installed?
<Tweeda> I'm talking about what volgen generates
<Tweeda> savid, honestly, this should probably be taken to #gluster :)
<savid> Tweeda,  volgen doesn't generate a glusterfsd.vol file.      I did "glusterfs-volgen --name=slurpee_media --raid 1 slurpee-web1:/export/slurpee_media slurpee-web2:/export/slurpee_media".     It created  slurpee_media-tcp.vol,  slurpee-web1-slurpee_media-export.vol,   and slurpee-web2-slurpee_media-export.vol.
<cybrocop> Hi all. Can someone tell me how I can troubleshoot a "suspected" kernel bug within Apparmor?
<cybrocop> Symptoms:
<cybrocop> a) Access to a file is denied.
<cybrocop> b) Nothing is kern.log
<cybrocop> c) I purged Apparmor modules
<Tweeda> savid, slurpee_media-tcp.vol is the client description that gets listed in /etc/fstab or used by the mount command.  The slurpee-web1-slurpee_media-export.vol is the glusterfsd.vol file on slurpee-web1
<cybrocop> to be specific on a) access is denied when I'm running KVM through virsh. And to be even more specific this happens when I'm providing a <serial> directive in order to define a serial port for my virtual machine.
<cybrocop> kirkland: Sorry, I pinged you yesterday on #eucalyptus but I dropped off so I don't know if you answered my questions there. A kernel bug seems to be the only logical explanation for the problems that I am having.
<savid> Tweeda,  Ahh,  I see.  So I need to move the files it generated to the relevant servers.  Gotcha.
<cybrocop> Some more background on the problem I'm having: http://forum.eucalyptus.com/forum/libvirt-operation-failed-failed-retrieve-chardev-info-qemu-info-chardev#comment-11334
<BigThetan> how do i test to see if my rsyslog server is receiving??????????
<webPragmatist> RoAkSoAx: you still around?
<webPragmatist> have any of you configured drbd
<webPragmatist> i'm just wondering if i have to create a ext3 partition first
<webPragmatist> or if drbd needs unallocated space
<BigThetan> how do i test to see if my rsyslog server is receiving??????????
<KillMeNow> bigthetan:  IIRC there should be a log
<KillMeNow> also check to make sure the port active and listening
<|corpse|> im having a problem trying to install ubuntu server from a usb drive on a machine that has no cd-rom. is a cd-rom required?
<BigThetan> there are a few logs which one should I check?
<|corpse|> actualy it has a cd-rom and its listen in the bios and post but the server install dosnt not recognize it and i cant get passed it
<BigThetan> i can ping my server
<BigThetan> from another machine
<webPragmatist> i want to create a /srv directory to hold svn repositories, www, etc...
<webPragmatist> with drbd should i create a partition for each?
<webPragmatist> or can i just map the entire /srv dir
<webPragmatist> to the drbd
<RoAkSoAx> webPragmatist: you can map the entire /srv dir
<webPragmatist> got it
<|corpse|> im stuck at my install right after the keyboard setup,i get a progress bar that says Detcting hardware to find CD-ROM drives, and it just sits at 0%
<webPragmatist> RoAkSoAx: hey i screwed up and put the wrong ip for my cluster1
<webPragmatist> i fixed it and tried to restart drbd and it says the volume is in use
<webPragmatist> oh detach drive0
<webPragmatist> 0: State change failed: (-2) Refusing to be Primary without at least one UpToDate disk
<kirkland> cybrocop: i'm sorry, i don't have the bandwidth to answer your questions this week
<kirkland> cybrocop: please check #ubuntu-kernel, if you think it to be a kernel issue
<RoAkSoAx> webPragmatist: try something like drbdadm -- --overwrite-data-of-peer primary data-lower
<RoAkSoAx> webPragmatist: try something like drbdadm -- --overwrite-data-of-peer primary <drbd-resource>
<webPragmatist> i need to read all these commands
<webPragmatist> i'm just copy pasting random crap
<riz0n> Hey guys, I have an ubuntu server 8.04LTS and am curious what steps I should take to upgrade to the new 10.04 LTS without having to do a fresh installation?
<uvirtbot> New bug: #585615 in nut (main) "UPS is lost at the random point" [Undecided,New] https://launchpad.net/bugs/585615
<ScottK> riz0n: In general it's recommended to wait for 10.04.1 in two months to upgrade.  If you want to now, sudo do-release-upgrade -d should do it.
<riz0n> Thanks ScottK!!
<centaur5> How do you give sudo access on a ltsp fat client?
#ubuntu-server 2010-05-26
<KenBW2> can anyone explain this when i try to set up a CVS server: http://www.nomorepasting.com/getpaste.php?pasteid=33110
<therian> hey everyone, can i get some help with openvpn? im pretty much a total noob but im trying to get my home ubuntu box to connect pki to my pfsense box at work
<therian> but i cant seem to find much docs on this
<therian> anyone have anything they can point me too?
<zelda> hello.
<zelda> I have an AMD64 computer that im thinking about making it a server. this has 2gb ram, and Im wanting to know if I should run ubuntu or xubuntu 10.04 LTS?
<zelda> AMD II x2 245 proc
<zelda> basically Im only wanting to run a file server for the time being.. until I can get used to managing and everything. Then I intend on upgrading the CPU to one that support VT so I can run multiple servers from one machine.
<pmatulis> zelda: you'll need to see if your processor socket can accomodate a cpu that has VT extensions
<pmatulis> zelda: and if you want to learn about ubuntu server then you should not run a DE (desktop environment)
<zelda> ok Ive got ubuntu server 10.04
<zelda> my proc doesnt support virtualization.
<zelda> So I have to get new hardware, but I dont need that for now.
<pmatulis> zelda: well, your cpu doesn't support hardware-accelerated virtualization
<pmatulis> zelda: you can still run vmware or virtualbox
<zelda> yeah I knwo that right now. Im not going to virtualize anything right now.
<zelda> yeah Ill run virtualbox
<pmatulis> zelda: note that virtualbox itself can run without a gui
<pmatulis> zelda: and this is what i recommend (no gui)
<zelda> well Im learning so, its my first server I want to build.
<riz0n> Hi guys, I just upgraded from 8.04 to 10.04 using the built in update utility.. but for some reason the grub file did not update and I am getting an alert that the /dev/disk/by-uuid/xxxxx does not exist and it is dropping me to a busybox shell... What should I do to get this fixed so it can boot my server?
<twb> riz0n: list the contents of /dev/disk/by-uuid/ in busybox
<twb> What UUIDs *are* there?
<riz0n> ok hang on and let me boot back up
<riz0n> when i ls/dev/disk/by-uuid/ it says No such file or directory
<riz0n> if i ls /dev/ it does not have a disk folder at all
<twb> You need a space between ls and /dev
<twb> OK, that suggests udev isn't in the ramdisk.
<riz0n> i am putting a space there,sorry
<twb> Fixing this is probably non-trivial.
<twb> What does /proc/partitions say?
<twb> It should list something like sda sda1 sda2 sda5
<riz0n> when i cat partitions, it says major minor #blocks name
<riz0n> and thats it
<twb> That means your kernel and ramdisk don't have a driver for your SATA contoller
<riz0n> well i dont have a sata hard drive
<riz0n> its a ide drive
<twb> SCSI, ATA, whatever
<riz0n> to give you an idea of what i did, i was running 8.04 just fine and did the built in updater, and i guess that my grub.lst file didn't get updated because its still reflecting 8.04 in the grub file
<twb> Boot a live image, confirm that /etc/initramfs-tools.conf says "MODULES=most", and *not* "MODULES=dep".
<twb> riz0n: this issue has nothing to do with grub
<riz0n> ok hang on, i will get live disk going
<Todd> riz0n: What command did you use to update?
 * twb bets on d-r-u
<Todd> I missed part of the conversation, but I was thinking he might have tried dist-upgrade which can break stuff.
<riz0n> yes it was distr-upgrade -d
<riz0n> i have livecd booting now as we speak
<twb> dist-upgrade as in "apt-get dist-upgrade"
<twb> ?
<riz0n> sudo dist-upgrade -d
<riz0n> someone in this # suggested it to me earlier
<twb> Ugh, more ubuntu-specific crap?
<Todd> dist-upgrade does not upgrade you to a new Ubuntu release..
<twb> Yeah, that's an ubuntuism.  I wouldn't trust something canonical built.
<riz0n> i dont have the cmd in my buffer any more
<Todd> dist-upgrade is a debian tool
<Todd> the ubuntu tool is different
<riz0n> ok i got the live cd up and running
<Todd> update-manager-core is the package that you need and you then run do-release-upgrade to upgrade your version of ubuntu. Prior to upgrading check your /etc/update-manager/release-upgrades and set 'Prompt=lts' (if upgrading to 10.04)
<Todd> but if it's broken maybe these guys can continue to get you fixed ;)
<twb> Todd: there is no "dist-upgrade" binary in Debian.
<Todd> really? I always read that it was a debian tool. It's most definitely not the recommended way of upgrading Ubuntu.
<Todd> It has been breaking stuff for years.
<twb> The only dist-upgrade I know is "apt-get dist-upgrade".
<twb> Which do-release-upgrade runs internally.
<riz0n> my guess is i should perhaps change boot.lst to reflect the new kernel perhaps since its still referring to the old 8.04 kernel
<twb> riz0n: if you transitioned to grub 2, then the config file is now grub.cfg; menu.lst is unused.
<riz0n> i don't have grub.cfg
<riz0n> so i guess its still using the old grub
<mikelifeguard> Should the git-daemon-run package install a script in /etc/init.d? sudo service git-daemon ... doesn't know what that service is. I see stuff in /etc/service (it is the only thing, actually) though...
 * mikelifeguard also O.o at the choice of name for the system account (gitlog) :P
<Todd> ok now I'm distracted and want clarification.. do-release-upgrade may run dist-upgrade in the background but it has to do far more than that since dist-upgrade does not seem to update various parts of the system (last time I ran it (2 years ago?)).
<|corpse|> Is it possible to install ubuntu-server in the installation shell?
<riz0n> it may have been do-release-upgrade
<riz0n> [18:28:07] <ScottK> riz0n: In general it's recommended to wait for 10.04.1 in two months to upgrade.  If you want to now, sudo do-release-upgrade -d should do it.
<riz0n> so yes it was do-release-upgrade
<riz0n> sorry
<mikelifeguard> Todd: if you read python, it turns out do-release-upgrade is just a python script
<riz0n> should i be booting kernel vmlinuz-2.6.32-22-generic-pae or vmlinuz-2.6.24-19-server
<Todd> oh nice.. *has a look*
<twb> Hm, I wasn't aware that "avoid .0 releases" was the party line.
<Todd> what is this windows?
 * Todd ducks
<riz0n> lol
<riz0n> because from the looks of grub.lst, it is booting the 24-19-server file which is 8.04 according to the grub file.
<twb> grub.lst?  That's non-standard.
<riz0n> sorry long night
<riz0n> menu.lst ;)
<twb> riz0n: it is important to get these strings right
<twb> Otherwise we will mis-diagnose problems.
<riz0n> i understand
<webPragmatist> When the linux installer asks which interface should be primaryâ¦ should i put the one that goes to the internet or my local lan?
<webPragmatist> i'm installing on a hosted place
<twb> It is probably asking for the upstream (internet-facing) interface.
<twb> in order to download security patches
<webPragmatist> okay :)
<Todd> That was interesting. I locked my screen session and it disconnected everything. Won't do that again.
<twb> Uh?
<twb> That's definitely not normal
<twb> are you  running byobu?
<riz0n> well the good news is that i added the the new kernel 32-22-generic-pae to my menu.lst file and my server booted up :D
<Todd> Nope.
<mikelifeguard> ew, byobu
<twb> riz0n: hm
<Todd> It only disconnected the applications running in the screen.
<Todd> That still doesn't seem normal however..
<twb> It's not
<riz0n> but it appears that the install has wiped out all my apache virtual servers (which is no issue)
<twb> That suggests that SCREEN crashed
<Todd> Let's try it again.
<Todd> All my windows are still here.
<twb> How can the windows be there if they disconnected?
<Todd> I meant my applications lost their connection to the internet. All of my applications and windows were still running.
<Todd> And now it appears to be working fine.
<mikelifeguard> this is the joy of screen!
<Todd> *shrug* Couple more lines of code then sleep.
<riz0n> and for whatever reason, it will not let me into phpmyadmin using any of the accounts i had made
<Todd> screen is your friend.. even if he has a few bugs on him
<mikelifeguard> speaking of which... I forget the thing to always start screen on login...
<mikelifeguard> echo 'exec screen -R' >> ~/.bash_profile # or somethin
<mikelifeguard> -D -R maybe
<Todd> screen -r -dd will reattach to the first available screen
<Todd> or maybe it's the last used.. dunno
<Todd> I only use one
<twb> mikelifeguard: that's a risky approach
<riz0n> now, just out of curiosity, where can i find the files for mysql
<twb> http://paste.ubuntu.com/439713/ is how I do it
<twb> riz0n: /var/lib/mysql, probably
<Todd> personally I don't find it all that difficult to type screen -r -dd after login
<riz0n> thanks, how can i go about restoring the mysql databases? it appears the files are still present in that folder, but are inaccessible from phpmyadmin
<twb> Todd: I ssh into a lot of hosts
<ScottK> twb: Avoid .0 is just for LTS to LTS upgrades.  It gives a little more time for stabilization and for the development team to test LTS to LTS upgrade scenarios.
<twb> ScottK: ah, OK.
<ScottK> Which reminds me, as a developer, it's probably about time to do an LTS to LTS upgrade and see how it goes...
<riz0n> ScottK: Good luck! I'm trying to pick up the pieces right now as we speak! :)
<ScottK> Heh.  Please be sure to file bugs.
<riz0n> ok, now i got mysql back up and running, but Apache seems to be misbehaving...
<riz0n> ... and I think I got that up and going again :D
<riz0n> Now I got one more problem. For some reason, the server booted up the X server. How can I make it boot into a text login prompt?
<ScottK> The usual method on a server is to not have X installed.
<riz0n> right, but apparently decided to install itself (which is fine) I just don't want it to start when the server starts
<ScottK> FWIW, mail server upgrade went fine.  One minor bug filed.
<twb> "update-rc.d gdm disable" is correct for Debian.
<twb> I don't know the "right" way to disable it in 10.04; perhaps dpkg-divert --rename /etc/init/gdm
<twb> */etc/init/gdm.conf
<riz0n> yeah i renamed the gdm.conf file and that did it
<twb> You should use dpkg-divert so that it stays renamed
<twb> Otherwise an upgrade or purge-and-reinstall will put it back
<riz0n> now i got to fix dovecot, says line 8 something about ssl :/ lol
<riz0n> and fails to start
<riz0n> removed the line, /etc/init.d/dovecot start and we are OK :)
<webPragmatist> RoAkSoAx: you around/
<jo-erlend> during the server install, I'm asked if I want to use a http proxy. I do have an apt-proxy on my network. Is it safe to simply add its address there?
<remix_tj> i'm looking for support about kerberos and apache
<remix_tj> i've created with net ads keytab a separate keytab for apache2 and added the HTTP service principal
<remix_tj> but after a week i got errors about gss auth
<remix_tj> http://paste.ubuntu.com/439796/
<remix_tj> these are the errors in apache error log
<vmlintu> remix_tj: did you do any changes before you started getting errors?
<remix_tj> no, my collegue was working on the kerberized zone and started getting the password request
<remix_tj> vmlintu: now i solved recreating the keytab flushing old principals and adding new ones, but i'm looking for a definitive solution
<vmlintu> the principals didn't expire?
<remix_tj> how can i check it?
<vmlintu> kadmin.local -q "getprinc uid@REALM"
<remix_tj> Missing parameters in krb5.conf required for kadmin client while initializing kadmin interface
<vmlintu> which kerberos implementation do you use?
<remix_tj> my kdc is MS Active Directory
<remix_tj> maybe i can take a look on the doman controller?
<vmlintu> oh, I didn't realise you are using AD.. I don't know how to check that on AD, sorry..
<remix_tj> vmlintu: i'm googling :-)
<vmlintu> I've been running an apache server with some 50 realms on it for quite some time and there have been no problems..
<remix_tj> realms or domains? :-)
<hyperlinx> hey guys
<hyperlinx> need some help again
<hyperlinx> my monitor is only of the Half of the existing surface
<hyperlinx> my monitor is only of the Half of the existing surface
<hyperlinx> my monitor is only of the Half of the existing surface
<remix_tj> hyperlinx: are you able to read the topic or is it in the other half of the monitor?
<remix_tj> vmlintu: so you say the principal has no expiration, isn't it?
<lifeless> hyperlinx: #ubuntu please, unless your issue is server specific
<vmlintu> remix_tj: 50 realms :)
<remix_tj> vmlintu: :-O :-)
<vmlintu> remix_tj: at least with mit kerberos tools you can set expiration times
<remix_tj> vmlintu: so expiring is an available option... now asking on another channel about it
<remix_tj> thanks
<vmlintu> also check the AD logs
<vmlintu> at least mit kerberos logs quite a bit stuff in kdc.log
<remix_tj> vmlintu: thanks :-)
<baccenfutter> k folks, I have a very suspicious file laying in /usr/local/games called z
<baccenfutter> it is a binary and seems to be doing something with the logs
<baccenfutter> can anyone in here, please calm me down on this?
<ivoks>  /usr/local is used for self installing binaries
<baccenfutter> cause there is also some suspicious cron schedule running /usr/local/games/.ICE/unix which doesn't even exist
<ivoks> that file doesn't come from package
<baccenfutter> ivoks: this is a fresh 10.04 with openssh and bin9 period
<baccenfutter> chkrootkit finds nothing suspicious
<ivoks> someone else has access to it :)
<baccenfutter> I am somewhat worried though, since this is a productive env
<ivoks> try string /usr/local/games/z
<ivoks> strings
<baccenfutter> ivoks: how could someone possibly have access to a server on a DMZ which is only reachable through NAT on the GW and a fail2ban with max 6 retries sitting behind ssh
<ivoks>  /usr/local/games is only writable by root user
<ivoks> if you, as an admin, didn't put it there, someone else did
<baccenfutter> http://paste.pocoo.org/show/218439/
<ivoks> run strings on that binary
<ivoks> hehe
<baccenfutter> cleaning logs file sounds so suspicious!
<ivoks> yep
<ivoks> it cleans access logs
<baccenfutter> seems zou guys have a bug in ubuntu 10.04 then, cause this vm has never been online!
<baccenfutter> it is only reachable through NAT when packet is inbound on pppoe... ssh runs in rsa only mode
<ivoks> you are the only admin of that machine?
<baccenfutter> yes
<baccenfutter> and the install is about 5 days old
<ivoks> check your .ssh/autorized_keys
<baccenfutter> I installed one image and copied that 5 times... all other 4 boxes are just fine
<remix_tj>  vmlintu can you take a look to this? http://paste.ubuntu.com/439811/ is a correct behaviour?
<ivoks> therefor, it's not a bug :)
<baccenfutter> ivoks: wow... there is actually an unknown dsa key
<baccenfutter> seems I am no longer a virgin^^
<ivoks> check mtime of that file
<baccenfutter> crap
<baccenfutter> I just took the key out
<ivoks> and permissons on that file?
<ivoks> i hope they are 600
<ivoks> check other 4 machines
<baccenfutter> k, I assume I can just del that binary?
<ivoks> when was is created?
<ivoks> before or after installation? :)
<ivoks> er... during or after installation
<baccenfutter> 2009-11-22 14:57
<baccenfutter> how can that be?
<baccenfutter> perhaps noatime?
<ivoks> i bet all your machines have that same file :)
<ivoks> and that ssh key
<ivoks> you did an automated installation?
<baccenfutter> ivoks: no, all other boxes seem just fine... none of the zymptoms
<baccenfutter> symptoms
<ivoks> not even the key?
<baccenfutter> not even
<baccenfutter> probably a passive hack by some script?
<ivoks> passive hack?
<baccenfutter> soem script running and brutforcing ports
<baccenfutter> not intelligent enough to hack from where it has landed
<ivoks> if port isn't open, it can't brute force it
<ivoks> if your ssh is rsa only
<baccenfutter> ivoks: cut that... was probably open
<ivoks> then someone owns your key
<baccenfutter> tried password auth and got in
<baccenfutter> seems I forgot to restart ssh
<baccenfutter> only the pubkey
<baccenfutter> my cert is only localhost here on my laptop
<baccenfutter> i use ssh -YCc blowfish all the way along
<baccenfutter> and -a
<baccenfutter> only thing they have is my pub
<baccenfutter> well, post it on google... don't care..
<baccenfutter> god damn script kiddies
<baccenfutter> k, seems I can somewhat reconstruct what has happened
<baccenfutter> I've set an easy passowrd during generation of the master image
<baccenfutter> never set password no on master image though
<baccenfutter> all my boxes where rnnign with root pw 1q2w3e
<baccenfutter> ^^
<uvirtbot> baccenfutter: Error: "^" is not a valid command.
<baccenfutter> so the bug lies between keyboard and chair as so often
<ivoks> that's an easy password :)
<baccenfutter> so a bruteforce is absolutely possible
<baccenfutter> \
<baccenfutter> I'm just wondering why fail2ban didn't kick in
<baccenfutter> he must have made it within the first 6 tires
<baccenfutter> luckz sone of a bitch
<baccenfutter> I owe him a beer for that^^
<baccenfutter> ivoks: thx for stickin through this with me..
<ivoks> np
<uvirtbot> New bug: #577710 in php5 (main) "php5 crashed with SIGSEGV in execute()" [Undecided,New] https://launchpad.net/bugs/577710
<uvirtbot> New bug: #585787 in awstats (main) "awstats.pl crashed with SIGSEGV in Perl_hv_common()" [Undecided,New] https://launchpad.net/bugs/585787
<DelphiWorld> hello
<DelphiWorld> apt-get install linux-headers-2.6.28-11-server
<DelphiWorld> is not working
<DelphiWorld> why?
<c13> I am setting up a cyber. And i want to time-limit access. So that the user can get a time for login and after that time he will be logged out. How can i realize this?
<vmlintu> remix_tj: sorry, got pulled to other things.. I just checked that with my test system and kinit didn't complain anything
<SuperLag> Have any of you guys used kexec to do a kernel upgrade without rebooting?
<apw> SuperLag, doing a kexec is a reboot in the sense all of userspace is gone
<remix_tj> vmlintu: a friend of mine said that if there is winbind running it changes my machine password on the DC and does not refresh certs... now i disabled winbind  and i wait the next week
<zul> ttx: ping just a heads up, the mysql source package has been renamed in debian
<ttx> zul: meaning we should rename it as well ?
<zul> ttx: yep...i was going to spend some time on it
<zul> ttx: or we could give it to clint ;)
<ttx> zul: you are nasty :)
<zul> ttx: heh
<zul> i need to update mysql-cluster anwyays
<zul> mdeslaur: i take it you are chomping at the big for mysql 5.1.47? ;)
<mdeslaur> zul: please speak english
<zul> mdeslaur: you were asking me about the mysql package is it because of the security update in 5.1.47?
<vmlintu> remix_tj: that sounds interesting
<mdeslaur> zul: no, I solved that already
<zul> mdeslaur: ah ok
 * zul shakes his fist
<sommer> morning
<ivoks> any libvirt expert in here?
<ivoks> :)
<ttx> A few weeks ago I'd have paid to hear that question :)
<jcastro> ScottK: over here. :)
<ivoks> ttx: ? :)
<ttx> ivoks: :P
<ivoks> i just want to change options it pases to kvm/qemu
<ttx> ivoks: I guess it depends on what you want to change... I don't know of a generic way to pass arbitrary options
<ttx> ivoks: maybe more help in #ubuntu-virt
<ivoks> ttx: yeah, i tried :)
<uvirtbot> New bug: #585830 in mtx (main) "tab completion does not work" [Undecided,New] https://launchpad.net/bugs/585830
<zul> sommer: ping when you triage new bugs can you set them to incomplete/new if you dont have a response from a user
<zul> sommer: so they dont appear in the new bugs list
<sommer> zul: sure, forgot to do that the last couple of times :)
<zul> sommer: i noticed :)
<sommer> should I wait for a response, or do it after commenting?
<SuperLag> What kind of VMs can you run on an Ubuntu server?
<SuperLag> only *nix?
<SuperLag> using KVM, that is
<ivoks> any
<smoser> kvm supports running windows. it iprovides "full virtualization"
<SuperLag> interesting
<ivoks> smoser: and paravirtualization with virtio, right?
<smoser> ivoks, right. the virtio drivers (network and disk) provide paravirt, which gets you better performance.
<smoser> SuperLag, note, there are certified windows drivers for virtio network and disk
<AndyGraybeal> so there is talk about taking the 'support' from this channel in the email list?
<ScottK> jcastro: I'm around now.
<Spawn_K> hi everyone
<zul> mdeslaur: at least the ssl certs have been updated
<mdeslaur> zul: hehe
<pmatulis> SuperLag, smoser: i believe virtio drivers for 64-bit windows products require a digital signature from MS
<smoser> i was under the impression that there are such drivers available.
<smoser> but i will be honest that i really *very* little windows experience
<pmatulis> smoser: sure they're available, but not signed, and will therefore not work, that is my understanding
<Spawn_K> hi all
<Spawn_K> :)
<Spawn_K> Store rebuilding is -0.3% complete,why my store rebuilding return min value?ty
<smoser> pmatulis, seems you are correct: http://blog.famzah.net/2010/01/09/kvm-qemu-virtio-storage-and-network-drivers-for-32-bit64-bit-windows-7-windows-vista-windows-xp-and-windows-2000/
<smoser> i was under the impression that redhat provided signed ones
<smoser> https://bugzilla.redhat.com/show_bug.cgi?id=532480
<uvirtbot> bugzilla.redhat.com bug 532480 in libvirt "libvirt lacks of signed drivers for virtio and viostor" [Medium,Closed: notabug]
<smoser> "3)  Buy a Red Hat subscription to get signed drivers
<smoser> "
<pmatulis> smoser: thanks for the confirmation
<smoser> but they are available.
<smoser> from redhat
<smoser> i'm not sure on the legality of redistributing them if you had a RHEL subscription
<pmatulis> i'm sure MS has thought of that and will only allow them by probing the KVM RedHat host and it's valid subscription
<Spawn_K> hmm
<uvirtbot> New bug: #366242 in samba (main) "after adding samba sharing service, X restart failed on jaunty" [Undecided,New] https://launchpad.net/bugs/366242
<zul> heh....do i really care about jaunty
<uvirtbot> New bug: #367473 in samba (main) "Segfault when trying to add a Windows printer via SAMBA" [Undecided,New] https://launchpad.net/bugs/367473
<uvirtbot> New bug: #573847 in dbconfig-common (main) "package phpmyadmin 4:3.3.2-1 failed to install/upgrade: subprocess installed pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/573847
<uvirtbot> New bug: #585911 in minicom (universe) "minicom scripts never exit" [Undecided,New] https://launchpad.net/bugs/585911
<ScottK> jcastro: re-pong.
<jcastro> ScottK: ok so anyway, the idea wasn't to get rid of server support, but have it so people who want to contribute have a place instead of mixing up with "help me with DNS"
<ScottK> jcastro: I think moving development away from support makes it less likely people who are here for more general reasons will feel like becoming involved.
<ScottK> In any case, the spec currently just says to drop support from this channel and nothing about what will replace it.
<webPragmatist> question...
<ScottK> So even if the intent is to split it, it's incomplete.
<jcastro> ScottK: daviey did mention that the channel wasn't that busy that you had to split it
<webPragmatist> can I resize a grow partition to a set size?
<webPragmatist> and also are grow partitions always logical?
<jcastro> ScottK: ok, I recommend ambushing matthiaz when he joins next.
<ScottK> jcastro: OK.
<jcastro> ScottK: the work-item reads way colder than what we discussed.
<jcastro> it's not like "and screw our users too!"
<martin-> anyone knows what's going on with keyserver.ubuntu.com?
<ScottK> jcastro: I expected so, but I wasn't in the session, so all I know is what I read in the spec.
<ScottK> martin-: #canonical-sysadmin is probably a better channel to ask.
<method_man_1> HI i have problem with my ubuntu
<webPragmatist> Is this a standard schema http://screencast.com/t/NTg4NTQ2ODk
<bihari> can i install yahoo mesanger
<apw> kirkland, hey do you guys look after libvirt?
<smoser> apw, jdstrand has done a lot recently, but, yes, it falls under ubuntu server team
<smoser> and kirkland has done a lot there too
<binBASH> isn't soren the expert here?
<apw> cybrocop has a libvirt use case whereing the kvm instance is being started as root but setcap'd to have no capabilities, this renders logfiles etc un-writable ... heard of such a thing?
<cybrocop_> hi smoser, I've been trying to debug this issue for several days now and apw was gracious enough to help me and identify that libvirtd does a setcap to limit its capabilities
<cybrocop_> smoser: as a result, kvm isn't albe to map a VM's serial port to a logfile: http://open.eucalyptus.com/forum/libvirt-operation-failed-failed-retrieve-chardev-info-qemu-info-chardev
<apw> cybrocop_, let them know which command u used to start this thing up
<binBASH> apw: I have an issue here with virt-manager. When I try to clone a machine, it says it has no read access to the disc image :p
<apw> cybrocop_, binBASH, which release are you running
<binBASH> When I give all rights it says it can't find the disc image
<apw> binBASH, could be a similar issue quite easily
<binBASH> apw: 10.04lts
<cybrocop_> here is what I did:   virsh define libvirt.xml; virsh start i-46D20834
<smoser> cybrocop_, this is when running under eucalyptus / UEC without any local modifications ?
<smoser> because 10.04 is absolutely capable of running instances
<cybrocop_> smoser: here is my libvirt.xml
<jdstrand> cybrocop_: did you change /etc/libvirt/qemu.conf to use the non-root user and group?
<cybrocop_> http://slexy.org/raw/s2KPFinewG
<cybrocop_> jdstrand: no
<cybrocop_> jdstrand: actually, I tried this: security_driver = "none"
<cybrocop_> jdstrand: sorry, this was many days ago... But it was done in order to address this same issue.
<cybrocop_> jdstrand: I thought selinux was somehow interfering.
<jdstrand> cybrocop_: well, I saw the report and you said there was nothing regarding apparmor
<jdstrand> cybrocop_: libvirt is protected by apparmor in ubuntu
<binBASH> jdstrand: Can this have something to do with my issue where I cannot clone the virt machine?
<jdstrand> cybrocop_: but your errors should have logged something if it was blocking
<cybrocop_> jdstrand: Yes, there isn't. I just didn't know what else to do. I know it isn't apparmor related now for sure, because I did apparmor=0
<jdstrand> binBASH: look in dmesg or kern.log. if you have an apparmor denied message, then it is apparmor
<jdstrand> cybrocop_: right. and you are sure you have in /etc/libvirt/qemu.conf 'user = "root"' and 'group = "root"'
<cybrocop> jdstrand: here is the full file: http://slexy.org/raw/s2hIyg3Dnf
<binBASH> jdstrand: Ok, I will check this tomorrow then. Have to go now to chicken wing flatrate eating with the company :)
<jdstrand> cybrocop: even with security_driver = none, it will still use the DAC security driver iirc
<jdstrand> cybrocop: libvirt now uses a stacked security driver implementation
<jdstrand> cybrocop: it may be a bug in the DAC driver
<cybrocop_> jdstrand: is there something I can do to help you debug? And is a workaround for me?
<jdstrand> (the DAC driver is consulted before the apparmor/selinux iirc)
<cybrocop_> jdstrand: Or is DAC in the kernel
<jdstrand> cybrocop_: the DAC driver uses standard unix Discretionary Access Controls. it is implemented by libvirt and chowns and chmods all kinds of stuff as it goes
<jdstrand> as long as the xml is in the bug, I can look at it, but I am not actually working today
<jdstrand> I can try to look at it tomorrow or the following day
<cybrocop_> jdstrand: OK, no problem. What I'm amazed by is no one else reporting this issue. I must be doing something different from others.
<jdstrand> cybrocop_: what is the bug number again?
<cybrocop_> I havent opened a bug. Don't know how to actually. Shoudl I do that? I have a lot of info I can provide.
<cybrocop_> I only posted a question on the eucalyptus forum: http://open.eucalyptus.com/forum/libvirt-operation-failed-failed-retrieve-chardev-info-qemu-info-chardev
<jdstrand> cybrocop_: please do open a bug. assign it to libvirt and give the problematic xml
<cybrocop_> How do I do that?
<jdstrand> cybrocop_: I'll look at it when I come online
<cybrocop_> I'm new to Ubutntu
<cybrocop_> I'm new to Ubuntu
<BigThetan> can anyone help test my rsylog server reception
<jdstrand> cybrocop_: https://bugs.launchpad.net/ubuntu/+source/libvirt/+filebug
<cybrocop> jdstrand: will do
<jdstrand> cybrocop: please reference your euca forum question as well
<jdstrand> cybrocop: I can say that using serial does work in at least some configurations, as I have a test for it for the apparmor driver, and it works in my test
<BigThetan> can anyone help with rsyslog
<jdstrand> cybrocop: so hopefully it will be easy enough to see what is happening once I can look at it more closely
<cybrocop> jdstrand: OK. I can't wait to see what the problem is. :) Thanks and hope you get well soon.
<imthenachoman> why does ubuntu disable the root ID but create an ID that can sudo? if someone hacks into the ID and figures out the password they can still do root things?
<smoser> cybrocop, so can I ask how you came to this ?
<smoser> it looks (based on the libvirt xml) that you launched an instance in eucalyptus, then were using virsh/libvirt to manage it
<smoser> is that right ?
<FunnyLookinHat> Hey guys -just rolled out 10.04 to my cloud servers and it's amazing - great job!  Had a question about getting php's mail function working...  Which mail package should I be installing/configuring to get that function working?
<FunnyLookinHat> And is there a good tutorial?  I'm aware of the official guide at help.ubuntu.com/10.04/ but am open to other sites.  :)
<cybrocop> smoser: Yes, my eucalyptus images weren't launching
<cybrocop> smoser: This happened all of a sudden on both node servers.  I thought it was related to some recent update because previously the same images were running fine.
<smoser> ah. and generally you've not done anything to the nodes (ie, they're generally vanilla install) ?
<cybrocop> ONe was a proven working node, (albeit only for 2 days).. I thought I'd bring the 2nd node online and go into production. (Then I saw both nodes giving this problem.)
<cybrocop> I don't remember whether I updated any packages on the 1st node. I might have because I reinstalled Eucalyptus on it and if libvirtd was updated recently then it may have been pulled & installed as a dependency.
<cybrocop> I have since taken down the 1st node and I'm rebuilding it now... Doing a fresh install. IN a few hours  I can confirm whether this happens on a vanilla install.
<cybrocop> smoser: in Eucalyptus, I enabled the option for manual instance cleanup.. that is how the files were not deleted and I had an opportunity to troubleshoot using virsh.
<smoser> cybrocop, updating packages shouldn't cause such problems obviously. i was wondering if it was more tinkering with the node
<cybrocop> smoser: I definitely didn't tinker with libvirtd code. :) I had downloaded Eucalyptus code to tinker with. At one point, I had my own packages built from the source Ubuntu eucalyptus packages running on Node1. THen I uninstalled those and installed the official ubuntu packages. However, Node2 had only vanilla packages installed.
<cybrocop> :q
<smoser> ok.
<cybrocop> sorry about the :q, wrong window.
<imthenachoman> what is the point of disabling root ?
<kpettit> what package does add-apt-repository belong too?  Just turned on a ubuntu 10.04 server and it doesn't have it.
<smoser> cybrocop, i guess i'm interested in your node reinstall... sorry i dont have any more ideas. i've not seen this error before, and can absolutely attest that as of yesterday my apt-get upgraded eucalyptus system works for launching instances.
<cybrocop> I think it may be this.. security_driver = "none"
<cybrocop> I remember doing this on both machines because at one point I was having problems with apparmor and I thougth this would help.
<cybrocop_> smoser: I also remember messing around with apparmor profiles... before completely purging apparmor packages.
<cybrocop_> smoser, jdstrand: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/585964
<uvirtbot> Launchpad bug 585964 in libvirt "Libvirtd  --  error: monitor socket did not show up.: Connection refused" [Undecided,New]
<cybrocop_> smoser, jdstrand: Can you let me know what else is required.
<uvirtbot> New bug: #570982 in munin (main) "munin-graph crashed with SIGSEGV in Perl_gv_check()" [Undecided,New] https://launchpad.net/bugs/570982
<uvirtbot> New bug: #570983 in munin (main) "munin-limits crashed with SIGSEGV in Perl_pp_entersub()" [Undecided,New] https://launchpad.net/bugs/570983
<uvirtbot> New bug: #576827 in munin (main) "munin-graph crashed with SIGSEGV in FcPatternDestroy()" [Undecided,New] https://launchpad.net/bugs/576827
<zul> wtf is with all these perl bugs today
<smoser> cybrocop_, i think i'll need to rely on jdstrand . but one thing you can do is attach the files that you've linked to .  I don't know how permenent that pastebin is, but for permenance its nice to have things attached to a bug.
<jo-erlend> has anyone been able to setup an ldap server on lucid? I've been following the guide on https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html but I can't get it to function properly.
<uvirtbot> New bug: #576828 in awstats (main) "awstats_buildstaticpages.pl crashed with SIGSEGV in Perl_runops_standard()" [Undecided,New] https://launchpad.net/bugs/576828
<jo-erlend> it may be that I just don't understand what it said, because it's fairly complicated and many things aren't explained at all, but I'm doing precicely what it tells me to, and I keep getting errors like "Invalid credentials".
<jo-erlend> the "Setting up ACL" section doesn't tell me anything, actually. How do I configure it like it sais it should be configured? I'm not allowed to perform that search because of invalid credentials.
<sommer> jo-erlend: that search command should be: sudo ldapsearch -c -Y EXTERNAL -H ldapi:///  -LLL -b cn=config olcDatabase=config olcAccess
<sommer> it's been updated and will be released with an update to the server guide
<jo-erlend> damn... LDAP is always extra difficult in Ubuntu because the documentation doesn't fit real life.
<uvirtbot> New bug: #572674 in awstats (main) "awstats.pl crashed with SIGSEGV in Perl_runops_standard()" [Undecided,New] https://launchpad.net/bugs/572674
<uvirtbot> New bug: #581383 in awstats (main) "awstats.pl crashed with SIGSEGV in Perl_pad_alloc()" [Undecided,New] https://launchpad.net/bugs/581383
<uvirtbot> New bug: #584115 in awstats (main) "awstats.pl crashed with SIGSEGV in Perl_sv_clear()" [Undecided,New] https://launchpad.net/bugs/584115
<sommer>    jo-erlend: do you have suggestions to make the documentation better fit real live?
<sommer> jo-erlend: the documentation is setup to allow  you to get up an running on ubuntu, not necessarily teach LDAP
<uvirtbot> New bug: #564522 in awstats (main) "awstats.pl crashed with SIGSEGV in Perl_peep()" [Undecided,New] https://launchpad.net/bugs/564522
<uvirtbot> New bug: #571971 in awstats (main) "awstats.pl crashed with SIGSEGV in Perl_pp_or()" [Undecided,New] https://launchpad.net/bugs/571971
<ScottK> jo-erlend: You're talking with the person that does the documenation, so this would be a really good time to speak up.
<jo-erlend> sommer, well, it wouldn't hurt if someone with experience would just copy and paste the commands from the guide from time to time. I've spent two days reading that document now.
<sommer> jo-erlend: the OpenLDAP section was updated extensively for Lucid was there any other commands that didn't work... if so we'll be sure to correct them
<jo-erlend> well, after finishing that guide, the users are supposed to be able to change their passwords by themselves, using "passwd" or similar, right? That gives me "invalid credentials"
<sommer> jo-erlend: no, that's not necissarily the purpose of the guide
<cybrocop_> smoser: I've attached the files. I will be in later if you need anything else.
<jo-erlend> sommer, using that command you gave me, I got some results. They're not at all similar to the output you're supposed to get, according to the guide.
<sommer> jo-erlend: the guide has ldapscripts: sudo ldapsetpasswd
<smoser> cybrocop_, thanks. sorry this is biting you.
<sommer> jo-erlend: your output may vary depending on how your server is setup
<sommer> that should probably be made more clear in the guide
<jo-erlend> sommer, the users are allowed to change their own passwords using those normal tools if you just deactivate unix accounts in pam-auth-config though.
<cybrocop_> smoser: NP, I'm glad at least I'm closer to the issue.
<jo-erlend> sommer, it's setup exactly as the guide sais. I mean _exactly_.
<sommer> jo-erlend: right, the acl section needs updated... does your output look like: http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html ?
<jo-erlend> sommer, no.
<sommer> I haven't done much testing with the passwd, and other utilities, when using openldap... I usually use ldapscripts or smbldaptools for the other attributes
<jo-erlend> sorry... One moment. :)
<jo-erlend> sommer, it does.
<jo-erlend> sommer, are there many other changes in that new document? I can try it out from scratch in a clean vm and see if it makes more sense to me than the old one.
<jo-erlend> oh.
<jo-erlend> sommer, are there many other changes in that new document? I can try it out from scratch in a clean vm and see if it makes more sense to me than the old one.
<sommer> jo-erlend: not really everything should be current for Lucid.  For Maverick we can add information to allow passwd work, or figure out why it doesn't with the current information.
<centaur5> Does anyone in here have experience with LTSP fat clients?
<imthenachoman> anyone here using ebox?
<jo-erlend> sommer, I hope to be finished configuring my ldap server a bit sooner than six months from now. :)
<kpettit> imthenachoman, I did for awhile.
<imthenachoman> kpettit: why did you stop?
<kpettit> it was too basic of config's for the modules I needed.
<sommer> jo-erlend: right, what is the end result you're looking for with your LDAP server?
<imthenachoman> kpettit: i'm trying to figure out if its worth it? i mean I admin hundreds of unix boxes at work w/o gui, and i prefer CLI, but i dont know if there is any added beneift
<imthenachoman> kpettit: cause i will install apache,php,postgresql,and shorewall so ..
<kpettit> imthenachoman, I think it would cause you more problems then solve if you already know what your doing
<sommer> jo-erlend: the OpenLDAP section itself is geared toward generic LDAP server configuration, but we could add another section for Address Book, Central Auth, etc
<imthenachoman> kpettit: i like your logic my good man or sir...i like your logic
<imthenachoman> kpettit: well thanks
<kpettit> it's great for somebody new to linux, but fairly restrictive if you already ahve things setup a certian way
<imthenachoman> humm k
<imthenachoman> cool
<kpettit> webmin is another good one.
<imthenachoman> doesnt work so well with ubuntu from what i hear
<kpettit> I like webmin a bit better, mainly becuase it has alot more modules and there are more choices.  And you can still hand edit most things if you want too
<jo-erlend> sommer, I need to use LDAP in order for users to have the same password on their terminal server session and in their web applications. They should be able to change their passwords easily. That's mostly it.
<imthenachoman> <ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<Pici> imthenachoman: There is a bot here too, not just #ubuntu
<kpettit> imthenachoman, works great for what I use it for.  I mainly just use the mysql, fstab, users, and some other simple ones.
<imthenachoman> Pici: oh....my bad sir, my bad
<kpettit> The apache module, and openvpn one such
<imthenachoman> well im gonna do things the old fashioned way, i like to know whats going on, what files change
<imthenachoman> etc..
<imthenachoman> i dont need openvpn
<kpettit> I mean suck.  I really hate their apache one
<imthenachoman> this is more a test/play/learn server for me
<kpettit> the iptables one is pretty good though.
<imthenachoman> im going to use shorewall for firewal
<sommer> jo-erlend: I see, the guide should get you most of the way there, but you'll still need to learn more about administering OpenLDAP
<imthenachoman> i hear it rocks
<jo-erlend> sommer, and if they were able to share addressbooks as well, that would be great.
<kpettit> there was a shorewall module, but I haven't used it before
<kpettit> I mainly use arno's firewall.  I like it because there is a cli ubuntu config or you can edit a simple text file.
<sommer> jo-erlend: you should be good with users with object class posixAccount, inetOrgPerson, etc... ldapscripts makes it easy to add, remove, manipulate objects
<kpettit> My brain can't hold the complexities of iptables so I liked the simplier arno config.
<sommer> jo-erlend: for my users I created a simple web form that uses php5-ldap to change the password attribute... been working great for a few years now
<imthenachoman> kpettit: i dont know if shorewall uses iptables but it seems to work
<kpettit> I don't know of any firewall linux programs that don't use iptables
<kpettit> they are all pretty much front ends config tools to iptables
<imthenachoman> yeah
<kpettit> if your using it now you can type "iptables --list" to see the raw rules
<imthenachoman> well i got shorewall working so i'll stick with that
<imthenachoman> oh cool
<imthenachoman> wow...a lot of stuff
<imthenachoman> well i know nothing about firewall so i'll stick with shorewall
<kpettit> Here is the basic iptables info.  If anything it will show you some commands you can use to find out how shorewall does things
<kpettit> https://help.ubuntu.com/community/IptablesHowTo
<jo-erlend> sommer, I appreciate your help. In order to preserve my sanity, I'm going to take a little break, but then I'll try that new document in a fresh environment and see if that does the trick.
<jo-erlend> sommer, can you recommend a good book about openldap btw? I only have generic ones.
<sommer> jo-erlend: you're welcome, I learned using http://oreilly.com/catalog/9781565924918/ but it's waaaayyyy old.  https://www.packtpub.com/OpenLDAP-Developers-Server-Open-Source-Linux/book is pretty good too
<MTecknology> !ecryptfs
<jo-erlend> sommer, one thing I think is a bit confusing in the guide, is "As an example of modifying the cn... blabla". Is it just an example, or is it necessary and what does it do?
<sommer> yep, just an example of how to modify an attribute... i.e. replace this attribute with whichever attribute you'd like to modify
<jo-erlend> sommer, ok, everything seems to be working nicely, except for that passwd-thingy. It'd be really nice if I could get that up and running as well. auth.log gives me to identical error messages when I run that command. Is it possible that there is a bug which makes it try to look the user and password from the local /etc/passwd instead of using the ldap directory?
<sommer> jo-erlend: not 100% sure... you might check the /etc/pam.d/common-password file, and make sure it has something about ldap... also the /etc/nsswitch.conf file
<jo-erlend> they look good to me, anyway.
<sommer> jo-erlend: maybe put ldap in front of files in nsswitch.conf... you'll want to be careful though, because you could lock yourself out of the system
<jo-erlend> I've tried that already. It had no effect. Unless I need to reload anything?
<sommer> so why not use ldapscriptsetpasswd ?
<jo-erlend> because the people I'm trying to help are very, very non-geeks.
<sommer> you could alias ldapscriptsetpasswd to passwd :)
<jo-erlend> heh, the point is that this is a terminal server. The desktop has tools to change your own information, including the password. I'd like to use that.
<sommer> ah... not sure how well those tools work with ldap, but should be possible one way or another
<jo-erlend> I would think so... Can't find any information on how to set it up though.
<jo-erlend> but I suspect that if I get passwd to work as expected, then those other tools would work as well.
<sommer> I wouldn't be to optimistic about that... I imagine those tools are hard coded to edit /etc/passwd
<sommer> but there are some pretty good gui tools to manipulate ldap... phplapadmin, lat, luna, etc
<jo-erlend> I use lat myself, but it's not something I'll expose my users to.
<jo-erlend> besides, it's really buggy.
<zul> mdeslaur: throw confetti its done uploaded now we will never mention it again
<mdeslaur> zul: you want me to congratulate you on doing your job? :)
<mdeslaur> zul: congrats!!!!
<mdeslaur> zul: yay!!
<zul> mdeslaur: it would be nice..
 * mdeslaur pats zul on the back
<zul> mathiaz: ping mysql changed from mysql-dfsg-5.1 to mysql i just uploaded 5.1.47 we need to replace the source package in main with the new version
<mathiaz> zul: so you've merged the new package?
<zul> mathiaz: yep
<zul> i just finished uploading it
<mathiaz> zul: so the next step is to just ask for the removal of mysql-dfsg-5.1 from maverick
<zul> mathiaz: yep
<mathiaz> zul: and let know the archive admins that mysql-dfsg-5.1 has been renamed to mysql-5.1 in order to get the package quickly through the NEW queue
<zul> mathiaz: acked
<jo-erlend> sommer, why would anyone hardcode that instead of simply reusing passwd? I know I would have.
<jo-erlend> oh...
<jo-erlend> nvm. :)
<skrite99> hey all
<skrite99> if i have the PID of a process or script, how can i find out what script it is?
<skrite99> i have a bunch of scripts, and one is not playing nice
<coffeedude> skrite99, ls -l /proc/<pid>/exe
<skrite99> thanks a lot coffeedude
<|corpse|> ok so after many days of trying i can finaly get though most of the installation of server 10.04. When i get to partitions formatting it jumps to 33% and freezes. any ideas on a fix?
<webPragmatist> is ext4 safe for server?
<webPragmatist> with lucid
<SpamapS> webPragmatist: should be, however some have reported performance issues...
<SpamapS> webPragmatist: http://www.phoronix.com/forums/showthread.php?t=23149  .. though I'm not sure that those were super scientific tests
<webPragmatist> hrm
<webPragmatist> hey i'm having another issueâ¦ when I run parted it takes forever
<webPragmatist> i'm guessing because it's unsure about the floppy
<webPragmatist> i get v
<webPragmatist> Warning: Unable to open /dev/fd0 read-write (Read-only file system).  /dev/fd0 has been opened read-only.
<webPragmatist> and it hangsâ¦ if i do p free
<webPragmatist> RoAkSoAx: hey you around?
<webPragmatist> i was wonderingâ¦ it was suggest to use corosync to link configs
<webPragmatist> how can you trust that a node has specific stuff installed ?
<webPragmatist> for instance if a node doesn't have a specific apache module installed
<webPragmatist> and it gets enabled in the config
<RoAkSoAx> webPragmatist: that's totally admin side
<webPragmatist> LOL i'm reading this
<webPragmatist> http://coolerq.livejournal.com/89739.html
<webPragmatist> RoAkSoAx: after reading that i'm just confused
<webPragmatist> what's clusterglue
<RoAkSoAx> webPragmatist: cluster-glue is a package that contains the LRM (which handle the RA's)
<webPragmatist> greek
<webPragmatist> please use more acronym
<RoAkSoAx> webPragmatist: please refer to [1], there you can find nice Diagrams: [1] http://www.clusterlabs.org/
<webPragmatist> RoAkSoAx: never would have clicked that
<webPragmatist> http://screencast.com/t/ZDVkOWYwNjI
<webPragmatist> gosh this crap gives me a big ass headache
<webPragmatist> pardon my blunt
<webPragmatist> ness
<FunnyLookinHat> the
<webPragmatist> RoAkSoAx: you said use corosync for your logsâ¦ can you link me that thesis or whatever it was you wrote up?
<FunnyLookinHat> woops - mt  :)
<webPragmatist> i wish i was a clustering geniusâ¦â¦
<FunnyLookinHat> Ok - This may sound dumb - but "mail" doesn't seem to be installed in my system after I installed postfix...  What package installs that?
<RoAkSoAx> webPragmatist: I never said use corosync for logs. Corosync is the one who does the messaging between nodes, while Pacemaker is the one that does the Resource Management
<webPragmatist> sorry configs
<webPragmatist> how do you sync like apache sites available and such
<RoAkSoAx> webPragmatist: that you leave to other synchronization tool like csync2
<webPragmatist> ohhhhhhh csync
<webPragmatist> thank yo
<webPragmatist> you*
<webPragmatist> RoAkSoAx: how do you handly upgrades to the software?
<webPragmatist> again admin stuff?
<incorrect> what is the status of xen in lucid
<webPragmatist> not so zen
<RoAkSoAx> webPragmatist: yes, but I'm pretty sure there are tools to do that and I'm not aware of
<RoAkSoAx> webPragmatist: you can also take a look at puppet
<webPragmatist> well this is probably not AS important
<RoAkSoAx> webPragmatist: if it is a two node cluster, it is not...
<cybrocop> hi smoser
<cybrocop> I just finished the reinstall of Node1 in my euca cluster and the problem is gone on this node.
<webPragmatist>  RoAkSoAx i'm reading this articleâ¦ is corosync = openais
<webPragmatist> i'm confused
<RoAkSoAx> webPragmatist: don't pay attention to the article :)
<webPragmatist> i'm reading http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
<AMR> hey, is there some way I can get info about my users, like when they were created?
<webPragmatist> RoAkSoAx: hrm?
<incorrect> xen is pretty dead in ubuntu?
<andol> incorrect: Yes, where efforts have instead gone into KVM.
<webPragmatist> RoAkSoAx: ah As far a I understand the OpenAIS project split up into subprojects. corosync now provides only the cluster communication. Since pacemaker only need the communication in the cluster, this it all we need.
<webPragmatist> quote
<webPragmatist> bleh i obviously need more playing around with vms
<|corpse|> Hi, im having trouble installing server 10.04. i can cruz right though the hole install process until i get to the file partition part. I can select my partition i want to use (i have tried several drives now) and every time it will just straight to 33% and freeze up
<FunnyLookinHat> I had thought that I setup my mailserver correctly - but when I try to send a test email with "mail" it just hangs...  does that suggest a particular issue ?
<ubuntu_> nmnmn,m
<cybrocop> smoser: I was able to reproduce the problem on a clean install.
<cybrocop> The issue occurs when I try to remove/purge apparmor
<desrt> hi.  i'm playing with libvirt
<desrt> is there any way to get virt-manager on my machine to connect to the root-owned libvirtd without using ssh or something?
<killown> i can ping google but not wget www.google.com, look that http://bpaste.net/show/6680/ any idea?
<desrt> if i try to use 'local' it seems to be dbus(orbit/whatever)-acivating a libvirtd instance running as my user.  not what i want
<desrt> i do have permission to access the libvirt socket, but i don't know how to tell virt-manager to use it
<lifeless> oh
<lifeless> there is a virsh path
<desrt> ya.  works fine with virsh, actually
<desrt> and virt-install
<lifeless> qemu:///system
<desrt> ya.  i added that using gconf
<desrt> it's working now :)
<lifeless> from man 1 virsh
<lifeless> please file a bug saying it wasn't as easy as it could be?
<desrt> i'm a pretty big fan of how this stuff works
<desrt> not a bad idea.
#ubuntu-server 2010-05-27
<tyska> hi guys, i wanna use iptables but i get an error when i run iptables -L im suspecting my kernel have config_netfilter disabled, how can i enabled it?
<tyska> smoser: hi dude! are you there?
<Tweeda> tyska, are the kernel modules loaded?  "lsmod | grep iptable"
<tyska> Tweeda: no answer, how can i load it?
<Tweeda> tyska, is the package installed? "dpkg -l | grep iptables"
<Tweeda> that's a lowercase L
<tyska> ii  iptables                        1.4.4-2ubuntu2           administration tools for packet filtering an
<Tweeda> tyska, might try 'modprobe iptables'
<tyska> FATAL: Could not load /lib/modules/2.6.32-22-server/modules.dep: No such file or directory
<tyska> Tweeda: some guess?
<Tweeda> tyska, you might want to read up on depmod.  That file should be there.  you're problem looks to be w/ your kernel config and your iptables issue is a symptom
<tyska> what is depmod?
<Tweeda> tyska, generates modules.dep file that doesn't exist.
<tyska> Tweeda: then should i just run depmod?
<steven_t> helo
<steven_t> whats the purpose of having upgrades for linux installations?
<steven_t> i can understand the purpose in a desktop os, ie to give new features, introduce new builtin apps, etc. but whats the reason in a server os?
<Tweeda> tyska, I'd give it a shot
<Tweeda> steven_t, to correct bugs, particularly bugs with exploitable security issues
<steven_t> so each os upgrade is primarily to enhance security?
<steven_t> and other bug fixes?
<Tweeda> steven_t, well, perhaps not if you're speaking of upgrading karmic to lucid.
<steven_t> i wasnt, but now you got me curious :)
<Tweeda> steven_t, updates withing a specific release is primarily for bug fixes.  Upgrading to a new release would likely to keep up on latest releases of applications such as apache or php etc in order to take advantage of improvements.
<steven_t> ah.
<steven_t> thanks :)
<Jeeves_Moss> is there an EASY way to find out how someone is using my postfix server to spam?  I can't find how they got into the system with TLS setup
<zul> uh...log files?
<bc> Jeeves_Moss: telnet from a remote host that isn't supposed to be allowed to relay and try to relay.
<bc> Jeeves_Moss: helo fred<Enter>mail from: <bill@microsoft.com><Enter>rcpt to: <steve@apple.com><Enter>data<Enter>foo<Enter>.<Enter>
<bc> Jeeves_Moss: if you get 'OK' after rcpt to, then you're in trouble.
<Jeeves_Moss> bc, I took the box off-line because my ISP yanked our connection untill it's fixed
<Jeeves_Moss> bc, http://pastebin.com/D8H1iMB1
<bc> Jeeves_Moss: in smtpd_recipient_restrictions, the first three lines should be permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination,
<bc> Jeeves_Moss: test the relying first (somehow), and if it's not postfix, make sure apache isn't spewing spam from a hole, and make check for unknown listening proceses.
<Jeeves_Moss> bc, can you give me a step by step of what to look for so when I go off-line I can look?
<bc> Jeeves_Moss: testing postfix relaying is a logical first step. where is the box?
<ScottK> Jeeves_Moss: The answer will be in postfix's logs.
<Jeeves_Moss> ScottK, http://pastebin.com/vFpfnRzt
<Jeeves_Moss> ScottK, ask, and ye shall receive
<bc> Jeeves_Moss: pastebin your main.cf
<Jeeves_Moss> bc, I can't, system is shut down.  I've already received a warning of disconnection if it spams again
<bc> Jeeves_Moss: you're going to have to start it up to fix it.
<Jeeves_Moss> bc, ok, you want to see main.cf, correct?  any other requests while I'm in the basement?
<ScottK> Jeeves_Moss: You need to go back farther.  You need to find lines that start like "postfix/smtpd[7578]: connect from ..."
<ScottK> I didn't see any in that snippet.
<ScottK> Jeeves_Moss: output of postconf -n.
<Jeeves_Moss> ScottK, that snippit is the start of the 250Mb file!
<ScottK> Jeeves_Moss: grep "connect from" > somefile
<ScottK> err...
<ScottK> Jeeves_Moss: grep "connect from" /var/log/mail.log > somefile
<bc> Jeeves_Moss: just unplug the cat5, start it, stop apache and postfix, plug it back in?
<Jeeves_Moss> bc, tried that already, and postfix won't die!!  it uses ~76% CPU
<Jeeves_Moss> brb, going to the basement with the USB stick
<Jeeves_Moss> bc, ok, I deracked it.  I draged it upstairs, and now I'm waiting for it to boot
<bc> Jeeves_Moss: if it spins the cpu like that without an internet connection then you have bigger issues
<Jeeves_Moss> bc, let me verify
<Jeeves_Moss> bc, in TOP, there are "qmgr -l fifo -v", proxymap, and showq @ the top of the list
<bc> Jeeves_Moss: you have a bunch of crud in mailq, I'm assuming?
<Jeeves_Moss> bc, so do I, how do I clear it?
<bc> Jeeves_Moss: postsuper -d, but I'm not sure if it can clear out in batch. if not, you'll have to get the ID's and postsuper -d each one
<Jeeves_Moss> bc, postsuper -d ALL?
<ScottK> Jeeves_Moss: Yes.
<bc> Jeeves_Moss: yeah that'll work, just be sure you dont care about any of the messages. At this point I probably wouldn't.
<ScottK> Jeeves_Moss: You need to investigate the logs to figure out where the stuff was coming from.
<Jeeves_Moss> ScottK, I have used your grep command.  I'm just getting ideas from everyone while I have the box next to me before I postbin everything.  Currently, there is a LOT of disk activity running on the purging of the queue
<ScottK> Certainly.  don't plug it back in until you've resolved the question of how the stuff was getting in.
<Jeeves_Moss> ScottK, yep!  and I won't duplicate this mess to the rackmount stuff untill I have it reviewed by my peers.
<Jeeves_Moss> ScottK, I've got a LOT of "bounce -z -n defer -t un..." (it cuts off my screen @ that point) doing a LOT of disk access
<Jeeves_Moss> bc, I've got a LOT of "bounce -z -n defer -t un..." (it cuts off my screen @ that point) doing a LOT of disk access
<ScottK> You've probably got a very full queue.
<ScottK> postsuper -d ALL will need to grind through it.
<Jeeves_Moss> ScottK, ok is there a way to see how much is sitting there from another term while this is working
<ScottK> postqueue -p will give you a list, but that's not what you want exactly.
<Jeeves_Moss> ScottK, the queue delete is still running, I was just wondering how much is in there.  the HDD light is SOLID!
<bc> Jeeves_Moss: you can use watch(1) or a while loop.
<Jeeves_Moss> first up for your viewing pleasure.....  postconf http://pastebin.com/EMyS0BCb
<bc> Jeeves_Moss: regardless, stuff has to go though
<Jeeves_Moss> next up, master.cf  http://pastebin.com/0e4Q63F6
<bc> Jeeves_Moss: do you have a lot of users with lame passwords?
<Jeeves_Moss> master.cf  http://pastebin.com/Fq9EKLwF
<Jeeves_Moss> bc, not that I know of
<bc> Jeeves_Moss: try ScottK's grep output
<Jeeves_Moss> bc, trying to pastebin it.  I think it's too large
<Jeeves_Moss> http://pastebin.com/XTweKdBV
<bc> Jeeves_Moss: grep 15059 /var/log/mail.log
<Jeeves_Moss> bc, ideas?
<ScottK> Jeeves_Moss: You need to go back farther to see where it starts.  For example, if you look at line 890, it's been in queue over a day.
<ScottK> Jeeves_Moss: grep 050A8836575 /var/log/mail.log* and see how far back it goes.
<ScottK> If we trace that one back to it's start, maybe we can figure out what's going on.
<bc> Jeeves_Moss: I'm no genius, I would show #postfix the output of postconf -n. Your smtpd recipient restrictions look ok, assuming a 'spammer' isn't authenticating and assuming someone else on the network isn't infected with something, and assuming it's not coming from Apache.
<ScottK> FWIW, I think it's unlikely you'll do better on #postfix.
<Jeeves_Moss> thanks for your help guys.  I @ least have a little better understanding of WTF is going on.  I just want to get it cleaned up and moved on!
<Italian_Plumber> does 64 bit ubuntu use a whole different set of packages from X86??
<bc> Jeeves_Moss: I wouldn't rule out some vulnerable web application, unless you know exactly what Apache is serving. Apache would be allowed to relay.
<Jeeves_Moss> bc, did you see anything "odd" in the postfix config that would lend it's self to promoting this mess?
<bc> Jeeves_Moss: I believe your current smtpd_recipient_restrictions should prevent unauthorized relaying in a perfect scenario I think.
<Jeeves_Moss> bc,  thanks
<Jeeves_Moss> I'm still VERY lost
<ScottK> Jeeves_Moss: Let's try and figure it out.
<bc> Jeeves_Moss: do you have tcpdump or tshark? I guess you could shutdown postfix, start Apache, plug it in and see if you see any traffic from the box itself to 25
<ScottK> Trying to trace 050A8836575 back from where it came from is a good start.
<npope> anyone know how to setup iptables as a firewall/router.  i am trying to run through a rule set and then forward it on to its destination
<npope> setup is
<npope> cable modem -> linksys -> linux_iptables -> client
<npope> and vice versa
<npope> linux_iptables is gateway for clients
<npope> linksys is gateway for linux_iptables
<bc> npope: I'd start here -> https://help.ubuntu.com/8.04/serverguide/C/firewall.html
<ScottK> Although I'd use the correct version of that for whatever release you're running.
<bc> Jeeves_Moss: outside of Scott's suggestion, if you have netcat, for the shutdown postfix let apache do it's thing, thing, netcat -l 25
<bc> Jeeves_Moss: sorry, make that nc -l 25
<Jeeves_Moss> bc, what will that show me?  will it show me what process is the one causing problems and let me narrow it down a bit more?
<bc> Jeeves_Moss: no, that won't work. just grep the logs, re: ScottK
<Jeeves_Moss> bc, I've tried that, and I'm guessing I have the syntax messed
<Jeeves_Moss> bc, and I'm not sure how he arrived @ that string causing the problem
<npope> bc: you good with iptables?  want to take a look at my config?
<bc> Jeeves_Moss: line 890 in your log paste
<Jeeves_Moss> bc, but that's just a snippit of a 250Mb file though
<ScottK> Jeeves_Moss: We know that the mail is being sent through postfix, so working throught the logs to understand how it got there is the essential step.
<bc> npope: I only configure iptables anytime something catastrophic happens. :) but I'll look at it.
<bc> Jeeves_Moss: you have the logs there thought right? grepping that ID should show you the entire SMTP conversation
<npope> grrr, i cant figure out how to have *filter and *nat in the same file... or different files for that matter
<bc> npope: you probably want COMMIT (just guessing)
<bc> npope: e.g. *nat<Enter>some stuff blah blah<Enter>-A POSTROUTING blah blah<Enter>COMMIT
<npope> bc: i got that part
<npope> let me pastebin it
<bc> npope: p.s. apt-cache show pastebinit
<npope> bc: http://paste.ubuntu.com/440156/
<bc> npope: this should also have a 1 in it: /proc/sys/net/ipv4/ip_forward
<bc> npope: I would also start really small and work my way up
<npope> bc: agreed, it works without the routing though :)  just when i try to route the packets drop dead :( which is annoying as all <explicit>
<bc> npope: this might be a good starting point, but I don't know how painful it would be. I would probably go this route: http://pastie.org/979243
<bc> npope: if you want it to work right away, you can set default policies to ACCEPT
<npope> bc: what is mangle?
<bc> npope: altering packets, you can leave it out
<Jeeves_Moss> bc, it looks like the postfix server is allowing annon TLS connections
<bc> Jeeves_Moss: eww, good you found the cause.
<Jeeves_Moss> bc, I threw it back up on the shelf in teh basement, killed apache and postfix, then fired up a tail on the mail.log on one screen, and then popped up postfix.  within seconds, I saw the error
<bc> Jeeves_Moss: how'd it log if postfix wasn't running?
<bc> Jeeves_Moss: nevermind, I missed the 'popped up postfix'. I'm getting senile and blind.
<Jeeves_Moss> bc, I fired postfix up, then used my smartphone to connect from an external IP to try sending e-mail
<Jeeves_Moss> bc, http://pastebin.com/Cm3TmicD
<bc> Jeeves_Moss: you might have seen that using netcat without postfix running, I'm not sure, maybe put it in your bag for the future
<Jeeves_Moss> bc, I did have nc running in another screen, and it was blind as my mother
<bc> Jeeves_Moss: it wouldn't show formatted like the postfix log, but you'd see the client speaking to nc
<npope> bc++
<npope> LOL i didnt have commit under *nat
<npope> LOL
<bc> Jeeves_Moss: was it listening on 25? if it was, then you wouldn't have been able to start postfix
<Jeeves_Moss> sudo nc -l 25
<bc> Jeeves_Moss: ohhh sorry, TLS
<bc> Jeeves_Moss: 465 I'm guessing
<Jeeves_Moss> nada
<npope> bc works now
<npope> bc: thanks for the help
<Jeeves_Moss> arrgghhhh, I swear, this shouldn't have to be this complicated
<bc> Jeeves_Moss: prob listening on a different interface
<Jeeves_Moss> bc, only one interface i the box
<bc> Jeeves_Moss: at least two, lo and eth0
<bc> npope: :)
<Jeeves_Moss> yep, forgot about that
<bc> Jeeves_Moss: you should have been: nc: Address already in use. Look at postconf -n inet_interfaces
<bc> s/been/seen/
<bc> npope: I didn't help so much :) glad it works though
<bc> npope: that was 99.99% you heh
<npope> bc: heh it helps having a person to ping ideas off of
<webPragmatist> I'm trying to install drbd and i keep getting this http://pastie.textmate.org/private/9b79i0lkyoa3sbfwtfs4sw
<webPragmatist> http://pastie.textmate.org/private/m3zf7xu0rn3ilqe3cyhiw
<webPragmatist> more error
<pmatulis> Jeeves_Moss: do you enforce clientside TLS certificates?
<webPragmatist> dude
<webPragmatist> why does ubuntu ship with two kernels
<webPragmatist> -21 and -22
<webPragmatist>  SORRY, kernel makefile not found. You need to tell me a correct KDIR!
<webPragmatist> should i use drbd8-utils (source) or drdb-utils (.7)
<jetole> Hey guys. I am getting a "no free leases" error on DHCPD. My dhcpd.conf is at http://pastebin.org/284779 and this only started tonight when I added the second subnet section and the last host (mx1). Could anyone tell me if they can see whats wrong?
<ScottK> jiboumans: Renaming dovecot-postfix to mail-stack-delivery adds ~70 lines of really annoying shell script and changes ~30 more in the maintainer scripts and so there's about two hours of my life I'll never get back.  Please not again.
<jiboumans> ScottK: didnt you propose the rename?
<ScottK> I think I proposed the specific name, but the idea of renaming, wasn't mine.
<ScottK> Or if it was, I'm a masochist and too tired to remember.
<jetole> I just wanted to add I am getting the no free leases error refering to net 10.1.0.0/26 but it's occuring everytime the host connects with the MAC for the 172.16.0.126/26 fixed IP
<jiboumans> ScottK: sommer sent the mail to ubuntu-server@ saying it was an outcome of the UDS session
<ScottK> Yes, it was.
<jiboumans> ScottK: i claim innocence, but i do really like the rename so ScottK++ for making packages more discoverable ;)
<jetole> ScottK: I know a few cute sadists if you're interested
<ScottK> jetole: Sorry.  Already married.
<jetole> ScottK: Oh he won't mind
<ScottK> Yeah, I'd imagine not.
<jetole> lol
<ScottK> jiboumans: No worries, not really blaming you.  Just needed to vent.  At least it's 5 hours until I have to be up again.
<ScottK> Urgh.
 * ScottK will test it tomorrow.
<jiboumans> ScottK: no worries, let's vent over beer some time :)
<jiboumans> jetole: if he's a true sadist, he'll enjoy the fact that ScottK will be in trouble with the Mrs.
<jiboumans> it's win win
<ScottK> jiboumans: In other news, the Debian dovecot maintainer is interested in the package for Debian.
<jiboumans> ScottK: that's good news
<ScottK> jiboumans: Right and if I was a true masochist, I would too.
<webPragmatist> 	hrm
<webPragmatist> are we satisfied with ext4 yet
<webPragmatist> considering it's the default install type
<twb> I'm not, but I'm happy for non-LTS users to test it
<webPragmatist> eh?
<webPragmatist> anyway
<webPragmatist> how in the world am i supposed to mount a drbd
<webPragmatist> on the slave
<webPragmatist> for some reason i think this is the desired  thingy
<deepak_> Team, can any mentor guide/point  me to  "How to contribute in ubuntu-server team", I have read the doc(GettingInvolved)... but not sure where to start :)/
<twb> deepak_: URL?
<twb> https://wiki.ubuntu.com/ServerTeam/GettingInvolved ?
<deepak_> twb: URL I have read it? looking advice that where to start I mean , if I see bug reports [needs-packaging] which has huge list? any pointer where ubuntu-server has specific list.
<twb> I don't know; I don't use launchpad.
<twb> I imagine there's some sort of server tag.
<twb> Otherwise, just look at bugs that deal with packages you use on your server.
<deepak_> twb:  sound good , Thanks
<ScottK> deepak_: Starting with packages you use and are familiar with is best.  It means you'll be able to check and confirm if bugs exist and perhaps make suggestions to bug reporters to improve their bugs or try things to solve their problems.
<deepak_> ScottK: ok....
<deepak_>  so ubuntu does not have something like in Debian (RFH or RFA)....
<jetole> jiboumans: good point
<jetole> let the sadomasochism roll
<webPragmatist> when is it necessary to use a dlm like ocfs2 or gfs2
<jetole> webPragmatist: it has to do with file locks for example if you don't want people to edit the same file at the same time but the d is for distributed meaning it works with ocfs of gfs and makes sure if someone is editing a file on server 1 then someone else can't edit it on server 2
<jetole> at least I believe that is how it works
<jetole> webPragmatist: I don't use dlm on my ocfs2 systems
<webPragmatist> but drbd already doesn't let you mount your distributed resource
<jetole> webPragmatist: who told you that?
<webPragmatist> well
<webPragmatist> if it's asynchronous ?
<jetole> hold on and I will give you the url
<webPragmatist> i'm telling myself that
<webPragmatist> because i can't mount it anyway for whatever dumb reason
<webPragmatist> without it bitching about read only
<jetole> http://www.drbd.org/users-guide-emb/s-enable-dual-primary.html
<webPragmatist> but
<jetole> ocfs or gfs is pointless without dual primary
<webPragmatist> right
<jetole> you may also want to look into the split brain documentation
<webPragmatist> that's what i've concluded too
<webPragmatist> right
<webPragmatist> i understand those concepts
<webPragmatist> but my server setup is very simple and I am wondering if it is necessary
<webPragmatist> it's just two nodes
<webPragmatist> for failover
<jetole> ocfs (let's assume I mean both from now on) is useful without dual primary but it's main purpose is to allow dual writing on clustered filesystems simultaneously
<jetole> webPragmatist: in that case, you really really don't need dlm
<webPragmatist> jetole: so in the event you were trying to loadbalance
<webPragmatist> dlm would be useful
<jetole> no
<webPragmatist> o.O
<jetole> i use ocfs + drbd + dual primary on both load balanced and mail servers without dlm
<jetole> it has to do with file locks but for the most part file locks are usually only required for specific needs or applications that really require them
<webPragmatist> right well in your case
<jetole> also you will need primary/primary for load balancing
<webPragmatist> the mail would only get processed
<webPragmatist> once
<webPragmatist> (ideally?)
<jetole> webPragmatist: I don't mind the web servers reading file synchronously and I doubt to programmers will upload the same file at the same time
<jetole> A distributed lock manager (DLM) provides distributed applications with a means to synchronize their accesses to shared resources. http://en.wikipedia.org/wiki/Distributed_lock_manager
<webPragmatist> jetole: do you have other servers to process the load balancing?
<webPragmatist> i've always seen like at least 3 nodes to do load balancing
<jetole> here is a good example, fail over vm hypervisors using shared storage but you don't want them both using the same image at the same time and dlm acts sort of as a predecesor to Shoot The Other Node In The Head (STONITH)
<webPragmatist> atleast network load balancing
<webPragmatist> hrm
<jetole> webPragmatist: won't say on mail. As per web servers, they are actually using multi path iSCSI to dual file servers
<jetole> also you can do up to 4 hosts via drbd
<jetole> http://www.drbd.org/users-guide-emb/s-three-nodes.html
<jetole> you can apply the three node setup up to 4 however
<webPragmatist> i don't really have 3 nodes to work withâ¦ you are saying you have load balancing on your web servers?
<jetole> If you plan to exceed 4, look into a distributed file system like lustre, glusterfs or... whats the other one, ceph?
<jetole> webPragmatist: yes
<webPragmatist> how many nodes?
<jetole> sorry to say but none of your business
<jetole> don't mean to be rude, it comes down to corporate guidelines
<webPragmatist> uhhh
<jetole> I can't share everything but I can tell you that you can do as many as you like
<webPragmatist> i'm asking
<webPragmatist> can you load balance with 2
<jetole> oh sure
<jetole> you can tell a load balancer to only use 1 though it defeats the purpose but comes in handy for testing and debugging
<webPragmatist> well what I am saying is I always see a third pc to "balance" the junk between the other two
<webPragmatist> or rather often 4
<jetole> the third pc is a load balancer
<jetole> or reverse proxy
<webPragmatist> or some sort of high level switch
<jetole> yeah
<webPragmatist> i assume
<webPragmatist> hrm
<jetole> layer 4/5 switch if I am not mistaken
<jetole> then again I think it falls under the guise of load balancer at that point
<jetole> then again, you can setup a linux system as the load balancer with either haproxy or ipvs
<jetole> I would choose ipvs but it's more complex
<webPragmatist> right
<webPragmatist> so i guess coming from drdb8 worldâ¦ whats the purpose of using ocfs2 other than the locking
<webPragmatist> drbd*
<jetole> point being, you need to distinguish between a web server and a load balancer, granted they can be on the same system (though it defeats the purpose) but you only need two web servers to load balance
<webPragmatist> jetole: at this point i don't have a third node, switch, load balancer, whatever to do that
<webPragmatist> so a simple failover is the next best thing
<jetole> ocfs does not handle locking afaik unless dlm is used but if you use ext2/3/4, reiserfs or any other normal file system that is written by two different machines simultaneously then it will be corrupt quicker then you can expect
<jetole> How do you plan to do the fail over?
<jetole> anyways, ocfs/gfs are cluster file systems designed to handle writes from several nodes at the same time
<jetole> ext4 for example is not
<jetole> your inodes will be corrupt in no time
<webPragmatist> ahhh
<webPragmatist> okay
<jetole> webPragmatist: that only applies to primary/primary afaik
<webPragmatist> so back to the dual primary situation
<jetole> ext2/3/4 should probably work with drbd fail over
<webPragmatist> okay this makes sense
<jetole> how do you plan to fail over the servers?
<webPragmatist> i've read alot of this just the application was mush
<jetole> it's cool. I have been working with it all only a short time myself but by that I mean since about the turn of the year
<jetole> maybe a little longer
<jetole> Anyways, how do you plan to do the failover with only two nodes?
<twb> Oh YUK.
<webPragmatist> well currently i have gone as far as to create a drbd with pacemaker, corosync, csync2, and now i'm at a point of whether i should just go ahead and use GFS2 or OCFS2
<jetole> heh
<twb> I just noticed that VMware Server runs its VMs at nicenes -10
<webPragmatist> jetole: but that's all confidential
<webPragmatist> shhh
<jetole> webPragmatist: but how will you direct traffic to node2 if node1 goes down without a load balancer / failover machine
<twb> (Admittedly, I noticed this because after inode-bombing the host ext3 filesystem, and the VM was still running smoothly.)
<jetole> webPragmatist: I won't tell my boss
<webPragmatist> jetole: uhm? multiple ips?
<jetole> twb: interesting. I use kvm :D
<jetole> webPragmatist: and have DNS point to both IP addresses for the A RR ?
<webPragmatist> I assume that's how it works lol
<twb> jetole: I *wish* I was allowed to
<webPragmatist> shared ip
<jetole> twb: although now that you mention it, I kinda like the nice option you just mentioned but kvm is kernel level already
<jetole> webPragmatist: you can't really run them both at the same time with the same IP. This will cause TCP hell
<twb> jetole: only the virtualized parts of
<webPragmatist> righ
<twb> ...it are
<webPragmatist> jetole: rightâ¦ heartbeat or whatnot
<twb> jetole: the userspace part is still a normal process
<webPragmatist> switcharoos the node to the correct ip
<jetole> twb: for vmware of kvm?
<jetole> well both probably
<twb> jetole: both
<jetole> I know with kvm it is
<twb> Nobody should run vmware-server
<webPragmatist> jetole: is that not ideal?
<jetole> been... I don't know, 18 months+ since I played with ESX
<twb> ESX is a different beast entirely (I'm told)
<jetole> webPragmatist: not sure. Will heartbeat turn on one IP address if another one goes down?
<jetole> twb: oh you're using server?
<twb> Yes :-(
<jetole> oh well then yes. It's a very very different beast. Server isn't a hypervisor if I recall correctly
<twb> It's no
<twb> *t
<webPragmatist> jetole: sureeeeeeeeeee https://wiki.ubuntu.com/ClusterStack/LucidTesting#Overview
<twb> It's more like qemu+kqemu
<twb> Only shit
<jetole> right, actually I think ESX uses LKMs
<jetole> webPragmatist: then that sounds like it would work
<twb> ESX is a linux product, certainly
<jetole> webPragmatist: why not just invest in a cheap little server to act as the load balancer?
<webPragmatist> jetole: because all this is dedicated hosting
<jetole> twb: I know it is but playing on the console in ESX is taboo to begin with
<jetole> lol
<webPragmatist> and cheap little server is = not cheap
<jetole> webPragmatist: can I ask who with?
<jetole> brb. Gotta piss
<webPragmatist> bobsbadassdedicatedservers.com
<jetole> you could have just said no
<jetole> twb: are you pretty good with dhcpd?
<webPragmatist> it's softlayer
<twb> No, I use dnsmasq.
<jetole> ah
<jetole> I got an issue with mine that I am trying to solve, only started tonight when I added the second subnet
<webPragmatist> they sell loadbalancers
<webPragmatist> but whats 250 connections mean lol
<webPragmatist> 250 simultaneous connections?
<jetole> webPragmatist: that 250 people can connect to your site at the same time
<jetole> or one person with a simple DoS flood
<webPragmatist> sounds like a bad idea
<jetole> meh
<webPragmatist> http://www.softlayer.com/services/network/
<jetole> oh softlayer is the company
<webPragmatist> sounds like you are creating more of a bottleneck
<webPragmatist> than if you were to just let 1000+ connections spam the serverâ¦ failover (if it even would)
<jetole> webPragmatist: it wouldn't
<webPragmatist> that's just my take lol
<jetole> the load balancer would just block any more connections
<jetole> you web server wouldn't see it
<webPragmatist> right
<webPragmatist> i'm saying
<webPragmatist> buying the load balance = bottleneck
<jetole> well if they are limiting connections yes
<jetole> but remember a load balancer uses far less resources to load balance then a web server
<webPragmatist> well
<jetole> a single load balancer creates a single point of failure however
<webPragmatist> i could imagine a single server being able to handle 250 connections
<jetole> now setting up two load balancers on a shared IP with something like CARP doesn't sound like a bad idea
<webPragmatist> for what i do
<jetole> 250 is small
<webPragmatist> actually shit
<webPragmatist> yea
<webPragmatist> global load balancing is ridiculously expensive
<jetole> and stupid
<jetole> now global disaster recovery is a good option
<jetole> where you have a site in seattle that goes up if your data center in miami gets hit by a commet
<webPragmatist> yea we already do that
<webPragmatist> we have one node in seatle and one in dallas
<jetole> do you work for a company?
<webPragmatist> maybe
<jetole> I mean for the load balancing, is this for a company or personal?
<webPragmatist> oh well it's both :)
<webPragmatist> the company i work for said implement some redundancy
<webPragmatist> i said okay
<jetole> well for a company, present to them the cost of one server going down vs. the cost of a load balancing system and then tell them to get out their fscking check books
<webPragmatist> jetole: wellâ¦ what i have going against me is the only time our primary node has EVER gone down is due to some stupid dns issue that softlayer had
<jetole> an ounce of medicine vs. the price of the cure or however that old saying goes
<webPragmatist> this is like 3 years so far
<jetole> heh
<webPragmatist> my utime is like 900 something
<jetole> 3 years is an important time then
<webPragmatist> well
<jetole> a lot of server companies offer warrenties for 3 years for a reason
<webPragmatist> heh...
<webPragmatist> jetole: with that said though we are actually switching servers so we will be getting new hardware
<webPragmatist> so another 3 years :)
<jetole> present the cost of high availability vs. the cost of money lost for reasonable expected downtime and let them decide
<jetole> webPragmatist: thats beside the point
<jetole> HA doesn't exist exclusively for old hardware
<webPragmatist> :)
<jetole> if it did companies like MS wouldn't need/want/use it
<jetole> google can afford new servers daily
<jetole> I'm actually dying to know how google has HA setup. Someone suggested the pod concept to me
<jetole> basically it is
<webPragmatist> i'm more concerned with me fubbing up drbd than some load balancing
<jetole> they have groups of racks. each rack has file servers on HA and a group of web servers
<jetole> group the racks together and use the google FS on the file servers which is their own software to mimic lustre/glusterfs
<webPragmatist> i wonder if they use vm
<jetole> I don't know
<jetole> I doubt I ever will unless I work for them and if I am do I am sure I will sign a contract that says if I tell anyone then the google gestapo will "eliminate" everyone I have ever known and myself
<webPragmatist> jetole: is there a disadvantage to using ocfs2 if i'm not planning on imediately doing load balancing?
<jetole> God I love those 5-hour energy shots
<webPragmatist> just processing overhead?
<jetole> webPragmatist: it's more complex to setup but that doesn't mean it is complex. In fact it isn't
<jetole> webPragmatist: the overhead is negligable
<webPragmatist> jetole: that article has how to set it up
<jetole> the drbd one I posted?
<jetole> probably
<webPragmatist> no
<webPragmatist> the lucid
<jetole> oh
<webPragmatist> https://wiki.ubuntu.com/ClusterStack/LucidTesting#Overview
<jetole> http://www.drbd.org/users-guide-emb/ch-ocfs2.html
<webPragmatist> they go through and piece together a HA server
<jetole> yeah I have skimmed it before
<jetole> roaxsoax gave it to me before the lucid release
<webPragmatist> cool i will read this
<jetole> btw, pick ocfs2 over gfs
<webPragmatist> dude
<webPragmatist> this just sounds cool
<jetole> dude!!!
<webPragmatist> DUDE WHERES MY OCFS
<webPragmatist> 2
<webPragmatist> asdfasdfadsff
<jetole> Dude!!! where is your ocfs?
<jetole> I dunno dude!!! where is my ocfs?
<jetole> :P
<webPragmatist> stuck it up my ext4
<jetole> too vivid
<webPragmatist> ext2 rather
<webPragmatist> lol
<webPragmatist> i'm no alien
<webPragmatist> jetole: so going back to pre-dual primaryâ¦ only one node should be allowed write access to the drdb device?
<webPragmatist> bd*
<webPragmatist> correct?
<jetole> if it's primary/secondary then yes
<webPragmatist> cool
<webPragmatist> i should be able to mount and see the files from secondary though?
<jetole> I don't believe so
<webPragmatist> so it seems
<webPragmatist> i wasn't sure if i didn't have it configured correctly
<jetole> take a look at /proc/drbd
<_chris_> heja all
<_chris_> im pretty new to linux and haveing a virtual test server
<webPragmatist> jetole: doesn't exist?
<jetole> ?
<jetole> webPragmatist: then you have something configured wrong
<_chris_> when i log on to my ubuntu-server it tells me there is 1 zombie process, how can i 'Find' it and kill it ?
<webPragmatist> jetole: or i'm nt rute
<webPragmatist> root
<webPragmatist> jetole: what am i looking at
<jetole> webPragmatist: it should exist regardless but sudo to root
<webPragmatist> oh hrm
<webPragmatist> why's it say on;ly 14% sync
<jetole> webPragmatist: and does it show a sync rate?
<jetole> I forget what it looks like since mine are all in sync
<webPragmatist> yea like 470 kbs
<jetole> thats low
<jetole> are these two servers in different locations?
<webPragmatist> no lol these are two vms
<webPragmatist> http://pastie.textmate.org/private/fgvf3o3avyjvzh7eboterw
<jetole> on the same machine?
<webPragmatist> ya
<jetole> look at the rate option under syncer
<jetole> man drbd.conf
<webPragmatist> will do
<jetole> change it on both
<jetole> then run drbdadm adjust on both
<jetole> _chris_: don't think you can kill a zombie
<jetole> but...
<jetole> to find it, run ps aux
<jetole> look for a process with [ and ] around it
<jetole> i.e. [sshd]
<jetole> I think
<jetole> ...
 * jetole looks 
<jetole> anyways if it can be killed, send it signal 9
<jetole> as in kill -9 pid
<jetole> no it's not [ and ]
<jetole> yeah you can't kill it anyways
<jetole> but it's not running or doing anything
<jetole> it will die eventually
<jetole> _chris_: you can kill the parent process if you like
<webPragmatist> ah
<webPragmatist> default is 250 KB/s
<jetole> _chris_: a zombie is a dead process that the parent process didn't wait() for
<webPragmatist> that would do ti
<webPragmatist> it*
<jetole> webPragmatist: yes it is and yes it would
<jetole> lol
<webPragmatist> jetole: is there a more standard way at looking at that status
<webPragmatist> than snooping through /proc
<jetole> webPragmatist: whats wrong with proc
<webPragmatist> i dunno
<webPragmatist> never used it
<jetole> there is some way through drbdadm I think but /proc is preferred
<webPragmatist> yea
<jetole> there is lots of good info in proc
<jetole> the drbdadm way just reads proc and re displays parts of it
<jetole> but afaik it doesn't clean it up or make it more human readable
<smoge8899> Hello... does anyone know if Ubuntu Enterprise Cloud can be added to an existing Ubuntu Server installation... 10.04 ?
<jetole> webPragmatist: drbdadm role, drbdadm cstate, drbdadm status, drbdadm dstate
<jetole> smoge8899: yes it can
<jetole> smoge8899: run tasksel
<webPragmatist> jetole: yea there needs to be like a summary wtf
<webPragmatist> well
<webPragmatist> thanks very much for your help
<jetole> drbdadn status is actually xml output
<webPragmatist> i'll continue this tomorrow
<jetole> have fun
<smoge8899> Reason I ask - my hosting provider will install 10.04 LTS, but the install is automated... so I can't select "Install Cloud".... and need to add it afterwards.
<jetole> webPragmatist: also, run the command man man
<jetole> smoge8899: I already told you how
<jetole> it's funny how linux has the command man man but not man women or women man
<jetole> I hear it has women donkey on the mexican version
<webPragmatist> o.O
<jetole> :P
<webPragmatist> they should call it woman
<SpamapS> ttx: we meet again..
<webPragmatist> cause they always read the instructions
<webPragmatist> guys are lucky to type --help
<SpamapS> ttx: you there? I was wondering about merging the moin package...
<jetole> webPragmatist: maybe, maybe not but I tell you that I am the only one I let cook in my kitchen
<jetole> and my girl friend doesn't complain
<webPragmatist> heh
<jetole> I meant she doesn't complain about the food by the way.
<ttx> SpamapS: yes
<ttx> SpamapS: stuck in hundreds of spec review emails
<ttx> SpamapS: take it, it's yours
 * ttx intervened in moin by accident
<SpamapS> ttx: hah, ok. :)
<smoge8899> ok - so for the Cloud Controller Server, I would choose "cluster controller" or "top-level cloud controller"
<smoge8899> using tasksel
<jetole> not sure but I believe "top-level cloud controller" since cluster does not nessicerely mean cloud
<ttx> smoge8899: the installer does nice extra installation steps though
<jetole> ttx: He mentioned it's managed hosting doing a default install
<ttx> smoge8899: for a first-time install, I'd suggest using the UEC installer to save you some post-setup pain
<ttx> hm
<jetole> yep
<_chris_> jetole, sorry was not at the pc before, ok i saw the zombie just disappeared somwhow
<smoge8899> Ok - I'll setup a VM and give it a try.
<smoge8899> "uggest using the UEC installer" - yes - would love too - but it is not available to me
<smoge8899> as the host does the server install... I need to add afterwards
<ttx> smoge8899: with the package-based install, you have to do networking setup and key sync yourself, basically
<jetole> _chris_: you never really have to worry about zombies unless you have some situation where they are appearing faster then they die and you have hundreds
<jetole> _chris_: and when that happens it's a programming bug in the application creating them
<jetole> zombies always die on their own
<_chris_> ah ok :)
<_chris_> thanks for the info
<jetole> no prob
<smoge8899> ok - I'll give it a shot..
<smoge8899> one last question....
<smoge8899> for now - ha ha
<_chris_> just noticed after having the server up some weeks that sometimes a zombie appears and didnt know if this was something bad ^^
<smoge8899> is Enterprise Cluster (private cluster) production ready?
<SpamapS> yay vmware fusion for mac supports lucid finally
<jetole> _chris_: it can be caused by a lot of things but the occasional zombie is normal
<webPragmatist> SpamapS: why couldn't it install it before?
<webPragmatist> i eman
<webPragmatist> i use parallels and it's always worked?
<trapmax> problem with mrtg: i use "ssh -t user@host 'sudo command'" in my scriptto get hd-temp in variable. the script itself works from cli, but wheni use it in mrtg as "Target[]: `/path/to/script` it doesn't work.
<SpamapS> webPragmatist: something in their easy-install procedure where they took a value from some config file, shoved it into another one, and b0rked the keyboard in gdm
<SpamapS> trapmax: thats really.. an awful way to do monitoring
<SpamapS> trapmax: consider munin or collectd.. much more sane. :)
<smoge8899> Thanks for your help!  Gotta run!
<trapmax> SpamapS: any ideas though? the same script without the "ssh -t user@host" -part works well enough
<SpamapS> trapmax: no with -t I would expect it to work the same as if you had logged in.
 * SpamapS decides he needs at least 4 hours of sleep before tackling moin...
<ttx> SpamapS: about the thrift packaging, it will need adaptations to be fully policy-compliant... but it's not in the bad shape i imagined it would be
<maxagaz> How to install xlibs in lucid ?
<twb> Define "xlibs"
<fallback>  hello, having problems getting a Qemu-KVM bridge to work nicely with IPtables; all traffic shows up as "martian", while the firewall used to work quite nicely with Xen... can anybody help? I've got the firewall script in ubuntu pastebin..
<jo-erlend> are there any big advantages to using apt-proxy instead of a general http proxy like squid?
<twb> It's a "smart" cache
<twb> In that it will read the index file and purge cached objects that are no longer part of the release
<twb> That kind of thing
<jo-erlend> I know that, but how big are the advantages?
<twb> However, in production I found apt-proxy and apt-cacher to be very very flaky
<twb> Instead I know run debmirror(1), which is working solidly
<jo-erlend> squid should be solid though?
<twb> It depend how much you've tweaked it
<twb> For example, here we were caching Packages.gz but not the Release file, so what apt saw was a bad checksum.
<jo-erlend> I see there is something called squid-deb-proxy. Have you tried that one?
<twb> I have not
<twb> How many hosts do you have?
<jo-erlend> twb, I've had problems with that here as well. I though I'd made a mistake, but I couldn't figure out what I did.
<jo-erlend> not very many. 20-30.
<twb> Running what?
<jo-erlend> ubuntu desktops.
<twb> In particular, do they track main or also universe/multiverse, and do they use ubuntu+1 or a stable release?
<jo-erlend> they use the current lts.
<jo-erlend> they use universe, but not multiverse.
<twb> To track hardy/main, single arch, no sources, is under 10GB
<twb> For me, that was a negligible hit
<jo-erlend> yes, diskspace is not a problem. I want a good tool. And if I could use it a as a general web cache as well, it would be wonderful.
<twb> I think at customer sites I'm keeping a mirror of hardy/* and hardy-*/*, single arch, no sources, and that's about 30GB with about 100MB per week of updates
<twb> Maybe as much as 300MB a week if something like openoffice is binnmud
<twb> So I have the hosts pointing at an NFS export of that debmirror for apt, and browsing goes through squid
<twb> For me, that works quite well
<lifeless> twb: the coherency thing is a apt-client + server config issue exacerbated by the apt archive design
<jo-erlend> I've used apt-mirror in the past. It worked well. Do you have any experience with that?
<lifeless> twb: just saying :)
<twb> lifeless: granted
<twb> lifeless: I'm sure once apt-bittorrent takes off everything will be much, uh, better
<trapmax> SpamapS: thanks for the advice. collectd does everything better
<lifeless> lol
<twb> I also love how the recommended tertiary mirror software isn't in the archive :-/
<lifeless> rsync?
<twb> No, I mean a tertiary mirror, like your ISP and your school run
<twb> As opposed to a quaternary partial mirror like you might might run at work
<twb> I can't remember what it was called, though
<twb> While we're on the subject, can apt be made to use rsync:// URLs?
<jpds> No.
<twb> Pity
<twb> It's not like foo_1-1 and foo_1-1.1 are gonna differ much
<twb> And my ISP happens to export /pub with rsyncd as well as http/ftp
<jpds> That's https://blueprints.launchpad.net/ubuntu/+spec/foundations-m-rsync-based-deb-downloads
<twb> Shiny
<twb> Heh.  Is it just me, or is CJWatson running half of Ubuntu? :-)
<twb> "The apt-sync package is now included in Ubuntu and will make upgrades faster."
<twb> ...I can't see it in rmadison
<cjwatson> I'm just the approver on that, which is because that spec has been carried over from a point when I managed the team responsible for that
<cjwatson> twb: that's in the "Release Note" section.  The point of that section is to write, in advance, something which would be suitable for integration in the release notes when it's complete.
<twb> Oh, I see.
<cjwatson> so it's written in the present tense because that's how the release notes are, but read it as if it were in the future tense
<twb> It's for the RM/PR teams to copy-and-past into ANN posts
<StrongOrder> hello everyone. I'm running 6.06 on one of my servers, and suddenly my apache went offline. Now it cannot start and give me this error: http://dpaste.com/199862/  I disabled cgi module (I don't use it) but realy curious about what the real problem could be. Any help please?
<jo-erlend> when you enter an HTTP proxy during the server installation, then that's only used during the install and is forgotten afterwards, right?
<twb> jo-erlend: no
<twb> jo-erlend: it's normally written to /etc/apt/apt.conf
<twb> YMMV depending on exactly how you do the installation.
<jo-erlend> thanks.
<uvirtbot> New bug: #586285 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12 failed to install/upgrade: Paket ist in einem sehr schlechten inkonsistenten Zustand - Sie sollten  es erneut installieren, bevor Sie es zu entfernen versuchen." [Undecided,New] https://launchpad.net/bugs/586285
<hackeron> Anyone has any ideas what could be causing such high memory use? < http://itstar.co.uk/memleak.png
<hackeron> only thing I can think of is the md0_resync process that's running - but it's not showing any memory use
<binBASH> hackeron: echo 3 > /proc/sys/vm/drop_caches will free it
<binBASH> it looks like os cache ;)
<binBASH> to prevent you can add vm.swappiness=0 to your sysctl.conf
<hackeron> binBASH: did you look at the screenshot? -- notice only 6mb is cached
<twb> hackeron: please pastebin the output of "free -m"
<hackeron> binBASH: I took the screenshot after running  echo 3 > /proc/sys/vm/drop_caches -- running it again makes no difference to used ram
<twb> Under normal circumstances, linux should have 100% utilization of RAM
<twb> Since it caches disk blocks in unused parts of RAM
<hackeron> twb: http://pastie.org/979675
<twb> I don't know if top(1) is counting those
<twb> Hmm, OK.
<twb> It was, but you don't have much cached anyway
<hackeron> twb: aha, so where's the memory going?
<twb> Here, I have 732MB used, but 512MB of that is disk cache
<twb> hackeron: I don't know yet.
<hackeron> right, but I have almost no disk cache, so where is it going? :)
<hackeron> only process eating cpu is md0_resync (I use software raid) - I suspect it may be the culprip
<hackeron> culprit*
<binBASH> did you sort by mem usage in top already? shift-M
<hackeron> binBASH: yes, I did, you can see in the screenshot
<binBASH> you don't happen to run a sphinxsearch (searchd) right?
<hackeron> erm, no
<binBASH> because I run it here and it's ram usage is also not shown in top ;)
<twb> CPU isn't RAM
<twb> Incidentally, a text dump of top's output would've been easier to read
<hackeron> twb: here: http://pastie.org/979684
<twb> Hmm.  I wonder why I have 52 "udev --daemon" processes still running
<tschundeee> hi all how can I copy files from windows to a ubuntu server instance that I connect to via putty (ssh) on windows?
<binBASH> tschundeee: sftp
<binBASH> for example via filezilla
<tschundeee> binBASH: okay that sounds good
<tschundeee> soI download filezilla and connect to my server
<binBASH> yup
<binBASH> with your ssh user
<tschundeee> binBASH: thx a lot... usually I am using osx with cyberduck for that
<tschundeee> :)
<cybrocop> tschundee: I use cygwin on my Windows XP/ Server 2003 instances. It allows me not only to do file copy but SSH and schedule cron jobs on my win machines. Only if you want to get this deep. If you only need file transfer, use Filezilla.
<binBASH> tschundeee: your welcome
<twb> cygwin isn't for the faint of heart
<twb> FWIW, Windows also has its own cron-like scheduling infrastructure
<sommer> morning
<jo-erlend> morning to you too, though it's 14:30 here. :)
<xperia_> hello to all. i have just started the server and thinked i can login fast on the server but for some reason the programm fsck is running now the whole time and i have a big raid disk
<xperia_> question: how can i stop this and second whats the best possibility to disable this fsck as it break my works flow especially on a server with no Screen
<xperia_> till fsck is not finished i am not able to login over ssh to see whats the problem
<jo-erlend> I think I'd examine the reasons why fsck is running all the time.
<xperia_> needed now to find extra a Monitor to Plug In and to see whats the Problem
<xperia_> it looks now it would hangs
<xperia_> it dont happen anything now
<jo-erlend> but you should still attack the cause and not the symptom.
<xperia_> jo-erlend: does fsck not periodical check the disk everytime you startup ubuntu after a few time or is this now different
<jo-erlend> it does, yes.
<xperia_> so why that. i have a big raid disk and no monitor, keyboard and such things attached on the server. why does fsck run automatic and hang the full server
<xperia_> till fsck not finish i am not even able to login over ssh
<jo-erlend> because a system is useless if the filesystem is broken.
<jo-erlend> mhm. How often do you reboot your server?
<xperia_> nearly every day as it is a test server
<xperia_> twice a day at least
<xperia_> in the last weeks
<jo-erlend> oh, ok. You can set the check frequency. I don't remember where the setting is located though, but you shouldn't have any problems finding it.
<xperia_> and now what should i do it dont happen anything !
<xperia_> okay thanks for suggesting that
<xperia_> need now only to boot in the system
<xperia_> but it hangs
<xperia_> what should i do
<xperia_> cold restart
<jo-erlend> wait until fsck is finished?
<xperia_> it dont finish have rebooted now. this auto fsck sucks on a server
<jo-erlend> hehe, yes, it's horrible...
<jo-erlend> better to be lucky than good...-
<xperia_> okay it boot
<xperia_> ohh noo i got fsck again
<jo-erlend> why don't you let it complete?
<xperia_> ohhh man
<jo-erlend> do you understand what fsck does?
<xperia_> i dont have the time
<xperia_> that is the most stupid moment to do this fsck
<xperia_> and i dont see also any progress bar or simmilar that indicate how long it would need
<jo-erlend> yes, it's insane to make sure your system is intact on a important computer.
<jo-erlend> if you let it finish, then it will probably stop checking your filesystem at every boot.
<xperia_> and after some boots then the whole fsck again
<xperia_> at least the possibility to cancel the fsck should exist from my point of view
<jo-erlend> yes, if you choose not to change the setting.
<xperia_> exactly this is what get me angry. a presetting decide that the server hangs now for 1 Hour at the most stupid moment
<jo-erlend> hehe, some people actually use servers for other things than testing.
<jo-erlend> sometimes they prefer it when their systems are stable too.
<xperia_> yeah but this fsck can also be done at shutdown or not ? why on boot
<jo-erlend> because if there is a power outage, for instance, then data may be lost. It makes sense to check it immediately, and not wait two months until the next reboot.
<xperia_> when somebody boot the system he dont want to wait hours till the system is ready this just dont make sense
<jo-erlend> this can also happen if the system freezes so you have to do a cold reboot.
<xamanu> Hello, I have sudo access to a ubuntu server where two instances of MySQL are running. Using the mysql (or mysqldump) command drives me to mysql4 but the installed websites are running on a mysql5 instance. UnfortunatelyI can not find the bin to start mysql5. I'd appreciate any help
<twb> If you don't want to wait for fsck, run a journalling filesystem
<xamanu> DBs are there. I can see them within /var/lib/mysql
<xperia_> as i have installed ubuntu lts on the server it used ext4 as file system
<progre55> hi guys, I need to add a user into my remote server.. and the user should have no pass, but use a public/private key to log in. How to do it?
<xperia_> so from your answer then fsck is not needed or i am wrong now
<twb> xperia_: then take comfort in the knowledge that with ext2 it would have been an order of magnitude slower
<xperia_> xamanu: do you need to start mysql ?
<jo-erlend> I'd certainly run an fsck if people were pulling the power cord from my server several times a day.
<xamanu> xperia_ no it is running already
<xamanu> xperia_ I want a db dump
<twb> xperia_: it should be better again when btrfs is ready
<xperia_> xamanu: a mysqldump you do this way
<xperia_> for a database
<xamanu> xperia_ but the mysqldump command is linked to the wrong version/instance of mysql and I don't know where is my mysql5
<xperia_> ahhh okay
<xperia_> did you looked at /usr/bin
<xperia_> "/usr/local/bin"
<xperia_> and such places
<jo-erlend> xamanu, you can use apt-file to search for files in packages. That will tell you where the file gets installed.
<twb> You can't have both mysql4 and 5 on an Ubuntu system without working around the packaging system
<twb> Which means that the state of that system is anybody's guess
<xperia_> twb: strange thing is that with fsck dont happen anything. no numbers are changed. no progress bar nothing
<twb> xperia_: what was the last output?
<xamanu> unfortunately I haven't done any configuration on this system. just trying to get a dump out of the live system
<twb> xamanu: try "which mysql"
<twb> Hmm, that's no good
<pmatulis> Jeeves_Moss: did you get your mail server sorted?
<twb> type -a z
<xamanu> twb: gives me the link to /usr/bin/mysql which is the bin of mysql4 but I need the mysql5
<twb> xamanu: what does "type -a mysql" report?
<xperia_> twb: /dev/cciss/c0d0p1: clean, 63186/2662400 files, 533281/10639872 blocks
<xamanu> twb: same thing "mysql is /usr/bin/mysql"
<twb> xamanu: OK, so mysql 5 is definitely not in your path.
<twb> xperia_: is that one of those half-assed IBM raid controllers?
<xamanu> twb: but the websites are using it :-) where could I look for it?
<twb> xamanu: you could try looking at the process table, finding a mysqld instance, and looking at its /proc/<pid>/exe symlink to find out where it lives.
<twb> xamanu: since it's not in /usr/local, it's probably in /opt
<twb> Ah, HP, not IBM
<twb> xperia_: it prints that at the end of the fsck run, so either it's fscking the next partition, or it's hung on the NEXT step in the init process, without printing anything
<xperia_> twb: it is a "hp proliant ml530 g2" server. till yet everything worked fine. just today i wanted to boot the server and now that
<xamanu> twb: thanks! it says /usr/sbin/mysqld - as I understand this is the deamon and not the bin to gain shell access
<xperia_> what is wrong with fsck ?
<twb> xamanu: and "mysql --version" reports 4.x, not 5.1?
<xperia_> how can i kill it
<twb> xperia_: are you running 8.04 or 10.04?
<xperia_> the LTS Version
<xperia_> new LTS version
<twb> They're both LTS
<xamanu> twb: no it says 5.1
<xperia_> the new released this year
<twb> xamanu: so what's the problem?
<twb> xperia_: well, prior to upstart, you could hit ^C and kill off just about any init script.
<xamanu> twb: but mysql -u root -p leads me to the mysql4
<twb> xperia_: last time I looked, upstart didn't have that, so you are royally screwed
<twb> xperia_: you could try a ctrl+alt+del and bounce into busybox and recover from there
<twb> xamanu: I don't know what you mean by that.
<xamanu> twb: Server version: 4.1.14-pro
<twb> xamanu: OK, so you have a mysql 5.1 client, a mysqld 4.1 in the usual place, and a mysqld 5.1 running somewhere else.
<xperia_> ctrl alt del works but it reboot direct
<xperia_> and it hangs again
<xperia_> at fsck
<jo-erlend> twb, if fsck doesn't complete, then it'll be run at next boot, right?
<xamanu> twb: i guess :D what can i do to access the mysql5?
<twb> xperia_: now stick a "single" or a "break" in your boot script, so that you can get into a recovery shell.
<twb> xamanu: find out where it lives and point the mysql client at that place
<twb> xamanu: where "lives" is probably an IP and a port, or perhaps a socket.
<twb> jo-erlend: right.
<twb> xperia_: did you recently UPGRADE to 10.04.0?
<xperia_> twb: no fresh intall
<jo-erlend> twb, he never lets fsck complete, which is why it runs all the time.
<twb> xperia_: since I don't have any other ideas, I suspect that either 1) upstart isn't running the jobs it should; or 2) your RAID controller/driver is screwy.
<twb> jo-erlend: how do you know fsck isn't completing?
<twb> jo-erlend: oh ,right, I see.
<xperia_> till yet everything worked
<xperia_> no problems
<jo-erlend> twb, he's been saying that several times. He pulls the plug because it takes so long, and he's angry because it runs at the next boot.
<xperia_> only this stupid fsck
<xperia_> breaks everything now
<jo-erlend> xperia_, the problem is that you never let it finish.
<twb> jo-erlend: that's dumb; he should be using ctrl+alt+del
<jo-erlend> it's not broken.
<twb> Even if it *does* finish, pulling the plug out will make it start again
<twb> xperia_: how big is the ext4 filesystem you're fscking?
<xperia_> jo-erlend: from my side of view fsck dont work it hangs
<jo-erlend> xperia_, let fsck complete, then configure the bootup check frequency to a higher number.
<xperia_> twb: 64 GB
<twb> OK, then it should take maybe ten minutes -- not one minute, and not one hour
<twb> Unless your controller is retarded, in which case all bets are off
<twb> I had some of those HP controllers and I had to throw them out for being too stupid to waste my time with
<xperia_> well i would wait even 2 Hours if at least something change on the screen but it dont happen anything
<jo-erlend> how long have you waited?
<xperia_> it is just one line all the time with the same numbers and in such case fsck should be CTR-C
<xperia_> well now for sure around 5 to 10 Minutes
<twb> xperia_: so just to confirm: you let fsck complete -- it printed "/dev/cciss/c0d0p1: clean" -- and you then type ctrl-alt-del and it did a fsck on the VERY NEXT boot?
<xperia_> yes
<xperia_> you forget however the numbers
<jo-erlend> xperia_, and you only have one partition?
<twb> That shouldn't happen.
<twb> 23:06 <twb> xperia_: now stick a "single" or a "break" in your boot script, so that you can get into a recovery shell.
<jo-erlend> xperia_, those numbers are printed when fsck completes.
<twb> I'd also bounce into the RAID BIOS and have it do whatever verification it can
<xperia_> ahh okay then i should try again ctrl alt del
<xperia_> what should i look in the bios
<twb> ctrl+alt+del is the right way to do a soft reboot
<xamanu> twb: I don't think it is an IP. should be on localhost. so a socket maybe. how can I find this out?
<xamanu> twb: I know; I'm asking anoying questions..... sorry. thank you so much for helping
<twb> Dunno, mysql is for people too lazy or dumb to use sqlite for toys and postgres for production.
<twb> Try #mysql
<xamanu> twb: haha, you are right. thanks again!
<SirStan> Anyone having issues starting SSH on 10.04 LTS Server?
<twb> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<xperia_> twb: rebooted right now in the bios. the raid controller is a "hp smart array 5304-128 Controller"
<SirStan> ubottu: I did ask a question.
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<SirStan> twb even.
<twb> SirStan: then: no, since I'm still running 8.04.
<SirStan> twb: Signal to noise.
<SirStan> SSH in 10.04 wont start, it bitches about '/dev/null' not existing, eminating from line 17 of the init script.
<xperia_> SirStan: i am having problems to login over ssh to the server
<twb> SirStan: see, that was the kind of information I expected in your first message.
<SirStan> twb: signal to noise.
<twb> Plonk.
<twb> xperia_: presumably a different server to the one that won't start at all. ;-)
<SirStan> SSH Err -> http://i.imgur.com/pYflC.png
<xperia_> SirStan: my problem is fsck it hangs allways there. will use now a live cd and try to hack the boot scripts but it looks like ubuntu server lts fucked up
<SirStan> time to downgrade to 8.04 eh?
<xperia_> twb: it is the same server. i just wrote what i have seen on the Screen
<twb> xperia_: I'm not familiar with RAID BIOSes, sorry.
<xperia_> man this drives me crazy.
<cybrocop> SirStan: can you do this:   "ls -ld /dev/null"  (minus the quotes)
<twb> xperia_: I don't suppose you have a support contract with HP?
<SirStan> cybrocop: srwxr-xr-x 1 root root 0 2010-05-26 15:38 /dev/null
<xperia_> twb: buyed the server from ebay :-)
<xperia_> and no i dont have such a contract with HP
<twb> Anyway, you should still be bouncing through single/break and debugging the init process.
<cybrocop> SirStan: Something is wrong with your install. /dev/null must be a character device and it should be there for every install.
<SirStan> cybrocop: Clean install from 10.04 LTS
<cybrocop> SirStan: According to your output, /dev/null is a regular file.
<cybrocop> SirStan: This is what the output should look like: crw-rw-rw- 1 root root 1, 3 2010-05-26 20:08 /dev/null
<cybrocop> SirStan: A lot of people are running 10.04 LTS and I have done a "clean install" about 10 times this past week. Never seen this problem.
<SirStan> Dunno what to tell you.
<SirStan> Now you haev.
<cybrocop> SirStan: Is it repeatable? Can you do a re-install as there seems to be a serious OS process. Did you get any errors during installation?
<cybrocop> process -> problem
<twb> same thing :P
<_tydeas_> which is the lifespan of the ubuntu server?
<twb> Well, I meant 'process' in general terms, not pid 1
<rgreening_> ScottK: hey. Got a question regarding proceeding on that SRU for tacacs+ now that it's in Maverick
<twb> _tydeas_: you mean support lifetime; as in, when is it EOLed?
<Pici> _tydeas_: LTS releases are supported for 5 years, other releases are supported for 18 months.
<_tydeas_> i am between installing centos or ubuntu server ( my collegues support it ) and i am searching to find out what to choose
<twb> *some packages* in LTS are supported for five years.
<SirStan> _tydeas_: are you a debian or redhat shop :)
<twb> e.g. most of gnome is probably only three years for LTS, even if you install it on a server, because it's considered part of desktop
<twb> _tydeas_: if everyone you know uses centos, it's best for you to use centos.
<twb> _tydeas_: even if distro A beats distro B, you won't enjoy A if you don't have any support for it.
<ScottK> rgreening_: SRU or backport?
 * ScottK doesn't recall details.
<MTecknology> Is it possible to have samba setup so one user accesses the share, but then uses a different user account to write the files through that share?
<rgreening> ScottK: hmm... tacacs+ doesn't exist in Lucid, but I would like it to be added.
<rgreening> due to it being an LTS
<SirStan> cybrocop: reinstalling
<rgreening> ScottK: so, I would like to enlist you direction in getting me there correctly :)
<twb> MTecknology: you mean a single individual having two accounts?
<cybrocop> SirStan: Please also verify your installation media and make sure that there are no errors on it.
<SirStan> cybrocop: iso, crc matches
<rgreening> ScottK: the software has no interaction with anything else, and only adds a missing service, the ability to provide AAA (authentication, authorization and accounting) services for various NAS devices (like those from Cisco), and it is a service currently missing from our offering.
<rgreening> ScottK: so, it is low to no risk at all, and is being actively maintained and in Debian and consequently in Maverick now.
<MTecknology> twb: two samba accounts -> one system account
<rgreening> so we should get bug fixes and security updates fairly regularly if/when they occur.
<twb> MTecknology: I'm not sure.  Ask #samba.
<twb> MTecknology: I *think* you can samba accounts that don't associate with any unix account at all.
<twb> e.g. point samba at LDAP and don't point pam at LDAP
<rgreening> ScottK: I have just built and uploaded to my PPA with a Lucid build. It builds cleanly under Lucid. And should via the PPA (buildds). After that, I'll setup and test it via a Lucid VM/Server I have. If all runs fine, I'll need some direction and a seal of approval to get in officially in Lucid. I have no issues maintaining this package BTW goin forward
<rgreening> :)
<MTecknology> twb: alrighty, thanks
<cybrocop> SirStan: What kind of HW do you have?
<xperia_> twb: jo-erlend: fixed the problem. last time i have copyed from ubuntu server that runs very well this line from /etc/fstab in the new installed servers fstabs file "/dev/sda3 	/media/usbdisk	auto	user,rw,exec" and exactly this line caused the hanging of the server
<xperia_> commentd this line now out and it works like it should now
<twb> xperia_: that might be because /dev/sda points to the cciss array's first node
<twb> You should (almost) never address a USB block device by its device name, anyway.
<twb> Use UUID or LABEL
<cybrocop> SirStan: https://launchpad.net/ubuntu/+bug/63031  <-- May be related. Once you reinstall, make sure to go through syslog. I wonder if there are any other errors before OpenSSH that may give you a clue.
<uvirtbot> Launchpad bug 63031 in udev "/dev/null: Permission denied" [Undecided,Fix released]
<xperia_> twb: thinked ubuntu will work the same way like on the other mashine that is why i have jut copyed. but okay thnaks a lot for your helpfull answers here
<xperia_> good need now to work on the server. lost about two hours. see you all later. bye
<twb> xperia_: try "blkid /dev/sda3" to get info about it
<c13> Hallo i am using a transparent squid. I can do web login sessions on the server, but not so on the clients. Do you have any hint for me?
<twb> c13: on which server?  You mean when you do "w3m http://127.0.0.1" on the host running the httpd?
<c13>  I can do web login sessions on the machine that runs squid, but not so on the clients from the network
<twb> That would be because the host running squid isn't subjected to transparent proxying
<c13>  how to make it transparent, when I already have "(Insert Line with transparent)" in the conf
<c13> insert line: http_port 192.168.0.10:3128 transparent
<c13> what do you mean by "subjected to transparent squid"
<smoser> mathiaz, ping
<smoser> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/583542
<uvirtbot> Launchpad bug 583542 in openssh "ssh server doesn't start when irrelevant filesystems are not available" [Undecided,New]
<smoser> so you declined that for lucid because it doesn't have a fix.
<twb> Normal transparent proxying would be done with a -A PREROUTING ! -s 1.2.3.4 -p tcp --dport http -j DNAT --to 1.2.3.4 rule on a router.
<smoser> but if someone came up with a magical fix, they would no longer be able to "nominate for lucid" is that correct ?
<twb> You obvious can't DNAT requests from 1.2.3.4, because then squid's own requests would be transparently proxied back to itself
<uvirtbot> New bug: #586398 in tomcat6 (main) "when updating from 9.10 to 10.04, the dependency between tomcat6 and jsvc is lost and tomcat won't start" [Undecided,New] https://launchpad.net/bugs/586398
<xoen> hi all
<xoen> I can't start mysql :(
<SpamapS> xoen: I believe there are some bugfixes coming for that
<xoen> I'm really lucky :P!
<binBASH> anyone know a good server monitoring tool?
<xoen> I don't use mysql-server from some weeks and when I need it doesn't work :P
<SpamapS> binBASH: monitoring really has several pieces.. data collection, health checking, alerting .. which are you interested in doing?
<binBASH> SpamapS: Actually a tool where I can log into web frontend and have a list of servers and see the disk usage, etc.
<xoen> I've done this : $ sudo apt-get purge mysql-server-5.1 phpmyadmin so now my system *should* be clean...I try to reinstall it
<SpamapS> binBASH: munin is good for that, ganglia too.
<xoen> OK, it asked me the password for root mysql user but it can't be setted because it tell it's already setted...
<xoen> $ sudo start mysql
<xoen> start: Job failed to start
<xoen> is there a place where I get more information?
<cybrocop> Spamaps, to extend on binBash's question, will munin and ganglia allow for writing custom scripts.   We manage several web resources, but for performance resources have local copies of those websites running. (when the user selects a special squid server, they're served with local copies.) Then we sync the content between local and remote daily. I need a way to make sure the content is properly synced all the time.
<cybrocop> Spamaps, what do you think of Nagios?
<zul> xoen: check your mysql logs to see if you any corrupt tables
<SpamapS> cybrocop: Nagios is for health checking and alerting, which isn't what binBash wants. Nagios is *amazing* for health checking and alerting.
<SpamapS> cybrocop: munin in particular is good when you have nagios, as it has built in support for feeding data into nagios
<xoen> @zul I'm removing mysql-server and everything related (/etc/init.d/mysql /etc/mysql/ and /var/lib/mysql/) and installing it again....
<SpamapS> cybrocop: Nagios is really, really awful for data collection and instrumentation though.. and after years running nagios grapher, which tries to shoe-horn it in.. I think its better done by munin
<cybrocop> smoser, jdstrand: UT?
<smoser> the university of texas ?
<cybrocop> smoser: it can mean a lot of things, but I thought "You there" was a popular interpretation. :)
<jdstrand> I'm here, but haven't had a chance to dive into the bug yet
<smoser> well, one way or another "The Eyes of Texas" is now stuck in my head
<smoser> which isn't going to make kirkland happy
<cybrocop> smoser: I thought I was done with reporting on the bug but there are some new developments.
<SpamapS> cybrocop: also to answer your other question, munin has a really simple plugin architecture that makes it very easy to write very powerful monitoring/data collection scripts
<cybrocop> Spamaps: Thanks, I'll investigate it.
<cybrocop> smoser:  OK, so remember how I rebuilt node01... After a clean rebuild it worked. Then I purged apparmor and it stopped working. Then I reinstalled apparmor and it started working again.
<SpamapS> cybrocop: as a side note, we're working on some new things to de-couple collection from instrumentation so that each node collects its own data, and things like munin just build the graphs.. :) stay tuned:  https://blueprints.launchpad.net/ubuntu/+spec/server-maverick-monitoring-framework
<cybrocop> spamaps: thanks. :)
<xoen> @zul I've received an error : http://pastebin.com/AMfwY34c
<xoen> @zul this appens when I've installed mysql-server-5.1
<binBASH> SpamapS: I wonder if Zenoss is any good ;)
<zul> check your mysql tables
<SpamapS> xoen: many IRC clients won't recognize that.. (such as irssi.. the one I'm using) .. you might want to try <nick>: instead of @<nick>
<SpamapS> binBASH: I've heard good things, but have never used it.
<xoen> SpamapS: thank you :)
<cybrocop> jdstrand/smoser: Well, today, this is what I did. Node01 was working fine 30 mins ago. All I did was:
<cybrocop> cp -rp /var/lib/eucalyptus/instances/* /UEC/instances
<cybrocop> rm -rf /var/lib/eucalyptus/instances
<cybrocop> cd /var/lib/eucalyptus/ ; ln -s /UEC/instances
<binBASH> SpamapS: You know the last time I used monitoring software was big brother :)
<JamesHarrison> apt has held back linux-generic and linux-image-generic packages, safe to update those if I've not done any kernel level tinkering?
<xoen> zul: how can I check my mysql tables?
<cybrocop> smoser/jdstrand: And the problem came back!
<cybrocop> [Thu May 27 19:54:56 2010][001711][EUCAERROR ] libvirt: monitor socket did not show up.: Connection refused (code=38)
<smoser> yeah.
<smoser> its app armour
<smoser> you can't do that
<jdstrand> smoser: he removed apparmor
<smoser> no.
<zul> xoen: you'll have to check google
<cybrocop> jdstrand: I reinstalled it in order to make libvirtd happy again.
<smoser> (purged, it broke, reinstalled it worked, then cp -rp ... ln
<smoser> and it broke
<jdstrand> ah
<smoser> apparmour is denying you access because of the symlinks
<jdstrand> cybrocop: then yes, apparmor necessarily realpaths symlinks
<jdstrand> cybrocop: you need to update the profile
<xoen> zul: But I've deleted everything (I believe) and reinstalled mysql-server...
<cybrocop> smoser: so how can I make the instances live on a RAID partition
<wise_crypt> !google
<ubottu> While Google is useful for helpers, many newer users don't have the google-fu yet. Please don't tell people to "google it" when they ask a question.
<smoser> cybrocop, i'd suggest mounting that directory there
<smoser> alternatively i think you can configure where the path /var/lib/eucalyputs
<xoen> @zul ahahha it's cool, a bot defended me :P
<cybrocop> smoser:  OK. Have to run now. I'll try this.
<SirStan> cybrocop: i reinstalled, and now /dev/null is a character device. . wtf..
<jdstrand> actually, it would be better to see the dmesg
<xoen> (ops I used the @user again :()
<jdstrand> since the driver should take care of the realpathing and adjust the profile accordingly
<wise_crypt> xeon: you might also want to joint this #mysql may be they have a clue
<jdstrand> it is probably virt-aa-helper that is doing the denying
<jdstrand> (come to think of it)
<xoen> wise_crypt: OK, I'll try in #mysql... :)
<binBASH> jdstrand: Btw. I checked the virt-manager machine cloning again.
<binBASH> locally I can clone a machine, seems like I just can't clone remote
<xoen> wise_crypt: of course mysql doesn't work when I need it :P
<wise_crypt> xeon: eh ? u should register your nick then
<wise_crypt> !hi > xeon
<jdstrand> binBASH: that sounds like a non-apparmor issue.... I advise filing a bug. Please check kern.log on the local host and remote for any apparmor messages and add them to the bug
<wise_crypt> !hi | xeon
<ubottu> xeon: Hi! Welcome to #ubuntu-server! Feel free to ask questions and help people out. The channel guidelines are at https://wiki.ubuntu.com/IRC/Guidelines . Enjoy your stay!
<mathiaz> smoser: hi!
<mathiaz> smoser: hm - you're right - the bug cannot be nominated for lucid anymore :/
<smoser> that sucks
<mathiaz> smoser:hm - actually no
<mathiaz> smoser: I can still accept it
<smoser> but i can't nominate it
<mathiaz> smoser: however I think it can't be *nominated* anymore
<smoser> :)
<mathiaz> smoser: right - using the nominate for release link?
<binBASH> jdstrand: For me it more looks like the virt-manager doesn't watch for the disk image on remote server, but on the local host it's running at.
<smoser> right. lucid will not appear (or karmic)
<mathiaz> smoser: ok - I'll take this into account then
<mathiaz> smoser: should I accept that specific bug for lucid now?
<mathiaz> smoser: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/583542
<uvirtbot> Launchpad bug 583542 in openssh "ssh server doesn't start when irrelevant filesystems are not available" [Medium,Triaged]
<smoser> no
<smoser> this was a theory thing
<smoser> :)
<mathiaz> smoser: ok - great
<mathiaz> smoser: thanks for letting me know
<mathiaz> smoser: I'll have to take this one into account when updating the SRU process
<binBASH> btw. someone knows what this iptables message is? http://www.pastie.org/980085
<jorgelinux> how can I get kernel modules to get installed at /lib/modules ???? is there any package?
<jo-erlend> why does postfix have its own hosts resolve.conf, nsswitch.conf, etc?
<simplexio> jorgelinux: default they are in /lib/modules/
<jo-erlend> I mean those that are stored in /var/spool/postfix/etc
<jorgelinux> simplexio, I don't have any files in /lib/modules
<lamont> jo-erlend: because it chroots into /var/spool/postfix, and those files are kinda needed to do things...
<xoen> mysql-server package installs something out of /etc/mysql /var/lib/mysql and /etc/init.d/mysql?
<simplexio> jorgelinux: hmm. actually i dont know which package install all modules. there linux-image, linux-backports-modules and linux-restricted-modules packages
<jo-erlend> lamont, ah.. Thanks. :)
<kirkland> hggdh: i have an easy fix for you on your loop issue
<kirkland> hggdh: do you have a cloud where you can test this now?
<webPragmatist> hey after I modify the rate parameter a for drbd how is it supposed to speed up
<webPragmatist> i have reloaded the drbd daemon config
<webPragmatist> oh wait nm it got faster :)
<webPragmatist> look at that hawt vm action http://screencast.com/t/M2M3ODM3ZDIt
<webPragmatist> is there a way to monitor a /proc file continuously
<tarvid> snmpd
<SpamapS> webPragmatist: do you want to do a health check or collect stats?
<SpamapS> webPragmatist: there are drbd monitor scripts for nagios on nagiosexchange.org (worst domain name ever btw) ...
<webPragmatist> SpamapS: got it using watch
<SpamapS> oh just for a while, yeah watch is perfect. :)
<SpamapS> xoen: are you getting errors in /var/log/syslog?
 * zul lunches
<cybrocop_> smoser: sorry I had to run... But, if it is apparmor shouldn't it leave logs somewhere?
<smoser> thats why jdstrand was asking about dmesg
<xoen> SpamapS: yes http://pastebin.com/za24F8fQ (this is grep -i mysql /var/log/syslog)
<smoser> but your cp and then fail surely indicates that
<smoser> cybrocop_,
<smoser>        INSTANCE_PATH="/var/lib/eucalyptus/instances/"
<smoser> http://manpages.ubuntu.com/manpages/lucid/man5/eucalyptus.conf.5.html
<smoser> is how you would put that elsewhere.
<webPragmatist> is there an offsite third party backup like crashplan for ubuntu (that's not a desktop gui, i'd actually use crashplan if not?)
<cybrocop_> smoser: OK. I can fix the instance path.
<webPragmatist> or what would you guys suggest
<webPragmatist> I don't feel like running another server to keep backups
<smoser> cybrocop_, if that indeed fixes your problem , please summarise and  close the bug
<cybrocop_> smoser: that doesn't close the root cause of teh bug. Yesterday, when I reported the bug, I wasn't using symlinks.
<smoser> thats what i thought.
<cybrocop_> smoser: And yesterday, I hadn't reinstalled apparmor.. It was in disabled state so it never should've prevented me from running my instances.
<cybrocop_> smoser: I'm now trying to run the instance again to see if it leaves any logs or dmesg.
<hggdh> kirkland: we can use the test rig (right now on topo2. But there is not much space available there
<hggdh> kirkland: about 55G in total
<cybrocop_> smoser: I'm assuming that in normal (non-buggy) operation, it should leave something in the syslog that it prevented kvm from following symlinks.. correct?
<smoser> i dont know.  ask jdstrand for why that would or would not happen. i know that it doesnt afaik.
<cybrocop_> smoser/jdstrand: My bad. As opposed to yesterday, this time there are logs indicating the operation was denied. Here is the dmesg: http://slexy.org/view/s2HefYKUan
<cybrocop_> smoser: setting the INSTANCE_PATH variable worked. Thanks.
<webPragmatist> Any of you tried to backup using davfs or the like? With maybe rdiff-backup or something eqiuvalent? Suggestions?
<uvirtbot> New bug: #586442 in mysql-dfsg-5.1 (main) "package libmysqlclient16 (not installed) failed to install/upgrade: intentando sobreescribir Â«/usr/lib/libmysqlclient.so.16.0.0Â», que estÃ¡ tambiÃ©n en el paquete mysql-cluster-client-5.1 0:7.0.9-1ubuntu7" [Undecided,New] https://launchpad.net/bugs/586442
<ScottK> rgreening: File a bug against lucid-backports, say that the package builds, installs, and runs, and then give me a ping.
<rgreening> ScottK: ok. I'll be testing it tomorrow, most likely, so prob no ping today. ty for the assist
 * zul returns
<lunaphyte_> i've upgrade from karmic to lucid.  things appear to have generally gone well, but now when i do dpkg-reconfigure grub-pc, it's somehow decided i've "chose not to install grub to any devices".  why?
<webPragmatist> RoAkSoAx: you around
<Hypnoz> I am trying to pxe image using a local apt-mirror. Kickseed file loads, gets dhcp IP, but then throws this error when i starts looking for the packages to install http://dpaste.de/NU2t/
<Hypnoz> I have tried getting the netboot files from the newest ubuntu-8.04.4-server-amd64.iso as well as the newest ubuntu-8.04.4-alternative-amd64.iso
<webPragmatist> When I do sudo csync2 -k /etc/csync2_ssl_cert.key it just hangs?
<Hypnoz> webPragmatist: what was the point of doing that in #ubuntu?
<webPragmatist> lots
<Hypnoz> webPragmatist: I can totally see how spamming the channel and getting banned would benefit you
<webPragmatist> that's the fun thing about the internet.
<Scunizi> I'm looking at installing Sobby or Infinoted on my server.. both seem the same.. what's the difference?
<c13> Hallo i want to use the squid over firestarter. how can i configure the firestarter to accept the squid that all the traffic goes over the transparent squid?
<ScottK> Scunizi: The infinote one is a newer version with a different on the wire protocol.  Gobby 0.5 and Kobby are compatible with it.
<elb0w> I want to swap from debian server to ubuntu server give me some supporting reasons :o
<Scunizi> ScottK: ok.. thanks.. so kobby on the kde machines and gobby on the gnome machines and infinote on the server...
<ScottK> Yes.
<Scunizi> once I ap-get infinote on the server.. will kobby/gobby find it automatically on the LAN ?
<hggdh> jiboumans: ping
<jiboumans> hggdh: on calls, mail is probably best
<hggdh> jiboumans: k
<webPragmatist> hey
<webPragmatist> any of you guys use csync2
<webPragmatist> does csync2 -k just return a small key?
<webPragmatist> mine ends up just getting stuck and has a file like http://screencast.com/t/YTc0OTA0MTEt
<ScottK> Scunizi: No.  When that are started, they have to say where the session they are joining is located.
<webPragmatist> hrm
<webPragmatist> maybe my entrophy sucks?
<webPragmatist> entropy?
<webPragmatist> it's taking forever to make this key
<webPragmatist> oop
<webPragmatist> http://lists.linbit.com/pipermail/csync2/2005-December/000063.html
<webPragmatist> ahahaha this is a new one
<webPragmatist> i guess this is what happens wen you cat /dev/urandom http://screencast.com/t/NzE4Yjg5N2Et
<xoen> hi all, after hours spent fixing a problem with my mysql server now I've installed phpmyadmin but I can't access it
<xoen> if I go to http://localhost/phpmyadmin I get error 404
<xoen> I'm using Ubuntu 10.04
<xoen> I'm going crazy :P
<Scunizi> xoen: not sure what the port number is but it's typically written like this.. http://localhost:<port number of service/program"
<xoen> Scunizi: usually after I installed phpmyadmin just worked without port number (so port 80 I guess)
<Scunizi> xoen: so did you try http://localhost   without /phpmyadmin?
<Scunizi> that would be port 80
<xoen> Scunizi: apache works
<xoen> Scunizi: I've also configured a vhost with a Zend Application inside of it and it works :)
<Scunizi> yes.. but if phpmyadmin is on port 80 then there is no need for /phpmyadmin at the end of the address unless it's in a subdirectory of /var/www
<xoen> Scunizi: I don't know why but I've never seen phpmyadmin in /var/www but always worked
<Scunizi> xoen: I don't really use phpmyadmin so I'm not aware of the specifics on how to get to the admin page.. just guessing here..
<xoen> Scunizi: PhpMyAdmin files should be in /usr/share/phpmyadmin
<xoen> Scunizi: Don't worry :)
<Scunizi> I've got infinoted (gobby server) installed on a local server and have connected to it with a windows box and my kubuntu box.. user highlighting works on the windows box with gobby but is not working on the kubuntu box with kobby.. Any ideas why?
<webPragmatist> what should cat /proc/sys/kernel/random/entropy_avail read
<webPragmatist> and how can i increase this so my stuff can generate keys
<RoyK> anyone here using Hardy on a Xen DomU?
<elb0w> why is the only server version I find named amd64bit
<elb0w> what about intel
<lifeless> all the repositories are the same, so you can take 32 bit and remove the desktop + install server bits
<lifeless> amd32bit is == EMT64 - its intel or amd 64 bit, but not IA-64 (thats different again)
<elb0w> will amd64bit install and run properly on intel64bit?
<lifeless> depends what you mean by intel64bit
<lifeless> its not, on its own, a well defined term. You might be meaning itanium, or you might be meaning EM64T
<Hypnoz> elb0w: yes, it will be fine
<Hypnoz> elb0w: we run all intel processors in my datacenter, amd64 just means its the standard 64 bit image, not that its meant for amd chips
<Hypnoz> elb0w: I also agree its a stupid naming standard
<elb0w> yeah
<elb0w> meant space
<elb0w> sorry
<elb0w> wasnt sure we have all intel boxes here
<elb0w> and were wiping debian out
<elb0w> to put ubuntu
<elb0w> didnt want it to be a long night
<xoen> someone can help me with phpmyadmin? http://localhost/phpmyadmin doesn't work ("The requested URL /phpmyadmin was not found on this server.")
<elb0w> sounds like an httpd issue
<thrain][> xoen: do you have access to the httpd log file?
<elb0w> /var/log/httpd/error_log
<Hypnoz> xoen: can you ls -l of this dir /etc/apache2/conf.d
<Hypnoz> is there a phpmyadmin sym link in there?
<xoen> now I check...
<elb0w> learn mysql from chell imo
<elb0w> :o
<elb0w> shell*
<Hypnoz> don't get into this bs argument its been done
<elb0w> hahaha
<elb0w> I dont argue
<elb0w> I give advice
<Hypnoz> phpMyAdmin is an nice tool for creating databases and tables
<elb0w> I guess its a long term thing
<elb0w> those will hurt you in the long run
<xoen> apache works
<Hypnoz> what about /etc/apache2/conf.d/
<Hypnoz> is there a phpmyadmin.conf symlink inthere
<xoen> I've also a vhost with a Zend Framework application and it works
<elb0w> xoen, ls -l /etc/appache2/conf.d/
<Hypnoz> seriously
<xoen> Hypnoz: no there is phpmyadmin.conf symlink
<elb0w> how did you install phpmyadmin?
<elb0w> repos?
<xoen> elb0w: yes I've installed with apt-get
<elb0w> what command did you give?
<xoen> elb0w: sudo apt-get install phpmyadmin
<elb0w> do this
<xoen> Hypnoz: http://pastebin.com/nMkYxxZt
<elb0w> echo 'Include /etc/phpmyadmin/apache.conf' >> /etc/apache2/apache2.conf
<Hypnoz> xoen: cd /etc/apache2/conf.d/ && sudo ln -s ../../phpmyadmin/apache.conf phpmyadmin.conf && sudo /etc/init.d/apache2 restart
<Hypnoz> ya elb0w's way will work too i guess
<Hypnoz> my way is just how it was auto-setup on my machine
<xoen> Hypnoz: elb0w: so it's better do as it was auto-setup?
<elb0w> it doesnt matter
<elb0w> theyll both accomplish the same
<Hypnoz> xoen: you should also try "grep -i phpmyadmin /etc/apache2/*"
<Hypnoz> to see if anything comes up
<elb0w> yeah
<elb0w> also check that /etc/phpmyadmin exists
<xoen> Hypnoz: no result from grep
<elb0w> does /etc/phpmyadmin exist?
<Hypnoz> then ya, do either method, and restart apache2
<xoen> elb0w: /etc/phpmyadmin exists
<elb0w> then do sudo echo 'Include /etc/phpmyadmin/conf' >> /etc/apache2/apache2.conf
<elb0w> or how hypnoz showed you
<elb0w> then sudo /etc/init.d/apache2 restart
<elb0w> oh wait
<elb0w> dont do what I said
<elb0w> sudo echo 'Include /etc/phpmyadmin/apache.conf' >> /etc/apache2/apache2.conf
<elb0w> forgot apache.conf
<elb0w> lol.
<xoen> elb0w: I LOVE YOU
<xoen> Hypnoz: I LOVE YOU
<elb0w> i guess it worked
<xoen> (in alphabetical order :P)
<Hypnoz> <3
<xoen> yes it worked. Really I love you, I thinked about killing myself ahahah :P
<xoen> (just kidding)
<Hypnoz> when you work with open source software every day how can you not consider that at times
<RoyK> Hypnoz: it's not really a stupid naming standard - the instruction set was defined by AMD, not Intel
<Hypnoz> then it's just amd being egotistical
<wise_crypt> xoen :  :)
<Hypnoz> and confusing people by not calling it x86_64 or something
<xoen> Hypnoz: I feeled so stupid having problem with this thing that worked everytime for me :P
<Hypnoz> past tense of feel is felt
<Hypnoz> i know english is confusing as hell :(
<xoen> Hypnoz: thank you, sorry for my english, I'm talking just because I need phpmyadmin ahahah
<Hypnoz> there is no reason for half the crap that goes on in english
<Hypnoz> http://www.beautifulperth.com/dumbenglish.html
<xoen> wise_crypt: I love you too, you know :P?
<webPragmatist> http://www.beautifulperth.com/comp.html
<webPragmatist> i feel so much smarters
<webPragmatist> Some Companies will pay you to serf the Internet. Â It's not a "get-rich" scheme, but you can earn a little extra spending money.
<webPragmatist> If you pay by the hour to use the Internet, forget this money making idea. Â  If you have unlimited Internet access, here's a few sites to get you started.
<xoen> OK, next problem :P
<xoen> what's this? "$cfg['Servers'][$i]['tracking'] ... 	non OK"  (In PhpMyAdmin)
<elb0w> now you ask in #PHP
<Hypnoz> yikes
<Pici> ##php
<xoen> And how can I choose to use InnoDB?
<Hypnoz> xoen: sudo apt-get update && apt-get install php5 phpmyadmin
<Hypnoz> maybe there is something out of date?
<xoen> Hypnoz: OK
<Hypnoz> sudo should come before apt-get install too
<xoen> Hypnoz: sudo apt-get install --reinstall?
<Hypnoz> xoen: I don't see how that could hurt anything
<xoen> Hypnoz: So I put --reinstall too :P?
<Hypnoz> make sure you do sudo apt-get update
<Hypnoz> I haven't used that before, but if that works then sure
<RoyK> huh?
<RoyK> innodb is in the standard mysql packages
<RoyK> alter table engine innodb
<RoyK> then tune mysql to share more memory to innodb than myisam
<xoen> RoyK: how can I see which engine is used from PhpMyAdmin?
<elb0w> hes using php my admin RoyK
<RoyK> xoen: my.cnf shows default engine
<webPragmatist> is there an easier way to generate entropy than typing a bunch of crap
<RoyK> I think it usually is myisam, which sucks
<Hypnoz> webPragmatist: use /dev/urandom instead?
<webPragmatist> Hypnoz: just symlink /dev/random to it?
<webPragmatist> or whats the trick
<RoyK> erm
<Hypnoz> or maybe if you did a "cat /dev/urandom" that would generate entropy
<RoyK> don't do that
<leini> tach
<xoen> RoyK: I've seen /etc/mysql/my.cnf and there is nothing I think, there is a comment that say InnoDB is the default with 10 MB bla bla bla
<guntbert> Hypnoz: in the contrary: that would use up what has been accumulated
<webPragmatist> RoyK: yea i've done that lol
<webPragmatist> jacked up my terminal
<Hypnoz> guntbert: wrong, /dev/urandom doesn't use entropy only /dev/random does
<wise_crypt> xeon : j #phpmyadmin
<xoen> OK OK I will try for my own :)
<guntbert> webPragmatist: within a computer there is no such thing as "randomness" - thats where *you* come in :)
<wise_crypt> xeon : :)
<webPragmatist> guntbert: well
<webPragmatist> guntbert: i've just been pasting random crap into the terminal
<webPragmatist> is there a better way to do this lol
<RoyK> xoen: see /usr/share/doc/mysql-server-5.0/examples/my-innodb-heavy-4G.cnf.gz for a hint of the innodb tunables
<Hypnoz> webPragmatist: in another window (ssh session or ctrl-alt-F2) do "cat /dev/urandom" i'm curious if that will work
<webPragmatist> Hypnoz: I did
<xoen> RoyK: OK, PhpMyAdmin make me choice the engine when I create a table. I guess I need to stop for today :)
<webPragmatist> Hypnoz: do i have to paste it though
<webPragmatist> back in
<webPragmatist> after i cat
<guntbert> Hypnoz: I think you are wrong here (from wikipedia: but the output may contain less entropy than the corresponding read from /dev/random)
<Hypnoz> webPragmatist: nope just let that run on the system
<webPragmatist> okay
<xoen> hey guys I go, thank you very much for the help
<xoen> bye
<Hypnoz> guntbert: hmmm ... maybe it uses some entropy...
<RoyK> xoen: what I meant was how you tune the mysql server - I don't think you can do much of that from phpmyadmin
<guntbert> webPragmatist: the generated entropy usually doesn't come from the characters but from your action on the keyboard
<xoen> RoyK: I don't plan to tune nothing for the moment :)
<MTecknology> how hard is it to setup carp? do I just give my systems one ip and add some config that makes them request another ip?
<elb0w> what does ctrl+alt+f2 do?
<RoyK> xoen: iirc mysql is set to use some 16MB RAM for innodb by default, perhaps a little more, and quite lower for innodb - you need to tune it up to make innodb good
<elb0w> change run level?
<MTecknology> elb0w: TTY2
<elb0w> ah
<elb0w> o cool
<elb0w> i never use this
<RoyK> alt+left/right works well
<guntbert> elb0w: you need the ctrl+alt combination if you are in X
<elb0w> gt
<webPragmatist> Hypnoz: well the entropy goes up and then goes back dow
<webPragmatist> Hypnoz: is the keygenerator like using the entropy up
<wise_crypt> xeon : http://www.indowebster.com/MySQL_Bible.html
<user_> anyone here using lvm on ubuntu servers.. especially those running databases (MySQL, Postgresql). Does it have any advantage ?
<webPragmatist> i'm no expert at this
<Hypnoz> user_: one advantage would be the ability to grow the volume size as the database grew I suppose
<webPragmatist> Hypnoz: yep that works btw
<webPragmatist> cating urandom
<guntbert> webPragmatist: of course it is using it up - within a computer there is no such thing as "randomness" (repeating myself :-)
<user_> Hypnoz, I'm worried about the performance impact of using lvm
<webPragmatist> ahhhhhhhhhhhhh
<webPragmatist> i catted for too long
<xoen> RoyK: how can I choose innodb engine directly on create table? (last question for today, I promise :P)
<xoen> RoyK: the MySQL SQL syntax
<RoyK> xoen: the default engine is set in my.cnf
<RoyK> xoen: but I don't know if that applies to phpmyadmin
<xoen> It should be btw "CREATE TABLE name (...) ENGINE innodb;"
<RoyK> yes
<RoyK> but then, if you set the default to innodb, you won't need to specify engine
<MTecknology> !carp
<RoyK> unless you want myisam, that is
<RoyK> MTecknology: fish!
<MTecknology> RoyK: :P - I'm trying to learn about it but the docs are evasive..
<RoyK> MTecknology: http://www.fishbase.org/search.php
<MTecknology> RoyK: lol..
<xoen> RoyK: I understand what do you mean but the problem is I need to choose innodb because I need transactions and I have a file in which there is the SQL code to create the schema (for a ZF application). So for this reason I need to be explicit (sorry guys for the explicit language :P)
<RoyK> xoen: generally you should choose one of the engines and tune mysql for that alone
<MTecknology> RoyK: puppet will replace libvirt in 10.10?
<RoyK> MTecknology: asking me?
<xoen> RoyK: Yes but I'm paranoic so I prefer make things idiot proof :P
<MTecknology> RoyK: ya
<RoyK> xoen: see the innodb config from the docs, perhaps tune it down if you don't have 4 gigs of memory (or if your db is smaller or using memory for other things). change the tables to innodb
<RoyK> MTecknology: no idea :)
<MTecknology> RoyK: but you're smart - you should write up some info in the serverguide for setting up carp :)
<webPragmatist> Hypnoz: i think it only help you so much
<webPragmatist> the cat .dev/uranodm
<xoen> Bye guys and thank you again :)
<RoyK> MTecknology: sorry  -  no idea about carps unless they swim
<guntbert> webPragmatist: believe me or not - the biological factor is not replaceable for getting randomness (you could trace the movements of ants too)
<webPragmatist> guntbert i don't really care about entropy this is a testing server
<webPragmatist> i just want a damn key lol
<MTecknology> RoyK: I want two redundant servers - carp made the most sense
<MTecknology> RoyK: know of anything better?
<guntbert> webPragmatist: and where is the problem in typing a little pattern ?
<RoyK> we use drbd and pacemaker
<webPragmatist> guntbert: watcha mean
<MTecknology> !info pacemaker
<ubottu> pacemaker (source: pacemaker): HA cluster resource manager. In component universe, is optional. Version 1.0.8+hg15494-2ubuntu2 (lucid), package size 786 kB, installed size 2884 kB
<webPragmatist> guntbert: atm cat /dev/urandom wasn't working
<guntbert> webPragmatist: sorry if I misunderstood - the usual way to get randomness for the key is to type away at the keyboard in a non-determined way, its the pattern with time that is used, not the characters themselves
<RoyK> webPragmatist: start a find / -type f -exec md5sum {} \;
<MTecknology> RoyK: how does pacemaker work? can it give a set of computers a certain ip that they share?
<RoyK> MTecknology: yes, read the docs :)
<RoyK> they are quite extensive
<MTecknology> RoyK: thanks for that :D
<RoyK> it's service-oriented, not host-oriented, but it works well
<MTecknology> !pacemaker
<RoyK> !info pacemaker
<ubottu> pacemaker (source: pacemaker): HA cluster resource manager. In component universe, is optional. Version 1.0.8+hg15494-2ubuntu2 (lucid), package size 786 kB, installed size 2884 kB
<MTecknology> I was just peaking for a wiki page :P
<RoyK> google for pacemaker drbd ubuntu
<RoyK> https://wiki.ubuntu.com/ClusterStack/LucidTesting
<MTecknology> RoyK: thanks - this looks awesome
<tyska> hi guys
<tyska> the speed of the internet connection into my instances in UEC are very low. What can i do to speed up that?
<MTecknology> RoyK: so if i understand this right... I setup some servers - setup a key for those clusters - then pacemaker handles the start/stop of services on that cluster and the IP's the cluster has - is that about accurate?
<tyska> if i have an EBS attached to an instance and then reboot the instance, the EBS is still in use when i run euca-describe-volumes but it cannot be used from the instance
<tyska> the volume is not showed with fdisk -l and cannot be mounted
<webPragmatist> whats the diff between inetd and xinetd
<tyska> besides the volume cannot be detached
<tyska> somebody can help me?
<RoyK> MTecknology: that's quite correct, yes
<webPragmatist> okay nm
<webPragmatist> interesting
<webPragmatist> RoAkSoAx: 			wake up lol
<webPragmatist> RoAkSoAx: i'm interested it knowing why we are using xinetd for csync2
<webPragmatist> instead of the standard inetd
<webPragmatist> is there something inetd can't do
<tomsdale> ForceType text/plain in my webdav configuration isn't working. It's always rendering the php which I want to edit in plain text. Anyone using webdav for php development on a local server?
<norrec> hey all, i'm trying to setup a server that can send and receive from a couple of different accounts and be accessible by imap to local users, is there any documentation on this?
<tyska> someone can tell me why the internet connection speed in my instances are so low?
<tomsdale> any developers here who work on a local server for development. I set up webdav but it's getting tedious. What is your solution for remote php projects?
<webPragmatist> qyestion about csync2
<webPragmatist> when generating the keysâ¦ do i only make one key using csync2 -k
<webPragmatist> and share it between all the nodes
<webPragmatist> and then on each node i need certs
<webPragmatist> and also do i need to register the certs (how does it know where they are really?)
<tyska> tomsdale: use LAMP server and then use an IDE with ftp connection to edit the files
<webPragmatist> tomsdale: we use svn and just svn update
<webPragmatist> but thats not easier than webdav to setup
<tomsdale> tyska: I guess the classics are still the best. ftp has no file locking though.
<webPragmatist> i'd suggest webdav
<tomsdale> webdav I have the problem that it renders my files. I already included  ForceType text/plain in the VHost but it's not working.
<tyska> tomsdale: if you wanna modification control, use SVN
<tomsdale> otherwise I think it would be perfect for my needs.
<tomsdale> yeah - svn. I will have to get up to speed with that.
<webPragmatist> tomsdale: well even if you get up to speed with svn you would be behind the vcs curve
<webPragmatist> as people are now using hg or git
<FunnyLookinHat> Where can I create domains within my system so that I can map them to specific IPs?  I.e. for a private network
<tomsdale> Well, my project hasen't reached yet the size of the linux kernel :-) And svn seems to be included in my ide (netbeans)
<tomsdale> webPragmatist: can you view .php files in plain text?
<webPragmatist> huh?
<webPragmatist> tomsdale: svn you checkout a local copy
<webPragmatist> and it syncs
<webPragmatist> with the repository
<webPragmatist> when you commit the changes
<mathiaz> zul: around?
<webPragmatist> then you update your /var/www with the latest version
<webPragmatist> it's pretty slickâ¦ i've even made it auto update in some instances when someone commits
<tomsdale> is that fast enough if you do small changes in your php code and want to see the results in the browser.
<webPragmatist> tomsdale: uhm we have done that but it's not it's intention
<webPragmatist> there's also a webdav plugin svn (apache) to auto commit when you make a file changeâ¦ but it fubs up your repo because you don't get commit messages
<webPragmatist> tomsdale: the idea though is you should have a local copy of the website
<tomsdale> I think that's why I wanted to stick with direct editing for the moment. maybe svn from a devserver - staging server at some point
<webPragmatist> well
<webPragmatist> it's not very professional what you are doing is all i will say :P
<webPragmatist> your going to break something
<webPragmatist> you're*
<tomsdale> has been working so far - we  are just a 2 man show.
<webPragmatist> well i'm a 1 man showâ¦ â¦ and I wouldn't dare do it
<webPragmatist> but maybe my website's a bit more mission critical
<webPragmatist> who knows
<tomsdale> ok, you are editing a live environment. That's just the development version.
<tyska> tomsdale: with svn you program locally, and when all its fine, you sync with the server
<webPragmatist> tomsdale: you can have two remote serversâ¦
<webPragmatist> one live one dev
<elb0w> how can I install gnome on ubuntu-server as light weight as possible
<webPragmatist> but use webdav
<webPragmatist> and locking
<webPragmatist> it's not ideal but if you dont' want a vcs its the way to go
<tomsdale> so you use webdav to upload your changes.
<webPragmatist> not me
<webPragmatist> it goes like this...
<webPragmatist> local -> svn repo (hosted on staging server) -> staging server (check on same hardware/setup) -> svn repo (could make changes directly on staging if i wanted to) -> live server
<webPragmatist> the svn repo to staging os automaticâ¦ and the 4th step is optional
<webPragmatist> so it's really three steps (or two if you don't check staging)
<tomsdale> ok I get it. how's about database? do you replicate them?
<webPragmatist> yeaâ¦ i have a local copy of the db
<webPragmatist> which just has some of the data
<webPragmatist> staging reads the db off the live server
<webPragmatist> you could read the live db
<webPragmatist> depending on your mission criticalness
<tomsdale> hm - I feel I got to rethink my setup :-). with the development local it probably also speeds up things
<tomsdale> but if I work together with my designer - she probably will work on the stagingserver directly. How do I get the changes she does onto my local machine. rsync?
<tyska> tomsdale: the webPragmatist solution is great, local > SVN > development server > SVN > production server
<tyska> tomsdale: svn update
<tyska> tomsdale: when you modify any file locally, you run svn update and everything will be synchronized
<webPragmatist> tomsdale: with a dumby what you can do is run davsvn or whatever
<webPragmatist> tomsdale: which will work like webdav and just "commit" changes automatically for her/him
<webPragmatist> you won't have commit messages though which sucks
<tyska> tomsdale: if someone modify and commit some file to the server, you just run svn update again
<webPragmatist> so it makes a real mess of your repo
<tyska> tomsdale: in fact the commands are svn commit and svn update
<webPragmatist> tomsdale: so your designer could make changes directly on the development server with davsvn
<webPragmatist> depending on how likely it is for her to flub up your repo you would also consider making a "branch" of your current website
<tomsdale> If I have not invested anything in svn is it worth investigating git or is svn better supported and "good enough"
<webPragmatist> which is a copy of it basically that only she makes changes to
<webPragmatist> tomsdale: wellâ¦ svn has been around longerâ¦.. but much of the stuff is going to gitâ¦.. they are only similar in natureâ¦ git is a dvcsâ¦ meaning you keep the full copy of the repo locally
<webPragmatist> we use svn because this was 3 years ago that we set it up
<webPragmatist> for me svn is a bit less complicatedâ¦.. but that's because i've been using it forever
<webPragmatist> its most likely considered a dated vcs now
<webPragmatist> and you will be scoffed at for using it :)
<tomsdale> well, I'm just redoing my development server from scratch - now is the time to bring in change :-)
<guhcampos> anyone having success with mysql on 10.04?
<guhcampos> it won't start, restart, stop, unninstal, reinstall, install, reconfigure anything
<guhcampos> I'm trying this fix right now: http://goo.gl/wiEA (last comment)
<tomsdale> webPragmatist: Thanks so far - you definatly got me conviced using a vcs :-)
<webPragmatist> good luck
<webPragmatist> hrm
<elb0w> what is ubuntu's equiv of /etc/sysconfig/network-scripts/route-ethX
<webPragmatist> hrm
<SpamapS> elb0w: good question.. hmm
<SpamapS> elb0w: you could use   an up stanza
<SpamapS> elb0w: up route add -net xxxx gw
<SpamapS> elb0w: probably want a corresponding down too
<Theravadan> I have the latest and greatest 10.04 and I removed a drive from a software RAID 1 setup, if I put the a brand new swappable disk in will it magically join the mirror?
<elb0w> hmm
<elb0w> wont that go away
<elb0w> when I restart?
<guhcampos> any news on the MySQL stuff?
<SpamapS> elb0w: /etc/network/interfaces I mean
<SpamapS> elb0w: you add it as a sub-option to your interface
<elb0w> just add it?
<SpamapS> so iface eth0 inet dhcp
<SpamapS>   up route add blah
<elb0w> should of payed more attention in networking haha
<elb0w> im a dev our networking guy left for the day
<SpamapS> elb0w: 'man interfaces' for an example
<elb0w> ok will do
<elb0w> have to figure out how to set static ip first
<elb0w> lol
<SpamapS> elb0w: the 'up flush-mail' .. replace 'flush-mail' with your route command
<elb0w> SpamapS, you got a moment have a question for you
<SpamapS> elb0w: ask away, if I don't have an answer somebody else might
<elb0w> http://pastebin.org/286673
<elb0w> im trying to do that
<elb0w> in ubuntu
<SpamapS> http://pastebin.org/286677
<SpamapS> elb0w: maybe that works? I don't know if you can have multiple up commands
<elb0w> what is the -host vs -net
<SpamapS> elb0w: if not, you can put your up commands in a shell file and run that
<SpamapS> just as it would sound.. -net routes to a network, -host routes to a single host
<elb0w> can I break something if I use wrong one?
<SpamapS> well it wont work
<SpamapS> networks need netmasks
<SpamapS> hosts dont
<elb0w> so in my paste
<elb0w> netmask0 is 255.255.255.192
<elb0w> you dropped it to 255.255.255.0
<elb0w> thats ok?
<SpamapS> no i missed that
<elb0w> ok
<elb0w> i can figure that one out
<elb0w> i think
<elb0w> :P
<SpamapS> copy the values ;)
<SpamapS> from yours i mean
<elb0w> ok
<elb0w> now just put the iface down then up?
<elb0w> and ill know if it worked?
<elb0w> as soon as I test the route
<elb0w> of course
<SpamapS> yes
#ubuntu-server 2010-05-28
<elb0w> Im having issues installing mysql ndb cluster on lucid
<elb0w> anyone have similiar issues? I have seen bug reports
<SpamapS> elb0w: what issues are you having?
<elb0w> installing 5.1
<elb0w> It was complaining
<elb0w> Im taking over from someone else though
<elb0w> ill let you know when I hit it, thanks
<guhcampos> elb0w, are you still there?
<guhcampos> I'm having trouble with mysql (the normal server) too, only thing I've found was: http://goo.gl/wiEA
<elb0w> did it work for u?
<guhcampos> haven't tried
<guhcampos> I can't mess up with the scripts
<guhcampos> agains't company policies
<elb0w> i just got it to run somehow
<zul> mathiaz: now i am
<Rolexde> www.motherless.com
<uvirtbot> New bug: #586647 in bind9 (main) "package libisc60 1:9.7.0.dfsg.P1-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/586647
<elb0w> Any clue as to why I get SIOCADDRT: No such process when trying to set a static route?
<|corpse|> im trying to install ubuntu server, right now when i load i get a trace all then it drops me to a shell. Is there anything i can do to get the install running from this shell?  the shell says (initramfs)
<elb0w> get out while u can
<elb0w> just installed ubuntu server over debian
<elb0w> have had more issues getting things running
<elb0w> that i have ever wanted
<elb0w> took 2hrs to get mysql ndb to work properly
<|corpse|> i have been working on this for over a week now
<|corpse|> the people in here are so sick of me that they dont even talk to me anymore =P
<|corpse|> do you like debian? im just trying to set up a file server and mabey a webhost/mail host but im pretty new to linux so i was trying to stick with what i know
<ScottK> The Ubuntu Server installer uses the same installer as Debian.
<twb> Well, *almost* the same ;-)
<ScottK> It's the same code base.  There are differences.
<benkant> hello chaps. how do I install a specific version of PHP5? specifically I want 5.2 and not 5.3 ... would it still be in the repos?
<twb> benkant: in general, you can't.
<twb> The Right Thing is to hit your webdevs with a LART until they learn to write forward-compatible code
<benkant> forward compatible? that's a bit rich!
<ScottK> benkant: On Ubuntu, run either Hardy, Jaunty, or Karmic.  With Lucid it'll be 5.3.
<twb> Well, the normal implication of a new version x.y+1.0 is that it's backwards-compatible but not forwards-compatible, and thus systems targeted at x.y.z will Just Work with x.y+1.0
<twb> Maybe the PHP maintainers don't follow that scheme, or they just aren't very good at it.
<benkant> shut up
<ajmitch> that was an interesting reaction
<ajmitch> most of the problems with php 5.3 lately are due to it spitting warnings on using deprecated functions
<ajmitch> something fairly easily fixed in the appropriate php.ini
<ScottK> I'm glad I didn't make the comment that I was thinking about supporting one version of php being insane enough.
<ajmitch> some people are still trying to transition from php 4, I think
<twb> What happened here was that the PHP dev said "I don't know if this will work on PHP5" and management decided it would be cheaper to have me try to get PHP4 running on Etch than to get the app running on PHP5
<twb> ...or was it mysql?  Yeah, I think mysql, not php.
<ajmitch> changing the object model from php 4 to 5 did make a few basement coders confused
<ajmitch> PHP isn't really a language you look to for a good example of sanity, though
<twb> ajmitch: heh, "basement coders"
<twb> The idiom I usually use is "crack monkeys"
 * ScottK uses php developer
<SirMoo> Quick question. Does the server have a graphical gui or?
<twb> Well, they're not the only ones
<twb> "You can write Fortran in any language"
<twb> SirMoo: it does not.  You can install one; this is discouraged.
<ScottK> Certainly.  It's also possible to write readable Perl, but certain languages tend to encourage certain things.
<twb> Heh.  Canonical sure is a Python shop ;-P
<twb> I want to like lua, but these days it's hard for me to get enthusiastic about new languages
<ajmitch> ScottK: I was referring to a certain type of PHP developer, the ones that proliferate those mountains of bad cargo cult code out there
<ajmitch> since there are certainly a number of php developers who can avoid the common php pitfalls
<ScottK> Right, I'm not saying PHP can't be well done.
<ttx> SpamapS: around?
<SpamapS> ttx: I am. goodmorning
<ttx> SpamapS: I didn't see the meeting minutes yet
<ttx> SpamapS: was wondering if you wree blocked on anything
<ttx> (or if I missed them somehow)
<SpamapS> ttx: I sent them to ubuntu-devel and ubuntu-server .. thought maybe the list was set not to send people their own posts. Hmm.
 * ttx checks
<SpamapS> ttx: and I've been waiting for Mathias to enable my access on the blog.
<SpamapS> ttx: I see them in my sent items..
<ttx> SpamapS: can't see it https://lists.ubuntu.com/archives/ubuntu-server/2010-May/thread.html
<ttx> SpamapS: I had a few emails eaten by the list as well
<SpamapS> weird.. ok I'll re-send
<ttx> SpamapS: one time I had to have mathiaz send the notes for me, becaus ethey would constantly (and silently) reject my post
<ttx> I've thinking about some agressive spam countermeasure
<ttx> s/I've/I was/
<ttx> SpamapS: if it's not there by your morning, go through mathiaz to get them sent :)
<ttx> SpamapS: for ubuntu-devel, it should go through moderation. But ubuntu-server is not moderated
<SpamapS> ttx: I needed to re-register my subscription on ubuntu-server with my canonical email anyway
<SpamapS> ttx: I put out a flurry of MIR's today.. I presume with MIR's, the earlier in the cycle, the better, correct?
<ttx> SpamapS: it's the same team of people that process them, and they tend to arrive late in the cycle. So yes, submitting them early is a good way to spread their load
<SpamapS> ttx: should be there now
<ttx> SpamapS: ubuntu-server is in, yes
<ttx> thanks !
<SpamapS> ttx: thanks for the heads up.. I wonder where they went?!
<ttx> i've been asking myself the question when mine backholed :)
<SpamapS> IS prank?
<xoen> Just written an article where I explain how to create a vhost in Ubuntu GNU/Linux, maybe can help someone ( http://www.xoen.org/2010/05/create-vhost-in-ubuntu )
<lenios> xoen, looks good
<xoen> lenios: thank you :) :) (I hope all is correct too!)
<_tydeas_> hi ppl i am trying to setup my apache and added <IfModule mod_userdir.c>UserDir public_html </IfModule> to /etc/apache2/apache2.conf but does not work. Any ideas?
<_tydeas_> mod of public_html 771
<_tydeas_> sorry 755
<_tydeas_> anyone?
<RoyK> _tydeas_: have you enabled the userdir module?
<_tydeas_> how do this?
<_tydeas_> in the <IfModule> UserDir enabled ... ?
<_tydeas_> this is the only code i added <IfModule mod_userdir.c>UserDir public_html </IfModule>
<RoyK> https://help.ubuntu.com/8.04/serverguide/C/index.html
<RoyK> do it the ubuntu way
<_tydeas_> RoyK i see i just checked the mod_available dir :)
<RoyK> :)
<RoyK> just symlink the mods-available/something to mods-enabled
<_tydeas_> how i do that?
<_tydeas_> ln -s target link_name ?
<RoyK> _tydeas_: read the docs :Ã¾
<_tydeas_> i cd mods-enabbled; ln -s ../mods-available/userdir.* and worked ;p
<Bjelleklang> does anyone know if there are plans to upgrade php on Karmic to 5.2.11 anytime soon?
<henkjan> just bitten by an annoying bug :(
<henkjan> https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/512253
<uvirtbot> Launchpad bug 512253 in ifupdown "Mistake in /etc/network/interfaces keeps the system from booting" [Undecided,Confirmed]
<\sh> sounds more like upstart
<soren> henkjan: In Lucid?
<\sh> ifupdown does the right thing and tells you that you did a mistake in /e/n/i but upstart doesn't like it
<\sh> _tydeas_, the right thing to do to enable an apache2 module is /usr/sbin/a2enmod <module name>
<henkjan> soren: yep, lucid
<henkjan> time for a walk downstairs and init=/bin/sh
<\sh> henkjan, thank god there are RIBs ;)
<henkjan> RIB = Remote ? ?
<\sh> henkjan, remote insight boards
<henkjan> ah, ilom/alom/drac/whatever
<henkjan> these servers do have ilom, but the switch they are connected to has no more free ports :(
<\sh> henkjan, buy more switches ;)
<\sh> brb
<henkjan> \sh: these new servers replace a few older servers. After migration i'll have free switchports enough
<jo_> hello...
<jo_> hi ...
<jo_> anybody here?
<Aison> http://files.newsnetz.ch/bildlegende/20708/368983_pic_970x641.jpg
<sommer> morning
<bogeyd6> hi
<ttx> smoser: ping me when around
<tucemiux> where do I find the md5 sum for lucid??
<ttx> tucemiux: the md5sum of what ?
<Jeeves_> tucemiux: relases.ubuntu.com/releases/lucid/MD5SUMS ?
<tucemiux> Jeeves_, thanks!
<Jeeves_> yw
<tucemiux> anyone knows if the server comes preinstalled with all the server stuff like apache, ssh, etc. and I will have to uninstall or do I have to install the packages and dont worry about having to uninstall stuff I wont be using?
<penguin42> tucemiux: I'm pretty sure it's just a fairly basic initial install - I think it has openssh on, but very little else
 * penguin42 boots his server vm
<penguin42> tucemiux: Yeh, very little installed
<tucemiux> ok im going to fix a PII and install it there
<killown> what the fuck happen with ubuntu? every day i need reboot system for system go back to work, it happen with ubuntu server lucid and ubuntu desktop lucid too
<killown> i am pissed of this crap
<killown> last day i will use it, i am tired man....
<killown> does it be like windows? need reboot every day
<killown> funny
<killown> internet connection stop to work every day, i can ping google but not retry connection
<killown> e.g. wget google.com can't get url
<killown> its timeout
<killown> but ping works
<killown> there is no firewall in it
<killown> its happen in two different machines
<killown> so i think its a big problem with ubuntu
<Jeeves_> killown: Chill out dude. :)
<Jeeves_> What's your problem?
<killown> when i use windows 7 i don't need reboot the system every day to internet go back to work
<killown> oooh man i am pissed of with ubuntu
<killown> right now my server stoped network connections
<killown> ubuntu server lucid
<killown> i can ping google but not get url with wget google.com
<Jeeves_> ok. You can ping google.com from your server?
<killown> yes, i do
<Jeeves_> so 'ping www.google.com' works?
<killown> works fine
<Jeeves_> ok, and 'telnet www.google.com 80' ?
<killown> but i am closed ssh connection
<killown> and now i can't connect to the server again
<killown> Jeeves_, wait a moment
<killown> Jeeves_, look that Trying 72.14.253.104...
<killown> its resolving dns
<killown> but telnet: Unable to connect to remote host: Connection timed out
<Jeeves_> ok, so dns works
<Jeeves_> can you do a traceroute?
<killown> yes, looks fine
<killown> let me try
<ttx> smoser: around ?
<killown> traceroute to google.com (72.14.253.104), 30 hops max, 60 byte packets
<killown> Jeeves_, http://pastebin.com/Qby9A0rc take a look
<killown> its not getting any route
<killown> any problem with kernel + netfilter i think
<killown> Jeeves_, i am using the basic ubuntu installation
<killown> there is no firewall set up
<killown> its a fresh install
<killown> wih system updated
<killown> with*
<killown> sorry man but i can't use a system who i need reboot every day to the internet go back to work.... i reinstall ubuntu a lot times to get ride of this issues but i have no clue what happen
<Pwr> Ok, I'm just gonna copy-past this here again :)
<Pwr> Hi there! I'm using ubuntu for a while now, and I've decided to use ubuntu on my home server. What it will do is run Sabnzbd, a torrent client and serve files (password protected shares) to windows and ubuntu computers. After installin the server all I get is a commandline... And I'm lost. "apt-get update" gets errors (as in, internet not working). So where do I begin? Is there a manual for beginners?
<Jeeves_> killown: Hmm.
<Jeeves_> So ping works, but traceroute doesn't
<Jeeves_> what does 'ip get 72.14.253.104' say?
<killown> Jeeves_, does it be a masquerade or nat problem?
<dhruba> I have configured a NFS Server on Ubuntu 10.04 Server and some windows XP machines used as client through SFU. Most of them are working just fine. But a few are loosing the user maps. These machines are on Wireless network. Any idea how to solve this?
<killown>  ip get 72.14.253.104
<killown> Object "get" is unknown, try "ip help".
<Jeeves_> dhruba: Ditch the windows client
<Jeeves_> +s
<Jeeves_> killown: Hmm
<Jeeves_> ip ro get, sorry
<killown> Command "72.14.253.104" is unknown, try "ip route help".
<killown> root@ubuntu:~#
<dhruba> Could not understand. Please elaborate.
<Jeeves_> gree
<Pici> !who
<ubottu> As you can see, this is a large channel. If you're speaking to someone in particular, please put their nickname in what you say (use !tab), or else messages get lost and it becomes confusing :)
<Jeeves_> grrr
<Jeeves_> dhruba: I expect your Windows XP with crappy clients on wireless to be the issue
<Pwr> Pwr: i ment ubuntu-server in my story above
<Jeeves_> killown: ip ro get 72.14.253.104 doesn't work?
<Jeeves_> It does on my machine
<dhruba> While pinging, I am finding 3-5 ms from the wireless clients. Whereas, from the wired clients, it is <1 ms. Could this the reason?
<killown> root@ubuntu:~# : ip ro get 72.14.253.104
<killown> root@ubuntu:~#
<Pici> !serverguide | Pwr Is this what you're looking for ?
<ubottu> Pwr Is this what you're looking for ?: The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<killown> Jeeves_, i think not
<killown> Jeeves_, ping working http://pastebin.com/3JcxfyWT
<Pwr> pici: yes and no, for some reason I cannot connect to the internet, I had to disconnect from the internet during installation because it gave errors (could not retrieve packages etc.)
<Jeeves_> killown: And 'ip ro list'
<Pici> Pwr: Wired or Wireless?
<Pwr> Pici: so a simple command to get internet-acces (dhcp would be fine for now) would get me further then I am right now. But I can't seem to find the command
<Pwr> Pici: wired
<Pwr> eth1
<Pwr> I'm sorry for my noobishness :)
<killown> Jeeves_, http://pastebin.com/fndQz65p
<Pici> Pwr: sudo ifup eth1
<Jeeves_> killown: Hmm, you've got two default routes..
<dhruba> quit
<Jeeves_> To the same destination, but still
<killown> i will delete it , wait a moment
<Jeeves_> killown: Are you using dhcp?
<killown> not
<killown> static ip
<Pwr> Pici: "ignoring unknown interface eth1=eth1" error
<Pici> Pwr: Are you sure that your ethernet device is eth1? What does ifconfig say?
<killown> router is serving dhcp to range 192.168.1.100/192.168.1.200
<bogeyd6> most ethernet devices are eth0
<Pwr> Pici: "ifconfig -a | greph eth" tells me there is an eth0 and an eth1 interface
<Pwr> there is a cable in the eth1 interface
<bogeyd6> change it to the other port
<bogeyd6> and try again
<bogeyd6> ubuntu usually mixes and matches my ethernet ports on my HP servers where the single NIC has two ports
<bogeyd6> sometimes top is 0, sometimes 1
<Pwr> "sudo ifup eth0" gives me the same error now
<Pwr> but instead of eth1 it says eth0
<bogeyd6> cisco router with spanning tree?
<killown> Jeeves_, http://pastebin.com/qs1j8Faw its from ubuntu desktop lucid, and everyday i need reboot the system, so i think the problem is not the route
<Pwr> bogeyd6: netgear wnr854t, simple home router
<Pwr> I might be better of installing ubuntu normal and fiddle with that I suppose, the server edition seemed more appropriate for my goal but might just be a tad too complicated for me :)
<killown> i have no reasons to need change routes and ip issues in ubuntu desktop, i don't know how internet stopping to work
<killown> on windows 7 system it can work for a lot days without need reboot the system, why i need reboot it when i am using ubuntu?
<killown> i will show you my /network/interfaces
<killown> i will reboot the router right now, if it won't work... so i will install another system
<killown> http://pastebin.com/bntjCezf
<smoser> ttx, here
<ttx> smoser: got 5 min for Mumble ?
<smoser> sure
<smoser> finding headset
<ttx> smoser: join me on 1:1
<ttx> well, I made you join me :P
<Jeeves_> killown: Do you have it statically configured on windows too?
<killown> Jeeves_ yes
<killown> Jeeves_, ubuntu 10.04 fresh install updated , i am just installed squid and no more apps no more changes, i will show to the iptables-save out
<Jeeves_> Too weird
<killown> Jeeves_, apt-get install emacs working
<killown> i think it is a problem with port 80
<killown> its happen in ubuntu desktop lucid too
<killown> http://pastebin.com/QkZvLwx6
<killown> Jeeves_, this crap thing is happen a lot weeks, i think its the last day to get any fix to this problem
<Jeeves_> killown: If you've got NAT configured, it's not a default install, is it
<Jeeves_> ?
<killown> Jeeves_, i never touch in firewall
<killown> its a default from ubuntu
<Jeeves_> Hm, yes. I see.
<Jeeves_> I've got no clue... Sorry.
<killown> Jeeves_, after upgrade to lucid i started with this problems
<killown> ok no problem
<killown> i will install another distro
<killown> give up of ubuntu
<killown> thanks for you help
<Jeeves_> yw
<EtienneG> hggdh, quick q. for you: when you test UEC, what do you use for the public IP range?  do you use an unused range of IP in the same subnet as the public interface of the CC, or a different subnet entirely?
<hggdh> EtienneG: a different subnet
<hggdh> (with a different base address)
<hggdh> EtienneG: but --AFAIK -- you could use the same base address, and separate subnets
<uvirtbot> New bug: #586840 in php5 (main) "PHP is disabled by default for publishing from user's public_html folder using userdir module" [Undecided,New] https://launchpad.net/bugs/586840
<EtienneG> hggdh, IIRC, there used to be a bug where you could not use a range of spare IP in the same subnet as the CC public interface (routing would be messed up on the CC), but everyone I have been talking to lately claim it is not a problem.  Testing it now, we will see very shortly.
<EtienneG> hggdh, if my suspicion is correct, that would be a major issue.
<hggdh> EtienneG: yes, I would consider this a Bad Thing(TM)...
<hggdh> EtienneG: we also noticed another thingie, dealing with SCs: by default you could not have more than 32 volumes per SC
<EtienneG> hggdh, that is mighty broken
<hggdh> EtienneG: kirkland is patching it to the maximum allowed by one SC: 256 volumes, 256 snapshots
<hggdh> EtienneG: do you have enough space to create 512 volumes and snapshots?
<EtienneG> hggdh, I am so glad we someone QA these things, means I will not get to have to chase these problems myself when installing!
<EtienneG> hggdh, define "space"?
<EtienneG> hggdh, on my new cloud? no, unfortunately
<hggdh> disk space in the SC -- you need at least 1G per {snapshot,volume}
<EtienneG> hggdh, but do not worry, next week I will be working on hardware that have disk in the TB range
<hggdh> EtienneG: yeah, neither do I...
<hggdh> cool!
<hggdh> EtienneG: when you get to have the space, ping me (if the fix has not yet being made available). It is an easy change in upstart to test it
<hggdh> or even manually, on Lucid
<EtienneG> hggdh, no prob ... in fact, *you* can ping me at your leisure early next week on the subject.  I will have access starting Tuesday
<hggdh> EtienneG: thank you, will do
<hggdh> :-)
<tucemiux> anyone knows the system requirements for ESXi?
<zul> tucemiux: have you checked vmware's webpage?
<tucemiux> zul,  im looking but they dont have a minimum system requirements section per se, what they have is a hardware compatability section, I dont want to know if my system is compatible or not, i want to know if I have enough juice to begin with
<ubuntu-usr> hi
<ubuntu-usr> where i can find apache logs?
<Pici> ubuntu-usr: /var/log/apache2/
<cybrocop> Hi all. I am on Ubuntu 10.04. I just enabled my motherboard's SATA RAID functionality. How can I tell Ubuntu to see the raid volume now?
<elb0w> Any clue as to why I get SIOCADDRT: No such process when trying to set a static route?
<ubuntu-usr> do you know any good, open source groupware?
<Guest_52_> is it good to run the vbox on ubuntu server for enterprise level? the one that is in the repository of ubuntu
<guntbert> Guest_52_: if you don't need usb and vrdp - yes
<Guest_52_> vrdp like the rdp in windows?
<guntbert> Guest_52_: its a rdp server to reach the VM
<Guest_52_> so rdp server isnt working in the free version and the usb? thats all?
<guntbert> Guest_52_: as far as I know thats the big difference, but you can see for yourself on http://www.virtualbox.org/wiki/Editions
<Guest_52_> not so big difference ( i think ) if using for a headless and handless server
<elb0w> so no one has an answer as to why I get SIOCADDRT: No such process when trying to set a static route?
<elb0w> It was working fine
<elb0w> then all of a sudden
<elb0w> issue
<penguin42> what exactly is the route you are trying to add?
<elb0w> sec
<elb0w> route add -net 198.140.50.0 netmask 255.255.255.192 gw 10.147.201.174
<penguin42> can you ping the gw ?
<elb0w> good question
<elb0w> if it wasnt production
<elb0w> id swap the cables now
<elb0w> but whats odd
<elb0w> is earlier that night
<elb0w> sorry enter is a bad habbit of mine
<elb0w> Earlier that night I was using the exact same command to set the static route and it was working no problem
<penguin42> also try specifying the interface
<elb0w> I did try that as well
<guntbert> elb0w: is your interface up ?
<elb0w> I had originally added it to the /etc/network/interfaces
<elb0w> Yes I can bring it up no issues
<elb0w> Originally I had a up statement in the interfaces file that would look something like
<elb0w> up route add -net 198.140.50.0/255.255.255.192 gw 10.147.201.174 eth3
<elb0w> but that was not working, so I went to the manual line entry which it then worked
<elb0w> Since I have commented ou the up / down statements I added to eth3 and it worked once then following had issues a few hours later
<elb0w> I have checked the /etc/network/interfaces file and i cannot pick out any errors
<penguin42> generally the things to check are that there is a route to the gateway
<elb0w> Ok, could I show you my interfaces config and you tell me if it all looks ok?
<elb0w> http://pastebin.ca/1873415
<bogeyd6> .keepersoflists.org no longer exists, for shame
<penguin42> elb0w: Your net mask in the config is different
<elb0w> arent they for two different ips?
<elb0w> 255.192 is for 198.14.50.0 and 255.240 is for 10.147.201.161
<elb0w> or am I wrong
<elb0w> im not a networking guy
<penguin42> elb0w: The netmask you have for the 192.168.42.91 is 255.255.255.0
<penguin42> oh hang on, that was a different one again
<elb0w> eth3
<elb0w> is what i want
<elb0w> eth0 is internet
<penguin42> so you have two gateways there - what do you want to go to the 10.147.201.174 one?
<elb0w> im not sure now you are confusing me
<elb0w> the route add statement I had isnt valid?
<elb0w> route add -net 198.140.50.0/255.255.255.192 gw 10.147.201.174 eth3
<elb0w> ?
<elb0w> wont it use eth3 by default because it has the gateway?
<penguin42> hang on a sec, while I reread it
<elb0w> sure thanks
<penguin42> so you shouldn't need the eth3 at the end of that because it should know that's where that gw goes
<elb0w> yeah
<penguin42> assuming that is that eth3 is happy
<elb0w> the proble was I was getting that error
<elb0w> eth3 goes up without complaining
<elb0w> how could I tell if it has an error
<penguin42> can you ping the gateway?
<elb0w> cant check now but they may have icmp off
<elb0w> well let me check on production box
 * penguin42 is still a little curious about the gateway line in the interfaces file
<elb0w> what about it?
<penguin42> well, what does it mean
<elb0w> its the gateway for that nic no?
<penguin42> the gw on net0 is adding a default gw for all traffic isn't it? What do you want to get routed to that gw ?
<lunaphyte_> exit
<elb0w> to which gateway?
<elb0w> eth0?
<uvirtbot> New bug: #586898 in php5 (main) "php5 cli segmentation fault when executing script" [Undecided,New] https://launchpad.net/bugs/586898
<penguin42> elb0w: Well the gw in the eth0 section is a default route for all traffic that isn't on the local eth0 segment; but what is the gw on eth3 ?
<killown> Jeeves_, hey
<elb0w> the gateway?
<elb0w> what do you mean by that
<elb0w> gateway is the router no?
<penguin42> elb0w: And what traffic does the router on eth3 route?
<elb0w> for one of our datafeeds
<elb0w> live market data
<osmosis> strange,  [Fri May 28 10:14:24 2010] [error] Exception KeyError: KeyError(139782945621824,) in <module 'threading' from '/usr/lib/python2.6/threading.pyc'> ignored
<penguin42> no, I mean from the point of the host from the entry in interfaces what should the system route down there
<elb0w> thats the address of our nic on their network
<elb0w> I think
<penguin42> no it's not
<elb0w> god I should of payed more attention in my cisco classes lol
<elb0w> Ok we have a router from another company
<elb0w> One of the nics on this box (eth3) goes to this router
<penguin42> elb0w: OK, there are 2 different cases for gateways, the default route and ones that route a specific route
<elb0w> we have a process that takes data and sends requests through eth3 -> router -> them and <-<-<-
<penguin42> elb0w: The gw line in an interfaces stanza adds a default route for all traffic
<penguin42> (not otherwise rotued)
<elb0w> but then if i dont put gateway there I have to specify eth3
<elb0w> right?
<elb0w> when I add the route
<penguin42> so for your internet one it makes sense - it says everything that didn't have anywhere else you knew where to send it go this way
<elb0w> ah gotcha
<elb0w> that is why default route was swapping to eth3 when I had it enabled?
<penguin42> elb0w: Right, but the gw in a route command is different if you specify a net or host to route to
<elb0w> yes but if I do not specify eth3 how would it know which nic to go through?
<penguin42> the fact that you might have a router on there doesn't mean you want it to route all traffic does it? If not then remove the gw line from the eth3 stanza in the interfaces file
<elb0w> correct
<penguin42> elb0w: You do need the gw in the route, but not in the interfaces file for eth3 the way I'm reading your setup
<elb0w> yes you are very correct
<elb0w> I guess my question is how am I defining the nic to use by doing add route
<elb0w> so is this saying I add eth3 at the end?
<elb0w> route add -net 198.140.50.0/255.255.255.192 gw 10.147.201.174 eth3
<penguin42> you shouldn't need to
<elb0w> so I should not be specifying the gateway for eth3 anywhere then?
<elb0w> aside from the route statement
<penguin42> that's my reading of it yes
<elb0w> ok
<redsherpa> http://pastie.org/982103
<elb0w> thanks for all your help penguin42, I feel like I understand alot of things better now
<elb0w> yeah I was havin mysql problems last night
<SpamapS> redsherpa: I believe there's a fix set to be released for that.
<redsherpa> SpamapS:  Okay, thank you.  I contributed to the bug, and was hoping it would be fixed soon.  Sometimes patience is just the only option.
<killown> what advantages do i have to use apparmor?
<jpds> advantages?
<penguin42> killown: It means even if there is a bug in the application you can restrict what can be accessed
<killown> penguin42, the apparmor is affecting my internet connection
<killown> after hours my internet stop to work
<killown> after stop it my internet go back
<penguin42> killown: For example it's used on evince so that if you open a pdf with it then it stops a nasty pdf accessing files it shouldn't
<killown> or after reboot the system
<penguin42> killown: It shouldn't do much with internet - what makes you say it's related to apparmor ?
<killown> penguin42 because every day my internet stop to work
<killown> i did try everything to fix it
<penguin42> and what makes you say it's apparmor and not something else?
<killown> Jeeves_, tried to help me but he can't
<killown> so i was giving up it
<killown> but after stop apparmor
<killown> i could get internet go back to work
<penguin42> what type of internet connection do you have? Are there any log errors when internet connection is lost?
<killown> penguin42, the problem is, suddenly internet stop but i can ping google and do another things related to outgoing connections
<killown> no log erros
<killown> errors
<penguin42> killown: so if you can ping things what  doesn't work?
<killown> penguin42 wget google.com
<killown> cant work
<killown> w3g google.com
<killown> cant work
<penguin42> any errors?
<killown> penguin42, no errors
<killown> i forgot to check apparmor logs
<penguin42> it's unlikely to be apparmor then - what made you think it was apparmor?
<killown> penguin42, because it go back to work after stop apparmor
<penguin42> have you added any apparmor config?
<killown> penguin42 no
<killown> its a fresh ubuntu install
<killown> with apparmor default settings
<penguin42> that's pretty odd - apparmor normally says in the log if there is anything it blocks, so I doubt it's actually apparmor that's the problem
<killown> penguin42 what would be?
<penguin42> how are you connected to the internet?
<killown> penguin42 modem >> router >> machine
<penguin42> ethernet between router and machine?
<killown> don't care if i try reboot modem or router, it won't work
<killown> yes
<penguin42> so when it fails check /etc/resolv.conf and do an ifconfig -a and /sbin/route -n   and see if it changes from when it's working
<killown> penguin42 http://pastebin.com/1zgwDcsi
<killown> and http://pastebin.com/AK3Tu6rb
<killown> now i rebooted and working fine
<killown> i don't know when it will stop to work again
<penguin42> the 1st one doesn't seem to show an ifconfig or /etc/resolv.conf
<killown> penguin42, http://pastebin.com/AK3Tu6rb  do not?
<penguin42> no
<killown> i saw resolv.conf there
<killown> how you can't ?
<penguin42> yeh 2nd has resolv.conf, no ifconfig
<killown> ifconfig is the same set in network/interfaces >> http://pastebin.com/1zgwDcsi
 * penguin42 goes back a step - is it downloading from br.archive.ubuntu.com in the 1st one?
<killown> penguin42, note: to get this informations i was connected via ssh to the machine
<penguin42> it's odd that only google and the like don't work when the rest of your connectivity seems to work
<penguin42> yet your DNS resolution looks fine
<penguin42> killown: There is an apparmor profile for tcpdump, so if that was wrong, yes it could break that
<cn1109> I'm currently using apache2 and when I try a2ensite I get the following error: No site found matching /etc/apache2/site-available/www.mysite.com and also the same thing for sites-enabled. Any solution?
<remix_tj> cn1109: do you have a file called www.mysite.com in that dir?
<mtsmith> Hey everyone -- I've been reading up on installing Tomcat using apt-get but I've been reading about problems arising from using the packages as opposed to a clean build. Can anyone show me "the right way"? ;-) Thanks
<tucemiux> anyone knows what the minimum requirements are?
<cn1109> remix_tj: yes. I used pico www.mysite.com on /sites-available/
<cn1109> remix_tj: Is that how you create the sites?
<tucemiux> i mean, anyone knows what the minimum **memory** requirements are?
<remix_tj> yeah cn1109 i create the file in /etc/apache2/sites-available/, then enable it
<remix_tj> cn1109: is the file with correct content?
<tucemiux> ubuntu server  will work with 128MB of ram, nice !!!
<cn1109> remix_tj: RIght now i just copied the default file and renamed it to www.mysite.com
<remix_tj> cn1109: a2ensite gives the same error now?
<cn1109> remix_tj: It starts such as: <VirtualHost:*80> and so on with the directories ,etc..
<remix_tj> kk
<cn1109> remix_tj: It does
<cn1109> remix_tj: It does give me the same problem
<mtsmith> tucemiux: we run a few slices on slicehost using Ubuntu karmic on 128mb. runs a okay... can't do crazy stuff, but normal stuff. just fine.
<StrangeCharm> i'm trying to install wordpress on a fresh install of 10.04. i installed lamp with tasksel, but when i try to access wordpress's .php files from a browser, it gives me downloads of text php files, rather than rendering pages. what's going on?
<remix_tj> cn1109: are you launching a2ensite with sudo?
<cn1109> remix_tj: no. i'm running it as root.
<tucemiux> StrangeCharm, sounds like the php is not being executed, maybe it's a permissions issue?  I'm still new at this
<StrangeCharm> tucemiux, i don't think that it's permissions
<remix_tj> cn1109: sure? this should be a problem related to permissions issues
<remix_tj> StrangeCharm: a2enmod php5 ?
<cn1109> remix_tj: Just tried it with sudo. Same problem
<tucemiux> i'm thinking about installing my web server and ssh server on the same machine, any thoughts on this?  I wont be doing anything resource hungry, just for personal stuff
<StrangeCharm> remix_tj, it's already enabled
<remix_tj> StrangeCharm: uhm... sure?
<remix_tj> cn1109: cd /etc/apache2/sites-available
<remix_tj> sudo a2ensite records
<remix_tj> records is the filename
<remix_tj> it gives me no problem
<cn1109> remix_tj: I restarted my server. Now it works. I was actually using the old way and not just going into the dir and using a2ensite
<remix_tj> but afaik this should work also without cd
<ruben23> hi guys can anyone help with visudo..? i got syntax error when i add up entries on it
<SpamapS> ruben23: maybe pastebin the offending lines? http://paste.ubuntu.com
<ruben23> http://pastebin.com/W7e9pmp0 <-----------this will say syntax error when i save it form visudo
<tucemiux> how should I manage upgrades?  should I use Landscape,  install automatically, or "no automatic updates"??
<penguin42> tucemiux: It depends a bit on your circumstances
<penguin42> tucemiux: If you manage your machines and watch security issues then you can do noauto and do it yourself - but just make sure you do
<penguin42> tucemiux: Install automatically should work - but of course occasionally an update might break something when you aren't watching it
<ruben23> SpamapS: ..?
<tucemiux> penguin42, so if i pick no automatic updates I can still do the updates manually?
<penguin42> yes
<tucemiux> can I choose landscape later on?
<penguin42> not sure, I don't know how the landscape stuff works
<tucemiux> penguin42, how do I update manually?  use sudo apt-get update? O_o
<penguin42> tucemiux: Yeh followed by sudo apt-get upgrade
<SpamapS> ruben23: ruben All = All you're not specifying what you're allowing ruben to do on all servers.. needs to be ALL=(ALL) ALL
<tucemiux> penguin42, thanks!  its installing
<zul> mathiaz: ping do you need to join ubuntu-server to triage ubuntu-server bugs?
<tucemiux> what is the tomcat java server useful for?
<ruben23>  SpamapS: yes thats my syntax, but i get error.
<SpamapS> zul: I'm a member of ubuntu-server team already btw. ;)
<ruben23> when i save it it gets error and when i go bac it will became All=All
<zul> SpamapS: oh you might want talk to mathiaz about that then
<RoyK> just copy the root line and change it to ruben
<SpamapS> zul: is there something that can be turned on that automatically reports bugs when there is a segfault? that guy seems to have a *lot* of segfault bugs.
<SpamapS> maybe he has a bad RAM stick
<SpamapS> and no error checking
<mathiaz> zul: what do you mean by triaging bugs?
<mathiaz> zul: the ability to set importance and statuses?
<ruben23> SpamapS: see this ------>http://pastebin.com/zSvQz7BM
<zul> mathiaz: yeah
<mathiaz> zul: you need to be part of the bug-control team IIRC
<zul> k
<zul> mathiaz: clint doesnt have access so he can do his triaging today
<mathiaz> SpamapS: read up on https://wiki.ubuntu.com/BugSquad
<mathiaz> SpamapS: basically you need to be aware of the basic rules about triagging in Ubuntu
<SpamapS> mathiaz: I joined bugsquad too.. but not bug control I think
<hggdh> zul: are you not a member of -control?
<mathiaz> SpamapS: you can then apply to become a member of the bug-control team
<SuperLag> mathiaz: but this is SpamapS. I thought he knew *everything* there was to know about anything important?? :D
<mathiaz> SpamapS: in order to join you need to show a basic understanding of the bug triaging process
 * SuperLag hides
<mathiaz> SpamapS: the bar is quite low - it should take you a couple of hours and a couple of bugs
 * SpamapS appreciates SuperLag's support
<mathiaz> SpamapS: the wiki page outline what needs to be done
<SpamapS> mathiaz: I'll get started then. :)
<ruben23> SpamapS: got it..?
<SpamapS> ruben23: yes but I can't tell which line is 42
<zul> hggdh: yeah i am but we are talking about SpamapS here ;)
<hggdh> heh. My bad
<ruben23> SpamapS: line 42 is ruben.
<amstan> hey guys, i'm having issues with the 64bit installer
<SpamapS> ruben23: I'm stumped.. it looks fine
<amstan> i get to installing base system, near the end
<amstan> and i get: base-installer: error: exiting on error base-installer/kernel/failed-install
<zul> oh that sucks gary coleman is dead
<SpamapS> first britney murphy, now this.. somebody hide Scott Baio
<zul> SpamapS: this would help to make things go faster https://wiki.ubuntu.com/Bugs/Responses
<SpamapS> zul: excellent smithers...
<elb0w> should I worry about this? postconf: fatal: open /etc/postfix/main.cf: No such file or directory
<EtienneG> hggdh, just FYI, my earlier suspicion where incorrect
<EtienneG> a free range in the current subnet works just fine for public IP
<EtienneG> it was a pre-karmic bug, somehow I remained under the impression it would not work
<EtienneG> I am verymuch relieved
<jackinloadup> Looking for a search tool to place on a fileserver with about 21TB of data. I have looked briefly looked into Gnome Tracker and Beagle, but im not sure if there are other options. Suggestions? Preferably I would like to be able to search on another computer but I will take what I can get.
<elb0w> root@mdguru2:/home/gtsafas/GIT/RSIGrid2/SecurityMaster# route add -net 198.140.50.0 netmask 255.255.255.192 gw 10.47.201.174
<elb0w> SIOCADDRT: No such process
<elb0w> any ideas?
<RoyK> elb0w: is 10.47.201 available?
<RoyK> if that network isn't available, the gateway isn't either
<RoyK> pastebin netstat -rn and ifconfig
<hggdh> EtienneG: heh. So am I :-)
<elb0w> How can I clear all static routes ive added
<elb0w> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
<elb0w> 10.47.201.174   *               255.255.255.255 UH    0      0        0 eth3
<elb0w> how can I remove that
<penguin42> hmm I wonder why this vm has 102 udevd's running
<Method_man_> i have a problem
<Method_man_> any one is here
<penguin42> state the nature of your ubuntu-server problem
<bogeyd6> !anyone | Method_man_
<ubottu> Method_man_: A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<Method_man_> ?
<Method_man_> i wants to know the command for opening my ssh acount through. terminal
<penguin42> opening?
<Method_man_> sory open
<webPragmatist> hey guys have any of you attempted to use csync to sync cron.*
<guntbert> Method_man_: ssh account@host.name
<webPragmatist> and did something like prefixing the scripts with global. maybe?
<webPragmatist> or suffix
<Method_man_> oki wait dir let me try
<webPragmatist> hrm
<webPragmatist> is it possible with csync2	 to delete a file if it exists on a slave
<Method_man_> humm taking time
<Method_man_> do i have to specify the ports?
<bogeyd6> try this Method_man_ , ssh username@ipaddress
<Method_man_> ip adress?
<tucemiux> I can log in locally to my ssh server but I keep getting permission denied from outside on the net ???
<penguin42> when you say 'permission denied' at what point exactly do you see that - and is that the actual error?
<tucemiux> penguin42, it looks like it's a DNS issue, Im using password login, I type in my password on my laptop using a tethered connection and cant log in, I login from my desktop to the ssh server located locally, type my passwrod in, and im in
<penguin42> are you sure you are actually getting to the machine you expect?
<bihari> any indian here
<tucemiux> penguin42, yes, im getting to the machine, im seeing my banner, I dont think it's a DNS issue :-(
<tucemiux> penguin42,  you know what /etc/resolv.conf is for??
<penguin42> tucemiux: It tells your machine how to do DNS lookup
<webPragmatist> woh
<tucemiux> penguin42,  can that be any DNS server? it's currently pointed to 167.206.251.30, dont know why
<penguin42> tucemiux: Yes it can, it's normally assigned by DHCP from your router unless you've set it up by hand
<tucemiux> penguin42, it looks like that IP is owned by Cablevision so it's legit, im going to change the resolv.conf see if it helps any
<tucemiux> penguin42, still no dice!  I have a spanking brand new install, is it a firewall rule that's blocking me from the outside?
<penguin42> tucemiux: how exactly are you connecting to your machine?
<tucemiux> penguin42,  ssh -p 1111 username@myhostname.here   , I see my banner, then it prompts me for the password, I type in my password and wont let me in while connected from the net
<penguin42> well it won't be firewall if it's let you connect that far
<tucemiux> Permission denied, please try again.
<guntbert> tucemiux: the username is not root?
<tucemiux> guntbert, nope
<guntbert> tucemiux: was just a thought ..
<penguin42> tucemiux: That really is a case of it thinking the password is wrong or the username is wrong
<penguin42> although you could check /var/log/auth.log for more info probably
<tucemiux> penguin42, can i be logged in twice? One locally, another from the outside?
<penguin42> tucemiux: Yes, that's fine
<tucemiux> penguin42,  Bind to port 1111 on :: failed: Address already in use
<tucemiux> penguin42, it looks like it's pointing to the ssh server im going to demote :-(
<tucemiux> sorry, silly me
<tucemiux> ok i took down old ssh server down, configured router and rebooted, going to reboot new ssh server as soon as my router is up
<bihari> ?
<bihari> i have a remote shell
<bihari> you know how to make a shell on ubuntu
<tucemiux> yes i do
<tucemiux> penguin42, thanks i figured it out
<norrec> how to you add drivers to the install cd?
<penguin42> hmm
<norrec> I'm trying to install onto a drive that is attached to a promise tx4 sata controller, however I can't see the drive, the card says its supported by linux and I found that ubuntu has an open source driver for it, but it seems that its not on the install cd, how do you add drivers to the install cd so I can use the drives attached to the add-on card
<penguin42> hmm I'm surprised that doesn't work out of the box
<Psi-Jack> Has Ubuntu server's virtualization cluster stack gotten easier to use yet?
<Psi-Jack> Since 10.04, since I haven't tried it out yet.
<penguin42> I've got a bunch of VMs using KVM running, I'm using virt-manager to set them up
<MTecknology> Psi-Jack: not sure - but 9.10 is when I started using it heavily and it seemed incredibly easy - 10.04 has a new script for generating vm's - it's ugly to start because of the options but once you build out a generic command for what you want to use it's pretty darned awesome
<MTecknology> there's a definite learning curve to it - but i don't really know how you could make it any easier (aside from a "~bug")
<Psi-Jack> Well, hmmm.
<Psi-Jack> What I plan on doing is this.. I have very basic simple needs.
<Psi-Jack> I want to run two virtual machine servers that does firewall/routing at the host OS level, and run two servers in each. Windows 2008R2 Server, and Debian. These will be Windows and Linux based webservers primarily.
<MTecknology> don't pass routing off to a vm..
<Psi-Jack> I just got done trying out Citrix XenServer, but it failed miserably at the virtual network stack.
<Psi-Jack> MTecknology: I'm not. that's why I'd have it done at the host level. Not a guest.
<MTecknology> missed that
<MTecknology> sounds pretty simple
<Psi-Jack> With XenServer, I had to make a router VM, and it failed to even do simple NAT-based LVS directing to servers on the same physical host.
<penguin42> Psi-Jack: Doing the host OS firewalling means you're going to have to do some manual work, setting the rest up should be relatively easy
<Psi-Jack> penguin42: Yeah. :)
<MTecknology> why not do routing on a different system?
<MTecknology> take a cheap desktop and put pfsense on it
<Psi-Jack> Bleh. I don't like pfsense.
<penguin42> MTecknology: Why does he want separate hardware for it - he doesn't need to
<Psi-Jack> And the idea is to keep power consumption down.
<Psi-Jack> I went from having 14 servers, to 6.
<penguin42> Psi-Jack: Have you tried virt-manager?
<MTecknology> penguin42: i suppose - i just like being able to leave it up to different systems so anything behind can be very easily changed -
<Psi-Jack> I had in the past, yes. It was okay, and relatively simple. But keeping in mind I'm running Windows as workstations and laptops, not Linux, I want it to be relatively easy to manage in the long run, and using X on Windows isn't very pleasant. ;)
<penguin42> Psi-Jack: Ah OK, I'm not sure what's available for remote config from windows, if you just want consoles then you can use vnc to get consoles
<MTecknology> virsh for cli
<MTecknology> virsh is as easy (in my head easier) than virt-manager
#ubuntu-server 2010-05-29
<Psi-Jack> hehe
<MTecknology> here...
<Psi-Jack> Well, all in all, Ubuntu Server looks like a viable option for the host OS at least. It's just a matter of wether to use UEC, or keep it simpler with virt-manager and/or virsh.
<MTecknology> http://paste.ubuntu.com/441108/
<MTecknology> Psi-Jack: that's how I generate all vm's that are ubuntu
<Psi-Jack> Heh
<MTecknology> Psi-Jack: there's a lot there - but 90% of the system is setup when that finishes - I'm going to be writing a script to polish them off for me probably
<Psi-Jack> Heh
 * penguin42 clicks the buttons on virt-manager, a lot easier
<MTecknology> penguin42: ya ya - if you say so :P
<Psi-Jack> Heh
<Psi-Jack> I should've taken the sign with Citrix, when it had issues on one of my servers that it had trouble detecting three simple network cards.
<MTecknology> I always take cli over gui if cli makes any sense - my media player is cli
 * MTecknology is not a citrix fan
<Psi-Jack> Me neither!
<Psi-Jack> Their vnet stack is borked!
<Psi-Jack> I had a Debian-based router/firewall/LVS director in a vm on citrix, and it could LVS direct by NAT for servers not in the same physical server, but to a guest inside the same physical server would completely trash the packets.
<MTecknology> penguin42: does virt-manager install let you choose packages to add/remove and ppa's to add?
<penguin42> MTecknology: No, it's purely for creation of the VM at the virtual hardware/networking - it doesn't do anything inside the VM
<MTecknology> penguin42: then virsh is win :D
<penguin42> can virsh do that? How?
<MTecknology> penguin42: linky ^
<penguin42> Ah, vmbuilder
<penguin42> I've heard of it but not tried it
<MTecknology> err... ya- that - idk why i was thinking that was virsh
<penguin42> I was thinking virsh was virsh
<MTecknology> that really long thing though - gives me a system that'll be 90% ready for me to polish off - takes me about 10min to have a server doing w/e i want it to after that finishes
<penguin42> which is nice
<MTecknology> the servers I'll be deploying later won't be that friendly
<MTecknology> i'll have a lot of learning - drdb, mysql replication, redundancy, carp, etc
<Psi-Jack> Alright, well, here goes. Getting ready to toss Ubuntu-Server on one of my servers. ;)
<MTecknology> !kvm | Psi-Jack
<ubottu> Psi-Jack: kvm is the preferred virtualization approach in Ubuntu. For more information see https://help.ubuntu.com/community/KVM
<Psi-Jack> MTecknology: So you think I should just do it, without UEC?
<MTecknology> Psi-Jack: I never mucked with that - i'd assume it's just a stack that you'd wind up with following that
<MTecknology> !uec
<Psi-Jack> Well, UEC does use Java, so the host OS becomes a big memory hog in itself...
<MTecknology> icky
<MTecknology> it must just include a web ui for managing things?
<Psi-Jack> Heh, I'd barely even call it a web UI for managing anything to be honest.
<Psi-Jack> It doesn't let you create VMs. Manage them. Turn them on or off.. Or anything useful IMHO.
<Psi-Jack> That was for UEC in 9.10 though. Never saw if 10.04 improved that or not.
<MTecknology> virsh start hostname
<MTecknology> :)
<penguin42> Psi-Jack: I did go to a presentation on UEC - it's supposed to be very easy to get going
<Psi-Jack> No, I didn't.
<MTecknology> to kill w/o power off - virsh destroy hostname
<MTecknology> Psi-Jack: he said 'he' did
<Psi-Jack> Ahh
<Psi-Jack> 'supposed' to be. And are, are two different things. ;)
<MTecknology> I'm looking at it some - it looks pretty seamless
<MTecknology> penguin42: Eucalyptus == UEC ?
<Psi-Jack> Yes
<Psi-Jack> Ubuntu Eucalyptus Cloud
<MTecknology> ah..
 * MTecknology read it as Enteprise
<MTecknology> http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1391656,00.html
<MTecknology> that's the setup process - lacking on details for the rest of stuff
<Psi-Jack> For 9.10
<MTecknology> personally - it looks like i can do it all from cli - so that's what I'll continue to do - i prefer not adding deps i don't need
<MTecknology> Psi-Jack: ya... but ubuntu only gets better :D
<Psi-Jack> Ehhh.... Sometimes.
<Psi-Jack> There's still some things about Ubuntu I'm totally enraged about, personally.
<Psi-Jack> upstart, being one of them I absolutely hate.
<Psi-Jack> Well, definitely interesting.
<Psi-Jack> XenServer fully utilized LVM for local storage volumes. ;)
<penguin42> Psi-Jack: I'm running kvm instances off lvm volumes
<MTecknology> i like upstart - but i really don't like the bloat in plymouth
<penguin42> upstart just seems unfinished - none of the config tools work with it
<Psi-Jack> heh
<Psi-Jack> upstart IS unfinished.
<Psi-Jack> That's the problem!
<Psi-Jack> LOL
<penguin42> it does seem to have some nice bits though
<MTecknology> jdong is doing good on it though - it's mostly just him
<Psi-Jack> Just like the one they used in hardy was unfinished. Yet they're putting unfinished init systems in LTS.
<MTecknology> scott*
<Psi-Jack> I wonder if they'll start yet a new init system with 10.10. :)
<MTecknology> nah - upstart is slow in progress but considering the # of devs... not surprising
<Psi-Jack> Well, so far, I got Ubuntu Server installing, without UEC.
<MTecknology> imo - a gui is just bloat
<MTecknology> like ebox or webmin
<Psi-Jack> Webmin, I actually use and like.
<Psi-Jack> My main webserver is totally configured by virtualmin. ;)
<Psi-Jack> Thing about it is, webmin+virtualmin has both web interfacing and CLI tools to totally do everything with.
<MTecknology> i thought it was the bestest best until i learned how to do the same thing via cli - then saw how it destroyed the configs - then decided i can do it all better myself
<Psi-Jack> It doesn't really destroy configs. There /was/ a time it did, but today it's pretty clean.
<MTecknology> can it make exim configs look pretty when it's all done?
<MTecknology> as pretty as exim can allow...
<Psi-Jack> Heh.
<Psi-Jack> Dunno. exim's not my mailserver of choice.
<MTecknology> I wonder if I can get nessus on my backtrack vm..
<MTecknology> I want to scan my servers to see if i missed anything obvious
<Psi-Jack> Cool. ubuntu 10.04 has a tasksel for virtual machine host. ;)
<MTecknology> Psi-Jack: ya, i just follow aptitude path :P
<Psi-Jack> And... Finally... Almost done installing.
<Psi-Jack> Hmm, nothing new yet for 10.4 on howtoforge for the same as: http://www.howtoforge.com/virtualization-with-kvm-on-ubuntu-9.10
<Psi-Jack> Yet, I see. ;)
<MTecknology> Psi-Jack: the ubuntu server docs guys keep pretty up on kvm - you should peek there
<Psi-Jack> heh.
<Psi-Jack> And the first problem..
<Psi-Jack> virsh -q qemu://system list, fails with: Error: Cannot access CA certificate '/etc/pki/CA/cacert.pem': No such file or directory.
<penguin42> hmm I don't have one of those
<penguin42> ah you set up for doing it remotely
<MTecknology> penguin42: virsh -c qemu:///system
<penguin42> hey tell that to Psi-Jack
<MTecknology> Psi-Jack: *
<Psi-Jack> Yeah, I'm on it. ;)
<MTecknology> Psi-Jack: if you're connecting to a remote system - virsh -c qemu+ssh://192.168.1.4/system
<Psi-Jack> This is local...
<penguin42> that's curious, because with the -c it works here
<penguin42> http://libvirt.org/remote.html  has instructions for generating the keys/certs - but I don't think you should need to for local
<MTecknology> I wish firefox would let you do something like some.addy.com@123.123.123.123
<penguin42> why do you want to?
<MTecknology> internal or dev systems
<MTecknology> i'd use it daily
<Psi-Jack> So you could go to a specific IP and still use HTTP 2.0 to send what host name you're trying to use. ;)
<penguin42> you need the http1.1 hostname stuff?
<MTecknology> ya
 * penguin42 would just add a /etc/hosts entry
<MTecknology> that's what i do
<MTecknology> i just wish i could do that w/ firefox
<MTecknology> or like how virsh does it
<MTecknology> firefox http://10.41.0.5/dev.domain.com
<drake> Hello everyone.
<Psi-Jack> Hmmm. Fun fun!
<Psi-Jack> Ubuntu fail. Can't even get network going at the moment. LOL
<MTecknology> Psi-Jack: can't setup a bridged interface?
<Psi-Jack> No no..
<Psi-Jack> I set it up to use eth0 during install, and after install, eth0 is non-existant.
<Psi-Jack> However eth1 worked, (but that's the NIC connected to the cablemodem), and eth2 worked..
<Psi-Jack> eth0, is..... Plain dead.
<drake> If you're running ubuntu server with no gui, and you want to share subfolders from /media/yourusbdrive but not the entire thing, How would you suggest going about doing that?  Say there's three folders you want to share in that drive named 'documents' 'apps' & 'storage'.  They're all on the root of said device but there's also a lot of other folders you do NOT want shared.  Any thoughts?
<drake> The twist is that the entire drive is already currently being shared and visible by any computer within the network.
<drake> Hello all.
<edwin-sv> hi guys!!!
<edwin-sv> how can i do to make GRUB recognize the type of the filesystem of a partition to boot from it again?
<Psi-Jack> Heh
<Psi-Jack> Well, interesting. I was at least able to get virt-manager running. Installing a guest OS now under fluxbox. ;)
<edwin-sv> Hello everyone!!! How can i do to make GRUB recognize the type of the filesystem (ext3) of a partition to boot from it again? actually that partition has ext3 filesystem and the boot loader but after some repair maintenance with fsck GRUB presents an Error 17 :(  (btw, I don't want to lose the data formating as ext3 that partition)
<edwin-sv> Thanks in advance! :)
<ChmEarl> edwin-sv, do you have more than one hd?
<edwin-sv> no ChmEarl, only one
<edwin-sv> but in that disk I have three partitions
<ChmEarl> all bootable? or more than 1 is bootable?
<edwin-sv> sda1=ubuntu booteable; sda2=swap; sda3=ntfs non-booteable
<ChmEarl> edwin-sv, if you are using grub2 I am have no answer
<edwin-sv> actually the problem is that the error 17 says that grub doesn't recognize the type of filesystem
<MTecknology> how do i Make a file on the system with a / in it?
<ChmEarl> edwin-sv, the usual approach is boot with live media ( I prefer puppy) and check with fdisk
<edwin-sv> ChmEarl, actually that server has ubuntu with the last grub before grub2 :)
<ChmEarl> edwin-sv, be sure that the MBR and super-blocks are good
<ChmEarl> edwin-sv, parted can recover a lost partition too
<edwin-sv> ChmEarl, I have booted with a Ubuntu liveCD and try to mount that partition but appears an error that I must declare the type of filesystem
<edwin-sv> I put that it is ext3 (mount -t ext3 /dev/sda1 /media/sda1) but it show an error that is not the right filesystem :(
<edwin-sv> and when i type: fdisk -l  it show the parition /dev/sda1 with the id of the ext3 filesystem (83)
<ChmEarl> edwin-sv, leave off the -t option, but pass an option -o offset=32256
<ChmEarl> then mount will do the right thing
<ChmEarl> edwin-sv, you can get the correct offset with fdisk -lu
<ChmEarl> 32256 = 512 * 63
<edwin-sv> ChmEarl... is a shame that the server is not in this room, but i will do tomorrow because i have to leave the office :(:$
<edwin-sv> actually the time is 7:15pm in my GMT :(
<edwin-sv> i am grateful with yor help ChmEarl !!!  :)
<ChmEarl> np - happy weekend
<edwin-sv> maybe can I see you here tomorrow again :)
<edwin-sv> if not, thanx anyway!!!  o/
<edwin-sv> :)
<Psi-Jack> Hmmm interesting.
<MTecknology> Psi-Jack: how's it workign for ya?
<Psi-Jack> dmesg is showing me with eth0, and eth1, with the exact same HW MAC addresses.. Which... Is... Not correct.
<Psi-Jack> MTecknology: kvm? Even faster and better than Citrix was..
<Psi-Jack> So far
<Psi-Jack> But, having issues with getting my NIC's setup for bonding because they're showing up as the same device.
<MTecknology> well..... that doesn't take much at all
<Psi-Jack> Different location, physically and address-wise, but same MAC.
<MTecknology> Psi-Jack: pastebin 'ip maddr' 'ipconfig' 'cat /etc/network/interfaces'
<Psi-Jack> One sec. I was just changing PCI slots on them. ;)
<Psi-Jack> Ahhhh
<Psi-Jack> Now they're showing up differently.
<MTecknology> Psi-Jack: magically working?
<Psi-Jack> Yeah. I changed what PCI port the second one was on, and presto.
<Psi-Jack> Kinda wierd, actually.
<Psi-Jack> This is an ASUS M4N78 Pro mobo, and it has some wierdness issues.,
<Psi-Jack> Now, just gotta correct the udev rules, and should be okay again. ;)
<MTecknology> Psi-Jack: enjoy the awesomeness :)
<Psi-Jack> Heh
<Psi-Jack> Though....
<Psi-Jack> MTecknology: By chance do you run Windows servers under kvm at all, or just linux?
<MTecknology> Psi-Jack: just ubuntu - you can easily do windows too - just need virt-viewer -c qemu+ssh://some-ip/system hostname
<MTecknology> unless you want to use virt-manager
<Psi-Jack> Yeah.. usiong virt-manager, but my questions were more towards Windows and virtio for the VNIC. ;)
<MTecknology> oh.. i probably don't have the answer
<Psi-Jack> Yeaaah.
<Psi-Jack> I tried enabling a new NIC with virtio, and installed the drivers in 2K8R2, and it didn't work, apparently.
<MTecknology> the windows driver for windows is the issue?
<MTecknology> try asking in #kvm
<Psi-Jack> Yeah.
<|corpse|> has anyone been seccessful in setting up samba for a home network in 10.04?
<Psi-Jack> Heh
<MTecknology> |corpse|: i'm sure a great many have been - are you looking for a question answered? if so you should ask it
<Psi-Jack> Now to figure out how to setup a bonded eth0+eth1, bridge those two for the virtual network, and ... yeah. ;)
<MTecknology> Psi-Jack: heh... i've always wanted to do that
<Psi-Jack> That's exactly what I'm GOING to do. ;)
<MTecknology> Psi-Jack: you should blog a how to
<Psi-Jack> Oh, I will. :)
<|corpse|> MTecknology: sorry, i keep having an issue were my other computers can see the network but when i try to access it i get "unable to locate share list" i googled the problem and saw it was pretty common in 10.04 but havnt not seen any fixes
<Psi-Jack> I have a dokuwiki site I do for technically advanced stuff. ;)
<MTecknology> |corpse|: config?
<Psi-Jack> Aha.. Think I got it. ;)
<e_t_> |corpse|: I've moved to rsync for home file sharing, but I have Samba set up. The key, IMHO, is to edit /etc/samba/smb.conf directly, instead of using a configuration tool.
<|corpse|> e_t_: ok, i have worked with it a bit but ill look into it more. I am new to linux and setting up servers. i have managed to get a ipconfig 3 running with mail dns and ftp but still cant get into my drives from my other machines ><
<MTecknology> pastebin your smb.conf
<e_t_> |corpse|: If you have ftp up, use that. You will get MUCH faster transfers with that than with Samba.
<MTecknology> e_t_: how secure is samba?
<e_t_> MTecknology: I don't really have a way to judge the security of Samba. It does have support for authentication, but I don't know about encryption. I also don't know how Samba compares with other transfer protocols.
<|corpse|> would you recommend rsync over it?
<e_t_> It depends on what you are doing. If you just want to move files from one machine to another (and they're all Linux/UNIX), rsync can't be beaten. If you have Windows machines, or want to graphically browse, FTP or Samba are better.
<Psi-Jack> Boom.
<Psi-Jack> Ethernet Bonding with balance-tlb on two NIC's, br0 on top of bond0. :)
<Psi-Jack> Everyone seems to document the "Debian" way to use module options, when it can be done right in the network/interfaces file as bond_option value
<Psi-Jack> What's nice, is I don't have to change a darn thing in the Windows server vm at all. :)
<LMJ> hi
<brando753> is there a way to connect to wifi on ubuntu server
<|corpse|> when setting up fstab can you use linux as the file system or does it have to be ext3, ext4 etc?
<e_t_> |corpse|: linux is an operating system, not a file system.
<|corpse|> e_t_: i was thinking that but when i do fdisk -a some drives are ntfs some are fat32 and some are linux
<e_t_> That's just fdisk being non-specific.
<|corpse|> e_t_: i just wasnt sure if i ould use linux beause i know a drive is ext4 but when i try to mount it says its not valid
<|corpse|> is there any way to make it more specific
<|corpse|> im setting up 5 drives and out of them i have 1 mounted correctly =\
<e_t_> Not that I know of. Fdisk doesn't care particularly because its only job is partitioning. Other tools are used to actually format the partitions.
<|corpse|> ok, cause i know one drive is ext4 but when i mount it i get VFS: Can't find ext4 filesystem
<e_t_> |corpse|: have you Google
<e_t_> ed the error
<e_t_> (pressed Enter by mistake)
<|corpse|> yeah, not having a ton of luck though, ill keep diggig around
<e_t_> |corpse|: what do you want to do with these five drives?
<|corpse|> store and share files
<|corpse|> with my home network
<e_t_> As a RAID?
<|corpse|> pretty much
<|corpse|> i would like to keep redundent backups of my systems on one drive. then keep movies, tv, music ect on others
<e_t_> Probably what you want to do is set up Logical Volume Management. Check this out - http://www.linuxconfig.org/Linux_lvm_-_Logical_Volume_Manager
<|corpse|> ahh, thanks ill give it a look
<cybrocop> Hi All. Is it possible to make an Ubuntu 10.04 system not boot because of messing up the networking configuration. To be specific it boots, but it gets stuck at one point and doesn't give me a login prompt so that I can even log in to investigate what the problem is.
<cybrocop> This is what I get:   http://img692.imageshack.us/img692/8377/imag0060i.jpg   -- All I did was to create a new bridge and I have copied the contents of /etc/network/interfaces from a working computer... so I don't know why it wouldn't start up the bridge, but even more worrying is that I can't even log in to see what the problem is. Incidentally, I can ping the IP address of the bridge so it must have worked to a certain extent, but not enough to
<cybrocop> get me a login prompt.
<Psi-Jack> Hmmm. That problem is showing up again on my other virtual machine server, two Netgear GA311's showing up in dmesg with the exact same HW MAC, eth0, and eth1, different IRQ.
<lau> hello, I update 8.04 to 10.04 via do-release-upgrade
<lau> after reboot I am stuck on busybox initramfs prompt
<lau> I tryed set rootdelay=90 on grub entry
<lau> but still got busybox initramfs prompt
<lau> I tryed boot on live cd than fsck the root partition than chroot and update-grub
<lau> but still got into the busybox initramfs prompt
<lau> any idea how to fix this ?
<lau> it says uuid not found where can I check uuid info ?
<RoyK> lau: blkid
<RoyK> lau: I've seen that happen a few times myself - replaced the uuid= in /etc/fstab with the device name (/dev/sdax)
<RoyK> that works unless you shuffle your disks, but then, if you do that, other things may break too
<RoyK> hm... but busybox? did you install grub2? maybe grub2 is using the uuid
 * RoyK neither knows nor likes grub2 too well
<Deeps> feeling very silly, and i'm sure it's something obvious, but can anyone see why it's not letting me add this route?
<Deeps> http://paste.ubuntu.com/441307/
<Deeps> configuration of eth0 is 192.168.0.32/24
<Deeps> so new target router for 192.168.1.0/24 is subnet local still
<norrec> i'm trying to install ebox but i'm having truble with dependancies so i'm not sure where i went wrong. apt-get is saying that there are packages that are unavalible that are listed as avaliable on packages.ubuntu.com
<a_m_y> wanted to know how to use iptables in load balancing? tnx
<RoyK> a_m_y: see http://lartc.org/
<atomic__> +1 for lartc.org
<a_m_y> huwaw. tnx very much. appreciate it
<awb> Hello, I'm new to Ubuntu Server, I'm trying to setup a Primary Domain Controller on Ubuntu 10.04 for Windows Machines to join, I was wondering if there is some sort of current guide to fully setup a server as a PDC I have not found one that actually works in Ubuntu 10.04 yet, or has someone setup a PDC in 10.04 and can walk me through?
<RoyK> awb: samba can work as a winnt pdc, but not AD pdc - google for samba pdc
<RoyK> awb: http://lmgtfy.com/?q=samba+active+directory+dc
<awb> the problem I am finding is the active directory stuff
<cybrocop> Hi, what is the MAX number of SATA drives one can have. I have 6 installed, but without enabling my MOBO's SATA RAID functionality (fake raid) I am only able to see 4.
<JohnDoy> cybrocop: it is MBo limit
<bobo123> do I have to do anything to restart samba or something after I change the /etc/samba/smb.conf ?
<cybrocop> Thanks JohnDoy, do you know whats the Linux max... for example, if we go with the standard nomenclature  sda - sdz that means you could have a total of 26 drives. Is there anything that comes after "z" for instance?
<cybrocop> This is more of a curiosity. I don't think I'll ever have a configuration such as this. :)
<JohnDoy> I believe it can go over 26 (a-z)
<bobo123> (I want to be able to print from my other computers to the printer connected to this computer even when I have this computer started in ubuntu, and read somewhere that I should insert security = share in /etc/samba/smb.conf to stop it from asking for password)
<cybrocop> JohnDoy.. yes, I just googled. After sdz, it starts with sdaa  http://publib.boulder.ibm.com/infocenter/dsichelp/ds8000ic/index.jsp?topic=/com.ibm.storage.ssic.help.doc/f2c_linuxscsilimit_2hsag9.html
<JohnDoy> cybrocop: one says that limit for USB devices is 128
<birmaan> hai
<RoyK> ho
<bobo123> hai ho!
<daubers> Hey all, I've got some hostname weirdness going on, any idea what's wrong here? http://pastebin.ubuntu.com/441349/
<daubers> this is a lucid server
<bogeyd6> daubers you dont have hostname installed
<daubers> bogeyd6: Yes it is. If iI run it wihtout --fqdn it works fine
<bogeyd6> lemme fir eup test vmware server
<bogeyd6> im half wonder if you need to /bin/hostname --fqdn
<JohnDoy> Does Ubuntu 10.04 have OpenVZ kernels supported?
<daubers> bogeyd6: matt@daubers:~$ /bin/hostname --fqdn
<daubers> hostname: Name or service not known
<bogeyd6> forgot sudo
<daubers> bogeyd6: Same result
<bogeyd6> hmm
<RoyK> afaik hostname should be runnable for a normal user - no need to sudo
<bogeyd6> works fine on the test image
<bogeyd6> joe@joe-desktop:~$ sudo hostname --fqdn | joe-desktop
<bogeyd6> Linux joe-desktop 2.6.32-22-generic #33-Ubuntu SMP Wed Apr 28 13:27:30 UTC 2010 i686 GNU/Linux
<daubers> interstingly dnsdomainname fails too
<RoyK> works here as well
<RoyK> daubers: have you set the domain name?
<daubers> RoyK: It's set in /etc/hosts, see the pastebin above
<bogeyd6> should return just the hostname at least
<daubers> matt@daubers:~$ hostname
<daubers> daubers.co.uk
<bogeyd6> sounds suspiciously like  a path problem
<RoyK> daubers: pastebin /etc/resolv.conf
<daubers> http://pastebin.ubuntu.com/441352/
<RoyK> no domain set there
<daubers> didn't help
<RoyK> what about /etc/defaultdomain?
<daubers> doesn't exit
<daubers> exist
<RoyK> add your domain there - # cat /etc/defaultdomain
<RoyK> nilu.no
<daubers> hah! /etc/hostname shouldn't contain the fully qualified domain name, just the bit before the .co.uk
<daubers> sussed it!
<daubers> reset that, add the hostname to /etc/hosts (without the .co.uk) and then restart the hsotname service
<daubers> bingo
<daubers> thanks chaps :) You managed to set me on the correct path
 * wise_crypt is away: need a rest, tired looking a fast channel :)
<kaushal> hi
<kaushal> I need help on logrotate
<kaushal> can i ask here ?
<kaushal> I get error: error reading top line of /var/lib/logrotate/status
<kaushal> I dont run out of disk space
<norrec> i'm trying to install ebox but i'm having truble with dependancies so i'm not sure where i went wrong. apt-get is saying that there are packages that are unavalible that are listed as avaliable on packages.ubuntu.com
<failover> There is a way to install php5 without apache2 packages on lucid ?
<failover> I want to run  Nginx, php5 and wordpress. I don't want apache, installed on my server...
<failover> hum... php5-cgi should be the right package...
 * MTecknology uses php-cgi for all websites
 * wise_crypt is away: sleeping 
<MTecknology> !away > wise_crypt
<ubottu> wise_crypt, please see my private message
 * wise_crypt is back (gone 00:05:37)
 * wise_crypt is away: 
<MTecknology> wise_crypt: don't use noisy away/return messages..
<wise_crypt> sorry just forgot to uncheck it sorry
<ruben23> hi i have ubuntu desktop want to get a file on my ubuntu-server anyways..?
<ruben23> with windows i can used winscp
<ruben23> but what about with ubuntu..?
<MTecknology> scp
<guntbert> ruben23: scp  :-)  (why do you think winscp is named that way)  -- but  it has no GUI, just command line
<ruben23> MTecknology:is it builtin on an ubuntu-desktop..?
<MTecknology> ruben23: you coudl try and find out?
<ruben23> but i wan to extract the file on my ubuntu-desktop
<guntbert> ruben23: its CLI only
<MTecknology> I don't get what's going on here.. http://p.linode.com/3879
<MTecknology> there's nothing that should eat up that memory...
#ubuntu-server 2010-05-30
<tense> hi
<tense> I just set up a vpn server using the pptpd server but I'm having troubles to configuring the iptables to do NAT
<tense> with ubuntu server 10.04
<JohnDoy> tense: Why not use Vyatta, easier to config.
<tense> humm
<tense> i will try this
<tense> thanks
<jeeves_Moss> can someone tell me why hotmail would be giving me this error when I'm trying to send to my domain?  http://pastebin.ca/1874100
<Wiebe> Hi, im failing atm wondered if you know how to solve it :)
<Wiebe> trying stuff with SSH keys :)
<Wiebe> but now i get this:
<Wiebe> Received disconnect from 10.0.0.1: 2: Too many authentication failures for wiebe
<Wiebe> can i get the SSH server to let me connect again (i can login from other accounts).
<Wiebe> restarting the SSH server doesnt help.
<Wiebe> or do i have to wait x minutes..
<steven_t> hello :)
<steven_t> how would i find on my own what the proper file is to run a script after the server boots up?
<cxo> How do you figure which device node corresponds to ataX in the kernel log?
<cxo> I have a hard drive that looks like its going to fail, the kernel log keeps saying ata7 is hard resetting. I want to know which /dev/sdaX it corresponds to so i can change the drive
<Psi-Jack> Hmmm
<Psi-Jack> Well, this is annoying as heck.
<Psi-Jack> Why is it, when I setup a vm in virt-manager to use a more usable VNC display than the default 127.0.0.1 automagic one, it completely fails to let me manage it anymore in virt-manager, throwing python exceptions about character devices and such?
<twb> pastebin the transcript, including what you changed and the new error message
<twb> Might also be worth telling #libvirt (or is it #virt?)
<Psi-Jack> Heh, not sure. :)
<Psi-Jack> I'll set up another vm and do that, cause I want to be able to not have to use Xmingwin's Xlaunch from my windows workstation & laptop just to get to the console of a vm.
<drake> Hello all.
<drake> is that Ken1 from last night?
<corpse> quick easy question, how do i make samba run on start up?
<RoyK> corpse: iirc it'll start on boot when it's installed - that's default
<RoyK> https://help.ubuntu.com/8.04/serverguide/C/installing-samba.html is a good place to start
<corpse> yeah thats what i thought but when i reboot my server i need to run /etc/init.d/smbd restart  before i can connect with my other computers
<corpse> which isnt not a big deal, i just thought there might be somthing i could do quick to make that unessesary
<RoyK> cd /etc/rc2.d
<RoyK> ln -s ../init.d/samba S95samba
<RoyK> or something
<RoyK> isn't there any S*samba in /etc/rc2.d ?
<corpse> nope =\ all of my other server apps are there but no samba
<RoyK> just make one
<RoyK> symlink to the init script
<RoyK> look at what's there
<RoyK> there's a "proper" ubuntu way to do this, some command, but I don't remember - that command just makes the symlink anyway
<corpse> working on it =P
<RoyK> man update-rc.d
<RoyK> that's the 'proper' command
<corpse> lol think i ran the wrong command
<RoyK> [11:50]  <RoyK> cd /etc/rc2.d
<RoyK> [11:50]  <RoyK> ln -s ../init.d/samba S95samba
<RoyK> that'll work
<corpse> lol ok ill run it if a can get the server up again
<corpse> i ran update rc.d smbd start | stop   it ran a bunch of errors now the server will not mount any of my drives or give me access to a comand line
<corpse> i guess i have to learn some how
<corpse> RoyK: thanks man that did it, very much appreciated
<m_tadeu> hi everyone
<m_tadeu> I just installed ubuntu server but the console history is not active
<m_tadeu> mmm...guess the cursors are not working at all in the command line...can it be because it's running on a virtual machine?
<uvirtbot> New bug: #587548 in samba (main) "Samba fails to share printer in 10.04 " [Undecided,New] https://launchpad.net/bugs/587548
<desperate_man> hello. i am looking for someone who got time in PM. got problem with sysv/ startup script server 10.04
<xperia> hello to all. how can i test if a connection to a specific port inside the lan is open ? example http://192.168.1.90:8080
<very-desperate-m> hello. i am looking for assistance with server 10.04 to start script
<desperate-man> hello. i try to find someone who can help me with an automated startup script problem on 10.04
<desperate-man> got anyone time or ideas?
<cloakable> Give me a moment and I'll get my crystal ball
<desperate-man> done that. didn't workout
<desperate-man> Does someone know OpenKM?
<desperate-man> -
<steven_t> ok so this is my plan on how to backup my vm: in the vm, mount a shared folder so host:~/grvm == guest:/mnt/shared and then inside the guest, cron a script that will rsync from guest:~/ to guest:/mnt/shared every N minutes .... what do you guys think?
<desperate-man> Does Ubuntu 10.04 use upstart or sysv?
<qman__> desperate-man, ubuntu uses upstart, but it has sysv emulation, so scripts in /etc/init.d/ should still work
<gyre> hi...i have a q...im troubleshooting apache a little be and in tcpdump I can see ipv6 packets...instead of ipv4....when I check network settings I can see that ipv6 is disabled so what am I missing out ?
<gyre> the problem im experiencing is related to apache2ctl command
<gyre> is it using ipv6 procol and somehow bypassing network settings ??
<RoyK> gyre: I'd recommend using wireshark instead - far simpler and way better
<gyre> RoyK yeah true
<gyre> but it gives the same results :)
<gyre> so the problem is not in capturing process
<gyre> problem is that i dont understand why is apache2ctl using ipv6 when querying apache2 status
<RoyK> perhaps it defaults to trying on the best protocol?
<RoyK> shouldn't matter much if it were using ipx, so long it does its job
<gyre> RoyK how do I force it to use ipv4 ?
<gyre> i dont want it to use ipv6
<gyre> becaue obviously that's causing the troubles when retrieving the apache status on the commandline
<RoyK> http://httpd.apache.org/docs/2.0/bind.html
<gyre> RoyK im not talking about apache2 config...apache2 is set to be using ipv4 in my config
<gyre> my questions is
<gyre> why is APACHE2CTL using ipv6 when querying apache for the status
<RoyK> do you use ipv6?
<gyre> no
<gyre> thats the weirdest thing
<RoyK> just checked two ubuntu boxes, one with hardy and one with lucid, and it doesn't look like any of them uses ipv6 for apache2ctl
<gyre> i have ipv6 disabled
<gyre> i made few tcpdumps
<gyre> and can see that it does
<gyre> did you tcpdumped apache2ctl status ?
<RoyK> just did an strace, and I see no traces of ipv6 there
<gyre> check out my screenshots...i attached them to my post on ubuntuforums; http://ubuntuforums.org/showthread.php?p=9384371#post9384371
<qman__> gyre, what method did you use to disable ipv6?
<RoyK> gyre: did you try to allow ::1 ?
<qman__> I guess more to the point, if you disable ipv6 by blacklisting the kernel module, the software can't very well use ipv6 even if it wants to
<qman__> as opposed to just blocking it all in the firewall or not configuring addresses
<RoyK> I don't see a big point in disabling ipv6
<gyre> qman_ i didnt try anything yet
<gyre> i dont know how to do that
<gyre> i only checked the network settings
<gyre> thats it
<yurist> ubuntu newbie needs some help with disc partition
<yurist> gparted sais No devices detected
<gyre> yurist can you run sudo fdisk -l ?
<seanr> I added an SSL certificate to my box and configured apache to use it.  When I attempt to restart apache, it fails, but no errors show in error_log.  Why wouldn't it print out the error anywhere?  How can I tell what's tripping it up?
<seanr> As soon as I remove the keys from default-ssl, apache starts, but I obviously need those keys to work.
<guntbert> seanr: does the key have a passphrase set? that could be a reason..
<seanr> guntbert, yes, but I have an sh script to output it and have apache pointed at it.
<RoyK> remove the passphrase
<seanr> Or at least I did, not sure which config file it was in.  Let me see if I can find it with a grep.
<guntbert> seanr: crazy idea :-)  if the passphrase  is on the system anyway - why not remove it (if only for a test)
<seanr> guntbert, I found it and removed it from mods-available/ssl.conf, tried to start apache, got fail and never did get the passphrase prompt.
<seanr> Why doesn't apache give me any more info?
<guntbert> seanr: increase the log level
<seanr> guntbert, set it to debug and only got this: [Sun May 30 15:49:05 2010] [info] Init: Seeding PRNG with 648 bytes of entropy
<seanr> Nothing else, still failed.
<RoyK> it's no point of having a passphrase for ssl keys on a server
<cloakable> indeed
<seanr> OK, I'll regenerate them without then.
<RoyK> seanr: you can remove it
<seanr> How?
<RoyK> don't remember the command, but still
<RoyK> google for it :Ã¾
<RoyK> usually it's the last step in ssl howtos
<RoyK> or one of the last steps
<guntbert> seanr: you can remove the passphrase - look at the manpage of openssl search for passphrase -- you can always alter it so you can leave it empty too
<seanr> OK
<seanr> OK, completely regenerated the keys, re-keyed it on Godaddy, and uploaded the new crt files from them and it still won't start.
<seanr> guntbert, the old certificate that worked was just a regular one, but the new one is a wildcard certificate - is there anything special about that that could be causing this to fail?  I still don't get why it won't tell me what the bleeding error is even with LogLevel set to debug.  WTF?
<guntbert> !language
<ubottu> Please watch your language and topic to help keep this channel family friendly.
<guntbert> seanr: I know nothing about wildcard certs -- sorry
<RoyK> wtf is this !language stuff? is ubuntu a christian channel?
<guntbert> !coc | RoyK
<ubottu> RoyK: The Ubuntu Code of Conduct is a community etiquette document to which we ask all Ubuntu users to adhere, and can be found at http://www.ubuntu.com/community/conduct/ .  For information on how to electronically sign the CoC, see https://help.ubuntu.com/community/SigningCodeofConduct .
<RoyK> guntbert: there is nothing in there about using the English language in full
<guntbert> RoyK: but swear words (even obfuscated ones) are definitely unwanted
<RoyK> why?
<guntbert> !guidelines
<ubottu> The guidelines for using the Ubuntu channels can be found here: http://wiki.ubuntu.com/IRC/Guidelines
<RoyK> guntbert: no, I'm wondering about why, not some guidelines
<RoyK> I was a little worried about how ubuntu would work on this 16 core box, but it's performed well with 100% cpu load over two weeks+
<guntbert> RoyK: that is the way it is :-) I didn't make them ...
<RoyK> that's rather totalistic - obey the rules, they are there, without a reason
<guntbert> RoyK: the reasons are there - please read the guidelines
<RoyK> I've read them
<RoyK> they don't make sense
<guntbert> RoyK: I don't want to discuss rules this evening to be honest
<RoyK> seems noone really want to discuss them - totalist regimes should be quite little compatible with an open system like ubuntu
<seanr> What do you guys know about an issue with openssl in ubuntu/debian?
<seanr> Someone in #httpd just told me to ask.
<MTecknology> How do I setup a master/slave for MySQL? Any idiots guide to it?
<MTecknology> RoyK: I'll discuss - but I have a rather set view and we'll simply be battling the whole time
<binBASH> MTecknology: You can find a lot tutorials for that kind of setup via google
<MTecknology> binBASH: I figured - where there's a lot of info I usually like asking here because somebody usually has a link for the best way to do it in ubuntu :)
<MTecknology> nice nick
<binBASH> so you're lazy it seems :p
<binBASH> anyways, I'm off. cya tomorrow
<chrismsnz> hey guys, does anybody here have experience with varnish?
<MTecknology> chrismsnz: i'm just starting to look into it
<chrismsnz> I have a strange problem with it - the thing throws a 503 when I have firebug enabled :\
<uvirtbot> New bug: #433764 in clamav (main) "After upgrade, clamav's clamd gives "ERROR: initgroups() failed."" [Undecided,Fix released] https://launchpad.net/bugs/433764
<uvirtbot> New bug: #587684 in munin (main) "Inexplicable green line towards the top of graphs" [Undecided,New] https://launchpad.net/bugs/587684
#ubuntu-server 2011-05-23
<DinVitamin> I installed Ubuntu Server, which has no sound or video drivers. I installed the video drivers and x-server, etc. so that I could see everything, but how do I install the sound drivers?
<cloakable> They're built into the kernel
<uvirtbot> New bug: #786780 in postfix (main) "package postfix (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/786780
<Delerium_> Hi guys, I need your input / recommandation .. my dedicated server is up!  but they put qmail to manage emails ... I think qmail is not even supported anymore and the developpement is stop by now ... I thought about installing Zimbra instead.  Any other solutions you could think of?
<AtomicSpark> So, the "updates avaiable" part of my MOTD hasn't been correct for a few months. How do I fix it?
<AtomicSpark> Its stuck on saying 11 packages. :\
<julian_c> Using 10.04 LTS?
<AtomicSpark> Yes.
<AtomicSpark> Is it a bug?
<AtomicSpark> It happened after there were updates and I updated them, but the counter never reset.
<julian_c> Kind of. When you log in, it's actually showing two MOTDs.
<AtomicSpark> Haha! What the crap. So it is.
<julian_c> If you delete the file </etc/motd.tail>, then it will only show the current MOTD. (The stale MOTD is in that file.)
<AtomicSpark> The default terminal size wasn't showing the other one. I maxed the window after you said that. Sillyness.
<AtomicSpark> I shall do that then.
<AtomicSpark> Seems to have fixed it. Thank you.
<julian_c> You're most welcome.
<AtomicSpark> :)
<Snugger_> Having trouble installing ubuntu server could someone help me?
<Snugger_> Hello?
<Delerium_> What's the issue first?
<Snugger_> i get a corrupt file error while it is installing the base system
<Delerium_> maybe a corrupted download / or wrong burning ... did you check the md5su?
<Delerium_> mdsum
<Snugger_> no i havn't, but i've tried burning and burning numerous times, still the same error
<Delerium_> then might be your download ISO
<Snugger_> should i try a mirror link?
<Delerium_> check the md5sum, that might save you downloading everything again (and save bandwith)
<Snugger_> I'm going to use my labtop to burn the cd this time, could you inform me how to check the md5sum though incase i have the same problem on my labtop?
<Delerium_> do you have a Linux installation available?
<Delerium_> command would be: md5sum FILENAME
<Delerium_> the right md5sum is on Ubuntu download site if I'm not mistaken
<Snugger_> I'm burning the cd via Windows Vista & Windows 7
<Delerium_> Snugger_, not sure if this kind of tools is available on Windows...
<Snugger_> I apoligize, i'm new to ubuntu entirely, does ubuntu server require ubuntu OS installed beforehand?
<Delerium_> nope
<Snugger> @Delerium_ i got disconnected from the chat, what did you write?
<Delerium_> Snugger, Nope. you don't need a Ubuntu installation beforehand
<Delerium_> You can always try to install Ubuntu in the VM to avoid burning CDs over and over
<Snugger> I'm not sure how to utilize the VM without an active OS on a computer
<Delerium_> Ho okay... you only one computer running Windows and you wish to install ubuntu as a dual boot?
<jmarsden> Snugger: https://help.ubuntu.com/community/HowToMD5SUM  has info for checking md5sums from different OSes, including windows.
<Delerium_> nice to know jmarsden , thanks
<jmarsden> Delerium_: google for ubuntu howto md5sum    and you find it :) :)
<Snugger> thanks jmarsden, delerium, i am transforming an old pc into a game server trying to use ubuntu server
<Delerium_> jmarsden, well.. I was just trying to help Snugger ;)  I'm working at the same time so no time to google over to find answer
<Delerium_> check the link jmarsden sent ...
<Delerium_> you will be able to see if the .iso file is ok or not
<Snugger> i will, thanks for being patient with me
<Delerium_> no worries, we've all been there ... and I must say I'm not a Linux expert at all... this learning, when I have time
<Snugger> i can tell english is not you're main language, may i ask which is?
<Delerium_> haha! You're right... French ... I'm from Montreal
<TVision> Hi. I'm using ircd-hybrid and irssi. /list isn't showing me +s secret channels even though I /oper. What might I be doing wrong?
<Snugger> Ah tu parles francais?!
<Snugger> tu aurais du dire quelque chose, je parle le francais. s'il est plus facile pour toi a epliquer l'instructions en francais, vas y =ED
<Delerium_> Snugger: :) Tu es du Quebec aussi?
<Snugger> non, de chicago, mais j'etudie le francais
<Delerium_> Cool!
<Snugger> j'ai decider a toi de parler desormais en francais?
<Delerium_> Snugger, but I do really love to improve my english .. since I'm working 90% with english people... but you can talk me in french, that's fine ;)
<Delerium_> I'll give you a note after ;)
<jmarsden> On doit parler en Anglais ici, je pense.  Peut-etre vous pouvais parler en Francais en #ubuntu-fr ? :)
<Delerium_> yup
<Snugger> woops okay english it is =D
<Delerium_> That was kind of not predictable ;)
<Delerium_> Gosshh... I should really update my upload speed...
<Delerium_> and say bye-bye to my unlimited plan
<Snugger> it will save money, what are you uploading?
<Delerium_> Snugger,  Zimbra ...600 megs.. I should have download it directly from the server... instead of uploading from my laptop.. oh well
<jmarsden> Snugger: Incidentally, try /msg nickserv info Delerium_    to see a bit of info about his login, that might have given you a clue where he is from :)
<Delerium_> ;)
<bencc> what is the /etc/nginx/conf.d folder for?
<jmarsden> bencc: Local customization of nginx configuration by dropping files in there...
<bencc> jmarsden: but it only allow configuring the http context
<jmarsden> Don't the files there get included into the nginx configuration?  I'm no nginx expert, but that is usually how confid/ directories work...
<jmarsden> * conf.d/ directories work...
<bencc> jmarsden: yes, it's included but it only let you configure part of the possible settings
<jmarsden> bencc: Well, per site stuff goes in sites-enabled/  ... what else do you need to configure in nginx.conf ?
<bencc> jmarsden: worker_processes, worker_connections, gzip, logs...
<bencc> jmarsden: gzip and logs can be configured in conf.d but worker_processes and worker_connections can't
<Snugger> woohoo, i burned the cd from my labtop and it is finally installing the base system
<Delerium_> Snugger, cool!
<Delerium_> Snugger, defective CD / Burner ?
<jmarsden> bencc: OK, so edit them in /etc/nginx.conf itself, they are already in there... it doesn't make sense to let each app configure nginx-wide options, the apps would all fight each other... right?
<bencc> jmarsden: yes. ok
<Snugger> Delerium_ perhaps, i should look into it
<bencc> jmarsden: I'll just use etckeeper to keep track of changes
<Delerium_> Snugger, well.. at least, you will be up and running soon
<Snugger> this is the first server i've ever made, are they hard to maintain and setup?
<Delerium_> Snugger, Depends on what you want to install... but upgrading / installing security fixes is pretty easy
<Snugger> Hey delerium how do you make it so the messages are directed towards me? and i want to install a minecraft server
<Delerium_> Snugger, Just type the first letter of my nick and then hit Tab.
<Delerium_> Snugger, as for minecraft ... I really don't know
<Snugger> dwhat do your server(s) manage
<Snugger> Delerium_: what do you're server(S) manage?
<Delerium_> Snugger, Just bought a dedicated server for a personnal project ;) ... but at work, I'm managing website for a bank (WebSphere, IBM https server, iPlanet. MQ, blabla)
<Snugger> Delerium_: Cool, i'm a bit baffled as to which server software i should install
<Delerium_> Snugger, depends on requirement! ;)
<Delerium_> Snugger, need a HTTP Server?  Apache.  Need a Database?  MySql will do the job. ;)
<Snugger> Delerium_: No website or database, what is a Tomcat Java server?
<Delerium_> Snugger, Tomcat is an applicatiion server for Java.  It will let you run java Servlet/JSP.  But no EJB.
<Snugger> Delerium_: Could you run java applet on a samba file serveR?
<Delerium_> Snugger, yup, since java applet are run on the browser side, not on the server side
<Snugger> Delerium_: aAlso i will be able to install additional server software on my server if needed?
<Delerium_> Snugger, yep, the ubuntu repository contains alot of software to be installed (open source, of course)
<Delerium_> Snugger, Like I said, it really depends on what you need and what you want to do
<Snugger> Delerium_: i know what i want to do, i just don't know which softwares i need to do it. I should study software and hardware, but french is my passion also
<Delerium_> Snugger, I think you wanted to install a minecraft server at first?
<Snugger> Delerium_:  yes that's correct
<Delerium_> lol... just check the minecraft website... seems weird ;)
<Snugger> Delerium_: mdr i'll google it, what are you studying or what did you use to study?
<Delerium_> Snugger, a DEC (Collegial) in computer science... But I'm 34, so it was a bit easier to get a good job in the past
<Snugger> Delerium_: ahh i take computer science at my high school, i'm not that good at it to be honest. you're fluent in javascript?
<Delerium_> Snugger, Nope ... I'm no developper at all!  But I do have some developmenet basic which I need to do my job
<Delerium_> Snugger, it's weird since, for example. WebSphere is a big container, and you then install the code on it.  So I support WebSphere, but not the code itself.  But I do have good java basis...
<jmarsden> Snugger: Why did you install Ubuntu server before knowing what you want to run on it?  That seems odd... it is easiest to pick a server OS that has existing packages of the software application(s) that you are wanting to run :)
<Delerium_> I guess he's playing around and learning ;)
<Snugger> exactly, and i had no idea where to find those server OS's. I guess i like learnin the hard way
<Delerium_> I think we all did
<Delerium_> Well.. for me ;)
 * jmarsden got himself a B.Sc in Computing and Information Systems in 1983... :)
<Snugger> You did now? alot of things have changed since then
<Delerium_> jmarsden, errr... I was 14 then!!! I thought I was old ;)
<Delerium_> err.. no ... I was 8!! Goossshh
<Delerium_> Born in 76
<jmarsden> Things change, but computing itself does not, and the basic principles do not, so it has been (relatively) easy to learn new things with that bacis of knowledge to "hang things on"
<Delerium_> jmarsden, yep, one of my teacher always told us :" I'm learning you how to learn " ... I find this pretty right
<jmarsden> Right.  I just mentioned it to suggest that the idea that "we all" learn by playing with modern PCs and free OSes does not fit my approach very well, Linux did not exist in 1983, I don't think even Minix existed then :)
<Delerium_> Indeed!  I guess you were mostly working on DEC / Mainframe/ Cobol /Fortran and things like that
<Snugger> i really enjoy learning about computers and technology and i am somewhat computer savy, i'm patient with computers. I also like business and french though
<fluvvell> jmarsden, xenix existed, I connected terminals for it.
<jmarsden> Right, but it wasn't free :)
<fluvvell> jmarsden, quite right.
<Proz01d> i'm searching for domain registrar any recommendations on cheap ones? (also do most provide unlimited subdomains)?
<Delerium_> Good old days ... Sometime. I'm missing my little Tandy TRS-80 with it's tape drive (?!?!) go figure
<Delerium_> Proz01d, Home server without a static IP ?
<jmarsden> Proz01d: Registrars are not concerned with subdomains at all; how you configure your DNS servers determines those.
<Proz01d> i'm just using google dns servers.
<jmarsden> Proz01d: Not if you register a domain, you aren't :)
<Proz01d> Delerium: I do have a server with a static ip
<jmarsden> Unless you can persuade Google to provide authoritative DNS for your new domain... which I somewhat doubt?
<Delerium_> Proz01d, maybe your server provider can act as a registrar
<Proz01d> i'd rather keep my server and registrar seperate in case i end up finding something better
<Delerium_> not sure... I always use the same server provider / registrar in the past
<Proz01d> whos is your provider?
<Delerium_> iWeb.com, located in Montreal
<Delerium_> I also use aplus.net in the past (I think they were bought by another cie meanwhile)
<jmarsden> Proz01d: You can look at https://www.nearlyfreespeech.net for a fiercely independent place that will do domain registrations for you.  Don't cosider this a recomemndation, check them out for yourself and decide if you like them.
<jmarsden> Proz01d: They will also do DNS for you if you need it, but if you have a server on a static IP and it is reliable, you can run primary DNS there, and find a free secondary somewhere to save $$ if you know what you are doing.
<uvirtbot> New bug: #786813 in samba (main) "Enable avahi support in samba" [Undecided,New] https://launchpad.net/bugs/786813
<Snugger> quick question, so i am trying to install capability for my netgear wireless usb adapter onto ubuntu, it recognizes it, but it is not connecting to the internet
<Proz01d> jmarsden: the server is pretty small so i want ot limit the number of things i run there.... I don't really understand dns at all so i will need to do some researc there. Regardless it still needs to be registered no?
<Delerium_> Snugger, Sorry, But I can't help much on this ... I never use linux with a wireless usb
<jmarsden> Correct.  Easy way is to use somewhere like nearlyfreespeech to both register it and then run DNS for it there, they have a web interface so you can add/edit DNS stuff on their servers for your domain... nice and easy.  But you will pay some small amount for that service.
<jmarsden> Snugger: wireless USB on the Ubuntu Server?  That's not brilliantly documented, but I have something twb gave out here last time this was asked about, let me find it...
<jmarsden> http://pastebin.com/Uu0HMbcP
<Snugger> appreciate it
<jmarsden> Snugger: You need to edit the two files /etc/network/interfaces and the wpa_supplicant one...
<jmarsden> So that plus reading    man interfaces   and   man wpa_supplicant.conf     should be a start.
<Snugger> okay i'm completely clueless as to what you just said.. should i type in what is on this page and that should fix the problem?
<Delerium_> Gotta go guys ... Need some sleep... be back tomorrow, take care
<Snugger_> jmarsden: so on the pastbin link you sent me, type that into the server console?
<jmarsden> Snugger_: No, edit those config files... I can't teach you the basics of managing a server right now, I need to do other things, sorry.
<Snugger> jmarsden: no problem, i teach myself =D
<jmarsden> The commands to type would be    man interfaces     and    man wpa_supplicant.conf    to learn about those files, and then you can use sudoedit to edit them to look like the ones it my pastebin.
<Snugger> i typed in sudo vi /etc/network/interfaces would that work also?
<jmarsden> Snugger: Probably.
<Syria> Hi, can I install ubuntu server 10.4.2 using a usb flash disc?
<jmarsden> Syria: Probably.  One set of instructions is at http://www.pendrivelinux.com/run-ubuntu-server-edition-installer-from-usb/
<Syria> jmarsden:  Thanks, i will read that.
<jmarsden> You're welcome.
<speakman> lambda_x: Hi! Just wanted to tell you that when the new disk in my raid1 finally was synchronized, it automatically switched from spare into an "ordinary" disk in the mirror. It's now sda1[0] sdb1[1] instead of sda1[0] sdb1[2].
<speakman> lambda_x: even mdadm -E /dev/sda1 tells only two disks now.
<Syria> Hello, I want to install Zimbra mail server on my ubuntu server 10.4.2 I have two hard discs each one is 1tb please tell me what is the best way for partitioning.
<thefish> hi, i have a lucid server kvm image which I just found in "loading, please wait" - it had been like this for at least a few days. I've tried to use a rescue image, and this is complaining "no partitions found", though fdisk -l shows 3 partitions (/dev/vda1 as root) - I can chroot to this and all the files seem sane - any ideas what to look at?
<thefish> ^ the fdisk stuff in the busybox shell that the installer offers
<uvirtbot> thefish: Error: "the" is not a valid command.
<thefish> :)
<Syria> Are there any useful docs for partitioning?
<RoyK> Syria: the default will work well in most cases
<Syria> RoyK:  please tell me what do you mean by default?
 * RoyK is off for an MPI/parallel processing workshop
<Syria> RoyK:  This will give the home folder a huge space right? which is useless.
<lambda_x> speakman: it was synchronizing? well... in that case - everything is now solved :)
<lambda_x> speakman: you just had a bit nervous weekend ;)
<Syria> Hello, I want to install Zimbra mail server on my ubuntu server 10.4.2 I have two hard discs each one is 1tb please tell me what is the best way for partitioning.	
<uvirtbot> New bug: #786907 in siege (main) "package siege 2.70-1 failed to install/upgrade: error writing to '<standard output>': No such file or directory" [Undecided,New] https://launchpad.net/bugs/786907
<fastveg> kiall: you around?
<Daviey> Syria: To start, i would use mdad softriad across the two.
<Syria> Daviey:  I don't know what is that :( mdad
<Daviey> Syria, Software Raid.
<Daviey> Syria, https://help.ubuntu.com/community/Installation/SoftwareRAID
<speakman> lambda_x: Solved indeed. I guess I wasn't even very nervous... :D
<andygraybeal> so this is completely scary.  i have had logrotate cough for a while now.  i see the problem exists in a specific file with -d ... i go to list the folder with the issue.. and it won't come up :(
<andygraybeal> i do ls -al on it.. and it just hangs
<andygraybeal> what should i do?
<andygraybeal> i hit ctrl-c to get out of it.. but the prompt never comes back, and the (scsi) HD's are blinking lots.
<andygraybeal> it looks like i might have some bad data
<andygraybeal> what should i do next?>
<Guest21700> Hello, I have a server that restarted last night and I can't find why. I searched through the various logs and found nothing. I have eliminated electrical failure as the source of the problem. I found nothing in syslog, dmesg or kern.log to justify the reboot. Where else might I look to find the reason for this reboot ?
 * SpamapS stretches
<RoAkSoAx> SpamapS: morning... up early again huh?
<SpamapS> RoAkSoAx: yeah been up for > 1 hour already
<andygraybeal> can anyone help, i can't do a ls -al on a folder, or a rm -rf ... i am sudo -i'd in ... i think there might be some data problem.  i don't know what to do.
<RoAkSoAx> SpamapS: heh... I;ve been up for a couple hours already.. dunno why but I'm waking up earlier than always lol :)
<SpamapS> andygraybeal: can you expand on "can't" .. like.. what is the error message?
<SpamapS> RoAkSoAx: you're *SUPPOSED* to be up for a couple hours now though.
<andygraybeal> SpamapS, it just kinda hangs there, and i can't ctrl-c out of it - i kill it after awhile with htop.
<andygraybeal> it doens't give me a listing or anything
<SpamapS> andygraybeal: try 'dmesg' .. any errors?
<RoAkSoAx> SpamapS: I officially start at 9 so I usually wake up around 8.15/8.30. Been waking up at 7
<SpamapS> Oh to be young
<andygraybeal> SpamapS, i don't think there is anything in dmesg
<andygraybeal> yea, nothing in dmesg - i'm doing a tail -f /var/log/dmesg
<andygraybeal> and then i did a ls -al while tailing.. and nothing showed up
<SpamapS> no
<SpamapS> dmesg
<SpamapS> not /var/log/dmesg
<SpamapS> /var/log/dmesg is a snapshot from when the system booted
<andygraybeal> aah okay
<SpamapS> the command, dmesg, shows you the latest contents of the kernel's output buffer
<andygraybeal> yea, i don't see anything in dmesg either... i mean that makes sense to me
<andygraybeal> tehre's some mtrr: type mismatch whichs sounds very scary
<SpamapS> ok, and anything in /var/log/syslog ? no errors reported?
<andygraybeal> nothing in syslog
<SpamapS> Bleh.. ok.. were it my system, I'd scheduled downtime, put it in single user mode, and run forced fsck's and maybe even check for bad blocks.
<andygraybeal> okay, thank you
<SpamapS> andygraybeal: if your drives / controllers have support for SMART, might be good to do that as well.
<andygraybeal> mdadm says all is good as far as the raid goes
<SpamapS> hanging indefinitely is generally not a good sign
<andygraybeal> i dont' know if that matters
<SpamapS> mdadm can do very basic checks..
<SpamapS> but it doesn't go through and make sure all the blocks are returning what they should
<andygraybeal> what can i expect from fsck .. ultimately?
<SpamapS> well fsck is just going to make sure its not a filesystem issue
<SpamapS> btw you'll want to pass -f to fsck so it forces a full check.
<andygraybeal> okay thank you for that
<SpamapS> andygraybeal: I'm curious, what kind of drives, and what kind of RAID?
<andygraybeal> raid 10... softraid... and i honestly don't remember the drive types.. it's been maybe 2 years.. but they are seagate
<andygraybeal> is there a way to get the type of drives out of the system?
<uvirtbot> New bug: #786999 in squid (main) "package squid 2.7.STABLE7-1ubuntu12.3 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,New] https://launchpad.net/bugs/786999
<RoAkSoAx> zul: ping
<SpamapS> andygraybeal: yeah, hdparm /dev/XX should give some info..
<andygraybeal> cool thank you SpamapS
<andygraybeal> i scheduled downtime tomorrow morning at 6am
<uvirtbot> New bug: #787013 in apache2 (main) "Please merge apache2 2.2.19-1 (main) from debian unstable (main)" [Wishlist,In progress] https://launchpad.net/bugs/787013
<SpamapS> andygraybeal: good luck.
<andygraybeal> yea, if things go bad..... how bad could it get?
<SpamapS> andygraybeal: got backups? ;)
<andygraybeal> it's a raid 10 ... yea, i have backups
<SpamapS> just to make sure I understand you right.. raid 10 is NOT your backup solution, right?
<andygraybeal> aah .. it came back with 'bad system call' !!
<SpamapS> I'd check dmesg again.. might be some kernel errors now
<andygraybeal> ok
<SpamapS> but more to the point..
<SpamapS> when you say you have backups.. you have snapshots of the data stored somewhere other than on the RAID, right?
<andygraybeal> dmesg doesnt' have anything that i can see
<andygraybeal> yea, it's all on tape
<SpamapS> Ok.. some people don't understand the difference. Just making sure. :)
<andygraybeal> yea, no problem, thank you
<andygraybeal> for being persistent and thorough :)
<andygraybeal> actually my backups have had a hard time.... every day this month since the 9th.. i think it is because of this problem
<andygraybeal> so i have data, but from the 9th.. which sort of sucks but.. oh well
<SpamapS> andygraybeal: if its just one directory, I'd recommend backing up everything else manually before doing your fsck
<andygraybeal> cool, i'm configuring bacula to not touch that directory right now
<andygraybeal> ;)
<andygraybeal> just as you said that i saved :)
<andygraybeal> now to restart the service
<SpamapS> andygraybeal: I once had an FTP server that took 3 hours to fsck, resulting in a) a clean filesystem, and b) about 20% of the files disappearing due to corruption.
<andygraybeal> SpamapS, very scary
<andygraybeal> i don't know how to do a diff between my backups and my filesystem :(
<andygraybeal> i guess i'll learn :)
<SpamapS> andygraybeal: It had been running for 4 years w/o a reboot
<andygraybeal> nice
<SpamapS> and getting something like 50,000 uploads a day
<andygraybeal> what o/s?
<SpamapS> RedHat 8
<SpamapS> on a Compaq Proliant DL380 (1st Generation)
<andygraybeal> nice
<evilsushi> how can I make server-wide bash prompt changes regardless of users .bashrc?
<andygraybeal> i like your nick evilsushi :)
<ph8> I realise it's a silly question, but i've come across a legacy intrepid box on my network, i don't particularly want to risk upgrading it but I want to install a few things - is there anywhere i can still get intrepid packages?
<evilsushi> thanks =)
<andygraybeal> sorry i can't help yuo :)
<ruben23> hi guys i have uuntu server 10.04 LTS the problme is i can install lame, in anyway- i can really install it-any suggestion guys
<evilsushi> You can install lame? what does that mean?
<kpettit> Samba question.  ON my linux server I'm trying to navigate to a Windows share.  I can mount the server and main share.  But inside that share there are hidden directories.  I can't naviagte to the child of a hidden directory.
<kpettit> For example //server/share/HidenParrent/ChildINeed  I need to get to "ChildINeed" but sense I cant' see HiddenParent I can't get there.  Any ideas?
<kpettit> In Windows I can just paste in the whole URL and get there.  But in Linux sense one of the parrent directories I hidden or rather I don't have permisisons to see it, I can't navigate to the child I do have permissions to
<SpamapS> ph8: http://old-releases.ubuntu.com/
<ruben23> evilsushi: sorry i mean i cant install lame apps
<ruben23> any idea guys how do i worked around on it
<andygraybeal> LAME as in the mp3 encoder?
<andygraybeal> or lame as in sucky
<andygraybeal> or am i not up on my acronyms any longer
<ruben23> lame sa mp3 encoder
<ruben23> mp3 encoder- there is not pacakge available for ubuntu server 10.04 LTS
<ph8> thx SpamapS
<BBBThunda> anyone know a good resource for setting up kvm on ubuntu server for someone who's never used kvm?
<ph8> You should probably look up libvirt-bin BBBThunda
<BBBThunda> I've only used VirtualBox and VMWare Server mostly
<evilsushi> ruben23: what error are you getting? why cant you install? we need more information.. 10.04 LTS?
<ph8> it's an admin package for KVM virtual machines, lets you have XML config files and a nice interface
<ph8> that and some knowledge about using qemu-img create to make qcow2 disk images is probably all you need
<ph8> (read the kvm project page)
<BBBThunda> nice... thanks ph8
<evilsushi> ruben23: apt-cache search lame
<ruben23> it just say no pacakge available
<SpamapS> !serverguide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<SpamapS> BBBThunda: ^^ that has some stuff about libvirt too
<BBBThunda> Thanks SpamapS, I will check that out as well.
<ruben23> evilsushi: you there..?
<andygraybeal> SpamapS, running backup right now.. stuck a new tape in too
<andygraybeal> evilsushi,  you don't happen to be a cook do you?
<robbiew> hallyn: FedEx man arrived...ARM netbooks ;)
<hallyn> robbiew: cool, are they shiny?
<robbiew> heh...not sure, will open the box and let you know :P
<robos> ubuntu 9.10 -- is there an easy way to disable ipv6? Is it as easy as echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 ?
<uvirtbot> New bug: #787061 in php5 (main) "PHP5 fails to install lucid" [Undecided,New] https://launchpad.net/bugs/787061
<ScottK> robos: First point is you should upgrade to 10.04 since there's no more security support for 9.10.
<uvirtbot> New bug: #787091 in qemu-kvm (main) "Unable to use USB device in KVM quest" [Undecided,New] https://launchpad.net/bugs/787091
<Jasonn> Is there any problem with running 64bit OS on a vps with 256mb ram??
<cloakable> Besides pointlessness?
<Jasonn> yes
<Jasonn> cloakable: I need to run it because there is a problem with rtorrent on 32bit
<Jasonn> Its an addon, it needs to run on 64bit
<cloakable> Aha
<Jasonn> Ok, wait how about on a server with 512 mB ram ?
<Jasonn> is there any problem with that??
<cloakable> Pointlessness? :P
<Jasonn> lol
<Jasonn> other than that ?
<cloakable> Also, depends on if the vps supports 64bit
<Jasonn> yeah, it does
<cloakable> Then 256mb will (pointlessly) support it.
<cloakable> You won't see the benefit of 64 though.
<Jasonn> but will it effect the performance?
<cloakable> Apparently not :)
<bencc> I've installed ubuntu-minimal basic on vbox. after it asked me what to install (openssh, postgresql...) I just see a purple screen with a gray line at the bottom
<bencc> is it ok, or does it still installing?
<cloakable> Yea
<bencc> ok, now it says installing grub... wonder why there was no indication before. thanks
<robos> ScottK, do you have a second point?
<robos> 9.10 is what we run for now and I immediately have to disable ipv6
<ScottK> I was going to say that I think what you suggested is correct.
<robos> ah
<robos> what's weird is i used ifconfig eth0 inet6 del and also disabled it using /proc but if I run a nestat -na |grep tcp I still see tcp6 connections
<RoyK> robos: connections or packets?
<robos> I assume connections. An example line is this:
<robos> tcp6       0      0 10.251.1.56:44632       10.251.1.142:11213      ESTABLISHED
<robos> that's from netstat
<maswan> that's a v4 connection, not v6
<robos> hmm. what's tcp6 then?
<RoyK> fe80::x:x:x something
<RoyK> or x:x:x::x..
<hggdh> smoser: can you set up an ec2 kernel for karmic-2.6.31-308.29?
<maxagaz> I'm connected to my server with "ssh -D 1234 myuser@myserver", I've set Firefox to use proxy on localhost:1234, but it doesn't work (connection refused by proxy server), where could it come from ?
<maswan> tcp6       0      0 2001:6b0:e:2018:::51494 2001:6b0:e:4040::123:22 ESTABLISHED
<robos> i'm having problems with this box -- intermittent connections. Should I be concerned that i see tcp6 using netstat or shrug it off as normal?
<maswan> that's an example of a v6 connection
<robos> Yeah, i see it's certainly a ip4 IP. But not sure why netstat thinks it's 6. Even if I use netstat -na -6 it shows the tcp6 connections -- which my understanding of netstat is that should only show ipv6 connections
<maswan> tcp6 can also do v4 connections, I forget how you use that, but it might be up to the application doing the connection
<robos> yeah.. i have coldfusion listening on ipv6 addresses
<robos> which i need to figure out how to turn that into ipv4 only, but that's another story :-)
<RoyK> s/coldfusion/confusion/
<robos> exactly -- haha
 * RoyK isn't very fond of coldfusion
<robos> i don't think anyone really is except those programmers who refuse to switch
<RoyK> and when they do, they end up polluting your network with .net :P
<robos> haha
<maswan> deploy ipv6 instead. :)
<SpamapS> ColdFusion is to the internet as COBOL was to corporate computing.
<RoyK> SpamapS: heh - I was at a workshop today about using mpi/openmp for distributed stuff - FORTRAN is still holding the fort there, somehow :)
<maswan> RoyK: Not surprising, it's better than C for writing fast code after all
<RoyK> not really
<maswan> (under some circumstances)
<RoyK> it may be easier with newer fortran versions to write understandable code, but C is still fast
<maswan> Much less aliasing problems to start with, then arrays "laid our correctly", etc also help
<RoyK> we still have f77 in production with some models, and that code is rather ugly, beleive me :P
<maswan> Yes, I know. I work in academic HPC.
<RoyK> :)
 * RoyK works for nilu.no
<ScottK> ColdFusion was really cool in 1998.
<ScottK> I think it was 1998.
<ScottK> It was a long time ago in any case.
<maswan> ah, hpc2n.umu.se here - but currently "hired out" to ndgf.org for the nordic LHC tier1
<RoyK> last year, EyjafjallajÃ¶kull made us invest a bunch of money in storage, now, GrimsvÃ¶tn may open for more compute power, which is rather nice
<maswan> heh
<RoyK> just got this quad machine, that is, four mobos in 2U, each with two 12-core opterons and 64 gigs of ram
<zul> SpamapS:  why are you still using ftp ;)
<RoyK> rather nice piece of hardware
<maswan> Well, we're rather close to the part of cs.umu.se that does research into making matrix math go faster.
<maswan> And they are writing new and fresh fortran.
<cloakable> RoyK: very much so
<cloakable> lmao
<RoyK> I wonder how much they can stuff into 1U in a couple of years
<maswan> Well, you could also get a 1U quad-socket machine for the same core density, but bigger nodes
<RoyK> maswan: using openmp or mpi or something?
<monaDeveloper> Hi there
<maswan> RoyK: yes
<RoyK> either of them or both?
<monaDeveloper> I'm trying vgcreate volume /dev/loop0 but it always says device /dev/loop0 not found
<maswan> RoyK: mpi definately, don't know if/how they do threading
<cloakable> monaDeveloper: first, does /dev/loop0 exist?
<maswan> RoyK: quite a lot of it is even in the core code for the chunks that then are parallelised
<monaDeveloper> @cloakable yes
 * RoyK just came from a conference of parallel processing http://www.notur.no/notur2011/programme.html
<cloakable> Hmmmm.
<RoyK> maswan: I don't think they have room for so much memory per node, though
<RoyK> or perhaps they do...
<maswan> RoyK: ehm, 512G is doable on the quad socket ones
<uvirtbot> New bug: #787114 in ipsec-tools (main) "Please merge ipsec-tools 0.8.0-3 (main) from debian unstable (main)" [Wishlist,In progress] https://launchpad.net/bugs/787114
<RoyK> if they can rewrite the model to use GPUs, it may be a bit better than just using old CPUs
<maswan> that's some of the research programs they have, yes
<maswan> RoyK: heh, I was kind of hinted at that I should go for some parts of that, but I decided not to
<RoyK> maswan: I guess it was about price as well - we got this box for NOK 130k with 4 x 2 x 12cores + 4 x 64GB RAM, which isn't that bad
<maswan> RoyK: too much travel to geneva to be bothered
<maswan> RoyK: As HEP folks have found recently, for the AMD case 1 x 4 socket is quite competitive with 2 x 2 socket price-wise.
<maswan> but anyway, are you going to the ARC sessions tomorrow? :)
<RoyK> yep
<maswan> excellent. :)
<RoyK> looking forward to it - it's quite new to me
<maswan> that's part of what I'm doing for the last few years
<RoyK> :)
<RoyK> tell me, what exactly is ARC?
<RoyK> just to get some background before tomorrow :P
<maswan> ARC is a middleware that gives a common interface to many compute clusters, so that you can by one client remotely submit jobs to lots of clusters at once. They will then stage data from storage elements, run the calculations, and upload output to defined URLs.
<RoyK> ok
<maswan> Well, in the ARC project you also have clients, glue to put everything together (information system etc), but that's the basic part
<monaDeveloper> I'm trying vgcreate volume /dev/loop0 but it always says device /dev/loop0 not found any idea?
<RoyK> at this openmp session, a lady asked if it was possible to autoadjust the number of jobs according to load - so I wrote a little daemon to update the load average to allow for adjustments :P
<monaDeveloper> device not found (or ignored by filtering)
<RoyK> maswan: in your systems, do you overcommit or undercommit by terms of cpu-intense jobs?
<maswan> RoyK: Neither, we currently schedule one job slot per core and only one user per node. in the future we'll do slurm with cgroups to schedule jobs with strict memory and cpu limits
<RoAkSoAx> zul: ping?
<zul> RoAkSoAx: on holiday whats up?
<RoAkSoAx> zul: quick thingy then, Do you have any idea of why a package that has build-dep libldap2-dev won't build in oneiric as it will say openldap is too old, but it will build in natty?
<zul> RoAkSoAx: no idea
<RoAkSoAx> zul: k
<cr3> hi folks, might anyone have a cloud init script for running ubuntu-desktop in ec2?
<cloakable> why would you want to?
<koolhead17> hi RoAkSoAx
<zul> cr3: smoser might have one
<ruben23> guys any idea how to install lame mp3 encoder on ubuntu-server 10.04 LTS
<RoyK> ruben23: apt-get install ubuntu-restricted-extras
<cr3> zul: I'm trying it by hand now, fun!
<zul> cr3: cool but there should be desktop images already
<ruben23> RoyK: then whats next install the lame..?
<RoyK> libmp3lame0
<RoyK> there may be others
<cr3> zul: I couldn't find them here: http://uec-images.ubuntu.com/releases/*/release/
<zul> cr3: meh sudo apt-get install ubuntu-desktop maybe ;)
<cr3> zul: done, now evaluating vnc vs nx vs x2go
<butter_fs> How does ubiquity behave when installing to an existing partition?
<butter_fs> (specifically, I want to install to an already-made partition, and I really don't want it to blow away /home)
<uvirtbot> New bug: #787155 in scli (universe) "SCLI & segfault (show)" [Undecided,New] https://launchpad.net/bugs/787155
 * butter_fs stamps his feet, and demands free support from skilled technical workers on a statutory holiday
<Nelis> I'm trying to install 11.04 x64 server to a software raid 1 array but at first boot i get a black screen right after grub. Any ideas on how to solve this (tried reinstall)? The two drives both have a swap and ext4 partition mounted on / in raid 1. Grub is installed on the mbr of the first drive.
<butter_fs> Nelis: remote quiet splash from the grub line, and try again;  that'll give you some more debugging info at least
<Nelis> I pretty much followed this guide: https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html
<Nelis> : ok
<Nelis> butter_fs: No info, just a black screen right after. It is completely unresponsive.
<butter_fs> Nelis: do you get the grub menu?  i.e., is it freezing at grub, or during boot after grub?
<Nelis> butter_fs: Ok, I managed to get something on the screen now. I commented out the graphics line in the grub config. It now drops me into a busybox shell because it cannot find the root file system... I'll try editing grub some more, brb.
<butter_fs> ah, k
<butter_fs> Nelis: it's useful to see if you can mount the filesystem from busybox, so you know exactly what piece isn't working
<Nelis> butter_fs: Before dropping me to busybox it sais: "alert! /dev/disk/by-uuid/[uuid] does not exist.". This is the device set as root in grub. It looks like i can see the whole filesystem from busybox. Any ideas?
<butter_fs> for now, just use the device path as root, rather than root=uuid=
<butter_fs> what filesystem is it?
<Nelis> ext4
<Nelis> nvm
<Nelis> it was ofc the ramdisk..
<butter_fs> heh
<Nelis> could it be that the raid array is not loaded fast enough and the search for the root device times out?
<Nelis> there don't appear to be any md* devices present yet
<SpamapS> hallyn: hey, bug #350936 .. I think we should put our heads together at the rally and solve that.
<uvirtbot> Launchpad bug 350936 in libvirt "Should shut down domains on system shutdown" [Medium,Triaged] https://launchpad.net/bugs/350936
<SpamapS> hallyn: seems like it sits nicely at the intersection of our spheres of concern.
<rcsheets> i've noticed that a key difference between https://help.ubuntu.com/10.04/serverguide/C/windows-networking.html and https://help.ubuntu.com/11.04/serverguide/C/windows-networking.html is that the 11.04 version does not mention Likewise Open. is it no longer recommended?
<hallyn> SpamapS: excellent, let's do that
<butter_fs> rcsheets: look at the relevant section in 11.04 :p
<butter_fs> https://help.ubuntu.com/11.04/serverguide/C/samba-ad-integration.html
<SpamapS> rcsheets: Its still in main.. 11.04 shipped with v6.0 .. not sure why it would have been removed from the server guide.
<butter_fs> it wasn't
<butter_fs> it's just not referenced by name in the table of contents
<butter_fs> (because a name of a product is useless there)
<rcsheets> oh i see
<rcsheets> it's just been integrated into the rest of the docs better
<rcsheets> silly me *sigh*
<butter_fs> "it says likewise open, why would I care about that?  ooooo! it's how I join domain!  Why didn't they just say that?!"
<SpamapS> RTFM - Read the FULL manual ;)
<rcsheets> butter_fs: thanks
<Nelis> butter_fs: What do you think, could it just be a timeout issue?
<butter_fs> Nelis: could be;  can you paste your grub boot line here?
<butter_fs> and/or check if you have rootwait set?
<SpamapS> Nelis: RAID1 has some.. issues with 11.04 ... I'm working on a nasty bug right now
<butter_fs> (if you don't have rootwait, try adding it)
<SpamapS> Nelis: if you edit the grub line and remove 'quiet' .. that may help
 * butter_fs just uses btrfs, hence the nick :p
<SpamapS> butter_fs: god bless you for that. :)
<rcsheets> ha, oh dear. the linked Likewise Open Installation and Administration Guide does not seem to have been updated to reflect version 6.
<SpamapS> I wish they'd take the damn EXPERIMENTAL tag off it so we could all feel good about using it.
<butter_fs> SpamapS: NO.
<SpamapS> butter_fs: its got an fsck now doesn't it?
<butter_fs> fedora _might_ be using by default this september, in which case it _might_ be sane to take the experimental tag off a year _after_ they don't have any fatalities to their name :p
<SpamapS> I hear the main problem now is free space management.
<butter_fs> SpamapS: no.
<Nelis> SpamapS: I did, it's complaining it cannot find the boot device. When i look at /dev in the busybox shell it doesn't list any md devices, so maybe it hasn't loaded the raid array yet?
<butter_fs> btrfsck is a readonly checker, which has no place being called fsck.btrfs
 * butter_fs strangles a certain ubuntu dev
<butter_fs> SpamapS: there might be a proper one by the end of this month though
<njin> hello, can someone look at bug 787055 thanks
<uvirtbot> Launchpad bug 787055 in linux "Bridge network device showing lots of dropped packets" [Undecided,New] https://launchpad.net/bugs/787055
<Nelis> butter_fs: rootwait is not set.
<butter_fs> SpamapS: we still get messages like "this is meant for integration testing only, and should not be run by anyone who doesn't love crashes" from the lead dev in the mailing list :)
<butter_fs> butter_fs: worth a shot
<butter_fs> (get rid of any rootdelay lines)
<SpamapS> butter_fs: :(
<butter_fs> SpamapS: feel free to use it, I do :)
<butter_fs> just don't come whining to #btrfs if it breaks with your only copy of your financial data!
<SpamapS> Nelis: note that you may be dealing with bug #778520
<uvirtbot> Launchpad bug 778520 in mdadm "install on degraded raid1 does not boot, drops to initramfs shell" [Critical,Confirmed] https://launchpad.net/bugs/778520
<butter_fs> (true story, some idiot)
<SpamapS> butter_fs: nobody trusts ext4 with their only copy of anything either. :)
<butter_fs> SpamapS: amazingly enough, yes they do :p
<SpamapS> nobody sane. ;)
<butter_fs> sec, you'll like this link
<SpamapS> or informed
<butter_fs> oh, he was informed
<butter_fs> he was informed last november after the dmraid people went to heroic lengths to save his company, that switching to btrfs wasn't a reasonable solution
<butter_fs> 5 months later, he's in btrfs's mailing list complaining about how we're neglecting the community, and how he has a business to run, and doesn't have _time_ to deal with this
 * butter_fs was unimpressed :p
<SpamapS> doesn't have time for backups either eh?
<SpamapS> or transaction logs
<butter_fs> apparently
<butter_fs> "cacook", that's his name
<butter_fs> (sorry, I had it muted in gmail, so it's a little tricky to find :p)
<SpamapS> Well I feel that btrfs is stuck in a rut .. FS's are hard.. yes.. but at some point one has to wonder if it will ever be "stable"
<SpamapS> How long was XFS in testing before SGI let us use it?
<butter_fs> """What do you mean 'does Debian support BTRFS'?  The kernel supports it.  And why would they know more about BTRFS than you?
<butter_fs> My whole system is installed over BTRFS.  If this is non-functional in any OS there should be a warning indicating it is non-functional."""
<SpamapS> I'd say the same for JFS .. but JFS once ate my machine for breakfast.. ;)
<butter_fs> (update-grub was bailing because it didn't understand the partitions, which broke his package manager)
<SpamapS> I hate blamers
<butter_fs> SpamapS: stable is determined by use by those able to deal with the risks and who need the features, or the foolhardy :)
<SpamapS> If you don't know what it does, thats a risk. Accept the risk, and plan accordingly.
<Nelis> SpamapS, butter_fs: looks like it is indeed that bug. Exactly the same problem.
<butter_fs> \o/
<SpamapS> Nelis: did removing 'quiet' at least get you past the initramfs ?
<SpamapS> Its a nasty bug.. I think it may be udev/kernel timing problems.
<SpamapS> race between when udev exposes the device and it can actually be used
<butter_fs> incidently, it's fairly straightforward to modify an initramfs to force things to work
<Nelis> SpamapS: i'm not booting with quiet and i get into initramfs every time.
<butter_fs> basically, it's just adding a script to /etc/initram.d/hooks/local-top/
<butter_fs> quiet is unrelated, it just shows less stuff before it dumps you
<SpamapS> Nelis: quiet is on by default... you have to remove it. If that doesn't work, the rootwait may work.. but I wasn't able to get it to.
<SpamapS> butter_fs: it has a nice net effect of making the race win in your favor though
<SpamapS> by slowing the kernel timing down just a tiny bit
<butter_fs> what?  really!?
<butter_fs> eww?
<SpamapS> terrible work around
<butter_fs> Nelis: just modify initramfs, it's easy
<butter_fs> (I had to do similar for btrfs before ubuntu added support)
<SpamapS> But allows me to get in and install new packages / initrd without re-attaching a disk.
<Nelis> butter_fs: ok, if you talk me through it, i'm not that savvy with linux -_-
<butter_fs> /etc/initramfs-tools/hooks
<butter_fs> is the relevant folder
<SpamapS> yeah you actually just have to sleep 1 in there and it should work
<butter_fs> er, I might have lied, sec, I need to log into work
<butter_fs> SpamapS: you could do things right too :p
<butter_fs> (give me a sec, just logging into work)
<SpamapS> butter_fs: "right?"
<butter_fs> SpamapS: "non racy"
<SpamapS> butter_fs: by all means if you have a better grasp on the bug, I'd love to hear the right way.
<lifeless> SpamapS: o/
<butter_fs> Nelis: http://pastebin.com/dWzHNYV8
<butter_fs> is the sort of file that goes in /etc/initramfs-tools/scripts/local-top/whatever_name
<SpamapS> butter_fs: the race is happening somewhere between when the kernel says "ok you can use the device with UUID X" and the MD driver actually being able to see the mdX device and tell you if its degraded or not
<butter_fs> most of it is boilerplate
<SpamapS> lifeless: howdy
<butter_fs> SpamapS: how would you politely ask mdadm to tell you?
<SpamapS> lifeless: you're not going to ask me for cassandra packages again are you? ;)
<rcsheets> do bugs against the official documentation on help.ubuntu.com go in launchpad somewhere?
<butter_fs> rcsheets: yes
<butter_fs> Nelis: if you're lazy, you can just change the btrfsctl to a sleep
<SpamapS> butter_fs: the idea is to wait for the root device event to arrive on udev. Once it arrives, continue and try to use the device normally via mount. If there's a failure, you run mdadm to see if its a degraded array and if it is, act accordingly....
<SpamapS> butter_fs: the problem is somewhere between that udev event and mdadm checking the device, there's a race.
<lifeless> SpamapS: :P no, but I did just mail evand a link to oops-repository
<Nelis> butter_fs: i'll need some more details on how to implement your solution :)
<butter_fs> SpamapS: so putting some blocking call to mdadm (or a loop if it comes to that) in a local-top script should make that all go away :p
<SpamapS> lifeless: I think at this point, they've gone so far off the reservation with java packages, we're better off using upstream's fully embedded jars. :(
<SpamapS> butter_fs: precisely what I've been working on. But a way to get back up and running until we fix that.. is sleep 1. :-/
<butter_fs> SpamapS: damnit, fix it proper :D
<nimrod10> how can I kill a process that it is marked in ps as    DL     ?
<rcsheets> butter_fs: oh sorry, just saw it at the bottom of the page. *facepalm*
<butter_fs> nimrod10: you basically can't :p
 * SpamapS gets out his Proper Brand Duct Tape
<nimrod10> damn it ! I don't like it when I'm right !
<butter_fs> nimrod10: if it's blocking inside a kernel function, then killing the task would kill a random kernel function without cleanup
<SpamapS> lifeless: the last I checked, 0.7.4 and later failed with on disk format problems because of one of the archive java jars we're using instead of theirs.
<butter_fs> if you can figure out why it's blocking, and fix the underlying condition, you can sometimes get things back quicker than otherwise
<butter_fs> but if it's, for instance, because of a buggy driver, you're probably out of luck
<SpamapS> like the old "bring up another box with the same IP as the downed NFS server" trick
<butter_fs> exactly :D
<nimrod10> thanks butter_fs
<butter_fs> Nelis: the file I pasted goes in the folder I pasted, and you edit the last line according to your needs
<butter_fs> (probably a sleep 1 for now)
<butter_fs> and then you remake your initramfs's, via "update-initramfs -k all -c" (or just update-initramfs -k <kernel version> -c" if you know it and don't want to make _every_ installed kernel have the change)
<butter_fs> that way, every future kernel will also get a matching initramfs with those changes automagically
<butter_fs> SpamapS: I'm assuming that the tricky part is making it not act silly for everyone who doesn't have a degraded raid1 array
<SpamapS> butter_fs: no that works perfectly no matter what
<SpamapS> butter_fs: the tricky part is making *damn* sure you detect the degraded array
<SpamapS> So you don't accidentally sync a RAID1 in the wrong direction
 * butter_fs huggles his btrfs checksums
<SpamapS> Yeah since reading about ZFS and BTRFS .. I can't believe we're still doing this RAID thing. ;)
<butter_fs> nay, /me makes sweet love to his btrfs checksums
<SpamapS> !ohmy
<ubottu> Please remember that all Ubuntu IRC channels share the same attitude of providing friendly and polite interaction with all users of all ages and cultures. Basically, this means no foul language and no abuse towards others.
<nimrod10> something is definitely wrong with my setup. butter_fs, I hate that I have to reboot every time keepassx locks like this  with DL
<SpamapS> butter_fs: just a friendly reminder. :)
<Nelis> butter_fs: i do these changes from the busybox shell?
<butter_fs> SpamapS: I had my own ubottu factoid once :p
<SpamapS> btrfs checksums have feelings too.. make sure you call them. ;)
<butter_fs> Nelis: no
<butter_fs> Nelis: you do them from a booted system, however you manage that (chroot or whatever)
<Nelis> butter_fs: thanks for the help, but that's too much tinkering for me. For now anyways. Any idea in what timespan I can expect a fix for this issue to be available?
 * butter_fs points at SpamapS
<Nelis> :D
<SpamapS> Nelis: it will be in natty-proposed some time this week. It needs to sit there for 7 days and have some independent verification (you would be a great candidate for verification!) and then it will go into natty-updates
<SpamapS> Would have been fixed sooner but UDS sort of blew it up. :-P
<Nelis> SpamapS: I'd be happy to do some testing, but I'd need someone to talk me through it, as I'm not that good with linux.
<SpamapS> Nelis: understood. For now, do you have two disks?
<SpamapS> Nelis: if so, when you get to the initramfs> prompt, try 'cat /proc/mdstat'  .. does it show your RAID arrays?
<Nelis> SpamapS: 2x 640gb WD drives
<robbiew> hallyn: got an ARM netbook for you :)
<hallyn> robbiew: I'm ready :)
<Nelis> SpamapS: no devices shown.
<SpamapS> robbiew: I'll give you a 12oz bar of gold for one of those and the lamp from Christmas story...
<SpamapS> Cause everyone knows a 12oz bar of gold costs an ARM and a Leg
<SpamapS> Nelis: Interesting!
<SpamapS> Nelis: did you create the RAID during installation?
<Nelis> SpamapS: yes
<robbiew> SpamapS: heh
<Nelis> SpamapS: i used this guide: https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html
<SpamapS> Nelis: fdisk -l /dev/sda .. what do you get?
<Nelis> SpamapS: sda should be a raid device right? I have 6 2 TB WD drives at sda-sdf, sdg and sdh are the 640GB raid drives
<Nelis> SpamapS: looks like there's no fdisk available -_-
<SpamapS> no, sda should be a normal device with auto-detect RAID partitions
<SpamapS> ah.. hrm
<SpamapS> ahh sdg and sdh should be the regular drives then
<SpamapS> Nelis: try 'mdadm --misc --query --scan'
<Nelis> SpamapS: you think if i installed the raid drives as sda and sdb they might be mounted faster to get around this bug? -_-
<SpamapS> slightly possible
<SpamapS> shouldn't really matter tho
<Nelis> SpamapS: "create user root not found - create group disk not found - no devices given."
<SpamapS> I'm more surprised that there's nothing in mdstat
<Nelis> SpamapS: is there anything else you want me to do?
<SpamapS> Nelis: I'm really curious why you're not seeing the array. Do you have a file, /etc/mdadm.conf ?
<Nelis> in the initramfs?
<Nelis> no
<SpamapS> Nelis: interesting. It sonds like your RAID wasn't actually created properly.
<SpamapS> sounds rather
<SpamapS> Nelis: the system did boot at one time right?
<Nelis> SpamapS: no, i just installed as per the guide.
<SpamapS> Nelis: what does mdadm -E /dev/sdg1 show ?
<Nelis> SpamapS: "create user root not found - create group disk not found - no devices given."
<Nelis> ehm
<Nelis> SpamapS: cannot open /dev/sdg1: no such file or directory
<Nelis> SpamapS: are no partitions shown in /dev for sdg and sdh
<SpamapS> Nelis: yeah it seems to me that your partitions were not created properly
<Nelis> SpamapS: the installer actually shows the partitions and raid though
<SpamapS> Nelis: entirely possible its a bug.. those install directions look pretty straight forward
<SpamapS> Nelis: can you boot with 'debug' and then examine the file it writes? Its something like /run/initramfs/initramfs.debug
<Nelis> SpamapS: when i do a reboot it sais "stopping all md devices", kinda weird since there aren't any? :D
<RoAkSoAx> adam_g: ping?
<Nelis> SpamapS: I added debug to the boot options but I'm not seeing the file you're talking about
<SpamapS> Nelis: hrm
<uvirtbot> New bug: #787239 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: cannot remove `/var/spool/samba': Input/output error" [Undecided,New] https://launchpad.net/bugs/787239
<bencc> I'm installing ubuntu server 1..04 on vbox. do I need LVM?
<Nelis> SpamapS: I'll probably be back tomorrow after some testing.
<kirkland> hallyn: ping
<kirkland> hallyn: do you have an documentation/instructions/blog post on how exactly to use the multiple encrypted private directories feature we added to Natty?
<kirkland> hallyn: looks like we have a teaser in the manpage
<hggdh> smoser: how to debug an instance that does not boot on AWS (in this case, Maverick 2.6.35-29-virtual)?
<hggdh> smoser: i386, m1.small
<hallyn> kirkland: one sec
<hallyn> kirkland: i never did a new one for the merged version.  my original post was http://s3hh.wordpress.com/2010/10/27/emount-ecryptfs-mount/
<hallyn> kirkland: but really it's still all the same, especially since i alias 'mounte' to mount.ecryptfs_private, and umounte to umount.ecryptfs_private
<kirkland> ah
<kirkland> hallyn: k
<kirkland> hallyn: thakns
<hallyn> so i'm not sure anything changes :)
<hallyn> np.  had fun out east?
<hallyn> i just saw your copious blog posting :)
<kirkland> hallyn: yeah, was good
<kirkland> hallyn: i need to put up 2 more for the last 2 days ;-)
<kirkland> hallyn: plitvice was amazing
<hallyn> but, i didn't see a pic of you with ivoks' cats :)
<hallyn> jinkeys, linus is talking about '3.0'
#ubuntu-server 2011-05-24
<SpamapS> kirkland: definitely jealous of your trip.. Plitvice has been on my todo since I saw pics.
<kirkland> SpamapS: heh, yeah, you'd love it ;-)
<ph8> hmmm
<ph8> i've got a kernel panic
<ph8> on a rubbish KVM
<ph8> is there a way to RSEIUB without the sysrq key?
<ph8> I can hold alt, but not sysrq
<ph8> i can only 'tap' print screen rather than simulate a hold
<RoAkSoAx> lbor/win 2
<RoAkSoAx> lol
<NCommander> why is aptitude shipped as part of UEC?
<NCommander> oh, nm, tasksel depends on it. Shutting up now :-) (although I'm still confused on why its Task: uec)
<jdii> Can anyone here help me with a question about load balancing
<uvirtbot> New bug: #787312 in samba (main) "package smbclient 2:3.4.7~dfsg-1ubuntu3.6 failed to install/upgrade: subprocess dpkg-deb --fsys-tarfile returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/787312
<toddnine> Hey guys.  Have a cron question.  I'm trying to do a rolling backup across all nodes in our cluster.  Each node will need to run every 6 hours.  I can do all the maths in chef, but I'm unsure the best way to enter them into cron.  Essentially every node will run ever 6 hours, but with our 3 nodes they need to be in 2 hour offsets.  I, I. N1: 0,6,12,18 N2: 2, 8, 14, 20, etc
<toddnine> Is it possible to do this with the */6 syntax, or do I need to list the hours explicity?
<SpamapS> toddnine: you may want to look into something like bacula
<toddnine> SpamapS: Thanks for the response
<toddnine> I'm actually good on the backup solution itself.   It's a custom program we've written to sync our Cassandra data with S3 for disaster recovery
<SpamapS> toddnine: it has more sophisticated capabilities for scheduling and can very easily do differential/incrementals ... plus it uses a database to track files so restoring is generally very very efficient
<toddnine> Staggering it across the nodes is the issue, and across 2 DCs on 2 sides of the world :)
<SpamapS> ah you're out there on the edge. :)
<SpamapS> yeah Bacula can automatically stagger servers in groups
<SpamapS> but.. you probably have to run some "dump my data" thing out of cassandra
<toddnine> Yeah, exactly
<toddnine> the script and the backup itself works really well
<toddnine> it's the timing of the automation.  I can work out the math in my chef recipes, but I'd rather not :)
<toddnine> looks like I don't have much of an option
<SpamapS> so, you can just do something really lame and have the servers you want offset sleep for 3 hours..
<toddnine> how so ?
<SpamapS> Or, what I'd do.. I'd have one script that manages all of the backups.. so it would just make sure that no more than X ran at once, and start itself every 6 hours.
<toddnine> Yeah, who controls the backup though?
<SpamapS> the server backer upper
<SpamapS> :p
<toddnine> and what if it crashes :)
<SpamapS> there is no "it" in the cloud
<SpamapS> always "they"
<toddnine> exactly
<SpamapS> otherwise its not webscale
<lifeless> SpamapS: around ?
 * lifeless looks for ubuntu server team members to help diagnose an lp issue with their team
<fastveg> Hey guys, I need some help getting a script to run even after I close the SSH window
<joschi> fastveg: start-stop-daemon, nohup, screen. the last one is kind of dirty and you should use one of the first two.
<fastveg> Someone said that you could basically just put an & symbol at the end of the command and it should work, but I'm not having any luck with that
<joschi> fastveg: no, just sending the process to the background (with the ampersand) won't work. it's still attached to the login session
<fastveg> joschi, thanks... let me show you the script and if you could help me format it.... one sec
<fastveg> scrapy crawl domain.com --set FEED_URI=filename.json --set FEED_FORMAT=json
<fastveg> so this is a python script that crawls a bunch of urls and returns the output as a .json file
<fastveg> (using the scrapy python framework)
<fastveg> I actually did try to use screen, but didn't have luck witht hat either.... but I'm not sure I formatted correctly
<fastveg> joschi: someone said to use screen like this:  screen -dmS my_app python bla.py -- but how would that look on the script above?
<joschi> fastveg: exactly as you wrote it ;)
<joschi> instead of bla.py put in your script call
<fastveg> does the word python still need to be there?  because I took that out last time.
<fastveg> also, thanks for the info about &, I was trying to google exactly what it did, which was entirely impossible
<joschi> fastveg: see section JOB CONTROL in bash's man page
<joschi> fastveg: the "python" just calls the script as a parameter of the python interpreter. if it has a proper she-bang (#!/usr/bin/python or similar in the first line), it'll work without the "python"
<fastveg> joschi: thanks.  why is screen considered hacky compared to the other two methods?
<fastveg> and will screen still work if I exit the ssh session (unlike ampersand?)
<joschi> fastveg: screen's purpose is to multiplex terminals for interactive usage. it has far too many features you won't need
<joschi> fastveg: yes, it'll work
<joschi> you just have to detach the session instead of quitting screen
<fastveg> dude, thanks so much, great info.  have a good day.
<fastveg> joschi: detach the session = closing the terminal window? or something else?
<joschi> fastveg: try ctrl-a + d ;)
<bencc> I've installed openssh-server and /etc/ssh/sshd_config is empty, is that ok?
<_ruben> nope
<uvirtbot> New bug: #787496 in tomcat6 (main) "tomcat6-user 6.0.24 with confluence deadlocks" [Undecided,New] https://launchpad.net/bugs/787496
<andygraybeal> SpamapS, so i ran fsck -yf /dev/mapper/volume_name  -- it ran, says everything is clean but i still have issues with that folder
<andygraybeal> any ideas?
<andygraybeal> am i running fsck wrong ?  i booted into single user mode and unmounted /dev/mapper/volume_name
<andygraybeal> like right now, ls -al is taking 10% of my cpu..
<andygraybeal> trying to read that folder
<moonpup> would anyone know why logwatch delivers it's email to me everyday at 6:25am, but when I check mail it says no new mail. if i go into my Maildir I see the new mail sitting in the new folder
<smoser> hggdh, console output (get-console-output) is your only hope at that point.
<hggdh> smoser: so I was not wrong... and jj-afk confirmed it is an issue, anyway
<hggdh> smoser: thanks
<smoser> what was the problem ?
<hggdh> maverick proposed does not boot on m1.small
<RoAkSoAx> morning all
<Jeeves_> Morning
<ahasenack> smoser: hi, are you the "owner" of uec-images.ubuntu.com basically?
<ahasenack> smoser: I ask because I'm switching the way we access that query directory from http to https
<ahasenack> smoser: seems to work, ssl is available, but I wanted to ping you about it
<smoser> ahasenack, yes. you should use https, and it is available by design. and yes, i supposed i "own" it as no one else does
<smoser> but hopefully that will be moving to more "release team" at some point soon
<ahasenack> smoser: cool, thanks
<smoser> ahasenack, remember, rsync is also available.
<smoser> but there would be no way to do ssl over that i dont think.
<ahasenack> smoser: but it's such a small file
<smoser> and we don't sign that data.
<ahasenack> yeah, we got a request for some sort of detached gpg signature for that file, or inline
<ahasenack> but one step at a time
<smb> hggdh, smoser Am on it (maverick ec2)
<smoser> ahasenack, what file would you want signed?
<ahasenack> smoser: released.latest.txt
<smoser> smb,  i was about to bother you about lucid-updates. its still just '-proposed'. we expect new kernel in -updates sometime soon still?
<smoser> ahasenack, is that enough for you though?
<ahasenack> smoser: that and https, I think we are covered
<smoser> why would you need signed *and* https?
<ahasenack> probably signed would be enough too
<ahasenack> smoser: I can switch to https right now with a one-line change in the code, but switching to verifying a signature is much more involved
<smoser> right.
<smoser> and why would you not want /query/maverick/server/released.txt signed also ?
<ahasenack> "%s/server/released.current.txt" % ubuntu_release)
<ahasenack> that one too
<ahasenack> I'm just looking through the code
<ahasenack> and finding all the bits we fetch
<uvirtbot> New bug: #787551 in ntp (main) "ntpdate 4.2.6p2@1.2194-o: "no server suitable for synchronization found" - works with 4.2.4p8@1.1612-o " [Undecided,New] https://launchpad.net/bugs/787551
<smb> smoser, I would not be the authoritative source there. I lost track a bit. Probably best ask sconklin or bjf
<smoser> k
<smoser> ahasenack, right.
<uvirtbot> New bug: #787558 in openvpn (main) "package openvpn 2.1.3-2ubuntu3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/787558
<SpaceBass> anyone using a Drobo (specifically Drobo-s) with server? any tips on formatting, lun size, etc?
<Lenhix> Hello. Is there any way of installing a package with PHP 5.2 in Ubuntu Server 10.04?
<Lenhix> A customer had a lot of apps and they're not working with PHP 5.3. I'd rather not have to compile it...
<fastveg> I'm having some trouble getting a command to continue to run after I disconnect ssh
<fastveg> The command is formatted like this, it's a python script: scrapy crawl domain.com --set FEED_URI=filename.json --set FEED_FORMAT=json
<fastveg> I tried to use screen and did this:  screen -dmS my_app python scrapy crawl domain.com  --set FEED_URI=filename.json --set FEED_FORMAT=json
<fastveg> but nothing happened.  is the my_app supposed to be in there?
<fastveg> first time using screen
<smoser> ahasenack, so... i guess to effectively sign things, i'd probably just put a top level file with MD5SUMS (and/or SHA1SUMS) and then a signature on that file.
<Lenhix> fastveg: have you tried #screen?
<fastveg> haven't  ;)
<ahasenack> smoser: works
<kirkland> hallyn: what are you calling "escape mode" ?
<hallyn> 'ctrl-a escape'.
<hallyn> guess i'm not sure what screen calls it
<kirkland> hallyn: okay, okay, in scrollback mode
<kirkland> hallyn: screen calls it "copy" mode
<kirkland> hallyn: i call it "scrollback" mode
<kirkland> hallyn: okay, so you'd like screen to obey more vi-bindings when in scrollback/copy mode?
<hallyn> right
<hallyn> these days i pretty much exclusively use that for cut/paste on terminal
<hallyn> (bc the S10-3 touchpad sucks so bad)
<kirkland> hallyn: okay, http://manpg.es/screen.1
<hallyn> but it's too slow bc i have to think about only using b/w
<kirkland> hallyn: search for "     copy"
<kirkland> hallyn: I think it's the second hit
<kirkland> hallyn: this is definition of what's available keybinding-wise, while in scrollback mode
<hallyn> meh, thanks
<kirkland> hallyn: to add more, we'll need to patch/enhance screen itself
<hallyn> what percent of the file are you at?  I don't see a list of available commands.  I do see a list of the default bound ones
<hallyn> all right i guess i'm gonna have to patch that
<SpamapS> lifeless: I wasn't around then, around now.
<SpamapS> andygraybeal: *interesting*
<andygraybeal> SpamapS, it's totally my fault
<andygraybeal> omg, i had a script that was going wacko and i'll explain more when i get time to the ubuntu-server mail list... i need some help
<andygraybeal> fsck checked fine and everything fine, it's that i'm an idiot
<andygraybeal> giddie goat...
<andygraybeal> SpamapS, thank yuo for the hand holding
<andygraybeal> i had a script that was making files exponentially
<andygraybeal> gah!!!!!!!!!!!
<SpamapS> andygraybeal: sweeeeet
<SpamapS> andygraybeal: so there were like, a bazillion files in there?
<andygraybeal> yea
<SpamapS> why didn't I think of that? :-P
<andygraybeal> hahahaha
<andygraybeal> ;)
<SpamapS> oh well now you got a little maintenance on the FS out of it. :)
<andygraybeal> 0 bytes.. all of them
<andygraybeal> ya, i need help from the list to re-write my script..  i'll get to that soon.  yuo can laugh when you see what i was doing.
<SpamapS> If you've never crashed a server by doing something recursive or exponential, you haven't worked on Unix. :)
 * patdk-wk loves recursive functions :)
<patdk-wk> easy to get yourself in trouble though
<andygraybeal> SpamapS,  :))))
 * genii-around remembers a server which kept trying to write to /var/log about /var not being able to mount
<andygraybeal> hah, nice
<RoyK> genii-around: using /var on dedicated filesystem isn't really what I do with most servers (anymore)
 * ScottK remembers discovering that the fish protocol would try to transfer all files in parallel when he tried to move about a quarter million small files all at once.
<ScottK> That was also the day I learned about fork bombs.
<RoyK> lol
 * RoyK somewhat misses the days of CGI - I DoSed a server all by myself once, back in 1998 or so, just by trying to 'fix' a poll
<CharlieSu> Hi.  On my production servers I'd like for Users to be prompted to enter a description of what work they're performing upon SSHing in.  Ideally I'd log the message to the auth.log or something similar.  Anyone have experience doing something like this?  I'm trying to determine the best place to do this.  Should I specify a PROMPT_COMMAND in my authorized keys files?  Do I need to create a custom shell that invokes bas
<pmatulis> CharlieSu: my first thought is to put a forced command (script) that will â   execute a separate script asking & processing the info and â¡  proceed to log in normally
<hallyn> ScottK: you're telling me not to bother with the packaging request bugs?
<ScottK> I think they are a waste of time.
<hallyn> ScottK: I was following https://wiki.ubuntu.com/UbuntuDevelopment/NewPackages
<ScottK> It's optional.
<hallyn> hm
<SpamapS> If you want to do UDD..
<SpamapS> you won't show up in the sponsoring queue w/o a bug
<hallyn> so what is the alternative?  just ask someone to sponsor and dput?
<SpamapS> "just ask someone" is not exactly scalable..
<hallyn> given it's 4 or 5 packages, i'd prefer to avoid one bug per
<hallyn> SpamapS: you can't scale me anyway, foo!
<ScottK> Neither is the sponsoring queue for new packages
<RoAkSoAx> Daviey: let me know when you send the email
<SpamapS> 99% of the time the new packages should go into Debian anyway.
<ScottK> Since it's several related packages, my advice is find a dev that's at least sort of interested and work with them.
<ScottK> Agreed.
<SpamapS> the maintainer relationship there is stronger, so unless there's a good reason not to put it in Debian, you should man up and be the Debian maintainer, or the package won't be taken care of on the right level in Ubuntu.
<Daviey> SpamapS: SPICE does have some reasons for going to Ubuntu first.
<Daviey> but hallyn is beter placed to answer that.
<hallyn> SpamapS: yes, there's good reason not to put it in debian
<ScottK> Daviey can sponsor then.
<SpamapS> Such as, we want to make sure Debian doesn't have it first? ;-)
<hallyn> Daviey: mind sponsoring?
<SpamapS> like, DFSG reasons?
<ScottK> SpamapS: Speaking of which, are you in NM yet?
<Daviey> hallyn: show me the mone^D branches / dsc's
<Daviey> SpamapS: no... hallyn will answer this better, but it was more aligned with versioing of things... and Debian being "somewhat" off another stable release.
<SpamapS> ScottK: I've got key signatures and I'm maintaining a few packages. I think next is finding a DD to carry my flag.
<hallyn> SpamapS: see bug 787220
<uvirtbot> Launchpad bug 787220 in ubuntu "[needs-packaging] celt051" [Wishlist,New] https://launchpad.net/bugs/787220
<ScottK> Did I see a DM application from you recently?
<ScottK> I don't remember.
<SpamapS> ScottK: no
<ScottK> SpamapS: Ask your Debian sponsor if you're ready for DM.
<hallyn> Daviey: lemme clean up the copyright files today.  but the sources are all in ppa:serge-hallyn/spice2
<hallyn> Daviey: if you prefer, i can push a tarball to p.c.c
<Daviey> hallyn: either way suites me.
<Daviey> hallyn: can you explain the reasoning again for going to Ubuntu first?
<SpamapS> ScottK: I've had 5 different sponsors. :-P
<ScottK> SpamapS: You only need one to say yes.
<hallyn> Daviey: sure.  there's a few interlocking reasons, first is that we want it in main (preferably) by 12.04.  Debian doesn't care to rush it bc they have no release for 2 years.
<hallyn> Daviey: now, spice depends on celt (for now), which is under development.  Each new version of it is not compatible with the previous
<CharlieSu> pmatulis: I'm actually doing this PROMPT_COMMAND="other.sh;$PROMPT_COMMAND";
<hallyn> Daviey: spice may drop celt at some point, but they won't switch versions until celt hits a stable release (which may never happen)
<SpamapS> ScottK: I will be working closely w/ Nobert on MySQL, and slangasek on upstart stuff in Debian this cycle.
<ScottK> Great.
<CharlieSu> pmatulis: in /etc/profile.d/question.sh    where other.sh logs to my logger
<SpamapS> ScottK: I figure they'll get tired of me bugging them and we can do it then.
<hallyn> Daviey: we (and ubuntu) have celt 0.7.1 packaged.  spice requires 0.5.1.  Debian won't package celt051 for the reasons cited above.  So Debian is just waiting.
<hallyn> Daviey: we coudl patch spice to use celt0.7.1, but then we wouldn't be able to use our client with redhat server and vice versa
<hallyn> Daviey: let me know if i've not blabbed enough yet :)  I htink I outlined it better in the packaging request bug
<Daviey> hallyn: sounds good to me
<fastveg> how would I open a website in text only from the command prompt
<CharlieSu> fastveg: links2
<Pici> fastveg: w3m http://google.com
<Pici> w3m should be installed on ubuntu-server by default
<fastveg> pici: awesome, thanks.  not installed on mine for some reason but I can grab it
<CharlieSu> fastveg: links2 has X support
<fastveg> ahh ok
<fastveg> haha w3m is sweet.  loving the text based google
 * RoyK just tested links2 with X and probably won't use it again :P
<hallyn> Daviey: ok, so when filling iin the list of copyrights in debian/copyright, do i include things like FSF copyright for install.sh that came through autogen?
<CharlieSu> Hi.  I'd like to make a custom shell like this https://gist.github.com/989190 so that I can get the reason why people are logging in when they do.  Is there a way to something like this without having to do this?   If not, is there a way to tell /etc/passwd to try this and then /bin/bash if this file isn't present?
<hallyn_afk> Daviey: ok, i think the copyright files are pretyt much sorted out.  I prolly went overboard on the spice one and should yank some out.  But all of the *oneiric* targeted ones in ppa:serge-hallyn/spice2 are the ones
<hallyn_afk> Daviey: if i disappear, kim0 is a good one to re-test if you like, once they hit universe
 * hallyn_afk bbl
<Daviey> hallyn_afk, sorry
<Daviey> hallyn_afk, no, keep the copyright limited to the upstream files... autogenerated files don't normally matter.
<bencc> how do I set fqdn?
<RoyK> bencc: /etc/defaultdomain and /etc/hostname should do
<RoyK> bencc: perhaps adding your domain to the search path in /etc/resolv.conf too
<patdk-wk> heh, I always hate that :)
<patdk-wk> I refuse to ever add a search domain, just causes all kinds of bad dns requests to my recursors
<RoyK> patdk-wk: how?
<patdk-wk> everytime it gets a failed lookup, it appends the search domain to it, and tries again
<scott[8]> is there a "best" or perfered ssh package? for a website production box running 10.4
<Pici> scott[8]: The standard openssh-server package is pretty much the standard.
<scott[8]> thanks.
<Pici> With less redundancy in that sentence ;)
<scott[8]> haha
<uvirtbot> New bug: #787733 in apache2 (main) "bug in lamp-server" [Undecided,New] https://launchpad.net/bugs/787733
<lynxman> adam_g o/
<adam_g> heyo
<64MAAJY2L> When changing the port number for ssh in /etc/ssh/sshd_config how do you know which port numbers are safe to use?
<RoyK> 64MAAJY2L: any port is generally safe, or unsafe
<RoyK> 64MAAJY2L: if you want to stop people brute-forcing your machine on ssh, use something like fail2ban or denyhosts
<RoyK> I use the latter, since it's distributed in terms of lists of attackers
<64MAAJY2L> If I changed the port for ssh  in /etc/ssh/sshd_config from 22 to say 80 I'm assuming that would cause problems because port 80 is for http right?
<scott[8]> 64MAAJY2L, it's not going to stop all traffic going to that port
<RoyK> 64MAAJY2L: just leave it at port 22
<scott[8]> ^
<RoyK> 64MAAJY2L: and just install denyhosts to block bots scanning for passwords
<64MAAJY2L>  Ok I will install denyhosts
<RoyK> 64MAAJY2L: also, using something like john to probe the passwords of your users might be good - or cracklib to make sure they don't choose passwords like 'beer'
<RoyK> 64MAAJY2L: moving the ssh port to something else won't help much - a simple scan will show which ports listen to what
<64MAAJY2L>  RoyK: john the ripper right?
<RoyK> yep
<henninge> kirkland: ping ;)
<kirkland> henninge: howdy
<henninge> kirkland: Hi, can you give me a hint about encrypted homedirs?
<kirkland> henninge: probably ... what's your question(s)?
<henninge> kirkland: the man pages seem to only refer to the old "Private" setup (a subdirectory).
<semiosis> 64MAAJY2L: /etc/services lists what services commonly use certain ports, but in general you could put ssh on any port that doesnt already have a service on it
<henninge> kirkland, how is does that change when a complete homedir is encrypted?
<kirkland> henninge: okay, so you have a user already installed and you want to convert that user to an encrypted home dir?
<henninge> no ;)
<semiosis> 64MAAJY2L: you can use 'netstat -anp' to see what services are bound to what ports
<kirkland> henninge: okay ... you want to .... install from scratch and have your home dir encrypted?
<henninge> kirkland, I have a user with an encrypted homedir but somehow that config got lost.
<kirkland> henninge: "that config" ... you mean your ~/.ecryptfs directory?
<64MAAJY2L> right.. can't believe I forgot about using netstat
<henninge> kirkland, right
<kirkland> henninge: okay, and this is 11.04?
<henninge> kirkland, I mean it is there but it is for my old config
<henninge> yes
<henninge> kirkland, full story:
<kirkland> henninge: what "old config"?
 * RoyK wouldn't use Zimbra on anything != LTS
<henninge> I backed up my old homedir which was not encrypted but had a Private dir.
<henninge> then I installed 11.04 and created the user with an encrypted homedir
<henninge> after that I restored my old homedir.
<kirkland> henninge: which overwrote your .ecryptfs?
<henninge> kirkland, exactly
<henninge> kirkland, I have the key,though
<henninge> the new key
<kirkland> henninge: perfect, that was my next question :-)
<henninge> ;-)
<kirkland> henninge: and, are you using encrypted filenames?
<henninge> yes
<kirkland> henninge: perfect ...
<kirkland> henninge: okay, do this:
<kirkland> henninge: cd $HOME/.ecryptfs
<kirkland> henninge: touch auto-mount auto-umount
<kirkland> henninge: echo "$HOME" > Private.mnt
<kirkland> henninge: ecryptfs-wrap-passphrase ./wrapped-passphrase
<kirkland> henninge: (enter your new mount passphrase, that you recorded)
<henninge> Ah, already did that last one
<henninge> ;)
<kirkland> henninge: logout, and back in
<kirkland> henninge: that should do it
<henninge> oh, cool
<kirkland> henninge: give it a try
<henninge> kirkland, I guess it does not matter if I use graphical or console login?
<kirkland> henninge: should not
<kirkland> henninge: but console fails more gracefully
<kirkland> henninge: in case it fails
<kirkland> henninge: i recommend testing console first
<henninge> kirkland, I tried, nothing happens
<henninge> I mean, I am in the blank homedir
<bencc> config file should have 0644 or 0600 mode? for example /etc/nginx/nginx.conf
<bencc> it has 0644 but I don't understand why not 600
<kirkland> henninge: okay, you've logged in, and you're that user
<kirkland> henninge: but your home dir is not mounted
<kirkland> henninge: mount | grep ecryptfs
<kirkland> henninge: shows nothing, right?
<henninge> nada
<henninge> right
<ruben23> guys any idea when i do this i ahve this error----------------> http://pastebin.com/YWCcWKZf
<kirkland> henninge: okay, ls -alF $HOME | pastebinit
<kirkland> henninge: let me check that your symlinks are setup correctly
<genii-around> !info php-imap
<ubottu> Package php-imap does not exist in natty
<genii-around> ruben23: I think you want php5-imap instead
<henninge> kirkland, will do, have to do "man pastebinit" first ... ;)
<kirkland> henninge: or just pastebin the output
<henninge> not easy from the console
<uvirtbot> New bug: #787755 in samba (main) "Samba does not notice added or removed CUPS printers" [Undecided,New] https://launchpad.net/bugs/787755
<kirkland> henninge: hence, pastebinit :-)
<henninge> http://paste.ubuntu.com/612431
<henninge> kirkland, still need to do that number manually ;)
<henninge> I think that .cache was created by Gnome on the first failed login
<kirkland> henninge: and ls -alF $HOME/.ecryptfs | pastebinit
<henninge> right
<henninge> url++ ;-)
<henninge> http://paste.ubuntu.com/612432
<henninge> argh
<henninge> try again
<henninge> kirkland: http://paste.ubuntu.com/612434
<henninge> kirkland, shouldn't I be able to search for error messages somewhere?
<kirkland> henninge: sure, syslog
<kirkland> henninge: sudo grep -i ecryptfs /var/log/*
<kirkland> henninge: and the contents of $HOME/.Private/ ... they look encrypted?
<henninge> kirkland, it does
<henninge> ECRYPTFS_FNEK_...
<kirkland> henninge: okay, I'm at a loss, then ...
<kirkland> henninge: try this:
<kirkland> henninge: ecryptfs-mount-private
<kirkland> henninge: enter your passphrase
<kirkland> henninge: oh, wait
<kirkland> henninge: we forgot one thing :-)
<kirkland> henninge: doh
<henninge> "not setup properly"
<kirkland> henninge: cd $HOME/.ecryptfs
<kirkland> henninge: yup, i just remembered ...
<kirkland> henninge: keyctl clear @u
<henninge> huh?
<kirkland> henninge: first, clear your keyring ^
<kirkland> henninge: then:
<kirkland> henninge: ecryptfs-insert-wrapped-passphrase-into-keyring
<kirkland> henninge: you should get a message that two keys were inserted into your keyring
<kirkland> henninge: and there will be a signature for each
<henninge> man page says to pass in a file as a parameter?
<henninge> ok, works without
<henninge> kirkland, only one key
<kirkland> henninge: okay, that's fine
<kirkland> henninge: now, do: keyctl list @u
<kirkland> henninge: should show you two keys, right?
<henninge> sudo?
<kirkland> henninge: no sudo
<kirkland> henninge: as your user
<henninge> "list is not a legal command"
<kirkland> keyctl list @u
<henninge> sorry, tab completion took be to keytool ...
<henninge> 2 keys in keyring ;-)
<henninge> kirkland, try again (logout/login) ?
<kirkland> henninge: not yet ...
<kirkland> henninge: we need to put those two key signatures into $HOME/.ecryptfs/Private.sig
<kirkland> henninge: one per line
<henninge> ah, that one
<henninge> actually, I had meant to ask about that file in the first place ... ;)
<henninge> forgot
<kirkland> henninge: the first one needs to be the one that came back from ecryptfs-insert-wrapped-passphrase-into-keyring
<kirkland> henninge: and the second line needs to be "the other one" in your key sig list
<henninge> ok
<kirkland> henninge: yeah, sorry, i barfed on this one
<kirkland> henninge: once you've done that
<kirkland> henninge: try ecryptfs-mount-private
<henninge> ok, standby
<henninge> kirkland, yeah!!! ;-D
<kirkland> henninge: ;-)
<kirkland> henninge: sorry about that
<henninge> kirkland, I'll try the login/logout now
<henninge> kirkland, no need to be sorry
<henninge> kirkland, thank you very much ;)
<kirkland> henninge: welcome
<henninge> login/logout worked, too
<henninge> kirkland, will you be in Dublin?
<kirkland> henninge: yep
<henninge> kirkland: Cool, I'll see you there and buy you a drink
<kirkland> henninge: \o/
<henninge> ... or an ice cream or whatever
<henninge> ;-)
<SpamapS> I believe the appropriate favor currency in Dublin is a Guinness
 * kirkland will work for Guinness
<JFo> I'd walk a mile...
<SpamapS> May 24 13:18:15 clint-MacBookPro libvirtd: 13:18:15.000: 1385: error : qemuDomainObjBeginJobWithDriver:453 : Timed out during operation: cannot acquire state change lock
<SpamapS> HRM
<soren> While doing what?
<jj995> I did "zpool create external -m /external /dev/sde", and when my system rebooted sde became sdd -- can/should I have specified a UUID instead?  How can I rename the device used by the zpool?
<jj995> (no answer in #zfs, so I was hoping to luck out here)
<SpamapS> soren: forcing a dead VM off
<SpamapS> eventually it actually did work
<SpamapS> jj995: zfs isn't really a linux thing. ;)
<SpamapS> even if it is
<SpamapS> it isn't
<andygraybeal> SpamapS, i kill the process when that happens to me
<andygraybeal> er .. when a vm isn't responding with virsh
<cillin> just got bind9 and got it running as caching nameserver, but will the database built be persistant or wiped on reboot?
<kirkland> negronjl: ping
<kirkland> negronjl: okay, I think I'm about ready for that "dotdee" demo ;-)
<uvirtbot> New bug: #787789 in bacula (main) "package bacula-director-mysql 5.0.3-0ubuntu2 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/787789
<lynxman> kirkland: can I see? :)
<kirkland> lynxman: sure :-)
<lynxman> yay
<kirkland> lynxman: let's get negronjl back online, and do a demo
 * kirkland fires up an ec2 vm
<lynxman> kirkland: *nods*
<negronjl> lynxman, kirkland:  where are you guys doing the demo at?
<lynxman> negronjl: I guess ec2
<kirkland> negronjl: lynxman: ssh ubuntu@ec2-50-17-120-128.compute-1.amazonaws.com
<kirkland> negronjl: hey, join us in ec2 + mumble
<raoult1> kk the download to Upgrading Ubuntu 11.4 is 100%
<cillin> some "Avahi" is complaining about fully qualified domain name, how can i change it to something else? like "homenet.org" or so
<RoAkSoAx> kirkland: am I too late for the dotdee demo? :L(
<kirkland> RoAkSoAx: i can do it again
<lynxman> kirkland: encore encore! \m/
<RoAkSoAx> kirkland: no worries :), whenever you schedule to show it to someone else I can jump in
<RoAkSoAx> kirkland: are we changing powernap config.d/ to dotdee?
<kirkland> RoAkSoAx: :-)  maybe we should ...
<kirkland> RoAkSoAx: i was going to demo for kees too (who had the marvelous idea to use inotify)
<negronjl> hmm.... interesting.  kirkland.  maybe we should start incorporating dotdee into our projects ( orchestra, etc. ).  thoughts?
<kirkland> negronjl: great idea;  let me give it a thought
<RoAkSoAx> kirkland: sure let me know when you show it to him and I'll tag along
<kirkland> RoAkSoAx: let me fix the upstart job, and i'll demo in a few
<RoAkSoAx> kirkland: k ;)
<cillin> anyone can help me with how to change / set a fully qualified domain name?
<kirkland> RoAkSoAx: what's your LP id?
<RoAkSoAx> kirkland: andreserl
<kirkland> RoAkSoAx: ssh ubuntu@ec2-50-17-120-128.compute-1.amazonaws.com
<negronjl> kirkland:  if it is another dotdee demo, mind if I join in?
<kirkland> negronjl: heh
<kirkland> negronjl: sure, same machine
<kirkland> negronjl: same demo
<negronjl> ahh...ok.  I thought you had time to fix the issues.
<kirkland> RoAkSoAx: you in?
<kirkland> negronjl: oh, yeah, i did do that :-)
<negronjl> kirkland:  im in
<RoAkSoAx> kirkland: in
<kirkland> RoAkSoAx: are you on mumble too?
<kirkland> RoAkSoAx: i'll talk you through it
<arooni> how can i find out the process id and process name of the output of this command: QUEUE=scraper RAILS_ENV=backend rake resque:work --trace ?
<SpamapS> OMG
<SpamapS> https://launchpad.net/ubuntu/+source/rubygems/1.7.2-1
<SpamapS>     + executables are now installed to /usr/local/bin.
 * SpamapS sends a giant hug Lucas Nussbaum's way
<cillin> is there any alternative to Webmin?
<Corey> cillin: Yes, "Knowing what you're doing."
<cillin> .......well thats a helpful answer, all i want is an graphical enviroment to set things
<qman__> cillin, ebox is an alternative to webmin
<qman__> however, though perhaps rude, I agree with Corey
<qman__> these web GUIs tend to just make fixing things a lot harder when they break
<qman__> and anyone running something like an internet mail server needs to know more than how to click it in a web GUI, otherwise you're just going to get owned
<SpamapS> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<SpamapS> damnit I submitted a new factoid for that like 2 months ago
<SpamapS> its not called ebox anymore
<SpamapS> !zentyal
#ubuntu-server 2011-05-25
<qman__> ah, good to know
<nealmcb> SpamapS: Have you talked to folks in #ubuntu-ops about it?  I haven't updated a factoid for a long time, but that was helpful when I did...
<SpamapS> I don't remember
<Daviey> SpamapS: what was the new factoid, i think i have foo to update it.
<Daviey> ?
<Daviey> !-ebox
<SpamapS> Daviey: zentyal should basically be the same as ebox with the string replaced, and ebox should point to the zentyal factoid
<SpamapS> I already ported the Zentyal page too https://help.ubuntu.com/community/Zentyal
<shauno> !servergui probably wants to be updated to match too
<ubottu> ebox has no aliases - added by LjL on 2008-01-16 23:51:42 - last edited by jussi01 on 2008-04-25 19:25:35
<ubottu> shauno: I am only a bot, please don't think I'm intelligent :)
<Daviey> !zentyal
<SpamapS> What did you do to poor ubottu ?
<SpamapS> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<Daviey> !zentyal
<ubottu> zentyal is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/Zentyal
<Daviey> \o/
<Daviey> !ebox
<ubottu> zentyal is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/Zentyal
<SpamapS> Daviey: ty!
<andygraybeal> yay for zentyal :)
<Daviey> SpamapS, Wonder if it should reference that it was formally known as ebox?
<shauno> !servergui
<ubottu> Ubuntu server does not install a desktop environment or X11 by default in order to enhance security, efficiency and performance.  !eBox provides a GUI system management option via a web interface.  See https://help.ubuntu.com/community/ServerGUI for more background and options.
<shauno> altho it's still ebox in LTS, so whether that's wrong or not is possibly debatable
<SpamapS> shauno: its mentioned in the linked page
<Daviey> !ebox
<ubottu> zentyal is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/Zentyal (Project formally known as eBox - including in Lucid/10.04).
<Daviey> Everyone is happy :)
<SpamapS> Daviey: no, I'm pretty sure smoser is still a little peeved.
 * Daviey hopes he is :)
<persia> So, I just heard about zentyl: is my brief reading correct that this is a web-accessible administration framework perfect for use on a small NAS box?
<ScottK> persia: Anytime you put framework and perfect in the same sentence, you are certain to be wrong.
<persia> This is part of why I'm asking :)
<ScottK> Then your answer is "No."
<ScottK> I can tell that without knowing anything about zentyl.
<persia> All the past remote administration tools I've heard about have grave issues of one sort or another.
<ScottK> It may suggest a different question is in order.
<persia> Indeed.  Perhaps I'm asking for some hints as to how it isn't perfect.
<ScottK> Agreed.  The only non-broken remote administrative interface I'm aware of is ssh.
<ScottK> And it's not perfect.
<ScottK> Since it doesn't appear to be packaged, I expect it's unlikely you'll find much experience with it here.
<persia> According to https://help.ubuntu.com/community/Zentyal it's a rename of ebox: I figured the rename just hadn't hit oneric yet.
<ScottK> First I heard of the rename.
<ScottK> We did do some work with ebox devs several cycles ago, but it seems to have died out.
<persia> Hrm.  Oh well.  Based on the impetus information that led to me being interested, I figured folk who are often here would have been involved, but if it's not been discussed here (obviously, or you'd know), and as PPAs are being recommended (always indicative of questionable practices), I suppose I'm incorrect.
<ScottK> It's been awhile, but the best thing I remember they gave up on being current in Ubuntu and just went to a PPA.
<ScottK> It was better than webmin, but not particularly wonderful as I recall.
<persia> better than webmin isn't saying much :)
<ScottK> I'm not saying it's bad either.  That was awhile ago.
<persia> Understood: I'm interpreting your comments as "I'm not that familiar, but I'm trying to be helpful"
<persia> Maybe Daviey or SpamapS will catch backscroll, and have recommendations (or at least some understanding why the Ubuntu documentation is recommending a PPA)
<ScottK> That and "this laptop is too heavy to carry open, one handed while I try to navigate to the table without losing my wifi connection at the restaurant."
<ScottK> You should know better than to thing that anything in the community section qualifies as Ubuntu documentation.
<persia> And this is why one shouldn't bother brining a laptop > 600g to a restauran
<persia> t
<ScottK> When I left the house I didn't know I was going to a restaurant.
<persia> And I'll be the first to admit that while one can do a lot of things on a super light platform, thre are limitations
<SpamapS> the ebox/zentyal guys were at UDS-O
<ryancr> hello, is there a correct way to get a more up to date apache2/php setup on 10.04 ??
<ryancr> i looked in backports but did not see anything
<persia> SpamapS: Will zentyal be coming to oneiric?  What are some of the disadvantages?
<SpamapS> ebox == zentyal in oneiric
<SpamapS> they just haven't renamed the packages
<Daviey> upstream do not put as much effort into non-lts releases.. but they are starting to ramp up for 12.04.
<SpamapS> Which is unfortunate.. we should probably help them do that.
<Daviey> well, aiui, they consider it a 'best effort'... but not supported by upstream
<persia> That's kinda unfortunate, as it makes transitions a lot harder.
<SpamapS> Pretty slick screencast
<persia> I'd hope they'd have a flexible enough build system to do the right thing on all of development, current, and current LTS.  I don't think it's an issue if they only offer end-user support for LTS, but developer support should be wider.
<Daviey> persia, yeah... it's best effort... I can't argue too much with that
<persia> I can't argue with the wording, but lots depends on what it means.  If it means "We'll work on it, but don't bother us too much unless you're prepared to help a bit", that's fine.  If it means "We might get around to that if we have time", that's less exciting.
<Daviey> persia, they did a pretty complete lecture at FOSDEM this year, I think the video went online.. looking
<Daviey> bah, can't find it
<Daviey> One of the honcho's does frequent here, i'll push him your way if you have further questions.
<persia> Thanks.
<SpaceBass> anyone using a Drobo (specifically Drobo-s) with server? any tips on formatting, lun size, etc?
<sabgenton> willl do-release-upgrade upgrade my LTS to the latest LTS or will it go to 10.10
<shauno> sabgenton: it can do both.  check /etc/update-manager/release-upgrades for a line reading Prompt=
<sabgenton> as in 10.04 to 10.04.2
<sabgenton> is what I want
<shauno> ah
<sabgenton> can i do that?
<persia> sabgenton, For that, `apt-get dist-upgrade` is sufficient.
<persia> That is, if you have -updates enabled in your /etc/apt/sources.list
<sabgenton>  whats the difference between dis-upgrade and upgrade
<persia> sabgenton, It's slightly different handling of cases where packages conflict or replace each other.
<sabgenton>  when do I use upgrade
<persia> The apt-get(8) manpage describes the differences in fair detail
<sabgenton> k
<sabgenton> ok dist-upgrade it is
<persia> Unless someone had to do something fairly strange, 10.04->10.04.2 should be OK with just "upgrade".  I tend to use dist-upgrade when I *know* I want to upgrade just to work around things.
<sabgenton> so does  do-release-upgrade upgrade  do what I want though?
<sabgenton> or will it allways up the version number to the current stable
<sabgenton> just currious
<persia> No.  do-release-upgrade will try to move 10.04 to 10.10 or 12.04 (depending on configuration).
<sabgenton> ok so u can choose verison numbers but not the same version  number
<persia> Rather, you can choose between "next 6-monthly release" and "next biannual release".
<sabgenton> "when I *know* I want to upgrade just to work around things."
<sabgenton> eg?
<persia> Sometimes there's an upgrade of something where the developers need some package to be uninstalled or a different package to be installed.  For stable releases, this is extremely rare.
<sabgenton> so dist-upgrade fixes dep isuse where as upgrade just upgrades?
<sabgenton> or fixes more dep isuuses
<sabgenton> at least
<persia> Treats dep issues slightly differently.  dist-upgrade is allowed to uninstall something to resolve things (it will tell you what).  upgrade is not.
<hallyn_afk> SpamapS: 'https://wiki.ubuntu.com/MeetingLogs/Server/20110405'   [11:09:25] <jamespage> SpamapS : to put his version of ubuntuserver-minutes in directions for writing minutes
<sabgenton> persia: thx for before :)
<twb> http://paste.debian.net/117892/  is it just me, or does NFS root_squash break setgid?
<uvirtbot> New bug: #787891 in openvpn (main) "openvpn should soft-restart on interface up" [Undecided,New] https://launchpad.net/bugs/787891
<guampa> i have to pick and build a 2.6.36+ kernel for a hyper-v guest (for the staging drivers). any advice on particularly good/bad versions?
<twb> hyper-v can't emulate a 486?
<guampa> dunno, what does it matter though?
<twb> Well, .32 has drivers for a 486
<guampa> does it have the ethernet accel drivers? i want to avoid using the legacy hyper-v adapter mainly
<twb> I imagine that "accel" means "not a 486"
<twb> the equivalent of linux KVM's virtio stack
<guampa> exactly
<guampa> accel in the "virtio hyper-v equivalent" sense
<twb> So what I'm saying is: unless you demonstrably need that extra I/O throughput, don't try to fuck with your distro's stable, tested kernel
<guampa> allright
<guampa> i know they are in staging, but maybe they are working well
<guampa> s/they/the hyper-v drivers/
<flowbee> hi folks... can someone help me in configuring openvpn?  i want to ensure that *only* a few types of traffic go through the vpn.  i.e. like web browsing.  right now i'm using hidemyass's openvpn config and it seems to be sending *everything* through the vpn.
<SpamapS> hallyn_afk: its in the comments of wiki.ubuntu.com/ServerTeam/Meeting
<speakman> I just set up a new raid1, and the new one has "super 1.2" in /proc/mdstat in addition to my old md0 which doesn't. Anyone knows what this "super 1.2" actually mean?
<SpamapS> speakman: its telling you that the format of the super block is the new 1.2 format
<speakman> oh, so theres a new format.. *googling* :D
<twb> speakman: sounds like the superblock is at /dev/sda1
<twb> assuming retarded grub2-style numbering
<speakman> Can one "upgrade" the superblock easily?
<speakman> by the way - which filesystem is to prefer for file storage these days?
<twb> speakman: ignore me, I'm talking rubbish
<twb> As to filesystem -- btrfs as soon as it's ready, and ext[432] until then
<speakman> twb: Ok. I'll just keep on with my extfs then. :)
<uvirtbot> New bug: #788004 in postfix (main) "package postfix 2.8.2-1ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/788004
<uvirtbot> New bug: #788006 in samba (main) "package winbind 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/788006
<xro> hi, i'm on a Lucid server and i ry to use openssl with IPv6... but i cannot do a s_client -connect IPv6 --> i get connect: Invalid argument... do you know a solution?
<Syria> Hello guys, could you please help me with the partitioning thing! it is making me crazy and i can't understand it. I have two hard discs each one is 1tb and I am intending to install zimbra email server on my 10.4.2 server. thnx
<Syria> :(
<persia> What are you trying to do with the two disks?
<Syria> persia I want to install Zimbra email server and the seller told me that buying tow hard discs is better for a server! i know how to manage to email server but I don't know about portioning.
<Syria> partitioning *
<persia> Right.  So there's a number of ways that two drives can be an advantage.
<persia> 1) you can put the OS on one and the data on the other
<persia> 2) you can mirror the data between them for reliability
<persia> 3) You can charge more when selling a server and get a larger commission
<Syria> yes.
<persia> So, you have to decide which of those applies in your case.
<Syria> I want to mirror the data between hard discs for reliability.
<persia> https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html : read the section on "Software RAID".
<persia> (the procedures are unchanged from 10.04 to 10.04.2)
<lambda_x> Syria: http://www.cybersprocket.com/2010/blog/setting-up-raid-1-on-ubuntu-10-04/
<Syria> lambda_x:  Thx
<lambda_x> np
<bencc> can I add sources by adding files to /etc/apt/sources.list.d or is it for something else?
<Syria> "Select the first hard drive," the 1st hard drive is SCSI3 (0.0.0)  (sda)  ?
<lambda_x> Syria: you got sda and sdb I guess?, so first will be sda
<Syria> lambda_x:  Still here?
<xro> Hi, someone already deals with openssl s_client connect?
<kirkland> hallyn_afk: morning, poke me when you're around
<uvirtbot> New bug: #788091 in samba (main) "package smbclient 2:3.5.8~dfsg-1ubuntu2.1 failed to install/upgrade: corrupted filesystem tarfile - corrupted package archive" [Undecided,New] https://launchpad.net/bugs/788091
<Doonz> hey guys how do i create another session with byobu? when i just type byobu it reattaches to the current current session. I want to start a new session with it
<kirkland> Doonz: byobu -S new
<kirkland> Doonz: just launch, but give the new one a different title
<kirkland> Doonz: or, you can do "byobu bash" if you don't care about the title
<Doonz> Thank youi wasnt using the -S switch and it was comaplaining about the directory
<kirkland> Doonz: no problem, enjoy ;-)
<Doonz> thanx again
<nigelb> kirkland: would it be better if we linked the IRC channel on the top of the room name and possibly in all the session pages?
<nigelb> kirkland: um, re:summit :)
<kirkland> nigelb: yes!
<kirkland> nigelb: i'm sorry my code sucked :-)
<kirkland> nigelb: but I think it's a good idea
<nigelb> kirkland: heh, that was in the works last time (I believe I still own the bug), will try to get it out for next time :)
<kirkland> nigelb: it would be *awesome* to 1) install chatzilla as a firefox plugin, 2) click on irc link and land in channel
<kirkland> nigelb: sweet, you da man!
<nigelb> :)
<hallyn_afk> kirkland: whats up?
<Daviey> hallyn_afk, shouldn't you be afk?
<hallyn> Daviey: nyeh
<zul> lynxman: rabbitmq-erlang-client rabbitmq-stomp needs to be updated to 2.4.1 in order for it to work in oneiric
<lynxman> zul: library dependencies?
<lynxman> zul: shouldn't be a problem I reckon
<zul> lynxman: nope rabbitmq-server is now 2.4.1 on oneiric
<lynxman> zul: oh darn *snap*
<lynxman> zul: okay, putting that in my todo :)
<zul> lynxman: thats why mcollective is having problems connecting to the stomp server
<lynxman> zul: yeah plugins are very version dependant
<lynxman> zul: I'll redo the packages for 2.4.1, hopefully today, refactoring the provisioner code *sob*
<zul> Daviey: so for reviewing blueprints do we put the comments at the bottom?
<Daviey> zul, Well... smoser raised a valuable point that it doesn't store history there.
<Daviey> I did think about sending a mail to the server list with the title of each bp
<Daviey> *but*, i think i'd be criticised for noise.
<Daviey> So.. probably better to stick with the whiteboard.
<zul> Daviey: sure but if you are subscribed to the spec then you get a diff of the whiteboard change
<Daviey> exactly
<lynxman> zul: is there anyway we can liaise the rabbitmq plugin packages to rabbitmq, so there's some sort of alert or dependency trigger... or the same maintainer
<zul> lynxman: i usually take care of rabbitmq-server but i wasnt aware of rabbitmq-stomp and erlang-client when i did the merge ill be more careful next time
<lynxman> zul: aah okay :)
<lynxman> zul: I'll get you the new packages in some mins
<RoAkSoAx> Daviey: o/ so you ended up not emailing anything after all, not even on how to proceed on commenting the BP;s?
<kirkland> lynxman: pardon my ignorance :-) ...  but ./usr/share/orchestra/rsyslog/orchestra-client.conf:*.* @@1.1.1.1:514
<kirkland> lynxman: what's that in rsyslog parlance?
<Daviey> RoAkSoAx, at the moment, no.
<kirkland> lynxman: nevermind, I think I'm digesting it now
<RoAkSoAx> Daviey: k
<lynxman> kirkland: hah sorry, was in PPA hell
<lynxman> kirkland: let me know if I can help :)
<kirkland> lynxman: it's okay;  i'd like to get an orchestra 1.0-ish into archive review ASAP
<lynxman> kirkland: yeah I know, I would feel better if I could integrate nagios beforehand, but... it's in a stable place now
<kirkland> lynxman: nah, we need to cut this version loose and keep rolling
<lynxman> kirkland: rolling rolling rolling... rawhiiiide
<kirkland> lynxman: your knowledge of Americana never ceases to amaze me :-)
<lynxman> kirkland: Well my mother is from Panama... so it's almost as if I've been raised in Miami ;)
<kirkland> lynxman: heh
<lynxman> it's almost the same, except for the corrupt government and the poor areas surrounding the city
<lynxman> so it's the same
<lynxman> :D
<lynxman> ...
<lynxman> zul: https://launchpad.net/~lynxman/+archive/ppa
<lynxman> err nevermind, build error
<lynxman> build packages in the wrong order, shame on me :)
<kirkland> lynxman: http://paste.ubuntu.com/612759/
<kirkland> lynxman: do those permissions look right?
<kirkland> lynxman: that's a lot of 600 ... are there passwords or private data in those files?
<lynxman> kirkland: in the seed one there is, and cobbler runs as root so it should be okay I imagine
<kirkland> lynxman: one more thing ... debian/ubuntu-orchestra-monitoring-server.install:monitoring-server/* /
<kirkland> lynxman: there's nothing in that dir yet
<kirkland> lynxman: i'm going to drop that install file for now
<kirkland> lynxman: add it back when you get the nagios bits
<lynxman> kirkland: sounds good
<uvirtbot> New bug: #788146 in bacula (main) "package bacula-director-mysql 5.0.3-0ubuntu2 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/788146
<hallyn> SpamapS: are you around?
<RoyK> wtf - just upgraded a VM here from 10.10 to 11.04, and it starts up with just grub telling me it can't boot
<RoyK> any ideas how to fix that?
 * RoyK doesn't like grub2
<DexterF> hi
<aurigus> hi
<DexterF> been running a software raid5 in debian for quite a while - it's very stable, no problem at all so far. how about ubuntu server here?
<baggar11> DexterF: running raid5 in my ubuntu server, no issues
<aurigus> Dont think you will see an issue. I run zfs and its been rock solid.
<DexterF> aurigus: zfs via fuse?
<aurigus> until a week ago.
<DexterF> ..and now?
<aurigus> The posix layer has just been released for zfs natively on linux
<aurigus> So now I'm running natively :)
<DexterF> how come this wasnt in the newstickers?
<DexterF> good news, but how were the licensing issues resolved?
<aurigus> I was going to make a big deal about it, blog posts and such, but it is still beta
<aurigus> RC4
<aurigus> I wasn't sure of its stability either... but for the last week or 2 its been rock solid
<DexterF> performance over linux-md?
<aurigus> Haven't had time to do any benchmarking
<SpamapS> hallyn: pong.. whats up?
<DexterF> reason I'm asking: I'm planning to consolidate file server and htpc. now debian stable is not really the best platform for htpc and testing not for a raid fileserver
<DexterF> hence I'm eyeing 10.04
 * patdk-wk just uses a seperate box for both of those
<aurigus> I'm running it on 11.04 and its working fine
<aurigus> Im just using it as a file server though
<hallyn> SpamapS: i was just remining you about an action you had last month, to put up your meeting notes posting script in the knowledgebase :)
<SpamapS> hallyn: right, I guess in the comments of the meeting page isn't all that discoverable. ;)
<SpamapS> there used to be a "how to do the minutes" page
<hallyn> lol
<hallyn> well i always look at https://wiki.ubuntu.com/ServerTeam/KnowledgeBase at the bottom
<SpamapS> ahh thats the page
<SpamapS> stupid moin's sucky search
<SpamapS> hallyn: I updated the link to point at mine, since it supersedes mathiaz' old branch
<hallyn> SpamapS: cool, thanks
<RoyK> http://karlsbakk.net/grub.png <-- this is all I get after upgrading this VM to 11.04 - any idea what to do next?
<Slyboots> Im curious if anyone can give me some advice regarding RAID arrays
<RoyK> shoot
<Slyboots> Right now, I've got a 4TB file-syste, (3x 2TB disks) in a RAID5.  and I've ordered two new 2tb disks to expand as Im running out of space.  Would I be better off upgrading to RAID6 and giving me 6TB of storage or would RAID5 be safe-enough with 8tb
<Slyboots> I do weekly backups of all my files as is, (although starting to run out of backup space haha..)
<RoyK> raid-5 is rather safe, but new drives tend to be worse than older drives due to density
<SpamapS> Slyboots: given that 1TB recoveries will probably take *hours* .. I would go w/ RAID6
<Slyboots> Mmm..
<SpamapS> err.. I read the original wrong.. 2TB .. RAID5 would be almost insane.
<RoyK> and I'm not sure if you can change from raid-5 to raid-6 without recreating the raidset
<SpamapS> Slyboots: did you test how long a re-sync takes when you created the RAID5 ?
<Slyboots> SpamapS: haha.. it takes.. quite some time
<SpamapS> Yeah thats a backup / restore operation
<Slyboots> about 8-9 hours
<RoyK> SpamapS: insane?
<SpamapS> 8-9 hour window for another drive to fail... add on the time between failure and replacement..
<Slyboots> Wow, well.. wiping the server will be a major pain in teh ass
<RoyK> seems changing it should be possible http://neil.brown.name/blog/20090817000931
<SpamapS> Slyboots: honestly this is why you're better off with 10 little drives than 5 giant drives.
<SpamapS> RoyK: nice!
<bencc> how can I make "hostname" give "example.com" instead of "example" ?
<Slyboots> Well Im in the process of backing up my server.
<Slyboots> Im actually tempted to shfit the OS onto its own disk.. and just not RAID it at all
<RoyK> bencc: the hostname should be a single word - the domain is another thing
<RoyK> bencc: see /etc/defaultdomain for the domainname
<SpamapS> bencc: hostname -f
<SpamapS> RoyK: I think in this case he wants his FQDN to be example.com .. not just the domain
<SpamapS> bencc: you'll probably want to look at changinging /etc/hostname
<RoyK> but why?
<SpamapS> Because he wants his website to be that server?
<SpamapS> Its a perfectly valid configuration and quite common.
<RoyK> SpamapS: no need to change the hostname for that - simply a matter of configuring dns+apache
<SpamapS> I mean, *I* wouldn't do it, but its not a huge problem.
<bencc> I need several application to get the "same" hostname
<bencc> puppet and erlang
<bencc> one thinks it's example and the other example.com
<RoyK> imho it's rather silly - adding an A record to allow for http://example.com/ isn't hard, but setting the hostname to the FQDN isn't really a good idea
<Slyboots> So I just add the new disks to the RAID array. then run mdadm --grow ...
<Slyboots> And that'll conver it to RAID6
<bencc> RoyK: why not?
<RoyK> because one day you want another host in that domain
<SpamapS> erlang is particularly picky about hostname
<RoyK> and the normal way to set things up, is to set a hostname on the host and add that hostname to a domain
<bencc> SpamapS:  how does it get inet:gethostname() ?
<SpamapS> bencc: to RoyK's point, it would be better to pick something like 'web00.example.com' and let example.com be just a DNS alias.
<RoyK> a programming language shouldn't really bother with the hostname on which it's running
<RoyK> SpamapS: not all DNS servers allow for FQDN to be registered as a CNAME record - but then - adding another A record won't hurt
<bencc> RoyK: unless it is distributed...
<SpamapS> bencc: at boot up, /etc/hostname is read and fed into the 'hostname' program. So you can change that file, and then run 'sudo hostname `cat /etc/hostname`' and then restart any services you need to see that hostname.
<SpamapS> RoyK: whoa whoa nobody said anything about a CNAME
<RoyK> SpamapS: hostname -F /etc/hostname
<SpamapS> alias != CNAME
<nigelb> kirkland: you about?
<RoyK> SpamapS: same thing
<SpamapS> RoyK: man pages FTW ;)
<kirkland> nigelb: howdy
<bencc> hostname -F /etc/hostname doesn't effect erlang inet:gethostname() even after reboot
<nigelb> kirkland: novacut folks have a vid of you on the bass :)
 * pmatulis loves his bandwidth (wget output: 713,385,984 9.98M/s   in 97s)
<SpamapS> RoyK: no, a CNAME is most certainly *not* the same thing. CNAME is for giving away control of one hostname to another domain.
<RoyK> SpamapS: no, it certainly is not
<SpamapS> ok, whats it for then?
<RoyK> it's an alias
<RoyK> Common NAME
<kirkland> nigelb: hehe :-) yikes
<RoyK> SpamapS: delegation isn't done in the zonefile - it's done in the bind config (or whatever dns server you use)
<nigelb> heh
<SpamapS> Canonical name actually
<RoyK> well, still, it doesn't have anything to do with delegations
<RoyK> CNAME == alias
<SpamapS> I didn't say delegation, thats a word with a lot of meaning in DNS. I used small words because its a conceptual definition. You give away control of a single hostname to another domain not in the same zone.. if it were in the same zone, you could just set the address to the same thing.
<SpamapS> Some people certainly misuse it that way.
<SpamapS> But they're wasting their DNS server's time and resolvers' time doing two fetches. :-P
<SpamapS> Anyway, they are aliases, yes, but they are not the only way to make an alias.
<SpamapS> And are probably the worst way.
<D0minat0r> Need help, trying to install ubuntu 64-bit server ver 11.04, i can choose language and when i choose install ubuntu server it just reboots. no error no nothing, any ideas?
<SpamapS> D0minat0r: installing from a CD?
<D0minat0r> SpamapS: yes
<D0minat0r> the dvd-rom spinns to speed then reboot
<SpamapS> D0minat0r: are you certain you have a 64-bit machine?
<D0minat0r> yes and i have tried 32bit installer too same thing
<SpamapS> D0minat0r: very strange indeed.
<SpamapS> D0minat0r: I believe there is a memory test option on the CD.. maybe you could run that?
<D0minat0r> running
<D0minat0r> SpamapS: takes a while... :)
<SpamapS> D0minat0r: indeed, though I'd say if it runs through the first 2 passes you can cancel it and we can move on to other diagnostics
<D0minat0r> it passes no errors
<peydude> can someone shed some light on bridge interfaces? I have a couple setup but can't pass any traffic
<peydude> i read that it needs cap_net_admin capability due to a kernel bug. Is this still true ?
<RoyK> peydude: I have a server running kvm with bridging - works well
<peydude> that's exactly what I am trying to accomplish. I have two guest servers, my host can pass traffic fine (with or without vlan tagging) but when my bridges are setup
<peydude> the guest OSs are not accessible
<RoyK> peydude: pastebin your network config
<RoyK> as in /etc/network/interfaces
<pmatulis> as well as your guest xml files
<D0minat0r> SpamapS: i took away 2 gig ram of 4gig and it works
<D0minat0r> dual channel memory
<SpamapS> D0minat0r: hm weird
<peydude> Here is the host interface file: http://paste.ubuntu.com/612826/
<peydude> pretty basic
<peydude> let me grab my guest xml
<pmatulis> peydude: virsh dumpxml name > name.xml
<peydude> guest xml: http://paste.ubuntu.com/612827/
<pmatulis> peydude: your bridge config is unusual.  i usually use just a single line but you have 12
<pmatulis> peydude: does br0 even work?
<peydude> pmatulis: you are right. I have specified how the system should bring the bridge down and up to avoid any errors (e.g. bridge already exists ... )
<peydude> pmatulis: no. if I just attach a single interface to it it won't pass any traffic regardless of it being a kvm interface or a host interface
<peydude> pmatulis: that's what i was asking about bridged interfaces to begin with.
<peydude> why*
<pmatulis> peydude: do you have bridge-utils installed?
<peydude> pmatulis: you are probably used to a setup like the one in this doc: https://help.ubuntu.com/community/KVM/Networking
<peydude> pmatulis: yep otherwise i couldn't have setup the bridge :)
<pmatulis> peydude: but you said it doesn't work
<pmatulis> peydude: that's pretty vague
<pmatulis> peydude: i recommend setting it up manually
<peydude> pmatulis: let me set it up manually and see if I can get any traffic to go through ... brb
<Jcook_5xData> I set postfix dovecot w/ sieve and it is work, but to make it work I remove maildrop now my mail does not get delivered
<pmatulis> Jcook_5xData: why did you need to remove maildrop to make it work?
<Jcook_5xData> weel I guess I dint not but maildrop does not read .dove.seive file does it has it own filter
<Jcook_5xData> I am doing all this because of roundcube does not support filter other now sieve
<pmatulis> Jcook_5xData: put maildrop back.  you may then need to edit master.cf (comment maildrop line out)
<arand> D0minat0r: I'ts probably worth reporting a bug about it when you've got the info settled down, (also interesting to see if it works if you re-add the memory post-install for example..)
<Jcook_5xData> done
<Jcook_5xData> pmatulis, do I need a deliver agent then?
<Jcook_5xData> I can not find any good how to on this
<D0minat0r> arand: well i think it has something motherboard because the system wont function with the 2 onboard LAN devices, when i activate them i have to take aay more ram and only have 1gig of ram for it to run
<D0minat0r> its so strange right no
<genii-around> D0minat0r: Yes, very odd
<D0minat0r> motherboard is Abit in9 32-MAX
<D0minat0r> crap
 * RoyK just came in - D0minat0r what's up?
<D0minat0r> RoyK: trouble getting ubunut to run on that mobo
<RoyK> D0minat0r: what does it say?
<D0minat0r> a sec, re installing
<D0minat0r> had to take away 1 gig ram for the installer to work with the onboard lan devices
<SpamapS> wow its been years since I cared about motherboards.. ahh the good old days
<D0minat0r> with 4 gig the installer just reboots, with 2 gis i have to have onboard lan devices disabled and with them enabled i only can have 1 gig ram :O
<RoyK> D0minat0r: seems something is rather fscked up
<D0minat0r> you think? :D
<D0minat0r> wtf now, disk boot failure
<D0minat0r> and no errors during installation
<pmatulis> D0minat0r: RMA the m/b?
<D0minat0r> pmatulis: what is that?
<RoyK> return it
<D0minat0r> hehe
<D0minat0r> too old
<D0minat0r> freadking crap tho
<RoyK> then perhaps get a new one :P
<RoyK> you get el-cheapo atom-based mobos for almost nothing
<RoyK> including the cpu and perhaps some memory
<RoyK> http://cgi.ebay.com/FOXCONN-45CS-W-INTEL-ATOM-230-SATA-DDR2-LAN-MOTHERBOARD-/250812797777?pt=Motherboards&hash=item3a659b9351
<Jcook_5xData> pmatulis, Ok I have mail getting delivered without maildrop, for some reason it is still not obeying the .dovecot.sieve file. do you know any go how to or have you done this and can give me pointers
<pmatulis> Jcook_5xData: no, never used it.  should soon though
<Jcook_5xData> not any good how out there... well that I can find
<peydude> pmatulis: i am able to get bridge networking to work with the guest interface(s) attached to my first host bridge
<peydude> pmatulis: but as soon as i attach a second guest interface to the a second host bridge the guest becomes inaccessible
<peydude> still running one guest OS
<pmatulis> peydude: you can use a single br0 for all host and all guest activities
<RoAkSoAx> zul: howdy! since you merged openldap, you might have an idea why ipsec-tools FTBFS when building in Oneiric against openldap. But, when building in natty it does not fail: https://launchpadlibrarian.net/72308605/buildlog_ubuntu-oneiric-amd64.ipsec-tools_1%3A0.8.0-3ubuntu1~ppa1_FAILEDTOBUILD.txt.gz
<peydude> pmatulis: yes i have attached two guest interfaces (from the same guest OS) to br0 and I can still access the guest
<pmatulis> peydude: well, you can do the same for all guests
<peydude> pmatulis: the problem comes when I attache the second guest interface to another bridge on the host
<pmatulis> peydude: why another bridge??
<peydude> pmatulis: vlans! what if I want to attach the second guest interface to a host bridge that is on a different vlan
<pmatulis> peydude: ok
<peydude> pmatulis: the problem might be the mac address of the second bridge (since it's running on the same physical interface on the host)
<pmatulis> peydude: note that i didn't see a 2nd bridge configured in your interfaces file
<peydude> pmatulis: correct. I added one manually :) i am not blaming you :)
<pmatulis> peydude: well, the manual one is working?
<peydude> pmatulis: only with the setup i described above (all guest interfaces attached to the first bridge on the host interface).
<pmatulis> peydude: so, remove the auto one and add it manually too
<peydude> pmatulis: I am testing it with a second bridge on the host interface now by changing the mac address of the second bridge
<RoAkSoAx> zul: I'm also merging facter and it seems that in natty you've carried merges in debian/rules that are not represented in the changelog... http://paste.ubuntu.com/612878/
<jiboumans> smoser: why do 64bit amis have no swap, but 32bit ones do?
<RoAkSoAx> nor there's a convincent explaination why they have been carried over
<jiboumans> or is it *.large vs *.small?
<RoAkSoAx> zul: should I drop them?
<zul> RoAkSoAx: on a call gimme a few
<RoAkSoAx>  (note that part of those changes seems to be when cdbs was dropped in ubuntu and twhen it happen in debian, they didn't update debian/rules, though the rest of the delta can be dropped for what I can see
<RoAkSoAx> zul: sure
<zul> RoAkSoAx: ergh....yeah dont drop them
<RoAkSoAx> zul: k, I'll just drop the stuff in configure-stamp as that's just lines that makes no sense carrying over then
<zul> RoAkSoAx: k thanks for the ldap stuff thats new to me
<RoAkSoAx> zul: yeah being banging my head yesterday trying to figure out why ipsec-tools won't build with the newer ldap
<zul> RoAkSoAx: ill take a look
<RoAkSoAx> zul: k ;)
<RoAkSoAx> thanks
<smoser> jiboumans, that comes from amazon
<jiboumans> smoser: figured =/
<jiboumans> smoser: would it make sense to use the values you put in for m1.small/medium on the large ones
<smoser> you can partition a ephemeral disk and add swap
<jiboumans> yup
<jiboumans> or just use a file on /mnt
<smoser> right.
<jiboumans> riak and rabbitmq are both very very unhappy when they run out of ram
<jiboumans> so it seems prudent to add some overflow and make the monitors scream bloody murder
<post> sudo apt-get install bind9 gives me  * Starting domain name service... bind9                                 [fail]
<post> Anyone can help?
<post> Someone msg me in this stupid client I cant see msg :/
<RoyK> post: see ya
<post> syslog syslog where are you
<RoyK> post: running?
<post> RoyK: No still getting the error and I cant find syslog :(
<RoyK> ps axf
<RoyK> does that list syslogd?
<post> RoyK: it listed something
<flowbee> are these the steps i must go through to create a self signed x509 cert? https://help.ubuntu.com/community/OpenSSL
<post> RoyK: nothing that even looks like syslogd (or bind9) is listed
<DexterF> Slyboots: http://www.snia.org/education/tutorials/2008/spring/storage/Whittington-W_Desktop_Nearline_Enterprise_HDDS.pdf  <- read the section about UER propability when recovering, then do the math for your setup. (you'll end up with: you want raid6. and: you want to rebuild the array and backup/restore, not expand it. and: you want, let's say a HP P400 Smart Array with BBU)
<Slyboots> WEll I dont want to rebuild the array if I can help it
<DexterF> I don't see how raid5->6 could even work. I mean it's possible but I so would not want an array that has a pattern originated from a rather obscure stunt but something fresh from scratch. we're talking data integrity here.
<Slyboots> Well mdadm is supposed to support it
<DexterF> officially? wow, they've come a long way.
<flowbee> trying to generate my first x509 cert: https://help.ubuntu.com/community/OpenSSL ... but curious when it says "Create the server configuration file, by editing ~/myCA/exampleserver.cnf with your favorite text editor. Add this example content:"  ... there is no exampleserver.cnf generated prior to that step
<uvirtbot> New bug: #788284 in facter (main) "Please merge facter 1.5.9-1 (main) from debian unstable (main)" [Wishlist,In progress] https://launchpad.net/bugs/788284
<Daviey> RoAkSoAx: is facter done yet? :)
<amero> anyone ever used checkinstall? why ubuntu tells me it cant find the bin that is installed with checkinstall
<RoAkSoAx> Daviey: give me a sec
<RoAkSoAx> I'm uploading debdiff
<RoAkSoAx> Daviey: suit yourself
<peydude> pmatulis: I got it working :)
<pmatulis> peydude: please do tell
<peydude> pmatulis: I added vlan interfaces to all the host bridges (aka tagged vlans). this way when my guest interfaces attach to the bridges they all work
<peydude> pmatulis: before I had untagged vlan traffic on eth1 and tagged on eth1.5, eth1.200, etc
<peydude> pmatulis: that didn't work. so i stopped using eth1 and just utilized its vlan sub-interfaces
<pmatulis> peydude: fair enough
<pmatulis> peydude: maybe post your new interfaces file
<peydude> pmatulis: i have done everything manually so far. I will update my files and post them
<RoAkSoAx> negronjl: ping
<negronjl> RoAkSoAx: hi
<RoAkSoAx> negronjl: o/ hey, I was wondeirng if you have a howto on how to test https://launchpad.net/bugs/732953
<uvirtbot> Launchpad bug 732953 in facter "can_connect function inside ec2.rb always return false" [Low,Fix released]
<negronjl> RoAkSoAx:  let me check really quick...hold on
<negronjl> RoAkSoAx: withouth the fix.  run facter ec2_ami_id or facter | grep ec2
<negronjl> RoAkSoAx: nothing should come up
<negronjl> RoAkSoAx: with the fix:
<negronjl> RoAkSoAx: run the same and something like this:
<negronjl> $ec2_ami_id
<negronjl> $ec2_ami_launch_index
<negronjl> $ec2_ami_manifest_path
<negronjl> $ec2_block_device_mapping_ami
<negronjl> $ec2_block_device_mapping_ephemeral0
<negronjl> $ec2_block_device_mapping_root
<negronjl> $ec2_block_device_mapping_swap
<negronjl> $ec2_hostname
<negronjl> $ec2_instance_id
<negronjl> $ec2_instance_type
<negronjl> $ec2_kernel_id
<negronjl> $ec2_local_hostname
<negronjl> $ec2_local_ipv4
<negronjl> $ec2_placement_availability_zone
<negronjl> $ec2_public_hostname
<negronjl> $ec2_public_ipv4
<negronjl> $ec2_public_keys_0_openssh_key
<negronjl> $ec2_reservation_id
<negronjl> $ec2_security_groups
<negronjl> should show up
<negronjl> I'll be back in a minute
<RoAkSoAx> negronjl: that's from an instances? or from a machine with ec2 tols configured or something like that?
<RoyK> !pastbin @ negronjl
<ubottu> RoyK: I am only a bot, please don't think I'm intelligent :)
<RoyK> !pastbin
<Pici> !paste
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<IdleOne> !pastabowl | IdleOne
<IdleOne> hehe
<Pici> RoyK: !pastebin is already an alias to <paste>
<Pici> this however, isn't the correct spelling of anything; !pastbin
<RoyK> guess my slight typo was the issue :P
<Pici> :)
<RoyK> pastbin - whatever happened five months ago?
<RoAkSoAx> Daviey: i'll let you know when facter is done as I'm waiting for someone to test a patch that might be able to drop
<Daviey> RoAkSoAx, I'm actually build testing your debdiff atm
<Daviey> RoAkSoAx, Should i hold off uploading it then?
<RoAkSoAx> Daviey: that works, but was further looking into it and the patch to ec2.rb might be able to be dropped as it seems the error was in a different place and has been addressed differently
<RoAkSoAx> Daviey: yes pelase, just waiting for negronjl to give it a test the way he is used to, and wanna see the results
<Daviey> k
<RoAkSoAx> Daviey: it is not really gonna hurt if it gets uploaded now, though, I'd prefer to not do a second upload tomorrow >P
<RoAkSoAx> Daviey: but if you wanna sponsor somethign for me corosync, pacemaker, and cluster-glue are still in the queue :)
<Daviey> RoAkSoAx, yeah, if it was a case of "not sure when i'll have the patch" - i'd just upload it, but as you are activly working on it - lets wait :)
 * Daviey wonders when RoAkSoAx will apply for access to upload this stuff himself.
<RoAkSoAx> Daviey: i';ll do this week
<RoAkSoAx> Daviey: was catching up with other sutff first
<RoAkSoAx> :)
<Daviey> RoAkSoAx, bah, "mark as patch"
<RoyK> http://karlsbakk.net/fun/swineflupooh.jpg
<ChmEarl> when I log into lucid server I see welcome msg twice: for 10.04.2 and 10.04
<ChmEarl> is this a bug or is it normal?
<Daviey> ChmEarl: When did you install?
<RoyK> it's the motd.tail bug
<ChmEarl> let me see..
<RoyK> just remove /etc/motd.tail
<ChmEarl> Daviey, installed on April 20 2011
<Lenhix> Hello. In which "sub repository" (universe/multiverse) can I find sun-java6-jre. I'm trying to install openfire 3.7.0 from .deb downloaded from igniterealtime.org
<ChmEarl> RoyK, ty
<Daviey> bug 634387 , i thought it was fixed.. bah
<uvirtbot> Daviey: Error: Could not parse data returned by Launchpad: timed out
<ChmEarl> RoyK Daviey - that fix works - now only 10.04.2 gives motd
<ChmEarl> guys BTW - I converted to lucid server from Centos 5.5...not going back
<RoyK> :)
<Daviey> ChmEarl: \o/
<RoyK> ChmEarl: I work for an institute - our scientists need a truckload of software we earlier had to install by hand on those fscking redhat machines - now it's all (or most) available from the ubuntu repos
<ChmEarl> RoyK, only shock I had was perl modules names are polish
<ChmEarl> libmath-bigint-perl
<RoyK> wtf?
<ChmEarl> backwards
<RoyK> i18n?
<RoyK> oh
<RoyK> I see
<ChmEarl> RoyK, in RH world the name is perl-Math-BigInt
<RoyK> I left RH just after rh7
<RoyK> started out with slackware back in 1994 or so, then to redhat, then to debian, then ubuntu...
<minkyferrari> Any one get ldap client to work on 10.04 LTS without errors?
<RoyK> minkyferrari: usually by configuring it correctly :D
<minkyferrari> I am able to authenticate but auth.log says pam_unix(sshd:auth): authentication failure
<minkyferrari> I looked all through my pam modules but can't figure it out
<minkyferrari> I am able to auth though, just want to know what this failure means
<sorrell> Hi all, I am using UEC and  I have a Walrus server and I can't seem to find/mount my RAID controller and I was wondering if anyone knew if it was supported and if so how can I mount it.  The controller is a Dell Perc 5i.  Thanks in advance for any information you can give.
<minkyferrari> Also every 20 minutes or nslcd can't find the ldap server but then times out and reconnects
<bencc> what is the appropriate path for a local apt repository?
<bencc> /usr/local/mydebs is ok?
<bencc> it shouldn't be accessed by anyone
<soren> bencc: What's the point then?
<bencc> soren: I mean that it should be secured
<bencc> I've packaged a server and I want to install it with a local repository
<bencc> I can put it in /home/myuser/mydebs but it doesn't feel right
<post> http://ubuntuforums.org/showthread.php?t=1767372  Can someone help ?
<shauno>  $ host -t AAAA podcast.ubuntu-uk.org
<shauno> podcast.ubuntu-uk.org has no AAAA record
<shauno> achk, wrong window, sorry
<flowbee> how do i make it in my sudo file such taht i dont have to enter a password for sudo
<dannf> flowbee: echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
<dannf> well, that won't work exactly, i'd run visudo to do it
<dannf> like this:
<dannf> flowbee ALL=(ALL) NOPASSWD:ALL
<Slyboots> Hmm.
<dannf> the echo would work if you used sudo tee -a instead of >>
<Slyboots> Is there a way to copy the partition tabel from one disk and map it on another?
<Slyboots> since Im adding this disk to the array it needs to be a duplicate of the others
<dannf> Slyboots: sfdisk can dump a partition table in a format that can be read back in
<dannf> Slyboots: sfdisk <someargs> /dev/sda | sfdisk <someargs> /dev/sdb
<dannf> i don't remember <someargs> off the top of my head, but sfdisk(8) can help you
<dannf> assumes msdos tables, of course
<Slyboots> Mm.. I have to use GPT
<dannf> then you probably need to use parted.. and i don't know that it supports something as trivial
<dannf> (it didn't when we originally adopted it for systemimager, but that was yearsssss ago)
<Slyboots> I cant figure out parted at all.. x.x
<uvirtbot> New bug: #788348 in samba (main) "package samba-common 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 127" [Undecided,New] https://launchpad.net/bugs/788348
<dannf> Slyboots: what bit are you missing?
<Slyboots> all of it, I need to create a bios_grub partition
<Slyboots> But parted doesnt seem to understand what that is
<dannf> bios_grub? i don't understand that either :)
 * dannf has only used gpt on ia64 though
<dannf> i also only use parted for partitioning - i use filesystem-specific tools for doing anything to the parittions
<Slyboots> Its needed for grub to work in GPT partiions
<Slyboots> Otherwsie it doesnt boot at all :P
<dannf> does it just need to be a standard efi boot partition (i.e., fat)?
<Slyboots>  1      1049kB  2097kB  1049kB                        bios_grub
<Slyboots> Apparently, 1mb in size
 * Slyboots fires up gparted :P
<Slyboots> Bah..]
<Slyboots> I may just rebuild
<Slyboots> lol
<Slyboots> Move the OS onto its own disk, then nuke the entire array to use it for storage only
<Slyboots> not sure if thats wise, but it would be a lot simpler
<post> The person that solves my problem gets a free beer* http://ubuntuforums.org/showthread.php?t=1767372   *= free beer will not be given until 10000 years after you die
<dannf> post: if you run 'sudo tail -f /var/log/daemon.log' in another terminal, you might get a clue about the problem
<post> dannf: thanks will try it in a sec
<post> dannf: it cant find /var/log/deamon.log :/
<dannf> daemon not deamon
<post> dannf: I copy pasted what you said "sudo tail -f /var/log/daemon.log" and it gives me a error   tail: cant open /var/log/daemon.log' : File not found
<dannf> hm.. maybe /var/log/syslog then?
<post> dannf: it showed "May 25 20:07:01 server1 CRON[4062]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
<post> May 25 20:07:23 server1 kernel: Kernel logging (proc) stopped.
<post> May 25 20:07:23 server1 rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="763" x-info="http://www.rsyslog.com"] exiting on signal 15.
<post> ^C
<uvirtbot> post: Error: "C" is not a valid command.
<post> "
<andygraybeal> i installed squid.. it's been running great for about forever.. for whatever reason though recently it didn't start - how should i trouble shoot this?  how can i make sure that the service is auto-started at boot?
<jmedina> andygraybeal: check /var/log/squid3/cache.log
<andygraybeal> i guess it's been running fine without issue for a year or more
<jmedina> check the log for any error message
<jmedina> they are always there
<andygraybeal> k thank you
<jmedina> pastebin the last lines
<jmedina> I know a lot of squid errors jje
<jmedina> and their fixes, probably I can help
<andygraybeal> k awesome, thank you, two seconds
<andygraybeal> http://pastebin.com/bCr8dj30
<andygraybeal> i *just* started the service
<andygraybeal> you know what i mean... but i had to manually start the service... which i've never done ever... it's just run without issue for maybe a year now
<dannf> post: no idea; sorry - you might check if some other dns service is already bound to that port, but hard to say for sure w/o lgos
<andygraybeal> jmedina, it's working fine after i started it.. but the thing is i had to start it :)
<jmedina> :)
<post> dannf: [][][][][][][][][[]
<post> dannf: can you recomend something better / equal to bind ?
<jmedina> can you try to disable apparmor and try install again?
<andygraybeal> jmedina, me?
<jmedina> sorry, that was for post
<dannf> post: i don't necessarily think bind is the problem - it could be any number of things that might affect others as well. personally i don't have any experience w/ alternatives to bind
<RoyK> post: bind is the most use dns server on the net - it works
<RoyK> there are others that might work too, but I don't know any better ones
<dannf> post: you can run this to see if something else is listening on the port: sudo netstat -pan | grep :53
<dannf> (if there's a lot of output, please paste to paste.ubuntu.com)
<post> http://paste.ubuntu.com/612982/
<dannf> post: k - then that guess isn't your problem
<dannf> post: does 'sudo grep named /var/log/*.log' output anything?
<post> dannf: yes http://paste.ubuntu.com/612984/
<dannf> hm.. that only tells me that it tried to start, not why it bailed :(
<Aison> damn'it, upgraded to natty and now my dhcp is no longer working....
<dannf> (777 permissions on named.conf are very dangerous, in case that wasn't obvious)
<jmedina> probably trying to fix things...
<dannf> post: one last thing you can try is 'sudo named -g
<dannf> '
<dannf> jmedina: oh - you were talking about this issue - yeah, might be worth disabling apparmor (and yeah, i'm sure post was just trying to fix things)
<post> sudo named -g outputs http://paste.ubuntu.com/612986/
<dannf> post: ah - its complaining about a syntax error, see that?
<dannf> 'options' redefined near 'options'
<dannf> you might take a look at your config file to see what is wrong
<jmedina> post can you paste named.conf.options?
<jmedina> also the output from named-checkconf please
<Aison> stupid isc dhcp server is not compiled with ldap support or what?
<jmedina> ldd it :)
<Aison> yes, looks like so, it's not compiled with ldap support
<jmedina> probably you can use dpkg -s and check if depends on ldap libs or something
<Aison> well, my dhcpd.conf is invalid and not working
<post> named.conf.options   http://paste.ubuntu.com/612992/
<Aison> anyway, not my problem now ;) i've got my fixed ip, maybe 60 other people may have got problems now, lol
<post> jmedina Thx my ISP changed his DNS ips last night
<post> Changed it to the new ones but stilll [FAIL]
<jmedina> mmm
<jmedina> what about the output from named-checkconf?
<jmedina>  and grep ^options /etc/bind/*
<post> jmedina I cant find  named-checkconf
<jmedina> o_O
<jmedina> run it
<post> root@server1:~# named-checkconf
<post> /etc/bind/named.conf.options:1: 'options' redefined near 'options'
<post> root@server1:~# grep ^options /etc/bind/*
<post> /etc/bind/named.conf.options:options {
<jmedina> are thos *** lines in the options file?
#ubuntu-server 2011-05-26
<jmedina> *****named.conf.options*****
<post> no
<jmedina> mm
<jmedina> now this: grep options /etc/bind/*
<post> http://paste.ubuntu.com/612998/
<jmedina> that is
<jmedina> you are including options again in .local
<jmedina>  /etc/bind/named.conf.local:include "/etc/bind/named.conf.options";
<jmedina> delete that line from named.conf.local
<jmedina> and run named-checkconf again
<post> /etc/bind/named.conf.local:39: open: /etc/bind/named.conf.local: too many open files
<jmedina> please, post the output from named.conf.local
<post> half-asleep / jmedina: can you give me the command for it again ;)
<jmedina> just show me the content
<post> o
<post> k
<jmedina> did you edited named.conf.local by hand?
<post> nano
<jmedina> that is extrange
<post> http://paste.ubuntu.com/613002/
<jmedina> if you didn't someoneelse did
<post> never touched it...
<jmedina> mmmm
<jmedina> well there are some direct and  reverse zones loaded
<jmedina> and other thing
<jmedina> named.conf.local incluids again include "/etc/bind/named.conf.local"; at the end
<jmedina> probably it is a old installation
<jmedina> purge the package and delete all the /etc/bind :)
<jmedina> aptitude purge bind9
<jmedina> and install again
<post> hmmmmm
<post>  * Starting domain name service... bind9                                 [ OK ]
<post> jmedina: Thank you :)
<jmedina> :)
<jmedina> it looks like someone used bind in that server before you
<post> Webmin => Servers => BIND DNS Server  doesnt load :(
<post> everything else in webmin works fine accept bind
<jmedina> jajaja
<jmedina> the it was webmin
<jmedina> :)
<jmedina> sorry webmin is not supported :)
<moonpup> would anyone know why after setting up postfix and dovecot I can no longer check mail from the command line using 'mail' from the heirloom-mailx package? I see mail in my Maildir/new directory, but mail says I have no new mail :(
<SpaceBass> apparently Drobo shows up as series of 2tb disks in Linux? should I use LVM or is there something more preferable to make them work as one drive?
<Snugger> Hello, does anyone know how to close a screen session within ubuntu server? i can't find what i should type and the server i'm running on a screen session froze.
<qman__> ^a d
<uvirtbot> qman__: Error: "a" is not a valid command.
<Snugger> I don't understand qman
<qman__> hold control and press a
<qman__> then press d
<Snugger> that just returns you to the main console, that doesn't close out of a screen session
<qman__> that detaches from a screen
<qman__> thought that's what you were after
<qman__> if you just want to kill it, ps aux or screen list, and kill the pid
<Snugger> thats what i'm after =D
<qman__> if it's really stuck, you may need kill -9
<qman__> but only do that if it won't stop with a regular kill
<shauno> if it'll reattach (just screen -r), I'd try to kill the window with ctrl+k from within screen.  that way you don't need to clean up leftover pipes
<Snugger> so i type in ps aux and then type..?
<shauno> ah, ctrl+a, k rather
<qman__> try that first
<qman__> if it doesn't work, ps aux | grep [hung process name]
<qman__> take note of the PID, then kill [PID]
<twb> qman__: pgrep
<Snugger> thank you guys, ctrl + a + k worked
<Snugger> i apoligize i'm new to ubuntu server, i want to do some more cool stuff with ti
<shauno> that one's specific to screen.  learning how to seek & destroy is useful too :)  but if I can get screen to clean up it's own children, means less leftover cruft
<twb> !RUTE
<ubottu> documentation is to be found at http://help.ubuntu.com and http://wiki.ubuntu.com - General linux documentation: http://www.tldp.org - http://rute.2038bug.com
<twb> I don't know about you, but on my system something in my config makes screen leak memory like a mofo -- RSZ of 200MB by the end of the day
<qman__> I haven't run into that problem
<qman__> and I run a screen'd irssi 24/7
<qman__> on a box with 256MB
<twb> Yeah, I have talked to upstream about it and they don't know either.
<flowbee> i'm connecting to a vpn server that seems to affect my routes.  you can see here:  https://gist.github.com/990377 ... my question is; what should i do after this happens so that *only* traffic from port 80 will be sent through the assigned routes?
<twb> That's a question for #netfilter
<shauno> it doesn't actually answer your question, but where it adds a route for 0.0.0.0 .. there's a good chance removing that route will do what you're actually trying to achieve
<qman__> yeah
<qman__> routes aren't set based on ports
<flowbee> so removing that route would allow me to pass nothing through the vpn
<twb> shauno: AIUI he wants *only* port 80, i.e. he needs netfilter to add marks and then "ip rule" to set up mark-based routing
<qman__> it's possible to reroute traffic with some iptables magic
<flowbee> so sounds like: step 1) remove the route of 0.0.0.0
<flowbee> and 2) use iptables to do the rest?
<qman__> pretty much
<shauno> twb: I understand that's what he's asking.  I'm not sure if that's actually the route to his problem
<twb> OK
<twb> wouldn't be the first xy problem
<shauno> (as I prefixed "this doesn't answer your question").
<qman__> if you're trying to access known resources on the VPN, you don't need to do any of that
<qman__> you just need to set your normal default gateway and then ensure the appropriate VPN routes are set
<qman__> but if you actually want all web traffic to route through the VPN, then yeah, you need to do some fancy stuff with iptables
<shauno> I'm assuming he's running into an issue like I get, where if I vpn to work, I can't access irc because work becomes my default route, and work block irc.  fixing his routes so that only traffic destined for the vpn'd network goes down the vpn, and traffic destined for the public internet goes over his local link, would be a better solution to such a problem
<flowbee> so this can be done purely with iptables
<shauno> (if my assumption is right, of course)
<flowbee> and i leave the routes that are pushed down in place?
<patdk-lap> no
<twb> If that's the case he just needs to not set up his VPN to be retarded
<patdk-lap> you use iptables to mark the packets you want to use those routes
<flowbee> shauno, that is what i'd like to do
<patdk-lap> and you adjust the routing table to notice that mark and use a seperate routing table for those
<twb> Ideally one woudl first tell the VPN client not to break the 0/0 route in the first place
<qman__> and chances are
<qman__> if the work VPN is not under your control, and is still set up that way
<qman__> it's for a reason
<qman__> check your company policy
<flowbee> well its the vpn provider;  i just done need all my traffic to go through them
<flowbee> its for personal use
<qman__> if you have control over the VPN server, tell it not to funnel all traffic
<flowbee> i sadly have no control over the vpn server
<flowbee> i just have control over what i do once i connect to it and after it pushes those routes down
<uvirtbot> New bug: #788419 in openssh (main) "package openssh-server 1:5.8p1-1ubuntu3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 useradd: cannot lock /etc/gshadow; try again later" [Undecided,New] https://launchpad.net/bugs/788419
<flowbee> patdk-lap, so how would i adjust that routing table
<qman__> route del default gw 1.2.3.4
<qman__> where 1.2.3.4 is the VPN server
<flowbee> so that will allow any traffic to flow *not* through the vpn
<flowbee> correct?
<qman__> yes
<qman__> assuming you still have your normal, internet default gateway set
<qman__> if not you'll have to set it again
<flowbee> then the only thing i need to do is figure out how to use iptables to send traffic ... through ... ?
<flowbee> i'm getting: Thu May 26 05:41:03 2011 Note: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)  when i try to connect to openvpn server.  from 10.04 server.
<Doonz> hey guys. i have 3 servers. 2 of the three can access a website the other cannot. they all go through the same gateway and have the same dns server. from the one machine that cannot ping the website using its url i can ping the ip address and it will work.. any ideas?
<negronjl> ...maybe here I'll have better luck.  I am trying to upload a package to launcpad ( via dput ) but, I am getting a rejection that I don't understand ( https://pastebin.canonical.com/47851/).  Any thoughts anyone?
 * negronjl is done for the day
<SpaceBass> apparently Drobo shows up as series of 2tb disks in Linux? should I use LVM or is there something more preferable to make them work as one drive?
<jonf> Hi!
<jonf> I have a problem after an upgrade from 10.10 to 11.04 using do-release-upgrade - I do not have a text login any more on my default VC
<jonf> tty0 seems to work fine though (using cat to and from it)
<jdstrand> if Aison shows up, someone might point him at isc-dhcp-server-ldap
<kthomas_vh> will mod_evasive work with apache2-mpm-prefork?
<slicslak> hey guys
<slicslak> i'm downloading some libraries to compile from source and wondering where the best place to store the source code is.  I'm assuming /usr/src but figured i'd to see what others are doing
<kthomas_vh> depends on the libraries :)
<slicslak> hah!
<slicslak> in this ffmpeg and various codecs
<slicslak> ^case
<uvirtbot> slicslak: Error: "case" is not a valid command.
<slicslak> perhaps the better question is, is using /usr/src a bad idea?
<twb> Suppose the root filesystem has a directory, /srv, on which is mounted a separate filesystem.  *Without* unmounting /srv, is it possible to chmod 0 the mountpoint beneath it?
<twb> Hm, looks like I can with mount --bind
<eagles0513875> hey guys
<eagles0513875> im trying to update the motd on my server by changing and saving /etc/motd
<eagles0513875> yet every time i relogin to my server the motd message doesnt show but the server specs
<eagles0513875> and stat usage
<eagles0513875> do i need to install update-motd?
<flowbee> how bad an idea is it to remove the need to type a password for sudo?  i have only key based auth to the server; so i'm not really worried about users logging in
<eagles0513875> flowbee: wait you mean sudo login via ssh
<tsimpson> eagles0513875: no he doesn't
<eagles0513875> ok
<tsimpson> flowbee: if your system is very locked down as to who can interact with it, which is sounds like yours is, then I think it's not too insane to remove password auth. however having an extra auth layer for sudo action is always a good thing :)
<twb> 16:42 <eagles0513875> im trying to update the motd on my server by changing and saving /etc/motd
<twb> eagles0513875: wrong; edit motd.tail
<eagles0513875> twb: ok
<twb> flowbee: personally I enable key-based ssh as root
<twb> flowbee: apart from bypassing that issue, it makes it less of a hassle to do e.g. ssh x tar -c etc | ssh y tar -x
<twb> I also add NOPASSWD for me, but not my users :-)
<twb> tsimpson: the downside of too MUCH auth is that then you get security by post-it
<tsimpson> I prefer to enforce sudo use, as it's logged. but that all depends on the specific scenario
<twb> tsimpson: unless you NOEXEC, it isn't logged
<twb> At least, no more logged than sshd
<twb> and NOEXEC will break things like /etc/init.d/*
<tsimpson> but every times sudo is used, it logs the user and command
<twb> (Hint: "sudo -i", or "sudo python -c ...", or "sudo whatever", where "whatever" is some GUI diagramming tool that happens to contain a python debugging shell.)
<tsimpson> the point being that sudo is mostly for running a command, where ssh is mostly for logging-in
<tsimpson> obviously not always, but generally
<twb> Maybe you use it that way, but an attacker that doesn't want his privileged commands logged is not going to run each one separately
<twb> I guess it depends if you're trying to log malicious users or accidental rm -rf's from other trusted but not-too-bright sysadmins
<tsimpson> but the attempt to gain sudo is logged, and you can tell what account was comprised
<twb> tsimpson: well, the same applies for ssh
<tsimpson> ssh tells you who logged in, sudo tells you who attempted to gain privileges
<tsimpson> restricting sudo is a pre-requisite for security
<twb> I give up
<twb> Argh
<twb> printer admin installed hplip, which pulled in fucking console kit
<flowbee> once you set the rc.locals or whatever to make the /etc/init.d/ script active on startup... if i modify the script do i need to redo that rc.locals command?   .. or will it just work
<LinSkyrate> question: how can someone easy explain howto make a private cloud using virtual desktops directly from the private Ubuntu Server and dont use Amazom?
<Syria> After successfully  installing Ubuntu server 10.4.2 and configuring software raid all i get is a blank screen on booting! and this were the instructions that i have used https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html
<huats> morning
<Aison> damn ubuntu natty, now my dhcpd suxx :((((  dhcpd: getentry.c:46: ldap_next_entry: Assertion `ld != ((void *)0)' failed.
<corumx> Hello, I need some help figuring out a LAMP problem
<corumx> anyone can help?
<koolhead11> guys just put your wuestion please, instead asking permission for that :)
<corumx> soory
<koolhead11> *question
<corumx> The LAMP is installed and it is working, what I need is to create a "shortcut" from a folder in a NTFS partition and open the content from the browser. It gives me error 403 Forbidden, and I can't change the folder permissions. Anyone can help me
<frenzz> Hello, what difference betveen desktop ubuntu and server in case use as virtualization host (virtualbox or KVM) ???
<aurigus> corumx: are you having problems with html files or executing php files?
<corumx> no
<corumx> aurigus: no
<aurigus> what user is shown as owner on your ntfs partition
<aurigus> and what user is apache running on
<aurigus> make them match and your error will be gone
<corumx> aurigus: please help me change the ntfs partition ownership
<koolhead11> frenzz, kindly check ubuntu community documentation
<aurigus> corumx: you set ownership in /etc/fstab on the mount point
<aurigus> in the options field: uid=apacheuser,gid=apachegroup
<aurigus> its not really a great solution but it should work
<corumx> aurigus: I don't have the ntfs partition on fstab file
<corumx> aurigus: I solved the problem
<aurigus> Beat it with a hammer?
<corumx> aurigus: I just install the NTFS Configuration Tool I it works now. Possible that this tool changes permissions on the NTFS partitions. Thank you for the help ;)
<koolhead11> kim0, ping
<bencc> when using ubuntu-server as a guest, is there to use LVM?
<kim0> koolhead11: hey
<kim0> koolhead11 is everywhere :)
<kim0> bencc lvm would probably make more sense on the "host" .. but it really depends on what you're trying to do
<bencc> kim0: in that case I don't need it. just want a simple server as a guest. thanks
<kim0> cool
<koolhead11> kim0, hehe!! what did i do now!! :D
<kim0> haha
<koolhead11> hey TeTeT :)
<kim0> TeTeT: woohoo o/
<TeTeT> hi gents
<koolhead11> haha
<SpaceBass> anyone using mhddfs and have any thoughts about stability?
<zul> Daviey: i added a comment to the seeds sepc
<Daviey> zul, and i responsed :)
<zul> Daviey: maybe we should have a "grab bag spec" so that work items that doesnt fit really anywhere else can be put in one place and tracked
<Daviey> zul, I think that idea might have legs.
 * Daviey ponders
<alvin> I'm looking for a workaround for bug 769927 (can someone mark it as critical?). A workaround would be to unmount nfs shares automatically at shutdown before the would actually be unmounted. What's the opposite of rc.local in that regard?
<uvirtbot> Launchpad bug 769927 in linux "Kernel Oops : Dentry  still in use (1) [unmount of nfs4 0:1d]" [Undecided,New] https://launchpad.net/bugs/769927
<Doonz> hey guys Im looking at using x forwading for some apps. My question is it possible to keep an app running when i lose my network connection and just am able to reattach?
<alvin> Doonz: NX can do that.
<Doonz> oh yes i forgot about that program
<Doonz> thanx
<soren> kees: Hey. OpenStack currently uses sudo to elevate privileges when it needs to do "stuff". This sucks for a number of reasons and we'd like to change it. Do you have any recommendations? The euca_rootwrap thing? userv? Just run everything as root? :)
<klzk> Hello, anyone available here?
<pmatulis> klzk: no, nobody is here today
<klzk> I've installed Ubuntu 10.0.4 LTS server to tunnel ipv6 over ipv4
<klzk> :x
<pmatulis> klzk: there are 309 people in this channel
<klzk> But they might be not available x)
<klzk> Might you be able to help me pmatulis?
<pmatulis> !ask | klzk
<ubottu> klzk: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<zul> soren: i have a work item to look at the eucawrap thing for openstack
<klzk> Kk, I've set up an IPv6 tunnel over ipv4 and pinging from the server is going great. But now i want to ping from my machines to the internet over this tunnel it won't work. If i Ping from ipv4 to this server i get response. Same thing goes if i ping Fe80 (internal) but when i try Ipv6 2001 from DHCP i don't get any response. i edited the file in /etc/sysctl.conf to accept ipv6 routing
<soren> zul: Cool!
<klzk> also i forced to accept routing on /proc/sys/net/ipv6/conf/all/forwaring
<klzk> ah mind the typo(s) please
<bencc> after editing /etc/network/interfaces, what service do I need to restart?
<klzk> sudo /etc/init.d/networking restart
<soren> zul: Not sure if it was on your todo anywhere, but I just uploaded a working Xen package to Oneiric.
<zul> which version?
<soren> 4.1.0
<RoyK> lol - this norwegian news site just reported that Fedora 15 was so cutting edge it supports encrypted homedirs
<zul> hmm...i dont see it on oneiric-changes yet
<zul> soren: what did you do to fix it?
<soren> zul: "just" being the operative word.
<zul> soren: heh
<soren> It'll probably hit oneiric-changes within the next 30 seconds.
<soren> (the clock just having passed the hour)
<zul> soren: it also doesnt help that i was looking at natty-changes
<cerberos> :join #vimperator
<soren> zul: Probably not, but really, I didn't get the accept e-mail until after I made my "within the next 30 seconds" comment.
<zul> soren: cool anyways thanks
<soren> zul: Sure.
<m3asmi> /etc/init.d/dhcp3-server: command not found !!!
<pmatulis> m3asmi: natty?
<m3asmi> pmatulis: what
<m3asmi> N?
<m3asmi> pmatulis: yes   natty :)
<koolhead11> m3asmi, /etc/init.d/isc-dhcp-server :D
<uvirtbot> New bug: #788623 in nagios3 (main) "Please sync nagios3 3.2.3-1 from Debian Unstable" [Undecided,New] https://launchpad.net/bugs/788623
<kees> soren: sudo is too wide, which is why I liked my eucarootwrap idea... it validated arguments, etc. alternatively, you could write a dbus backend to do the work (it would do the arg validation)
<soren> kees: wouldn't I just be reinventing userv then?
<RoyK> kees: sudo is too wide for what?
<soren> kees: Actually, sudo lets you specify arguments that you're allowed to pass and whatnot.
<soren> kees: My beef with it is that it creates pam sessions and it's a little brittle for my taste in terms of configuration.
<m3asmi>  koolhead11: thinks a lot
<m3asmi>  koolhead11:thanks a lot ;)
<lynxman> ping zul
<zul> lynxman:  whats up?
<uvirtbot> New bug: #788647 in rabbitmq-server (main) "Soft link to version 2.3.1 instead of 2.4.1 break plugin builds" [Undecided,New] https://launchpad.net/bugs/788647
<kees> soren: i don't know userv. my wrapper came with helper tools to deeply validate args
<lynxman> zul: got all the rabbitmq stomp goodness for you
<lynxman> zul: https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/788647 <-- attached debdiff
<uvirtbot> Launchpad bug 788647 in rabbitmq-server "Soft link to version 2.3.1 instead of 2.4.1 break plugin builds" [Undecided,New]
<kees> RoyK: for openstack privileged operations
<zul> lynxman: thanks ill look at it laster
<lynxman> zul: and all the other packages here https://launchpad.net/~lynxman/+archive/ppa
<soren> kees: userv has a daemon that acts on your behalf. I/O is passed over a UNIX socket (IIRC). It sanitises environment and lets you limit args passed.
<soren> kees: It's a bit long in the tooth, so it probably does't support capabilities, though.
<soren> kees: It's a tool Ian Jackson wrote and I believe he said it had been formally audited.
<zul> tomcat uses it i think
<kees> interesting
<soren> zul: What, really?
<zul> soren: i think so
<zul> or maybe not
<RoyK> kees: just create wrapper scripts
<zul> kees: anyways euca rootwrapper is on the wi tracker for openstack
<uvirtbot> New bug: #788651 in python-boto (main) "Please merge python-boto 1.9b-4 (main) from debian unstable (main)" [Undecided,In progress] https://launchpad.net/bugs/788651
<hallyn> kirkland: jinkeys, byobu just crashed on me it seems
<hallyn> i lost my ssh connection, reconnected, and it was gone
<hallyn> ooh, juicy, i've got a segfault in syslog
<hallyn> May 26 10:10:36 sergelap kernel: [658538.322656] screen[21148]: segfault at 0 ip 000000000042bce0 sp 00007fffa3a78f10 error 4 in screen[400000+58000]
<kirkland> hallyn: natty?  or oneiric?
<hallyn> natty
<hallyn> opened bug 788670
<uvirtbot> Launchpad bug 788670 in byobu "segfault in byobu in natty" [Undecided,New] https://launchpad.net/bugs/788670
<kirkland> hallyn: technically it's screen that segfaulted, not byobu
<kirkland> hallyn: how did you launch?
<hallyn> ssh-agent byobu
<hallyn> well, of course, byobu is just config files...
<hallyn> guess i shoudl retarget then
<hallyn> i don't know that i can reproduce, it's a weird one
<kirkland> hallyn: these two lines are causing segfaults for a number of people:
<kirkland> layout save byobu
<kirkland> layout autosave
<kirkland> hallyn: the layout feature in screen is buggy
<kirkland> hallyn: let me check upstream git
<scalability-junk> what permissions do i have to set in the ftp dir to be used by wordpress for automativ upgrade?
<scalability-junk> ups sorry wrong window
<kirkland> hallyn: i bet it's fixed by 8cf5efc07048abee125a24652768f4b24fc761bf
<kirkland> hallyn: the last commit in screen's git
<kirkland> hallyn: were you launching a new session, or reattaching to an existing one?
<hallyn> attaching to an existing one
<kirkland> hallyn: yup
<hallyn> which may have been still up as the ssh session may not have timed out yet
<RoyK> From http://www.conservapedia.com/Wikipedia - "Wikipedia is a online encyclopedia[1] written and edited by an ad hoc assemblage of anonymous persons who are mostly, according to the Register (UK)[2][3], teenagers and unemployed persons."
<RoyK> rotfl
<RoyK> everyone should read conservapedial from time to time :D
<kirkland> hallyn: can you reproduce it easily, by starting another session, detaching, and then attaching in the same way?
<m3asmi>  dhcpd: Not configured to listen on any interfaces!
<uvirtbot> New bug: #788680 in samba (main) "package smbclient 2:3.5.8~dfsg-1ubuntu2 failed to install/upgrade: corrupted filesystem tarfile - corrupted package archive" [Undecided,New] https://launchpad.net/bugs/788680
<m3asmi>  dhcpd: Not configured to listen on any interfaces!
<thesheff17> if a project is failing to build on launchpad will it not install? https://launchpad.net/~igraph/+archive/ppa I add the repo & apt-get update & I don't see any packages for igraph or python-igraph is this due to the build failing?
<thesheff17> natty 64bit is my version.
<pmatulis> thesheff17: right, if it's not there you can't use it
<RoAkSoAx> negronjl: ping
<negronjl> RoAkSoAx:  hi.  give me a few minutes.  I"ll ping you in a few.
<RoAkSoAx> negronjl: k thansk ;)
<dinox> hi
<dinox> anyone have experience in adding freetype support to php?
<RoyK> teenage mutant evilsushi?
<negronjl> RoAkSoAx: hi.
<evilsushi> RoyK: =D
<zul> lynxman: uploaded thanks
<lynxman> zul: yay :)
<uvirtbot> New bug: #788742 in mysql-dfsg-5.1 (main) "package libmysqlclient16 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/libmysqlclient.so.16.0.0', which is also in package mysql-cluster-client-5.1 0:7.0.9-1ubuntu7" [Undecided,New] https://launchpad.net/bugs/788742
<Daviey> RoAkSoAx, funny that, I am looking at writing custom facts as we speak.  Is it the same debdiff as yesterday?
<koolhead17> is there some separate channel for ubuntu orchestra
<Pici> What is Ubuntu orchestra?
<koolhead17> https://launchpad.net/orchestra
<koolhead17> hey RoAkSoAx
<negronjl> Daviey:  check facter-customfacts-plugin in ppa:orchestra/ppa
<RoAkSoAx> Daviey: I just dropped a patch
<Daviey> negronjl, How about give me a hint what it does? :)
<Pici> koolhead17: doesn't look like it, but as you can see here, it looks like some orchestra stuff is happening here
<negronjl> Daviey:  facter-customfacts-plugin allows you to create custom facts by using a script called fact-add.
<koolhead17> Pici: yeah just realized!! :D
<negronjl> Daviey:  ie:  fact-add <new_fact> <new_value>
<RoAkSoAx> hi koolhead17
<negronjl> Daviey: that is how we are currently adding new facts in orchestra
<RoAkSoAx> Pici: orchestra is the provisioning/config management, etc etc from Ubuntu
<Daviey> negronjl, interesting... what about the .rb script?
<Pici> RoAkSoAx: Ah. Neat.
<RoAkSoAx> Pici: so it is just the integration of puppet/cobbler/etc etc into one single solution
<Pici> RoAkSoAx: I was hoping it meant something like that, no need to completely reinvent the wheel.
<negronjl> Daviey:  the script is so we can read the facts ( which are stored in /etc/facts ) and incorporate them into facter
<Daviey> negronjl, Hmm.. why do you need an additional command to add them?  Surely being in RUBYLIB is enough?
<koolhead17> RoAkSoAx: is munin there as well ?
<negronjl> Daviey:  fact-add and fact-del just add the custom fact in /etc/facts where the filename is the new fact and the contents of said file is the value of said fact
<Daviey> negronjl, interesting...
<negronjl> Daviey:  this way I can programatically add and remove facts without having to write a .rb file for each
<negronjl> customfacts.rb reads /etc/facts and adds it all into facter
<negronjl> Daviey:  ^^
<Daviey> negronjl, i see!
<Daviey> negronjl, elegant.... Are you putting this in oneiric any time soon?
<Daviey> I was working on something similar... and duplicating of work--
<negronjl> Daviey:  I am pushing it to bzr and my PPA for all to see/per-use/test.  I'll need a sponsor ( hint hint ) :)
<Daviey> negronjl, happy to..
<Daviey> negronjl, However, might need resync'ing with what is about to be in Oneiric
<negronjl> Daviey:  no worries.  It's a simple enough package.
<Daviey> negronjl, As we are starting to crack on with feature work now, we really need to be clear what each of us are working on to make sure we are complementing and not duplicating.
<negronjl> Daviey:  I agree.  Any place where current work is being coordinated
<negronjl> ?
<koolhead17> RoAkSoAx: is there any documentation explaining about the components part and other stuff
<Daviey> negronjl, the blueprints? :)
 * koolhead17 looks at Daviey
<RoAkSoAx> negronjl is there any documentation yet?
<RoAkSoAx> lynxman: ^^
<negronjl> RoAkSoAx:  not yet.  we'll have it soon
<RoAkSoAx> koolhead17: ^^
<RoAkSoAx> negronjl: thanks ;)
<koolhead17> RoAkSoAx: thanks. :D
<koolhead17> am more interested to see munin in the list too 4 monitoring :)
<adam_g> is there any way of testing/debugging cloud-init userdata after instance has booted?
<adam_g> ^ smoser
<uvirtbot> adam_g: Error: "smoser" is not a valid command.
<smoser> adam_g, yes.
<smoser> the real question, though, is why smoser is not a valid command
<adam_g> misallocation of resources. i blame management
<smoser> https://groups.google.com/group/ec2ubuntu/browse_frm/thread/d4d51238a2afb55b/bca69f3e89c88d0b?lnk=gst&q=fast+way+to+test+user-data#bca69f3e89c88d0b
<adam_g> danke
<smoser> fyi, seed directory changed in natty
<jimbobco> anybody else having problems with archive.canonical.com?
<jimbobco> would someone mind hitting http://archive.canonical.com and letting me know the results?
 * soren recommends http://www.downforeveryoneorjustme.com/
<negronjl> Daviey: facter-customfacts-plugin is ready in lp:~negronjl/+junk/facter-customfacts-plugin
<jimbobco> thanks soren
<negronjl> Daviey: check it when you get a chance and let me know
<jimbobco> that's handy
<soren> jimbobco: Quite.
<soren> jimbobco: It has no sense of humour though... http://www.downforeveryoneorjustme.com/www.downforeveryoneorjustme.com
<jimbobco> made me laugh :)
<jimbobco> wonder if there's a loop there to be exploited
<Daviey> negronjl: ok, will look shortly
<BPower> I posted this in #ubuntu but was told this would be a more appropriate place to post it.
<BPower>  I'm really confused.  Apache should always load the first virtual host if it doesn't match any others but mine is ALWAYS loading the second virtual host. my vhost file: http://pastebin.com/zeJjpMJb. Locations in question: http://50.57.73.250/ http://stage.dev.mvretail.com/
<soren> BPower: Because the second one has a more specific <VirtualHost XXX>
<soren> BPower: Make them the same (i.e. <VirtualHost *:80>), and you're golden.
<BPower> soren, thanks. I just fixed that and it's working now for those two.
<BPower> now i've added one more vhost and it's always going to the default. i'll paste the new file
<BPower> http://pastebin.com/wrT1fMkB
<BPower> going to http://dev.mvretail.com/ should say "We're live!"
<BPower> going to http://stage.dev.mvretail.com/ should say "We're stage!"
<BPower> and going to http://50.57.73.250/ should say "We're www!"
<BPower> as you can see, all work except live
<littlebearz> permission error?
<littlebearz> make sure DocumentRoot /var/www/live/MerchantView/ is readable my apache i think
<littlebearz> do ls -alh on /var/www/live
<BPower> littlebearz, are you talking to me? the entire /var/www has the same permissions (I just did it)
<littlebearz> oh, wait, which one doesn't work?
<BPower> live
<littlebearz> hm.. I don't see any thing wrong with your config, anyone else found anything?
<BPower> I'm going to test swapping the last two and see what happens
<BPower> thanks littlebearz, soren
<littlebearz> maybe it's your vhost taking all the *:80, but i don't think that's the problem
<littlebearz> let me dig out my config
<littlebearz> nvm LOL, i have a nginx config http://pbin.xxw.ca/84fb3b462.php
<maxb> BPower: That's a bit confusing. However, do you have a NameVirtualHost *:80 line elsewhere in your config?
<BPower> maxb, ya, ubuntu-server has it by default in /etc/apache2/ports.conf
<BPower> btw littlebearz maxb & soren, swapping the order didn't fix it or change any behavior at all
<littlebearz> BPower: hm.. i might check if the folder exist and then the typo
<BPower> littlebearz, no typos and folder exists
<BPower> (just double checked)
<littlebearz> BPower: i'm baffled, um. try to remove the / after MerchantView ?
<soren> BPower: Don't put port number in the servername.
<BPower> littlebearz, soren, trying now thanks :)
<BPower> littlebearz, soren, applied both  -- don't know which did it but now live.*  works but dev.* still doesn't
<soren> BPower: What does your conf look like now?
<BPower> soren, littlebearz, maxb:  Found the problem
<BPower> Since /etc/apache2/conf.d/fqdn was not created, it would use my server's hostname as the default for anything it didn't recognize
<BPower> My server's hostname happened to be dev.mvretail.com
<BPower> so it was hijacking the vhost
<BPower> i solved it by creating /etc/apache2/conf.d/fqdn with "ServerName localhost"
<littlebearz> BPower oh thanks, I didn't know that , i thought apache auto detect localhost and uses that as FQDN
<BPower> littlebearz, ya apparently it autodetects the actual hostname ...which seems like more of a bug than a feature to me.
<littlebearz> BPower: experience is what you get when you didn't get what you wanted :)
<BPower> lol nice
#ubuntu-server 2011-05-27
<jeeves_moss> how can I set up spamassisan to learn what is spam/ham and move e-mails as they come in to the proper folders?
<SpamapS> jeeves_moss: I believe it has an auto_learn option that will help it classify the spam in the future.
<SpamapS> jeeves_moss: spamassassin isn't a delivery agent though, so you have to have procmail/maildrop/sieve do the folder selection based on spamassassin's headers
<ascheel> startup question.  How does upstart affect the execution order of scripts in /etc/rc?.d ?
<ascheel> How does Ubuntu differ in how the startup scripts are executed from Debian?
<jeeves_moss> some of the start up scripts (like Samba) have been moved to Upstart, but for the most part, they're still in /etc/init.d/
<ascheel> jeeves_moss: I understand that, but I was wondering about the execution order.  I was told init.d scripts just get executed as a group once upstart completes.
<MTecknology> How can I have midori open over ssh with -X?
<MTecknology> I'm trying to run midori from a server...
<persia> MTecknology, Does `ssh -nfX $HOST midori` not work?
<MTecknology> persia: nope
<MTecknology> Midori - Cannot open display:
<persia> How about `ssh -X $HOST`, then `midori &` on the host?
<MTecknology> same thing
<persia> Right.  Can your ssh target host find your display host over the network?
<MTecknology> doesn't seem like it..
<MTecknology> I tried export DISPLAY=:1 and DISPLAY=:0
<MTecknology> maybe i'll see if i can have better luck with firefox
<MTecknology> nope
<persia> I'd recommend instead trying to get xterm to work, or something else similarly simple as a test case.
<MTecknology> persia: what should DISPLAY be set to?
<persia> It should autoset: it gets different values.  Probably something like "localhost:${X}.0"
<MTecknology> it doesn't get set to anything
<persia> In a quick test I just ran, X was 10 for one combination of hosts, but it's not reliable.  You can look at the output of `netstat -ntl` to see on which port things are listening, for "localhost:10.0", I had a new listener on port 6010
<MTecknology> i wonder if i'm missing something I need to make it work...
<MTecknology> this sucks... i have no reason to run the app on my server other than needing to access the site from that ip and only a javascript supporting browser will work
<MTecknology> I wonder if I could proxy that URL through my server......
<twb> :10 is just because ssh -X starts from there
<twb> It doesn't have to, and if you have >1 it will increase
<MTecknology> I'm trying to have my web server proxy the browser request so it looks like it's coming from that system
<persia> twb, Is there an ssh argument that lets you force it to a specific higher value, or is it always counting from 10?
<MTecknology> eh... trying to proxy like that isn't going to work
<MTecknology> why can't this site just support non-javascript browsing?
<MTecknology> I get a redirect loop when trying to proxy the requests
<twb> persia: not sure
<twb> persia: I don't recall one
<greppy> MTecknology: does your ssh daemon on the server allow X11 forwarding?
<MTecknology> greppy: as far as i can tell, ya
<persia> I suppose one could do something with -R, but I don't see anything in the manpage.
<twb> persia: ssh -X also does MIT cookie dance with xauth(1)
<twb> MTecknology: is xauth installed on both ends?
<greppy> MTecknology: do you have an X11 server running on your client machine?
<MTecknology> AH!
<MTecknology> missing xauth
<MTecknology> now for the fun... waiting for all the traffic
<persia> twb, Looks like it does an extra hack & proxy, with different key matter on each machine when dancing too.  That's kinda nifty.
<twb> The xauth dance is normal for remote X
<MTecknology> aahhh.... segfault after midori loaded
<twb> MTecknology: read /usr/share/bug/midori/presubj
<twb> (Unfortunately Ubuntu users don't see that, because they use stupid apport instead of reportbug :-////)
<MTecknology> i don't have either of those apps installed :P
<MTecknology> firefox seems to be working with xauth installed too
<MTecknology> couldn't be too much slower - but it's working :)
<persia> twb, The issue is more that apport is overly intelligent, but doesn't collect reportbug data.  There's entire libraries of support hooks, etc. which are completely different.
<twb> persia: well, I also hate that apport works by firing up a browser
<ScottK> It can also just hand you a url.
<persia> Shouldn't do that on servers by default: it should just prepare some data and instruct one to open a browser (potentially somewhere else).
<ScottK> IIRC that's was apport-cli does.
<twb> ScottK: but if you're on a prison server, and you don't have access to the internet, you can't just have it collect information and generate a message ready for me to manually copy out and pass straight to sendmail(8) on a networked machine
<persia> ScottK, I thought it offered the choice of trying with sensible-browser *OR* exiting so you could use a browser somewhere else.
<ScottK> It may.
<twb> persia: last time I looked it called w3m because that was the only browser installed
<persia> twb, Yes you can: you just transport the .crash file to somewhere else, and process it htere.
<twb> persia: and it did so AFTER trying to HTTP POST a binary blob of info
<twb> persia: what .crash?
<twb> persia: usually I'm running apport-bug by hand to report something like "frobozzd ignores --disable-ipv6 argument"
<persia> The one in /var/crash that apport assembled (the aforementioned binary blob that needs be POSTed)
<twb> persia: oh
<twb> persia: see, I had no idea there was a /var/crash, though I read the apport manpages
<persia> (you can use apport-retrace and related tools to unpack the blob if you're curious)
<persia> Documentation bug: please run "ubuntu-bug apport" to report it.
<twb> :-)
<twb> IIRC the other problem I ran into (this was some time ago) was that the networked machine wasn't ubuntu, and I couldn't easily work out how to submit the blob with a "dumb" MTA or browser or so
<twb> I guess the bottom line is that I liked reportbug, and I didn't see any need to throw it away
<ScottK> The only problem is it doesn't report bugs to our bug tracker.
<ScottK> When it used to 'work' it just sent mail to the ubuntu-users ML and depended on someone to report the bug by hand.
<ScottK> That value of working is just useless.
<MTecknology> facebook needs to die.... :(     I can't understand why people think it's a decent chat platform
<SpaceBass> MTecknology, preach it!
<MTecknology> SpaceBass: I'm trying to just ever so simply make bitlbee connect to facebook so I don't need to log into that ugly thing
<MTecknology> !away > JasonnAWAY
<ubottu> JasonnAWAY, please see my private message
<littlebearz> MTecknology: lol, if my friends wanted to talk to me, they usually just go to my website and it have a chat thingy
<twb> ScottK: yeah, I realize that
<twb> ScottK: but that's because you first replaced debbugs with LP :P
<ScottK> Actually it was bugzilla first.
<lifeless> twb: Ubuntu never used debbugs
<zedd> Hello!
<zedd> Is anyone here?
<twb> no
<twb> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<flowbee> when apache is installed; does it auto start @ boot?
<jmarsden> flowbee: (1) Try it and see. (2) Yes.  The huge majority of daemons are packaged so that if you install them, they will be run by default.
<flowbee> probably a dumb question; but is mysql-server running locally on my web server needed if i'm connecting to a remote mysql server
<littlebearz> flowbee: depends on you, but i usually keep it running as I sync data so incase the remote get corrupted, local can take over
<jmarsden> flowbee: It's not needed, but having it around might be smart.
<flowbee> i see
<flowbee> is there a way to keep it installed but disable it from startup
<flowbee> so it doesnt autostart?
<littlebearz> in /etc/init.d
<flowbee> well i realize the init script is there; just dont know how to disable it on startup
<twb> update-rc.d foo --disable
<flowbee> thank you
<twb> make that update-rc.d foo disable
<flowbee>  System start/stop links for /etc/init.d/mysql do not exist.
<twb> not my problem
<flowbee> haha ;)
<julian_c> MySQL is now an Upstart job.
<julian_c> !upstart
<ubottu> Upstart is meant to replace the old Sys V Init system with an event-driven init model.  For more information please see: http://upstart.ubuntu.com/
<flowbee> ok how do i have upstart not start up mysql on startup
<flowbee> this looks good: http://anonir.wordpress.com/2010/08/09/ubuntu-lucid-disable-services-from-starting-during-boot/
<flowbee> so much to learn ; every day :)
<julian_c> Upstart only makes things easier and more flexible to manage.
<julian_c> Not every service has been converted to use Upstart...
<flowbee> so it seems even after doing: udpate-rc.d /etc/init.d/apache2 enable;  that apache2 is not starting up when i boot up ubuntu 10.04 lts server.  and yes if i do it manually: "sudo /etc/init.d/apache2 start" it works great
<twb> julian_c: ahahaha
<twb> julian_c: if by "flexible" you mean bugger-all debugging, zero determinism and cyclic dependencies
<julian_c> Didn't say it was perfect yet (esp. Lucid).
<flowbee> hi folks i think i've royally messed up apache2 on startup up...
<flowbee> i found out i need to pass defaults instead of enable
<flowbee> sudo update-rc.d apache2 defaults  ===> System start/stop links for /etc/init.d/apache2 already exist.
<flowbee> how do i fix my evilness
<twb> The vast majority of problems I've had with Ubuntu has been NM and upstart
<twb> flowbee: pastebin "find /etc/rc?.d/ -ls"
<flowbee> twb, https://gist.github.com/994712
<klzk> Hello all, I want to let my machines connect to ipv6 using a tunnel that i created on my ubuntu-server. I followed some guides but im stuck now. My machines in my network do get IP's from radvd but they can't ping outside addresses. Anything I should look at?
<uvirtbot> New bug: #788998 in samba (main) "winbind hang after 10 hours, Kerberos and DNS related" [Undecided,New] https://launchpad.net/bugs/788998
<ghostcube> hi folks, ubuntu server 10.04 lts keeps telling edac mc0 errors anything more known about this prob?
<drunkyduck> Hey there guys
<drunkyduck> I am newb when it comes to this. I have an VPS and my site on it. I was wondering if someone can tell me how can I run 2 sites from my VPS (Ubuntu 10.04) ? Can someone tell me this, please? Thanks!
<twister004> hi guys... i have ubuntu 10.04 LTS installed on my aces aspire netbook.... After installing pdfedit, the touchpad is behaving erratically.... when I move the cursor, it drags showing a trailing line.... do you guys think that installing synaptics touchpad drivers will help?... please advise
<reisi> twister004: sounds more like that you have "stuck" button, or the button raise event was lost, unless if you already tried pressing the left button?
<twister004> reisi... there's no issues with the button... it's something at the application level
<twister004> scrolling on the touchpad has stopped.... the touchpad functions... but the cursor movement leaves a trail
<soren> twister004: This channel is about Ubuntu Server. You might have better luck in #ubuntu.
<drunkyduck> I asked a question about Ubuntu VPS server, but it seams everyone is too lazy to help a noob like me :)
<SpamapS> drunkyduck: yes, all of the unpaid volunteers are too lazy to help you.
<pmatulis> heh
<SpamapS> drunkyduck: you can create a new apache config in /etc/apache2/sites-available (check out the default site for inspiration)
<SpamapS> drunkyduck: then when its ready, man a2ensite
<SpamapS> drunkyduck: you'll also want to look up information on apache virtual hosting
<SpamapS> drunkyduck: (lucky for you I am a paid employee and an insomniac, so I can help you. :)
<drunkyduck> lol :)
<drunkyduck> Thanks SpamapS, I already researched before I came here. I wasn't researching only today but last few weeks. This channel was my last chance to find help.
<drunkyduck> I have a step-by-step guide which I use everytime I install my site on unmanaged VPS and it works. But I cannnot afford it to have 3 sites on 3 separated VPS just because I don't know how to set all 3 on one VPS :)
<drunkyduck> thats I'm trying to learn that.
<aljosa> i've heard that on ubuntu 11.04 some folders are moved and that PIL (python imaging library) can't find jpeg/zlib when compiled. any ideas what changed?
<SpamapS> aljosa: multiarch
<drunkyduck> Thanks again SpamapS, I will try to look for that sites-available and see if I can figureout something !
<SpamapS> aljosa: means PIL is not looking in the right places for the libraries most likely.
<SpamapS> drunkyduck: /usr/share/doc/apache2.2-common/README.Debian.gz should help
<pookey> hi all - I want to remove all desktop components and end up with something like ubuntu server - trying to remove ubuntu-desktop gnome* xserver* still leaves a lof of things, such as compiz and it's attemping to install a lot of libqt things
<pookey> what is the best way to remove all the desktop parts?
<drunkyduck> does that apply for Ubuntu? I know that Ubuntu is buited on debian.
<SpamapS> drunkyduck: yes
<drunkyduck> thanks. I will download that file and see whats inside it.
<SpamapS> it should be README.Package but c'est la vie, when Debian was created, derivitives weren't really considered.
<SpamapS> its just a text file
<SpamapS> less /path/to/it
<drunkyduck> I tried to open it with 'nano' but its empty
<drunkyduck> so I figureout it must be some archive
<SpamapS> its .gz, zless /path/to/it
<uvirtbot> New bug: #789097 in samba (main) "tdb2.so undefined symbol: dyn_get_STATEDIR (source code typo)" [Undecided,New] https://launchpad.net/bugs/789097
<drunkyduck> ah, its open. THANKS SpamapS. I guess zless is something that reads *.gz type of files?
<SpamapS> drunkyduck: .gz is just compressed with gzip ... zless runs less and gzip in a smart way to uncompress the file
<SpamapS> drunkyduck: less is a text file viewer
<drunkyduck> I understand. thanks!
<ivoks> feature idea: do-release-upgrade should poke a hole in iptables for port it opens during upgrade :)
<nerdshell> I'm a real Noby, does ubuntu server have a GUI?
<_ruben> no
<nerdshell> okay, thanks a lot.
<nerdshell> actually, what is different about ubuntu server, I mean, in comparison with ubuntu desktop ?
<_ruben> different kernel, lack of gui, etc
<ascheel> different set of installed apps, no GUI, slightly different kernel designed around a server environment vs desktop
<patdk-wk> ubuntu desktop has a gui :)
<nerdshell> I'm planing to have my own, ftp server, is Ubuntu server suitable ?
<_ruben> sure
<nerdshell> ok, what about documentation, as good as ubuntu desktop ?
<_ruben> guess so, there's the server guide which should be a decent starting point
<nerdshell> okay, what's different between having an ubuntu desktop server, or fedora, or Arch, or whatever, there's something special with ubuntu ?
<pmatulis> the community is special, thank you, thank you
<nerdshell> pmatulis: yes, that's true, at least with ubuntu desktop, guess it's the same with server
<_ruben> "ubuntu desktop server" .. sounds a bit like a contradiction
<pmatulis> nerdshell: ubuntu has the LTS release which is typically geared towards servers
<pmatulis> !LTS | nerdshell
<ubottu> nerdshell: LTS means Long Term Support. LTS versions of Ubuntu will be supported for 3 years on the desktop, and 5 years on the server. The current LTS version of Ubuntu is !Lucid (Lucid Lynx 10.04)
<pmatulis> nerdshell: ubuntu server standard install is lean (garbage not installed) and does not have ports open
<nerdshell> Hayeg
<pmatulis> what?
<uvirtbot> New bug: #766352 in nova (universe) "novarc in nova.zip does not work perfectly as .eucarc" [Undecided,New] https://launchpad.net/bugs/766352
<Doonz> any screen experts here?
<pmatulis> sigh, just ask your question
<Doonz> ok when my server start up i have a process that is started in sscreen and then that screen session detaches. sometimes that process crashes. how do i redirect a script to restart that process in the original window
<pmatulis> Doonz: you can try starting the original session with a tag (-S) and then having a cron job check every few minutes for that session and re-attach?
 * RoAkSoAx recommends byobu
<RoAkSoAx> :P
<Pici> Doonz: Or write some sort of wrapper around the program that crashes that just re-runs it after it ends.
<Doonz>  screen -d -m -S <-- thats whats in the script
<Doonz> sorry im not a programmer
<Doonz> so thats what that cord is for
<Doonz> lol
<Doonz> i think ive found what i need
<Doonz> i beleive its the -X switch
<Doonz> X   Send the specified command to a running screen  session.
<bif001> I have a procmail problem. I want to copy mail from *@place.co.uk
<bif001> to me@myaddress.com. The following stanza in .procmailrc copies *all* mail
<bif001> :0:
<zul> autofs5 should die a firey death
<Lcawte> Hi, my vhost in apache isn't working... my config - http://paste.ubuntu.com/613787/
<shauno> Lcawte: what's not working? looks fine from here (but pointing to an empty directory)
<Lcawte> shauno: the point is, that directory has stuff in
<shauno> that would appear to be a problem then :)
<shauno> have you restarted apache since you pointed it there?
<Lcawte> shauno: multiple times including a full reboot (been like that for a week)
<Lcawte> shauno: and the files are owned by www-data
<shauno> ah; try DocumentRoot rather than ServerRoot
<Lcawte> hmm, strange, always used documentroot :|
<shauno> me too.  but you didn't in that paste
<Lcawte> I meant I always use ServerRoot, but DocumentRoot fixed it ;D
<Doonz> hey guys im trying to script something so that it will restart a process in an already established screen session. screen -X -m -S sessionid program   <-- is that correct?
<maswan> Hm. Has anyone heard rumours from IBM about supporting lin_tape on ubuntu servers? or are our choices still rhel or aix (or solaris/sles/asianux, but I'm not counting those)
<Lcawte> shauno: any knowledge of enabling mods? I moved the mod_rewrite.load or .conf into the enabled dir, but the rewrite doesn't seem to be working (its in a .htaccess)
<Lcawte> shauno: (and yeah, I've restarted)
<shauno> Lcawte: I believe that's the AllowOverride option.  I believe the default is None for any path that hasn't been explicitely stated
<Lcawte> * Restarting web server apache2                                                apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
<Lcawte>  ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
<shauno> google would do better than me, because I don't know off-hand what options there are between 'none' and 'all'.  but I understand .htaccess is completely ignored if it's set to none
<Lcawte> Fixed it :)
<Lcawte> shauno: any idea about that server name error?
<zul> smoser: ping
<smoser> zul, here
<zul> smoser: so when running cloud-init without ec2 how does that work?
<smoser> you need to populate /var/lib/cloud/data/seed
<smoser> http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/files/head:/doc/examples/seed/
<shauno> Lcawte: it's not really a problem, it's just being pedantic.  it usually means /etc/hostname just has 'name' rather than 'name.domain.com'.  if 'host --fqdn' doesn't give you a fully qualified name, apache won't find it either
<shauno> it doesn't actually prevent anything working tho; especially if you're using named vhosts for everything
<RoAkSoAx> zul: cobbler pathces 41_,42_,43_ are upstremable, however, I think we should not yet forward them cause we might have to improve some stuff there
<RoAkSoAx> argh s/not yet forward them/not forward them yet
<Daviey> RoAkSoAx: Who is working on that?
<RoAkSoAx> Daviey: I wrote those patches, I'll take care of them
<Daviey> RoAkSoAx: cool.
<zul> RoAkSoAx: ok...we can still update the upstream git tree when you are happy with them
<RoAkSoAx> zul: oh yeah we can just carry them over , and I'm pretty sure they will apply cleanly
<RoAkSoAx> I'll take a look at thme next week
<zul> oh they already have
<Daviey> zul: were you planning on a new cobbler merge soon?
<zul> yeah
<zul> i would like to get into rhythm again that fridays is a new upload for cobbler/nova/glance/swift
<Daviey> groovy
<Daviey> Friday is POETS day.
<zul> i like to call it captain insaneo day
<hggdh> jamespage: do I have local login to the jenkins server?
<Daviey> hggdh, jamespage is /away
<hggdh> oh
<RoAkSoAx> kirkland: ping
<hggdh> ah well. I will do it the hard way...
<Daviey> hggdh, see if you do :)... ssh ubuntu@jenkins.qa.ubuntu-uk.org ?
<hggdh> Daviey: Duh. Indeed I get in. How the hell did I forget 'ubuntu'?
<hggdh> Daviey: thank you sir
<Daviey> heh
<kirkland> RoAkSoAx: pong
<RoAkSoAx> kirkland: hey I'm working on PowerNap second stage action when on PowerSave and wanted to get your opinion on something
<kirkland> RoAkSoAx: cool
<RoAkSoAx> kirkland: should the second stage be always active, or should we allow the user to decide wether thye want it or not?
<kirkland> RoAkSoAx: second stage would suspend/hibernate/poweroff the system?
<RoAkSoAx> kirkland: yes
<RoAkSoAx> in case of X seconds of inactivity when rtunning on powersave
<kirkland> RoAkSoAx: definitely don't enable that by default
<kirkland> RoAkSoAx: let the user opt into turning on 2nd stage
<RoAkSoAx> kirkland: ok, yes, giving it a second though I think it would be best
<Daviey> (RoAkSoAx, would be good if that was a debconf option :)
<RoAkSoAx> Daviey: didn't think it that way
<RoAkSoAx> Daviey: but would be cool indeed
<RoAkSoAx> kirkland: what do you think setting other settings in debconf?, such as absent_seconds and action to take, or should we keep the ease of installation?
<kirkland> RoAkSoAx: strong +1
<kirkland> RoAkSoAx: well, let's say +1
<kirkland> RoAkSoAx: done right, it would be nice
<Daviey> RoAkSoAx: set it to low, then it is still nice and simples to install
<RoAkSoAx> kirkland: that just gave me an idea: Having different profiles/monitors and ask a question like "What monitors would you like to enable?" and options would be: "HTTP ProcessMonitor, SSH ProcessMonitor" with all default ports and stuff
<RoAkSoAx> but maybe that's too much for debconf and we could rather add that to overwrite the default config
<RoAkSoAx> Daviey: cool.. yeah I think would be awesome to do the debconf
<hallyn> zul: do you mind pushing an lxc version to oneiric for me, to fix the arm lxc-create bug?  It just adds the patch from stgraber.  debdiff is at http://people.canonical.com/~serge/lxc_0.7.4-0ubuntu7.2.debdiff
<hallyn> zul: btw, i asked for 0.7.4 (which i packaged) to be ptu into debian.  whenver that happens we can sync and drop a lot of our patches
<hallyn> (then i can try and push lxcguest to debian :)
<hallyn> zul: gotta run now, bbl.  fwiw, with the package built with that debdiff, i coudl lxc-create and lxc-start on arm - up to the point where it failed bc of missing kernel configs.
<zul> hallyn_afk: cool will do it
<Morphje> just a quick question just to be sure. Installing 10.04.2 with a 3ware 9750, but i cannot find any driver on the lsi site
<Morphje> any suggestion on how to proceed ?
<pr3nt1c3> I accidentally ran a chown -R while I was in /var as root
<pr3nt1c3> !paste
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<pr3nt1c3> http://paste.ubuntu.com/613851/
<pr3nt1c3> what needs changing back?
<uvirtbot> New bug: #789229 in multipath-tools (main) "using a blacklist and a blacklist_exception section results in multipathd filtering out paths it shouldn't" [Undecided,New] https://launchpad.net/bugs/789229
<uvirtbot> New bug: #789260 in pptpd (main) "Please merge pptpd 1.3.4-3 (main) from debian unstable" [Undecided,In progress] https://launchpad.net/bugs/789260
<smoser> zul, you mind if i merge 'nut' ?
<zul> smoser: be my guest
<uvirtbot> New bug: #789266 in cobbler (universe) "Cobbler: Missing yum-utils & other cobbler related utils" [Undecided,New] https://launchpad.net/bugs/789266
<nimrod10> Is there a way to kill a process that has   DL in the ps status ?
<Morphje> arghhhh just spend an hour and a half figuring out which 3ware driver to download and which ubuntu iso
<Morphje> appearently LSI thinks that 10.04.2 has a 32-24 kernel instead of the 38-8 that it has
<RoAkSoAx> kirkland: what do you think... before taking ACTION in STAGE2, should we set the hardware back to original (pm-powersave false), or should we do that later, right after the machine wakes up from the second stage (such as waking up from a suspension/hibernation)
<kirkland> RoAkSoAx: doing an interview atm, ping you after
<RoAkSoAx> kirkland: ok, enjoy ;)
<uvirtbot> New bug: #789323 in nut (main) "Please merge nut 2.6.0-2 (main) from debian unstable" [Wishlist,In progress] https://launchpad.net/bugs/789323
<hggdh> jamespage: if you happen to pass by... Jenkins seems dead on the water. Cannot even SSH into the server
<ahasenack> smoser: around?
<smoser> here
<ahasenack> smoser: I noticed natty has a new hypervisor in the query interface on uec-images: hvm
<ahasenack> I don't know since when, but I just noticed it today
<ahasenack> smoser: anything in particular about using it? Or just selecting the AMI is enough?
<smoser> those are cluster compute types
<ahasenack> ah, for that Ã¼ber machine?
<smoser> they can only be run with instance types cc.X
<ahasenack> ah, cool, ok, got it
<ahasenack> smoser: thanks
<uvirtbot> New bug: #789347 in nagios-plugins (main) "Please merge nagios-plugins 1.4.15-4 (main) from debian unstable" [Wishlist,In progress] https://launchpad.net/bugs/789347
#ubuntu-server 2011-05-28
<digitalstimulus> does anyone know how to setup a networked update server for apt in ubuntu 10.04?  would it be setup as an apt repository?
<qman__> digitalstimulus, you can set up an apt repository, but I prefer a squid apt proxy
<qman__> less maintenance, less disk space
<qman__> easier to set up clients
<qman__> no client setup if you do it transparent
<Delerium_> Hi Guys, I'm looking to install an IRC server for a new project, there is alot of them out there, anyone would have a suggestion of which one to use?
<dougb> i'm having an issue assinging a subdomain in apache2 on ubuntu, i set up a subdomain called showtogo in /etc/apache2/sites-available/ and ran 'a2ensite showtogo' and set up the A record for showtogo, but going to the subdomain showtogo just goes to the main site pointed at the www subdomain
<dougb> is there a way to troubleshoot this using a utility on ubuntu? i have another subdomain and i pretty much copied the same sites-available file and changed it appropriately, but it doesn't seem to be working
<dougb> i'm on linode if that makes any difference
<SpamapS> dougb: the <VirtualHost> tag that a request gets assigned to is determined by the ServerName field.
<SpamapS> dougb: so did you actually add a <VirtualHost> section with a ServerName of 'showtogo.whatever.domain.com' ?
<dougb> i did
<dougb> let me put it in a pastebin
<jmarsden> dougb:   sudo apache2ctl -S    should get you a summary of currently configurede vhosts on your server... might be quicker? :)
<dougb> thanks jmarsden and SpamapS , i got it working
<dougb> idk how i got it working, but it's working now :)
<uvirtbot> New bug: #789484 in clamav (main) "package clamav-base 0.97 dfsg-2ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Undecided,New] https://launchpad.net/bugs/789484
<uvirtbot> New bug: #789520 in mysql-5.1 (main) "package mysql-server-5.1 (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/789520
<sw0rdfish> hey hey hey
<sw0rdfish> just bought a vps with ubuntu 10.04 LTS
<sw0rdfish> is it possible that nano doesn't exist in it?
<sw0rdfish> i tried installing it and package cannot be found
<RoyK> it certainly should be there
<RoyK> perhaps they're using stripped in-house repositories?
<RoyK> check /etc/apt/sources.list
<sw0rdfish> with what?
<sw0rdfish> with vi
<sw0rdfish> damn i hate it but i guess i have no choice
<sw0rdfish> vipw is a good command man
<sw0rdfish> i can create a user right there! right?
<sw0rdfish> i'm connected through ssh
<sw0rdfish> it should be there right
<RoyK> you'll need to use vi to change it, yes
<RoyK> but you can view it with cat or less or more
<RoyK> or just wget the nano package and install it with dpkg -i
<RoyK> http://packages.ubuntu.com/lucid/nano
 * RoyK is a vim addict, but can easily understand that some people might want to use nano
<sw0rdfish> RoyK, i see
<sw0rdfish> vi is vim?
<sw0rdfish> man its complicated for us beginners :)
<sw0rdfish> well it turns out i needed the argument
<sw0rdfish> -y
<sw0rdfish> with apt-get install (-y)
<sw0rdfish> now adding a user
<RoyK> sw0rdfish: vim is "vi improved"
<RoyK> sw0rdfish: run vimtutor :)
<RoyK> sw0rdfish: thinkgeek.com even has a coffee cup with vim cheat sheet :)
<RoyK> http://www.thinkgeek.com/homeoffice/mugs/7bbe/
<RoyK> "real sysadmins don't use nano"
<sw0rdfish> oh!
 * RoyK er en EKTE sysadmin :D
<Refael> hola, am attempting to prove WAN ports open with "Loopback" if anybody can assist por favor
<Refael> the system uses a DSL modem & ufw & the modem & Firewall have already proven configured
<sw0rdfish> i'm reading the user management chapter in a linux book to handle my 10.04 LTS vps :)
<Refael> is there a Ubuntu 11.04 Server users manual?
<Refael> or a Networking manual?
<RoyK> !guide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<RoyK> change the url to 11.04 to get the one for your version
<RoyK> that doesn't contain everything about linux, though, and I doubt such a document exist
<RoyK> Refael: what sort of wan connection?
<Refael> what do you mean exactly RoyK?
<RoyK> sw0rdfish: where did you get this VPS?
<RoyK> Refael: is it a DSL connection?
<Refael> si senor
<RoyK> pppoe? pppoa? bridged?
<Refael> ppoe
<RoyK> so, have you setup pppd to handle it, or does the modem have a router to do this?
<Refael> pppd?
<Refael> not certain
<RoyK> can you connect to the net from the server?
<RoyK> if so, never mind :)
<Refael> it is a "Loopback" problem within the local network. the exterior IPAddress reflects the WAN is closed
<qman__> loopback is alocal address and is pretty irrelevant to getting on the internet
<qman__> maybe you want routeback?
<RoyK> !routeback
<Refael> it is called "Loopback" according to OpenSim Grid developers
<Refael> it pertains hosting a Server, not simply surfing the net
 * RoyK has no idea what that might be
<Refael> and it actually pertains connecting a local Server Instance to a Robust Server Instance
<qman__> routeback is when you need to route traffic in from one interface, back out that same interface
<qman__> it's usually used as a workaround for letting applications set for external use work internally
<Refael> go to page http://www.osgrid.org/index.php/regionconnect & you shall see your personal exterior IPAddress
<Refael> it is perhaps "Routeback" then
<Refael> though they reference it to be called "Loopback"
<qman__> for example, I have it set up so that when I ssh my external IP from inside my LAN, it gets routed back to my ssh server, instead of simply ignored
<Refael> not exactly certain what you signify. that is kinda vague
<Refael> can you describe what that is outside a private example?
<qman__> ok
<RoyK> Refael: what's your IP address?
<qman__> so, you have a LAN with hosts, some servers and some clients
<Refael> 192.168.0.25
<qman__> and then you have a router to the internet, which forwards ports to those servers
<uvirtbot> New bug: #789543 in samba (main) "package smbclient 2:3.5.8~dfsg-1ubuntu2.1 failed to install/upgrade: corrupted filesystem tarfile - corrupted package archive" [Undecided,New] https://launchpad.net/bugs/789543
<Slyboots> Im curious, is there a way to install software in the install enviroemnt on ubuntu
<RoyK> Refael: heh - you're behind a NATing router, then
<Refael> it is actually a modem, though ok
<Slyboots> im setting up a SSD, heard that its best to use GPT because of partition alignment
<qman__> and on the client from inside that same LAN, you want to connect to your website hosted on one of those servers
<qman__> but you don't want to have to go to 192.168.x.x every time, you just want to go to mysite.com
<RoyK> Refael: what's the IP reported on the server?
<RoyK> by ifconfig
<qman__> so you set up rules on the router which re-route the traffic from clients on the LAN back to servers on the LAN
<Refael> http://www.osgrid.org/index.php/regionconnect?
<RoyK> Refael: just run 'ifconfig' on the server
<RoyK> your own server
<Refael> 76.242.191.0
<Refael> ?
<RoyK> .0?
<Refael> is what needs to report WAN
<RoyK> what netmask?
<RoyK> but then - I guess your server is doing the NAT magick - iptables or just ufw? btw, does ufw have nat these days?
<qman__> I think it does
<Refael> does it?
<RoyK> it doesn't on 10.04, that's for sure
<Refael> perhaps the ufw needs to be configured
<qman__> I have the routeback rule I use in iptables, but I don't know if/how you could do it in ufw
<RoyK> you have to hack that into iptables rules
<RoyK> Refael: it's simple port forwarding in iptables
<Refael> how is that configured?
<qman__> $CMD -A FORWARD -o eth1 -d $IP -j ACCEPT
<qman__> $CMD -A FORWARD -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
<qman__> where $CMD is /sbin/iptables, $IP is your external IP, and eth1 is your LAN interface
<RoyK> iirc something like iptables -t nat -I POSTROUTING -d 1.2.3.4 --dport 22 --to 192.168.x.x:22
<RoyK> qman__: yeah, that's basic NAT setup
<RoyK> erm - no - it's not :P
<Refael> can you explain that with more clarity por favor?
<qman__> yeah
<qman__> it's a hack
<qman__> but it gets the job done
<RoyK> qman__: it doesn't do any NATing
<qman__> nope, just routes
<qman__> because it already knows how to route from the external IP
<RoyK> you'll need something like -j MASQUERADE for that
<qman__> it just needs to know to do it form inside
<RoyK> no... you'll need masquerading or some NAT rules
<qman__> well, I have a standard masquerading setup already
<RoyK> as in http://billauer.co.il/ipmasq-html.html
<qman__> that's just the part that enables routeback
<RoyK> ok
<RoyK> what exactly are you trying to achive with this "routeback"?
<RoyK> just allowing external machines to connect to your pc?
<qman__> when I ssh qman.strangled.net from inside my LAN, it works
<Refael> am attempting to connect a local to external
<Slyboots> So.. anyone know how I can install something like PArted in the install enviroment?
<qman__> just as it does from the rest of the internet
<Refael> local server instance to external server instance
<qman__> Slyboots, choose to drop to a shell, apt-get install parted
<Refael> though the external server instance relates what the internal server instance displays & stores
<RoyK> Refael: so long the connection is initiated from the inside, it shouldn't be a problem
<Slyboots> qman__, Aye I tried that but it doesnt see apt-get as a valid command
<Refael> it needs to be "Routeback"
<RoyK> then wtf is routeback?
<Refael> when doing a nmap to the external address, it returns "closed"
<RoyK> is it simply port forwarding?
<Refael> no
<qman__> no, it works with port forwarding
<qman__> but I'm not sure that's what he needs
<Refael> it is "looping" local to external to local to external
<Refael> it is
<qman__> masquerading router with port forwards, from the internet you can access the server from one address
<Refael> the OpenSim personelle just call it "Loopback"
<RoyK> please elaborate
<qman__> routeback allows accessing that server from inside with the same address
<Refael> join OpenSim
<qman__> something that doesn't normally work
<Refael> :P
<qman__> because the router drops the traffic, because it thinks the LAN should just pick it up
<Refael> ok, a local Server Instance connects to a Exterior Robust Server
<Refael> so RoyK doesn't comprehend the scenario though wishes to dispute the resolve?
<Refael> >.<
<qman__> Slyboots, that's probably a busybox, choose recovery mode to get a full shell
<RoyK> Refael: please, I would really like to help, but you haven't really explained how this is supposed to work
<Slyboots> <, okay
<RoyK> 15:32 < Refael> ok, a local Server Instance connects to a Exterior Robust Server
<Refael> can you research OpenSim a lil RoyK?
<RoyK> Refael: no, I have more interesting things to do, sorry
<Refael> have already explained the scenario
<Refael> what is it you do not quite comprehend par example?
<uvirtbot> New bug: #789548 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/789548
<RoyK> if it is routeback you need, it should work well, if not, there's a workaround with either the local hosts file or split-horizon dns
<Refael> if "Routeback" has not proven configured & nmap results closed port, then why should it work?
<RoyK> if nmap results in a closed port, you probably need port forwarding at the router
<qman__> yeah
<Refael> already established actually
<qman__> the port should be open from the internet whether or not routeback is configured
<Refael> though am testing nmap on exterior address
<RoyK> Refael: pastebin the config - iptables-save is good
<Refael> outgoing address
<Refael> not internal address
<RoyK> Refael: so you nmap the external address from the internal network?
<qman__> routeback is only a hack for internal access to internal resources from the external address
<RoyK> if so, you need routeback
<Refael> yes, need routeback
<Refael> si
<Refael> *smiles*
<qman__> well, the two lines I posted above work on top of a working masquerading, port forwarding firewall
<qman__> not sure ufw is capable of it
<Refael> what is a working masquerading?
<qman__> masquerading is also known as NAT overloading, or just NAT to some
<RoyK> Refael: you probably have one already, since you can use the network like you do now
<qman__> it is what allows you to share one internet IP with multiple devices
<RoyK> Refael: if 76.242.191.0 really is your IP address, then you're not running Linux on that box :P
<sw0rdfish> ok so i want to add user sw0rdfish with admin privileges almost as root, i'd first do: groupadd admin
<RoyK> sw0rdfish: nope, group admin exists already
<RoyK> sw0rdfish: useradd -m sw0rdfish
<RoyK> etc
<Refael> that is what the external shows for
<sw0rdfish> and then go to /etc/group and make it: admin:x:1
<sw0rdfish> right?
<RoyK> then edit /etc/group and add sw0rdfish to that group
<Refael> where else would external be displayed?
<RoyK> Refael: pastebin 'ifconfig -'
<RoyK> Refael: pastebin 'ifconfig -a'
<sw0rdfish> royk?
<qman__> sw0rdfish, or 'useradd sw0rdfish admin'
<qman__> err
<RoyK> sw0rdfish: the group 'admin' exists already - installation created it. you just need to add your user to that group
<qman__> 'adduser sw0rdfish admin'
<Refael> http://pastebin.com/HEN2eSyq
<RoyK> qman__: man adduser
<RoyK> Refael: then you have a NAT router in the modem
<RoyK> http://paste.ubuntu.com/614183/
<sw0rdfish> oh
<sw0rdfish> RoyK, how come adm is set like this: adm:x:4
<sw0rdfish> level 4 is high enough?
<RoyK> 4 is the group id
<sw0rdfish> what if i move it to group sys:x:3
<RoyK> and adm is the wrong group, admin is right
<sw0rdfish> oh right
<sw0rdfish> i checked /etc/nano there is no "admin"
<Slyboots_> 22 hours to build the array.. jesus x.x
<RoyK> sw0rdfish: edit /etc/group and add tou username at the end - the syntax is groupname:x:groupid:user1,user2,...
<RoyK> sw0rdfish: pastebin /etc/sudoers
<qman__> sw0rdfish, grep admin /etc/group
<qman__> mine is 112
<sw0rdfish> you mean pastebinit
<qman__> Slyboots_, that's nothing, my last array took three days to build
<RoyK> sw0rdfish: that works as well
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Slyboots_> qman__, brutal
<Slyboots_> WEll the reshape would take 5 days..
<Slyboots_> So its a speed-boost
<Refael> did everybody get the pastebin post?
<qman__> did you adjust the kernel settings?
<RoyK> Refael: which one?
<Refael> http://pastebin.com/HEN2eSyq
<Refael> ifconfig -a
<RoyK> Refael: yes, and as I told you, you're behind a NAT router
<Refael> yes
<Refael> that is veritable
<qman__> Slyboots_, /proc/sys/dev/raid/speed_limit_min and /proc/sys/dev/raid/speed_limit_max
<RoyK> Refael: so you'll need to configure that to do forwarding for you
<Refael> it already is supposedly
<RoyK> which port?
<qman__> the port is closed, so either the router is not set, or your server isn't listening on the port
<RoyK> my nmap scan only shows port 113/tcp open
<Refael> the forwarding is 9000 to 9010/tcp & /udp
<Refael> then would not even be in IRC
<RoyK> Refael: http://paste.ubuntu.com/614191/
<Slyboots_> qman__, ?
<RoyK> Refael: the IRC connection is initiated from the inside - no need for port forwarding to do that
<sw0rdfish> root ALL=(ALL:admin) ALL
<sw0rdfish> is that right?
<sw0rdfish> in /etc/sudoers
<qman__> Slyboots_, http://www.cyberciti.biz/tips/linux-raid-increase-resync-rebuild-speed.html
<qman__> of course in ubuntu you'll have to do it a little different, echo 200000 | sudo tee /proc/sys/dev/raid/speed_limit_min
<RoyK> sw0rdfish: looks good, but then, grep ^admin /etc/group
<sw0rdfish> ok mate
<Refael> Roy, what does that signify then?
<Refael> already ascertained the port is not open to the public for reasons not certain
<RoyK> Refael: possibly that (a) you need a TCP/IP 101, or (b) the router isn't configured to forward those ports to anything that listens
<Refael> thought that was udp?
<RoyK> how did you configure the router?
<sw0rdfish> heh i just added the group admin and added my user to it and to sudo and edited /etc/sudoers to have this:    root ALL=(ALL:admin:sudo) ALL
<RoyK> does it have a fancy gui?
<Refael> RoyK, yes, it is a guifoo that uses internal address to forward ports, though not external
<RoyK> sw0rdfish: the admin group should have been there in the first place - if not, add it, add your user to it, either in the file, or with 'usermod -G admin username'
<RoyK> Refael: try adding a forward to port 22 to your server - so that we can see if that works
<sw0rdfish> :)
<RoyK> tcp, that is
<Refael> the answer is right there. it does port forwarding to internal address, not the external
<RoyK> sw0rdfish: in sudoers, you will want something like this '%admin ALL=(ALL): ALL'
<Refael> is the reason that routeback is necessary
<RoyK> Refael: if so, that's something you'll have to do on the router, which AFAICT, is running OpenBSD
<Refael> ?
<Refael> there really is no router
<RoyK> Refael: do you know anything about RFC1918 IPs?
<RoyK> http://en.wikipedia.org/wiki/Private_network
<Refael> the modem suggests, "Turn NAT *off *on" & Port Forward "ports = ... to internal address"
<Refael> RoyK, not yet
<Refael> am willing to learn
<RoyK> Refael: read up about that
<RoyK> !rfc1918
<RoyK> read the wikipeda article above
<Refael> the wiki article references such?
<RoyK> Refael: or google for an introduction in IP addressing - with an address of 192.168.x.x, you will _never_ be able to reach the internet unless some router is doing NAT for you
<RoyK> beleive me on that
<Refael> RoyK, you are suggesting that the issue results from routing the internal IPAddress to .0.25 au lieu the .0.1 for the router?
<Refael> thought the result would be a IPAddress "Squatting" effect
<Refael> there is a Router doing NAT
<RoyK> Refael: it's just a NAT router doing its job
<RoyK> Refael: you'll need to configure that
<RoyK> Refael: and the NAT router is _not_ your linux machine
<Refael> can you explain por favor?
<RoyK> sw0rdfish: did you figure it out?
<RoyK> Refael: I already did, several times
<RoyK> Refael: use google - learn a bit about how IP routing works and what private IP addresses are and how they are used
<Refael> It is common for packets originating in private address spaces to be misrouted onto the Internet. Private networks often do not properly configure DNS services for addresses used internally and attempt reverse DNS lookups for these addresses, causing extra traffic to the Internet root nameservers.
<RoyK> Refael: so?
<Refael> is that the problem wherein the situation might be resolved to reconfigure the DHCP to multiple addresses?
<Refael> actually thought it would help to limit it to .0.25
<RoyK> Refael: You have a NATing router in front of your server/pc. Also, keep in mind that you have a NATing router in front of your server/pc. Don't forget the NATing router, it's an OpenBSD thing. And no, you can't reach the internet from a private address, however hard you try
<Refael> so used .0.25 for the address, then .0.1 for the Gateway
 * RoyK gives up
<Refael> am using the internet ahora
<RoyK> and that's a shame
<Refael> por que?
<RoyK> sorry, kid, but I can't do an entire IP 101 on IRC - google for it - learn how addressing works - then - when you're done - read it again
<Refael> soy hombre verdadero
<Refael> what is RFC 1483?
<Refael> could it potentially resolve the situation?
<RoyK> "Multiprotocol Encapsulation over ATM Adaptation Layer 5" - if that can help you get through an unknown NAT gateway, then go ahead :)
<RoyK> sw0rdfish: wb
<sw0rdfish> thanks buddy
<RoyK> sw0rdfish: where did you get this VPS?
<sw0rdfish> btw i'm not sure but i think i got hacked a few minutes ago
<sw0rdfish> my laptop shut off by itself and didn't wanna start again, i removed ethernet cable and power and externall hdd cables and then it accepted to power up haha
<sw0rdfish> RoyK, uhhh
<sw0rdfish> xchat2 :P
<RoyK> :)
<sw0rdfish> is my client version
<RoyK> you have to do something rather stupid to get a modern linux distro hacked
<RoyK> sw0rdfish: download a fresh copy of chkrootkit from http://www.chkrootkit.org/ and compile and run it - it should find irregularities...
<RoyK> if they exist, that is
<sw0rdfish> :)
<sw0rdfish> yes sir,
<sw0rdfish> books like Beginning Linux Command Line
<sw0rdfish> are good to get me started right?
<sw0rdfish> to change passwd of a user i just go like passwd sw0rdfish?
<sw0rdfish> while i'm logged in as root that is
<RoyK> passwd sw0rdfish
<sw0rdfish> then it sais
<sw0rdfish> Enter new UNIX password
<RoyK> yes
<sw0rdfish> thats for sw0rdfish ?
<sw0rdfish> :)
<RoyK> yes
<sw0rdfish> thanks
<RoyK> it won't echo any characters while you type
<RoyK> sw0rdfish: the one-liner for downloading and running chkrootkit is
<RoyK> wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz ; tar xzf chkrootkit.tar.gz ; cd chkrootkit-0.49/ ; mkae ; sudo ./chkrootkit -q
<RoyK> wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz ; tar xzf chkrootkit.tar.gz ; cd chkrootkit-0.49/ ; make ; sudo ./chkrootkit -q
<RoyK> even
<tohava> Question, does CUDA run on the new Amazon EC2 Ubuntu HVM image?
<RoyK> tohava: I don't see why not - but I guess the best would be to ask Amazon
<RoyK> HVMs suck, btw, i/o speeds are very low
<tohava> RoyK, mmm... any recommended IRC channel where I can ask them? Or should I just use the forum?
<RoyK> dunno - I don't use Amazon, nor do I use Xen much anymore
<RoyK> someone at ##xen might know
<Patrickdk> heh? just select one of the gpu instance types
<tohava> Patrickdk, we're already using the one with amazon linux
<tohava> we are trying to find out if ubuntu works too or not
<tohava> naturally, we will be running on GPU instance
<Patrickdk> should be no difference
<Patrickdk> besides attempting to get the version of cuda you want, installed
<tohava> Patrickdk, that is it, the amazon linux comes with CUDA driver installed.
<RoyK> Patrickdk: it may be a difference - redhat etc runs as PVMs, whereas ubuntu runs as a HWM
<tohava> I hope there won't be any problems with Xen when trying to install CUDA driver manually on ubuntu image
<Patrickdk> I dunno that you can do gpu with pvm
<Patrickdk> last I looked at it, wasn't possible
<RoyK> why not?
<Patrickdk> cause pvm doesn't emulate a full machine
<Patrickdk> where with hwm you do pci passthough for the gpu
<RoyK> you can easily do pci passthrough with PVMs
<Patrickdk> hmm? I thought xen didn't support at, atleast in 3.0
<RoyK> sorry - I may be wrong - I don't know Xen that well
<Patrickdk> it's been awhile since I used xen, since I've been converting away from it
<RoyK> anyway - I/O with a Xen HWM, tested with Ubuntu, certainly sucks rather badly
<Patrickdk> but I thought it was hwm only for passthough, maybe changed these days, but dunno how *updated xen* ec2 uses, doubt it's horribly new
<RoyK> IMHO the HVM/PVM model is rather outdated
<sw0rdfish> is should show like sw0rdfish@ip_address when i login to it right
<sw0rdfish> frickin weird, what's the big deal with everyone saying
<sw0rdfish> i shouldn't use it as root
<Refael> Hola, can a "Loopback" or "Routeback" be configured locally per the Network Connections utility?
<Refael> Am looking & referencing the ubuntu forum thread @ http://ubuntuforums.org/showthread.php?t=1429032
<RoyK> Refael: did you read up about IP yet? how it works?
<Refael> to a degree, yes
<RoyK> go on
<RoyK> you won't get anywhere without a router that can be configured
<Refael> have not recieved a certificate for merit yet. Do you hand such out RoyK?
<sw0rdfish> oh man
<sw0rdfish> sw0rdfish, is using sh
<sw0rdfish> i should've made it bash
<sw0rdfish> right?
<RoyK> chsh -s
<sw0rdfish> got no idea how to
<RoyK> or vi /etc/passwd
<RoyK> chsh -s /bin/bash sw0rdfish
<Refael> and am considering that the solution could be managed via the Network Connections utility, because the router is configured correctly
<Refael> it is the way the Router recieved the Static IPAddress manually configured for it
<RoyK> Refael: did you get into this OpenBSD router of yours to configure it?
<Refael> si amigo
<sw0rdfish> heh
<sw0rdfish> what was last thing i said?
<RoyK> this routeback must be configured in that router
<RoyK> not on linux
<Refael> RoyK, did you reference the forum page posted?
<RoyK> in the router
<Refael> no
<Refael> look in the forum posting
<Refael> it is configured locally within Linux
<Refael> posteri or Priori the Router
<Refael> *smiles*
<RoyK> that doesn't match the ifconfig output you posted
<sw0rdfish> royk sw0rdfish was set to be under sh shell, is that the reason when i login to it via ssh, i don't see sw0rdfish@ip_address like i did
<sw0rdfish> with root
<RoyK> sw0rdfish: type 'last -10'
<RoyK> and you should see logins with hostnames
<Refael> # The loopback network interface
<Refael> auto lo eth0 eth1
<Refael> iface lo inet loopback
<Refael> references a configuration with the Network Connections Utility
<RoyK> well, the pastebin output only showed eth0
<sw0rdfish> RoyK, well, for sw0rdfish its: sw0rdfish pts/0                    Sat May 28....
<Refael> it is because it was a ifconfig -a
<RoyK> sw0rdfish: logging in locally on the console?
<sw0rdfish> for root its: root pts/0     226.3.....    Sat May 28......
<RoyK> Refael: ifconfig -a shows all interfaces, configured or not
<sw0rdfish> well basically doing ssh sw0rdfish@ip_address
<sw0rdfish> -p 22
<sw0rdfish> but then again 22 is default but yeah
<RoyK> sw0rdfish: a typical line in last is like this
<RoyK> roy      pts/0        140.109-247-20.c Sat May 28 13:29   still logged in
<RoyK> pts/0 is just the terminal, the hostname follows
<sw0rdfish> i should change the shell from sh to bash
<sw0rdfish> right?
<RoyK> if you want to
<RoyK> chsh -s /bin/bash sw0rdfish
<sw0rdfish> yeah for sw0rdfish there is no hostname
<Refael> http://pastebin.com/HEN2eSyq
<Refael> is the pastebin, & it displays lo as well
<RoyK> there is no eth1 there
<RoyK> Refael: do you really have two network cards in this machine?
<Refael> what you are suggesting is you don't ascertain how to configure Network Connections to reflect a loopback, nor comprehend what a loopback is, since you suggest it is called a "Routeback"
<Refael> & Ubuntu admin call it a "Loopback"
<RoyK> Refael: it's a loopback device, distinctively different from the routeback we were talking about earlier
 * RoyK sends Refael back to school
<Refael> well, the actual necessity is for a "Loopback" maneuver
<sw0rdfish> RoAkSoAx, thanks a ton buddy
<sw0rdfish> all is well :)
<sw0rdfish> wohoo!
<sw0rdfish> it was my own stupidity messing around :P
<RoyK> sw0rdfish: did you mean RoyK ? ;)
<sw0rdfish> i actually logged in to sw0rdfish from
<qman__> sw0rdfish, /bin/sh is dash, so you probably want bash anyway
<sw0rdfish> root
<sw0rdfish> and yes i mean RoyK
<sw0rdfish> xchat getting me in trouble again!
<sw0rdfish> lol
<sw0rdfish> well it didn't say anything, so how do i check if it changed to bash
<RoyK> finger username
<RoyK> or just 'grep ^username /etc/passwd'
<sw0rdfish> cool
<sw0rdfish> yep it has been changed, sir
<RoyK> wtf - trying to install snmpd on 11.04
<RoyK>  snmpd : Depends: libsnmp15 (>= 5.4.2.1~dfsg) but it is not going to be installed
<druciferre> I am hoping someone can help me figure out why this is flooding my auth log:    CRON[17368]: pam_unix(cron:session): session closed for user root \n CRON[17782]: pam_unix(cron:account): could not identify user (from getpwnam(guest))
<uvirtbot> New bug: #789613 in amavisd-new (main) "package amavisd-new-postfix 1:2.6.5-0ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/789613
<qronus> hello, i have a vps server with ubuntu 9.4 and i do not know how to upgrade; in #ubuntu they pointed me to https://help.ubuntu.com/community/EOLUpgrades but it does not seem to work (because of unmet dependencies)
<qronus> any idea?
<sw0rdfish> how do i check the users currently logged in and online
<rewt> sw0rdfish: sudo w
<awanti> Hi, i need some help to setup firewall for my office (plz. help i am not a linux expert). I am having 4 working pc one ubuntu server 10.04 running FTP and all pc are connected to shared internet.
<awanti> My server having 2 NIC card. Now i want to route the internet from my server
<qman__> while that's not too difficult to do, I very, very strongly recommend against running FTP to the internet on said server
<qman__> hosting FTP to the internet at all is a bad idea, but on your router it's even worse
<JanC> hosting FTP is okay for anonymous download access (although HTTP is probably a better solution for that)
<awanti> actually i need to setup firewall and i want to share the internet.
<SpaceBass> my 5T eSATA is showing up as a 2T drive on my 11.04 system  ? manufacturer says I need "port multiplier support" enabled ? which doesn't sound right since the only port multipliers I know are hardward devices
<JanC> for a linux-newcomer it's probably best to use a specialized gateway distro
<qman__> yeah
<qman__> it's not that complicated, but doing it right requires significant knowledge of how IP works and some experience with what you need to guard against
<JanC> ebox/zentyal is an Ubuntu-based solution that can used as a gateway, but OpenWRT might be an option too...
<qman__> SpaceBass, the device probably uses one eSATA port, and is, itself, a port multiplier
<qman__> so your disk controller would need multiplier support
<SpaceBass> qman__, ahhh that would make sense
<SpaceBass> my other option is usb 3.0, but when I plug it in, it starts sculling errors about a bad cable (tried 2 cables)
<SpaceBass> assuming usb 3.0 is fully baked in 11.04, right?
<qman__> not sure, but if your controller is showing up, probably
<qman__> I'd look into which kernel versions added USB3
<qman__> and compare
<SpaceBass> note to self: using a drobo with linux is miserable
<qman__> I thought drobo was supposed to be a NAS
<qman__> with iSCSI or whatever, not eSATA or USB
<JanC> USB3 should work in 11.04 and even older versions IIRC
<qman__> because if it's not, that sort of defeats the whole self-contained redundant storage deal
<SpaceBass> qman__, thats the "elite" model
<qman__> and you might as well just get regular boxes and drives
<SpaceBass> JanC, thanks ? must be some kind of motherboard or device issue then
<SpaceBass> its self contained and redundant? just not usable on linux
<JanC> although "USB3 support" doesn't mean all USB3 controller chips are supported maybe
<qman__> yeah, if it's a new USB chip, it may not yet be supported correctly
<JanC> linux was the first OS to support USB3 BTW  ;)
<qman__> for practical reasons, ubuntu's kernel lags behind the latest and greatest
<SpaceBass> figured what was the case
<monaDeveloper> Hi
<SpaceBass> its entirely likely that this chipset is too new? although its an intel H67
<qman__> well, you need the exact USB3 controller model, not just the board chipset
<monaDeveloper> Whenever I try to login to an ec2 instance I just can do that once and after that I get Permission denied (publickey)
<qman__> because intel doesn't bundle USB3 controllers in with their chipsets
<qman__> or at least didn't, they may now
<JanC> "The Linux kernel has supported USB 3.0 since version 2.6.31, which was released in September 2009." --> from Wikipedia
<SpaceBass> looking to see if I can determine which usb controller this thing is using
<SpaceBass> Etron EJ168A
<qman__> yep
<qman__> new chip, no linux support as of 2.6.38
<SpaceBass> seeing forum posts now
<SpaceBass> humm
<SpaceBass> thinking new motherboard
<monaDeveloper> hello
<monaDeveloper> Whenever I try to login to an ec2 instance I just can do that once and after that I get Permission denied (publickey)
<monaDeveloper> Whenever I try to login to an ec2 instance I just can do that once and after that I get Permission denied (publickey)
<annone> hi all
<annone> people, I can not choose between Debian and Ubuntu Server, but I am inclined to US. What about stability of US?
<annone> who can help me? and sorry for my english, I'm from Ukraine
<annone> anybody in there?
<annone> )
<annone> hey! peoples!
<annone> I NEED HELP!
<annone> can u help me?
<delinquentme> does "chmod 400 keypair.pen" change a publickey file to a private?
<guntbert> delinquentme: no, certainly not
<delinquentme> guntbert, hmmm silly aws tutorials are telling me that it would
<guntbert> delinquentme: but it will protect your private key
<guntbert> and so is a very important step
<delinquentme> check. perhaps im using the wrong argument on my ssh command to specify a particular key?
<delinquentme> "ssh -i specific_keyfile"
<guntbert> delinquentme: does ping work now?
<delinquentme> so i checked out the firewalls on AWS to ensure that i've got the correct ports .. however i've only got it spec'd out to use port 22
<delinquentme> and yeah pinged .. w 100% loss
<guntbert> delinquentme: I usually use ssh-agent on the client: ssh-add <path-to-private-key>, from then on ssh user@server
<delinquentme> that works.. asve for its denying me because public key
<guntbert> delinquentme: I beg your pardon?
<delinquentme> add key with "ssh-add keyname"  returns "identity added xxx"
<delinquentme> and then ssh unf-ubu@aws.server.addy.com
<delinquentme> and permission denied (publickey)
<guntbert> delinquentme: then you didn't configure your server to accept key-based logins or you didn't place the public key into .ssh/authorized_keys
<dbgster> hi, I want to add a value to my /etc/hosts file via the command line, how can I add a record?
<delinquentme> guntbert, public key goes into .ssh/authorized_keys of the client ?
<guntbert> dbgster: sudo <yourfavouriteEditor> /etx/hosts
<guntbert> delinquentme: no, on the server
<dbgster> guntbert: no I am creating a script to automate this, so I its un-manned
<guntbert> dbgster: on a running system? that requires root permissions - not good from a script
<dbgster> it runs under root actually
<dbgster> its using the cloud config
<guntbert> dbgster: in that case echo "text in the new line" >> /etc/hosts    ( important: >>    not    >   !)
<dbgster> i added to my hosts:  1.2.3.4 puppetm
<dbgster> where 1.2.3.4 is an ec2 ip address (public)
<dbgster> shoudlnt':  ping puppetm work?
<delinquentme> guntbert, http://stackoverflow.com/questions/1454629/aws-ssh-access-permission-denied-publickey-issue  << think i got it
<guntbert> !yay| delinquentme
<ubottu> delinquentme: Glad you made it! :-)
<delinquentme> MUAHAHAH!
 * delinquentme owns amazon now
<dbgster> why would I use 10.04 lts over say natty?
<dbgster> its more stable?
<dbgster> 10.04 versus 11.xx
<qman__> it's not a matter of stability so much as a matter of not having to upgrade every 6 months
<qman__> less work, less changes
<Slyboots_> Hm
<Slyboots_> Does anyone know if you can create several folders at once using mkdir?
<Slyboots_> But folders that.. recurse? if thats the correct word
<Slyboots_> IE, In a empty folder Create \home\user\Folder1\Folder2\Folder3
<Slyboots_> I've tried to google it, but I cant think of the correct way to phrase it
<shauno> Slyboots_: you're looking for mkdir -p
<Slyboots_> Mm
<Slyboots_> I tried another turn at google-fu, found the {folder,} command.. ish
<shauno> -p will create the parents if they don't already exist.  so making /foo/bar should fail because /foo doesn't exist; with -p, it'll create /foo, then /foo/bar
<Slyboots_> Cool, That'll make resetting up my server less of a pain in the ass
<shauno> man mkdir may explain it better .. I believe it's about the only option mkdir has :)
#ubuntu-server 2011-05-29
<Snugger> hi
<Snugger> how do you access your network interface on ubuntu server and edit it so i can have my wireless adapter become the main internet source for my server?
<Snugger> if anyone is free and able to help a newbie of ubuntu server, i would appreciate it =D
<uvirtbot> New bug: #789715 in postfix (main) "package postfix (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/789715
<Snugger> can anyone help me please
<Snugger> anyone here?
<jmarsden> Snugger: http://pastebin.com/XejD1QAF  has info that is very brief about the two files to edit for doing that.  But I can't help with details, this is info from someone else I have not yet actually used it myself :)
<jmarsden> Snugger: And this assumes your wireless NIC is already supported and visible as wlan0 , of course.
<Delerium_> Hi Guys, I'm looking to implement a couple of chat room for my website, I was wondering if someone have experience with that and can suggest software to do so ?
<Masshuu> Where would i look for a reason why mysql isn't starting when the server starts but it starts just fine if i start it via service mysql start
<Masshuu> looked in /var/log/ but didn't see anything
<Masshuu> start up scripts in there and all the right run levels
<rewt> i'd guess /var/log/syslog or /var/log/dmesg
<rewt> maybe /var/log/mysql.*
<Masshuu> tried those
<rewt> and it's listed in /etc/rc2.d ?
<rewt> (with an S number)
<Masshuu> yeah
<Masshuu> maybe change it to a higher or lower number?
<rewt> runlevel tells you your current runlevel
<rewt> should be 2 by default
<rewt> which corresponds with /etc/rc2.d
<Masshuu> yeah. i was refering to moving mysql to like 15 or 50
<rewt> ohh
<rewt> what's it at now?
<Masshuu> 20
<rewt> i guess you could try S90 to see if that helps
<Masshuu> brb. irc client runs on the server(its a vps)
<rewt> rgr
<Masshuu> nope
<rewt> hrmm
<Snugger> yall familar with setting up wireless usb adapters for internet?
<Masshuu> might be network interface isn't created yet?
<Masshuu> would that cause it?
<Masshuu> * setup yet
<Snugger> yes i'm not sure how to correctly configure it
<rewt> Masshuu, maybe, although that should show up in the logs
<Snugger> i was given this link http://pastebin.com/XejD1QAF how do i intergrate that in to etc/network/interfaces?
<Snugger> sorry i'm a newbie with ubuntu
<rewt> Snugger, have a look at https://help.ubuntu.com/community/WifiDocs/WPAHowTo
<rewt> Snugger, this seems like a more straight-forward answer: http://joost.damad.be/2007/01/debian-wifi-wpa-supplicant-and.html
<Snugger> should i use nano or vi? and do i just simply type it in exactly as i see it?
<rewt> nano/vi doesn't really matter; whatever you feel more comfortable with
<rewt> you'd have to put in your configuration following that format
<Masshuu> found a fix
<Masshuu> added service mysql start
<Masshuu> to the end of rc.local
<rewt> Snugger, you may not need all of those lines though; this post doesn't have all of them:  http://www.cyberciti.biz/faq/debian-linux-wpa-wpa2-wireless-wifi-networking/
<ScottK> Masshuu: This is on a VPS?
<Masshuu> yeah. openvz vps
<delinquentme_> chmod commands are cross OS compatible right .. 700 for linux would be 700 for ubuntu?
<rewt> ubuntu is linux
<Masshuu> ubuntu is turning into the next mac
<delinquentme_> Permission denied (publickey,gssapi-with-mic)
<delinquentme_> attempting to SSH
<delinquentme_> .ssh is chmodded to 700 .. and authorized_keys is 600
<ScottK> Masshuu: Standard Ubuntu Server doesn't have this problem.  If you install mysql server it runs.  I suspect your provider of having improved it for you.
<Snugger> how do you contact a specific person when typing in irc again?
<delinquentme_> Snugger, /msg
<delinquentme_> or type the first part of a name and hit tab
<Snugger> thanks
<ScottK> delinquentme_: What's the log say on the server end?
<Snugger> rewt: my network adapter does not show up when i tpye in lscpi
<ScottK> Snugger: lscpi or lspci?
<delinquentme_> ScottK, im not sure i have access to that yet .. its an EC2 instance .. but i can get the verbose readout from my end
<Snugger> lspci
<ScottK> delinquentme_: Then look and see if it gives you any more clues.
<ScottK> Snugger: This is a wifi adapter?
<ScottK> If so, what kind?
<Snugger> Netgear WG111 v3
<delinquentme_> unspecified GSS failure?
<rewt> hmm, i'm not sure if usb ones show up in lspci
<Snugger> should i continue to step 3
<delinquentme_> http://pastie.org/1987577  the part where it starts breaking :D
<Snugger> rewt_: do i erase my previous eth0 config in the interfaces file?
<rewt> Snugger, http://ubuntuforums.org/showthread.php?t=732827
<delinquentme_> debug1: Authentications that can continue: publickey,gssapi-with-mic    << this should mean that i can use either a public key or  a gssapi-with-mic
<delinquentme_> to ssh in .. right?
<Snugger> rewt: thank you i will try this
<Snugger> rewt: problem, i believe the link you sent me only works for ubuntu desktop edition, while i have server edition, because i cannot use the gksudo gedit command
<ScottK> Snugger: Instead of gksudo gedit use sudo nano
<uvirtbot> New bug: #789764 in samba (main) "package samba-common 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: error writing to '<standard output>': æ²ææ­¤ä¸æªæ¡æç®é" [Undecided,New] https://launchpad.net/bugs/789764
<delinquentme_> im sshed into a linux box .. and id like to find out if theres in installed program called "crossbow"
<delinquentme_> how might i do this
<jeeves_moss> has anyone here been able to get FreeDB working?
<Snugger> scottK or rewt, i've been able to successfully set up wireless connection with dhcp, but i would like to have static so i can host game servers, how do i static my wlan setting
<ScottK> If you look for at the ubuntu server guide on static networking setup (see /topic) you ought to be able to extrapolate from the ethernet examples they have there to your setup.
<jeeves_moss> the "any key" is the black toggle switch becide the power cord on your PSU
<ScottK> delinquentme_: which crossbow would tell you if there's an executable of that name installed.
<delinquentme_> "which crossbow"
<ScottK> jeeves_moss: Please leave the sophomoric tricks elsewhere.  It's far too old to be funny and we prefer to actually try and help people here.
<ScottK> Yes
<delinquentme_> thats awesomely simple .. thanks
<ScottK> Try 'which python' for an example that will show something.
<delinquentme_> nice!
<delinquentme_> yeah im on a AWS instance and apprently theres a few things that arent there
<delinquentme_> dpkg is one of them
<delinquentme_> tanks ScottK .. that commands gonna come in handy
<ScottK> You're welcome.
<Snugger> i've tried everything and my wireless connection will not function correctly,i set my inet to static so ic an host and now the internet won't connect. I am certain the ssid and psk are correct
<Snugger> whenever i type if up wlan0 i get a wpa_supplicant: /sbin/wpa_supplicant daaemon failed to start
<Snugger> run-parts: /etc/network/if-pre-up.d/wpasupplicant exited with return code 1
<Snugger> anyone one think they can lend a hand?
<Refael> hola, am looking for anybodys' assistance to create a loopback maneuver
<Refael> Snugger: what did you need assistance with?
<annone> hi all
<annone> who can help me in my choice
<annone> ?
<annone> bitween ubuntu server and debian
<Refael> ubuntu
<Refael> is a very good os & has more options
<Refael> there are various metapackages you could configure to work with ubuntu, etc.
<Refael> it appears ubuntu is more actively developed
<annone> Refael: what about stability? many people talk about ubuntu as a bug distr, and what debian is more stable
<Refael> annone: if you talk to debian persons, they shall tell you bad things about ubuntu. The personal operating system is ubuntu & it has worked great from install to the present day & has a good support team & is highly developed & regularly upgraded
<annone> can u say who used ubuntu server? goverment, commercical companies?
<annone> Refael:
<Refael> annone: si?
<annone> dont understand
<Refael> ah, many persons & corporations use ubuntu
<annone> for example
<Refael> could do a little research if you wished
<Refael> what is it you are wishing to use the system for?
<annone> in goverment
<annone> as secure and stable
<Refael> what type utility?
<annone> datastore, ftp, cluster, apache, mysql, statistics
<Refael> annone: dell & sunsoft use & support Ubuntu
<annone> maybe think client
<annone> we have dell servers
<Refael> it could handle as a server & on client side simultane even
<Refael> dell website, type ubuntu in search
<Refael> often "Ubuntu Remix"
<annone> Refael: what is sunsoft? sorry for my english, his bad... i'm from Ukraine
<Refael> typically is "Ubuntu Remix" & is a type derivative
<Refael> typical larger companies perhaps, though Ubuntu Server uses "Wine" to handle Windoze compatability
<annone> what is sunsoft? what do u mean?
<Refael> Dell is actively supporting "Ubuntu" Operating systems for optional OS
<Refael> sunsoft is corporation, wait
<annone> http://en.wikipedia.org/wiki/Sunsoft
<annone> ?
<Refael> perhaps am getting name wrong
<annone> maybe u mean SUN?
<annone> (oracle, java)
<Refael> was a time since used windoze and am now using Linux alone
<Refael> yes
<Refael> is similar
<annone> ok
<Refael> IBM uses Linux on eServer
<annone> Refael: 10x about that
<annone> and i'm have more quations )
<Refael> ok
<annone> Does provide Ubuntu some free trainigs?
<Refael> there are many manuals
<annone> Webinars?
<Refael> free online learning resources
<Refael> si, similar
<Refael> & there are many forums
<annone> Certificate?
<Refael> instant email notification
<Refael> si, if you wish for Certificate, though is not necessary for anything
<annone> i want be certificated pro administator, it's really?
<annone> How to get to work in Canonical?
<annone> Refael:
<Refael> annone: there is no financial gain with doing such. If you wish to work with Linux, you would need to get a job with a company local to you & be that companies network administrator or a thing similar
<Refael> You would really necessarily spend years learning Linux Systems & perhaps work your way in creating software applications to begin with
<annone> ok, thank u very  much
<Refael> annone: Ubuntu is a good election though
<annone> Refael: and finally, what ubuntu is better than debian?
<Refael> get Ubuntu 11.04 & test it for a few months
<Refael> you can send personal email if you need assistance
<Refael> *smiles*
<annone> )
<annone> thanks
<annone> u r very helpful
<uvirtbot> New bug: #789816 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/789816
<RoyK> wtf is wrong with 11.04? I have tons of broken packages...
<MonkeyDust> about no-ip: when my wan ip-address changes, my website is gone, hints&tips about settings or scripts, anyone? i followed these instructions, no errors, but it won't work http://ubuntulinuxhowto.blogspot.com/2006/06/dynamic-dns-no-ip.html
<MonkeyDust> it works the first time, only
<Refael> hola, can anybody assist in creating a loopback for the personal local network?
<Refael> am having difficulties with discovering any documentation in creating a loopback. Have personally looked all in the ubuntu & LQ forums & have discovered little. Can anybody assist por favor?
<uvirtbot> New bug: #789869 in amavisd-new (main) "package amavisd-new-postfix 1:2.6.5-0ubuntu2 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/789869
<Snugger> is anyone avaliable?
<RoyK>  
<Snugger> roy can you help me configure my usb adapter for wireless?
<Snugger> RoyK: can you help me configure my usb wireless adapter
<RoyK> using a usb wireless on a server?
<Snugger> yes
<Snugger> i've been suggested multiple links and none have prevailed, i've edited my /etc/network/interfaces to wlan 0
<Snugger> i know the system recognizes the adapter because i typed in ifconfig or iwconfig, and i saw the adapter show up
<Snugger> but i can't seem to get it working with static let alone dhcp
<Snugger> RoyK: you are confused too
<Snugger> RoyK: You must be busy
<fosterdv> How are you guys doing?!
<fosterdv> Bit off topic, butt.. off the top of anyone's head.. does anyone know that site, where people people put their things that they script, it's some sort of project site.
<qman__> pastebin?
<Snugger> i get a /sbin/wpa_supplicant daemon start error when i restart my network, i have no idea why
<fosterdv> I believe it is... thanks qman__
<fosterdv> Snugger, do you have a wireless card?
<RoyK> w
<RoyK> oops
<Snugger> no i am not, i am using a wireless usb adapter
<RoyK> with a server?
<Snugger> yes and i know it's possible, i checked to see if my usb adapter was compatiable
<RoyK> never setup something like that myself - sorry
<Snugger> yes it is uncommon i have so many guides up but none have succeeded
<Snugger> can anyone help me?
<RoyK> Snugger: does it show up in ifconfig -a?
<Snugger> RoyK: It shows under wlan0 that my Link encap:Ethernet, there should it say my usb wireless adapter there?
<RoyK> that looks right
<rewt> Snugger, did you get it working with dhcp?
<RoyK> Snugger: what does iwconfig say?
<Snugger> my iwconfig says IEEE 802.11bg  ESSID: "MY NETWORK NAME" Mode: Managed etc.. want me to list more
<Snugger> as for dhcp, i will try it
<Snugger> whats funny is when i do iwlist wla0 scan it scans fine and i see my network up there
<Snugger> so i believe the device is fuctioning correctly
<Snugger> and i get the same error when in dhcp
<Snugger> rewt: dhcp yields the same error
<Snugger> RoyK: my iwconfig says IEEE 802.11bg ESSID: "MY NETWORK NAME" Mode: Managed etc.. want me to list more
<RoyK> Snugger: has it gotten an IP address?
<RoyK> hm... if I enable homedir encryption - how do I turn that on with new users? useradd -m xxx doesn't seem to allow that
<Snugger> RoyK: I did something and now it is not scanning..
<RoyK> Snugger: I've only setup wlan on a server once, and that's out of reach as of now
<Snugger> RoyK: I get an ip address but it is the static i set in network/interfaces
<Snugger> I'm bout ready to just give up because everything i try does not work
<SpaceBass> anyone using eccryptfs? I've tried creating a new user with --encrypt-home per the wiki, however, when that user logs in (via CLI) they cannot write to their ~/   ?. encryptfs-mount-private returns an error: encrypted private directory is not setup properly
<Snugger> people here don't help very often, i apoligize
<dbgster> I can't cd into a folder due to permissions
<dbgster> sudo cd /path/folder doesn't work
<qman__> dbgster, sudo -i
<qman__> do what you need to do inside the root shell, then exit
<qman__> just be careful
<dbgster> how can i see if the package apache2 is sintalled?
<dbgster> confused between apt and dpkg
<robrt`> dpkg -l |  grep apache2
<robrt`> or just dpkg -l "apache2", either way works
<dbgster> thanks!
<Lobo29> Question, Installed 11.04 32bit and finished fine on Dell 1650 server, but on reboot i get Cannot display this video mode, I need to edit Grub to fix, but how ?
<Lobo29> Question, Installed 11.04 32bit and finished fine on Dell 1650 server, but on reboot i get Cannot display this video mode, I need to edit Grub to fix, but how ?
<Lobo29> Question, Installed 11.04 32bit and finished fine on Dell 1650 server, but on reboot i get Cannot display this video mode, I need to edit Grub to fix, but how ?
<rewt> Lobo29, once is enough
<Lobo29> rewt, how to new people logging in see the question if its not reposted ?
<rewt> you could wait an hour between asking so you don't re-ask the same question every time 1 person joins
<Lobo29> what if that one person has my answer and leaves in 15 mins if nothing else is posted ?
<robrt`> Lobo29, live disc, mount disk of installed system and edit grub conf?
<rewt> then you try the next day
<robrt`> (or patiently until someone else sees the question in the channel -- we're not all intently watching our screens for the next question to come up ;-) )
<robrt`> +wait, somewhere in that sentence..
<Lobo29> robrt, ty, i tried a live disk, but the raid drives are locked out that way, i can't access the files
<rewt> you have /boot on a raid?
<robrt`> exactly, /boot should be accessible
<rewt> if all else fails, you should be able to re-create the grub config from scratch if you know the settings
<Lobo29> ok, i'm noob on server install, my first try here - after drives load and bios ready,  ubuntu would start, but, thats when i get Cannot display video mode message
<Lobo29> drives are config as one partition
<Lobo29> i followed an example on webpage to make a clonezilla  server
<rewt> try booting with a gparted livecd and see what partitions that sees
<rewt> maybe you tried mounting the wrong one with the ubuntu livecd
<rewt> although it should probably be on /dev/sda1
<Lobo29> live cd booted and saw server drive with name I gave it "Clonezilla" , I could move thru the live cd files, but clicking on the Clonezilla drive, say it wasn't accessable
<Lobo29> Anyone have suggestions on partitions for a Clonezilla server ?
<dbgster> which folder is syslog in?
<dbgster> is there a nice FAQ for all these common folders that I should know about?
<guntbert> dbgster: /var/log, and yes, there is but I cannot remember
<guntbert> dbgster: see http://www.pathname.com/fhs/
<guntbert> loua1: best ask your complete question - if anyone knows an answer they will say so
<loua1> ty guntbert, im new to this
<guntbert> loua1: :)
<loua1> i have a thin client TK-3550 that i want to connect to ubunto server
<guntbert> loua1: please keep your questions in one line (if possible)
<loua1> how to connect TK-3550 to LTSP
<qman__> the simplest way to run LTSP is via netboot
<qman__> so you just need to enable netboot on the device if it supports it
<loua1> qman - doesnt seem to be able for that
<qman__> other options would then be installing a simple floppy or CD to boot, then look on the network
<loua1> i got no cd or floppy drive on client
<qman__> you can boot a USB flash drive as a floppy/CD
<qman__> but something with no drives at all probably has netboot
<loua1> well i cant choose boo order but your probably right
<loua1> qman the client is  running on windows ce, can i do any thing with that
<dbgster> guntbert it says software is installed in /etc/opt/
<dbgster> but I installed apache2, and it is in /etc/apache2/
<WinstonSmith>  in /etc/apache2/ are the config files
<qman__> loua1, windows CE cannot connect to LTSP, you have to boot to the LTSP server in some way
<qman__> whether that's netboot or a boot disk of some kind
<WinstonSmith> where stuff gets installed depends on the distro
<qman__> it's also possible to install a boot disk to the local hard drive, but it's the same idea
<qman__> dbgster, software is usually installed in /usr
<qman__> but configuration goes in /etc
<dbgster> ah ok
<dbgster> but /etc/opt is empty, no apache2 there.
<qman__>  /opt can also house software, but it's usually reserved for software that is not maintained for your distro
<qman__> such as third party commercial applications
<dbgster> qman__:  i see
<qman__>  /etc/opt would be configuration for those programs in /opt
<loua1> qman - ty seems i need to find a way to install ubuntu from USB stick
<dbgster> when a service daemon has started, I should look in: ps aux for the service.
<dbgster> or /var/lib/service/run
<dbgster> as it creates a pid file right?
<qman__> dbgster, ps aux will show all processes, 'sudo service [servicename] status' will usually show if it's running
<dbgster> is that the only way?
<loua1> eit
<loua1> exit
<dbgster> i'm trying to run puppet using: /etc/init.d/puppetmaster start
<dbgster> and I get: Could not run: Could not create PID file: /var/lib/puppet/run/master.pid
<dbgster> but I did: /etc/init.d/puppetmaster stop before.
<dbgster> shouldn't the PID lock file be removed?
<qman__> are you running it as root?
<dbgster> yes
<dbgster> i'm running those commands as root
<dbgster> but I believe internally it runs as puppet:puppet
<qman__> yeah, I just meant the commands
<qman__> I'd stop it as root, then check if that file exists and remove it if it does
<dbgster> the PID 569 shows user puppet
<dbgster> command: /usr/bin/ruby1.
<qman__> and if any processes are still running, kill them
<dbgster> but why doesn't /etc/init.d/puppetmaster work?
<qman__> well, for one
<qman__> that method is going away, as ubuntu moves to upstart
<qman__> you should use service instead
<qman__> because it's compatible with both
<qman__> but, it's possible another puppet process started outside of the service management
<qman__> in which case you should kill it and remove the pid file if it still exists
<qman__> then start it with the service management
<dbgster> ok
<dbgster> kill -i PID ?
<qman__> not sure what -i is
<qman__> kill [pid] will work
<dbgster> i did both: service puppet stop and service puppetmaster stop but ps aux still shows it.
<dbgster> k
<dbgster> to add a service to run on startup, I use: update-rc.d right?
<dbgster> like: update-rc.d service-name default
<dbgster> what if it was already setup like that, will that cause any issues?
<dbgster> how can I tell what is and isn't already setup to start on boot
<robrt`> dbgster, have a look at http://upstart.ubuntu.com/cookbook/ and https://help.ubuntu.com/community/UbuntuBootupHowto
<robrt`> This is a good article on upstart as well: http://www.linux.com/archive/feature/125977
<dbgster> robrt`: thanks
<robrt`> dbgster, did you fix your earlier issue? If not, did you check the permissions on /var/lib/puppet?
<dbgster> I just had to kill the PID
<robrt`> Alright
<dbgster> i'm still confused as to how ti started int he first place
<dbgster> after reboots, I get it again.
<dbgster> so i'm missing something :)
<robrt`> Error message is not 100% clear; error creating, but it didn't specify why
<robrt`> Yeah..
<robrt`> See if you can reproduce it and strace the stop command .. see if it even attempts to remove the lockfile or not
<robrt`> That'll at least show any errors it may encounter
<WMP> hello
<WMP> in grsec is possible to make privaleges to use one ip per only one user?
<Andre_Gondim> does any one know how to block skype using iptables and without 7 layer?
<WMP> eq: user max can use ip on eth0:0, user tom can use ip on eth0:1
<WMP> ?
#ubuntu-server 2012-05-21
<harushimo> I'm going to be setting maas again. It broke my system last time
<harushimo> I have it up and running now
<harushimo> what do you people suggest to approach the problem?
<harushimo> should i use the live cd?
<harushimo> anyone?
<twb> What problem?
<twb> "maas broke my system" is not a meaningful problem description
<harushimo> It broke apt-get
<twb> <dpkg> Telling us that something is broken is fairly useless.  You need to tell us exactly what is failing, and what you expected it to do.
<twb> <dpkg> "Doesn't work" is a vague statement.  Does it sit on the couch all day long?  Does it procrastinate doing the dishes?  Does it beg on the street for change?  Please be specific!  Define 'it' and what it isn't doing.  Give us more details so we can help you without needing to ask basic questions like "what's the error message?".  Ask me about <smart questions>, <sicco> and <errors>.
<harushimo> password authenication failed
<harushimo> that was the error message
<twb> apt-get said that?
<harushimo> that is when I was trying to use maas
<harushimo> the error message for apt-get was it locked by a process and which it wasn't
<twb> I'm sorry, but I don't have the patience to get meaningful diagnostics out of you through dialogue.  Please wait patiently for someone else to help.
<harushimo> you don't need to
<harushimo> I reinstall the system already
<harushimo> I did this a week ago
<harushimo> I just downloaded the ubuntu-cloud iso
<harushimo> I was wondering what is the preferred method to install maas
<harushimo> I did an apt-get install through ubuntu software center
<twb> Oh, I see.   Sorry, I thought you were asking for help with your original issue, so it didn't happen again.
<harushimo> no
<harushimo> it didn't happen again
<harushimo> I'm sorry if you got that idea
<harushimo> no
<twb> Don't worry about it.
<harushimo> back to the issue
<harushimo> what is the preferred method to install maas?
<harushimo> I have the iso
<twb> I don't use maas, so I don't know.
<harushimo> thats fine
<harushimo> thank you.
<josheee12> hey, guys.  i want ufw to allow connections from localhost to be able to access any port.  help?
<josheee12> *any port on localhost
<twb> That's probably on by default
<twb> josheee12: please pastebin the output of "iptables-save -c"; I will check for you
<josheee12> momentarily.  keep in mind this is an assumption it's not working, because my varnish cache server isn't turning up content after enabling ufw
<josheee12> http://pastebin.com/pQcNnnsK
<josheee12> any ideas?  my issue is that i use varnish to front all my http connections.  based on the host, you'll get content because varnish passes throgh to a different nginx instance.  varnish keeps giving me an nginx 404 page, even with caching off.
<twb> Sorry, I was in a meeting
<twb> 74. [26:35261] -A ufw-before-input -i lo -j ACCEPT
<twb> ^^ that line says everything on loopback is allowed, and it has matched 26 packets (or more likely, flows) since ufw was last loaded
<uvirtbot> twb: Error: "^" is not a valid command.
<josheee12> any idea, then?
<twb> Have you checked logs?  Have you tcpdumped?
<twb> You can establish quickly that ufw is not responsible, by turning ufw off entirely for five minutes
<josheee12> alright, thanks
<josheee12> can i pm you?
<twb> Sure, but technical discussion should remain in-channel
<josheee12> i'd just rather not give my domain out if i don't have to since i'm going to expose a current gaping security flaw on my server
<twb> Whatever
<joseph_> why is tasksel and byobu display screwed up in 12.04 on ec2?
<twb> josheee12: so the problem is fixed?
<brainysmurf> I'm getting segment fault in libc-2.13.so when I mount -a
<brainysmurf> fstab: 192.168.1.92:/Volumes/StudentsHome/DragonNet /var/DragonNet nfs
<twb> That line is not complete
<twb> You need a mount options field like "default" or "intr,bg"
<brainysmurf> now it says missing helper program?
<twb> Is nfs-common installed?
<twb> Also "nfs" means NFS3; you may need NFS4 if the server is some OS X thing
<twb> (It is worth trying nfsv3 first)
<brainysmurf> works :)
<KXTwo> Hey guys I have a question , when I do an fdisk -l im getting strange output.  Dev disk/mapper/server-root for example?
<KXTwo> anyone know what thats all about?
<twb> Do not do "fdisk -l".
<twb> Reliable information resides in /proc/partitions
<twb> And that is a devicemapper device, most likely an LVM LV.  See also output from pvs, lvs, vgs commands
<KXTwo> not sure what any of that means
<KXTwo> but checking out /proc/partitions
<KXTwo> partitions has lines i dont understand either.  sr0, dm-0, dm-1
<twb> sr0 is the CD drive.
<KXTwo> ahh
<twb> dm-0 is again part of device mapper.  /proc/partitions uses dm-0 rather than the LV name; you can resolve one into the other by looking in e.g. /dev/disks/ or /dev/mapper
<twb> dm-N will have a device minor number of N
<KXTwo> wait a minute
<KXTwo> is this because I installes server with LVM?
<twb> yes
<KXTwo> which explains why I'm ignorant
<KXTwo> as thats new to me
<twb> Otherwise instead of dm-0 you'd see something like sda2
<KXTwo> But its nothing I need to worry about.
<KXTwo> well when I install manually
<KXTwo> I only ever have two maybe 3 partitions
<KXTwo> primary, swap, and maybe a backup partition
<KXTwo> thats why it through me off
<KXTwo> also I thought it was weird that server installed as 1 2 and 5
<twb> That's ubuntu being silly
<KXTwo> eventually I want top ut a larger harddrive into my server
<twb> When using MS-DOS disk labels ("partition table"), you have four "primary" partitions, of which one may begin "extended" partitioning.  Linux numbers the extended partitions from 5.
<KXTwo> and then eventually figure out a way to get it to to automatically back important files up to a repository
<twb> d-i partman for some reason defaults to allocating partitions as extended partitions immediately, so you typically see 1,5,6,7 instead of 1,2,3,5,6,...
<twb> KXTwo: etckeeper, and also keep /home (user data) on a separate fs from / (OS)
<KXTwo> some one else was saying something about that
<KXTwo> though currently im not entirely sure how to set that up but ll get to it
<twb> probably me
<KXTwo> im reading the ubuntu guide
<KXTwo> I think ti was your name does look familiar
<KXTwo> but actually my server data is in var/www
<twb> So fix that
<KXTwo> its a web server?
<KXTwo> thats where I want it?
<twb> That's not where it belongs.
<twb> FHS clearly says it belongs in /srv; /var/www is a hysterical remnant for silly people
<KXTwo> thats where the guide said to put it!
<KXTwo> lol
<KXTwo> what is FHS
<twb> The Filesystem Hierarchy Standard
<twb> https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard
<KXTwo> why does it matter so much?
<KXTwo> var/www is where it looks fo the index.html?
<twb> it doesn't really matter
<KXTwo> well if there is a learning opportunity or something to learn that will improve performance then I'm all about it, but if it doesnt matter lol
<Poindexter_> Has anyone here compared version ircd-seven-1.1.3 with Bahamut with Ubuntu, Debian or FreeBSD any comments?
<twb> Poindexter_: we support what's in the main apt archive.  If you're running third-party irc daemons, you might have better luck talking to #freenode or something.
<Poindexter_> I tried that. It was useless.
<twb> Talking to #freenode was useless?
<Poindexter_> I didn't say that.
<Poindexter_> The people were non-descript..
<Poindexter_> Setting up an IRC server is not a speciality with most webmasters. Especially with setting up a website interface to interact with an IRC server with clients.
<Poindexter_> Some issues have to do with PHP components of Linux and others have to do with AJAX additions.
<twb> Don't use PHP.  http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/
<Poindexter_> I am not a fan of PHP though.
<KXTwo> anyone use ebox?
<Poindexter_> I have read tons of articles on .htaccess    and the do's and dont
<Poindexter_> s
<Poindexter_> about it.
<twb> IMO htaccess falls into the "don't" category.
<twb> Just put everything in /etc/apache2 where it belongs; htaccess has too many hidden gotchas.
<twb> !anyone > KXTwo
<ubottu> KXTwo, please see my private message
<Poindexter_> I could imagine. Thanks for the heads up.
<twb> Poindexter_: IIRC it's best to disable the module entirely.
<KXTwo> so uptight lol
<KXTwo> whats the difference between ssh and ebox?
<twb> Um, ssh is a secure remote shell; ebox is a WHCP
<Poindexter_> Twb Freenode uses version ircd-seven-1.1.3   Have you installed and used the beast?
<twb> Poindexter_: I use ircd2
<Poindexter_> What is the advantage?
<twb> It's in apt, so it (theoretically) receives security maintenance
<Poindexter_> That is abstruse. Explain please?
<twb> Well, do you understand why distros exist?
<KXTwo> i've on ly ever used SSH, I do not know what WHCP is, or if there are any advantages disadvantages with ebox
<twb> KXTwo: WHCP is Web Hosting Control Panel.  The idea is they provide a web interface so idiots can be sysadmins.  Which doesn't work.
<Poindexter_> Distros exist because someone has a different idea about how things should be run.
<KXTwo> so stick with ssh
<twb> Poindexter_: distros exist to take upstream code and *integrate* it, so it works as a cohesive whole, and to provide security and critical bugfix updates for it.
<twb> Poindexter_: so the argument for using ircd2 is that it's in Ubuntu, so it receives the standard benefits of being part of Ubuntu (as opposed to being third-party software)
<Poindexter_> Twb, that makes powerful sense.
<twb> KXTwo: exactly.  If you are already comfortable with command-line use, there is zero point to ebox
<KXTwo> twb: thanks, again i ask a lot of questions just for learning
<Poindexter_> KXTwo without questions there would never be answers. Keep asking.
<twb> KXTwo: no worries.  It's in my best interests to reduce the idiocy on the greater internet
<twb> https://en.wikipedia.org/wiki/Endless_September
<KXTwo> twb: I am far from an idiot
<KXTwo> simply ignorant on all matters related to ubuntu server :0
<twb> Everyone SAYS that :P
<KXTwo> twb: well I have credentials lol
<KXTwo> and most of my questions are fair
<KXTwo> this guide is very informative
<KXTwo> but chapter 6, network authentication, I am not sure what you use openLDAP for.
<twb> I'm an asshole; don't take it personally
<KXTwo> twb: Im an asshole too, just not an idiot haha
<twb> LDAP is how you get hosts to have the same set of users and groups
<twb> (It is a lot more flexible than that, but that's it's primary use)
<KXTwo> give me a an example of why I'd use it?
<twb> KXTwo: because you have >>1 host
<KXTwo> as in multiple servers?
<twb> Yes
<twb> Or if you have one server and a hundred desktops
<twb> If you're familiar with Microsoft Active Directory, that is kerberized LDAP under the hood
<KXTwo> ok well it sounds like for now I don't need LDAP
<KXTwo> I just have one crappy web server lol
<KXTwo> so will skip that chapter lol
<KXTwo> now I do feel like an idiot, but I swear I'm smart haha
<twb> Sure; the server guide is a reference, not a recipe.  You don't have to do everything it says
<KXTwo> again im jjust reading for learning
<KXTwo> I didnt realize I was in the optional section
<KXTwo> i do want to to DNS though so gotta read this one
<twb> Eh, personally I don't like their use of bind; I prefer nsd3/unbound
<KXTwo> hey twb, you definitely know your shit.  I have a question about nmap.  my phone also connects to my wireless but when I do nmap on my network it doesnt show up.  I can map directly to it but never with just a nmap "network", do you know anytyhing about that?
<KXTwo> twb: well i ahve to start somewhere!
<twb> KXTwo: you're doing what, nmap 10.1.2.0/24 ?
<KXTwo> twb: yes and everything shows up but my phone, but if I type nmap "phone ip address" it gives a response
<twb> I cannot explain that
<KXTwo> yah it seems no one can yet lol
<Poindexter_> Why would you want to use NMAP for port scanning your phone?
<KXTwo> why not?
<KXTwo> nmap is meant to find all devices on a network
<KXTwo> other than my phone it works
<KXTwo> it works if my phone is active too which is weird
<Poindexter_> Because everything you do with your phone is logged by the phone company. That is not smart.
<KXTwo> Thats not true?
<KXTwo> and even if it was
<KXTwo> im not doing anything to be worried about
<KXTwo> but my wireless provder cannot monitor what i do over wifi lol
<Poindexter_> Really?
<Poindexter_> Wireshark.
<KXTwo> Yes really
<KXTwo> again not that it would matter
<KXTwo> because im not doing anything to care
<KXTwo> I just connect to the router for downloading updates etc
<KXTwo> more of just a curiosity as to why nmap doesnt discover ti
<twb> 16:15 <KXTwo> it works if my phone is active too which is weird
<twb> KXTwo: that strongly implies that it's just the phone disconnects when idle, to save power
<Poindexter_> NMAP is a great tool. Its predacessor was SATAN System Admin tool.
<KXTwo> twb: no it doesnt though.  I can still ping it, and find it manually?
<twb> Hm, good point
<KXTwo> yah I was right lol
<KXTwo> yay*
<KXTwo> the ? was because I expected you to tell me my assumption was wrong lol
<twb> For now I'm still inclined to write it off as the phone being strange
<KXTwo> ok twb so I am reading this dns chapter and its talking about caching nameserver. it wants me to add my ISP's dns ip's.  Why would I do that on a local DNS?
<Poindexter_> The phone company may BLOCK promiscuous MODE xmissions.
<KXTwo> oh wait, reading further is always a good idea!
<twb> KXTwo: ultimately, there are DNS root servers.  They contain the canonical references for e.g. *.com and *.org.  You *could* point your caching resolver directly at them, but it is generally better for everyone if you point it at an intermediary caching resolver (your ISP)
<twb> The main reason not to, is if your ISP are pricks and do Naughty Things to records.
<KXTwo> twb: maybe I am thinking completelyw rong about this.  I just wanted a DNS for my local network, so say my network can be named something like personal.net
<KXTwo> so I want to have server.personal.net
<KXTwo> downlt.personal.net
<KXTwo> uplt.personal.net
<KXTwo> am I wrongly thinking about it?
<Poindexter_> Twb ISP's throttle bandwidth. That in itself is unforgiveable.
<twb> Poindexter_: if your ISP throttles per flow, get a different ISP.
<twb> KXTwo: for that, I use dnsmasq to provide combined DHCP and DNS services.
<KXTwo> time warne cable definitely throttles
<twb> KXTwo: but you might want to separate network services from application services, and run an OpenWRT appliance for the former and an Ubuntu server for the latter.
<Poindexter_> My ISP is OK. I have no problem. But I did find fault with their email port number. I had to do a work around.
<twb> Poindexter_: they should be using submission port (587)
<KXTwo> twb: I only want one server, its all I CAN run right nwo without virtualizing
<twb> Shrug.
<KXTwo> so DNS by itself is not what I want to do that?
<twb> If you want DHCP clients' names to appear in the local domain, you need a DHCP server and a DNS server, and to make them talk to one another.
<twb> dnsmasq obviates the last by doing both jobs and talking to itself.
<KXTwo> My entwork is all static ip's
<KXTwo> but my router has dhcp?
<Poindexter_> Twb just curious, is there a way to flush the IP's DNS of your files. Windows uses    ipconfig /flushdns      command. What do you think?
<twb> Your "router" would be the thing I called an OpenWRT appliance.
<twb> Poindexter_: I don't understand the question.
<KXTwo> ok so im back to needing to setup dns
<Poindexter_> I forgot I am talking with Ubuntu folks. Sorry for that question. But I suppose it still applies to the IP DNS server. Not the command ipconfig /flushdns.
<KXTwo> so this dns was a bit harder than I thought lol
<twb> KXTwo: the concepts are difficult to convey, but operationally it is not that hard
<KXTwo> I cant decide WHICH I need
<KXTwo> caching
<KXTwo> primary or secondary
<KXTwo> im assuming primary
<twb> Well, kind of.  You're hosting your own realm, but only for your local users
<Poindexter_> I have a huge .hosts file I use with my Windows box. When I add just one 127.0.0.1 <http:// anything> It takes almost 5 minutes to fix the file. I have thousands of 127.0.0.0.1 entries in the .hosts file. When I  ipconfig /flushdns    it takes about 15 minutes for the computer to come back to normal.
<KXTwo> kind of?
<twb> "primary server" usually means you are hosting somethig like example.net so the rest of the world can resolve it
<twb> You want something that resolves inside your LAN but nowhere else
<KXTwo> so is that secondary?
<KXTwo> I cant tell a difference in the description between primary and secondary
<twb> A secondary just keeps a backup copy of the primary's zonefiles
<twb> What you probably want is a caching resolver that also has the ability to host a local "fake" domain, although the term used for "fake" differs beween implementations.
<twb> Part of this is confused because bind -- the reference implementation -- does both jobs (serving zonefiles to the world, and caching the world's zonefiles for your LAN)
<KXTwo> I think the guide is talking about setting up one to that works outside the local network
<twb> Probably, yes
<twb> Since usually this job would be done on your appliance router, not on your app server
<KXTwo> ok lets start there
<KXTwo> is me ewanting to do this kind of pointless?
<KXTwo> do I need to have my own domain?
<KXTwo> I was just doing this to learn how to do so
<KXTwo> my lab had a local DNS, but we also had dozes of various machines we would log into for various projcts, including a half a dozen vm servers
<twb> you don't need to buy a domain from a registrar
<twb> But if you only have four boxes, and you don't have a FOSS firmware on your appliance router, it's probably easier to just hard-code things in /etc/hosts on all hosts
<KXTwo> ok lets break that down al ittle
<KXTwo> FOSS/
<KXTwo> ahh
<twb> free / open source software
<KXTwo> I googled it lol
<KXTwo> why do I need open source router?
<KXTwo> I have a newer LINKSYS N router
<twb> KXTwo: so that you can set up your local domain on it
<KXTwo> I think I can do that on my router?
<twb> I'm assuming the vendor's default firmware is too stupid to do so, otherwise we wouldn't be having this conversation
<Poindexter_> Twb have you used VBOX Virtual Box?
<twb> Poindexter_: yes.  Use KVM or LXC.
<KXTwo> no
<Poindexter_> I have set up lots of Guests with it. The most proficient Guest is Debian LXDE.
<KXTwo> twb: I thought my linksys router could do it but I'm not sure how to do it
<KXTwo> what was your suggestion about /etc/hosts?
<twb> KXTwo: you will need to ask your hardware supplier about that
<twb> KXTwo: /etc/hosts is where you can hard-code entries, instead of using DNS
<KXTwo> would I do that for every machine?
<Poindexter_> I will Google KVM and LXC. I think I have seen this before but I will check it out again.
<twb> KXTwo: yes, and you'd have to keep them in sync all the time.  Which is why DNS is used for >>1 host sites
<KXTwo> on each node, put all other nodes in there?
<twb> KXTwo: right
<KXTwo> in sync all the time?
<twb> KXTwo: like "10.1.2.4 yoyo.example.net www mail" "10.1.2.5 frisbee.example.net".  You'd probably just copy-and-paste the stanza to each machine
<Poindexter_> It seems that Vbox is hands down over VMWare. Vmware has lots of issues.
<twb> KXTwo: well suppose you add another machine in three weeks, called "waffle".  Now you have to go update ALL hosts files
<twb> Poindexter_: they're both closed-source software owned by oracle, so avoid them.
<KXTwo> ok twb, so whats the reason why you say to do that instead of DNS?
<twb> (Technically vbox has a free core, but IME everyone uses the partially-non-free version.)
<twb> KXTwo: because otherwise you will have to learn how to use DNS
<KXTwo> haha
<KXTwo> I really thought DNS would be simple lol
<Poindexter_> I was looking at this page:   http://virt.kernelnewbies.org/TechComparison
<KXTwo> but I dont even really know how to set up a domain name for my local network lol
<twb> KXTwo: it's simple iff you've done it before
<KXTwo> yah thats what I figured
<KXTwo> im going to search for another guide
<KXTwo> I ahve to set up a file server to so all my machines can copy data back and forth to others
<Poindexter_> KVM is Red Hat?
<twb> KXTwo: are they all unix hosts?
<twb> Poindexter_: kvm is linux.  RH funds a lot (30%?) of linux development
<KXTwo> twb, I dual boot a windows machine, and do want any windows host to communicate as well
<twb> Poindexter_: kvm should be documented in the Ubuntu Server Guide
<KXTwo> but personally run mint and ubuntu
<twb> KXTwo: then you probably should deploy samba
<KXTwo> samba file server
<KXTwo> yes I have it installed
<KXTwo> its on my list of things to do lol
<Poindexter_> I will download the ISO file when I find it.
<KXTwo> ok here is a possibly dumb question
<KXTwo> when setting up my dns is that HOW I set up a domain name for my local network?
<KXTwo> or does that need to be done somewhere else?
<KXTwo> I found a much better guide but it doesnt say anything, just says copy domain name here
<twb> Poindexter_: uh... apt-get install kvm
<Poindexter_> Twb I have a few choices here.    http://sourceforge.net/projects/kvm/files/
<twb> Do not install anything except via apt-get, or you WILL fuck up your system
<Poindexter_> Twb is there an ISO file?
<KXTwo> yah why woudl you download the iso?
<KXTwo> just install through apt-get or even aptitude
<Poindexter_> What if I am running Debian?
<twb> Poindexter_: ubuntu steals most of their packages from debian, so that advice goes double for debian
<KXTwo> apt advanced packaging tool and is debian
<Poindexter_> It is always a new story every day with this stuff.
<KXTwo> ubuntu is based off of debian
<KXTwo> mint is based off of ubuntu lol
<KXTwo> most modern/popular versions of linux are similar
<Poindexter_> I know that apt-get is a debian based download system.
<Poindexter_> Seeing that  Ubuntu has decided to follow the system.
<Poindexter_> I think it is a good thing, since Red Hat had the old Packages.
<KXTwo> red hat wow is that even still around?
<Poindexter_> lol
<KXTwo> I iused redhat and slackware back in the 90's lol
<twb> KXTwo: yes, RH is still around.  It is called "RHEL" and "Fedora" now.
<Poindexter_> RPM   Red Hat Package Manager.
<KXTwo> what about slackware?
<KXTwo> slackware was the shit back in the day lol
<twb> AFAIK slackware does not have the same order of market penetration
<twb> Try distrowatch.com
<KXTwo> linux has come so far in the past decade
<lifeless> it still ticks on, one guy only working on it I think.
<Poindexter_> That goes back a ways. I had a Dual SCSI RAID Pentium III server in those days with Red Hat 9.
<KXTwo> ok question twb, I found a better written guide but when editing the named.conf.local he has only 3 octets in his network address, whats that all about?
<twb> KXTwo: read https://en.wikipedia.org/wiki/CIDR and https://en.wikipedia.org/wiki/Classful_network
<KXTwo> im familiar with the difference between classful and classless actually
<KXTwo> am I not making a connection I should?
<twb> Well he is probably just talking about a /24
<KXTwo> ok will the file except 4 octets with /24
<Poindexter_> That brings me back to my old days at a Network Academy studying for CCNA classes. IP addresses.
<Poindexter_> Slash 24
<KXTwo> I just took network fundamentals lol
<Poindexter_> Using Pumpkin telnet software.
<KXTwo> even at my lat the dns file has only 3 octets
<KXTwo> lab*
<Poindexter_> 2   4   8   16   32   64   128
<KXTwo> also do not get why its in reverse order but ok
<Poindexter_> 128   64   32  16  8  4  2
<KXTwo> wasnt talking about that
<KXTwo> and you are missing your 1's place :)
<Poindexter_> Carry the 1?
<Poindexter_> hehe
<Poindexter_> I always liked    Anding the octets.
<KXTwo> ok theres is a file /etc/bind/zones/domain.name.db I need to create
<Poindexter_> Dot decimal notation.
<Poindexter_> You may like this website though.
<KXTwo> he says I have to put in the name of my DNS
<Poindexter_> http://www.subnetmask.info/
<KXTwo> okt his is weird
<KXTwo> I dont knwo if i have a working dns server or not lol
<Poindexter_> I left the 1 out because it is not a binary number by itself. It needs a Zero to help it.
<Poindexter_> Always remember 1 is not a binary number.
<twb> KXTwo: use dig to interrogate DNS servers
<_ruben> Poindexter_: why not?
<Poindexter_> Ruben, one    1    is singular. Not Two.
<Poindexter_> Binary means two.
<KXTwo> thats what the guid esaid
<KXTwo> but I dont know how to read the response
<KXTwo> im assuming yes
<KXTwo> forgive me, the channel is dead
<KXTwo> / replace example.com with your domain name, and 192.168.0.1 with the address of your new DNS server.
<KXTwo> search example.com
<KXTwo> nameserver 192.168.0.1
<KXTwo> wtf
<KXTwo> http://pastebin.com/UFnQawP1
<KXTwo> guess it was a hint not to do what I was going to lol
<Poindexter_> 192.168.0.1 is your router address isn't it?
<KXTwo> I think the dns server is working, but the guide doesnt tell me how to add files to it
<KXTwo> not mine, that was the guides example
<xranby> KXTwo: try dig @8.8.8.8 google.com
<xranby> this should give you successfull dns lookups for google using the google 8.8.8.8 nameserver
<xranby> to show a successful lookup
<KXTwo> im testing if my own personal lan dns is working
<xranby> right.. so then use  dig @192.168.0.1 google.com
<xranby> (if your local lan DNS ip is 192.168.0.1 )
<xranby> do you know which ip your local lan DNS use?
<KXTwo> yes
<KXTwo> 1.150
<xranby> is it working?
<KXTwo> I guess?
<xranby> you can verify using dig
<KXTwo> I dont know what I'm looking for in the response
<KXTwo> just says query time 380ms
<KXTwo> then spits back my servers ip address
<xranby> KXTwo: if the dns lookup is sucessful then you should see an ANSWER SECTION line like google.com.		300	IN	A	173.194.32.14
<KXTwo> I dont think tis working
<KXTwo> whatever i give up for tonight
<xranby> this means that the DNS server tells your system that you can find google.com at the 173.194.32.14
<KXTwo> thought this would be simpler lol
<KXTwo> if it was workign I should be able to ping my server by name from a node but I can't
<xranby> KXTwo: which DNS server do your DNS server use?
<xranby> maybe
<KXTwo> bind if I udnerstand your question but I probably dont
<KXTwo> I fllowed the instructions
<KXTwo> and my name server is server.fashizzle.lan
<KXTwo> so it would seem is hould be able to ping that but cannot
<xranby> KXTwo: have you configured your DHCP server to tell all computers attached to your network to use this nameserver?
<KXTwo> i havent gottehn that far
<KXTwo> but everything is static thats on now anyway
<xranby> KXTwo: please post a link to the guide you followed
<twb> xranby: he has a small local lan.  He wants local machines to be able to resolve one another via DNS, to avoid having to edit /etc/hosts on each machine and keep them in sync.  He doesn't need to host his local domain such that the world can see it.  He has an ubuntu server and some kind of appliance router which runs default firmware.
<twb> xranby: ^^ that's the basic dump of what we've learned so far.
<KXTwo> http://ubuntuforums.org/showthread.php?t=236093
<twb> "Install Ubuntu dapper" -- that guide is very old
<twb> If you're going to follow "some web page I found", make sure it's up-to-date!
<KXTwo> its for bind, should work in theory lol
<twb> Only because bind is so stale
<twb> If you were askng about zone "0.168.192.in-addr.arpa" before, that's how PTR records (reverse resoluton) works.
<KXTwo> ill play with this more tomorrow and hopefully get it going out
<KXTwo> it doesnt tell me where to add hosts
<twb> "getent hosts 1.2.3.4" corresponds to "dig -t PTR 4.3.2.1.in-addr.arpa"
<KXTwo> or do the dhcp
<KXTwo> twb ho the fuck do you remember so much
<KXTwo> even commands l ol
<twb> no girlfriend
<twb> And https://en.wikipedia.org/wiki/Asperger_syndrome
<KXTwo> I still have to look up commands that ive used a dozen times lol
<_ruben> a working brain helps...
<twb> hah
<xranby> twb: thank you, for the summary.
<KXTwo> I have one of those, a strong one in fact :)
<twb> KXTwo: what does she bench
<KXTwo> I was referring to a working brain lol
<xranby> KXTwo: i think you "simply" need to edit the /etc/bind/zones/example.com.db and /etc/bind/zones/rev.0.168.192.in-addr.arpa   to add hosts and reverse records
<KXTwo> my girlfriend is a petit little thing I don't think she could bench the bar lol
<_ruben> then you should be able to remember things as well
<KXTwo> she does mostlyc ardio lol
<KXTwo> xranby: that was my guess as well
<twb> _ruben: I think normals waste their memory on unimportant things like their address, phone number, which sock is the left sock
<KXTwo> speaking of my massively intelligent brain, I need to rest it lol
<xranby> KXTwo: for you lan setup start with creating two files /etc/bind/zones/fashizzle.lan.db    and /etc/bind/zones/rev.1.168.192.in-addr.arpa
<KXTwo> I did that xranby
<twb> The names of the files aren't important; as long as they're referred to by named.conf
<KXTwo> I appreciate the added info but im about to crash so im not gaining anything right now, hopefully ill catch you guys tomorrow
<xranby> KXTwo: ok good night
<Kriz1> hi guys, im trying to find a good startup script for vnc4server but im really struggling, is anyone able to link me?
<acapemont> quick question: my site works when you go to https://site.site.com but not http://site.site.com (loads HTML without a stylesheet)
<RoyK> acapemont: probably something fishy in the html, a wrong path somewhere?
<twb> Kriz1: what are you trying to achieve?
<twb> Kriz1: generally servers should be configured by CLI, and individual apps can be tunnelled directly with ssh -X
<Kriz1> twb, i just want vnc4server to start up at boot
<lynxman> morning o/
<acapemont> it's live.leapmotion.com
<twb> Kriz1: serving a virtual head, or the same as what's shown on the local (say) vt7?
<Kriz1> twb, yeah a virtual display
<twb> The latter is... nontrivial, especially if a GUI login is used.
<twb> Kriz1: well that should be a simple matter of writing an upstart job
<Kriz1> where would i write that?
<twb> start on runlevel [2345] ; stop on runlevel [^2345] ; exec vnc4server -blah -blah
<twb> Kriz1: in /etc/init/<service name>.conf
<twb> There is a manpage about the file format; init(5) I think
<Kriz1> so are all files in /etc/init ran at boot?
<twb> No
<Tm_T> twb: I would kindly ask you to not bring AS into discussion where it doesn't belong
<Tm_T> (or no-girlfriends)
<twb> Tm_T: he asked how I remember stuff
<twb> Kriz1: upstart is "event based" so jobs in there are initated when the relevant events are emitted
<Tm_T> twb: ah, misread, my bad
<twb> Kriz1: in practice, most stuff in there *will* start at boot, but the details are a little more complex
<twb> Tm_T: no problem
 * Tm_T read it that it was general guestion, not directed to one person
<tdn> How do I backup from Ubuntu Server to a Windows server? What is the easiest to get up and running? I was thinking about cygwin+openssh+rsync, but is there something better or easier?
<twb> tdn: you can't
<tdn> I can't?
<twb> Not losslessly, anyway
<tdn> Please elaborate.
<twb> e.g. hard links would not be preserved except on recent versions of Windows, xattrs and acls probably cannot be preserved at all
<twb> I suppose you could roll it up into e.g. squashfs loopback filesystem, and then push that onto the Windows host...
<_ruben> gzip + ftp ;)
<twb> cygwin also, at least historically, has some very bad race conditions that are triggered when rsyncing files to/from it over SSH.  This condition isn't triggered when running rsync without SSH.
<tdn> twb, this is a recent version of windows (2008 server R2)
<twb> I think hard link support was added in nt 6.1, possibly 6.0
<tdn> Anyway, I do not use xattrs, acls, nor do I use hardlinks in what I want to backup (svn repos)
<twb> Ah, well if it's svn the best way to back it up is git-svn ;-)
<tdn> Also, I do not require it to be rsync. I was actually hoping for a more "boxed" solution. Like the dejadup that is default on Ubuntu Desktop?
<twb> I wouldn't trust Windows with backups, though
<twb> Best would be to flash that server with ubuntu
<twb> Hell it doesn't even have inodes
<Mischinka> How do i get 7z in precise using command line?
<e_t_> Mischinka: sudo apt-get install p7zip p7zip-full
<alex88> hello guys, i've a strange issue, i can see packets with tcpdump but they're not passing mangle table, pre routing chain in iptables.. any idea?
<Mischinka> e_t_ what is the full command for?
<e_t_> Mischinka: Are you wanting to comress something with 7z?
<Mischinka> Yes.
<Mischinka> i did this: apt-get install p7zip withouth the p7zip full, and it seems to be working.
<e_t_> 7z a name_of_archive.7z files_to_add
<Mischinka> Another question, How do I add my ape server to automatically start with nginx? and setup so i can have service aped restart commands?
<Mischinka> How do i add a script to the service commands? and start with server?
<rbasak> Mischinka: you could have upstart start your app service after nginx starts. See http://upstart.ubuntu.com/cookbook/
<hallyn> jdstrand: just to make sure, re bug 1001895, is there a good reason not to have lines like the /var/lib/libvirt/...monitor files in apparmor policy template-able instead of hard-coded in virt-aa-helper?
<uvirtbot> Launchpad bug 1001895 in libvirt "apparmor policy for libvirt can't cope with symlinked /var/lib/libvirt" [Low,Confirmed] https://launchpad.net/bugs/1001895
<jdstrand> hallyn: the thing is the the user is playing a trick on libvirt-- libvirt still believes they are in /var/lib/libvirt and is just moving things around and using symlinks. symlinks are resolved by apparmor for security reasons which is why the guest gets the denial
<jdstrand> hallyn: there isn't much that can be done. /var/lib/libvirt is a compile-time choice
<jdstrand> hallyn: to fix this in the manner that I think you are suggesting, you would need to update the xml to make this configurable, and the security drivers access this configuration option and the security drivers to update the policy
<hallyn> jdstrand: good point.  Should I suggest he build his own pkg?
<jdstrand> hallyn: that would be the easiest thing todo. it would take no insignificant effort to write said patch
<hallyn> I wasn't suggesting we do it  :)  if he wanted it i figured he would have to submit the patch
<jdstrand> actually, all that would need to be added to the xml is the 'monitor' bits and the security drivers updated to look at it
<hallyn> Ok thanks.
<hallyn> (will comment and move to wishlist)
<brainysmurf> Here in Precise http://cdimage.ubuntu.com/releases/precise/release/ "This image is adjusted to work properly on Mac systems." is that image what I probably want to put Precise on an xserve?
<Mischinka> I did a restart and got a guru meditation wtf?
<ikonia> sorry what ?
<brainysmurf> guru mediation?
<mikeeeeey> Hi, I have forgotten my root password and I've tried adding "rw init=/bin/bash" and "rw init=/bin/sh" to the kernel startup lines but they all lock up after displaying a error message. What can I do to fix this? More info @ http://ubuntuforums.org/showthread.php?t=1983781
<ikonia> mikeeeeey: there shouldn't be a root password
<lunaphyte_> hi.  i'm upgrading to 12.04 with do-release-upgrade, and i see at one point during the process "Updating repository information WARNING: Failed to read mirror file".  how can i further troubleshoot what this is actually talking about?
<lunaphyte_> my google searching has revealed a number of similar discussions, but all from some time ago and none that seems to offer a clear resolution.
<ikonia> lunaphyte_: check the mirror
<ikonia> lunaphyte_: check the availability of the files it wants
<lunaphyte_> ikonia: in sources.list, there are two hostnames referenced: us.archive.ubuntu.com and security.ubuntu.com.  how can i determine which mirror it's complaining about, and which files?
<lunaphyte_> it seems to retrieve a number of items from both during the process
<lunaphyte_> i'll pastebin
<ikonia> lunaphyte_: it's us
<ikonia> lunaphyte_: security is for updates
<lunaphyte_> http://dpaste.com/750770/
<lunaphyte_> see line 92
<lunaphyte_> it seems to, at least in some capacity, be able to talk to us.archive.ubuntu.com just fine.
<ikonia> lunaphyte_: odd, it complains and then carries on
<lunaphyte_> yeah.
<ikonia> for me - I wouldn't continue,
<lunaphyte_> it seems like it might work ok, but i would like to understand it before continuing.
<lunaphyte_> right
<patdk-wk> the upgrades for me worked fine, except grub fails
<lunaphyte_> i've had all kinds of issues with grub and updates over the years.  :(
<patdk-wk> I never had any, till now
<lunaphyte_> that's become almost expected at this point, for me anyway
<mikeeeeey> ikonia: i know there shouldn't be one either, but I lost all the passwords for my sudo accounts, therefore I need root to reset them
<Caribou> Question : since ubuntu-vm-builder is near EOL, and I was told here the debian live-build was the new way to go, is there some other documentation than the debian one to achieve the same as with vm-builder ?
<Caribou> The Ubuntu server guide still mentions vm-builder as the way to create VMs
<ikonia> mikeeeeey: just boot into single suer mode
<ikonia> mikeeeeey: you've lost all the passwords for all your sudo accounts
<mikeeeeey> ikonia: that was what i was going to do, but i get asked for the root password, but root is locked with "passwd -l" so it doesn't have one.
<ikonia> mikeeeeey: it shouldn't ask for the root password unless you have set it
<ikonia> if you've not set it, it shouldn't ask, did you set the root password ?
<mikeeeeey> ikonia: the hoster set the password, i created a user for myself and gave it sudo, i then locked root
<ikonia> mikeeeeey: is it a proper ubuntu install, or a a virtual/xen/style thing
<mikeeeeey> ikonia: it is a proper install, the machine is a Dell R210II
<ikonia> you're going to have to boot from a CD and remove the password field from the shadow file
<ogra_> you should always be able to edit your kernel cmdline and just add init=/bin/sh, then mount your rtoofs and chroot into it to reset the passwords
<mikeeeeey> ogra_: this is what i have been trying to do, but it errors upon me all the time
<ikonia> ogra_: unless it's one of the virtualized / bastardised installs, which is why I was querying it
<mikeeeeey> like, it does boot
<ogra_> iirc there were issues with sulogin (single user mode) and locked rootpw
<mikeeeeey> it does drop me to the "shell" but i can't do anything
<mikeeeeey> its like its locked
<mikeeeeey> doesn't register anything
<mikeeeeey> keybaord doesn't even work
<ogra_> you should be able to mount your rootfs
<ogra_> oh, no keyboard is special
<mikeeeeey> ogra_: cannot set terminal process group (-1) inappropriate ioctl for device ubuntu
<ogra_> you can try something else:
<mikeeeeey> this is the one i get with /bin/bash
<ogra_> add break=bottom intstead of init=/bin/sh
<ogra_> see if that helps it should stop the boot in the initrd right before it would switch to the rootfs
<ogra_> so everything should be mounted etc
<mikeeeeey> okay
<mikeeeeey> so replace rw init=/bin/bash with that?
<mikeeeeey> should i replace anything else in the loader too?
<mikeeeeey> uh, remove anything else*
<mikeeeeey> or should i just add it at the end of the linux* line
<ogra_> well, use your default cmdline and just add break=bottom
<mikeeeeey> no recovery mode?
<ogra_> nope
<mikeeeeey> alright, thanks! going to try it
<ogra_> break=bottom will drop you into the initramfs shell
<ikonia> I'll be interested in how this works
<ogra_> with mounted rootfs under /root
<mikeeeeey> ok, so then i just edit the /etc/shadow file?
<mikeeeeey> or, /root/etc/shadow
<ogra_> just use the passwd command
<mikeeeeey> alright, thanks
<ogra_> dont edit passwd or shadow directly, the tools usually have checks you dont want to miss
<mikeeeeey> ok
<bioman> Hi
<bioman> Got a problem with DRBL and Ubuntu Server 12.04
<patdk-wk> drbl?
<bioman> /opt/drbl/sbin/drbl-ocs does not exist :(
<ikonia> bioman: that is not an ubuntu package
<ikonia> or it wouldn't be in /opt
<ikonia> the error is pretty clear "file does not exist"
<patdk-wk> and there is no drbl package at all
<bioman> ikonia: using the same package as I used to with 10.10, and I had no problem. I know it's not an ubuntu package
<ikonia> ok, so what's the issue ?
<ikonia> you're using a package that worked on 10.10 - you're not using 10.10 any more
<ikonia> the error is "no such file/directory" - there you go, that's the issue
<bioman> ikonia: /opt/drbl/sbin/drbl-ocs does not exist
<ikonia> correct, there is your problem
<bioman> ikonia: so how to fix this ?
<patdk-wk> ask the drbl people?
<ikonia> bioman: contact the person who made the package and ask them to include the fix in the installer
<patdk-wk> ask the people that made that package?
<bioman> patdk-wk: dunno is there are people...
<ikonia> bioman: where did you get the package ?
<patdk-wk> then, your going have to figure it out yourself
<_ruben> then ask the creatures who created it :)
<bioman> I have to say that there was a missing dependency with 12.04. To boot via PXE, I had to install manually tftpd-hpa...
<ikonia> bioman: where did you get the package ?
<bioman> ikonia: ubuntu's repository I think
<ikonia> drbl from ubuntu's repo /
<ikonia> ?
<ikonia> you just said it wasn't an ubuntu package
<bioman> drbl is not an ubuntu package, dunno for tftpd-hpa. Is there a way to know it ?
<ikonia> where did converation about tftpd-hpa. come from ?
<ikonia> I thought we where talking about drbl
<ikonia> I'm asking where you got the drbl package from
<Daviey> bioman: tftpd-hpa provides a tftp *SERVER*, how/why would that be missing from what?
<ogra_> apt-cache madison <packagename>
<bioman> Daviey: is it an Ubuntu package ?
<ogra_> that tells you wherev a package comes from
<ogra_> -v
<ikonia> Daviey: sorry, am I missing something where is tftp coming into the equasion, the initial question was about drbl ?
<bioman> ikonia: tftpd-hpa should have been installed as a drbl dependency I guess
<Daviey> ikonia: I *think* an unofficial package is missing the depends on tftpd-hpa.. which is not something we can resolve.
<ogra_> bioman, so talk to the creators of the drbl package and make them fix that bug :)
<ikonia> bioman: drbl shouldn't depend on a TFTP server
<ikonia> Daviey: totally, I just couldn't see how we'd got from a missing file in a DRBL package to a TFTP server
<ogra_> iirc DRBL is a hackish veariant of LTSP
<ikonia> ogra_: ahhh, thank you
<ogra_> so you will likely need a tftp server to do PXE booting of the thin clients
<ikonia> there is the missing link
<ikonia> yup, I see where you are going
<ikonia> thank you
<bioman> ok, gonna try to find. Maybe #drbl exists...
<ogra_> nontheless this is the wrong forum for that bug :)
<ikonia> bioman: find the people who made the package
<ikonia> not drbl - the project, but the people who made the package you are using
<ikonia> bioman: I'll ask one more time "where did you get the package"
<ranfuu> hey yooooooooooooooool
<bioman> ikonia: I've added in /etc/apt/source.list : deb http://drbl.sourceforge.net/drbl-core drbl stable
<ranfuu> nice
<ikonia> bioman: ok, so the team who maintain that package on sourceforge are who you need to talk to
<ikonia> bioman: you'll need a log a bug to them - not talk to them on IRC
<ikonia> bioman: please keep in mind that you told me this package was "the same one" you used on 10.10 - and you are not using 10.10 any more
<bioman> ikonia: ok thank you. I'm really annoyed, I have 7 days to make it work :(
<ikonia> bioman: perhaps a little better planning and research would be well placed in future/going forward ?
<bioman> ikonia: when I search with drbl-ocs package not found I find nothing
<bioman> file*
<ikonia> apologies, I don't know what you mean
<bioman> ikonia: that's normal, I'm french ^^
<ikonia> you're English is good, I'm just not fully understanding
<ikonia> your
<bioman> I mean, I've searched in Google yet, without success
<ogra_> http://sourceforge.net/projects/drbl/
<ogra_> click on "tracker" file a bug
<ikonia> bioman: I wouldn't expect this to be fixed and released in 7 days though
<ogra_> use LTSP, it is fully supported in ubuntu ;)
<bioman> ikonia: that's what I'm afraid of...
<urthmover> Where is "sudo command" logged in 12.04?  I'm not finding /var/log/secure
<bioman> ogra_: have a look, the latest bug is 2010
<bioman> ogra_: thank you but I MUST use DRBL :(
<ogra_> bioman, i really dont care what their latest bug is, thats the place to file your bugs if you have probs with their packages
<ogra_> if you want to use something that is supported and gets regular bugfixes, use LTSp
<henkjan> urthmover: /var/log/auth.log
<urthmover> henkjan: ok thanks   checking now
<kriel> Okay, I'm trying to host the data from a wordpress installation on a remote Windows2003 server. I tried mounting /usr/share/wordpress and /var/lib/mysql as cifs mounts to network shares, but that's no good. No symbolic links, not to mention mysqld doesn't like the redirect. for mysql, I can redirect just the database folder, but not sure what to do about wordpress.
<kriel> can i create a virtual 'disk' and store it in a file on the cifs share?
<urthmover> henkjan: I'm seeing the auth attempt for root level privliges....but not seeing the bash command itself....in /var/log/auth.log   is there somewhere else the "sudo command" will show up similar to a .bash_history ?
<henkjan> USER=root ; COMMAND=/bin/ls
<henkjan> is what i get in my logs
<urthmover> henkjan: looking again
<bioman> ok. I thank you all for your help/advices :)
<urthmover> henkjan: all my logs appear to have stopped on the May 3rd.   I'll check my other test system and see how this works   thanks henkjan
<KristianDK> Did anyone successfully use LXC in 12.04? I just installed the packages, but the containers I spawn does not have a network connection. They do have an eth0 card, but it has no ipv4, and it seems that the ipv6 does not have routes to anyone. I'm using the default lxc.conf
<Guest83754> Are there any graphical web authoring packages recommended specifically for the lighttpd web server package?
<esuave> how can i totally remove all php from a server?
<autif> What is the right place to ask about Install CD customization? https://help.ubuntu.com/community/InstallCDCustomization is based on hardy and i386 - I need to customize a CD for amd64 - have some questions.
<hallyn> stgraber: how's your queue of patches for quantal and precise for lxc now?  Trivial fix needed for bug 1000174 ...
<uvirtbot> Launchpad bug 1000174 in lxc "lxc-net fails to start with bash" [Medium,Triaged] https://launchpad.net/bugs/1000174
<tash> does Ubuntu have some kind of magic ability to detect when a file system change is made on 1 machine, and will replicate to another?
<tash> much like mysql replication
<tash> I could write a cron that does an rsync at a specific interval, bt would prefer more magic :)
<e_t_> tash: Look at DRBD
<urthmover> e_t_: cool stuff
<esuave> how can i totally remove package installs? so i can build from source instead?
<esuave> any easy way?
<Daviey> !purge
<ubottu> To purge all removed but not yet purged packages, use the following command: dpkg -l | awk '/^rc/{print $2}' |  sudo xargs dpkg -P
<Daviey> that is crap.
<Daviey> sudo apt-get remove --purge foobar
<ogra_> just sudo apt-get purge <package>
<ogra_> no need for the "remove" anymore
<Daviey> ogra_: you and your new fangled shortcuts.
<ogra_> haha
<esuave> hm.. ok i did that and apache is still there
<esuave> lol
<ogra_> well, new since lucid :)
<Daviey> ogra_: I find it easier to use dselect.
<ogra_> lol
<patdk-wk> rm :)
 * ogra_ never thought Daviey was *that* old :)
<Daviey> dselect isn't that old!
<ogra_> 10-12 years ?
<bioman> back here :)
<bioman> Sorry for the bothering (DRBL and 12.04 server). The fact is -I've checked- there's no package of DRBL for 12.04 yet
<bioman> Gonna use 10.10 server and try to update to 3.2.16 kernel
<Jeeves_> What's DRBL?
<Jeeves_> Ah
<Jeeves_> Kinda like LTSP
<bioman> Jeeves_: http://drbl.sourceforge.net/
<bioman> The fact is that whe have a 10.10 server DRBL, but whe're having problems with new hardware which is not recognized...
<bioman> I found some tuto to update to 3.2.x
<bioman> Hope it'll work...
<Jeeves_> Why wouldn't it?
<bioman> Jeeves_: because 10.10 is made to run 2.6.3x
<Jeeves_> It's made to run on the linux kernel
<Jeeves_> :)
<bioman> Jeeves_: :)
<bioman> which is the latest version of module-init-tools on 10.10 server please ?
<bioman> what*
<bioman> in 10 minutes I install 10.10 server on a VM :) suspense ^^
<SpamapS> bioman: 10.10 ?! why would you have based a server on 10.10?
<SpamapS> bioman: I'd recommend an immediate upgrade to 11.04
<SpamapS> bioman: and then consider going all the way to 12.04
<bioman> SpamapS: sorry, typo, it's 10.10... Cannot use 12.04 as there is no DRBL package yet
<bioman> SpamapS: holly s*hit 11.10
<SpamapS> bioman: whats the advantage of DRBL over LTSP?
<bioman> SpamapS: dunno. I MUST install DRBL
<bioman> SpamapS: source : my boss
<SpamapS> bioman: looks like drbl is in Debian now..
<SpamapS> bioman: you could just build the Debian package for 12.04
<bioman> SpamapS: dunno how to. I'm an Archlinux user ;)
<SpamapS> bioman: actually its already even in quantal ..
<SpamapS> bioman: so why are you doing this with Ubuntu?
<bioman> SpamapS: my boss...
<bioman> SpamapS: do you know how to build this package for 12.04 please ?
<SpamapS> bioman: apt-get install ubuntu-dev-tools && backportpackage drbl
<SpamapS> bioman: that *should* get it done
<bioman> SpamapS: there's nothing else to do ?
<SpamapS> bioman: backportpackage --build drbl .. I forgot that it doesn't build by default
<SpamapS> bioman: pretty much thats it. You'll probably have to install some build dependencies
<bioman> SpamapS: will I be told which dependencies I'll have to install ?
<SpamapS> bioman: no it will pose you a riddle, which you must solve in 20 minutes or the build dependencies change and it starts all over again
<SpamapS> bioman: sorry that was very snarky ;)
<SpamapS> bioman: yes it will show them to you :)
<bioman> SpamapS: ^^ You said the drbl is yet in Debian. This command "backportpackage --build drbl" will download the .deb drbl package by itself ?
<bioman> Or should I add something in source.list ?
<SpamapS> bioman: it will download the source
<SpamapS> bioman: and build it
<ikonia> bioman: why are you asking us about this package
<ikonia> bioman: it's hosted on sourceforge
<SpamapS> ikonia: its in Ubuntu now too
<SpamapS> as of quantal
<ikonia> SpamapS: then why is bioman saying it's not and downloaded from sourceforge ?
<bioman> SpamapS: ok, thank you. I try...
<SpamapS> ikonia: because he's an arch user and he needs our help to find stuff in Ubuntu. :)
<ikonia> !info drbl
<ubottu> Package drbl does not exist in precise
<ikonia> what's the package name ?
<bioman> ikonia: hello ;) I added a repo in sources.list but the latest version that sourceforge gives is only for 11.10
<ikonia> bioman: yes, we discussed that
<SpamapS> ikonia: its in quantal
<bioman> ikonia: and what do you think about SpamapS's fix ?
<SpamapS> ikonia: hence the suggestion to use backportpackage
<bioman> SpamapS: what is quantal please ?
<ikonia> SpamapS: ooh quantal
<ikonia> sorry, I was reading 12.04 in my head
<ikonia> bioman: the next release of ubuntu
<SpamapS> !info quantal
<ubottu> Package quantal does not exist in precise
<ikonia> !info drbl quantal
<ubottu> drbl (source: drbl): diskless remote boot, and a disk cloning utility. In component universe, is extra. Version 1.10.31-2 (quantal), package size 2022 kB, installed size 6886 kB
<SpamapS> cool
 * SpamapS never knows how to use th ebots :-P
<ikonia> ok, so version 1.10 is in quantel
<bioman> SpamapS: so it will build a .deb that I'll install with dpkg -i ?
<stgraber> hallyn: I uploaded all my changes to quantal, will look at SRUing some of them once the package currently in -proposed is accepted in -updates
<hallyn> stgraber: ok, i pushed the fix to quantal, let me know when you're queuin up the next sru candidate, or just pull in the trivial fix yourself.  thanks
<stgraber> hallyn: I'll go through all our quantal changes to get the list of stuff to SRU so it should get on my list
<hallyn> cool.  thanks
<bioman> SpamapS: backportpackage --build drbl says error: Please specify either a working dir or an upload target!
<bioman> SpamapS: please help me... You've told too much or nothing ;)
<mr-rich> How do I set up Ubuntu Server with a static IP (class B)?
<smoser> mr-rich, man interfaces
<SpamapS> bioman: sorry I had to go do something else for a bit. ;)
<SpamapS> bioman: did you try reading the man page? ;)
<bioman> SpamapS: np
<bioman> SpamapS: not yet...
<SpamapS> bioman: hm, I'd have expected more from an Arch user. :) Anyway, create a dir somewhere and pass --workdir=/that/dir
<patdk-wk> people still use ip classes?
<SpamapS> patdk-wk: only to prove that they don't understand CIDR :)
<patdk-wk> or they had too many cisco classes
<bioman> SpamapS: I was just trying to find how-to specify a workdir ;)
<SpamapS> I so wish we could peek 5 years into the future *JUST* at the internet for 5 seconds to see how much IPv6 is not being used
<patdk-wk> maybe it will be up to 5% by then
<bioman> SpamapS: error : debsign: gpg error occured! Aborting... debuild: fatal error at line 1271: running debsign failed backportpackage: Error: debuild returned 29.
<bioman> SpamapS: gpg: /tÃ¹/debsign.7ZmHk2X1/drbl_1.10.31-2~precise.dsc: clearsign failed: secret key not available
<wolferz> I have lighttpd running on my server and created a generic page to test. My keywords are not being published in Google ie I cannot search for the website. What do I need to do? webpage is http://wolferz.sleepingwolf.net
<patdk-wk> ask google? we are not google
<patdk-wk> and you do know google has stopped using keywords recently
<patdk-wk> and is depending on content, that you lack
<wolferz> patdk-wk: I did not know that... Is there no way to make the site visible to search?
<patdk-wk> dunno, I'm not google, and I have no interest in increasing my search ratings
<patdk-wk> http://googlewebmastercentral.blogspot.com/2009/09/google-does-not-use-keywords-meta-tag.html
<patdk-wk> from years ago
<patdk-wk> wonder what that keyword thing was from a few weeks ago
<bioman> SpamapS: Googled without luck :'(
<wolferz> patdk-wk: thank you for the link
<SpamapS> bioman: you just need a gpg key
<SpamapS> bioman: though you should be able to skip that somehow
<bioman> SpamapS: that's what I understood (I'm french ^^). How do I please ?
<SpamapS> bioman: gpg --gen-key
 * SpamapS can't see how to tell backportpackage to pass options to not sign the package.. which is annoying :-P
<bioman> SpamapS: it fails
<bioman> "it needs 284 bytes more"
<SpamapS> bioman: are you on a VM?
<bioman> SpamapS: yep
<SpamapS> bioman: sudo apt-get install haveged
<SpamapS> bioman: will generate entropy for you
<hattorihanzo> hey
<hattorihanzo> i have a custom c http server, sitting behind a few things (nginx, other proxyies...etc)
<hattorihanzo> but sometimes it segs, or hangs
<hattorihanzo> what tool should i use to monitor this, and restart it if need be?
<bioman> SpamapS: key generated, but dunno where it is stored...
<bioman> SpamapS: same error: debsign: gpg error occured! Aborting...
<SpamapS> bioman: argh
<koolhead17> hello all
<SpamapS> bioman: wait, did you end up with a .dsc file in your work dir?
<bioman> SpamapS: no
<SpamapS> bioman: really? I did when I failed to sign
<koolhead17> jamespage, i was trying hard to trouble you for java6 dep needed by hadoop in ubuntu
<SpamapS> oh wait no I did sign
<koolhead17> i finally got it up and working :
<koolhead17> :)
<koolhead17> hello SpamapS
<SpamapS>     check_call(['debuild', '--no-lintian', '-S', '-nc', '-sa'], cwd=srcdir)
<SpamapS> No way to change that. *hrm*
<bioman> SpamapS: have to leave for 20 minutes. Will you be there ?
<SpamapS> bioman: ok so use this instead...  'pull-lp-source drbl quantal && dpkg-source -x drbl_1.10.31-2.dsc && cd drbl-1.10.31 && debuild binary'
<SpamapS> bioman: I'll be in and out
<bioman> SpamapS: hope you'll be there :)
<negone> I am having a problem with my server i tried to install ubuntu 12.04 on it and now every time i boot i have 1 drive failure and another degraded
<negone> i have switched out the drives i get the same i have changed out the perc controllers and the raid controllers same thing
<neuralstate> I have a couple questions regarding Dovecot/Postfix installation and implemination in a virtual host environment. I have a VPS running Ubuntu Server 11.10 64bit
<neuralstate> Was wondering if anyone can offer their assistance
<bioman> Please how to know the version of a package ?
<bioman> I have an issue. I've installed on a VM Ubuntu Server 10.10. I've installed kernel 3.3.6. From grub, the default does not boot (black screen). If I choose troubleshooting mode, it starts. If I then choose "resume" it runs fine. What's going on please ?
<RoyK> why are you using 10.10?
<RoyK> iirc it's not even supported anymore
<RoyK> 10.10 support ended 2012-04-10
<RoyK> 10.04 server support ends 2015-04
<RoyK> don't use non-LTS versions unless you know what you're doing ;)
<bioman> RoyK: sorry, typo, it's 11.10
<bioman> RoyK: after -update and -upgrade, I had kernel 3.0.0
<bioman> RoyK: I thought I could install 3.3.6
<RoyK> oh - custom compiled kernel?
<RoyK> why did you do that? anything that doesn't work with the default kernel?
<bioman> RoyK: no, download from here : http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.3.6-precise/
<RoyK> ok, still, why?
<bioman> RoyK: it's for a DRBL. I need the "latest" kernel because of hardware detection
<RoyK> ok
<bioman> RoyK: what's the difference between generic and generic-pae please ?
<RoyK> bioman: pae is "physical address expansion", to be able to address >3GB on 32bit machines
<bioman> RoyK: ok, thanks. I've choosen generic. But why do I have a black screen when I launch default ?
<RoyK> bioman: are you running 32bit?
<RoyK> bioman: no idea, might be a bug
<RoyK> bioman: is this fixed in precise?
<RoyK> if so, an upgrade might be easier to get support for than some special kernel
<RoyK> (also, if running 32bit, why?)
<hallyn> zul: jdstrand: the pc-0.12 machine type is become quite a headache in precise.  I wonder what we can do to help people.  Do we just announce that people should update?  Do we provide a script?  do we automatically use pc-1.0 even though people say 0.12?
<hallyn> (the latter is likely bad...)
<RoyK> what's pc-0.12?
<hallyn> older machine type...
<hallyn> (in libvirt)
<RoyK> k
<jdstrand> hallyn: I wonder if we just declare 0.12 as bad and then maybe downgrade them to 0.11?
<hallyn> is 0.11 better?
<jdstrand> well, I don't know-- I assume it is closer than 12
<jdstrand> err
<jdstrand> closer to 0.12 than 1.0
<jdstrand> we could output a warning message
<jdstrand> (or log it)
<jdstrand> and then a script to migrate
<hallyn> thing is oneiric is supposed to default to 0.14, but i never see that anywhere...  of course that may just be bc it works for them so there's no bugs :)
<jdstrand> eg:
<hallyn> hm - where would we output the mssage?
<hallyn> (sorry, will wait for your example :)
<bioman> RoyK: 32bits because the laptop have 2Go of RAM
<RoyK> bioman: ic
<jdstrand> "XML machine type is spcified as 0.12, but this is a known bad machine type. Using 0.14 instead."
<RoyK> bioman: but I think upgrading to precise would be better if the kernel there supports what you need (currently at 3.2.0-24-generic-pae or so)
<jdstrand> hallyn: I was thinking libvirt on stderr
<bioman> RoyK: ok thanks :)
<jdstrand> hallyn: it could be logged as well, but logging is pretty quiet by default
<jdstrand> s/as well/instead/
<hallyn> jdstrand: well we could make this the log-no-matter-what loglevel :)
<jdstrand> true. this is only for precise?
<hallyn> that's wher ei've been seein gthe bugs, yes.
<hallyn> that's not to say the same bugs don't exist on oneiric
<jdstrand> what is weird is that 0.12 worked on earlier releases
<hallyn> right it probably is only precise
<hallyn> and the latest bug, problem is, was reported on migration from oneiric->precise
<jdstrand> that is where I hit stuff
<hallyn> so our message would show up on the precise server, but it needs to be updated on the oneiric server
<jdstrand> I had vms created at some point that default to 0.12, then upgraded libvrt to precise and they don't work well
<hallyn> (must have been created during natty?)
<jdstrand> possibly
<hallyn> of course it's possible that there's another option - fixing the 0.12 bugs in precise :)  but i'm not optimistic on that
<hallyn> (there appear to be many)
<jdstrand> I just wonder why there are so many 0.12 bugs on precise
<hallyn> do you know what would be a reason why someone woul dprefer 0.12 to 0.14 (on oneiric) or 1.0 (on precise)?
<hallyn> i.e. is there any downside to automatically updating, with a log msg?
<jdstrand> automatically upgrading/downgrading probably would break stuff-- if someone really wanted 0.12, they couldn't get it
<jdstrand> hallyn: no idea
<jdstrand> hallyn: might be better to suggest 0.14 or 1.0 and havea  tool to help
<jdstrand> hallyn: another option is not to patch libvirt at all, but to provide the tool and in postinst unconditionally upgrade to 0.14
<jdstrand> hallyn: but only when upgrading from below a particular version
<jdstrand> that will allow new machines to use 0.12 if the user really knows what he/she is doing. and it could arguably be justified as just part of upgradign to precise
<RoyK> where are these pc-0.xx things documented?
<hallyn> i don't know, if it's not safe to do it unconditionally at domain start time, then it's not safe to do it unconditionally at upgrade
<hallyn> and that doesn' thelp if they have some script that downloads existing xml templates with 'pc=0.12' in them (as i actually have)
<hallyn> they'll just be creating new problem vms after the upgrade
<hallyn> I think I'm fine with a patch to libvirt to spit out a warning any time  a vm with pc=0.12 gets started or defined.  but is there then another way we can publicize this, sort of like post-release release notes?
<jdstrand> there is the NEWS file, but that seems heavy handed. you could also update the release notes so post release upgraders see it
<jdstrand> actually, there is a way to mark those. you might ask skaet (idr off-hand). it might just be the SRU process makes it show up
<hallyn> in that case, what exactly are the release notes?  :)
<hallyn> ok
<hallyn> 'virsh capabilities' doesn't give any hint of differences between pc-0.12 and pc-0.??
<hallyn> all right i'll comment the bug for now and think about it for a half day
<hallyn> thanks jdstrand
<hallyn> (and then talk to skaet :)
<jdstrand> sure thing. it is not an easy problem
<hallyn> jdstrand: actually...  if we wanted to offer a script for users to automatically update their VMs, where should that live?  Or should we just offer it online and advertise users can download it if they want it?  (I don't want to pollute /usr/bin with that...)
<hallyn> oh, i guess under /usr/share/doc/libvirt-bin
<jdstrand> hallyn: we have precedent for this. see /usr/sbin/libvirt-migrate-qemu-disks
<jdstrand> hallyn: in that case, we were actually upgrading during postinst-- but that was because a security update would have otherwise broken everyone's vms
<jdstrand> well, not everyone's, but quite a few :)
<hallyn> yeah, this is not quite so crucial.  i really don't want to pollute sbin with that
<bioman> RoyK: please how can I remove 3.3.6 packages ? I've installed 3.2.0 but grub displays and load 3.3.6
<hallyn> do you think /usr/share/doc/libvirt-bin would be ok?
<bioman> RoyK: I've tried dpkg -r with no luck
<jdstrand> hallyn: it would, but I think the warning message that is output should be clear on where and how to use it. the advantage of putting it in /usr/sbin or similar is you can do a man page, etc
<jdstrand> I mean you could do a manpage that talks about using a script in /usr/share/doc too...
<hallyn> jdstrand: ok, thanks.  I'll let that process for a half day
<RoyK> bioman: hm.. should work. they're just packages, right?
<bioman> RoyK: yes, they are .deb
<hallyn> zul: your libvirt package builds fine for me on precise.  But I get test failures, all apparently from "memory unit='KiB'>219136</memory"
<hallyn> hm.  i misread the error :)
<hallyn> I guess the testscripts need to be updated.  sorry :)
<RoyK> dpkg --reemove --purge
<RoyK> s/ree/re/
<RoyK> bioman: try that
<bioman> RoyK: conflict --remove --purge
<RoyK> just --purge it, then
<RoyK> I was thinking apt-get remove --purge
<bioman> dpkg --purge linux-headers : no installed package matching linux-headers
<RoyK> bioman: that's a metapackage
<RoyK> bioman: dpkg -l | grep 3.3.6
<bioman> RoyK: thanks :)
<kirkland> smoser: ping
<smoser> kirkland, here.
<kirkland> smoser: I'm having trouble running ntpdate from within aws
<kirkland> smoser: have you seen anything like this?
<kirkland> smoser: this is 12.04;  I *know* I've used ntpdate before
<kirkland> smoser: having trouble triaging this, though I'd ask if anyone else is having trouble
<smoser> kirkland, i just ran:
<smoser> $ sudo ntpdate ntp.ubuntu.com
<smoser> 21 May 19:53:46 ntpdate[4352]: adjust time server 91.189.94.4 offset -0.101924 sec
<kirkland> smoser: hmm
<smoser> (in ec2)
<kirkland> smoser: all ports open?
<smoser> http://paste.ubuntu.com/999650/
<kirkland> smoser: PERMISSION	950047163771	default	ALLOWS	udp	0	65535	GRPNAME	default
<kirkland> smoser: looks like that's all udp ports are open, right?
<smoser> i dont think it means that.
<smoser> i just checked tcp
<smoser> by running 'nc -l 1234' and then trying to connect from outside, and its shutoff
<smoser> (but using 8000 rather than 1234 connects as expected)
<kirkland> smoser: hmm, okay
<smoser> kirkland, i'm not saying something isn't broken. but i didn't see it just now. are you able to reproduce ?
<travisneids> Is it possible to remove a LVM group during installation?  Keep getting "Partition in user" error
<travisneids> Ubuntu Server 12.04
<travisneids> I get the error when trying to "Delete volume group".  Frustrating!
<esuave> so i accidentally added a route that looks like this: host-216-153-17
<esuave> but it wont let me delete it
<esuave> i get error
<esuave> host-216-153-17: Unknown host
<RoyK> esuave: that'll be its reverse dns name - type netstat -rn to view the ip address and remove that
<SpamapS> W: Failed to fetch bzip2:/var/lib/apt/lists/partial/127.0.0.1:9999_debian_dists_sid_main_i18n_Translation-en  Hash Sum mismatch
<SpamapS> Yay.. not unique to Ubuntu.. :-P
<RoyK> SpamapS: local repo?
<SpamapS> RoyK: approx
<SpamapS> RoyK: its just skew on my upstream mirror caused by apt not being atomic on updates
<SpamapS> Something we're trying to solve this cycle actually
<RoyK> ic
<SpamapS> hrm no this seems almost like something else
<SpamapS> getting it on all mirrors
<SpamapS> Translation-en.bz22012-May-21 16:08:073.8Mapplication/x-bzip
<SpamapS> Release2012-May-21 10:26:02227.4Kapplication/octet-stream
<SpamapS> Looks like Translation-en.bz2 was updated but Release was not
<jkyle> going to give maas another whirl I think.
<jkyle> I'm wondering how flexible maas is though, I know it uses cobbler as the pxe manager. I was told, though, that you're not supposed to create new systems using cobbler but only through maas. Which means you have to do it manually mac by mac in the web gui
<Daviey> jkyle: no, the default pxe boot target for machines maas doesn't yet know about get auto enlisted into MAAS>
<Daviey> you just need to accept them.
<jkyle> Daviey: alright, so I can just spin up my nodes set to pxe boot and click accept. cool
<Daviey> jkyle: yup
<Daviey> jkyle: if you have a list of mac's.. you can add them through the API aswell fwiw.
<Daviey> but really, just doing a power on.. makes more sense IMO.
<jkyle> cool, I'll have to start reading the API. I suspect this is a fairly customizable system by just leveraging the underlying utils, like cobbler. I shouldn't have to worry about "breaking" maas by modifying on that level, I'd assume.
<jkyle> e.g. custom late_commands, postflight scripts, etc.
<Daviey> jkyle: no, should be good.  Note, that more exciting things are in the works.
<Daviey> jkyle: what custom late commands are on your mind?
<jkyle> Daviey: there's some funky stuff I have to do with networking to get bonding working...though I should verify the issues haven't been patched
<jkyle> othe rthan that, standard stuff, like RAID configuration, etc.
<Daviey> jkyle: MAAS provides a metadata service which runs user-data supplied on first boot.. which is the place where people would put mot late_commands content
<Daviey> but then, funky networking might be more of a challenge.. if default dhcp doesn't cut it for you.
<Daviey> jkyle: RAID configuration should happen in the commissioning environment, which happens before the install
<jkyle> yeah, mine run on first boot. I have a runonce script that adds itself to the init, then executes all scripts in a certain directory in lexical order
<Daviey> (note that, as shipped.. the comissioning enviroment is not as accessible to customisations as we wanted.. but still viable.)
<jkyle> Daviey: should
<jkyle> . . .
<jkyle> ;)
<Daviey> jkyle: anyway.. you didn't buy me a drink at UDS.. :(
<jkyle> these use the megacli utility, so takes a bit of fudging. also the utility doesn't work (officially) for 3.x kernels. but if you spoof the arch, seems to do ok. makes for a quirky config
<jkyle> Daviey: I didn't see yah! (/me thinks...did i?)
<jkyle> Daviey: I was getting kp's on our cloud, missed all but like 1/2 a day
<jkyle> spent most of that with Kyle
<Daviey> jkyle: if you want to watch an ill-prepared talk, http://www.youtube.com/watch?feature=player_detailpage&v=m3utPU99Wgg#t=2079s
<Daviey> that was me at UDS.
<roaksoax> Daviey: the best talk of the day!
<LordOfTime> lol
<Daviey> roaksoax: yah, it was a good trip.
<roaksoax> Daviey: haha besides the trip, the talk was good, you definitely have ankerman skills man
<Daviey> roaksoax: thanks :)
 * koolhead17 wants to have that crowd connector skill too
<pehden> www.wegotoyourpc.com catchy aint it?
<LordOfTime> pehden:  not sure this is the right place :/
#ubuntu-server 2012-05-22
<pmp6nl> Hello, I am hosting multiple sites.  Right now if I go to my ip address it displays one of my sites and I cannot edit other sites via the ip address.  Is there a wrong setting in the default server or does something special need to be done for each virtual hosts?  I want to my able to edit sites via ipaddress/directory.  thanks
<rbasak> pmp6nl: if you go to a website via IP address, and your web server serves multiple sites from the same IP address, then there's no way for the web server to know which site to send back. So it sends the default one. If you want to fix that then you either need to browse the sites by name, or you need to use multiple IP addresses.
<pmp6nl> rbasak, how do I browse by name?  Isnt there a way to do this with virtual hosts?  I am using apache
<echosystm> whats the best way to NAT all incomming packets from one server to another?
<rbasak> Use virtual hosts, and set the names up to point to the same IP address. Then use those names in your browser.
<echosystm> iptables -t nat -A PREROUTING -p tcp -m multiport -dport 80,443 -j DNAT ... ???
<rbasak> It sounds like you could do with reading http://en.wikipedia.org/wiki/Virtual_hosting#Name-based
<echosystm> thats not what i want
<echosystm> this is a poor mans router
<echosystm> it needs to work at the transport level
<echosystm> not the application level
<rbasak> echosystm: sorry, my message was intended for pmp6nl on a different question, not you.
<echosystm> oh sorry
<pmp6nl> ok rbasak I will read up on that as I am confused about virtual hosts. thanks
<rbasak> echosystm: sounds like you need http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-6.html#ss6.2 :-)
<rbasak> echosystm: there's also ufw, which is a higher level wrapper around iptables. Eg. http://manpages.ubuntu.com/manpages/precise/en/man8/ufw-framework.8.html
<echosystm> will packets stop after the first rule that they match? or will they continue through the chain
<rbasak> the first packet goes through the DNAT chain. Subsequent packets go through the FORWARD chain only, appearing as if they're already NATted and magically going to the right place. If that makes sense.
<rbasak> Sorry, didn't read the question. DNAT is a chain terminating target, ie. no more rules are processed after hitting a DNAT target.
<echosystm> ok so lets say i have rule 1. send all traffic from IP X to IP Y
<echosystm> then i have rule 2. send all traffic to IP Z
<echosystm> if a packet coems from X, will it go to Y and then stop?
<rbasak> If rule 1 is using DNAT, rule 2 will never be processed if a packet matches rule 1.
<echosystm> cool
<echosystm> thanks for that
<pmp6nl> rbasak, how does apache determine the default virtual host?
<rbasak> Good question. Sorry, I don't remember the answer.
<rbasak> It might even be the first one that's defined.
<pmp6nl> rbasak, ok, thanks
<pmp6nl> Should virtual hosts be listed in apache2.conf?
<jmarsden> pmp6nl: rbasak is correct, it uses the first one listed, which I think means the alphabetically first one if you use the Ubuntu/Debian file structure and one file per vhost under /etc/apache2/sites-enabled/ .  This is why it is conventional to name that one 000-default, so it is "obvious" to humans looking at the directory, that it is first in the list and is the default.
<jmarsden> pmp6nl: Indirectly.  See above.
<rbasak> Thanks jmarsden. This sounds familiar now. It's been a while since I've done virtual hosting with apache!
<jmarsden> See /usr/share/doc/apache2/README.Debian.gz for useful info on the file structure involved.
<twb> jmarsden: the "default" site is the first one found in "the" config file.  The logical config file is built by including (by default) all the files in sites-enabled.  They're added lexicographically; I assume this is because root's locale has an LC_COLLATE of C.
<twb> If you went into httpd.conf and added a vhost before the include, that would become the default
<pmp6nl> ok thanks jmarsden and rbasak .... can I rename one of the files to 000-default to make it the default or do I need to do something different.
<twb> The fact that the file is called "default" has no bearing on how apache treats it, although obviously the 000 means it usually sorts to the top
<jmarsden> twb: Yes, but you are not supposed to manually put sites into httpd.conf in Debian/Ubuntu :)
<pmp6nl> ok, I dont even have a I dont have a /etc/apache2/httpd.conf file
<twb> jmarsden: that's a nice theory :-(
<jmarsden> pmp6nl: You should have an empty one, if you did a conventional install of Apache on Ubuntu server.
<pmp6nl> jmarsden, ok, perhaps its just empty.  I will look.  whats the best way to rename a site under /etc/apache2/sites-available?
<jmarsden> pmp6nl: mv should work fine
<pmp6nl> Thanks jmarsden
<jmarsden> pmp6nl: You're welcome
<Mischinka> Does installing the desktop cause the server to run slower?
<twb> It depends.
<Mischinka> its on a vps
<twb> We discourage using GUIs on servers.
<Mischinka> Im trying to figure out an easier way to setup APED server to start and stop when nginx starts and stops.
<twb> APED?
<Mischinka> http://www.ape-project.org/wiki/index.php/Setup
<Mischinka> how do i kill a script using 443 port?
<twb> Good heavens, the developers are excitable fellows.
<twb> Mischinka: you use netstat -nlp to find out what's on that port, then stop its service or equivalent
<qman__> I wrote a script to do exactly that at my old job, to reset stuck SSH tunnels
<qman__> unfortunately I don't have it to give you but it only took me about ten minutes
<twb> qman__: you can probably just get the pid direct from lsof or so
<qman__> I used netstat and some cuts and seds
<qman__> stored to a variable and fed to kill after some sanity checking
<Mischinka> Got it! sweet.
<Mischinka> Oh how do i have a script run in background?
<Mischinka> because its making me have to keep the putty terminal up.
<qman__> you want screen
<jmarsden> Mischinka: nohup /path/to/script    # could also work
<twb> Well, that or nohup or atd or cron or ...
<qman__> technically, running in the background requires adding & to the end, but that is still a child of your SSH session
<qman__> you need to do something else to make it independent, screen is one easy way
<Mischinka> hmm
<Mischinka> didnt work..
<qman__> setting it up in cron is the right thing to do when you need it run all the time or at regular intervals
<qman__> I was not aware of nohup or atd until now
<Mischinka> *sigh.. im not sure of how to run it in cron.
<twb> qman__: people like you come into #screen all the time and ask how to start their quake server in screen at boot time, from /etc/init.d/ :-/
<twb> Or rtorrent, that's another common one, because it has a "GUI" they want to attach to later on
<rbasak> Mischinka: you could write an upstart job. Lots of documentation at http://upstart.ubuntu.com/cookbook/
<qman__> I wrote a kludge using sudo, su, and screen to get srcds running at boot
<qman__> because it won't run non-interactively, and won't log
<twb> qman__: "non-interactively" as in it needs stdio, or it needs a non-dumb terminal?
<twb> The latter is harder, I grant you
<qman__> non-dumb terminal
<twb> Best would be to fix the damn daemon to not need it, of course...
<qman__> it does not function if it doesn't have a shell
<twb> qman__: I'd probably look into faking that with a pty
<twb> Also btw you shouldn't ever need BOTH sudo and su
<qman__> I tried to use just sudo but I couldn't make it happy with the options
<qman__> the main problem is I want access to the screen, but I want the server to run as a dedicated user
<qman__> so root runs the first script at boot, sudos to me, to run the other script which sus to the daemon user
<qman__> it's a mess
<qman__> but it works
<rbasak> screen has access control options. The daemon user could start the screen with options to give you permission to reach it.
<Mischinka> question i have css that seems to be running from some sort of server cache..
<twb> rbasak: screen's access control is... suboptimal.  I wouldn't trust it.  Also it's disabled by default in Debian and Ubuntu
<Mischinka> im inspecting the site and it says the css tag is coming from http://website.com/:171
<Mischinka> what does that mean?
<twb> Mischinka: insufficient data
<Mischinka> twb: excuse me?
<twb> Mischinka: you provided insufficient data to answer your question.
<Mischinka> Oh, I have an nginx php5-fpm server, and for some reason the CSS tag on something on the page is being overridden by a tag located at http://website.com/:171 and the original tag is from custom.css what is this :# http://i.imgur.com/W9CdY.png
<Mischinka> Im trying to figure out if its being cached by the server or something..
<twb> It sounds like you have nginx rewriting message bodies, which IMO is dumb
<twb> The downside is, if you don't do it, the root anchor needs to be the same regardless of the vhost.  So e.g. you cannot have default.example.net/foo.example.net/bar.html and foo.example.net/bar.html be the same
<twb> Although you can have default.example.net/foo/bar.html and foo.example.net/foo/bar.html be the same, because the path part (/foo/bar.html) is the same
<twb> ...I hope that made sense, it wasn't very well put.
<Mischinka> umm not really.
<Mischinka> twb there is a screenshot of my site config: http://i.imgur.com/W9CdY.png
<twb> It is difficult for me to look at images, please pastebin text
<brainysmurf> Trying to migrate posix users to ldap, there isn't any migrate_common.ph file. I created one and attempted the migration with extended schema on but no luck getting any emails. No errors. Kinda stuck...
<brainysmurf> nano migrate_common.ph
<brainysmurf> woops: http://pastebin.com/b4AvY5Mq
<brainysmurf> found some problems already, updated: http://pastebin.com/mqJrkHe0
<echosystm> im trying to set up DNAT for port 80 of my firewall server
<echosystm> i have done this: http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-6.html#ss6.2
<echosystm> iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 5.6.7.8:8080
<echosystm> then when i telnet my firewal on port 80 it just times out
<echosystm> can anyone think of why this might be happening?
<alex88> hello guys, after switching to ubuntu 12.04 so kernel 3.x i can't use multiple ip on single interface http://pastebin.com/0GFZZwTw
<alex88> with that /etc/network/interfaces i can ping eth0:0 from local machine but from outside it doesn't respond
<lynxman> morning o/
<adac> I'm trying to get pam auth work with ldap, but /var/log/auth tells me the following: PAM (other) illegal module type: diese
<adac> PAM pam_parse: expecting return value; [...Optionen]
<adac> PAM (cron) illegal module type: diese....
<adac> any ideas?
<lynxman> adac: looks like a configuration file in pam that is incorrect
<lynxman> adac: or pam config that is incorrect indeed
<lynxman> where is the word "diese" in slapd.conf or in /etc/pam.d ?
<adac> lynxman, yes it was a typo! thank you!
<lynxman> adac: glad to be of help :)
<adac> but the error message is strange
<adac> hehe
<vrturbo> anyone know how the maas server node dns names work with dnsmasq ?
<vrturbo> built a maas server, everything working but the resolution of the dns names, this is breaking my juju deployments
<KristianDK> On ubuntu 12.04 using the default LXC configuration, my containers does not get a DHCP ip address, although it seems that the default configuration sets up a 10.0.3.0 ip range for DHCP for containers. Does anyone know how to debug this? Syslog in container states "NO DHCPOFFERS received" and I was not able to find any errors on the LXC host
<KristianDK> If I assign it a static ip in the DHCP subnet, it seems to work and I can communicate with the parent
<KristianDK> also, it does not seem to have any routes available, e.g. i can ping the master, but nothing else
<debuuuu> Hoi all. I'm going to install Ubuntu Server on a PC I have kicking about, mainly just to play around with. Just wondering, how do you install a GUI once the server's installed?
<_ruben> you usualy just don't
<_ruben> if you want a gui, install the desktop version instead
<debuuuu> But then it's not a server is it?
<debuuuu> I'm making a simple game server
<_ruben> define "server"?
<zul> good morning
<debuuuu> I'll have a game server running on the machine that I can connect to with a client I'm writing
<_ruben> the most notable difference between -server and -desktop is the presence/lack of a gui
<debuuuu> Client's just a simple JS-based app running in the browser.
<debuuuu> So like,
<debuuuu> I don't really know a lot about what makes a server a server, as you might've guessed :) This is partly why I wanted to play around
<debuuuu> Is it possible to do what I described with an installation of Ubuntu Desktop?
<brainysmurf> debuuu: Install the desktop version, don't worry
<_ruben> sure
<debuuuu> Ah, ok
<debuuuu> So .. not sure how to phrase the question really, but how do you go about making that box accessible as a 'server' to clients anywhere else on the web?
<_ruben> by connecting it to the internet
<debuuuu> Ha
<debuuuu> There's nothing more fancy than that eh?
<_ruben> not much
<debuuuu> Alright, well sweet :)
<debuuuu> Ask stupid questions, get simple, stupid-feeling inducing answers :)
<debuuuu> Thanks though, I'll install the desktop version and have a play around.
<hallyn> zul: your libvirt passed tests on p.  i'm about to build/run on q, but all is looking good
<hallyn> (i haven't looked closely at the pkg source, i'm going to trust the qrt on this one :)
<hallyn> zul: you said you started MIR on dwarves-dfsg?
<zul> hallyn: not yet i had yesterday off
<bioman_> Hi
<bioman_> Running 11.10 server. I've installed a DRBL. Got some issues : sometimes the PC that I want to backup or restore have a black screen. Any ideas please ?
<bioman_> It's 10.10 with 3.3.7 kernel or 3.2.18
<bioman_> I have the DRBL screen that displays properly, then -I think- 320x240 and when it want to get a higher resolution : black screen and nothing happens
<ikonia> bioman_: the DRBL package you are using is not an ubuntu package
<ikonia> bioman_: talk to the people who make the package for help/issues
<bioman_> ikonia: hello :) I know this you told me yesterday... Hoped that someone here would have had this issue and a fix ;)
<ikonia> no, as the package is not made by the people who make the ubuntu packages
<ikonia> bioman_: as you know I told you this yesterday, why do you keep asking for people to fix issues here
<ikonia> you know where the package people are - you know where their bug logging/support system is, please try to use it, it's their package with their problems
<bioman_> ikonia: just hoping that's all :(
<ikonia> bioman_: yes, but you've been told 3 - 4 times
<bioman_> ikonia: maybe 5 ;) I'll stop bothering you all, sorry...
<zul> hallyn:  you know you are running the meeting today right?
<hallyn> yeah.  i hope the slacker last time updated the agenda :)
<zul> hallyn: funny that you say that :)
<hallyn> zul: thanks.  I knew it was coming up this time, but always hate being caught off guard with that
<zul> hallyn: everyone has
<raubvogel>  For those of you running vms (say, kvm), how do you sync the clock on a vm that was been saved/paused for a while when it comes back? I tried putting 'tinker panic 0' on the top of the ntp.conf file but so far it has been ignored.
<hallyn> zul: all tests pass, push it :)
<hallyn> oh, except for hte dwarves issue
<hallyn> guess you can't push it
<zul> damn it..
<zul> lemme do that right now
<ogra_> just add some giants ... that will level out the dwarves
<zul> hallyn: https://bugs.launchpad.net/ubuntu/+source/dwarves-dfsg/+bug/1002891 fyi
<uvirtbot> Launchpad bug 1002891 in dwarves-dfsg "[MIR] dwarves" [High,New]
<hallyn> zul: i dunno if you have any sort of scripts depending on libvirt's dumpxml output, if you do, note there are some changes (see the qa-regression-test changelog)
<zul> linky?
<hallyn> pfft.  i dunno
<hallyn> https://code.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master
<hallyn> in particular http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/changes/1692?start_revid=1692
<Daviey> hallyn: i think you are up for chair btw.
<hallyn> Daviey: thanks.  (read up ^ :)
<hallyn> zul: just looking at debdiff for one last check, then i'm done with your libvirt
<Daviey> hah
<zul> hallyn: cool..once dwarves gets looked at then i think we are good
<hallyn> hopefully my ap stays good for the duration of the meeting.  (new one arrives wed)
<grendal-prime> oi
<grendal-prime> ok so have a vm of 12.04 server
<grendal-prime> i removed  /etc/udev/rules.d/70-persistant-net.rules file.  (because i use to have to do that to get the interfaces to enumerate properly after changing the switches that the box was connected to)
<grendal-prime> aparently thats differnt.  Now i need to regenerate that file.
<grendal-prime> the script that i thought i did that with is not working they way it is expected
<_ruben> grendal-prime: file should be recreated at boot time
<grendal-prime> ya that was not hapeing..now it is...werid
<grendal-prime> actually...umm werid it did not get created...
<ikonia> the rules files do not get generated at boot time
<ikonia> the rules files are static files
<ikonia> the devices they make are what get regenerated
<_ruben> ikonia: when did that change? must say i havent *removed* the file in ages, but i did used to do so without problems
<ikonia> I've never seen the rules files get regenerated
<pedor> hi, could please someone recommend a webhost?
<ikonia> they are normally static files,
<ikonia> pedor: no
<ikonia> _ruben: what do you think re-generates them ?
<pedor> ikonia, which channel I can go?
<ikonia> pedor: no idea
<ikonia> _ruben: curious to if ubuntu has a different way of working with udev and actually has dynamic config files
<_ruben> ikonia: some part of udev i'd expect, never really dug into the details, just used to blow away that file when mac addresses changed
<ikonia> _ruben: I've never seen the mac addresses in the rules files
<ikonia> ahhh I see
<_ruben> # This file was automatically generated by the /lib/udev/write_net_rules
<ikonia> the network one is generated
<ikonia> but others are static
<ikonia> yes, just looked properly
<ikonia> same with the CD
<_ruben> it being autogenerated makes for "new" interfaces to be added properly
<_ruben> quite a simple yet nice feature
<_ruben> unless your mac addres(ses) keep changing for some reason :)
<jdstrand> hallyn: doesn't your KiB changes to test-libvirt.py need to be special cased for quantal? this script is run for SRUs and security updates
<ikonia> yes, that makes sense
<jdstrand> hallyn: oh, I didn't notice the '?'
<grendal-prime> ok well...what should i do at this point then?
<grendal-prime> is there a way to trigger the recreate?
<grendal-prime> and the mac addresses do change in this environment...allot.
<hallyn> jdstrand: right, if i didn't mess up for a change, it should just work.  though it's getting brittle
<jdstrand> getting ;)
<jdstrand> it started brittle
<jdstrand> feel free to thank me for that :)
<hallyn> hopefully they can hold off on more needless formatting changes for awhile
<ikonia> grendal-prime: look at the script suggested that actually creates the file, try running it
<jdstrand> what's the fun in that?
 * jdstrand is a little jaded on useless changes
<ikonia> grendal-prime: it may depend on a blank file being there in the first place so it can update it rather than create it, etc etc, look at what that trigger script does
<hallyn> the fun of having time to work on other new stuff
<jdstrand> heh
<hallyn> jdstrand: +1 on that
<grendal-prime> ya i was looking throught that. I didnt seen anything...ill try just creating the file..reboot and see what happens. if that doesnt work..i guess ill buld another machine copie it over.
<grendal-prime> can you look into the file and see if there is anything besides the typical interface info?
<grendal-prime> i thin i found something about whats nomcal in there
<ikonia> grendal-prime: I wouldn't suggest that
<ikonia> grendal-prime: I'd suggest actually reading the trigger script - seeing what it needs, fixing what it needs, then running the script
<ikonia> grendal-prime: if there are any problems/output you should see it, where as rebooting you'll end up chasing your tail to chase problems
<ikonia> (unless there is a dependency that this script can only be run at boot time - which I don't think it can)
<silentpj> hello, i have problem with 12.04 server amd64 not installing grub (grub installation failed) on vmware ESXi 5, does anybody know how to install it properly?
<zul> Daviey: ping (re: cloud-archive stuff)
<ttx> Daviey: was talking to zul about the Ubuntu openstack QA PPAs that could replace the openstack PPAs
<ttx> Looks like you would have:
<ttx> - PPA for tip of stable/essex on Precise -> staging area for Essex/Precise cloud archive
<patdk-wk> silentpj
<patdk-wk> the issue is the grub bootloader in the mbr isn't updated
<patdk-wk> just have grub update it
<ttx> - PPA for tip of master on Precise -> general QA for Folsom/Precise cloud archive
<zul> ttx:  for the openstack-qa yes ppa for tip stable/essex on precise
<zul> stable/essex is the SRUable stuff so it goes into proposed
<ttx> - PPA for milestone-proposed on Precise -> staging area for Folsom/Precise cloud archive
<Daviey> ttx: hey
<ttx> PPA for tip of master on Quantal -> staging area for Folsom/Quantal (main archive)
<silentpj> patdk-wk: thanks, so it's bug...
<Daviey> ttx: Can we continue this later, swapping tasks atm. :/
<patdk-wk> yep
<ttx> zul: well "stable/essex on Precise" covers two things
<ttx> Daviey: sure
<ttx> zul: covers Essex/precise cloud archive and Essex/Precise main archive SRU, now ?
<ttx> s/now/no
<patdk-wk> bug #978464
<uvirtbot> Launchpad bug 978464 in grub2 "After LTS->LTS (lucid2precise) upgrade, upon reboot drops into grub recovery shell" [Critical,Fix committed] https://launchpad.net/bugs/978464
<zul> ttx: no essex/precise was always going to go into main archvie sru
<ttx> zul: oh, right.
<zul> tip of master for folsom on precise -> cloud-archive
<zul> tip of master for folsom on quantal -> main archvie
<zul> doh...
<zul> ttx: tip of master for folsom on precise -> openstack-qa
<zul> ttx: milestone (and possblly release candidates as well) on precise -> cloud-archive
<ttx> ack
<ttx> zul, Daviey: I'll sum that up in an email that you can read and comment when you have time
<grendal-prime> grrrr
<zul> ttx: cool
<grendal-prime> i cannot just get it to recreate the file.
<grendal-prime> and ive tried creating the file empty so it can have somewhere to write data..that does not work. the trigger script if i try and run it askes for interface name..
<ikonia> grendal-prime: ok, so give it an interface name
<ikonia> you've got to work it through until you find the critera to make it work
<ikonia> then - you'll understand why it's not being triggered at boot
<zul> ttx: CVEs are handled normally in the security archvie as well :)
<grendal-prime> yes but you see...there has to be a process somewhere that would start from scratch...
<silentpj> patdk-wk: hmm, I'm doing clean install, not sure how to fix it from minimal env on the server cd
<grendal-prime> when i run the write_net_rules script it just says missing $interface
<patdk-wk> heh? clean install?
<patdk-wk> there is no problems with clean installs
<patdk-wk> I have done a few hundred precise installs onto esxi 5
<silentpj> patdk-wk i have problem with clean install...
<patdk-wk> well, I have no clue what your issue could be then
<grendal-prime> that file is normally called by persistent-net-generator.rules
<silentpj> patdk-wk: 64bit?
<ikonia> grendal-prime: so pass it the interface argument
<patdk-wk> both 64 and 32
<grendal-prime> tried that as well didnt work.
<ikonia> grendal-prime: in what way didn't work
<silentpj> patdk-wk: wierd, any customisation? I did default install, next->next style...
<patdk-wk> I do normal installs, and vm installs
<patdk-wk> and also iscsi root installs
<grendal-prime> well i run  the 75-persistent-net-generator.rules script i just get permission denied
<ikonia> ok, so look at why
<ikonia> do you have permission ?
<grendal-prime> no execute on the file
<ikonia> ok, so there you go
<ikonia> work it through
<grendal-prime> ran it with bash
<grendal-prime> but um ..didnt put anything in the file
<bioman> Hi
<ikonia> grendal-prime: set -x , work it through
<bioman> Trying to build DRBL package (backportpackage --build --workdir=/root/drbl) but it complains about non existing gpg key. I tried to generate one with gpg --gen-key with no luck...
<bioman> Using 12.04
<grendal-prime> i can get it to execute but it does not generate anything
<grendal-prime> rrrrr
<esuave> can anyone tell me how to connect to an FTPS server from command line?
<esuave> im trying to connect to a certain IP on a certain port
<nathwill> esuave: http://blogs.reliablepenguin.com/2009/08/11/ftps-with-lftp
<nathwill> lftp is pretty nice
<esuave> cool thanks!
<ikonia> grendal-prime: walk it through step by step and see what the trigger for re-generating it
<ikonia> grendal-prime: set -x
<axisys> how do I setup automatic security update?
<rbasak> axisys: https://help.ubuntu.com/community/AutomaticSecurityUpdates
<axisys> rbasak: thanks
<grendal-prime> where do you adjust dns?
<streulma> esuave: do you mean sftp ?
<esuave> ftps? is it the same thing?
<streulma> sftp is over ssh scp
<rbasak> ftps != sftp: http://en.wikipedia.org/wiki/Ftps
<streulma> ok
<streulma> I havn't heard of ftps
<esuave> yeah i know.. me either.. im trying to connect to someones ftps server
<bioman> nobody knows how to successfully build the quantal drbl package ?
<smoser> hallyn, your presense is requested in #ubuntu-meeting
<smoser> or presence even.
<patdk-wk> ftps breaks ftp hopelessly :)
<znf> Hello. What exactly happened to byobu and screen? I used to have "themes" (color for background and foreground of the byobu "frame"), but now in 12.04 I can't find this (this is an upgraded install)
<znf> I've removed everything byobu and screen related from my profile, and it launched tmux, read about how to change it back to screen, but I still can't find the themes
<rbasak> zul, SpamapS: FYI, merge is https://code.launchpad.net/~racb/ubuntu/quantal/apache2/988819 to fix bug 988919. I haven't managed to test it yet though.
<uvirtbot> Launchpad bug 988919 in helioviewer.org "Improved JP2 file acquisition" [High,In progress] https://launchpad.net/bugs/988919
<rbasak> err, bug 988819
<uvirtbot> Launchpad bug 988819 in apache2 "wrong path to libxml2.so.2 in mod_security" [Unknown,Fix released] https://launchpad.net/bugs/988819
 * znf hails the SpamapS 
<zul> rbasak: cool
<syria_> Hi, COuld you please help me with configuring openvpn on my VPS 10.04 lts please? so I can use it on my ipad??
<grendal-prime> ya this is werid..i just built a brand new system and there is nothing in that /etc/udev/rules.d/70-persistant-net.rules file.
<grendal-prime> where the hell is this information stored now
<rbasak> grendal-prime: it's still there, AFAIK. But I think it might be skipped on certain VMs. Is yours a VM?
<grendal-prime> yes
<grendal-prime> but...why then is one machine where it was deleted giving me so much trouble then
<grendal-prime> i need to be able to rebuild that information
<rbasak> See /lib/udev/rules.d/75-persistent-net-generator.rules for details of how and what is skipped. You can override that file by copying it to /etc/udev/rules.d/
<rbasak> Or you can just write your own rule to do what you need. The /lib/udev/write_net_rules script coudl help you with this
<grendal-prime> rbasak, i tried that.
<grendal-prime> the write_net rules script asks for $INTERFACE  but all the syntax i tried just errors
<rbasak> Here's an example if you just want to write a rule yourself. I just took it from my laptop's rules.d: SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="XX:XX:XX:XX:XX:XX", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
<grendal-prime> two machines nither one of them have anything in that file.....one comes up fine the other comes up but complains about limited network functionality
<grendal-prime> and acts very strange...takes like 2 min to boot. werid.
<grendal-prime> rbasak, you said i can override that file by copying the 75-persistent-net-generator.rules into the /etc/udev/rules.d/ folder?
<grendal-prime> thats the first thing i tried and it did not work.
<rbasak> You can override any file in /lib/udev/rules.d by copying it into /etc/udev/rules.d I think
<rbasak> That's the net rules generator rules file.
<rbasak> Where are you getting a message about limited network functionality from?
<grendal-prime> on bootup
<grendal-prime> and it takes 2 min to boot..
<rbasak> Do you have network-manager installed?
<grendal-prime> base install..server 1204
<grendal-prime> is that thing installed by default now?
<grendal-prime> also there is all this stuff about ignoring interfaces from certain vendors?
<grendal-prime> like...vmware and kvm.
<grendal-prime> how the hell is that suppsed to work
<koolhead17> hi all
<grendal-prime> and no network manager is not installed
<rbasak> With virtual machines, you should just get eth* in the same order every time, so no need to rename interfaces. I assume that's the principle on which udev net generator rules rules skip them anyway
<rbasak> If you need them renamed/reordered because of your existing configuration, I'd just add the rules manually and then leave them be.
<grendal-prime> yaaaa thats gonna suck
<rbasak> Use my example above and stick in into /etc/udev/rules.d/99-custom-interface-names or something
<grendal-prime> there is nothing that will just look at whats there and build that file for me.
<rbasak> I'm sure upstream will happily accept a patch that adds a script to help people write their own rules :-)
<grendal-prime> ya i think ill just grab the one from 10.04 install and throw it in there.
<grendal-prime> ya so on boot that box comes up with "waiting for network configuration"
<grendal-prime> then after a min it says "waitng for 60 more seconds"
<bioman> grendal-prime: beacause you're surely on DHCP and getting no address
<grendal-prime> no thats not true
<grendal-prime> i have to assign the address
<grendal-prime> there is no dhcp on that network. The problem is we build it on one network, then we need to move it to a different network when we deploy
<grendal-prime> its a router
<bioman> Still with my secret key non available when I "backport --build --workdir=/root/drbl drbl". I have searched for a gpg key with "gpg --search-keys drbl" and found one. What should I do please ?
<bioman> ls
<grendal-prime> ya setting up that file myself does not work as well.
<grendal-prime> still does the same thing on boot.
<grendal-prime> this is very werid
<silentpj> patdk-wk: i've tried again, still the same problem, accessed the logs, found "chroot: can't execute 'grub-probe': No such file or directory"
<patdk-wk> like I said, I have no clue what your issue is on install, and no idea what grub-probe does
<patdk-wk> normally use, grub-install /dev/sda
<adam_g> can someone please nominate bug 998137 for oneiric?
<uvirtbot> Launchpad bug 998137 in keystone "Keystone user tenant membership not always removed" [Undecided,Confirmed] https://launchpad.net/bugs/998137
<bioman> I finally managed to create a drbl package. How do I install it please ?
<SpamapS> bioman: dpkg -i file.deb
<bioman> SpamapS: hey my friend :) Installed but missing dependencies :(
<SpamapS> bioman: sudo apt-get -f install
<bioman> SpamapS: thanks
<bioman> SpamapS: disaster : drbl package installed in /usr but calling other files in /opt/drbl/...
<bioman> SpamapS: and lots of files missing :(
<bioman> cd
<pingswept> What's the difference between the 12.04 AMI's that are from the original release on 2012-04-24 and the more recent daily builds? Security fixes?
<SpamapS> pingswept: security+updates
<SpamapS> pingswept: basically everything you'd have gotten from 'apt-get update && apt-get upgrade' will be included
<pingswept> SpamapS: Thanks. Just what I wanted to know.
<axisys> looks like hitting a bug
<axisys> # ifdown eth3
<axisys> ifdown: interface eth3 not configured
<axisys> # ifup eth3
<axisys> RTNETLINK answers: File exists
<axisys> Failed to bring up eth3.
<axisys> [   35.512732] ADDRCONF(NETDEV_CHANGE): eth3: link becomes ready
<axisys> what gives?
<axisys> all routing works too..
<axisys> so why these odd messages?
<smoser> ifdown eth3; ifconfig eth3 down;
<smoser> it wasn't down, but 'ifupdown' thought it was
<smoser> or, you have actually 2 interfaces trying to write the same route
<smoser> (rtnetlink file exist)
<axisys> eth2 is public network.. eth3 is private network
<stgraber> the -v flag of ifup will also show you exactly what returned the netlink error
<axisys> not trying the same route
<axisys> stgraber: http://paste.ubuntu.com/1001487/
<axisys> let me add the down option for eth3..
<axisys> since it is trying to add the route that is already there from initial ifup eth3 I think.. like smoser suspected
<Guest17303> Guys I am following the ubuntu-server guide for DNS, I am currently here: https://help.ubuntu.com/8.04/serverguide/dns-configuration.html
<stgraber> axisys: ifup is basically telling you that something already set the IP address of the interface (and makes it fail to set it again). Manually removing the IP (ifconfig eth3 0.0.0.0), then running ifup again should work
<Guest17303> im a little confused at the part where it says : "Also, create an A record for ns.example.com. The name server in this example: "
<axisys> stgraber: it sure did.. thanks
<Guest17303> I assume it wants me to create another copy of db.local and make changes to it, but it doesnt give a name of the file if thats the case
<Guest17303> Anyone able to offer some insight into this?
<hallyn> jdstrand: so for the pc-0.12 problem, here is what i'm printing to /var/log/libvirt/libvirtd.log.  http://paste.ubuntu.com/1001608/
<hallyn> It seems kind of underwhelming.  non-attention-etting
<hallyn> getting
<hallyn> OTOH at least it's a start, and something we can look for in bug reports...
<hallyn> i wonder if there is a good way to pass a msg onto virsh to print out
<fraterm> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<fraterm> If someone could help me with a good way to fix my system so that this: http://imagebin.org/213476 stops happening I'd appreciate it.
<guntbert> !here | fraterm
<ubottu> fraterm: Please give at least an overview of your problem *here* (all in one line) - you will get a much greater audience. If you have to use more than 3 lines, please use http://paste.ubuntu.com
<fraterm> package-data-downloader crashes because something in my system may be corrupt, as you see the imagebin graphic:
<fraterm> Title package-data-downloader crashed with KeyError in convert():'paquetes'
<fraterm> paquetes is spanish for packages.
<fraterm> guntbert, overview after pasting I guess.
<guntbert> fraterm: :)
<fraterm> system was a well running 11.10 i have 2 non ubuntu packages jenkins and vmware workstation.
<guntbert> fraterm: hmmm - we are talking about "server" here?
<fraterm> it is server.
<fraterm> in that it is the server version of the OS.
<guntbert> fraterm: try without the GUI   -     sudo apt-get update; sudo apt-get upgrade
<fraterm> I'll have to pastebin this one.
<guntbert> please do
<fraterm> http://paste.ubuntu.com/1001659/
<jdstrand> hallyn: message seems fine. getting it to virsh may be problematic. I always found libvirt's message handling fairly confusing because of how some messages override others, etc
<guntbert> fraterm: that makes it much clearer - the problem seems to  lie with flashplugin-installer - I am not able to help with that and will probably not find anyone in this channel - ask in #ubuntu please
<fraterm> Can do, guntbert thanks.
<fraterm> guntbert, it's a madhouse in there, just sayin.
<guntbert> fraterm: did you disable the display of joins and parts?
<hallyn> jdstrand: or maybe I should be recommending 'pc', which I assume is always aliased tothe lastest machine type
<hallyn> I'm still not comfortable with providing a script to automatically do it.  maybe i'm being a wuss...
<jdstrand> that may be best, yes. I forgot about that. I'd check on your assumption, but it sounds right
<jdstrand> hallyn: well, you could provide a script to help people do it
<jdstrand> I'm guessing many people are not familiar with the xml and just use virt-manager
<hallyn> Hmm
<hallyn> How do we help them discover that tool?
<jdstrand> it could be in the libvirtd message
<jdstrand> but that isn't super discoverable
<hallyn> (was thinking that as i hit return :)
<hallyn> no, but probably the best match to those who need it
<antihero> How do I view the output of programs started with upstart
<guntbert> antihero: they are not meant to have output, they are just writing logs
<hallyn> jdstrand: no, actually i think using type=pc might break migration for some people (as i'm doing some research)
<antihero> guntbert: but with supervisord I can do supervisorctl tail -f JOBNAME
<kantlivelong> anyone know of a CLI lightscribe app? I just need basic text printing...
<antihero> ok
<antihero> how can I re-scan all my conf/job files
<antihero> once I change them
<guntbert> antihero: no idea about supervisor...  - I may know less about upstart than you do :)
<axisys> i manually upgrade apts using ``sudo aptitude full-upgrade'' .. should I rather run ``sudo aptitude safe-upgrade'' ?
<guntbert> axisys: safe is better :-) but be careful with aptitude anyway
<guntbert> !aptitude
<ubottu> aptitude is another terminal-based front-end to APT. You may encounter problems on multiarch installs (11.10 and higher) as aptitude cannot currently handle the same package with different architectures being installed at the same time. See http://pad.lv/831768 for more information.
<axisys> gnuyoga: so use apt-get instead ?
<axisys> gnuyoga: nm
<axisys> guntbert: so use apt-get instead ?
<guntbert> axisys: it looks that way - I do it
<axisys> guntbert: what is aptitude safe-upgrade equivalent ?
<axisys> with apt-get
<axisys> sudo apt-get upgrade <-- is it safe or full ?
<guntbert> axisys: there is no exact equivalent, I use upgrade on a regular base and if something gets stuck, dist-upgrade
<KristianDK> Where would you get help for dnsmasq-dhcp?
<peydude> hello
<peydude> anyone using 12.04 LTS Maas ?
<peydude> my 1st node says it can't find the specified version in the mirror but I can manually get to it
<mwcampbell> I'm running amavisd-new with SpamAssassin as described in the Ubuntu 12.04 server guide. If I want to manually train SA's Bayesian filter, should I run sa-learn as the amavis user?
<mgw> has anybody used openssh-lpk on precise?
<Fleep> I'm running Ubuntu on an EC2 instance as a Postgres database server and in the past couple of days it's gone unavailable periodically forcing us to stop/start the instance and get new hardware. It's using an EBS volume as it's main drive so we still have all the logging. Where can I start looking for issues? I've checked in /var/log/dmesg and /var/log/syslog and haven't found anything notable when the outages began. Anywhere else I
<Fleep> should be looking?
<RoyK> Fleep: have you checked if it's running out of memory? shouldn't happen, but can block the system quite badly
<Fleep> RoyK: We have seen OOM Killer stuff pop up from time to time. We don't have historical monitoring set up (getting Nagios set up now for that purpose)
<Fleep> If there's no logged info, that seems like a pretty common culprit, yeah?
<RoyK> dmsg
<RoyK> desg
<RoyK> argh!
<RoyK> dmesg
<RoyK> that's the kernel's log
<RoyK> check /var/log/syslog
<Fleep> See original message
<Fleep> I checked both
<RoyK> the oom killer steps in when everything else has been tried
<Fleep> Hard to read dmesg, but I can't find anything in particular relating to running out of memory. It's not timestamped though, so it's hard to tell.
<RoyK> syslog really should log that
<Fleep> Yeah, nothing I an see about that really
<Fleep> Except, hmm
<RoyK> unless the oom killer killed syslogd/rsyslogd first
<Fleep> Postgres is the most likely culprit, and dmesg occasionally logs: postgres (752): /proc/752/oom_adj is deprecated, please use /proc/752/oom_score_adj instead
<RoyK> how much memory does this vm have?
<Fleep> 3.75GB
<Fleep> er
<Fleep> Excuse me, 1.7GB
<Fleep> EC2 c1.medium
<RoyK> until you setup nagios or perhaps icinga (a nagios fork, a *wee* bit better imho), try to make a cron job that just does "ps axfv" to a file or an email address periodically
<Fleep> Not a bad idea
<Mischinka> How do I turn off/on output buffering? (my joomla installer is saying it needs to be off)
<LordOfTime> Mischinka:  didnt i just say check the PHP documentation?
<LordOfTime> in #nginx :/
<JanC> sounds like a bug in the joomla installer anyway?
<LordOfTime> well php might have output buffering in it
<LordOfTime> on in it*
<Mischinka> hmm.. maybe my configs are way off.
<Mischinka> How do I completely remove nginx and reinstall it with all new config files?
<LordOfTime> Mischinka:  apt-get purge nginx; apt-get install nginx ?
<LordOfTime> you'll lose *ALL* confs though
<LordOfTime> !crosspost | Mischinka
<ubottu> Mischinka: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.
<LordOfTime> and replace "Ubuntu channels" with "support channels" since you're cross posting here and in #ngignxd
<LordOfTime> #nginx*
<Mischinka> Actually those were different questions.
<billybigrigger> hey all, just wondering if someone can help me with openvpn
<billybigrigger> i can get my server up and running...but having problems connecting from a win7 client
<billybigrigger> and the server logs don't seem to be helpful at all
<Mischinka> How do i add an ftp user to: /var/www/website.com ?
<helpme472> hello all
<helpme472> how I can set sftp on my proftpd without shell access
<helpme472> any one here
<helpme472> how I can set sftp on my proftpd without shell access
#ubuntu-server 2012-05-23
<helpme472> how I can set sftp on my proftpd without shell access
<billybigrigger> helpme472 just disable a shell for that user
<billybigrigger> http://www.cyberciti.biz/tips/linux-prevent-normal-users-from-logging-into-system.html
<billybigrigger> set the shell from /bin/bash to /sbin/nologin
<billybigrigger> errr nbm
<billybigrigger> its /bin/false i think in ubuntu
<billybigrigger> ya there it is...
<billybigrigger> helpme472 sudo usermod -s /bin/false USERNAME
<billybigrigger> any network gurus around to help with a dnsmasq server problem?
<billybigrigger> http://pastebin.ca/2152499
<helpme472> what is your probleme
<billybigrigger> im trying to connect to my vpn server...but seems there's a problem with 12.04 and dnsmasq
<billybigrigger> dnsmasq:
<billybigrigger>   Installed: 2.59-4  Candidate: 2.59-4
<Mischinka> How do I set all files permissions recursively? and how do i set all folders recursively?
<billybigrigger> chmod -R xxxx /xxxx/
<Mischinka> chmod -R 0755 /directory/ ?
<billybigrigger> xxxx = permisions /xxxx/ = folder ot apply to
<billybigrigger> yeah
<Mischinka> how do i do all files recursively?
<billybigrigger> -$
<billybigrigger> -R
<mischaghost> wow bluescreen of death
<mischaghost> so: chmod -$ -R 0655 /directory/   that will change all the files?
<billybigrigger> oops
<billybigrigger> -R only
<billybigrigger> remove the -$ that was my type
<billybigrigger> typo...ffs :P
<mischaghost> What about only files and not folders?
<nathwill> find /path/ -type f -exec chmod -655 {} \;
<nathwill> er
<nathwill> 0655
<nathwill> find /path/ -type f -exec chmod 0655 {} \;
<e2b04836>  find . -type f -exec chmod 0655 {} +
<mischaghost> find . -type f -exec chmod 0655 {} + && find . -type d -exec chmod 0755 {} +
<mischaghost> does that look right?
<nathwill> no
<nathwill> what is this + business?
<nathwill> never seen it... it seemed to work.. i may be wrong about that
<three18ti> what do you think of configserver firewall?
<mgw> anybody have scripts for grabbing ssh keys from ldap?
<twb> mgw: ssh-import-id can pull it from HTTP
<twb> mgw: monkeysphere can pull it from a GPG keyserver
<twb> mgw: don't know of anything for LDAP
<mgw> twb: thanks
<mattwj2002> hi guys
<mattwj2002> how do you make a private cloud system?
<KingKatari> i am running ubuntu 11.10 server, How do i fix a task leak as it is causing tasks that are <defunct>
<twb> Fix the parent process's child handling
<twb> https://en.wikipedia.org/wiki/Zombie_process
<KingKatari> oh god i have no clue where that call needs to go in this app since it is written in python3
<arooni-mobile> hi folks; recently upgraded from 11.10 to 12.04;  here is my sources.list: http://paste.ubuntu.com/1002316/ ... but now when i try to move over apt selectoins from one box to another i'm stuck:  https://gist.github.com/2773094 ... ideas?
<twb> KingKatari: file a bug report
<twb> KingKatari: or talk to #python about it, I guess
<arooni-mobile> can anyone help me with my package dependency
<twb> arooni-mobile: why are you doing dselect-upgrade ?
<arooni-mobile> twb trying to move dpkg selections from one box to another
<twb> dselect is only for people so old, they tuck their beards between their legs
<arooni-mobile> what would you recommend
<twb> What does "aptitude install" have to say?
<arooni-mobile> somehwat related q; should backporgts all be disabled
<twb> Do not enable backports unless you know what you're doing and you definitely want them
<arooni-mobile> thats what i thought
<arooni-mobile> ubuntu upgrade process enables by default
<twb> http://paste.debian.net/170709/ is about what it should look like (modulo release name)
<twb> I am surprised that do-release-upgrade enables is by default.
<twb> I am surprised that do-release-upgrade enables it by default.
<arooni-mobile> http://paste.ubuntu.com/1002318/
<arooni-mobile> thats what aptitude thinks
<arooni-mobile> does that sound good?
<arooni-mobile> twb, i was suprised too
<twb> Well first ignore all the :i386 sections because they're biarch crap
<arooni-mobile> yeah i think i may be moving from a 32 bit to a 64 bit system
<twb> Hmm, are you migrating from i386 to amd64?
<twb> Ah, OK, that's probably the root cause of all this
<arooni-mobile> bad job david
<twb> WHat I would do is instead of using --set-selections, be a bit lazy
<twb> aptitude -F %p --disable-columns search '!~M~i'
<twb> arooni-mobile: ^ that will emit a list of packages you actually asked for, not including the version numbers
<arooni-mobile> ah goodies
<twb> arooni-mobile: then try apt-get installing those packages only, on the new box
<twb> Beforehand, on the new box, you might want to do something like "aptitude keep ~T" (IIRC) to say "forget about all those changes I asked for before"
<arooni-mobile> ok so once i have the new selections redirected to a text file;  what would you use to run the install?
<arooni-mobile> as dselect is apparently a silly tool ;p
<twb> aptitude install foo bar baz quux
<twb> i.e. just pass those package names on the command line
<arooni-mobile> but if i try to pipe the text file into it like: aptitude install < versionless-selections ... nothing really happens
<arooni-mobile> i admit i'm a bit of a command line noob
<twb> Yes; don't do that
<twb> Try aptitude install `cat list-of-packages.txt`
<arooni-mobile> that doesnt seem to install
<twb> Then I give up
<twb> pastebin the output of your 13:33 <twb> aptitude -F %p --disable-columns search '!~M~i'
<arooni-mobile> http://paste.ubuntu.com/1002325/
<yaboo> hi all, followed the firewall/router ubuntu how to, how does one forward ports to another machine within my internal network?
<twb> arooni-mobile: perhaps all those packages are already installed?
<arooni-mobile> yeah i think youre actually right
<arooni-mobile> while iw as waiting for your comand i wrote a bash program
<arooni-mobile> that i think did the trick
<yaboo> have a issue with ufw, I have opened up ports 53 domain, but it seems my dns cannot talk to the outside world.
<yaboo> what else do I need to do.
<twb> yaboo: pastebin output of "iptables-save -c"
<redactd> hi has anyone had problems with courier-imap-ssl not working since 12.04? I am getting error SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate in mail.log. imap works fine unsecure.
<twb> redactd: I use dovecot; the Ubuntu Server Guide also recommends dovecot AFAIK.
<redactd> twb, much more of a learning curve than courier?
<twb> But it sounds like a simple case of it not finding your certs.  Do you have a custom cert hierarchy, or what?
<yaboo> twb http://pastebin.com/6Sw1gheH
<twb> I have never used courier.  Dovecot is not hard IME, but I have not done very much complex with it -- most of the cleverness, I do in postfix.
<redactd> twb, i use custom certs which are generated and installed with courier on install
<twb> redactd: on install of the courier .deb ?
<redactd> twb, yep
<twb> I mean, does the .deb do them and you just use what it provides, or are you doing something on top of what the .deb provides
<redactd> .deb does it.
<twb> OK so they are probably snakeoil certs or something
<twb> I would be looking into that, and likewise the client side if you're using client-side certs, also see if your old courier was using gnutls and the new one is using openssl, or vice-versa
<twb> e.g. slapd+gnutls has problems (I make no assertion as to whether that's openldap's fault, or gnutls's fault)
<redactd> it uses openssl afaik. setup with pam (only basic mail server) - just reinstalled and noticed interesting error
<twb> Obviously you can also try usual things like turning the debugging up
<redactd> it is a cert error - the imapd.pem no such file or dir :S
<redactd> errors while installing .deb didn't notice it before now
<redactd> prob unrelated though. will just give dovecot a go instead i think
<redactd> twb, out of curiosity how would i turn debugging up on a service like that? do you have a link or something similar? or just google it?
<twb> redactd: depends on the daemon, read the manpages and so on
<redactd> rgr will do ty
<twb> no rgr here...
<yaboo> two did you look at my pastebin
<twb> yaboo: I got distracted.
<yaboo> ok
<twb> Your firewall is bizarro, it should be using conntrack (or state) in FORWARD.  IIRC ufw should do that by default...
<twb> yaboo: it looks like /etc/ufw/before.rules didn't get loaded
<twb> yaboo: what release of Ubuntu does lsb_release -a say you're running?
<yaboo> two when I start "ufw enable" I get the error failed to start ufw-init?
<yaboo> 12.04
<twb> yaboo: it's "twb"
<yaboo> twb apologies
<twb> yaboo: to be honest, I think you should turn ufw off, then purge and reinstall it, and punch in your ufw rules again
<twb> yaboo: if that still has problems, suggest you drop ufw and just learn to do it by hand, in #netfilter
<yaboo> two ok can be done tonight then
<yaboo> twb to do it by hand where would Iput the rules, and more worried, I do not know enough about iptables to get me through
<twb> Right; you will have to learn
<twb> For basic needs like you have, it is not too hard
<yaboo> two right I do, but no idea to start where
<yaboo> twb last time I followed something I found on google
<KingKatari> what could be causing Connection timeouts / socket hang-ups
<yaboo> two if your around later will try
<yaboo> twb
<yaboo> auto correction
<twb> KingKatari: insufficient data
<KingKatari> i am running Ubuntu Server 11.10 and i get a high amount of connections from a ipaddress on a very specific port for a service i run on that port, well after 10 to 30 seconds i start getting abunch of connection timeouts and or socket hang-ups
<KingKatari> would somaxconn have something to do with that?
<rbasak> KingKatari: sounds like your service can't keep up
<KingKatari> no the service is actully waiting for for connections when this is happing
<nil8> Yo
<Syria_> Hi, i have a VPS server running under Ubuntu Server 10.04 LTS, Please help me with installing vpn service on it because I want add an account in order to use it on my Ipad.
<RoyK> hm... i have, for various reasons, installed Bacula from source. What's the easy way to blacklist the bacula\* packages?
<syria> Hi, Can I use openvpn on my ubuntu server? so I can connect to it using my ipad? please...
<_ruben> syria: yes (assuming ipads support openvpn)
<twb> iphones speak l2tp/ipsec, cisco ipsec, and pptp
<syria> _ruben:  My VPS is running under  ubuntu server 10.04 LTS, How can I configure it to accept VPN connections please?
<twb> syria: you need to ask ##macosx or something about ios, we don't support it.
<bioman> Hello
<twb> "In 1996 Frederik Schodt characterized the typical reader as a twenty-eight-year-old systems engineer who works at a finance company, eats at ramen noodle shops and is seriously considering using a matchmaking service." --- haha
<syria> twb: I want to configure my ubuntu server to become a VPN server, So I can connect to it later using my ipad or anything else that supports vpn.
<twb> Oops, wrong channel.
<syria> Where should I go? :(
<twb> syria: oh.  I assumed you already had that working, because you were asking about openvpn.
<bioman> Want to change drbl stable to drbl testing. I've change in /etc/apt/sources.list to testing, done a aptitude update, a aptitude upgrade but no drbl testing. So aptitude install drbl but it says I have the latest version :/ What's wrong please ? (ubuntu server 11.10)
<syria> twb: Nope, I have no idea where to start from.
<rcsheets> RoyK: might this work? http://askubuntu.com/a/76075
<twb> syria: well first you work out what devices you are required to support, then you pick the least shit technology that they all support.
<twb> syria: since that will be PPTP, you will need a bottle of vodka at this point
<syria> twb:  o.0
<syria> I want it to support my Ipad. I am at work now vodka is not allowed :P
<yaboo> two syria, I got pptp working in like 20 minutes and love it, for my iOS devices
<twb> yaboo: pptp is completely insecure
<twb> That is why, if you deploy it, you will need to drown your sorrows in strong liquor
<yaboo> twb yes I understand, but what else do you recomend for iOS devices
<twb> https://en.wikipedia.org/wiki/PPTP#Security_of_the_PPTP_protocol
<twb> yaboo: lt2p/ipsec
<yaboo> two tried that and I needed strong liquor just reading about it.
<twb> Granted.
<twb> Security is always at odds with convenience
<yaboo> twb you are correct
<SpamapS> I dunno if I'd agree that security *always* is at odds with convenience.
<SpamapS> Active security usually is, but sometimes passive efforts can increase security without compromising convenience. Such as intrusion detection systems which simply report..
<twb> SpamapS: if they just report and no human acts on them, they aren't much of a security layer
<_ruben> how does reporting increase security, by itself
<twb> And they inhibit convenience in that the system is infinitesimally slower to respond :-)
<SpamapS> twb: I think there are 3 dimensions. Convenience, Risk, and Cost.
<yaboo> want to setup free version of splunk and munin
<twb> If you keep going, I might suspect you're trying to add some factual accuracy into my aphorism
<SpamapS> twb: the traditional 2 dimensional scale implies a "state" of "secure" .. but really, you need a process.. and that process has to figure in cost.
<SpamapS> twb: no, just trying to spark a discussion that will bore me to sleep :)
<_ruben> hehe
<SpamapS> _ruben: if the IDS is worth anything, it will know when risk has increased, and just tell you, or even take action to reduce it. Cost would be high, but convenience (system performance and admin involvement) stay the same.
<SpamapS> also inline lossy ethernet taps do not slow down ethernet
<twb> "Having a D-Bus interface means that applications wanting to print automatically get to use printerd asynchronously."
<twb> ...uh, because talking to localhost:631 was synchronous?
<SpamapS> twb: those who do not understand unix are doomed to repeat it.
<twb> SpamapS: unfortunately, those people are building the entire goddamn desktop
<twb> Especially lennart
<twb> >rage<
<SpamapS> but its *SHINY*
<SpamapS> -->> shiny
<SpamapS> see it, over there
<twb> I want so badly to beat some sense into them
<SpamapS> twb: no, its important that pid1 implement everything that Linus has said no to putting in the kernel.
<twb> That way we will reduce the number of pids on the system, to 1 + chrome
<twb> Which is important, I guess, because pids are scarce?
<SpamapS> as scarce as pinheads
<SpamapS> twb: its not pid scarcity.. its just that all those pids clutter up top.
<twb> oh noes!
<SpamapS> who needs crond, and dbus, and udev? You can just let your whole system go down in one fiery ball!
<twb> Anyway my top is alreayd unusably full with jbd/1 through 32
<twb> Seriously, I had to stop using top and learn to use ps because of all the per-core kernel threads
<SpamapS> twb: IIRC htop has a "hide kernel threads" option buried somewhere in there
<SpamapS> "K"
<twb> htop is stupid tho
<twb> I KNOW its stupid because even my manager recommends it
<twb> ...that and it's not part of ubuntu-minimal, so I'd have to explicitly ask for it.
<SpamapS> having a top w/ tree support is pretty nice
<twb> SpamapS: I just ps uxf
<SpamapS> twb: so do I
<twb> watch ps uxf -- there now you have htop thread
<SpamapS> but when I want to leave one thing running to see what my latest insanity has done to break the system, watch ps auxfw isn't usually informative enough
<twb> Seriously, what is the advantage of top over watch + ps?
<twb> AFAICT it's basically just that you can use arrow keys instead of ps arguments
<SpamapS> twb: you'd need watch 'sh -c "free -m ; uname -a ; ps auxw" ..
<SpamapS> twb: and then to change even the slightest thing (sort.. etc) you'd have to ctrl-c.. change it.. start it back up
<twb> I turn that stuff off anyway because it means you only see about 10 line of processes
<twb> At least on an 80x25
<SpamapS> what, you only use 80x25 terminals?
<SpamapS> You do realize 23" LCD's are < $150.. :right?
<twb> SpamapS: you think if I let KMS try to negotiate with a crappy KVM, while not switched to that KVM at boot, it will work?
<twb> Actually it doesn't work even when I blacklist modesetting and vga16fb, on lucid boxes, to my great annoyance.  I haven't quite cared enough to isolate it.
<SpamapS> twb: remote KVM should be something you only need in *dire* situations
<twb> SpamapS: by KVM I mean the thing that slides out of the rack that has a LCD and a keyboard, and a bunch of VGA/USB cables hanging out the back
<twb> Not some horrible IPMI thing that needs a java client to access the RFB stream, nor a riced-up qemu
<SpamapS> twb: right, so thats like, what, something you have up for extreme situations
<SpamapS> I don't think I'd use top on that either ;)
<twb> OK, granted, when things are working well I can ssh in from my netbook, but I'm a sysadmin -- if things are working I am back in the batcave waiting for the batsignal
<SpamapS> twb: I always viewed going to the server console as an admission of failure :-P
<twb> Well, yes
<SpamapS> twb: for me, I just racked them, got them onto the network with ILO and PXE enabled, and never saw them again.
<twb> If I have suceeded, I will be paid to sit here reading a book until I die
<SpamapS> that was when I had actual servers
<twb> I hate ILO, it's such a pain in the arse
<SpamapS> Yeah I never liked it much
<twb> It's RFB under the hood but they wrap it in all this java shit
<SpamapS> but it worked better than most IPMI things
<SpamapS> and certainly simpler to use than DRAC
<twb> An I mean I'm on an ARM netbook with 1GB RAM and about 6GB of nonvolatile storage
<twb> As if java is going to even work
<SpamapS> wtf.. ?
<SpamapS> time to get an ultrabook
<twb> SpamapS: x86 has lame battery life
<SpamapS> yeah, 5.5 hours seems pretty lame for something that weighs the same as an ipad
<twb> I get 14h on my 1kg netbook, it was 16h when I bought it
<twb> Anyway, rather than IPMI/ILO/DRAC what I'd really like is for the BIOS to just make itself usable over the serial port
<SpamapS> twb: but then you have to put serial cables in all your boxes
<twb> Since it's ultimately just an 80x25 screen anyway, and pushing it through RFB (let alone java) is just inexcusable blnoat
<SpamapS> even if you have a nice USB way to do it
<twb> SpamapS: what, you run ILO over the same cat5 as its normal IP?
<SpamapS> no, but network is ubiquitous
<twb> SpamapS: that means you're trusting that network
<twb> SpamapS: yeah well, serial to 8p8c is not that hard
<SpamapS> I actually used red for ilo, and blue for regular network. yellow was DMZ
<twb> Definitely better than VGA which you'd need in an emergency
<SpamapS> twb: never had issues w/ ILO.. but meh.. I've achieved my stated goal of boring myself to sleep
<twb> Bear in mind I haven't actually had a chance to make this work, so I am still operating in fantasy land where it will actually be implemented sanely
<twb> SpamapS: that will be $5 or two beers
<twb> :-)
<Sander^work> Do anyone know why I got dropped into a grub shell after upgrading from 10.04 to 12.04? I think I didn't upgrade grub.
<Sander^work> What do I need to do, to upgrade grub, so it will boot again?
<lynxman> morning o/
<twb> Sander^work: does it give an error?
<Sander^work> twb: no, just a grub shell.
<eagles0513875> hey guys
<streulma> hello
<Syria> Hello!
<Syria> Who konws what is this used for? ssh -D "port" "user@address"
<Daviey> Syria: local socks proxy over ssh
<Daviey> man ssh , should provide more info.
<Syria> Daviey: Yes, When I use that command in my terminal I go to firefox browser and use this socks proxy 127.0.0.1 and the port number.
<Daviey> right
<Daviey> So what is the question?
<Syria> Daviey: This helps me to bypass some blocked sites by my ISP.
<Daviey> right, but what is your question? :)
<Syria> Daviey: Can I broadcast this connection to my Ipad via a wireless ad-hoc?
<Daviey> technically you can.. but why not just set up a VPN?
<Syria> Daviey:  It was hard for so i have decided to search for an easeir way. :(
<Syria> Daviey: Because Ipad supports l2pt, pptp and Ipsec VPN.
<Syria> Daviey:  Can you help me with this please?
<Daviey> Syria: ssh -D 0.0.0.0:4000 user@adress
<Daviey> then set socks as the ip address of your machine, port 4000.  Note, it's not authenticated. so, anyone on the network can use your proxy.
<Syria> Sorry Lost my connection. :(
<Syria> DavidLevin:  After ssh -D 127.0.0.1:4000 user@address ..... could you please tell me again what should I do to use this tunnel on my ipad as well?
<Daviey> 12:40 < Daviey> Syria: ssh -D 0.0.0.0:4000 user@adress
<Daviey> 12:41 < Daviey> then set socks as the ip address of your machine, port 4000.  Note, it's not authenticated. so, anyone on the network can use your proxy.
<Daviey> *not* 12.0.0.1
<Syria> Daviey: Thank you for your help and sorry because I ask too much... But should I set the socks as the ip address of the ipad or the laptop??
<Daviey> Syria: on your laptop, use the command as above.. on your ipad; set the socks proxy as the ip address of your laptop and port 4000.
<Syria> Daviey:  What if I don't have ssh on my Ipad? I bought a new one and I am being completly unable to install any program because I live in a blocked country by apple store.
<Syria> Daviey: That is why I want to broadcast this connection via ad-hoc wireless.
<Daviey> Syria: i'm not convinced you are listening :)
<Daviey> Syria: ipad will not know it's using ssh, it will know it's using a socks proxy only (via your laptop).. i assume ipad can support socks, that is
<Syria> *reading again*
<streulma> Ipad can I think
<ikonia> I don't think itunes supports socks proxy, just http
<ikonia> (or the app store)
<Syria> DavidLevin:  ssh -D 127.0.0.1:1236 user@address....... is this correct?
<Syria> Daviey: ssh -D 127.0.0.1:1236 user@address....... is this correct?
<Syria> sorry!
<Daviey> No!
<Daviey> 12:48 < Daviey> 12:40 < Daviey> Syria: ssh -D 0.0.0.0:4000 user@adress
<Daviey> 12:48 < Daviey> 12:41 < Daviey> then set socks as the ip address of your machine, port 4000.  Note, it's not authenticated. so, anyone on the network can use your proxy.
<Daviey> 12:49 < Daviey> *not* 12.0.0.1
<Syria> sorry!
<Syria> ssh -D myipaddress:4000 user@address
<Daviey> NO NO NO
<Daviey> Syria: 0.0.0.0 (although your ip address will also work)
<matti> Daviey: :)
<KristianDK> Do you guys know if LXC 0.8 will be released in precise anytime soon? Or this there a PPA for it? Couldnt find one
<hallyn> KristianDK: precise is LTS and released.  We won't be upping versions.  0.8 is not actually released upstream (it's at 0.8.0-rc2)
<hallyn> KristianDK: but the version in precise has just about all the patches that are upstream
<KristianDK> hallyn, except the one I have troubles with of course :D More specifically this one: https://bugs.launchpad.net/ubuntu/precise/+source/lxc/+bug/994752 - will this also be patched on the precise package?
<uvirtbot> Launchpad bug 994752 in lxc "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,Confirmed]
<hallyn> KristianDK: yes it will be
<KristianDK> hallyn, ah ok - thats all I need. Do you by any chance know if this is in the works, and if I could possibly help in any way if its not?
<hallyn> it may already be sitting in unapproved precise-proposed queue, but if not then stgraber will be pushing it soon
<hallyn> It's definately in the works.  Once te fix is in precise-proposed, you can absolutely help by testing to push it into -updates as quickly as possible :)
<hallyn> If you subscribe yourself to the bug (if you're not already) you'll get an email when the proposed package is ready
<KristianDK> Yeah, already subscribed - didn't know it worked like that. I'm still not that good with launchpad, thanks for you help :-)
<hallyn> KristianDK: excellent  (if you want all the gory details, read https://wiki.ubuntu.com/StableReleaseUpdates, but otherwise, thanks for your help)
<KristianDK> Ah great, I'll take a look - might avoid future questions from my side
<hallyn> jdstrand: I've posted a proposed debdiff on bug 1001625 for detecting pc-0.12  (which would also affect your wmvga bug, but I didn't mark it as such...  in part bc i couldn't quickly find it :)
<uvirtbot> Launchpad bug 1001625 in qemu-kvm "Guest clock stops after live migration on Ubuntu 12.04 hosts" [Medium,Confirmed] https://launchpad.net/bugs/1001625
<jdstrand> hallyn: hehe-- I am not the author of debian/libvirt-migrate-qemu-machinetype :)
<jdstrand> you could do a 'based on' if you really wanted...
<hallyn> jdstrand: I thought I *did* do 'based on'.  all right all right, was hoping to stay anonymous wrt this :)
<jdstrand> :)
<hallyn> zul: could you take a look at bug 996840 ?  It looks like actually a nova bug in its use of libvirt.
<uvirtbot> Launchpad bug 996840 in libvirt "Libvirt error when trying to mount ISCSI volumes" [Medium,Confirmed] https://launchpad.net/bugs/996840
<zul> hallyn: yep
<jdstrand> I don't blame you. that script was tricky to get right. I was running it in postinst so it was moderately important to not hang :P
<hallyn> zul: thanks!
<hallyn> jdstrand: yeah it should be less scary this time at least for that reason :)
 * jdstrand nods
<jdstrand> hallyn: then man page references libvirt\-migrate\-qemu\-disks
<hallyn> gah thought i'd gotten all of those
<jdstrand> the sentence that references that should also be adjusted
<lunaphyte_> hi.  i was asking here the the other day regarding a "warning: failed to read mirror file" message when upgrading from 11.10 to 12.04 using do release upgrade.
<hallyn> (collecting these comments, thanks)
<jdstrand> hallyn: since you are fiddling with it, there is non-uniform whitespace in migrate_vm()
<lunaphyte_> digging a bit further with strace, it appears that the file it's looking for is /tmp/update-manager-AkiIxq/Ubuntu.mirrors:
<jdstrand> (oldformat/newformat)
<lunaphyte_> open("/tmp/update-manager-AkiIxq/Ubuntu.mirrors", O_RDONLY) = -1 ENOENT (No such file or directory)
<lunaphyte_> how can i figure out where this file is supposed to come from, and why it's not being created?
<ogra_> why would you care its just a warning (and likely the file is created at some point during the process)
<lunaphyte_> a warning means something isn't happening the way someone was expecting it to, right?  why wouldn't i care?
<lunaphyte_> anyway, the question isn't so much whether or not i should care, but rather how i can figure out what is happening.
<jdstrand> hallyn: fyi, README.Debian has 'may in face'
<pmatulis_> lunaphyte_: so the upgrade failed then?
<lunaphyte_> pmatulis_: no, actually, the upgrade appears to complete successfully [as best as i can see so far on another computer with the same problem]
<jdstrand> hallyn: other than those minor things, seems good to me
<hallyn> jdstrand: and I'm not over-reacting with the pc-0.12 thing right?  :)
<jdstrand> heh-- well, it seems to be causing a problem, so I don't think so. you may want to coordinate with skaet to make sure it is noticable in the 12.04.1 release notes
<jsmith-argotec> Samba question - I use a user map script to map ldap cn value to uid.  Script runs fine and has worked fine on older version of samba
<glebaron> Can anyone tell me the recommended way to install java on ubuntu server these days. The landscape seems fragmented and I don't know what is best.
<jsmith-argotec> however now on 12.04 I'm getting this message in the samba logs and not sure where to start to figure it out...
<jsmith-argotec> sh: 1: /etc/samba/ldapmapuser.sh: Permission denied
<jsmith-argotec> permissions are : -rwxrwx--- 1 root admin 182 May 23 09:34 /etc/samba/ldapmapuser.sh*
<jsmith-argotec> doesn't need execute other does it?
<pmatulis_> jsmith-argotec: so... what user is invoking that script?
<jsmith-argotec> umm I thought samba would be invoking the script...
<rbasak> glebaron: I would assume that the default-jre-headless package will give you a sensible default. I don't understand the java landscape very well either though.
<jsmith-argotec> pmatulis_: though I just checked and permissions on that script on the older samba server and it was -rw-r-xr-x
<jamespage> rbasak, glebaron: default-jre-headless will give you the supported version of Java for a given release of Ubuntu
<jsmith-argotec> pmatulis_: it is listed in the samba config as the user mapping script so I thought the samba process invoked it
<jsmith-argotec> pmatulis_:    username map script = /etc/samba/ldapmapuser.sh
<bt> I am wondering if someone could answer some questions on networking issues...
<glebaron> jamespage, do you know what the currently supported version is?
<pmatulis_> jsmith-argotec: ok... and what user is smbd run as?
<jamespage> glebaron, which release of ubuntu?  12.04 is openjdk-6 (Java 6)
<glebaron> jamespage, yes, 12.04.
<bt> I basically cannot figure out how to configure my physical networking adapters... i have tried using/modifying  /etc/network.interface, but it always fails to bring up the second adapter
<pmatulis_> bt: i recommend reading the ubuntu server guide.  help.ubuntu.com
<KristianDK> Is there an easy way to apply a proposed fix to a running installation? e.g. bug 994752
<jamespage> glebaron, 12.04 also has openjdk-7 in universe - but openjdk-6 is default
<uvirtbot> Launchpad bug 994752 in lxc "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,Confirmed] https://launchpad.net/bugs/994752
<jsmith-argotec> pmatulis_: root
<jsmith-argotec> pmatulis_: which is why I don't understand the permissions error
<pmatulis_> SpamapS: do you really think this is Critical?  bug #872824
<uvirtbot> Launchpad bug 872824 in network-manager-strongswan "Network-manager locks up when adding strongSwan VPN connection" [Critical,Triaged] https://launchpad.net/bugs/872824
<bt> i have looked through the networking portion, but it still fails..
<pmatulis_> bt: you should by now know that the file is /etc/network/interfaces
<bt> yes.. that was the file i was working with
<pmatulis_> jsmith-argotec: try to run the script manually
<pmatulis_> bt: maybe pastebin it, someone may take a look
<a_ok> What do I have to do to use liboauth-php?
<bt> http://pastebin.com/LNxrJuq4   ---- the response i get from running /etc/init.d/networking restart
<bt> is file exists
<jsmith-argotec> pmatulis_: works fine manually as root and as a admin group member
<jsmith-argotec> pmatulis_: I added all execute to the script permissions and now the error has changed to
<bt> the above pastebin is my interfaces file
<jsmith-argotec> pmatulis_: /bin/bash: /etc/samba/ldapmapuser.sh: Permission denied
<jsmith-argotec> pmatulis_: I added read as well and now it's working... no idea why it needs all read/execute but that's what works so we'll go with it
<jsmith-argotec> pmatulis_: thanks for the help!
<glebaron> jamespage, rbasak, thanks for the info.
<SpamapS> pmatulis_: yes, its critical. The whole box loses control of its network because this software is completely broken.
<SpamapS> pmatulis_: the only workaround is to not use this software. That seems like a reason to either fix it, or drop it.
<jcastro> adam_g: zul: you guys are in ~charmers, we're going to start to schedule review time for charms like we do the sponsorship queue, if you guys want in I can leave you in the group
<jcastro> if you don't, then I can just remove you guys
<zul> jcastro: remove me i dont have time :(
<hallyn> soren: hey, regarding the libvirt failure with multiple parallel virsh starts (as shown by http://people.canonical.com/~serge/breaklibvirt.sh), it doesn't appear to be any sort of timeout issue
<hallyn> Here are the relevant logs fwiw: http://paste.ubuntu.com/1003284/
<hallyn> Tweaking /etc/libvirt/hooks/qemu to only sleep at the 'begin start' still does it, and for that matter so does removing the sleep so all there is is '#!/bin/bashn exit 0' :)
<hallyn> looks like i need to look more closely at virCommandHandshakeWait:2369 : Unable to wait for child process: Bad file descriptor  for the real issue
<hallyn> hm, maybe it's as simple as a sleep after virCommandRequireHandshake()
<hallyn> nah that makes no sense
<adam_g> jcastro: how much time are we talkin?
<jcastro> 4h a month
<adam_g> jcastro: cool, let me know how/where things get scheduled
<ahasenack> hi, anybody from maas around here?
<ahasenack> I changed the IP address and updated all config files I could find, also ran cobbler sync
<ahasenack> but the json profiles under /var/lib/cobbler/config/profiles.d still have the old ip for iscsi_target and log_host
<ahasenack> should I edit them manually or is there another way?
<samba35> ahasenack, can i send you pm ?
<ahasenack> samba35: techincally, sure
<gmcinnes> Hi all.
<gmcinnes> I just did a do-release-upgrade -d to get from 10.04 to 12.04.  After rebooting at the end of the process, I just get dumped to a grub prompt, with no menu entries of kernels :(  Any idea how to fix?
<gmcinnes> Does anyone know what kernel it likely installed, and I can try and boot from grub2?
<ahasenack> gmcinnes: you can play around with the ls command
<ahasenack> see what is installed
<ahasenack> then try to boot manually whatever you find
<ahasenack> basically you need a kernel (hd?,?)/vmlinuz root=/dev/some/device
<ahasenack> and another for initrd (hd?,?)/initrd
<ahasenack> then "boot"
<ahasenack> you need to find out "hd?", use tab completion for that, it's going to be a number
<ahasenack> and maybe /vmlinuz won't exist, so poke around in /boot
<gmcinnes> that's the thing. I don't know hot to get to /boot
<ahasenack> try ls (hd0<tab><tab>,<tab><tab>)
<ahasenack> some combinations of that
<gmcinnes> ah!
<gmcinnes> the light switches on.
<gmcinnes> thanks.
<jcastro> adam_g: I'm doing the schedule today, what days are good for you?
<adam_g> jcastro: mon or fri usually
<PedroGomes> Hi, does anyone knows if it is possible to create an empty (or mostly empty) lvm group in a installation based on preseed/partman?
<hazmat> smoser, is there a  way to manually run cloud-init post boot?
<smoser> there are jobs in /etc/init/cloud-*
<smoser> you can run them by hand (sudo start cloud-init-XXXX)
<SuperLag> What is the proper way to make sure an init.d script starts on boot?
<SuperLag> Netatalk, in this case
<RoyK> SuperLag: symlink it to /etc/rc2.d/Sxxnetatalk, where xx being a number
<RoyK> the number being the start order
<RoyK> or, the other way around, Sxxnetatalk, like, S99netatalk -> ../init.d/netatalk
<stgraber> hallyn: current lxc SRU has now been published, I'll start preparing the next one today/tomorrow
<gmcinnes> ahasenack: thanks for your help.  I'm still stuck trying to find the root partition.  I know where it *should* be. Its an lvm volume which shows up in ls in grub, but it doesn't want to boot
<gmcinnes> ahasenack: is there anything special I have to do to get lvm partitions to work?
<ahasenack> gmcinnes: I don't know if grub support /boot in lvm
<hallyn> stgraber: thanks.  Did you see the new bug/complaint about --close-all-fds not being the default?
<ahasenack> gmcinnes: but lvm in root works, I have it
<hallyn> I'm fine with making it the default, fwiw.
<henkjan> ahasenack: grub2 can boot from lvm
<stgraber> hallyn: nope, haven't seen it yet. Do you see any potential problem with having it be the default?
<stgraber> hallyn: I can't think of a case where we specifically want the container to inherit an fd
<hallyn> well it might paper over errors in callers...
<hallyn> no, if we inherit one we bail out with an error
<hallyn> so the only thing we lose is not warning about bad callers
<hallyn> probably not worth it
<ahasenack> gmcinnes: so if your /boot is in the root partition, and that is an lvm lv, then you need to research how grub handles lvm, i don't know that
<ahasenack> gmcinnes: my /boot is a normal /dev/sda1 partition, just the rest is lvm
<stgraber> hallyn: could we change it to closing all fds by default but printing a warning if lxc-start inherited any non-standard fd?
<hallyn> do you think that's worth it?
<stgraber> depends how much effort it's, if it's fairly trivial to get the warning or at last a log entry, it might be worth doing
<hallyn> well, maybe at debug level
<hallyn> yeah
<hallyn> do you fel that should be handled in your next set of SRUs?
<stgraber> so someone working on a wrapper around lxc-start can make sure that his code is sane (thinking of what arkose is doing at the moment)
<hallyn> well in any case, i'm about to duck out for lunch
<hallyn> sounds good.  i'l lhappily whpi up a patch later today or tomorrow if you like.
<stgraber> it's technically a change of behavior so we might have to do some convincing to get in as an SRU
<gmcinnes> ahasenack: yeah. I thought mine was too. All the vmlinuz and grub stuff is there, but the actual "/boot" is on /  I think. What a pain.  I'll keep hacking.
<stgraber> and we need to make sure not to drop the current parameter as otherwise we'd cause regression
<hallyn> yup
<hallyn> ok i'll triage the bug later (if you haven't by then)
<hallyn> bbl
<ahasenack> gmcinnes: check this: https://wiki.archlinux.org/index.php/GRUB2#LVM
<ahasenack> gmcinnes: you can issue those commands at the grub prompt too
<ahasenack> the insmod I mean
<ahasenack> maybe after doing that ls will show the /boot files and you can reference them
<ahasenack> set root=stuff is so you don't need to use (hdN,M) all the time as a path prefix
<ahasenack> or the vg and lv names in this case
<gmcinnes> ahasenack: ah! got it.
<gmcinnes> I was already at that page :)
<ahasenack> nice, hope it works
<gmcinnes> well, I got it booted :)  Now to see wtf went wrong on the upgrade.
<ahasenack> gmcinnes: double nice
<gmcinnes> anyone know if there is a command to check grub.cfg syntax?
<gmcinnes> of course there is. awesome :)
<mgw> anybody here with experience building openssh dpkg?
<mgw> I made an update to configure.ac, ran autoreconf, and now I'm failing to compile
<mgw> About 20 minutes into dpkg-buildpackage
<mgw> https://gist.github.com/70f1ab4e2f71baa39681
<axisys> how do I send mail from command line with a reply-to header?
<axisys> mail -r foo@example.com does not work.. does not recognize -r
<axisys> in solaris that is what we have been using
<axisys> got it! mail -a "From: foo.com" worked
<tash> I feel like an idiot. I don't know if this is better to be asked here or #vbox.  I have an Ubuntu Server running VirtualBox.  2 interfaces ( eth0, eth1 ).  I have 2 virtual machines running on the host.  Each one is respectively bridged to eth0/eth1.  So, vm1 is bridged to eth0 and vm2 is bridged to eth1 on the host.  If I unplug 1 of the network cables, say eth1 (192.168.1.223) I can still ping it, but I cannot ping the vm that is bridged to that interfac
<tash> fwiw, I can also ping eth0, so I know I am not confused in that regard ( as in, I'm pinging the right thing )
<KillMeNow> anyone here ever use the vmware converter to P2V a Ubuntu server?
<hallyn> stgraber: ok, if you don't have the package ready tomorrow, can i give you a patch for bug 1003583 tomorrow?
<uvirtbot> Launchpad bug 1003583 in lxc "make the "--close-all-fds" option in lxc-start on by default" [Low,Confirmed] https://launchpad.net/bugs/1003583
<hallyn> (not sure yet which patch I'll write :)
<stgraber> hallyn: yep
<hallyn> thx
<KristianDK> stgraber, any chance bug 994752 will be going to precise-proposed sometime soon? And this there anything I can do to help?
<uvirtbot> Launchpad bug 994752 in lxc "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,Confirmed] https://launchpad.net/bugs/994752
<stgraber> KristianDK: yes
<stgraber> KristianDK: it's planned to go in the next sru
<KristianDK> stgraber, I'm not sure I fully understand the SRU concept in regards to timing - when would the next SRU be?
 * LordOfTime pokes hallyn
<SpamapS> KristianDK: its not timed
<SpamapS> KristianDK: but its a rather lengthy process .. so sometimes its best to group them rather than do them in serial, thats what stgraber means.
<hallyn> LordOfTime: yup, I'm new to bugs.  since I never cause any myself
<stgraber> KristianDK: if all goes well, it should be land in -updates within the next 2 weeks
<LordOfTime> hallyn:  :P
<KristianDK> SpamapS, ah thanks, now I understand :-)
<LordOfTime> hallyn:  you targetted it correctly, i'd leave that bug as it was (the Lubuntu one) until it gets confirmed
<LordOfTime> hallyn:  someone'll get to it eventually, i'll poke my friends on the lubuntu team, get them to see it though
 * LordOfTime works on Ubuntu bugs and nginx bugs, so... :p
<hallyn> LordOfTime: thanks.  launchpad scard me, making it look like that project didn't get looked at by anyone
<hallyn> I hated to be responsible for that bug falling off a cliff
<KristianDK> stgraber, ok - I'm really blocked by this bug right now - is there a recommended way to apply the patch in a way where it will not conflict with the update once it arrives?
<stgraber> considering I don't know how I'm going to fix it in the SRU yet, no
<LordOfTime> hallyn:  they get looked at every so often, you might want to sit and lurk in -bugs forever :P
 * LordOfTime is on bugsquad, if yo uhave a question about a bug ask it there, i'll probably see it
<hallyn> LordOfTime: good point, I'll ask there next time.  thanks.
<hallyn> KristianDK: if you're blocked on that bug, can you simply use a package from ppa for now?
<LordOfTime> hallyn:  you can ask in #lubuntu or #ubuntu-bugs, but bugsqad'll look at stuff mentioned in -bugs :)
<KristianDK> hallyn, sure - couldnt find a PPA with the fix in it though
<stgraber> KristianDK: quantal currently has the fix
<LordOfTime> which package guys
<LordOfTime> and what program
<hallyn> KristianDK: there isn't one yet :)  but I can see if the quantal package will compile for precise in my virt ppa, one sec
<hallyn> LordOfTime: an lxc bug, bug# should be a page or two up
<LordOfTime> hallyn:  packet loss between irc and my end, mind reposting?
<hallyn> bug 994752
<uvirtbot> Launchpad bug 994752 in lxc "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,Confirmed] https://launchpad.net/bugs/994752
<KristianDK> hallyn, that would be cool! I'm very new to debian packaging, so I'm a bit lost on how things are done "the right way"
<hallyn> KristianDK: this almost certainly isn't the "right" way :)  but it should keep you going
<LordOfTime> hallyn:  the correct way is to read the SRU guidelines, and request an SRU with that patch
<hallyn> KristianDK: I say it's not the right way bc I'm going to use the quantal version #, so you'll need to manually install the precise version when that is fixed
<hallyn> LordOfTime: yup, that's being done
<LordOfTime> hallyn:  looks like the SRU request isnt even there
 * LordOfTime looked, there's tons of missing data
<hallyn> stgraber is on it
<LordOfTime> good, one less thing for me to poke people on :P
 * LordOfTime has enough to deal with
<KristianDK> LordOfTime, if its anything I can do, I'd love to do so - I would just need some directions
<LordOfTime> STOP RINGING, YA STUPID PHONE
<LordOfTime> be right back, this thing's been ringing off the hook all day
<hallyn> KristianDK: assuming there is no build failure that I didn't anticipate, it should show up at https://launchpad.net/~serge-hallyn/+archive/lxc-backport
<KristianDK> hallyn, awesome! Thanks a lot! I guess it wont update when the SRU comes then, but I could actually just reinstall the VM we use for testing at that point, so that probably does not matter
<hallyn> KristianDK: ideally when the call goes out for testing the SRU package, you'll apt-get remove lxc, rm /etc/apt/sources.list.d/serge*, set up -proposed, apt-get update and apt-get install lxc to test :)
<hallyn> (you can ping me when the time comes to go back over that if you like)
<hallyn> ttyl
<KristianDK> Sure, thanks :)
<KristianDK> hallyn, adding the PPA and doing apt-get update && apt-get upgrade should do it right?
<KristianDK> or does this need to complete first? https://launchpad.net/~serge-hallyn/+archive/lxc-backport/+builds?build_state=pending
<hallyn> KristianDK: yes, but only once it has built
<hallyn> right
<KristianDK> ah, from experience - does it actually take 14 hours?
<KristianDK> then i might as well go to sleep :D
<hallyn> KristianDK: it depends on how many other packages are queued up
<hallyn> ppas are lower priority
<KristianDK> ah ok, ill keep an eye on it
<stgraber> hallyn: bumped, will start building real soon
<KristianDK> awesome :D
#ubuntu-server 2012-05-24
<zul> Daviey: so sendfile is not really needed so i dropped it for f1, but python-jsonschema is at https://bugs.launchpad.net/ubuntu/+source/python-jsonschema/+bug/1003729
<uvirtbot> Launchpad bug 1003729 in python-jsonschema "[MIR] python-jsonschema" [High,New]
<zul> Daviey: can you also get them to look at dwarves-dfsg, its blocking a new libvirt
<zul> Daviey: after that we are all set
<Daviey> zul: do you have MIR's open for all of them?
<zul> Daviey: yeah
<Daviey> zul: ~ubuntu-server as subscriber to the package?
<zul> damn it give me a sec
<Daviey> http://status.qa.ubuntu.com/reports/ubuntu-server/release-bugs.html .. missing a bunch
<zul> Daviey: how do i get it on that list
<zul> Daviey: python-repoze.lru, dwarves, python-jsonschema are on the list
<Daviey> zul: ~ubuntu-server as bug subscriber, and ~ubuntu-mir subscribed to the actual MIR bug
<Daviey> and != Fix Released
<zul> Daviey: ack
<wolferz> Does anyone have a good suggestion for hosting PDF files on a server, like SubSonic does for audio/video?
<tash> I'd like real-time file sync between two servers.  I could use Rsync to run every minute or something, but I want closer to real-time than that.
<tash> Does anyone have any practical experience setting something like that up?
<twb> drbd
<twb> But it's a pain, don't bother
<mgw> NFS is no good for you?
<twb> Yeah or a simple NFS
<twb> Except of course then the content actually only lives on one host
<tash> never worked with NFS, and if that data only lives on 1 host, not interested.  If server 1 kicks the bucket I want server 2 to essentially be a mirror of that.
<tash> I don't need to sync the entire filesystem either
<tash> just a few directories
<twb> tash: so put those dirs on their own filesystem
<tash> how does that accomplish anything? Not being sarcastic here, maybe ignorant... ?
<blkperl> sounds like you want drbd.
<blkperl> its not trivial though
<twb> drbd is a pain in the arse
<twb> FWIW I just do a nightly rsync and if you lose a day of data that's just tough
<blkperl> oh theres also glusterfs
<twb> For something fancier you need to pay me 10 or 100 times more and in the end it'll probably still be flaky
<qman__> that kind of uptime requires serious infrastructure, too
<qman__> you _can_ set it up on regular old servers, but it won't work as intended unless you've got the hardware to back it up
<twb> qman__: and a NOC monkey to babysit it
<patdk-lap_> twb, I thought noc monkeys normally caused the issues
<twb> They cause DIFFERENT issues
<patdk-lap_> well, maybe, normally same solutions
<twb> Always mount a scratch monkey
<sponzor> hi. i was timeout from the session. (i was yust installing one problem and went timeout in the midle of setup) how to log in to session again? is there any way? the process is still running
<koolhead17> sponzor,
<vadi2> Has anyone ran into issues with encryptfs's private file storage size not reflecting original files size?
<twb> "reflecting" how
<twb> encryption will obviously increase the flie size
<twb> It probably can't show the decrypted size without decrypting it, which would be a linear or superlinear operation -- not appropriate for a simple ls -l
<lifeless> I think it caches it
<lifeless> encryptfs uses backing files
<lifeless> but each backing file will be a rounded size (rounded to the size of the cypher block
<lifeless> vadi2: ^
<twb> gotcha
<vadi2> lifeless: my issue is that my home folder is 10gb, my encryptfs for my home folder is 80%, and available space on disk is 0.
<vadi2> The situation is critical at this point with 'out of disk space
<vadi2>  errors coming up every half an hour.
<vadi2> er, 80gb, not %. So something is awfully really broken without my touching it on a clean 12.04 install and I'm hoping there's someone who knows this thing.
<twb> pastebin df -h and df -i output
<twb> Make that df -m not df -h
<lifeless> also mount
<twb> cat /proc/mounts
<twb> mount output is full of lies
<lifeless> heh
<vadi2> It says the following: http://pastebin.com/raw.php?i=LSKJqxVP
<twb> Well you've managed to fill both of them apparently
<twb> "tune2fs -l /dev/sda1" please
<twb> I want to know what percentage is reserved for root; it should be at least 5%
<vadi2> I did not. Observe this screenshot: http://i.imgur.com/EQuKp.png
<vadi2> My home partition is only 9.7gb. I've been cleaning and cleaning it of things without realizing where the issue is. It's 10% of the drive.
<vadi2> Sure, moment.
<twb> I don't trust baobab.  Try "du -hx / | sort -hr | head -20"
<lifeless> vadi2: your / is full; the question is what has filled it
<vadi2> One must imagine that it should be trustable... tune says this: http://pastebin.com/c2vryzJP
<vadi2> lifeless: is it not encryptfs private files that filled it?
<twb> baobab is probably reporting --apparent-size
<twb> OK at least you have a reserved %, that's good
<vadi2> Here is that du command: http://pastebin.com/pGvLqNEv
<twb> vadi2: you need to be root when you run it
<twb> sudo du ...
<lifeless> vadi2: quite possibly
<twb> But it's indicating your /home is using all the space
<lifeless> vadi2: twb is, sensibly, assuming that there may be a lot of confusion going on.
<twb> So do it on /home as well as /
<lifeless> vadi2: due to the encryption layering and so forth.
<vadi2> Here is du: http://pastebin.com/7dsLvhYW
<twb> lifeless: not to mention there is more than one way to count files
<vadi2> That was on / ? I will try /home
<twb> vadi2: good.
<mgw> tash: re your earlier issue â I just came across ceph â fairly complex as well, though
<twb> vadi2: er, you might need to run it on /home/vadi not /home
<vadi2> Here is /home : http://pastebin.com/q12fK4cJ
<vadi2> I only really have 1 user.
<twb> vadi2: run it on /home/vadi
<vadi2> Okay
<vadi2> It's different: http://pastebin.com/xXLCy0pW
<vadi2> Guess that works it out, baobab was wrong! Thanks, I'll stick with this command until it's fixed. Crisis averted...
<twb> If you want GUI, xdu can take the output of du and render it graphically
<twb> It is much faster than baobab
<vadi2> I do, thanks. Baobabs speed is OK on this SSD that sits at the top of the benchmarks I've seen... just need something reliable
<qbitza> Hi guys
<qbitza> Anyone know if snapshot functions have been removed from virsh? on Ubuntu-10.04
<qbitza> and how do I get them back?
<twb> Removed as compared to what?
<twb> libvirt-bin is not in 8.04
<qbitza> twb, 8.04? I'm talking about 10.04
<twb> qbitza: to be removed, they must have existed in an earlier release.
<qbitza> this page says it exists: http://manpages.ubuntu.com/manpages/maverick/man1/virsh.1.html
<twb> maverick post-dates lucid.
<twb> i.e. it is newer
<qbitza> *sigh*
<qbitza> twb, thanks so I need to upgrade the entire server to get snapshots :(
<_ruben> heh
<twb> It would not be surprising if maverick's virsh had featurse that were not present in lucid; I cannot vouch for this specific case.
<twb> qbitza: or you could perhaps do it by hand and bypass libvirt-bin.  Depends on what you want, precisely.
<twb> It is worth noting that maverick is not a LTS release and will EOL much sooner than precise
<qbitza> I just need to create and rollback snapshots - for testing
<twb> For KVM?
<qbitza> twb, yeah if I upgrade, I'd go to 12.04
<qbitza> Yes
<twb> qcow2?
<qbitza> Yes
<twb> That functionality is present in KVM, if you can work out how to connect to KVM's control pty (or stream, depending on how libvirt-bin invoked it) you can simply tell it to make/delete snapshots as necessary
<twb> In kvm -curses, it's Alt+3 to switch to the relevant control console.  I don't remember how you'd do it via libvirt-bin
<twb> It's probably using a fifo in which case you can't do it while libvirt-bin is running that VM
<qbitza> Any chance of just upgrading libvirt? cause once I manage that, testers (read newbees that like to break things) will be using the functionality
<twb> probably not without grief, but you can check backports and so on
<qbitza> twb, Okay thanks - gives me some new places to go dig around in
<twb> Especially not if you have newbies
<twb> Oh and note that virt-manager is utterly terrible as at lucid, and it is also dangerous to hook up a newer virt-manager to an old lucid libvirt-bin
<lynxman> morning o/
<twb> To the point where I have basically given my users instructions "do not EVER click this, this this or this" re their newer mavericks and my old lucid libvirt-bin
<qbitza> Oh... so, an upgrade might not be such a bad idea?
<twb> If I could get away with it I'd just ban virt-manager entirely since it's clearly still alpha quality software
<twb> IIRC even the virt people said it was not production ready as at the versino lucid shipped
<qbitza> Phew that's harsh - so you use KVM straight?
<twb> qbitza: I use kvm straight when I'm in charge, when I have some users I use libvirt-bin and as little virt-manager as possible
<twb> And try to get them to use virsh instead
<qbitza> :) Gotcha
<twb> Unfortunately virsh consoel doesn't work at all over libvirt's inbuilt ssh magic &c &C
<twb> it's all quite griefful when you are used to kvm -curses and kvm -stdio
<twb> Er, kvm -nographics?  Whatever the one is that connects stdio to the guest's serial port
<twb> I should point out that my VMs are all servers, not GUI desktop things.  So graphics is either unnecessary or pointless
<qbitza> That's our setup here too
<qbitza> although we *might* need to do one or two Windoze boxes
<twb> I have one, to talk to the stupid goverment tax people who are in bed with MS
<qbitza> I find the lack of console access to my VMs a pain, but I manage...
<qbitza> kvm -somat/nographics/curses should conenct me?
<twb> qbitza: well something like kvm -hda /dev/mapper/VG0-Guest17 -curses
<twb> Except that since the guest is probably expecting whatever environment libvirt-bin provides, you might need to pass extra args.  Look at /var/log/libvirt-bin/guest.log IIRC to see how it was started
<twb> It's pretty hairy IIRC
<qbitza> Sweet
<jamespage> adam_g, does bug 1003854 link into the stuff you where doing for openldap? sounds similar
<uvirtbot> Launchpad bug 1003854 in openldap "Database upgrade/migration fails with nested db directories (lucid to precise)" [Undecided,New] https://launchpad.net/bugs/1003854
<Syria> Daviey:  Hi!
<Daviey> hi Syria
<Syria> Daviey: Lost the connection yesterday sorry about that, is this correct please? ssh -D my-ip-address:4000 user@VPS-address
<Daviey> Syria: no.
<Syria> Daviey: I did not what should I use instead of 0.0.0.0:4000 !
<Daviey> did not what?
<Syria> Daviey: Do I have to do this exactly? ssh -D 0.0.0.0:4000 user@VPS-address ??
<Daviey> that is what i would do.
<Syria> Daviey: Okay, Then you told me to set the socks proxy as the ip of the laptop and port will be 4000, but my ipad doesn't have a feild for socks proxy? is that okay? it is just a normal proxt field.
 * Daviey has to go
<_ruben> proxy != socks proxy in 99% of the time
<_ruben> so if the ipad doesn't do socks, you'll need to use squid for instance instead
<Syria> Daviey: Thank you for your help. It was useful.
<Syria> _ruben:  Good news, I will test it later.
<vrturbo> Whats the recommended method for setting up MAAS server, dnsmasq seem buggy?
<vrturbo> should I use my normal dhcp network server and just use "next server" ?
<hallyn> stgraber: I'm about to test http://people.canonical.com/~serge/lxc-always-close-fds.debdiff for bug 1003583
<uvirtbot> Launchpad bug 1003583 in lxc "make the "--close-all-fds" option in lxc-start on by default" [Low,Confirmed] https://launchpad.net/bugs/1003583
<zapotah> did someone repackage and check xen-hypervisor for precise?
<zapotah> Could not read keymap file: '/usr/share/qemu/keymaps/en-us'
<zapotah> because the path for some reason is /usr/share/qemu-linaro/keymaps/en-us
<zapotah> gave a good headache
<jamespage> zul: could you give me an opinion on bug 993355
<uvirtbot> Launchpad bug 993355 in keystone "package keystone 2012.1-0ubuntu1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/993355
<zul> jamespage: yeah lemme try to figure out whats going on here
<zul> jamespage:  havent seen that one before
<Italian_Plumber> in a situation where more than one user needs to update a website directory, is it customary just ato add them to the www-data group
<jamespage> zul, I'm going to fix that nmbd upstart configuration to not fail when testparm returns a non-zero error code
<jamespage> its not the intent of the check anyway and generates lots of cruft.
<zul> jamespage: ack
 * jamespage -> lunch
<jamespage> and then those last 21 bugs a in my target for today....
<bieb> I installed ltsp with Ubuntu 12.04, I have to connect to Active directory, so I installed pbis (Likewise-open's replacement), I am connected to the AD domain, I can run the commands from command line to verify AD (find-user, find-dc, etc) and can ssh into the ltsp server with my AD credentials. BUT.. on the server I can not get login as an AD user, there is no option for it, I see the user that I created when installing Ubuntu, and guest session.
<bieb> There is no option for domain\username to login..
<stgraber> hallyn: cool, let me know if it works fine, if it does I'll start preparing the SRU
<hallyn> stgraber: it works fine as far as running with open fds.  running lxc-test just to be sure
<stgraber> k
<hallyn> added the SRU justification to the bug report
<hallyn> all right i need to change the lxc-test to only duplicate one, not all tests :)  (for testing with empty and primed caches)
<jamespage> smoser, reckon we can get New/Undecided to 0 today?
<smoser> jamespage, apt-get --purge remove samba openldap
<smoser> done!
<jamespage> smoser: +1
<jamespage> smoser: see my comment above to zul re samba nmbd failures
<zul> jamespage: no ones uses samba anyways
<hallyn> stgraber: tests pass
<stgraber> hallyn: cool
<zul> jamespage: thats old sk00l
<jkyle> so, a question. when deploying the MaaS + Juju, you have to have the initial MaaS server to orchastrate the rest of the nodes. And, if I understand juju's model, it has to have a provider like MaaS, EC2,OpenStack, etc. to manage a node.
<jkyle> That leaves the MaaS/admin node unmanaged. so it has to be set up manually. Have a missed a feature/ability of juju or some such?
<jkyle> s/Have a/Have I/
<hallyn> jamespage: o/
<jamespage> hey hallyn
<hallyn> heh, sorry, that wasy supposed to be \o/
<hallyn> obnbd
<hallyn> but one \ gets filtered by my input script :)
<jamespage> lol
<jamespage> \o/
<martman> is there a guide/wiki somewhere for installing xen on 12.04? i cant seem to find much
<martman> ?
<zul> jamespage: filed the python-webob sru btw
<jamespage> zul: nice one
<smoser> jamespage, so https://bugs.launchpad.net/ubuntu/+source/nmap/+bug/1003326 is confirmed?
<uvirtbot> Launchpad bug 1003326 in nmap "IPv6 hosts incorrectly reported down" [Undecided,Incomplete]
<smoser> you left incomplete.
<jamespage> smoser: yes it is - I was just looking to see if nmap6 fixes ipv6 stuff
<jamespage> methinks we might be overlapping
<smoser> yeah. i was acutally buildin gnmap6
<smoser> nmap6
<smoser> on a brain-dead-hope-it-works merge.
<bieb> any lightdm gurus around?
<smoser> jamespage, well, simple merge failed. so that'd be more work to figure that out (i just tried building hte debian package). didn't even bother with building nmap
<smoser> building nmap outside of ubuntu package.
<smoser> i'm always confused as to what constitutes triage.
<jamespage> smoser, I think thats probably a step to far TBH
<jamespage> its about confirming bugs in the current version in the archive - rather than their absence from a future version
 * apw has hit an upgrade bug on a server package (lucid->precise) is there somewhere these get tracked for the .1 point release ?
<apw> bug #1003971
<uvirtbot> Launchpad bug 1003971 in isc-dhcp "on upgrade lucid -> precise /etc/default/isc-dhcp-server is not migrated" [Undecided,New] https://launchpad.net/bugs/1003971
<apw> Daviey, ^^
<Daviey> apw: the bug task is pointed to .1.. so it should be good
<Daviey> (we need to do some work to create better SRU reports)
<Daviey> thanks for letting me know
<jkyle> Daviey: hey, what do you guys use to orchastrate your initial admin node?
<apw> Daviey, heh yeah only cause i pointed there :)
<jamespage> adam_g, is the no-change rebuild still required for openldap for bug 990742?
<uvirtbot> Launchpad bug 990742 in openldap "slapd fails to upgrade: requires libsasl2-2 (>= 2.1.24) installed" [High,Fix released] https://launchpad.net/bugs/990742
<stgraber> hallyn: nice to see Christian's patchset on lxc-devel this morning!
<hallyn> yup
<jamespage> anyone know anything about how kolab works?
<mr-rich> Is https set up by default on Ubuntu Server 12.04?
<zul> jamespage:  it needs php i think
<jamespage> zul, more wondering what it does with openldap configuration
<jamespage> bug 994843
<uvirtbot> Launchpad bug 994843 in openldap "package slapd 2.4.25-1.1ubuntu4.1 failed to install/upgrade: ErrorMessage: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/994843
<jamespage> I *think* its failing because it can't access the kolab ldif files...
<zul> jamespage: its a recommend for kolabd
<jamespage> zul, yeah - I just read the README - it has a kolab_bootstrap step which munges your system
<zul> jamespage: bah
<jamespage> sorry - that sounded derogatory to kolab - 'configures' would be a better work
<jamespage> word
<tash> I setup software raid on my server that has 2 drives in it. It is RAID1.  If I lose a drive, do I have to do anything to rebuild the array?
<tash> Or does it rebuild on its own when I put a new drive in?
<stgraber> hallyn: wrt close-fds, I'm wondering if it doesn't make sense to actually completely drop the option but just keep it in the SRU
<stgraber> hallyn: IIRC upstream LXC never actually released a version with that change so I don't see any reason to keep backward compatibility with something that was never released
<hallyn> stgraber:  but we want the option to keep working for precise
<stgraber> hallyn: correct. Your debdiff looks good for the SRU, I just don't think we want to use that one for quantal and upstream
<hallyn> stgraber: quantal and upstream already automatically close them, so there's nothing to do
<stgraber> hallyn: ah, ok, I missed that sorry.
<hallyn> oh, maybe not.  what on earth
<hallyn> stgraber: upstream does seem to have -C --close-all-fds option
<hallyn> but, apparently, when that isn't specified, it simply warns but doesn't fail nor close the fds
<hallyn> if im' reading this right
<stgraber> and I just confirmed that quantal still lists --close-all-fds in --help, I think this should go away
<hallyn> do you have a precise lxc handy?
<stgraber> yep, I have precise lxc pretty much everywhere
<hallyn> sorry i meant a quantal lxc
<stgraber> I have that too
<hallyn> so you could run the testcase from the bug description
<hallyn> and see if it starts the container
<stgraber> except the kernel in quantal is still buggy and tends to oops/panic on container startup :)
<hallyn> jinkeys
<stgraber> let's try, maybe I'll be lucky and will just get an oops ;)
<hallyn> stgraber: as for remving the close-all-fds, i think maybe we should just suggest it upstream but let them do it
<stgraber> hallyn: ./execme works fine on qunatal
<stgraber> *quantal
<hallyn> and 'works' means the container starts up?  :)
<stgraber> right
<hallyn> cool
<hallyn> thanks
<stgraber> hallyn: I'll send an e-mail to lxc-devel with a proposed patch to drop --close-all-fds (making it clear it's just a suggestion :))
<hallyn> k
 * jamespage high 5's smoser
<jamespage> http://reports.qa.ubuntu.com/reports/ubuntu-server/triage-report.html - New/Undecided bugs == 0
<smoser> hooray!
<smoser> 1 bucket empty.
<smoser> now noone open any new bugs!
<jamespage> only 252 in the next bucket!
<lynxman> jamespage: "only" :)
<RoyK> testing one two
<stgraber> hallyn: I'm not sure I see why --close-all-fds isn't needed on quantal. Looking at the code, it's only set to 1 if -d is specified.
<lynxman> RoyK: three
<RoyK> thanks ;)
<RoyK> <offtopic>just doing some testing to see if irssi is logging while on an encrypted fs, which is automatically closed when I log out, and it seems at least it's buffering sufficiently to flush it when I get back in...</offtopic>
<bieb> Ubuntu 12.04 LTSP.. connecting to Active Directory with Likewise, to get the other user option back, one must disable the user list and guest account in lightdm or use the gtk greeter... is it as simple as going into lightdm.conf and change the line greeter-session=unity-greeter to "gtk-greeter" or is there more to it?
<stgraber> bieb: http://paste.ubuntu.com/1004958/
<stgraber> bieb: for /etc/lightdm/lightdm.conf
<hallyn> stgraber: no, case 'C': args->close_all_fds = 1; break
<bieb> stgraber: awesome! will try it now
<stgraber> hallyn: right, but that should only apply when called with -C no?
<stgraber> hallyn: I don't see why close_all_fds would be set to 1 if I don't start with -C or -d
<hallyn> my_longopts has {"close-all-fds", no_argument, 0, 'C'},
<hallyn> so if you pass --close-all-fds, it'll send 'C' tothat fn
<hallyn> so, the argument is there.  But it's quite useless to have not passing the arg as an option :)
<zooko> Hey folks! Does anyone have strong juju fu and you value privacy and security for end users, and you want to collaborate on writing a charm for Tahoe-LAFS?
<zooko> I think it should be pretty easy.
<stgraber> hallyn: right, let me rephrase that then ;) I don't see why close_all_fds would be to set to 1 if I don't start with one of -C, -d, --daemon or --close-all-fds
<zooko> For one thing, Tahoe-LAFS servers do not need to do anything in response to other servers or clients coming or going.
<zooko> So that's some charm code that we don't need to write right there. :-)
<hallyn> stgraber: correct, it would not.
<stgraber> so WTH is execme working on quantal? it should surely fail :)
<hallyn> no, it is giving you a warning message and then not failing, bc the code to make it fail was taken out :)
<stgraber> oh right, it'll print a warning "inherited fd %d" but won't actually close the fd...
<zooko> Also, Tahoe-LAFS is already in Ubuntu, so we don't even need to configure a PPA.
<hallyn> right.  IMO a worse behavior than failing :)
<stgraber> agreed... I'll send a patch dropping all the close_all_fds stuff and making the close() stuff the default (instead of printing a warning)
<stgraber> now things make sense ;)
<hallyn> excellent :)
<stgraber> hallyn: looking at the code, I'm not sure to understand the reason for the "goto restart" in the loop iterating all the fds, was there an actual problem with just calling close(fd) and continuing?
<hallyn> stgraber: yes, because originally that was then where we returned an error
<hallyn> (look at the precise package's code)
<hallyn> so you can get rid of that now
<stgraber> oh, right, yeah, makes sense :) whoever moved it to a warning probably could have removed the goto though...
<hallyn> yeah i don't know when that happened.  it may have been a merge of two patches.  (it's possible i did it, but i don't think so)
<hallyn> yeah that was a commit by Greg Kurz (92c7f6295518decd3989b2790d758888551e7d9a)
<grendal-prime> ok..this is sort of irratating
<grendal-prime> I have a bit of a "involved" network configuration (vlans..and openvpn bridging to them ..stuff of that nature right)
<grendal-prime> well for whatever reason on system boot i get this....prolonged networking start up.
<grendal-prime> waiting for network configureation.  then Waiting 60 more seconds for network configuration...
<grendal-prime> then "booting system without full network configuration"
<grendal-prime> everything seams to work right. but i dont understand what it does not like and more importantly i dont like the 2 min prolonged boot time.
<RoyK> grendal-prime: server? if so, pastebin output of ifconfig -a and pastebin /etc/network/interfaces
<grendal-prime> ya its server..
<grendal-prime> http://pastebin.com/PgffR0r3
<RoyK> grendal-prime: only thing I can think of is that using eth0:x is somewhat outdated, but then, using the iproute2 way with 'up ip addr add ...' probably won't let you specify the vlan
<grendal-prime> should i set up the vlan using a raw device
<grendal-prime> i thought that the eth0.1 was the way to do it now?
<stgraber> hallyn: I really need to spend a couple of hours playing with git send-email... every time I have to use it I end up spending 30min trying to figure out the right way of calling it and it never sends exactly what I want ;)
<hallyn> I think I always just do : git format-patch -o subdir -n HEAD~n; cat > intro_msg << EOF ... EOF;  then git-format-patch --no-chain-reply-to --to thelist --compose subdir (:r intro_msg in editor)
<stgraber> hallyn: yeah, I guess I should switch back to doing format-patch and send-email separately, being able to do it in a single call is nice until you want to change anything ;)
<adam_g> jamespage: bug 1003854 looks to be something different than what i had fixed via SRU
<uvirtbot> Launchpad bug 1003854 in openldap "Database upgrade/migration fails with nested db directories (lucid to precise)" [Medium,Confirmed] https://launchpad.net/bugs/1003854
<rbasak> I just git format-patch and then just cat and :r in mutt when writing my email
<hallyn> cringe - yeah i like to stage everything ahead of time :)
<zul> hallyn: ill fix dwarves
<hallyn> it's broken?
<zul> hallyn: ftfbs due to some multi-arch issue (mterry is doing the mir)
<hallyn> zul: thanks
<RoyK> grendal-prime: seems ip(8) has vlan support these days
<RoyK> grendal-prime: but I don't get it - you have an ip address on that interface and then a tagged vlan virtual interface on the same?
<RoyK> grendal-prime: is eth0 connected to a tagged vlan port on the switch, or an untagged one, or are you using a mix? a mix would probably be quite messy IMHO
<RoyK> grendal-prime: or, on what vlan does 204.94.93.3 belong?
<RoyK> grendal-prime: if it's a tagged vlan interface, the address set on eth0 won't get any connection...
<grendal-prime> i always get confused about this.
<RoyK> ok, is eth0 connected to a tagged port?
<grendal-prime> the vlan is physically attached to the eth0 (aparetnly)  I then bridge my vpn traffic to it
<RoyK> the vlan isn't physical ;)
<grendal-prime> should i just add another interface for the vlan?
<grendal-prime> ok soo let me explain what i am trying to do..
<grendal-prime> you might be able to explain a better path.
<RoyK> grendal-prime: no, what I'm saying is that the port in the switch to which your server is connected, is usually configured as either a static port or a tagged port, static being a member of one (or sometimes more) VLANs
<RoyK> or, can be a "tagged" port, accepting VLAN-tagged packages
<RoyK> not packages
<RoyK> frames
<RoyK> a tagged frame is like any ethernet frame, but with a VLAN tag attached
<grendal-prime> i have alot of vpn clients that all connect with a tap and bridge to a huge network space.  (ya i understand the traffic is taged.)
<RoyK> it can also be a "mixed" port, allowing both untagged frames and tagged ones, but personally I find that messy
<grendal-prime> ok well the eth0 is a public interface
<RoyK> I'm talking about the switch port
<RoyK> erm...
<RoyK> not sure here - vpn clients attach to tap and it's *bridged* to the inside?
<RoyK> wouldn't it be easier to route it, to stop unwanted broadcasts and whatnot to pass through?
<grendal-prime> ya but that would require changes to clients wich we do not have the ability to do
<grendal-prime> i want to bridge the traffic to a vlan.  (this has to do alot with the fact that the appliances that are connected point to a specific ip address)
<RoyK> ok, so apparently, the port in the switch is in mixed mode, meaning untagged traffic goes to port N as decided by the switch, and it allows some other (or all) VLANs set by the OS
<grendal-prime> the machine is a vm
<grendal-prime> by the way it does work...the way it is configured.
<zul> adam_g: after f1 is uploading we can start thinking about SRU
<RoyK> and the host handles the different VLANs?
 * RoyK wouldn't setup a system like that, not like that, or perhaps, at gunpoint
<grendal-prime> RoyK, the info i pastedbined is all from the openvpn server (ubuntu12.04)
<grendal-prime> it is a vm on vmware
<grendal-prime> ya well i dont have much choice
<RoyK> hence the gunpoint? ;)
<grendal-prime> exactly
<RoyK> ok, so it works, but takes a while to boot up?
<grendal-prime> as far as the vlan.  what is the best way to set that up.
<grendal-prime> ya it works great..but like i say..the error bothers me
<grendal-prime> and slows down the boot...but back to the vlan..
<grendal-prime> is thats what it dows not like..what would make it..well..cleaner?
<RoyK> grendal-prime: AFAICS, iproute (or ip(8)) doesn't support that flexibility with VLANs(yet?)
<grendal-prime> should i add another interface and associate the vlan with that ?
<RoyK> no, an interface belongs to its hardware (or virtware if you want)
<RoyK> I was just a bit confused with both eth0 and eth0.1 having connections with eth0.1 being the only one tagging frames
<grendal-prime> well i have to have a physical device for the vlan.
<grendal-prime> i always thought of it as...a container for the lan
<grendal-prime> sorry a container for the vlan.
<grendal-prime> so would it help if i just make another interface that is just for vlans?
<grendal-prime> im a little confused why a vlan has to have a physical interface at all honestly
<RoyK> if vmware could give that vm a "physical" interface for that vlan, that would probably be the easiest
<grendal-prime> i was under the impression that a vlan is like a ...virtual box that you can put networkable connections onto..like a software switch...
<RoyK> http://en.wikipedia.org/wiki/VLAN
<RoyK> my short version: If you want to separate two LANs on a switch, use two VLANs, say, ports 1-12 for VLAN1 and ports 13-24 for VLAN2. Then someone says "let's connect another switch", and you use port 25 for VLAN trunking, meaning "tagged VLAN" in which the ethernet frames are prefixed with a small tag saying "I belong to VLAN X"
<RoyK> that way, you can configure a firewall with, say, four networks on the same NIC, given a switch supporting VLAN tagging like 802.1Q
<stgraber> hallyn: will you have some time later this afternoon to review the lxc SRU? it looks like it's going to be a pretty big one
<grendal-prime> are you mixing subinterface type traffic with vlan..because my understanding was subinterface traffic is just thrown around with everthing else on the interface were vlan tagging is taged and the phisical interface traffic does not see it
<grendal-prime> is subinterface traffic what you mean when you say untaged traffic?
<RoyK> grendal-prime: pre-up vconfig add eth0 1
<RoyK> that's vlan tagging
<RoyK> oh, why is that under eth0.1?
<RoyK> grendal-prime: try moving those vconfig lines under th0
<RoyK> eth0
<stgraber> grendal-prime: defining eth0.1 is enough to tell ifupdown to setup VLAN ID 1 on eth0, no need for the pre-up/post-down
<stgraber> having them there will most likely mean one of them returning non-zero breaking part of your setup
<RoyK> stgraber: vconfig is VLAN (802.1q) things - a virtual NIC!=VLAN
<stgraber> RoyK: as the maintainer of the vlan tool and ifupdown, trust me, I know ;)
<RoyK> stgraber: :)
<grendal-prime> wow
<grendal-prime> looks like i came to the right place
<stgraber> http://paste.ubuntu.com/1005121/ is my test machine
<grendal-prime> ok stgraber sooo you can tell me what the bootup check does not like in there?
<stgraber> as you can see, you can perfectly define an interface called <physical interface>.<VLAN-ID> and it'll just work, no need for pre-up or post-down
<RoyK> stgraber: sorry, misundestood there - : =! . in this setting, right?
<RoyK> got it
<stgraber> grendal-prime: you can check in /var/log/upstart/network-*.log but my guess is that your pre-up and post-down are breaking it, try to comment them and see if that solves it (they shouldn't be needed)
<RoyK> stgraber: thanks :) (not that I'm grendal-prime, but I learned another thing just now)
<stgraber> the ifupdown vlan hook will automatically run vconfig as a pre-up if the interface entry in /etc/network/interfaces contains a . followed by a vlan id. Running vconfig twice will likely fail, causing the interface to fail to come up and your system to hit the 120s fallback code
<stgraber> RoyK: http://www.stgraber.org/2012/01/04/networking-in-ubuntu-12-04-lts/ contains some more if you're interested, trying to cover the changes that happened in 12.04
<RoyK> thanks
<grendal-prime> i knoticed in your config you dont specify a vlan anywhere..
<grendal-prime> im just asking by the way
<RoyK> .vlan
<stgraber> grendal-prime: I do, read carefully :)
<stgraber> auto bond0.1005
<stgraber> iface bond0.1005 inet dhcp
<grendal-prime> auto bond0.1005  ?  does that syntax just imply a vlan?
<RoyK> implies vlan 1005
<stgraber> these two lines mean, create a interface bond0.1005 that's VLAN 1005 on top of bond0 and run dhclient on it
<grendal-prime> ok cool i didnt realize that would do it
<stgraber> "man vlan-interfaces" also contains some examples of the supported syntax
<grendal-prime> than you very much.
<stgraber> np
 * RoyK just found out that Windows 2008R2 server doesn't have native support for VLAN at all, but allows theÂ NIC driver software to add some
<grendal-prime> and i know why that is
<RoyK> the win thing?
<grendal-prime> windows suck...and blows...at the same time!  It sort of   "Blucks"
<RoyK> windows sucks, sure, but I'd have thought not that badly
<grendal-prime> it was working for me some time back...but after some time...it started sucking again..pretty quickly really
<stgraber> yeah, Windows never had VLAN support for some weird reason... maybe to try and get people to buy more managed switches and NICs
<grendal-prime> thats exactly why
<grendal-prime> they sell some sort of software switch im sure for 1200 bucks
<RoyK> stgraber: most larger setups have managed switches, but I was setting up a 10Ge NIC for some Hyper-V node and it'd be rather nice to have that VLAN support in the OS and not in some driver with no support from M$
<grendal-prime> actually the sofware switch will be 10 the piece of digital pvc reducer that is needed to connect it is 1190 bucks
<RoyK> not that M$ support matters much - it's merely worthless anyway
<grendal-prime> its great if you get paid by the hour
<grendal-prime> you can even play light sports while you are waiting.. just need  a blue tooth headset.
<RoyK> really, unmanaged switches isn't much fun in a large network
<RoyK> I know they're overpriced, but then, I'm not the one paying
<RoyK> but try to setup a redundant network with non-managed switches without SPT and you'll have a hard time
<RoyK> STP even
<patdk-wk> heh, I have a single 8 port unmanaged switch, not used
<patdk-wk> only use l2 or l3 switchs everywhere, even at home
<patdk-wk> I love vlans :)
<shimo> anyone know how to get OS on bochs emulator to communicate with browser on localhost? Bochs can hear browser request, but browser can't hear Bochs.
<hallyn> stgraber: one thing,
<hallyn> stgraber: have you tested with two open fds?
<hallyn> stgraber: bc i'm not sure that readdir() won't get messed up after you close one of the files
<hallyn> after all, /proc/self/fd/5, after you close it, goes away, and changes the list of files under /proc/self/fd :)
<hallyn> I'm not sure whether readdir caches and is safe from that
<stgraber> oh, good question. I didn't test that case, no. I'll test it once I'm done with the SRU (which wouldn't be affected by that problem anyway)
<hallyn> right iw as just looking at your email.  would be easy enough to write a standalone test prog :)
<hallyn> maybe i'll do that.  be fun.
<stgraber> yeah, I supposed you could just do two fopen, then call the same loop looking at /proc/self/fd and trying to close them, see what happens
<stgraber> *suppose
<jkyle> when using juju in combination with MaaS can you specify which servers are to be used for which services?
<axisys> how to find the exact size of disk?
<axisys> vgdisplay or pvdisplay does not give it
<hallyn> stgraber: eh, my stupid testcase suggests it's fine
<hallyn> (I fopen 3 files, do a similar loop closing the files, and look at the remaining /proc/self/fd/ contents at end)
<stgraber> hallyn: good :)
<axisys> also how do I find the disk rpm?
<stgraber> SpamapS: hey, SRU question for you. I'm working on the next lxc SRU. Quantal got quite a few improvements to lxc-ubuntu that I want to SRU (missing entries in /etc/hosts, hardcoded ubuntu releases, wrong package list, potentially racy DNS config, ...) but there also are 1-2 changes that are just cosmetic (replacing making space indent consistent, adding the missing header to /etc/network/interfaces)
<axisys> fond some info in dmesg
<axisys> [   10.377599] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
<axisys> [   10.451994] sd 0:0:0:0: [sda] 3907029168 512-byte logical blocks: (2.00 TB/1.81 TiB)
<axisys> [   10.384558] ata1.00: ATA-8: HITACHI H7220AA30SUN2.0T 1031MS6EHZ, JKAOA28A, max UDMA/133
<stgraber> SpamapS: I could certainly cherry-pick the 90% of the changes we want and skip these bits, but as it's changing the indent, it's going to make it a pain for any other fix we want to backport later on
<axisys> google gave me the rest
<axisys> thanks
<stgraber> SpamapS: so are you fine with me pushing these cosmetic changes along so we can keep the patches identical and keep the ability to cherry-pick whole patches without having to rebase them all everytime?
<SpamapS> stgraber: yes, a cleaner patch is much better than a weird one. :)
<SpamapS> stgraber: make it easy on us in the SRU team, and we'll make it easier on you. :)
<stgraber> SpamapS: perfect, thanks. Any preference on the changelog side? I was wondering if it's worth splitting the actual bugfixes from the nice to haves that we get by pulling the whole patch?
<RoyK> axisys: just cat /proc/partitions - that's the easy way
<grendal-prime> stgraber, thanks man you were right i took those out and it booted rigth up
<grendal-prime> i was using a gui tool to manage that..(i was asked to do that)  it added those i believe
<zul> adam_g: ping for 979745 the patch has made it into stable/essex right?
<RoyK> grendal-prime: gui tools are worthless compared to configuring things the right way ;)
<zul> adam_g: nm i answered my own question
<grendal-prime> agreed. unfortunatly its not always my call.
<grendal-prime> and if i dont try out what they want to use..i cant explain why they should not use it
<SpamapS> stgraber: the changelog needs to document all the bugs that are being fixed
<SpamapS> stgraber: and be somewhat human readable
<SpamapS> stgraber: other than that, I think its up to you
<adam_g> zul: http://paste.ubuntu.com/1005256/ going to upload glance f1 unless you've got any objections
<zul> adam_g: ensure_versioned_db_models.patch why isnt it upstream again?
<zul> other than that i dont
<adam_g> zul: not sure if its upstream-able.  i hope to work that out in the coming weeks
<zul> ack
<zul> im fine with it
<stgraber> hallyn: hmm, while reviewing the lxc-ubuntu delta between precise and quantal I noticed that we apparently upgrade the chroot twice in download_ubuntu, can you take a look? I believe it's your code :)
<hallyn> lemme check
<hallyn> "cause I don't believe you" :)
<stgraber> it looks like you do it once without lxc-unshare and once without, so it looks like a bad merge
<zul> hallyn: cmake is fun
<hallyn> stgraber: oh, in q.  i was looking in p
<stgraber> hallyn: yeah, in q. I noticed it when diffing p and q for stuff to document in the changelog
<stgraber> hallyn: another thing I noticed and isn't mentioned in the changelog is added mac_override to the list of dropped capabilities
<hallyn> the list of dropped caps went back and forth last cycle iirc
<stgraber> I'm not going to get these two for the SRU as the upgrade code looks like a merge mistake and I can't find the rational for dropping mac_override
<hallyn> anyway the duplication is also upstream
<stgraber> oh, nice :)
<stgraber> hallyn: planned SRU: http://paste.ubuntu.com/1005289/
<hallyn> stgraber: yeah commits 2e44ed1e647d9fd1544b7ad855bda22ca71abd12 and 15da01b3938d7ba45472e6c9d3b183a94dd86ca9 both introduce that bit
<stgraber> hallyn: k, do you want to take care of fixing that in Quantal and upstream or should I put it on my list?
<hallyn> heh, oh no, did we duplicate the effort of writing a patch to remove '()' from cleanup()?  :)
<stgraber> oh, no, just put it under the wrong name :)
<stgraber> I cherry picked yours
<hallyn> sigh.  can i ask, is there an advantage to have every line in lxc-start-ephemeral be sudo'd, versus just requiring sudo access to lxc-start-ephemeral?
<hallyn> i mean, thinking in therms of an admin having to give sudo access to each tool...
<hallyn> as well as cleaning up the script itself
<hallyn> I realize something needed to be done, but i woudl think the thing to do is remove all sudo calls
<hallyn> zul: "what was wrong with make?"  :)
<hallyn> stgraber: in any case, that's one honkin' patch, but nothing stands out to me that woudl be wrong.
<hallyn> passes the tests I assume?
<hallyn> stgraber: oh, I'll send the patch to fix the template.  thanks.
<stgraber> hallyn: I wondered the same for lxc-start-ephemeral, the problem is that it unfortunately kind-of works in 12.04 without these fixes, so I can't simply change the behavior in the SRU
<hallyn> good point
<stgraber> hallyn: I'd definitely be happy to drop all the sudo calls in quantal and check for root privileges though
<hallyn> gary_poster: ^ can you give a good reason not to do that?
<stgraber> hallyn: haven't tested it yet ;) I just wanted to make sure I have everything in there, I'll now push it to my PPA for a test build, then run the tests against it.
<stgraber> hallyn: where's your lxc test suite again (for some reason I don't have it around anymore...)?
<hallyn> i didn't find any other bugs that still have 'needsru' tag
<hallyn> lp:~serge-hallyn/+junk/lxc-test
<gary_poster> hallyn, +1 on removing sudo calls
<gary_poster> they don't quite work anymore anyway IIRC
<hallyn> well stgraber fixed those.  but i don't like them :)
<stgraber> gary_poster: well, they work now in Quantal and will be fixed in Precise with the SRU ;) it's just that it makes the code quite complicated when it could just be fixed by calling the whole thing with sudo
<gary_poster> stgraber, heh.  As I said, I'm +1 on simplifying and removing
<gary_poster> "it seemed like a good idea at the time..."
<gary_poster> but in retrospect maybe not so much
<hallyn> stgraber: so you have no fixes queued for quantal right now?
<hallyn> not sure i want to push a new version just for this little fix
<stgraber> hallyn: nope, nothing queued here
<stgraber> hallyn: I opened a bug for it so we don't forget it, so if you want to simply stack it in the branch, I guess that's fine
<hallyn> stgraber: I don't see the bug yet.  do you have a #?
<hallyn> stgraber: meanwhile, we should at some point brainstorm about bug 1003888
<uvirtbot> Launchpad bug 1003888 in lxc "corrupted kernel messages being logged to syslog" [High,Confirmed] https://launchpad.net/bugs/1003888
<stgraber> hallyn: bug 1004118
<uvirtbot> Launchpad bug 1004118 in lxc "Duplicate upgrade code in lxc-ubuntu in Quantal" [Undecided,Triaged] https://launchpad.net/bugs/1004118
<zul> hallyn: dwarves ftbfs fixed
<hallyn> woot
<stgraber> hallyn: Launchpad likes hiding any bug that's fixed in the dev release and not in SRU, so I'm now using this instead: https://bugs.launchpad.net/ubuntu/+source/lxc/+bugs?field.searchtext=&orderby=-date_last_updated&search=Search&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.status%3Alist=FIXRELEASED&field.status%3Alist=INCOMPLETE_WITH_
<stgraber> hmm, I doubt IRC will have let me paste it in one chunk...
<stgraber> hallyn: http://goo.gl/jW02g
<hallyn> stgraber: i guess that's probably a more robust solution than adding 'needsru' tags :)
<hallyn> all right, i feel like i've fiddled the day away with nick-nack bugs :)  one more though (libcgroup)
<stgraber> gary_poster: can I get you to update the description of bug 994752 with the needed information for the SRU?
<uvirtbot> Launchpad bug 994752 in lxc "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,In progress] https://launchpad.net/bugs/994752
<gary_poster> stgraber, will do.  tomorrow ok?
<stgraber> gary_poster: yeah, I'll probably upload to -proposed in an hour or so (waiting for test suite to finish running) but the packages won't land into -proposed until tomorrow I guess
<gary_poster> cool stgraber I made a todo and will ping you when done as well
<stgraber> gary_poster: cool, thanks
<bencord0> hi, I've been trying out ubuntu 12.04 MaaS and I'm trying to add it to my own network.
<bencord0> https://wiki.ubuntu.com/ServerTeam/MAAS#Configuring_DHCP says that I can use my own dhcp server, but I can't find any documentation.
<bencord0> I'm using ISC dhcp btw
<bencord0> anybody know what options the dhcp server needs to send out?
<RoyK> bencord0: iirc the trick is to set the boot server parts and point it to the right server
<bencord0> RoyK: any idea which ones they are? I'm assuming it's just a PXE boot or similar mechanism, but I don't know which options to use
<RoyK> bencord0: no idea, for tftp boot, 66,67 seems likely
<RoyK> bencord0: or google tells me so ;)
<patdk-lap_> heh?
<patdk-lap_> dhcp = 67/68 and tftp is 69
<bencord0> I think I figured it out, ISC DHCP has an option literally called 'next-server'
<bencord0> I've just added ... "next-server <ip>;" to my /etc/dhcp/dhcpd.conf and restarted
<bencord0> no complaints so far
<bencord0> but I still need a 'option bootfile-name' line
<RoyK> man dhcp-options
<bencord0> I mean, I need the string to put into that option. it's a file name
<stgraber> hallyn: test suite passed, uploaded to -proposed and poked #ubuntu-release about it so whoever sees it first isn't too scared at the big diff and changelog :)
<hallyn> great
<bencord0> Ahah! found it
<bencord0> option bootfile-name "/pxelinux.0";
<bencord0> there were some hints under /etc/cobbler/dhcp.template
<roaksoax> adam_g: I can have various nova-schedulers for a single availability zone right? Or only 1? And what's the maximum amount of compute node's per scheduler?
<koolhead17> hi roaksoax i suppose you can have only one scheduler and there is no limitation on number of compute node on a scheduler in a availablity zone
<adam_g> roaksoax: you can have many schedulers
 * koolhead17 scratches his head. adam_g i will test it tomorrow then
<roaksoax> adam_g: so do the schedulers share information about what they have been loadbalancing between compute nodes?
<roaksoax> adam_g: e.g. I can have 2 compute nodes and 2 schedulers and both schedulers balanace instance initiation between the two compute nodes?
<adam_g> koolhead17: i could be full of it, but IIRC they're just popping jobs of the message queue
<adam_g> roaksoax: you can, the scheduling policy used is configurable
<roaksoax> adam_g: ok cool, I'll look into that. Thanks for the info
<adam_g> roaksoax: compute hosts utilization is stored in the database, some schedulers use that information to make intelligent decisions as to where to cast new VMs
<koolhead17> adam_g, yes sir. your right seems like i screwed up my config last time then
<adam_g> roaksoax: i havne't played around too much with the scheduler but you should look through the code. i know the default scheduler does some intelligent scheduling based on host utilization (memory, cpu, etc)
<roaksoax> adam_g: ok cool
<urthmover> how do I figure out what the latest current stable version of apache is?
<roaksoax> adam_g: does this make sense to you? Am I correct? http://pastebin.ubuntu.com/1005564/
<adam_g> roaksoax: what is this for?
<adam_g> roaksoax: the first line is debatable :)
<roaksoax> adam_g: its the proposal I'm writing for integrating Powernap into OpenStack
<roaksoax> adam_g: and I'm gonna use it for a class I have lol
<adam_g> ah
<blendedbychris> any idea
<blendedbychris> where can i find out how to setup snmp for a remote monitoring system?
<blendedbychris> i installed it and am a bit confused as to how to add users
<jmedina> what is that remote monitoring system?
<jmedina> blendedbychris: do you want to configure the snmpd agent with snmp v3?
<blendedbychris> jmedina: it's solarwinds something something...
<blendedbychris> i think so?
<blendedbychris> i installed snmpd is all so far and commented the listen on localhost only and uncommented the 163 port listen
<jmedina> well that is all you need for a simple setup with snmp v1 or v3, if you want to use authentication, you need to setup snmp v3
<jmedina> I always use the guide in the cacti wiki
<jmedina> I dont know if there is a official guide for ubuntu
<blendedbychris> okay how do i do the latterâ¦ it says not to edit /var/lib/snmp/snmpd.conf in that file but it says otherwise in /etc/snmp
<jmedina> probably this can help: http://www.fineconnection.com/How_to_install_and_enable_SNMPv3_on_a_linux_system_for_authentication_en_encryption_testing
<blendedbychris> which dern file do i put creds in heh
<blendedbychris> http://pastie.textmate.org/private/ldfnlwnnyvpus5equaz4a
<blendedbychris> ah i think just the createUser tokens :)
<blendedbychris> would help if they just put that first stuff in that lib file
<ZenMaster> I have an issue with tomcat7 running on ubuntu-server and users not being able to login.
<blendedbychris> interesting
<jkyle> anyone seen badly behaving apparmor with tcpdump issues before?
<jdstrand> jkyle: please file a bug against tcpdump if you have apparmor denials
<jkyle> it's tough to debug, going ot go poke around. but when it happens it crashes networking
<jkyle> so I get kicked from the VM
<jdstrand> jkyle: are there apparmor denials in /var/log/kern.log?
<jkyle> sec, gotta get into the dom0, kill the libvirt process, restart the vm, etc.
<jkyle> this is all we really get
<jkyle> type=1400 audit(1337897559.713:10): apparmor="STATUS" operation="profile_load" name="/usr/sbin/tcpdump" pid=470 comm="apparmor_parser"
<jkyle> May 24 22:12:39 i-00004bd4 kernel: [   13.465149] init: failsafe main process (423) killed by TERM signal
<jkyle> in kern.log
<jdstrand> then it shouldn't be apparmor
<jkyle> we see this intermittantly (tcpdump killing eth0 on virts)
<jdstrand> if you want to be sure, you can do 'sudo aa-disable /etc/apparmor.d/usr.sbin.tcpdump'
<jkyle> had an engineer report that he got rid of it by killing apparmor
<jkyle> hm, no aa-disable
<jdstrand> there are no silenced denials in the tcpdump profile
<jkyle> looks like a 10.10
<jdstrand> jkyle: sudo apt-get install apparmor-utils
<jkyle> no hang after disabling
<jdstrand> jkyle: try this:
<jdstrand> sudo sysctl -w kernel.printk_ratelimit=0
<jdstrand> sudo aa-enforce /etc/apparmor.d/usr.sbin.tcpdump
<jdstrand> maybe you are hitting kernel rate limiting
<jdstrand> jkyle: do you have auditd installed?
<jkyle> didn't hang that time
<jkyle> interesting
<jkyle> what is the unit of the rate limit?
<jdstrand> jkyle: seems like it probably isn't apparmor, but an intermittent failure
<jkyle> jdstrand: could be that too. the rate limit idea is a start. I'm not keen on bringing this site down during this time of day..but this will give me something to debug around when it pops up again
<jdstrand> jkyle: fyi, if you have auditd installed, apparmor denials are logged to /var/log/audit/audit.log
<blendedbychris> jdstrand: have you configured snmpd yourself?
<jdstrand> me? not in ages
<grendal-prime> stgraber, hey man
<grendal-prime> so question..
<grendal-prime> i mean really do i need to give any info to the vlan?
<grendal-prime> if i just set it to manual..
<grendal-prime> then bridge my vpn to it.   i guess what im wondering is do i really need to assign an ip, subnet and all that to something that is basically pretending to be switch..that i would not do that to in the first place?
<stgraber> grendal-prime: just use "iface <INTERFACE>.<VLAN> inet manual"
<grendal-prime> why would i assign one?
<stgraber> if you use inet manual you won't need to set an address or netmask
<grendal-prime> i mean im just currious i use to set them up just like an interface.  with netmask and all that..  is there any advantage to that?
<blendedbychris> why are the configs between lucid and precise for snmpd so drastically different?
#ubuntu-server 2012-05-25
<platinum_> hi all, I'm looking for help with an old Ubuntu server? Is this the right place?
<platinum_> Anyone online?
<qman__> this is the right place, but it's a relatively quiet room, need some !patience
<qman__> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<JonEdney> I'm getting ready to set up my Ubuntu server on an actual machine insteadd of a VM.  I'm kinda curious, does anyone have any up-time monitoring software/service to recommend?
<mariooo> hi all. so I've got a syntax error in /etc/sudoers on 12.04, obv wasn't smart enough to be logged in as root when making changes
<mariooo> so now can't use sudo, can't use visudo, pkexec isn't installed... what other options do I have other than rebuilding the VM?
<lifeless> boot it into recovery mode
<mariooo> can I initiate a reboot without sudo?
<mariooo> or rather: how would one do that, I thought you couldn't
<mariooo> I can power off the machine but then it seems I can't get into a VNC console quick enough to hit escape to halt on the grub menu
<lifeless> mariooo: I'm not sure
<lifeless> mariooo: alternatively you could mount the vm disk and edit it manually
<mariooo> lifeless: awesome, thanks for the tips
<mariooo> lifeless: managed to get into recovery mode, but everything seems to be readonly...? have I missed something?
<mariooo> lifeless: nvm, bug in 12.04 recovery mode. enabling networking first remounts disk as rw. success!
<lifeless> mariooo: excellent
<qman__> mariooo, for future reference, pressing ctrl alt del on a 'local' terminal reboots
<qman__> like from the VM console
<mariooo> qman__: awesome, will keep that in mind. I wonder how you ctrl+alt+del over VNC with a mac keyboard hah
<axisys> eth0 192.168.1.20 is pingable.. but eth0:1 192.168.1.21 or eth0:2 192.168.1.22 are not, from remote host.. what gives?
<mgw> any ideas why this command, if executed after logging in, works as expected, but not if I pass it to ssh as the command to execute:
<mgw> (nohup watch ls -l & disown -h)
<mgw> in the first case, the command continues to live after logging out
<mgw> in teh second case it dies
<rbasak> mgw: I don't understand what you're trying to do, but try using "ssh -T ... </dev/null" to make it behave more "normally".
<_ruben> heh .. what use it to run watch in the background? :P
<rbasak> That confused me too :)
<mgw> It's just a test
<mgw> I'm trying to run ngrep
<grendal-prime> stgraber, you aroud still?
<_ruben> cleanest would probably to write a (perl/python/whatever) script that properly forks and runs the command(s) you want
<yaboo> hey guys got my server working with iptables for masquerading and ufw for firewall, but for the life of me, how can I forward ports from ppp0 to a internal server
<Daviey> jtv: Hey, i think i missed your comment about python-django regarding translations.. Do you know what i need to change?
<jtv> Daviey: its translations uploads (as produced by the build) should follow our naming conventions:
<jtv>  - One template per directory.
<jtv>  - Translation files named <language code>.po
<jtv>  - Each translation file in the exact same directory as its template.
<jtv> The translations import queue gardener uses this to figure out which template and language a PO file upload is for.
<jtv> Hey there mrevell
<mrevell> Hello jtv
<Daviey> jtv: Hmm, ok.. is there a way i can test changes work, without doing another upload?
<jtv> Daviey: there's not too much to test, so I can just have a look at whatever you get, but you could try tar'ing up the .po & .pot files you get, uploading those to qastaging or staging, and then approving (or have someone like dpm or myself approve) the templates for import.  The templates (i.o.w. the .pot files) should then be imported, and the .po files should be approved and then be imported themselves.
<jtv> (You can't upload to a package that way, but the effect is much the same if you upload to a project release series on [qa]staging)
<Daviey> jtv: ok.. will try to do it, or get it done at least by EOD
<jtv> Thanks!
<jtv> One of those things I wish I had enough priority for: overhauling automatic approval.
<Daviey> jtv: ah, so it does work.. just a manual process to accept?
<jtv> Just for the templates, yes.
<Daviey> but the existing translations are dropped on the floor?
<jtv> And when we open a new series, whatever templates are current in the existing Ubuntu get copied over (and any applicable translations shared) so that the new series will populate itself very quickly.
<jtv> Translations of the same strings in the template with the same name are dynamically shared between release series.
<Daviey> right
<Daviey> but 'upstream' translations are lost for new uploads?
<jtv> So as soon as a message gets translated in Oneiric, it's translated in Precise, and vice versa.
<jtv> There is also sharing between upstream and Ubuntu.  By and large, Ubuntu automatically gets the upstream ones.
<jtv> The other way is dependent on permissions etc.
<Daviey> right
<Daviey> thanks jtv
<jamespage> morning all
<soren_> Daviey: You do per-commit package builds of Essex for testing, right?
<Daviey> soren_: yes
<soren_> Daviey: Which packaging branch are you using?
<Daviey> soren_: although, it's offline at this very minute.. the hardware had to be relocated to a different DC
<soren_> http://bazaar.launchpad.net/~ubuntu-server-dev/nova/essex doesn not apply for me right now.
<Daviey> soren_: I suspect it needs rebasing.. the c-i is down, and it seemed like the best time to fixer it.
<Daviey> as in, early in the cycle.
<soren_> Oh, ok, so that is indeed the right branch?
<Daviey> yep
<soren_> Cool.
<soren_> I'll look no further
<Daviey> soren_: any rebasing is most welcome :)
<soren_> I'm on it.
<Daviey> \o/
<daker> hi
<daker> i think this bug 1004316 is reported on the wrong project
<uvirtbot> Launchpad bug 1004316 in ubuntu-cloud-portal "Cloud server image OVF image fails to load in VirtualBox" [Undecided,New] https://launchpad.net/bugs/1004316
<Daviey> it is indeed incorrect... smoser will fix0r that when he starts for the day i believe
<Daviey> thanks daker
<daker> yw ã
<nocturn> Hi, I'm having trouble getting dnat to work on my 11.10 KVM server
<soren_> Daviey: Merge prop pushed.
<nocturn> I'm tryint for DNAT port 25 to 192.168.122.10 using -A PREROUTING -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.122.11
<nocturn> dnat rule shows up:  DNAT       tcp  --  anywhere             anywhere            tcp dpt:smtp to:192.168.122.11
<soren_> nocturn: You're misspelling the IP.
<nocturn> OK
<nocturn> have been trying this for a while!
<soren_> "OK"?
<soren_> I was expecting an "Oh, so I am" or something. Not "OK".
<soren_> You say you're trying to DNAT to 192.168.122.10.
<soren_> ...but then proceed to DNAT to 192.168.122.11.
<nocturn> soren_, OK meant that I just noticed my mistake.  I'm trying with the correct rule
<nocturn> I had port 2222 forwarded to .11, and in my tries, the rules got mixed up -> my mistake...
<soren_> Ok.
<yaboo> nocturne you using iptables for port forwarding>
<nocturn> so, corrected the rule
<nocturn> DNAT       tcp  --  anywhere             alpha               tcp dpt:smtp to:192.168.122.10
<nocturn> added iptables -A INPUT -p tcp --dport 25 -j ACCEPT
<soren_> You changed something else, too.
<nocturn> but still no luck
<soren_> It says "alpha" where it used to say "anywhere"
<nocturn> yes added -d <public_ip>
<nocturn> the host has 3 public ip's
<nocturn> only alpha should accept traffic
<nocturn> nmap now shows the port open
<soren_> Pastebin the output of "iptables-save"
<soren_> You know that DNAT only changes the destination address, right?
<soren_> The guest vm (I'm guessing these are VM's based on the subnet) will still see the real source IP. If you're multihomed, you may need to ensure that traffic goes back the same way it came from.
<nocturn> soren_ http://paste.ubuntu.com/1006196/
<nocturn> I need to add an snat rule?
<soren_> I have no way to know.
<soren_> nocturn: Are you  aware the ordering matters with iptables?
<nocturn> yes
<soren_> -A FORWARD -o virbr1 -j REJECT --reject-with icmp-port-unreachable
<soren_> -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
<nocturn> this is incorrect?  They are 2 different bridges.
<soren_> Err..
<nocturn> the mailserver is on virbr0
<soren_> Yeah, sorry.
<soren_> I just got confused by all the repeated rules.
<soren_> But there are definietely rules in there that'll never ever be used.
<soren_> Very high up, you have:
<soren_> -A FORWARD -o virbr1 -j REJECT --reject-with icmp-port-unreachable
<soren_> -A FORWARD -i virbr1 -j REJECT --reject-with icmp-port-unreachable
<soren_> ..but then further down, you have other rules that refer to -o virbr1 or -i virbr1, but by then, the packets have already been REJECTed.
<soren_> Same for virbr0, although you don't have those REJECT rules quite as early.
<nocturn> I just commented out the rejects as a test
<nocturn> for both bridges
<nocturn> it made no difference
<soren_> BTW, INPUT is irreleveant when you're doing DNAT.
<soren_> When you're DNATing, you're forwarding traffic.
 * soren_ needs lunch
<ARTSIOM> how can I get a list of packages I have explicitly installed on a system? running "aptititide search '~i'" gives me the list of installed packages marking by "A" automatic packages, but it also includes packages which where installed together with the system.
<KingKatari> is there any other place in ubuntu server 12.04 LTS version that controls the total number of connections into a server besides net.core.somaxconn??????????
<_ruben> KingKatari: there's also a connection tracking limit as part of netfilter, but that only applies if there's any firewall rules present
<KingKatari>  any other
<_ruben> not that i'm aware of (which doesn't mean all that much really :))
<KingKatari> lol
<smoser> man.
<_ruben> woman.
<smoser> i have got to upgrade to quantal so i stop getting that annoying update manager popup.
<_ruben> hehe
<nocturn> soren_: I solved my issue.  It was my isp blocking outgoing access to port 25!  If you're ever in Antwerp/Belgium, I owe you a beer
<zul> smoser: you should be dog fooding anyways )
<smoser> zul, are you on quantal?
<zul> smoser: my server is
<smoser> i eat dog food every morning for breakfast.
<smoser> server. ppft.
<smoser> "i have a virtual machine that i never use that is using quantal"
<zul> smoser: because on the internet no one knows you are a dog right?
<smoser> hardly means anything.
<smoser> primary work station, man.
<smoser> :)
<zul> smoser:  well i work on the sever so i dog food it :)
<randomDude> oh internet
<zul> smoser: ppphpppt...i dont think so
<smoser> no one *knew* i was a dog, until zul spilled the beans.
<zul> smoser:  i work for tmz
<hallyn> ruff
<highvoltage> hallyn: ruff? makes me think of http://www.sadanduseless.com/2012/05/oh-you/ :)
<hallyn> highvoltage: nice collection :)
<smb> hallyn, On a very quick and not too sophisticated testing your libvirt-0.9.12-0ubuntu1 looks to be working (just installed on a 64bit quantal xen hv and booted one hvm via virt-manager (plus shutdown)).
<hallyn> smb: zul's, you mean :)  cool, thanks!
<zul> hallyn/smb: cool
<smb> hallyn, whoever did it... :-P
<smb> That could help to ignore that strange ftbs on i386 that http://people.ubuntuwire.org/~stefanor/lp-ftbfs-report/historical/primary-quantal.html#main shows
<zul> hallyn: im going to upload libvirt today
<hallyn> zul: excellent.  so dwarves MIR was approved?
<zul> hallyn: yep
<hallyn> yeah, that ftbfs (if it's the one i'm thinking of) was due to gnulib.  hopefully it just doesn't happen in 0.9.12
<hallyn> stgraber: around?
<hallyn> I'm doing the lxc patch to mount rootfs under /var/lib/lxc/<cn>/root
<hallyn> But, I'll need to also do a mount --make-shared in src/lxc/conf.c for that dir
<hallyn> I'm looking for how to decide on whether to do that
<hallyn> (i can't do that when containers are using a shared dir)
<hallyn> I could just say "if strncmp(target, "/var/lib/lxc/", 13)" then make it rshared
<hallyn> kind of ugly, but should DTRT
<zul> Daviey: what version should we be calling the openstack SRUs
<zul> Daviety: for the snapshots? 2012.1~201205XX-0ubuntu2.1?
<hallyn> or, i could add a separate 'lxc.root.public = [true/false]" to the config, but that's kind of hacky too
<stgraber> hallyn: you could have something like lxc.mountfs = <PATH> to override the default of /var/lib/lxc/<container>/rootfs
<stgraber> hallyn: then anything that uses a shared /var/lib/<container> will have to set it to something unique
<hallyn> stgraber: there already is a lxc variable for where to mount.  So I'm just having the templates set that
<hallyn> Question is fo when that dir should be make MS_SHARED
<hallyn> but i think i've got it,
<hallyn> i'll just do it always so long as that dir != LXCROOTFSMOUNT
<hallyn> (where LXCROOTFSMOUNT for us is /usr/lib/lxc/root)
<hallyn> (lxc.rootfs.mount is the config variable for that, btw)
<stgraber> hallyn: is lxc-shutdown upstream?
<hallyn> looks like no
<hallyn> pretty sure i sent it.
<Daviey> zul: git$DATE-$(shortsum)
<zul> Daviey: ack
<stgraber> hallyn: ok. I replied to Christian regarding clean shutdown of container on lxc-devel, would be great if you could push the two lxc-shutdown patches.
<hallyn> ok, put on my list.
<smoser> zul, here is fine.
<zul> smoser: i havent looked at the image but i assumed it was qemu-system-arm
<smoser> he does say "highbank kernel"
<smoser> which would imply arm kenrel and not qemu-arm
<zul> smoser: obviously we need more info :)
<smoser> http://bazaar.launchpad.net/~dannf/+junk/make-highbank-ami/files
<ogra_> there is a qemu version for highbank
<smoser> is reported the scripts used to make it.
<smoser> dannf, ping
<ogra_> but neither packaged nor released yet afaik
<Daviey> zul: the deal is, libvirt automatically notices new systems
<dannf> smoser: yo
<dannf> ogra_: supposedly highbank support is all upstream, might even work in precise - but the upstream code isn't ideal for what i'm doing here (it boots kernel from host system, not from disk image)
<smoser> dannf, so the ami you set up
<smoser> i launch it, ssh in, and i'm in a qemu-system-arm vm, is that right?
<dannf> smoser: that's correct
<smoser> you modified the host to pass a single (ssh) port thorugh? or everything?
<smoser> is there a way to get to the host?
<dannf> smoser: all bridged through, no way to get to the host
<smoser> oh, and btw, this is really cool, thank you for doing that.
<dannf> thx
<dannf> http://bazaar.launchpad.net/~dannf/+junk/make-highbank-ami/view/head:/mac-switcheroo.sh
<smoser> dannf, ok. so zul was inteerested in reproducing this on a local system (obviously without mac_switcheroo)
<dannf> zul: sure, let me know if you need any help w/ that
<smoser> dannf,  you should have hacked cloud-init in the "guest"
<smoser> to get ports.ubuntu.com sources.list
<smoser> although i guess we can actually pass that in as user-data. funny.
<dannf> smoser: true
<smoser> (userdata does work?)
 * dannf should probably respin for that
<dannf> i don't know if userdata works or no - i've a lot to learn about cloud-init
<smoser> dannf, testing userdata
<claude2> whats the best way to monitor dell raid cards in ubuntu these days?
<claude2> i saw a post about a 3rd party repo to install the LSI megacli tool
<claude2> not sure if theres a good dell method without installing the entire OMSA tools
<hallyn> stgraber: (finally read the shutdown thread) boy some people want to make things complicated...
<stgraber> hallyn: as usual ;)
<stgraber> hallyn: I actually skipped most of Christian's e-mail when I saw that he didn't look at lxc-shutdown and just suggested he looks at it :)
<hallyn> there are probably irc logs of our discussions about whether to change lxc-stop
<hallyn> if i were smoser i coudl find them in a heartbeat
<stgraber> hallyn: my IRC logs say March 18th on this channel
<hallyn> i'm looking at mar 19 log right now :)
<hallyn> ok, so basically we didn't want to change lxc-stop behavior without upstream's consent.
<hallyn> (i'll reply)
<hallyn> stgraber: GAH!
<hallyn> if i make /var/lib/lxc MS_SHARED, then the kernel doesn't let me pivot_root under it :)
<hallyn> This is goin gto turn out more complicated than i'd thought
<stgraber> the kernel is being annoying... :)
<hallyn> And I hate to bring it up on lxc-devel right now, bc people are already in argue mode from other threads
<hallyn> this means that the only choice, if we want a shared root, is to chroot
<hallyn> uh, by shared i mean one we can maniuplate from the host
<hallyn> hm, no, let me try ONE more thing
<smoser> dannf, for your record, user-data does work
<smoser> and:
<smoser>   euca-run-instances --key brickies --instance-type=m1.large ami-aef328c7 --user-data-file=/tmp/my.ud
<smoser> where '/tmp/my.ud' is http://paste.ubuntu.com/1006618/
<smoser> sets the mirror correctly and runs the 'runcmd'
<dannf> smoser: cool! is there a ref doc for what i can do in user-data?
<smoser> https://help.ubuntu.com/community/CloudInit
<dannf> thx
<smoser> hm..
<smoser> dannf, what does security.ubuntu.com do for armhf?
<smoser> er... where do security updates come from?
<smoser> i guess they come from ports too.
<smoser> thats broken in the userdata above (ie, 'apt-get update' will fail due to still trying to use security.ubuntu.com)
<dannf> good question
<smoser> you could use a boothook to edit template file (just write it straight away with what you want it to have)
<smoser> or even a runcmd if you weren't trying to install packages via cloud-config.
<dannf> oh, snazzy :)
<stgraber> hallyn: I only just noticed http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=644473e9c60c1ff4f6351fed637a6e5551e3dce7 !
<smoser> anyone who wants can look at dannf's handywork if they're interested
<smoser> be nice, it will die in 40 minutes
<hallyn> stgraber: man, if you get lxc-start to fail at the right time, you *really* pollute your mounts table
<hallyn> i think start.c should probably try to clean up...  though that'snot a trivial matter
<smoser> anyone interested can:
<hallyn> ah yes.  we have part of user namespaces :)
<smoser>   ssh ubuntu@ec2-23-20-232-135.compute-1.amazonaws.com
<smoser> with password 'abcdefg'
<smoser> but that instance will die at 17:00 UTC (41 minutes from now)
<hallyn> smoser: permissiond enied (publickey)
<stgraber> hallyn: hehe, I've got a fix-mount-table script I use when I'm working on arkose, basically a while loop iterating through /proc/mounts and unmounting everything until all entries are gone :)
<hallyn> stgraber: gah.  yes.  we can't pivot_root into MS_SHARED dir.  what do you think about introducing a lxc.use_chroot option?
<hallyn> maybe i should just bring it up on lxc-devel
<smoser> hallyn, try again
<stgraber> hallyn: is chroot "safe" now? and if it's, why still use pivot_root?
<hallyn> stgraber: no.  but we have apparmor for that :)
<smoser> it seems that if you enable empty passwords, rather than enabling password auth in openssh's config file, it doesnt actually enable password auth.
<smoser> (whoops)
<hallyn> though, i haven't tested that.  i probably should
<hallyn> smoser: still hanging on motd :)
<smoser> its not fast.
<hallyn> nice.  highbank
<smoser> you're runnign qemu-system-arm inside a ec2 m1.large
<zul> hallyn: its uploaded
<hallyn> zul: thanks
<RobertLaptop> Anyone know of a ppa for jboss as 7.1?
<hallyn> stgraber: when i chroot instead of pivot_root()ing, mountall is not happy.  tries to mount all the things you taught it not to mount
<RobertLaptop> It looks like jboss as 4.2.3 is the only version included with ubuntu
<stgraber> hallyn: can you dump /proc/mounts before mountall runs? something must be quite wrong in there for it to try and mount them all...
<hallyn> stgraber: well here is mounts after mountall runs... http://paste.ubuntu.com/1006687/
<stgraber> hallyn: I didn't put any container specific logic in there, I just taught it not to mount something that'd hide an existing mount (/dev being mounted when /dev/pts is already mounted for example)
<hallyn> right, and chroot doesn't change the /proc contents.  so i guess that's a reason chroot does not suffice.  IIUC
<stgraber> yeah... we'll have to stick with pivot_root then
<zul> adam_g: im in the middle of collecting bug numbers for the openstack SRUs
<adam_g> zul: cool. they should all be in the git commits, no?
<zul> adam_g: well there is two that doesnt have a bug assoicated with them
<zul> for nova at least
<adam_g> SpamapS: which ones
<adam_g> er
<adam_g> ^
<adam_g> SpamapS: around?
<zul> adam_g: one is for generating a changelog for the git commits when you run sdist, and the other is make tests past on osx (???)
<SpamapS> adam_g: I am, wassup?
<ScottK> wassup is you're supposed to accept my SRU packages ....
<ScottK> :-)
<adam_g> ScottK++
<hallyn> stgraber: which means that if we want to support shared mounts between host and container, we need to go back to the idea of a /shared
<hallyn> I'm going to let that sit for a bit and get back to it on wed or thu
<bustabust> CIFS mounting issue on Ubuntu server... I have a drobo NAS with a share called central. I can 'smbclient -L drobo-primary' and see the share called central. However when I run the command 'sudo mount -t cifs -o username=bustabust,password=mypass //10.10.1.150/central /mnt/drobo' error says Unable to find suitable address. Any ideas? I've googled the heck out of this thing
<hallyn> zul: drat, I should have warned you.  The debdiff for 0.9.8-2ubuntu19 got lost in the 0.9.12 upload
<zul> doh...link?
<zul> ill upload ubuntu2 this weekend
<hallyn> zul: it was the patch attached to https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1001625
<uvirtbot> Launchpad bug 1001625 in libvirt "Guest clock stops after live migration on Ubuntu 12.04 hosts" [Medium,Confirmed]
<hallyn> (or just dget dget https://launchpad.net/ubuntu/quantal/+source/libvirt/0.9.8-2ubuntu19/+files/libvirt_0.9.8-2ubuntu19.dsc)
<zul> hallyn: thanks ill get that one in
<hallyn> zul: thanks.  (my fault)
<zul> im guessing any SRUs as well
<hallyn> zul: ?
<hallyn> what do you mean, you're guessing sur's?
<zul> hallyn: is there an SRU for libvirt in precise or am i halucinating
<hallyn> this bug needs to be SRU'd for it yes.  i haven't done that yet
<carroarmato0> Hello, I'm trying out MAAS with LXC. I've gotten to the point where Maas is fully installed in a container, but after adding a node, it says that it's "Commissioning", and stays that way. Any help?
<adam_g> zul: i need to run out but ill look through and confirm that bug list when im bcak. we should try to script something that generates that for us at point
<zul> adam_g: yeah im working on a script now :)
<adam_g> zul: im sure whatever scripts they have to parse that stuff out of gerrit proposals is available somewhere in the openstack-ci repo
<adam_g> back in a while
<rcsheets> how does one report spam in a comment on launchpad?
<dannf> smoser: do you have a cloud-init patch for switching the default apt server, or should i just do a sed hack?
<dannf> ... or should i actually help out and send you a patch taht fixes the bug :)
<smoser> dannf, there is no pathc in lcoud-init (you're welcome/encouraged to fix upstream to chose better)
<smoser> the cloud-config is actually a supported path (for internal mirrors or othe rmirro)
<smoser> but the security. was not thought about.
<smoser> (the fact that security.ubuntu.com is not used for ports).
<ahasenack> hi, this ec2 image ami-5c892f35 in us-east-1 doesn't work
<ahasenack> it's quantal
<ahasenack> here is console output:
<ahasenack> http://pastebin.ubuntu.com/1007018/
<ahasenack> I got that id from http://uec-images.ubuntu.com/quantal/current/
<hujifalak> hello, iam learning to work with linux . can someone pls provide me ssh access to some server ?
<streulma> hello
<streulma> is it possible to set a hostname without rebooting the server ?
<guntbert> hujifalak: search for "free ssh" - there are still several available
<StevenR_> hujifalak: install your own virtual machine?
<erichammond> hujifalak: Amazon AWS/EC2 has a free tier that you can use to run and experiment with Linux: http://aws.amazon.com/ec2/#pricing
<hujifalak> erichammond i wanted to try it but it requires credit card information even when they are not charging anything ?
<erichammond> hujifalak: correct.  If you use resources that are not covered by the free tier, you will be charged for them.
<gary_poster> stgraber, hi.  I'm updating bug 994752's description per your request.  In preparation for that, I was looking at the quantal packaging branch, and noticed you took out lxc-ip in favor of an in-line function within lxc-start-ephemeral.  lxc-ip is actually quite nice to have for other reasons as well.  Is there a way we could advocate for getting it added back?  Or is getting it upstream our only chance?
<uvirtbot> Launchpad bug 994752 in lxc "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,Fix committed] https://launchpad.net/bugs/994752
<stgraber> gary_poster: no :)
<gary_poster> stgraber, <snort> which one
<stgraber> the new lxc-attach will support attaching to only the network namespace if you want
<stgraber> and the API will have a call to get all the container's IPs that will likely be added to lxc-info
<gary_poster> stgraber, in bash?
<stgraber> so there was no good reason to keep lxc-ip in 12.10 just to replace it in a few months (and backward compatibility being a pain, it was easier to get it out before anyone noticed :))
<gary_poster> heh
<gary_poster> if lxc-info then C
 * gary_poster wants more Python and less bash
<stgraber> right, we have patches on lxc-devel now that let you do "lxc-attach -s NET -n container -- ip -4 addr", we're also working on API design now and I'm trying to get a get_ips() call in there that lxc-info can use
<stgraber> for 12.10 I'll also be providing a python binding for the new API
<stgraber> so after these are done, there really shouldn't be any need for lxc-ip :)
<streulma> we use Virtualbox on servers :)
<streulma> how long can we stay at 10.04 LTS ?
<gary_poster> stgraberm, sounds great (though a mild shame we went to the trouble for naught).  The one thought I have for lxc-info's IP stuff is that it would be nice if it had a "just get the IP and you don't have to use sed/awk to parse the output" option.  The sed/awk stuff always feels pretty fragile to me
<stgraber> gary_poster: sure, that's why I want to get the IP list in the C API so we can have it returned by lxc-info and from the python module
<stgraber> gary_poster: so you should be able to do:
<stgraber> import lxc
<stgraber> mycontainer=lxc.Container("mycontainer")
<stgraber> mycontainer.get_ips()[0]
<nathwill> stgraber, that sounds awesome :)
<gary_poster> stgraber, that's great!
<gary_poster> stgraber, one other only mildly related thought: in lxc-start-ephemeral when we start up 32 instances of these (and we do, with 24 planned for production) the timeout gets out to 2.5 minutes before we can actually connect.  Is there a chance we could squeeze in a configurable timeout for bug 994752 also?
<uvirtbot> Launchpad bug 994752 in lxc "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,Fix committed] https://launchpad.net/bugs/994752
<gary_poster> 2.5 minutes before we can connect to all of them, I should say
<gary_poster> essentially, make TRIES something you can pass in
<stgraber> gary_poster: I have no problem adding a parameter for that in quantal, though that's technically a new feature so I'm not sure we can really SRU that back to precise
<stgraber> gary_poster: isn't there a magic command that lets you run a given command when your load average is below a given threshold? I think you could use that to fix your problem (assuming it takes that long because of all the containers starting at the same time)
<gary_poster> stgraber, we need it to truly address that bug, is the issue.  Alternatively, we can simply bump TRIES to something gigantic...hm, that sounds interesting, lemme search for it
<gary_poster> niceload is close but no cigar...
<gary_poster> and also it is not available in ubuntu afaict
<stgraber> gary_poster: parallel -l 1 -- "echo 1" "echo 2"
<gary_poster> stgraber, nice, thank you.  We'll play with it.
<gary_poster> stgraber, there are still some problems with that.  I'll mention them in the bug description and we can go from there.
<gary_poster> thank you again
<hallyn> smoser: if i do ec2-run-instances -f userdata.sh -n 3 ami-whatever, is [0-2] or [1-3] passed to the userdata scripts by chance?
<erichammond> hallyn: You will want to query the ami-launch-index from the user-data script.
<hallyn> just echo $ami-launch-index?
<erichammond> hallyn: It'ts available from the instance at: http://instance-data/latest/meta-data/ami-launch-index
<erichammond> or using a tool that queries that for you.
<erichammond> starts at "0"
<hallyn> erichammond: awesome, thanks
<koolhead17> adam_g, is there a document around quantum which can help me deploying it on precise
<adam_g> koolhead17: not that im aware of
<koolhead17> adam_g, any plan to have it in future :P
<adam_g> koolhead17: probably at some point. i hope to take my first dive into quantum next week or so
<koolhead17> that be great
<koolhead17> zul, do we have quantum pkg ready for test
<koolhead17> on Q
<zul> koolhead17: no
<koolhead17> zul, i can use it for precise/essex for now
<Psi-Jack> Anyone here ever played around with NUT for UPS monitoring? I'm curious as to what kind of netserver/netclient master/slave setup I should be doing to insure that my infrastructure network shuts down decently and cleanly the case of a long-term power outage. I just finished a diagram.ly chart to show everything. ;)
 * jmedina wonders what a diagram.ly is...
<Psi-Jack> Website to generate diagrams. ;)
<Psi-Jack> http://i.imgur.com/Jw3Ki.png
<Psi-Jack> Like so.
<jmedina> :O
<jmedina> wow, looks good that site, thanks for sharing
<Psi-Jack> No problem. :)
<Psi-Jack> You can't directly share full diagrams you've made, but you can export/import XML files of diagrams made with it.
<jmedina> reminds me dia
<Psi-Jack> Other websites can do it, but you usually have to pay for that service.
<jmedina> do you know if works with libreoffice draw files?
<Psi-Jack> Not sure..
<Psi-Jack> Doubtful.
<Psi-Jack> I believe the clipart images used on this are actually kinda ripped from Microsoft Visio
<Psi-Jack> Guess you don't use NUT though do ya? heh
<jmedina> Psi I juse NUT in single desktops and servers
<Psi-Jack> heh
<Psi-Jack> Nothing like my little infrastructure, eh?
<jmedina> I dont have a infrastructure like yours, I just courius because can help in future
<Psi-Jack> I'm thinking I should basically hook up Hyp1-4 as slave to Stor1, and continue to also have Hyp3 slave to Hyp1, and Hyp4 slave to Hyp2.
<Psi-Jack> Hyp1, Hyp2, and Stor1 all being directly connected to each their own APC UPS, being in master mode themselves.
<Psi-Jack> Effectively, according to the docs, which would make Hyp1-4 shut down well before the Stor1 server they need, and with Stor1's delay to self shutdown be long enough to sustain the slaves as they shut down... It's tricky. ;)
<jmedina> looks like that, for the names I guess it is a virtual infrastructure
<jmedina> virtualized
#ubuntu-server 2012-05-26
<gary_poster> stgraber, I changed that description an hour or so ago
<randomDude> would i use puppet to manage firefox addons/settings/bookmarks, googlechrome addons/settings/bookmarks, thunderbird settings/useraccounts for a localnetwork of workstations deployed by a cobbler server?
<arooni-mobile> i'm not able to start mysql on ubuntu 10.04 lts;  mysql pre-start process (2655) terminated with status 1 ... any ideas on how to fix?  thanx!
<jmarsden> arooni-mobile: read your log files for more details on the error?
<arooni-mobile> jmarsden, thats all the info i have in my error logs
<jmarsden> arooni-mobile: Thread at http://ubuntuforums.org/showthread.php?t=1499658 suggest maybe bug #573318 is relevant?
<uvirtbot> Launchpad bug 573318 in mysql-dfsg-5.1 "mysql server will not start" [Low,Invalid] https://launchpad.net/bugs/573318
<arooni-mobile> for some reason i can start mysql with safestart but i cant start with upstart /etc/init.d/mysql start
<arooni-mobile> can someone help me resolve?
<SpamapS> arooni-mobile: do you have anything in /var/log/mysql* ?
<pdtpatrick> Question -- what creates the ~/.bashrc ? Reason i ask is I'm not seeing the same configs in /etc/bash.bashrc or /etc/profile  .. for instance, where'd this come from: "force_color_prompt"
<bioman> Hello :)
<bioman> Using 11.10 Server
<bioman> Found 3.3.7 kernel here : http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.3.7-precise/
<bioman> Will it work ok ?
<bioman> Nobody can tell me ?
<randomDude> 1. downloaded ubuntu-12.04-alternative-x86_64 iso from mirror.internode.on.net/pub/ubuntu/ubuntu/, 2. installed a new ubuntu-12.04-x86_64 server in a vm 3. mounted the alternative iso to /media/cdrom 4. sudo apt-get install cobbler cobbler-web puppet 5. checked cobbler web is all up and running yep all good 6. sudo cobbler import --name=ubuntu-12.04-workstation --arch=x86_64 --path=/media/cdrom 7. checked distros : none.
<randomDude> this exact process works on 10.10, after iso import, there appears the distro in the distro list for cobbler
<randomDude> ok it worked this time...
<randomDude> seems cobbler import isn't always reliable
<Justinsas> Hi everyone, looking for a little help with a troublesome raid5, anyone able to have a look and see if they can help dmesg output is here https://www.dropbox.com/s/pvmcyppkx23y69u/raid.txt
<RoyK> Justinsas: looks like a bad drive somewhere
<RoyK> Justinsas: have you run fsck?
<RoyK> Justinsas: also, check the drives with smartctl -H to see if something is obviously bad
<Justinsas> It works fine if I reboot but soon after just dies and all drives disappear.
<Justinsas> I'll run thouse and see what i get.
<bencer> hi all, quick question, running zabbix 1.8.11 from precise, new item proc.num[slapd], running zabbix_agent -t proc.num[slapd] returns [u|1] while latest data reports 0, any idea what could be wrong here?
<Justinsas> RoyK I've just removed a drive and sent it off because the raid told me it was failed.
<RoyK> Justinsas: bingo ;)
<RoyK> Justinsas: hope you have something to replace it with
<Justinsas> But I thought the raid would be ok to run without one drive
<Justinsas> it just wouldn't have any redundancy?
<Justinsas> RoyK, I thought raid5 could run with one disk gone?
<drecute> one of my filesystem failed to mount and now i can't reach the login console
<alphanoop> I have bought a cheap server off ebay and have it on my LAN. I have installed Ubuntu Server 12.04. Where is a good place to learn to create and administer a website?
<mardraum> alphanoop: bit of a broad question. Maybe start with a CMS like drupal or wordpress - see their docs
<alphanoop> mardraum: I have tried Googling a bit and there is a ton of information. I was looking from someone with experience to give me a good n00b starting point or tutorial.
<mardraum> you haven't given anymore information as to what you want
<mardraum> do you want a CMS?
<mardraum> are you interested in the site itself, or playing with web servers ?
<RoyK> Justinsas: raid5 can run fine with a disk gone, but it's very vulnerable
<RoyK> Justinsas: since the next disk that dies, will kill the raid
<alphanoop> Whats a CMS? I know there are different kinds of websites php boards, etc... but I'm looking for a commercial type website.
<alphanoop> sorry for the ambiguity
<RoyK> !cms
<RoyK> cms is a content management system
<RoyK> usually a database-backed engine for making web pages easier
<RoyK> with wordpress being a rather simple and very much used one, and drupal and joomla other, more advanced, but somewhat harder to learn
<streulma> has rebooted a server... 7 minutes
<streulma> maybe a long time before the raid controller is fully up :)
<RoyK> some raid systems take ages to boot
<streulma> haha
<streulma> no worrys
<streulma> it works fine now
 * RoyK doesn't use raid controllers for linux systems anymore
<rb_> hi everybody !
<rb_> It's actually the first time I come to an IRC channel (you have to start sometime ...) ; may I ask you a few questions ?
<streulma> yes
<mardraum> you just did...
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<rb_> I'm planning on buying a server - this one : http://www.ubuntu.com/certification/hardware/201105-8031/
<streulma> yes it's good
<streulma> we use it also
<RoyK> rb_: and...
<RoyK> hm.. not certified for precise
<rb_> it is said that it can support ubuntu server, however, I saw that the raid1 controller is not supported,
<streulma> it runs fine with Ubuntu Server 10.04
<streulma> raid controller not tested
<RoyK> rb_: if it's a typical onboard raid-1 thing, it's bogus
<RoyK> rb_: software raid is just as good, or better, than most hardware raid, so just use that instead
<ikonia> rb_: so you have good info from the ubuntu site, the server is supported, but the raid controller is not
<rb_> but it seems that ... yes indeed software raid can do as fine
<RoyK> rb_: some "raid" controllers, mostly those on the mobo, aren't really raid controllers. they have most of the raid stuff in the (windows) driver
<RoyK> rb_: so, really, not a raid controller, perhaps a chip with some acceleration, but hardly worth looking at
<RoyK> rb_: those controllers normally work well as ordinary disk controllers on linux machines
<rb_> I actually don't know much about computer components ; can I just buy this server with only 1 hard drive (and no raid) and then add another hard drive later ?
<streulma> yes
<rb_> (I mean will there be a power supply for it ... ?)
<streulma> it supports 2 hard drives
<RoyK> rb_: if you want software raid, the server needs to be installed with it, but you may be able to install on a broken mirror
<ikonia> rb_: I'd suggest contacting a hardware vendor, such as dell, and asking for advice with component selection
<RoyK> rb_: do you want mirrored drives?
<ikonia> rb_: if you are not sure how the basic hardware components work, you may benifit from the vendor helping you
<rb_> by mirrored drives you mean raid1 ?
<RoyK> yes
<rb_> yes then
<RoyK> rb_: then you need to create the mirror during installation
<rb_> ok
<RoyK> rb_: IIRC installer supports creating a mirror on only one disk, aka a broken mirror - while worthless without a second drive, you can easily add the second later
<rb_> well my other question was about "UEFI Enablement" : is it worth it ? (I mean, I don't really know what it is ; should I enable it or not ?)
<RoyK> rb_: UEFI is the new BIOS replacement, which is nice, but I'm not sure if it's as easy to setup as with old BIOS. See https://help.ubuntu.com/community/UEFIBooting
<rb_> (sorry, I really am a begiiner)
<RoyK> nothing to worry about - we've all started somewhere :)
<rb_> ok thanks a lot
<drecute> hi
<drecute> please I need help with this: http://markmail.org/message/6y4j7f7u6bvvve5f
<streulma> hi
<streulma> I have a BIND9 server on Ubuntu Server
<streulma> the master server notifys the slave
<streulma> but the slave is not up to date
<streulma> the slave says it is up to date
<streulma> but it is not
<vrturbo> can you see the tcp 53 transfer traffic on the slave ?
<vrturbo> have you got allow-transfer {slave ip} on the master ?
<eutheria> does anyone use sssd on their servers? i have a weird issue with local users over uid 100 that don't come from my ldap server
<vrturbo> have you tried deleting the zone file of the slave server ?
<vrturbo> streulma, also check the bind / named logs on the slave, the master might be refusing
<streulma> nothing refusing
<eutheria> when sssd is running, i change user, has anyone seen anything like this before? http://pastie.org/3971359
<streulma> notify from ...... zone is up to date
<streulma> refresh was 1 week
<vrturbo> bingo
<RoyK> streulma: and serial is updated? and file is writable for the bind user? and apparmor isn't stopping anything? and all logs say ok?
<streulma> ho, a good check
<streulma> should I update the serial every time ?
<streulma> everytime I change a recor
<streulma> d
<RoyK> yes
<streulma> ok
<RoyK> streulma: and it must be *incremented* every time
<RoyK> the slave won't update anything unless it sees a larger serial
<streulma> ow ok
<streulma> how do I format a serial ?
<RoyK> the usual way is YYYYMMDDxx, where xx being a serial starting with 00
<RoyK> but that's no *defined* way, just a guideline
<RoyK> so, for my private domain, I have serial 2012051501, which tells me I changed it, twice, the 15th
<streulma> ok
<streulma> I'll see it in a few hours if it's updated
<RoyK> the slave should be notified immediately and update
<RoyK> what takes time, is for the changes to propagate out throughout the net where dns servers cache things
<RoyK> what's your domain name?
<streulma> it's internal
<RoyK> ok, then it shouldn't take much time
<RoyK> as in, change should be immediate
<RoyK> unless you have another dns server in front, caching
<streulma> oh, it has not updated the serial in slave
<RoyK> that's a rather clear hint that something's not good ;)
<RoyK> check the slave's logs
<RoyK> what's old/new serial?
<streulma> old 1 :)
<streulma> new 2012052601
<RoyK> ok :)
<streulma> zone domain notify from master: zone is up to dae
<RoyK> wtf
<RoyK> can you pastebin that master zone file or at least its SOA?
<streulma> in SOA localhost
<streulma> we came from a standalone server
<streulma> should I set SOA ns1.domain ?
<RoyK> that's not the whole soa
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<RoyK> this is an example
<RoyK> http://paste.ubuntu.com/1008167/
<RoyK> line 1-2 isn't part of the SOA, the rest is
<streulma> it's ok
<streulma> now
<streulma> when I retransfer the zone
<streulma> rndc retransfer zone zonename
<RoyK> streulma: just rndc reload on the master and the slave gets it?
<RoyK> you shouldn't need to specifically retransfer
<SpamapS> zone transfers.. ugh
<SpamapS> I was so much happier when I used tinydns+rsync .. :)
<RoyK> nah - let's go back to the hosts file
 * RoyK wonders how big that would be these days :D
<haxxpop> From this link, https://help.ubuntu.com/12.04/serverguide/dns-configuration.html, Can I set only Primary Master?
 * RoyK only uses a single master
<RoyK> I guess a secondary master makes sense in a large setup
<RoyK> for me it doesn't, if the master dies, I promote some slave to the master or reinstall the master and restore from backup
<haxxpop> replace "example.com" with mine, right??
<RoyK> yep
<haxxpop> Must I change "192.168.1.10" in the document?
<RoyK> what?
<RoyK>         IN      A       192.168.1.10
<RoyK> that one is an address record pointing 'example.com' to that ip
<haxxpop> yes
<RoyK> so obviously, if you want youdomain.tld to point to that address, keep it ;)
<haxxpop> my ip is 122.155.18.33, so I should change 192.168.1.10 to 122.155.18.33, shouldn't I?
<RoyK> yep
<haxxpop> In the website of my domain-name vendor, besides 2 ns records, should I add any one else?
<haxxpop> two ns records are
<haxxpop> dns1.pathosting.com
<haxxpop> dns2.pathosting.com
<haxxpop> while pathosting.com is my domain-name vendor
<RoyK> then you need an A record for the domain, and one for www, and perhaps one for mail if you want that, and you probably want an MX record to tell things where to send mail@youdomain.tld
<haxxpop> three A records and one MX record, right?
<RoyK> as many A records as you might want ;)
<RoyK> or CNAME for new hostnames that should point to the same server
<RoyK> CNAME is like an alias
<haxxpop> when I try to add an A record, it ask me three things: host name, destination ipv4 address, ttl. So I can't add more than one.
<haxxpop> the host name should be different?
<RoyK> ttl should be 3600 or perhaps 7200 or even 14400
<RoyK> huh
<RoyK> if you open a browser and type "www.xkcd.com", www is the hostname / A record
<RoyK> haxxpop: you should read up a little about how DNS works
<haxxpop> RoyK: Should networking be read from the low layer to the high layer?
<haxxpop> I'm trying to read from the Physical Layer
<patdk-lap_> all depends what the goal is
<patdk-lap_> normally knowing layer 2 and up is useful
<patdk-lap_> layer 1 is normally only if you physically are building it
<RoyK> in most circumstances, knowing the details of layer 1 doesn't help much ;)
<RoyK> patdk-lap_: L1 isn't really *physical*, it's the signalling etc, not the hardware
<patdk-lap_> ya, isn't signally, or electrical/optical
<patdk-lap_> the hardware does play into it, either fiber/copper/longreach/...
<RoyK> but layers 2,3,4 are once that a techie should know
<RoyK> s/once/ones/
<haxxpop> does layer 1 mean Physical and Data Link Layer ?
<RoyK> haxxpop: L1 is signalling, L2 is data link
<patdk-lap_> normally, layer1 is elecrtical, but siganlling is a better term
<RoyK> haxxpop: http://en.wikipedia.org/wiki/Osi_model
<patdk-lap_> l2 would be mac, ip, ...
<RoyK> patdk-lap_: IP is in L3
<patdk-lap_> hmm, ya
<RoyK> TCP port number, for instance, in L4
<haxxpop> RoyK: I think you might be talking abount TCP/IP
<RoyK> haxxpop: TCP/IP maps neatly into the OSI model
<patdk-lap_> tcp does, other ones don't
<RoyK> patdk-lap_: *generally* speakig (since I guess haxxpop is a newbie, and too much detail will be confusing), it maps ok
<patdk-lap_> hmm, maybe I'm thinking too much ipv6 these days
<RoyK> mhm - soon out of IPs http://xkcd.com/865/
<patdk-lap_> normally, in simple terms
<patdk-lap_> l1 = electrical
<patdk-lap_> l2 = network
<patdk-lap_> l3 = routing
<patdk-lap_> l4 = connection
<patdk-lap_> for a tcp/ip stack
<RoyK> no, l2 is data link, not network, but I guess that depends on the definitions ;)
<RoyK> l3 is network, including routing
<RoyK> l4 is transport
<RoyK> l5 is session, aka connection
<patdk-lap_> like I said, in *simple* terms :)
<RoyK> simplifying doesn't mean lying ;)
 * RoyK thinks 30ËC is a bit over the top in May, in Norway, where we usually start undressing before it's hit 15ËC
<patdk-lap_> odd, irc is still working, but everything else is dead
<RoyK> :)
<patdk-lap_> have my firewall halfway in a precise upgrade
<RoyK> patdk-lap_: not precise enough? ;)
<patdk-lap_> I think it screwed my iptables, attempting to *help*
<vrturbo> MOst of the time I deal with layer 1 i guess is flashing firmware onto mezz roms ha ha
<patdk-lap_> likely when upgrade is finished, it will be good again
<RoyK> patdk-lap_: sure - mohaha :D
 * RoyK have seen grub messup before
<haxxpop> do you know how much time will it take after my configuration?
<patdk-lap_> oh, it does, on every single upgrade I have done :)
<patdk-lap_> easy to fix though
<RoyK> haxxpop: ?
<haxxpop> how long will the DNS be updated?
<patdk-lap_> did you just change your dns servers?
<haxxpop> yes
<patdk-lap_> anywhere from now, till 2days
<patdk-lap_> depending on caching
<haxxpop> I hope that my configuration is not wrong.
<patdk-lap_> what configuration?
<patdk-lap_> test it manually?
<RoyK> haxxpop: dns updates are immediate if tested locally, what takes time, is the caching in the network, normally maximum TTL
<haxxpop> patdk-lap_: DNS config
<patdk-lap_> yes, but what is a dns config?
<patdk-lap_> the configuration of your dns program?
<patdk-lap_> I just don't get what you mean
<patdk-lap_> testing your dns records are easy, use dig
<haxxpop> patdk-lap_: in Bind, /etc/bind/named.conf.local and others
<drecute> please I need help with this: http://markmail.org/message/6y4j7f7u6bvvve5f
<haxxpop> Oh !! Thank to all of you. My server deployed.
<patdk-lap> hmm
<patdk-lap> well precise really screwed that that computer good :(
<patdk-lap> e1000 driver looks very unstable on it
<RoyK> e1000 driver?
<RoyK> I thought that had stablilised years ago
<streulma> RoyK: dns is working fine now
<streulma> I must wait an hour before the slave has the new record
<patdk-lap> https://bugzilla.redhat.com/show_bug.cgi?id=754589
<uvirtbot> patdk-lap: Error: Could not parse XML returned by bugzilla.redhat.com: HTTP Error 404: Not Found
<patdk-lap> that is the exact issue I'm having with my e1000 on precise
<patdk-lap> both vlan and tx checksum
<streulma> hello
<streulma> I've changed the hostname
<streulma> in mail.log there is the old hostname
<streulma> server is restarted
<streulma> when I mail to postmaster@server
<streulma> ok changed in /etc/mailname
<LordOfTime> is it possible to edit already-existing SSH keys to have a different comment line (for example, if the current comment line is "Random SSH Key 1", can I rename it to "Nonrandom SSH Key 1" without regenerating the key)
<benmunat> trying to upgrade my remote server from 10.04 to 12.04 and it failed; trying to continue the upgrade with apt-get dist-upgrade but I get a lot of dependency errors: do-release-upgrade
<benmunat> oops, meant: https://gist.github.com/fbd06971320fc4b9cb2e
<patdk-lap> LordOfTime, the comment isn't part of the key, just edit it
<LordOfTime> sweet, thanks
<benmunat> ah, just had to remove a file from /var/lib/defoma/fontconfig.d/ it appears
<benmunat> ok, now stuck at: /usr/sbin/grub-probe: error: failed to get canonical path of /boot/grub/locale.
<benmunat> i don't have a /boot/grub/locale directory
<master> Hi, what speed of file transfer should i expect from a samba on the follwoing config: SATA2 hdd on 2 GHz via gigabit network?
<master> if a homesetup
<master> 1
<qman__> master, too many factors to give you a decently accurate number, but 50MB/s is not unreasonable
<qman__> smb peaks around 100MB/s from SSD and sata 3
<qman__> you can get 80MB/s with some decent controllers and a big raid
<patdk-lap> qman, that makes no sense
<qman__> anecdotal numbers
<patdk-lap> I get 90MB/sec over gigabit using smb and a single rotating disk on sata1
<master> so my setup is totaly horrible, i get 12 mb/s
<qman__> yes
<patdk-lap> but ya, the limits are the disk, the interface, how the nic is connected on each computer, and cpu hz
<qman__> when I say 50MB/s, that's budget stuff
<qman__> the low end
<patdk-lap> ya, most nic's will be limited to 30-50MB/sec
<qman__> it should be between that and 100MB/s
<master> how to start diagnosing the problem
<patdk-lap> master, test with iperf
<qman__> and test your disk speed
<patdk-lap> make sure your network is fast and configure correctly
<patdk-lap> plus, smb these days use encryption, so that will slow it down some too
<master> patdk-lap: im setting a homeserver for filesharing, dhcp (not on at the moment), backup via bacula and so on
<patdk-lap> what motherboard?
<master> the metal is dc530 ultra slim, with 2ghz pentium 4, 2gb ram, at preset with the integrated NIC. Traffic is going via a TPlink 1043nd router
<patdk-lap> heh?
<master> patdk-lap: HP DC530 ultra slim oem machine
<patdk-lap> no pcie?
<patdk-lap> and no onboard gigabit nic
<patdk-lap> so ya, your going get a max speed of 50MB/sec
<patdk-lap> cause your sharing the disk access with the nic access
<patdk-lap> and pci only has 100MB/sec to share
<kalkin> hi
<patdk-lap> so 50MB/sec to disk, and 50MB/sec to nic, and you maxed out the pci bus
<kalkin> i have a really strange problem
<master> the integrated NIC is gigabit
<patdk-lap> hmm, odd quick google said 10/100
<master> or maybe i'm an idiot
<patdk-lap> it's still probably shared on the same pci
<patdk-lap> no, I see some that have gigabit, maybe they made several models like that, hp is annoying like that
<patdk-lap> changing specs but not model numbers
<kalkin> i have a really strange problem. every day at 2300 mysql have lots of writes (i see that in iotop) and i can't explain why. it's not because of my software, because it doesn't do more writes/updates then normal at this time
<master> anyway, i'll test on the other NIC which is for sure gigabit on PCI
<kalkin> my whole software stack slows down at 2300 and i can't figure out why
<kalkin> i'm using ubuntu 11.04
<patdk-lap> PCI won't help you at all
<patdk-lap> you need pcie
<patdk-lap> or you will never got >50MB/sec
<master> patdk-lap: yes, but if I can get around 30-40 MB/s it will be suitable as file server for my current needs
<patdk-lap> basically, you need a more recent computer if you want to get increased speeds
<patdk-lap> ya, you should get 40-50MB/sec
<patdk-lap> I would go back to iperf and test
<patdk-lap> harddrive testing is also good
<master> 12 MB is totaly unacceptable, I was able to get this from the 1043nd router with external HDD hooken on the USB port
<master> hooked*
<benmunat> managed to fix all the apt upgrade issues and rebooted (luckily with a web kvm) and grub is not finding a kernel; any suggestions?
<benmunat> it's grub 1.9 and I'm at a grub shell prompt
<master> lspci | grep Ethernet
<master> oops
<master> patdk-lap: here's the problem : NIC is gigabit however it's on 100base according to mii-tool
<axisys> how do I make sure a file's mode is 644 all the time? I dont think incron do that
<axisys> an app keep changing the mode to 600 from time to time and they have no option to keep it 644..
<axisys> cron running every 5 mins (*/5) but sometimes my monitor tool fails to read those 5 mins logs because the app log file was 600
#ubuntu-server 2012-05-27
<smoser> hallyn, no, user data scripts do not get any information about their launch-index. that was a feature request made recently by hazmat, and i plan to have something for that soon.
<smoser> feel free to open a bug, though (i'd appreciate if you do, specifically mentinging desire for "launch-index" available somehow -- likely it will be environment)
<blendedbychris> anyone know tools to follow a request from haproxy->nginx->php-fpm->glustterfs and figure out latency issues?
<blendedbychris> i'm having sparatic response time issues with my web cluster nodes
<blendedbychris> it'll jump from 300ms to 3000s
<blendedbychris> er
<blendedbychris> 3s
<mcloy> can anyone see my text?  is there a way not to install kde (remove it) but run dolphin or xchat or a video (just these applications) and do all work at command line?
<twb> ikonia: is that the same guy as was doing it about two weeks ago?
<ikonia> twb: yes
<master> hello, i have a problem with my NICs, both of them are gigabit however, for some reason I can't get them to work on gigabit. They're stuck ot 100 mbs. Tried to set the manually with ethtool however no result
<haxxpop> hi, I'm try to use Phusion Passenger, but Apache2 doesn't know RailsBaseURI command. What should I do? I only did the installation before I asked you.
<sofco3> how can i change an NIC speed from  Ethernet 100Mb/s to gigabit. the nic supports its
<sofco3> i dunno why it defaults to 100
<mardraum> what is it plugged into?
<e_t_> How have you determined the speed?
<sofco3> mardraum: into tplink 1043 gigabit router with 2 meter cable
<sofco3> e_t_:  i'm setting a homeserver and noticed that file transfer don't peak above 12 mb/s
<sofco3> e_t_: used webmin is showing speed at 100mbs and also used ethtool
<e_t_> Is it a cat5e or cat6 cable that will support gigabit speed?
<sofco3> e_t_: its a cat5e
<e_t_> Can you pastebin the output of 'lspci' ?
<sofco3> http://paste.ubuntu.com/1009592/
<sofco3> I'm using the broadcom nic
<e_t_> Do you get any better speed if you use the Realtek ?
<sofco3> nope, still goes to 100 mbs
<sofco3> http://paste.ubuntu.com/1009599/
<e_t_> Same problem on two disparate cards means it's not hardware-related.
<sofco3> e_t_: yep, i think that is some configuration info
<e_t_> What's the output of 'cat /etc/udev/rules.d/70-persistent-net.rules' ?
<sofco3> http://paste.ubuntu.com/1009615/
<sofco3> just did a quick recabling so now the server and the desktop go not directly to the router but via gigabit swich, still 100 mbs
<e_t_> It looks like this is not a unique problem [ https://www.google.com/search?q=ubuntu+gigabit+100mb+only ] but I didn't see a sure solution, sorry.
<sofco31> hmm
<sofco31> hmmm
<sofco31> maybe i found the problem
<RoyK> e_t_: you can run gigabit over good old cat5 these days too
<twb> RoyK: IIRC cat5e is not *rated* for gigE, which means that while it will usually work (especially for short runs), it is not guaranteed to by quality specifications.
<RoyK> twb: cat5e is, cat5 isn't ;)
<twb> RoyK: I believe you are wrong
<sofco31> gotta go, but from first look it's some stupid bug >:( after 2 days of brainstorming it appears that for some fucking reason you can't connect to gigabit on auto config.
<RoyK> I beleive I'm right ;)
<sofco31> after everything is booted you have to manually do a ifdown and ifup
<RoyK> http://www.connectworld.net/syscon/support.htm
<sofco31> and they'll connect to gigabit
<sofco31> wtf....
<RoyK> twb: some info there http://www.connectworld.net/syscon/support.htm
<twb> https://en.wikipedia.org/wiki/Cat5e indicates it is often used for gige but makes no mention of it being rated for same
<RoyK> sofco31: some autonegotiate bits vary between makers, on 100Mbps it was rather bad, on gigabit it's been far better. the trick back in the 100Mbps days, was to use fixed speed and duplex rate
<RoyK> twb: from the link above "CAT-5e components were designed with high-speed gigabit Ethernet in mind."
<twb> gigE standard requires autonegotiation, btw.
<twb> RoyK: well, OK, thought that's not quite the same :-)
<RoyK> oh, it does?
<twb> RoyK: AFAIK yes
<twb> RoyK: I can't back that up with facts atm tho
<twb> (bedtime)
<RoyK> from http://en.wikipedia.org/wiki/Gigabit_Ethernet - IEEE 802.3ab, ratified in 1999, defines gigabit Ethernet transmission over unshielded twisted pair (UTP) category 5, 5e, or 6 cabling and became known as 1000BASE-T. With the ratification of 802.3ab, gigabit Ethernet became a desktop technology as organizations could use their existing copper cabling infrastructure.
<RoyK> sofco31: seems twb is right - gigE *requires* autoneg
<reisi> is anyone else spending their weekend at work because of the new kernel image?
<reisi> that is on 10.04 lts server; linux-image-2.6.32-41-server
<reisi> we've got every process and task hanging like http://pastebin.com/1bGnpAHp
<reisi> loads are 30+, normally < 1
<reisi> ok.. now that kvm FINALLY booted (only one guest) everything started to get unstuck
<reisi> this is 22 minutes after booting
<koolhead17> hi all
<reisi> well, i guess my problem died away by killing collectd
<tarvid> system hang this morning - http://paste.ubuntu.com/1009834/
<tarvid> last message - May 27 06:51:14 fairfax2 kernel: [1294212.040024] ata3: SRST failed (errno=-16)
<patdk-lap> kind of hard for a system to keep working
<patdk-lap> when it's harddrive is failing
<Soekris> hello
<Soekris> I got som troblues met my self and get MAAS notworking
<Soekris> I got 2 nodes with status REady is that oke ?
<Soekris> so i can run juju bootstrap ?
<tarvid> there are no hard drive failure messages
<tarvid> and this is RAID0 and no recovery action was taken
<patdk-lap> no failure messages? what do you call all those messages?
<patdk-lap> it comes down to a few issues, harddrive, controller, or cable
<qman__> yeah, one of those three failed
<tarvid> supposed to be RAID0 , I don't see any attempt at recovery
<qman__> there wouldn't be one
<qman__> the drive quit while operating, raid 0 doesn't offer redundancy, nothing to recover
<tarvid> two hard drives, two cables
<qman__> and?
<qman__> those messages indicate hardware failing, it could just be a loose cable but it's probably the drive
<qman__> raid 0 does not offer any redundancy, there's nothing to recover from, if either drive goes you're done
<qman__> it's strictly for increased performance
<tarvid> hmm, I am not sure how to check the raid array
<qman__> there's nothing to check
<tarvid> it is running at the moment
<qman__> check the hard drives' smart info
<patdk-lap> if it's raid0 there is only one answer, it's screwed
<qman__> smartctl
<patdk-lap> unless you can get that drive working again
<tarvid> maybe it is raid 1 mirroring
<patdk-lap> this is hopeless
<patdk-lap> we can only hlep based on what you can tell us
<qman__> those error messages have _nothing whatsoever_ to do with raid
<qman__> they're hardware errors
<qman__> one of your drives, cables, or controllers failed
<tarvid> installing smartmontools
<tarvid> noW SMARTCTL WAS HELPFUL
<patdk-lap> well, it's only as useful to read the data from the drive
<patdk-lap> so the better the drive is at knowing what is wrong, the better smartctl will be
<qman__> right
<qman__> and if the drive is showing a bunch of hardware errors, the drive is going bad
<qman__> if not, it might be going bad but might also be a cable or controller problem
<tarvid> http://paste.ubuntu.com/1009931/ both sda and sdb  do not look promising
<tarvid> http://paste.ubuntu.com/1009938/ mdadm -D /dev/md0
<tarvid> looks like it did what it was supposed to do - sda removed and I am up with sdb
<tarvid> thanks for the help, maybe I learned something
<Ketsueki_K> anyone have experience with ARToolKit?
<harushimo> I'm trying to run the ubuntu cloud cd
<harushimo> it isn't working
<harushimo> I keep getting this error message: This kernel requires x86-64 CPU. but only detected an i686 cpu. Unable to boot
<harushimo> what is that error message mean?
<harushimo> any ideas
<harushimo> ?
<tarvid> what is a good alterntive to vsftpd?
<tarvid> what are ny chances of forcing everyone to use sftp?
<RoyK> tarvid: scp or rsync over ssh?
<RoyK> rsync uses ssh by default these days, since, what, 2005 or so?
<tarvid> most of my clients use filezilla
<tarvid> rsync makes sense
<tarvid> i use it for inter server transfers
<RoyK> doesn't filezilla support ftp over ssh?
<smw> RoyK, it probably supports sftp
<smw> RoyK, which is NOT FTP over ssh but is a file transfer protocol that works over ssh
<RoyK> I've seen sftp used as both ftp over ssh and ftp over ssl, a bit confusing
<smw> RoyK, no, sftp is a separate protocol
<smw> ftps is ftp over ssl
<smw> RoyK, but yes... I see how this might cause confusion
<smw> RoyK, http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol
<RoyK> mhm
<tarvid> going to take some play
<zastaph> how far are aptitude usually behind release schedule?
<tarvid> first try suggests manual transfer over stfp will work from filezilla
<zastaph> for instance git is at 1.7.5.4 but current is 1.7.10.2
<smw> RoyK, http://en.wikipedia.org/wiki/File_Transfer_Protocol#Secure_FTP
<smw> RoyK, that explains the difference in a nut shell
<RoyK> I know... not very nerdy tonight, after 44km on the bike
<smw> lol
<RoyK> smw: I'm quite aware of the differences, I just find it confusing that SFTP is used for both. I also find it somewhat worrying that people still use FTP, a protocol that should have been abandoned years ago
<streulma> RoyK: still asking the same question as a few days ago ?
<smw> RoyK, here is my opinion on ftp: http://mywiki.wooledge.org/FtpMustDie
<RoyK> streulma: me? asking questions? about what?
<qman__> RoyK, SFTP isn't used for both, FTP over SSL is FTPS
<qman__> anybody who refers to FTPS as SFTP is just plain wrong
<RoyK> qman__: I didn't say it was a standard, I just said it's used for both by certain parties
<smw> qman__, people do say sftp for ftp+ssh
<smw> qman__, this is also wrong... but too comon
<qman__> and those people are wrong
<smw> common*
<qman__> of course, someone's always going to be wrong on the internet
<RoyK> http://xkcd.com/386/
<smw> qman__, I am saying that it is too common to be ignored
<qman__> I disagree
<RoyK> qman__: if a million people make the same mistake, it's not merely a stupid error, but a trend, and should therefore be allowed focus
<ringzer0> How do I get colorful tty?
<ringzer0> e.g. blue directories in bash?
<RoyK> should work by default
<ringzer0> RoyK: not in the Rackspace ssh distro/whatever
<RoyK> ls -F --colour=auto
<ringzer0> Interesting, i type bash and the colors load up.
<RoyK> ls -F --color=auto
<RoyK> ah
<RoyK> chsh
<ringzer0> what is chsh?
<RoyK> man chsh ;)
<ringzer0> The chsh command changes the user login shell. This determines the name of the user's initial login command. A normal user may only change the login shell for her own account; the superuser may change the login shell for any account.
<RoyK> yes, I know
<RoyK> so chsh -s /bin/bash
<RoyK> it'll change your default shell to bash
<ringzer0> weird, yeah I did that
<ringzer0> it seemed to change.
<ringzer0> but then i logged out and back in via ssh
<ringzer0> and it came back to non color
<streulma> why is dash the default and not bash ?
<RoyK> what does "ps $$" say?
<RoyK> streulma: no idea - it's stupid
<ringzer0> my etc/passwd is : root:x:0:0:root:/root:/bin/bash
<ringzer0> root:x:0:0:root:/root:/bin/bash
<ringzer0> oops
<ringzer0> sorry
<ringzer0> 7328 pts/0    Ss     0:00 -bash
<streulma> bin sh is linked to bin dash
<ringzer0> but when I make it work, by typing bash, it gives me: 7431 pts/0    S      0:00 bash
<ringzer0> bash without the - in front
<ringzer0> is -bash different than bash?  cause it works without the - after i type in bash again after logging in.
<ringzer0> and which bash shows /bin/bash
<ringzer0> could this have something to do with sshd?
<streulma> ringzer0:I have also -bash
<streulma> you have no colors ?
<streulma> do something like sudo apt-get install htop
<streulma> run the htop command
<streulma> and see if you have colors
<ringzer0> i see colors
<ringzer0> if i type in bash
<ringzer0> 'b-a-s-h' in the term, then it reloads, and I have colors
<ringzer0> its like ssh'd in bash vs the bash binary are 2 different things.
<streulma> I have a solution
<streulma> what do you have in ~/.bashrc ?
<streulma> a lot of text ?
<streulma> hello ringzer0 ?
#ubuntu-server 2013-05-20
<Neozonz> Can someone help me out with apache?
<Neozonz> I accidently deleted the default vhost
<overrider> i am running Ubuntu 12.04 on a ThinkServer RD630 - is there a way i can read sensor temperatures etc? Maybe some package i can install? lm-sensors yields nothing and the Fans spin pretty hard
<Senor> service samba status : samba: unrecognized service
<Senor> I have installed samba by apt-get install
<qman__> it's smbd
<Senor> mysql is installed through which pcks?
<jdrab> Senor: mysql-server?
<Senor> yeah ,
<Senor> is there another needed ?
<Syria> Hello there, I have a VPS servers, Could you please let me know how is it possible to know if the users are using ssh tunnels to browse using socks?
<andol> Syria: That is an interesting nick to have while asking questions on how to monitor your users :P
<Syria> andol:  :(
<andol> Syria: And yes it is possible, if nothing else by running tcpdump locally. Still, before monitoring your users that way you should really give them a heads up.
<Syria> andol:  I am just a person and the VPS is mine, So what is wrong with this?
<Syria> andol:  They are just two users and I told them that I can see everything that they are doing already, Actually I don't.
<andol> Syria: If you don't want your users to do socks-proxying I would assume that you could dissable that by setting AllowTcpForwarding to no. Of course, having shell access they could still run their own proxy process, but at least it would then be more clear that they are doing something they aren't supposed to.
<andol> Syria: Do note that I haven't actually verified that AllowTcpForwarding affects the socks-proxying, just an educated guess.
<Syria> andol:  This command is giving hundreds of lines.
<Syria> andol:  Could you please tell what is the command that I have to use? tcpdump -q for example?
<ballock> I'd like to discuss the sssd and ldap packages and their dependencies, is the best place to do it?
<ballock> Or can we have a hangout thing a la the UDS or something?
<ballock> Or should I post to the mailing list?
<rbasak> ballock: what would you like to do to them?
<ballock> get rid of ldap-auth-config dependency
<rbasak> ballock: for anything significant, raising a blueprint for the next UDS would be best, with a discussion on the mailing lists first. But UDS has just happened, so it will be a while until the next one
<ballock> I know, I was there.
<rbasak> ballock: in the meantime, the mailing lists would be best
<ballock> "Kiedy År. 2013-05-22 16:00 â 22:00 Warszawa
<ballock> "
<ballock> sorry, wrong window :)
<ballock> Yeah, ok
<rbasak> Daviey: I think Evan has an email awaiting moderation on the ubuntu-server list. Could you please release it?
<ballock> the Ubuntu server mailing list?
<ballock> Theoretically this covers the enterprise desktops too, that's why I'm asking.
<rbasak> ballock: I'm not sure.
<rbasak> ballock: yeah
<rbasak> ballock: ubuntu-devel might be more appropriate
<ballock> But I guess the desktop team does not cover enterprise auth things.
<ballock> Isn't Ubuntu-devel supposed to do the Python stuff? I'd say it has more to do with package dependencies and so.
<rbasak> I don't understand your question. The ubuntu-devel list is the main mailing list for Ubuntu develoeprs
<ballock> I asked because I haven't reviewed the profile of the list yet. Some mailing list that say -devel feel offended when somebody who doesn't run gdb daily posts a non-related question there.
<ScottK> u-devel-discuss might be better.
<ballock> Anyway, we had a session at the UDS about enterprise desktops and it was raised there that you had some discussions about authentication packages on this IRC already
<rbasak> ubuntu-devel description says "Discussions seeking consensus among Ubuntu developers"
<ballock> so I guessed that it's the team to ask :)
<ballock> Is it ok to post it to both your list and the devel list?
<rbasak> I'm not sure that would be useful. You'll end up splitting the discussion.
<rbasak> It might be worth letting list members know that a discussion is going on somewhere else though.
<Daviey> rbasak: I would... but annoyingly, i can't seem to find the mod password on this machine :o
<ballock> Ok, thanks.
<sw> Is there a way to remove a user from the SBS Console without actually removing the user?
<jacobw> sw: The Windows SBS Console?
<sw> jacobw, Sorry, wrong -server channel!
<ev> Would someone please let my post to ubuntu-server@l.u.c through? "Re: errors.ubuntu.com: support for Server?"
<Solarra> hey I was sent here from #ubuntu
<jacobw> Solarra: What can we help you with?
<Solarra> getting my wireless card working
<Solarra> tried this : http://www.ubuntuupdates.org/package/core/precise/multiverse/base/firmware-b43-installer
<Solarra> got this: Specific error: Dependency is not satisfiable: b43-fwcutter (>= 1:015-9)
<Solarra> when executing
<Solarra> the wireless card is a Linksys WM54GS V1.1
<jacobw> Solarra: What do you see when you run `apt-get update`?
<jacobw> !paste
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Solarra> many errors
<Solarra> could not open lock file /var/lib/apt/lists/locl - open (permission denied)
<Solarra> unable to lock directory /var/lib/apt/lists.
<Solarra> could not open lock file /var/lib/dpkg/lock (Permission denied)
<Solarra> Unable to lock the administration directory (/var/lib/dpkg)
<jacobw> Solarra: You need to run APT/dpkg commands with sudo
<Solarra> i have no idea what that means
<Solarra> i learn quickly
<Solarra> but i am literally brand new to linex
<jacobw> Solarra: OK, in Linux there's users, like your user account, and the superuser
<Solarra> similar to root in OSX?
<jacobw> Solarra: It's exactly the same thing, Linux and OS X come from the same family of operating systems
<jacobw> Solarra: sudo is a tool that allows a user to execute commands as the superuser, after they've entered their password
<Solarra> well how do I log in as root in Ubuntu 12.04 so I can do things that require the superuser?
<jacobw> Solarra: The user created by the installer can execute any command as the superuser with sudo, because it's in the group called 'sudo', all users in the group called 'sudo' can execute any command as the superuser
<jacobw> Solarra: Just use sudo, `sudo apt-get update`
<Solarra> problem
<Solarra> the computer in question has no internet until i can install this firmware
<jacobw> Solarra: Follow this guide, https://help.ubuntu.com/community/WifiDocs/Driver/bcm43xx#STA_-_No_Internet_access
<jacobw> Solarra: If you installed from CD, enable the CD as a software source in Software Center, Edit, Software Sources before you start
<Solarra> how would I do that
<Solarra> if i installed from a thumb drive
<jacobw> Solarra: You can use it as a local repository or as a CD
<jacobw> Solarra: https://help.ubuntu.com/community/AptCdrom
<Solarra> even a thumb drive?
<jacobw> Solarra: You can mount the flash disk to /cdrom and APT can find it there, but it's probably easier to follow the manual steps below
<Solarra> omg
<Solarra> you are a hero jacobw
<hXm> indeed
<jamespage> adam_g, roaksoax: pls can you review https://blueprints.launchpad.net/ubuntu/+spec/servercloud-s-openstack-charms-ha-v2 and make updates as appropriate
<jamespage> cheers
<Solarra> is jacobw still around?
<Solarra> seems I celebrated too early
<jamespage> adam_g, roaksoax: review required if you have time - https://code.launchpad.net/~james-page/charms/precise/rabbitmq-server/fixups-pre-merge/+merge/164769
<adam_g> jamespage, ack
<adam_g> Daviey, if you're around, there are rebased nova and keystone  packaging that contain security fixes in-queue for raring-proposed and quantal-proposed
<Daviey> adam_g: ok
<Daviey> adam_g: will process it today.. but not right this moment
<adam_g> Daviey, awesome, thanks!
<ScottK> If they have security fixes, why are they in -proposed and not -security?
<Daviey> ScottK: they were trumped by security uploads.
<adam_g> ScottK, the security updates were released last week directly to -security
<ScottK> Ah, got it.
<mbroadst> hi, I'm trying to run an activemq server instance on my ubuntu system, but when I run the initscript to start it (after having customized my activemq.xml configuration file), I simply get an "[OK]" message and no actual server process. There are no logs to be found, and I can't run activemq by hand becuase this initscript does a considerable amount of setup, so I was wondering if someone could point me towards getting the info I need to solve the pro
<sarnold> mbroadst: if you can't come up with something else, maybe 'strace -o /tmp/mq -f service activemq start'  -- then read the syscalls in /tmp/mq to find the problem. (Start near the end of the file..)
<mbroadst> looks like this is one of those "just run from the java distribution" things, the dependency hell wrt ubuntu and java here is nuts :)
<sarnold> oh jeeze, javathing?
<sarnold> strace might be more painful than usual there
<mrj> Is there a channel specific to MAAS?
<mrj> oh, nevermind
#ubuntu-server 2013-05-21
<energizer> This is my first server. I just ran "sudo apt-get install apache2". Now when I navigate to localhost, I get "it works!" When I go to my host's IP from a different computer, I get nothing ("taking too long to respond".) What do I need to do?
<qman__> apache listens on all addresses out of the box, and the firewall is accept-all out of the box too
<qman__> so either you configured something to block it, or you're going through a router that's not set up right, etc
<energizer> Oh i didnt even think about the firewall. I had ufw enabled. Thanks!
<energizer> I set up an apache server, put an episode in /var/www and now I'm downloading it from another computer.  Downloaded 39% in a few seconds, and hasnt made any progress for a long time. Its a 180MB file. Any suggestions.
<airtonix> energizer: use nginx instead?
<adam_g> jamespage, https://code.launchpad.net/~gandelman-a/charms/precise/nova-compute/early_keystone/+merge/164836  one last bug fix to the bash charms before they get merged. hit this when i changed up ordering of relations in deployer config
<energizer> How do i get my index.html to list all of the files in /var/www ?
<rustx> energizer: you really want do that in html ?
<andol> energizer: If you want a directory listing the easiest is generally to not have any index.html, and make sure that your web server has its indexing option enabled.
<energizer> So if I jsut delete index.html, that will automatically happen?
<andol> energizer: That all depends on how your web server is configured.
<energizer> I guess so! Thanks. Is there any reason not to do that? (Just making sure I understood rustx's comment correctly)
<greppy> energizer: it may expose files or directory structure that you don't want others to see.
<energizer> ok thanks
<rustx> energizer: well: You could use DirectoryIndex, but i advise you to configure your Allow from rules to be sure not to expose file directory structure to the whole world (as greppy said)
<energizer> Is it correct that I'm only exposing /var/www and subfolders?
<energizer> rustx if i want to make files available to friends, is this a reasonable and secure way to do it?
<rustx> yep, could be
<rustx> energizer: you have 2 choices : either use Allow From rules, and match the exact IP your friend have at home (or any IP they use)
<rustx> energizer: this will make directory list avaiable only from the IPs you configure
<rustx> energizer: or, the second choice, more simple, would be to use a .htaccess and htpasswd to provide them a password without restriction on IPs to use ..
<rustx> energizer: the second choice can be simple if your friends don't have a static ip
<rustx> energizer: most of IPs provided by ISP can be dynamic, and in that case, the first choice is more complex
<energizer> Whats the difference between these two methods? (http://bit.ly/13DFYdk)
<energizer> rustx: That looks helpful-- thanks. In the Ubuntu community page (https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles), it recommends using the main server configuration file instead of htaccess files. If I want to try the 'recommended' way, is it the same procedure as .htaccess? Any ideas?
<rustx> energizer: let me check your links
<rustx> energizer: 2 sec
<energizer> rustx thanks
<rustx> energizer: ok
<rustx> energizer: when using apache, you can create several virtualhosts
<rustx> energizer: if you only have one, you can password protect the default virtualhost (which is in /etc/apache2/sites-avaible/default) by using the following directives
<rustx> .htaccess can be also used, but the simplier for you is the following
<rustx> energizer: http://pastebin.com/xMCyLg6r
<rustx> on that way, each time apache will look to serve your default virtualhost, it will check the password file in /var/www/.htpasswd
<rustx> then, to create your user/pass in that file, you have to use the following command : htpasswd -cm youruser
<rustx> the shell  will ask for your password twice, and when it's ok, your directory will be protected
<rustx> energizer: if you need to add another account to that password file, just remove the 'c' option from htpasswd command (as c option is to create the file ...)
<rustx> energizer: to add friends, the command to use will be htpasswd -m myfrienduser
<rustx> energizer: is that clear enough to you ?
<energizer> thanks. lemme give it a look-over
<rustx> energizer: in my pastebin, i just forgot the Option +DirectoryIndex
<rustx> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch +DirectoryIndex
<rustx> it will work fine, trust me ;)
<rustx> energizer: of course, when you change your directory cofniguration, you need at least to reload apache
<rustx> or restart ^ ^
<energizer> rustx so by default i have this stuff (http://pastebin.com/4n4J4psw) in my sites-available/default. I'm supposed to replace it with your pastebin?
<rustx> energizer: exactly
<rustx> energizer: just the <Directory /var/ww> part to ... </Directory>
<energizer> I'll give it a shot. Thank you!
<rustx> energizer: you're welcome
<energizer> rustx you still here?
<rustx> energizer: yep
<rustx> still at work, so still there :)
<energizer> rustx cool. When I restart apache, i get 'illegal option DirectoryIndex'
<rustx> energizer: yep, my bad/ Replace 'DirectoryIndex' by 'Index' and it will be fine
<rustx> Options Indexes is enough for what you want to do
<rustx> which means directory listing, ..
<energizer> rustx ok I restart apache successfully with '+Indexes'. Now when i try to access localhost, i get '500 local server error'
<rustx> ok
<rustx> energizer: do 'a2enmod rewrite '
<rustx> htpasswd needs rewrite mod to be enabled
<rustx> you can have all enabled mods thanks to : apache2ctl -M
<rustx> i guess you missed the rewrite module activation to use htpasswd|htaccess
<rustx> then restart apache .. and it should work :)
<rustx> 3 time i say you this .. jejeje ..
<rustx> but i am also working on puppet stuff at the same time
<rustx> sorry for the mistakes i forgot to fix before answering
<rustx> energizer: but this is making you having a good starting knowledge about apache2 :)
<rustx> which is also great : the one that don't do mistake ... don't learn nothing :)
<energizer> so i ran 'a2enmod rewrite' and restarted apache. same 500 error.
<rustx> paste me errors logs please ?
<rustx> hooo .. dit you make the password file ?
<rustx> htppasswd -cm /var/www/.htpasswd energizer
<rustx> sorry, htpasswd -cm /var/www/.htpasswd energizer
<rustx> this is the reason why : no .htpasswd file to read :)
<rustx> 500 errors sounds like no file to read for password ...
<rustx> we wil get it
<rustx> you make me reminds my apache knowledge. That makes long time I switched to nginx ..
<energizer> rustx It works beautifully. I had put my password in the wrong folder.
<energizer> rustx wait not so fast
<energizer> rustx ya it works wonderfully.
<rustx> energizer: good then
<rustx> energizer: happy you could learn how to set htpasswd protection on apache ;)
<energizer> rustx Thanks very much! I suppose I should ask-- what is the difference between your pastebin and the code in here: https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles
<rustx> energizer : the difference between your setup and ubuntu web page concerns particular directory into a main directory. In your case, your password protection was done on the main root document /var/www
<rustx> energizer: in apache, you can set different rules for each directory inside /var/www by putting a .htaccess file inside
<rustx> each time apache browse a directory inside /var/www, it will check if .htaccess rules exists, so that to apply those into the directory - or not ...
<rustx> we did a 'default conf', but if you need different rules for different directory, then you should use .htaccess file
<rustx> energizer: at the end, the .htaccess file overrides your default rule inside an apache directory .. :)
<rustx> energizer: this is the way apache works. But, having a file read inside each directory is not so good for performances. According to me, it is better to set all particular rules into your vhost configuration
<rustx> energizer: only depends what you need to do at the end
<rustx> energizer: is that clear enough ? for that explanation about .htaccess ?
<energizer> That is very good. Thank you very much!
<energizer> rustx ^^
<rustx> energizer: you're welcome dude
<energizer> rustx Last thing. I think that i could stream video from the server before i put up the password. It doesnt seem to work now. Did these settings disable that?
<rustx> nope
<rustx> hum, maybe because of the directory index
<rustx> you maybe can't list file, and read them in the server
<rustx> the server certainly ask you to download those ..
<rustx> you have to choose, or set a DirectoryMatch rules, so that not to index the directory that serves the files on the which one you want to go with streaming
<energizer> rustx i want to double-check that i can do it without the index
<energizer> rustx so now even without +Indexes streaming doesnt work
<rustx> energizer: brb
<energizer> rustx np
<rustx> energizer: what are the options you are using at the end ?
<energizer> rustx                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch +Indexes
<rustx> energizer: try with remove -Multiviews option ..
<rustx> reload apache .. and streaming should work
<energizer> rustx didnt work
<rustx> :(
<energizer> mp3, mp4, avi -- none work
<energizer> rustx i found this thread. bottom comment seems to solve it for him, but im not sure how to apply it here
<energizer> rustx http://ubuntuforums.org/showthread.php?t=2142911
<caribou> Daviey: regarding the rsyslog SRU (bug: LP#1169740), I added a comment
<caribou> Daviey: I'm not able to reproduce the race condition with the modified script
<Daviey> caribou: It sounds like the test script never worked to identify the issue :)
<Daviey> caribou: But, it also looks like it doesn't make the situation worse.
<caribou> Daviey: that's my assumptio
<caribou> Daviey: yeah, that's what I discussed with Adam, hence marking it verification-done
<SirT> Hi there, i have just set up ubunut server on a virtual machine, but when i boot into it i get to the command line instead of the GUI. I have tried to use apt-get install ubutnu desktop, but get a 403 Forbiddon error
<SirT> can anyone help?
<edenist> by default, ubuntu server is CLI only
<edenist> you can install a desktop
<simosx> SirT, Ubuntu Server comes by default with the command line.
<edenist> what version of ubuntu server?
<edenist> you may be better off installing a desktop version of ubuntu if that is what you require. Every package that runs on server can be installed on Desktop version as well
<simosx> edenist, do we recommend to use Zentyal for those who require an easier management experience?
 * RoyK recommends learning the commandline
<edenist> SirT, if you are getting a 403 forbidden error, it sounds like your network hasn't been configured correctly during install. In which case, you wont be able to install any packages.
<SirT> Thank you for you help
<SirT> i think it seems to be a firebox firewall issue
<SirT> i will add an exception and let you know
<SirT> IT was a firewall problem - :)
<edenist> glad thats working now
<resno> its always the firewall
<Solarra> stupid question: do you folks know a linux piece of software that provides a similar functionality to TVersity Media server?
<resno> what do you want it to do?
<resno> what is the "similar functionality" you want
<Nafallo> Solarra: something like minidlna?
<edenist> there's quite a few. google "linux DLNA server". Some I have used are fuppes, ps3mediaserver.....
<Solarra> do those also support on the fly encoding?
<edenist> they do, but not all of them support it natively themselves. I believe most just use FFMPEG
<edenist> or MPLAYER
<edenist> mediatomb as well is another I have used, was a few years ago now though so I dont know if it is still maintained. I've never used on the fly encoding though.
<germanstudent> I'm having problem mounting sshfs on Ubuntu 12.04 at startup. Does someone know a good tutorial or something?
<Madkiss> cheers
<Madkiss> how do I set the DefaultTime2Retain global value for TGT storage volumes?
<SirT> im tryin gto edit the interfaces file to make my ubuntu server static ip. i have opened and edited in nano - how can i save this? i have tried to change it in editor, but it says i do not have permissions.
<hXm> SirT: press ctrl+o
<hXm> if you dont have permissions you need open it with root privileges
<ak5> hi, how do I add repositories? according to google there is something called apt-add-repository but not for my 12.04 system
<zul> yolanda:  https://code.launchpad.net/~zulcss/nova/noava-ftbfs-refresh/+merge/164650
<yolanda> hi zul
<yolanda> ok
<rbasak> ak5: http://stackoverflow.com/questions/13018626/add-apt-repository-not-found
<ak5> ty
<ak5> although thats weird that one fix works for some another for others
<ak5> the accepted answer didn't work for me
<ballock> Hello, guys :)
<ballock> as advised I posted this authentication stuff to ubuntu-devel-discuss
<ballock> https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2013-May/014518.html
<ballock> Perhaps I can get some of your attention?
<jcastro> I skipped to the bottom. :)
<jcastro> I've deployed a bunch of machines with auth too and remember doing a similar analysis
<jcastro> ballock: hey so I think the first step is to shove this all into a blueprint
<jcastro> and then submit it for discussion at the next virtual UDS.
<ballock> jcastro: you mentioned some of your analyses, were those published?
<jcastro> yeah but it was around ubuntu 7.10ish
<jcastro> let me dig it up
<ballock> sssd wasn't pretty much there yet
<jcastro> oh this is way before
<ballock> but the rest should pretty match
<qman__> samba 4 wasn't around either, and it's a real game changer
<ballock> qman__: I wouldn't necessarily agree
<qman__> for a pure linux environment I can see why you would not want to use it
<qman__> but for cross-platform compatibility it's the obvious choice
<jcastro> at the time I just used AD
<ballock> If you think that Microsoft is supposed to be the Directory server then perhaps so.
<qman__> you don't need any microsoft servers to use it
<qman__> it's just microsoft compatible
<ballock> But I wouldn't base my decision on something from that stable.
<ballock> I know you can have a Samba4 DC now
<qman__> it's not from that stable, it's a completely open source software
<jcastro> plus remember you have like a year until the next LTS
<ballock> I am aware of it.
<jcastro> so, now's probably the time to talk about it
<ballock> But still Samba4 will need to follow Microsoft's footsteps
<ballock> because that's their primary goal
<ballock> - to create a Microsoft-compatible domain controller
<ballock> and client support
<qman__> yes, which will ensure continued cross compatibility in the future
<ballock> If Microsoft decides to change the protocol, Samba will again behind it.
<ballock> Of course Microsoft
<ballock> "fearing" the monopoly problems with EC or the US something
<qman__> Microsoft isn't going to do anything to purposely break samba; they helped the samba guys get it working
<jcastro> Last I checked all their specs were open and they were working with the Samba guys
<qman__> at this point, microsoft is all for it
<qman__> and they really don't stand to gain anything by doing a 180
<ballock> will "support" samba to dismiss the accusation of monopoly in this market.
<qman__> it isn't about trust, it's about simple business sense
<qman__> and even if they do, the current product will continue to work with all existing products
<ballock> I do not think the Samba team managed to port all the AD management products like the Group Policy Editor
<ballock> I mean, the mechanisms with RPC are there
<ballock> but you are supposed to manage it with Microsoft's products anyway
<ballock> there comes a licensing problem
<ballock> aside from the patenting stuff
<ballock> i.e. that Android tax you might have heard of
<ballock> I wouldn't be shocked to hear Microsoft has a patent for CIFS or for its subset.
<ballock> I admit I haven't checked how Samba4 client behaves in my environment.
<ballock> I wish them the best.
<ballock> But as Microsoft is providing an LDAP and Kerberos interface to its directory, why not use that instead?
<ballock> It's an open standard and fits for a more generic case -
<ballock> not only for AD.
<rbasak> ballock: thanks for sending that email, and for doing all the work and research behind it.
<jamespage> hallyn, does this commit for qemu have SRU potential?  http://lists.nongnu.org/archive/html/qemu-stable/2013-05/msg00066.html
<rbasak> ballock: it's great to see somebody driving this, especially somebody who is managing production deployments.
<hallyn> jamespage: hm, i'm not sure.  it's a perf improvement, not a fix for any sort of crash
<hallyn> jamespage: are you talkign about to precise, or to raring (which has 1.4.0) ?
<jamespage> hallyn, I think precise is probably not realistic - but raring might be OK?
<ballock> rbasak: thanks for appreciation, I hope to have some progress on it
<hallyn> jamespage: i assume you're asking bc you or someone else reported impressive gains with it?
<hallyn> if so, i can give it a whirl.  though this week, starting today, i was goign to first merge 1.5.0 into saucy
<jamespage> hallyn, someone asked me in #ceph on OFTC
<rbasak> ballock: I used to work in this area in a former job. But now I'm a full time developer, and so I can't be as up-to-date with this stuff as you are.
<jamespage> hallyn, work on 1.5.0 first
<ballock> I have no access to change the actual packages nor have the contacts to ask who is able to fix stuff
<ballock> besides it is supposed to be discussed first, that's what I am trying to achieve
<hallyn> jamespage: oooh, i see.  it mainly affects rbd.  i missed that from the description :)
<ballock> Is the post in the right list to get attention or should I post links to some other lists or channels?
<ballock> Perhaps I should inform some individuals?
<ballock> The vUDS idea is good, but I think there are things to check before getting there.
<rbasak> ballock: right. If you get it agreed in a blueprint after discussion at the next vUDS, and you then provide patches to packages that are acceptable to Ubuntu developers, then you should be able to get your patches sponsored. It does take longer to get things reviewed that way, but we are all keen to make sure that this route is available to you.
<hallyn> jamespage: applies cleanly (2 line offset) to 1.4.0, queued this up for next monday
<rbasak> ballock: and in time you can become an Ubuntu developer yourself.
<jamespage> hallyn, thanks muchly
<jamespage> do you need a bug report to go with that?
<SirT> im trying to run sudo /etc/init.d/networking restart command, however i get an error saying couldnt read interfaces file
<SirT> anyone have any ideas?
<rbasak> SirT: the installer creates /etc/network/interfaces for you. Perhaps you've lost or renamed this file? Try restoring it from backup.
<rbasak> Or see the interfaces man page to recreate one from scratch. It's not very complicated.
<ballock> rbasak: thanks, I'll copy the stuff to a blueprint... there's some naming convention for that, right?
<ballock> And again, should this be the server, foundations or... community?
<rbasak> ballock: there is. But I'm not sure what to do here, especially as we've just had UDS.
<hallyn> jamespage: I'll need it for SRU of course.  I can submit one myself, but having it come from someoen else should be helpful
<rbasak> ballock: perhaps start with a wiki page proposal? The blueprint is really for when it's ready for UDS - you can start the discussion and specification first.
<psivaa> hallyn: lxc smoke test for saucy appears to have some hanging issue, http://pastebin.ubuntu.com/5686913/
<ballock> rbasak: well, I can create a blueprint and get other things done
<hallyn> smb: bug 1180281 sounds like your cup of tea
<uvirtbot> Launchpad bug 1180281 in libvirt "âUnable to connect to libvirtâ when using xl toolstack with Xen 4.2.1" [Medium,Confirmed] https://launchpad.net/bugs/1180281
<psivaa> hallyn: the vm is in aldebaran now if you'd like to investigate
<hallyn> psivaa: virbr0 is not related to lxc0...  it sounds like your host is a bit hosed
<rbasak> ballock: I don't think there's any need for a formal process until you're ready to get the details agreed on in a session. It's fine just to use wiki.ubuntu.com and mailing list discussions until then.
<hallyn> psivaa: is the 'lxc-list' output from the host, or the utah vm guest?
<psivaa> hallyn: it's from the utah vm host
<rbasak> ballock: until then, the main thing to do is to work towards a solid proposal, and then provided that there aren't any objections you should be set to go at the next UDS.
<hallyn> psivaa: none of the test code actually runs on the vm host right?
<hallyn> psivaa: it sounds like /bin/init's rootfs was deleted...
<hallyn> (not necessarily /, but /proc/1/root)
<psivaa> hallyn: the lxc test code is only run in the vm host installed by utah
<SirT> rabsak: Thanks for the reply
<hallyn> psivaa: oh.  ok, i call that the vm guest
<psivaa> hallyn: ok :), so the test code actually runs in the vm guest which is saucy and not in vm host which is a precise installation
<hallyn> psivaa: phew :)
<psivaa> hallyn: :)
<jamespage> hallyn, I asked the reported to raise a bug
<jamespage> reporter that is
<hallyn> jamespage: thanks
<hallyn> psivaa: that vm really seems hung
<hallyn> i'm goign to try simple testcases on fresh saucy box
<psivaa> hallyn: ack, thanks
<hallyn> psivaa: oooh.  i see.  the messages you saw in dmesg are innocuous
<hallyn> psivaa: upstart on the host is getting net-device-up messages for the network interfaces in the containers.  Tries to deal with them, but /sys/class/net/$nic does not exist on the host.  so it logs and ignores
<hallyn> psivaa: As I said the utah guest seems to have completely hung for me - I'm not sure if that's a connection issue, an issue on aldebaran itself, a qemu issue, or what.
<psivaa> hallyn: ohh ok, i was able to ssh to it though, i have the lxc test output now
<hallyn> oh, the vm went away.
<hallyn> ok
<hallyn> psivaa: and did the tests fail?
<psivaa> hallyn: yea the jenkins job collected the jobs destroyed the vm and one of the tests fail
<hallyn> psivaa: one of the tests failed bc i killed it i think
<SirT> trrying to run active directory membership, it keeps telling my password is incorect - do i need to set this somewhere?
<psivaa> hallyn: http://pastebin.ubuntu.com/5687029/ is the failure , not sure if that's related to the killing
<SirT> this is for domainjoin-gui
<hallyn> psivaa:     /usr/share/lxc/templates/lxc-ubuntu: line 257: 23822 Terminated              flock -x 200
<hallyn> psivaa: ^ yeah that was me :)
<psivaa> hallyn: ack :)
<TheLordOfTime> Daviey:  server team meeting still on for today?
<Daviey> TheLordOfTime: sure is!
<TheLordOfTime> what time is it at again?
 * TheLordOfTime needs to balance his time before the meeting so he can go vote :/
<Daviey> TheLordOfTime: in 1hr50 mins
<TheLordOfTime> eesh that means i need to get to the voting place now... o.O
<TheLordOfTime> Daviey:  any action items or points of interest I should read up on before the meeting?
<Daviey> TheLordOfTime: we are quite early in the dev cycle, so nothing too juciy
<Daviey> TheLordOfTime: but, https://wiki.ubuntu.com/ServerTeam/Meeting
<TheLordOfTime> Daviey:  mind if i steal some time during open discussion RE including nginx as an option on either tasksel or some screen within the installer, or would that be better suited for another team's meeting?  (per https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1177919/comments/3)
<uvirtbot> Launchpad bug 1177919 in nginx "Merge nginx 1.4.1-1 (universe) from Debian unstable (main)" [Wishlist,Fix released]
<TheLordOfTime> (btw thanks for handling that merge!)
<TheLordOfTime> (assuming it was you)
<TheLordOfTime> s/handling/sponsoring/
<Daviey> TheLordOfTime: yes, it was me.  And sure, that is a good spot.
<TheLordOfTime> okay, i've got a mental list of pros and cons
<TheLordOfTime> a few big cons too
<TheLordOfTime> Daviey:  it's in #ubuntu-meeting, right?
<Daviey> TheLordOfTime: yes
<zul> yolanda:  https://code.launchpad.net/~zulcss/ceilometer/ceilometer-pbr/+merge/164907
<samba35>  Sub-process /usr/bin/dpkg returned an error code (1) how do i fix this problem when i try to download package
<TheLordOfTime> samba35:  we need more than just the "subprocess returned an error" output, it's likely explained a little earlier in the output...
<yolanda> zul, i see python-testtools is added as depends but not listed in changelog?
<zul> yolanda:  doh ill add that
<samba35> dpkg: error processing openvas-server (--configure):
<samba35>  subprocess installed post-installation script returned error exit status 10
<samba35> Errors were encountered while processing:
<samba35>  openvas-server
<samba35> E: Sub-process /usr/bin/dpkg returned an error code (1)
<zul> yolanda:  fixed
<samba35> i think there is temp files with openvas server how do i clean up dpkg temp
<zul> jamespage:  ping around?
<jamespage> zul, ping yes
<zul> jamespage:  https://code.launchpad.net/~zulcss/horizon/horizon-pbr/+merge/164914
<zul> jamespage:  crap
<Daviey> zul: horizon would really benefit from a dep-8 test IMO :)
<zul> im sure it would
<Daviey> One that shows that GET / returns 200 :)
<Daviey> (under apache / mod_wsgi, not just djanog dev server)
<zul> Daviey:  that ould be my next commit i just want to get the builds going again
<Daviey> yeah
<SirT> can anyone here help me with likewise AD settings?
<Rallias> Is there any way I can force br1 to wait until lxc container vpn is booted and running?
<zul> yolanda/jamespage: https://code.launchpad.net/~zulcss/python-swiftclient/fbtfs-testr/+merge/164927
<Daviey> yolanda: zul wants to add dep8 tests to swiftclient, and i suspect is asking for some assistance.  Specifically a --help test.
<Daviey> Right zul ? :)
<TheLordOfTime> Daviey:  i might be late to the meeting, since now is the first chance I can get to vote...
<TheLordOfTime> :/
<zul> Daviey:  actually i just want to get them building again
<Daviey> TheLordOfTime: don't worry, AOB happens right at the end
<Daviey> adam_g: Are you chairing ?
<yolanda> zul, i have some tests to use as sample that use a "--help" to test the client, do you want to see them?
<zul> TheLordOfTime:  well which is more important voting or the ubuntu server meeting ;)
<zul> yolanda: yes please
<Daviey> zul: turn your pep8 upside down into a dep8.
<zul> Daviey:  that really messes with my dyslexia
<Daviey> yolanda: ooo, something generic ?  Can i see?
<yolanda> Daviey, i just wrote some for tgtadmin: https://code.launchpad.net/~yolanda.robla/ubuntu/saucy/tgt/dep-8-tests
<TheLordOfTime> zul:  voting, my dad's in the election for judge :P
<Daviey> yolanda: is the exit code not safe enough?
<yolanda> Daviey, what do you mean? maybe i add an exit 0?
<Daviey> yolanda: sorry, I mean.. something like, http://pb.daviey.com/Wwew/som
<yolanda> Internal Server Error!
<Daviey> erk
<Daviey> yolanda: try again?
<Daviey> oh
<Daviey> bad paste
<yolanda> i've tried lots of times
<Daviey> http://pb.daviey.com/Wwew/
<yolanda> :)
<Daviey> Who needs 404, when 500 will do.
<Nafallo> 418
<yolanda> this  looks better than my solution :)
<Daviey> yolanda: I don't know.. see what smoser thinks
<Daviey> he'll probably want to use traps
<Daviey> :)
<smoser> i like traps
<yolanda> Daviey, if the client fails for a failing depends for example,as we had with ceilometer and stevedore, your solution will work?
<yolanda> (we can try it anyway)
<Daviey> I'd have thought so..
<Daviey> yolanda: not saying exit code necessarily is better.. but it certainly feels more generic and chance of false positive is lower.
<yolanda> Daviey, yes, i agree with you
<zul> jamespage/yolanda: https://code.launchpad.net/~zulcss/quantum/quantum-pbr/+merge/164941
<yolanda> zul, what are these <<TREE and >>MERGE-SOURCE in changelog diff?
<zul> yolanda:  bad merges...quantum?
<yolanda> zul, yes, in quantum merge :https://code.launchpad.net/~zulcss/quantum/quantum-pbr/+merge/164941
<zul> yolanda:  its targeted at the wrong branch *sigh*
<zul> yolanda:  https://code.launchpad.net/~zulcss/quantum/quantum-pbr/+merge/164942
<yolanda> that one looks better :)
<psivaa> hallyn: there is another VM in aldebaran that's hung on lxc test
<hallyn> psivaa: pls mark the bug confirmed, and leave the vm up.  i'll take a look thsi afternoon.
<hallyn> psivaa: i suspect a kernelbug, but nto sure yet
<psivaa> hallyn: ok, will do. thanks
<TheLordOfTime> rbasak:  as an FYI, on the nginx issue: http://people.canonical.com/~ubuntu-security/cve/pkg/nginx.html
<TheLordOfTime> it's got a few CVEs that are eithier (a) being ignored upstream, or (b) have been idle upstream (debian upstream, or nginx upstream) for a while
<TheLordOfTime> http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4968.html  <-- that one's probably being ignored
<uvirtbot> TheLordOfTime: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968)
<TheLordOfTime> http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2070.html was fixed in saucy, but i have yet to dig for a fix
<uvirtbot> TheLordOfTime: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070)
<sarnold> TheLordOfTime: the patch for CVE-2013-2070 looks to be the 'patch.2013.proxy.txt' here: http://www.openwall.com/lists/oss-security/2013/05/13/3
<uvirtbot> sarnold: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070)
<sarnold> dear uvirtbot: please rate-limit your lookups. thanks.
<TheLordOfTime> sarnold:  forgive me if i go digging in upstream instead for the patch
<TheLordOfTime> sarnold:  i don't know if the patch you listed on that mailing list was an upstream patch or not
<sarnold> TheLordOfTime: nginx.org isn't upstream enough? :)
 * TheLordOfTime missed that
<TheLordOfTime> sarnold:  balancing thirty things at once
 * sarnold throws in a few chainsaws for fun
<sarnold> TheLordOfTime: I'll update our UCT, thanks :)
 * TheLordOfTime shoots the chainsaws with phasers
<TheLordOfTime> sarnold:  remind me what UCT is again?
<zul> yolanda/jamespage: https://code.launchpad.net/~zulcss/keystone/havana-refresh/+merge/164954
<sarnold> TheLordOfTime: the database used to generate http://people.canonical.com/~ubuntu-security/cve/   -- and of course, mdeslaur beat me to it. hehe. :)
<TheLordOfTime> sarnold:  yeah i pinged -hardened about it already :p
<TheLordOfTime> but that one "being ignored" bug I don't have upstream confirmation on an ignore
<TheLordOfTime> so you can't mark it as "ignored"
<sarnold> TheLordOfTime: 20 months without movement is close enough.. :)
<TheLordOfTime> :P
<sarnold> TheLordOfTime: we may wish to distro-patch that. have you tested that patch in your ppa?
<sarnold> TheLordOfTime: .. or perhaps debian may wish to carry it..?
<TheLordOfTime> sarnold:  which patch for which?
<sarnold> TheLordOfTime: to add ssl certificate validation on proxy
<TheLordOfTime> sarnold:  i'll check later, in the mean time i'm busy focusing on creating an LP bug for 2013-2070 so i can track fixing as I prep debdiffs for currently supported releases.
 * TheLordOfTime doesn't like bzr for some reason
<sarnold> TheLordOfTime: thanks
<TheLordOfTime> sarnold:  and the PPAs are based off of Debian, so unless Debian adopts it the fix is existent in the nginx ppas
<TheLordOfTime> s/existent/not existent/
<jcastro> ballock: heya, maybe you should start sitting in on our meetings?
<jcastro> I was thinking we could start bringing your issues to light
<rbasak> TheLordOfTime: thanks
<schnitzel-> hi. i need a raid0 geek....
<schnitzel-> its about software raids in general (yes i red the stuff in the internetz) and whether they are bootable. performance also interests me.
<blkperl> schnitzel-: ask your question, and someone may know the answer
<schnitzel-> i dont have a particular question...i mean....my problem is kinda weird. ;)
<schnitzel-> i have some asus zenbook. ux51vz if you want to google.
<blkperl> what are you tryin to accomplish?
<schnitzel-> the raid controler is blocked by asus, you cant access it. but i am fucking sick of wondoze. want back to ubuntu.
<schnitzel-> is it possible to make a software raid which can dualboot win8 and soem ubuntu
<schnitzel-> what are the disadvanteages.
<schnitzel-> does it make sense to break the raid0.
<schnitzel-> etc..
<schnitzel-> can i maybe even partition the raid0/format the drives without breaking it?
<blkperl> so you have 2 disks in a raid0 via asus's hardware raid
<schnitzel-> 2 ssds
<schnitzel-> yes
<schnitzel-> raid0
<blkperl> do you want ubuntu on one ssd and win8 on the other?
<schnitzel-> 2x128gb ssd asus hardware raid (raid controller some intel shit - intel mobile express chipset raid controller)
<schnitzel-> no. that would be easy
<schnitzel-> i want 1 big ssd - better performance as far as i red
<schnitzel-> then split it into 3 drives. linux/win8/ntfs files....
<schnitzel-> +swap ofc
<blkperl> ok. well you can't software raid and expect win8 to be able to understand it
<schnitzel-> thats what i thought. :(
<schnitzel-> so a software raid is more a "fake" raid for linux only...
<schnitzel-> what would you do....i mean...nobody need swrite speed of 2 raid0 ssds. so i am thinking of breaking the raid0. but i am not sure since i cant rebuild it. what is asus thinking by disabling access to the raid controller? stupid.
<schnitzel-> and 128gb each os would be nice....but i am not fully convinced yet
<zul> adam_g:  https://code.launchpad.net/~zulcss/keystone/havana-refresh
<sarnold> schnitzel-: it might be a rubbish controller..
<schnitzel-> sarnold what do you want to say?! :p break the raid and use the two ssds as seperate drives?
<blkperl> schnitzel-: I think I would do each OS on one disk, but that implies having access to make a raid0 of one disk (and it sounds like you don't have access to the hardware controller)
<schnitzel-> blkperl why do i need a raid0 if i want to make 1 os each disk?
<blkperl> because the hardware raid controller is presenting one "device" with two disks at the moment right?
<sarnold> schnitzel-: you could do something a bit .. cumbersome: make three partitions on each drive. sda0 gets win8 boot, sdb0 gets linux boot. sda1 and sdb1 get raided together for windows data. sda2 and sdb2 get raided together for linux data.
<schnitzel-> blkperl yes.
<blkperl> schnitzel-: you may be able to dual boot that then, if linux plays nice with the hardware controller
<schnitzel-> blkperl but i *think* i can kill it with gparted. i would just format every drive..
<blkperl> you can't disable a hardware raid with software, you have to do it in the bios/raid controller
<schnitzel-> sarnold this would be a waste of space :D  i usually have my files on 1 ntfs drive. we are talking about some movies, few mp3s documnts...stuff like this. access from win and linux would be nice...you get the point. ;)
<schnitzel-> blkperl  now we are talking! :D thats good to know...i have red some forums. problem is that there are very few "geeks". some have managed to install 1 os on each drive. but same person says, that the acess to the raid controller is disabled.
<schnitzel-> i wonder what he did.... :(
<blkperl> you should *backup* all your data to an external device and try to install a dual boot configuration
<schnitzel-> ahh. befor i forget i can acess in bios: disable the raid. make it ahci
<schnitzel-> thats all i can do. i think this implies that i *cant* rebuild the raid0. at least everybody says that (who tried it...)
<schnitzel-> blkperl yes...i am thinking about trying exactly this. but i wanted to discuss the option with the software raid. but as you told me...it wont work with win
<schnitzel-> which is sad.
<blkperl> well raid0 is no redundancy so it doesn't make sense to rebuild one
<blkperl> if a disk dies in a raid0, all of your data is gone
<schnitzel-> what you mean with that?
<schnitzel-> well sure
<blkperl> so there is no "rebuilding" process
<schnitzel-> ofc. what i mean with "rebuild" is: make 1 big drive again. ;)
<schnitzel-> if i dont like 128gb ssd each OS.
<blkperl> you should be able to recreate the raid0 as long as you have access to the raid controller, it will destroy your data though
<schnitzel-> i have never had a raid controller. what exactly does "access" mean. are the options in the bios. where to config it, etc..
<schnitzel-> can yu give me an idea what i am looking for?
<blkperl> there should be a key combination during the boot process, like press "crt-c" to access raid controller
<sarnold> schnitzel-: often the raid controller will have its own bootsplash screen for a second after the main bios splash screen
<schnitzel-> everything is locked down. i just have "asus" then soon the windows logo.
<blkperl> can you access the bios?
<sarnold> if you hit 'esc' wihle booting can you get psat the pretty graphics screen and return to good old fashioned bios boot screen? :)
<schnitzel-> i can access the bios.
<schnitzel-> Sargun no ;P
<user01> hey. i am schnitzel. gonna restart the other machine.
<schnitzel-> ..
<user01> well. i hit enter. and enter the setup.
<user01> i access the tab "advanced"
<user01> there i can see "sata configuration
<user01> "sata mode selection" --> RAID. i can change that to AHCI and IDE
<schnitzel-> back
<user01> so any ideas what this means?
<blkperl> nope
<adam_g> roaksoax, https://blueprints.launchpad.net/ubuntu/+spec/servercloud-s-openstack-charms
<user01> k. thanks anyways. ima try some more stuf :)
<adam_g> roaksoax, all but nova-cloud-controller are pretty small charms and low hanging fruit.
<resno> ok, im trying to setup a new server. i was given an ip. and i cant get it to respond.
<resno> neither can i ping out
<resno> i have edited the interfaces but i'm not sure what is wrong
<adam_g> roaksoax, i'd prefer any new charm work that happens this cycle does so with a dependency on lp:charm-helpers, so we are pulling helper code from there instead of copying it around ourselves like we have been
<roaksoax> adam_g: ok cool. I'l;l pick one and start working on it
<Guest51469> Hey, I'm new to ubuntu and currently downloading the server (12.04.2 LTS) How can I also install the GUI? I want to learn Apache server, MySQL and MySQL workbench...
<Shogoot> Any chmod chown guru taht can help me troubleshoot? I got this /var/html/www location for a simple website, but i cant get it to work proper. And my educated guess is that is a permission issue
<Shogoot> Forbidden You don't have permission to access /smn.php on this server. Apache/2.2.22 (Ubuntu) Server at 192.168.1.166 Port 80
<resno> yes, permission error
<resno> do ls -ll in that folder
<Shogoot> total 0
<Shogoot> sorry
<Shogoot> let me se
<resno> ehm
<resno> should see xrw--- etc
<Shogoot> -rwxr-xr-x 1 smn  smn         33 Apr  8 19:47 smn.php
<resno> ah
<resno> chown www-data:www-data or root
<Shogoot> but i have to do taht for the whole www directory, dnt i?
<Shogoot> I changed permision to -rwxr-xr-x 1 www-data www-data    33 Apr  8 19:47 smn.php
<Shogoot>   but i still get same error
<sarnold> Shogoot: how about the directories that contain smn.php and the directories above it?
<Daviey> rbasak: seen bug 1182613
<uvirtbot> Launchpad bug 1182613 in puppet "puppet completely broken on saucy" [Undecided,New] https://launchpad.net/bugs/1182613
<Shogoot> sarnold, the parent director  looks lke this drwxr-xr-x  7 www-data www-data 4096 Apr 28 23:01 www
<sarnold> Shogoot: aha. check /var/log/audit/audit.log or /var/log/syslog to see if you have AppArmor DENIED messages.
<Shogoot> sarnold, http://paste.ubuntu.com/5688065/
<Shogoot> .
<RoyK> ;
<adam_g> Daviey, you still around? i've got some rebuilt proposed packages for UCA that need to go in, but there are also security updates that need to get out to -updates.
<adam_g> jamespage, http://people.canonical.com/~agandelman/ca/folsom/2012.2.4_rebase/  + http://people.canonical.com/~agandelman/ca/grizzly/2013.1.1_rebase/  . these will UCA proposed's with ubuntu proposed
<adam_g> zul, Daviey ^
<zul> adam_g: need me to +1?
<adam_g> zul, at some point but we actually need to push something thru the pockets before those can go in
<zul> adam_g: *sigh* ok cool
<Daviey> adam_g: ho
<Daviey> adam_g: can you outline what needs doing, and i'll take a look in the morning.
<Shogoot> sarnold, http://paste.ubuntu.com/5688065/
<sarnold> Shogoot: ah. that might need fixing, but will be unrelated to your apache problems. :)
<Shogoot> sarnold, im kinda lost anyway
<Shogoot> any clues ? :)*
<sarnold> Shogoot: do you have any more-specific logs in /var/log/apache* that might indicate why permission was denied?
<Shogoot> from apache2/error.log   http://paste.ubuntu.com/5688342/
<sarnold> Shogoot: nice, that's probably concrete enough to eventually fix it.
<Shogoot> seems chineese
<sarnold> Shogoot: look through your apache configuration, try to find what might block your hosts from accessing the directory or virtual host or whatever...
<jcastro> roaksoax: yeah! I see celery is done?
<roaksoax> jcastro: yeah so just wait 7 days for it to be accepted in -updates
<jcastro> is the wait serial?
<jcastro> so like 7 for celery, then another 7 for maas?
<roaksoax> jcastro: nope
<roaksoax> jcastro: once something is mark verification-done you just wait 7 days to get accepted into -updates, though that obviously depends on whomever processes the queue
<jcastro> ack
<Shogoot> sarnold, i dont see shit in there :)
<sarnold> Shogoot: darn :/  the first thing that comes to mind would be something like allow, deny directives.
<Shogoot> seems a perfectly fine apache2.conf
<Shogoot> sarnold, what if www-data:www-data should be root instead, or www-data has not the correct permissions
<Shogoot> ?
<sarnold> Shogoot: www-data ought to work. (I disklike it, but that's a rant for another day.)
<sarnold> Shogoot: the webserver is probably running as www-data, right?
<Shogoot> no idea
<Shogoot> how to check?
<sarnold> Shogoot: ps auxw | grep -e http -e apache
<Shogoot> sarnold, http://paste.ubuntu.com/5688391/
<sarnold> Shogoot: first column, www-data
<Shogoot> this does not say me anything
<sarnold> Shogoot: the first oclumn in that output is the username of the process; all your apache workers are running as www-data
<Shogoot> sarnold, what about this one then? root      1484  0.0  1.0 399304 22432 ?        Ss   00:11   0:03 /usr/sbin/apache2 -k start
<sarnold> Shogoot: that process starts and stops the workers as load goes up and down
<Shogoot> and on line 10 theres anotehrone with root
<Shogoot> ah ok
<sarnold> iirc, line ten was your grep command
<Shogoot> ah i se that now
<Shogoot> i just want my little page to display :_/
<qhartman> I am trying to get a Cisco ASA to do dynamic DNS updates to bind9 server running on Ubuntu 12.04. Everything seems to be working correctly on the DNS server, but the dynamic updates are failing.
<qhartman> When I run named with -d 4 I get this output: https://gist.github.com/anonymous/5623356
<Shogoot> sarnold, when i use http://www.cthulhuisevil.net/smn.php i get another error thoguh..  "Not Found The requested URL /smn.php was not found on this server."
<qhartman> that's what I see when the ASA requests a DNS update. Any thoughts?
<Shogoot> sarnold, never mind i forgot to omitt the "www."
<qhartman> I've set this sort of thing up in the past using ISC DHCP and it's more or less "just worked". It's unclear to me if the problem is with the bind config, or the ASA config
<Monotoko> can anyone here help with BIND? I've just got a new freelance job and it's confusing me to hell :(
<qhartman> Monotoko, I can probably help with some of it, but I'm currently struggling with getting synamic updates to work myself
<qhartman> s/synamic/dynamic/
<qhartman> But I'll ask for a cut....
<qhartman> :D
<Monotoko> we have a script that's putting zone files in automatically: this one goes to the domain (but won't resolve via dig?) http://pastebin.com/wrJ89HDc
<Monotoko> this one isn't doing anything even though it's the same, it's just failing instantly... http://pastebin.com/nAZqaUji
<Monotoko> I don't understand what's happening... but I'm guessing they need rewriting
<qhartman> I assume you're bouncing the bind process after placing those files?
<Monotoko> yeah, it's been bounced and I've turned the server off and on again... :)
<qhartman> heh
<qhartman> what about the serial number, is that incrementing correctly?
<sarnold> Monotoko: do you get any error messages in the logs?
<Monotoko> sarnold, if I could find the log on this damn server I'd look... two secs
<qhartman> you probably want to look in /var/log/syslog
<qhartman> fwiw, I just tried to look up the used guitars one and it worked fine
<qhartman> so did copydoodle
<Monotoko> interesting...
<Monotoko> May 21 21:47:54 ip-10-195-98-37 named[9331]: client 75.151.85.53#40660: query (cache) 'copydoodle.co.u/A/IN' denied
<qhartman> yeah, that's me
<qhartman> but I got a response
<Monotoko> so why's the server saying you were denied? Something's not going right here...
<Monotoko> sorry this wasn't part of the original job desc... my client just asked if I'd have a look because his previous programmers were *his words I'm not allowed to say here*
<qhartman> http://forums.cpanel.net/f5/why-named-logging-query-cache-denied-var-log-messages-170302.html
<qhartman> oh wait
<qhartman> that denied was a typo on my part
<qhartman> notice the ".co.u" , "not ".co.uk"
<Monotoko> ahhh, so do you get a response through dig too?
<sarnold> heh, I figured that was just limiting the length of logging..
<qhartman> that's why you would be getting the denied message
<qhartman> yeah
<qhartman> onymous/5623581
<qhartman> https://gist.github.com/anonymous/5623581
<Monotoko> interesting, might just be the network I'm behind then... is there anything I can do to improve this setup, or should I just leave it as it is?
<qhartman> it seems ok from here
<Monotoko> brilliant, il report that back to the client - thanks :)
<sarnold> 0 msec? wow.
<sarnold> oh, local cache?
<qhartman> yes
<qhartman> my first query took 2196 msec
<sarnold> that's more like it :)
<sarnold> well, slow, but still.
<qhartman> now, since we've gotten the bind user's attention, anyone manage to get dynmaic DNS updating from a CISCO ASA to talk to bind?
<sarnold> for a moment I wondered if you two happened to share a datacenter with bonkers internal networking :)
<qhartman> heh
<qhartman> I've gotten the devices to talk to each other, and queries of manual entries work fine, but the dynamic updates from the ASA fail, with no explanation I can find on either side
<Monotoko> heh, this is on Amazon!
<Monotoko> AWS - it should be good damnit -.-
<qhartman> I'm on the verge of giving up on the ASA DHCP server and spinning up ISC on another box
 * Monotoko bangs head against wall
<Monotoko> "It's not just you! http://usedguitarreviews.com looks down from here."
<qhartman> oh
<qhartman> I bet it's not a DNS thing
<qhartman> I bet it's vhost
<qhartman> you are redirecting usedguitar... to www.usedguitar... and there's no DNS entry for www
<qhartman> but you do have a wildcard in there, so it should catch it
<qhartman> check your webserver, that's probably the probleem
<Monotoko> hmmm
<qhartman> yeah, the wildcard isn't catching the www
<qhartman> I can get the apex, but not www
<Monotoko> ... why isn't the wildcard catching www? >.<
<qhartman> It is catching it for copydoodle, which seems odd.
<Monotoko> exactly... it's baffling me
<qhartman> Is the wildcard a new entry for guitars?
<qhartman> in the interim, I'd put in a www entry and see what happens
<qhartman> and/or make the webserver answer on the apex rather than redirecting, if that's an option
<qhartman> that way you can get the site up and fight with this at your leisure
<qhartman> and remember to increment the serial, if you're not using a tool that does it automatically
<Monotoko> hmmm alright, could it be propagation? I'm not sure when my bosses client actually moved this one
<qhartman> possible, but if it's a new entry
<qhartman> that shouldn't be an issue, it should be a cache miss, and queries should get directed to the authoritative server
<qhartman> yeah, if I query your server directly, I get an answer for www
<qhartman> but my usual server doesn't know who it is
<Monotoko> ahh... so if I add "www IN A 174.129.247.93" to it, it should be fine?
<qhartman> so it likely is a propagation issue
<Monotoko> ahh brilliant
<Monotoko> il check it tomorrow I guess
<qhartman> alright, I'm AFK for a bit...
<Monotoko> cheers pal
<sarnold> good luck qhartman :)
<adam_g> roaksoax, where in maas can i configure the apt server to use, or disable ?
<roaksoax> adam_g: if you are using raring on the webui under settings
<adam_g> roaksoax, quantal
<roaksoax> adam_g: in one of the preseeds: /usr/share/maas/preseeds/generic
<adam_g> roaksoax, thanks
<Daviey> adam_g: if you find yourself bored.. fancy adding href's to the c-a versions report, under ubuntu column?
<Daviey> adam_g: https://launchpad.net/ubuntu/+source/${package}/${version}
<adam_g> Daviey, at some point soon yea. where is this security-proposed pocket you were talking about?
<adam_g> Daviey, im trying to think of a good way to visualize scenario where: -proposed is > ubuntu but ubuntu's security update really makes it > -proposed
<Daviey> adam_g: Ah, doesn't look like it's quite ready
<adam_g> maybe just split the 'ubuntu' cells into $ubuntu-updates and  $ubuntu-security
<Daviey> adam_g: We can make the staging PPA always empty, so if ${pacage} is *in* staging it's always higher, irrelevant of version number?
<Daviey> Hmm
<Daviey> that is a good idea.. you can verify if secuirty.ubuntu.com >= archive.ubuntu.com (-updates), then we need to care.
<Daviey> adam_g: Separately, we need a Havana report soon.
<adam_g> Daviey, well currently we use the staging PPA as the definitive list of what is in the rest of the pockets.  are you saying flushing packegs from that PPA or just not including them in report?
<Daviey> adam_g: if there is a security-staging PPA, that can be flushed to only keep inflight packages
<Daviey> Not saying that is the best way.. just a suggestion
<adam_g> Daviey, as soon as https://launchpad.net/~ubuntu-cloud-archive/+archive/havana-staging gets populated we can start reporting
<sarnold> Daviey: https://launchpad.net/~ubuntu-security/+archive/ubuntu-security-staging
<Daviey> adam_g: We probably need to seed that with the contents of grizzly?
<Daviey> sarnold: This is the cloud archive, ubuntu-cloud.archive.canonical.com .. not primary archives
<sarnold> Daviey: ah :)
<Daviey> sarnold: At the moment, we are trying to see how we can make our reports easier to track
<adam_g> Daviey, thats how i think we did it last time. synced essex  staging -> folsom staging, tracked against quantal and relevant bits of the report go red. then update accordingly
<Daviey> adam_g: done
<adam_g> Daviey, thanks
<Daviey> adam_g: I'll sync this up to -proposed and -updates aswell?
<adam_g> Daviey, yeah.. waiting for the PPA to publish those
#ubuntu-server 2013-05-22
<_PehdeN_> Party in #moshpit everyone is op!
<Neozonz> hello
<Neozonz> I've used ufw allow 10336
<Neozonz> but when i do a port scan on my server it doesnt allow it
<jamespage> adam_g, https://code.launchpad.net/~james-page/charms/precise/nova-cloud-controller/grizzly-upgrade/+merge/165032
<jamespage> glance looks OK
<jamespage> adam_g, and https://code.launchpad.net/~james-page/charms/precise/nova-compute/grizzly-upgrade/+merge/165033
<Phoenixxl> Do any of you have experience installing MOM ?
<Phoenixxl> I have 2 guests that do things that have low cpu requirements , and do fine with 192 mb ram .. but one of them needs to inflate to about 512 for an hour every day .. If there's other options than mom i'm open to suggestions .
<Phoenixxl> it's not on a regular basis and it's automated.. so a cron job is not possible
<Enich> I am currently using apt-cacher-ng to in a project.  I was wondering if anyone could tell me the pros and cons regarding using bindaddress: 0.0.0.0(listen on all interfaces, as far as i understand) compared to defining the server ip address.    I can imagene that it is best practice to set the specific interface address and not using 0.0.0.0, but i was wondering if someone could give me some hints why :)
<Phoenixxl> @enich , mainly security and management reasons.
<jamespage> Enich, I'd only set a specific interface if the server has multiple external network interfaces and you want to restrict where it can be accessed from
<Phoenixxl> your firewall might give out while you mess with it
<Phoenixxl> in that case the port used would be open to the outside world
<Phoenixxl> also when setting up rules in your firewall it's easier to have a specific nic the thing is bound on
<jamespage> Enich, fyi squid-deb-proxy covered most of apt-cacher-ng plus is has nice features such as supporting proxy peering/chaining
<Phoenixxl> I personally have some servers that are running on my lan nic so i can limit traffic , ie transmission .
<Enich> jamespage, that is actually a great piece of info, regarding squid-deb-proxy..     where does it fall short ?   (you write it covers most)
<jamespage> Enich, I see one awkward features
<Enich> jamespage, im not sure what you mean?
<jamespage> apt-cacher-ng maps all *.archive.ubuntu.com requests to the same locally cached files
<Enich> Phoenixxl, thanks for the info
<jamespage> Enich, so you need to ensure that all clients are using exactly the same mirror
<jamespage> with squid-deb-proxy
<Ng> if everything in the world could stop being named foo-ng, that would be great :D
<jamespage> Enich, I'm tempted to trust the scalability of squid more than I am apt-cacher-ng as well :-)
 * rbasak has called on project foo-nih, because foo-ng already existed
<Ng> rbasak: since -nih doesn't make irssi highlight me, I am ok with that ;)
<Enich> i will take a look, though i think apt-cacher-ng is my solution, i am doing a fully automated setup with several servers etc, and i have a part of my script,which checks for the existence of the  apt-cacher.. if people want to reinstall the environemnt.   (im sorry if taht makes not sense.. im a bit off atm)
<jamespage> Enich, you can restrict access to squid-deb-proxy using ACL's as well - it defaults to all private network ranges
<Enich> jamespage, scalability is not a issue, i am doing a project where bandwidth preservation is highly important, though only about 10 servers are spun up via kickstarter files and so on.
<jamespage> Enich, ok - well you know about the alternative if you hit issues with apt-cacher-ng :-)
<jamespage> fwiw I used to use apt-cacher-ng but switched to squid-deb-proxy
<jamespage> specifically for the peering features
<jamespage> and for the avahi enabled client (squid-deb-proxy advertises its services)
<Enich> yeah, that is really good to know.  There is currrently only 1 interface in the vm running the apt-cacher and the ip addresses will be the same for each install (its a learning environment that people can run on there own machine)
<Enich> by peering features, what do you mean?  having several mirrored squid proxies etc ?
<Enich> when i look in the manpages for hostname, it says that SET NAME defines the hostname but it isnt persistant and will revert after a reboot, (edit /etc/hostname for permanent change)    is there a command line to make it pemanent, like hostnamectl set-hostname myhostname   on archlinux
<rbasak> Enich: this is an Ubuntu channel. On Ubuntu, you can edit /etc/hostname to make it persistent. But you should check if there's an Arch support channel so that you can ask how to do it on Arch.
<jamespage> adam_g, http://pad.ubuntu.com/openstack-series-upgrade-testing
<jamespage> roaksoax, ^^
<jamespage> roaksoax, promulgated hacluster charm - should appear in the store soon
<diegonat> hi guys, Ive got an instance on AWS but although I open the port 53, it is still filtered. Why? Anybody can help me?
<mardraum> how did you open it?
<diegonat> I went to the consolde
<diegonat> and in security group
<diegonat> I added port 53 udp
<diegonat> source 0.0.0.0/0
<diegonat> mardraum is there any other way?
<patdk-lap> you did add it to the security group assigned to that instance?
<diegonat> yep
<mardraum> dns also really needs tco open for large queries and axfr etc
<mardraum> tcp*
<diegonat> i opened tcp as well
<mardraum> are you sure your daemon is actually listening?
<diegonat> yes
<diegonat> however now ive got a problem that if I leave my ssh session idle for a few minutes, it drops. There is some problem
<patdk-lap> isn't that normal?
<patdk-lap> generally happens with nat
<diegonat> i dont think it is normal
<RoyK> diegonat: turn on ssh keepalives
<diegonat> never happened before
<diegonat> royk demon side ?
<RoyK> clientside
<RoyK> ServerAliveInterval 5 in $HOME/.ssh/config
<RoyK> 5 seconds may be overkill, 60 should do, but then, bandwidth normally isn't an issue
<diegonat> however i dont understand why AWS is filtering my port 53
<diegonat> despite I think it is wierd
<diegonat> ;; global options: +cmd
<diegonat> ;; connection timed out; no servers could be reached
<RoyK> some (like what we do here) don't allow access to external DNS server in case they are hijacked or otherwise if the client is compromised and dns is changed by whoever or whatever compromised it
<RoyK> so use amazon's dns servers
<diegonat> is it free?
<diegonat> bisogna pagare
<diegonat> I should pay, i dont like paying =D
<lotia> Hi All, If I want to run a script at boot on a 10.04 and 12.04 machine, is the best place to do so via an upstart job?
<lotia> Ths script will be a python script.
<lotia> And need only run once.
<mollerup_> lotia, depends if it depends on specific services an init-script should do. else you could make a crontab entry starting with @reboot, see man 5 crontab
<Daviey> rbasak: great to see your application in
<Daviey> .
<rbasak> Thanks
<rbasak> I was hoping for 3 June. I didn't consider that it would be full so soon.
<soren> Which application? Core dev?
<rbasak> soren: well I don't know. Just the server set at the moment: https://lists.ubuntu.com/archives/devel-permissions/2013-May/000487.html
<lotia> mollerup: I was under the impression that @reboot wouldn't run from cold boot
<Daviey> lotia: need only run once?  per boot, or forever?
<lotia> assuming I run it from upstart, non daemon jobs are well supported?
<rbasak> It's actually really easy to write an upstart job that isn't a daemon
<lotia> thanks all
<rbasak> You just need a "start on" line, "task" and a "script" stanza
<rbasak> "start on runlevel [2345]" to do it on boot
<lotia> rbasak: that wouldbe a 'task' in upstart parlance?
<rbasak> Right
<mollerup> lotia: @reboot is once at every start, be beware that it starts as soon as cron starts, which can be an issue if you depend on other services
<Daviey> start on startup, is more readable IMO
<rbasak> That might happen before filesystems are mounted though - potentially too early
<mollerup> Daviey: yeah, I only use it for starting up "services" on my own user, such as irssi in a screen and so forth
<lotia> I like the upstart route.
<Daviey> mollerup: upstart does have per-user stuff now.
<Daviey> mollerup: http://upstart.ubuntu.com/cookbook/#session-job
<Daviey> zul: do we want WI's with a leading *?
<zul> i think so
<mollerup> Daviey: thanks for the info, but my personal servers run FreeBSD :)
<Daviey> mollerup: Ah, there is a discussion about upstart support for GNU/kFreeBSD Debian right now :)
<soren> rbasak: I see. Well, good luck.
<rbasak> Thanks!
<lotia> Daviey: need to do stuff as superuser. So would stick it in /etc/init
<zul> jamespage:  hey can you look at my horizon branch again?
<lotia> So what would be my stopon value for an upstart job that calls a script. That called script will just exit when done.
<rbasak> lotia: if you're using "task", AIUI you don't need any stop conditions defined at all.
<jamespage> zul, url?
<zul> jamespage:  hold on
<zul> https://code.launchpad.net/~zulcss/horizon/horizon-pbr/+merge/164914
<lotia> are tasks available in the upstart version in 10.04?
<lotia> Do software raid devices get started by upstart, or is that done once the box is considered "started"
<jamespage> zul:acked
<zul> jamespage:  thanks
<zul> jamespage/yolanda: https://code.launchpad.net/~zulcss/python-novaclient/pbr-ftbfs/+merge/165123
<jcastro> rbasak: have you replied to the auth thread yet? I'm thinking it should be on -server instead of -devel-discuss
<jcastro> rbasak: or do you think it touches enough packages to be a distro-wide thing?
<jcastro> man, Timo really is all over it though, heh
<MonkeyDust> i'm looking for graphical ISA-like serversoftware for linux - I found smoothwall - any other suggestion?
<tjaalton> :)
<tjaalton> it's a client thing mostly
<tjaalton> whatever the client is
<MonkeyDust> it's not for me, the person in question is a windows administrator in a local school
<yolanda> zul, looks good to me, the only question is why there are 2 different entries in changelog for debian/control
<zul> yolanda: ok ill clean that  up
<yolanda> and python-testtools is duplicated in debian/control?
<tjaalton> MonkeyDust: sorry, it was for jcastro
<jamespage> zul, comments in MP
<zul> ack
<xnox> lotia: depends. those that are needed to mount the root file system are started in the initramfs. generally all of them are started by udev rules.
<zul> jamespage:  fixed
<jacobw> What's the fastest way to Openstack from Ubuntu Server?
<MonkeyDust> is Firestarter still being maintained?
<Pici> I was under the impression that it was not.
<jcastro> jacobw: https://help.ubuntu.com/community/UbuntuCloudInfrastructure
<zul> yolanda:  ping https://code.launchpad.net/~zulcss/python-novaclient/pbr-ftbfs/+merge/165123
<yolanda> zul, the only thing i see is the 2 lines in debian/control
<zul> yolanda:  http://bazaar.launchpad.net/~zulcss/python-novaclient/pbr-ftbfs/revision/70
<sk1pper> hi all, how can I check if there is an active reversed ssh tunnel on my box?
<yolanda> in debian/changelog i mean
<lunaphyte_> sk1pper: something like ps or lsof could be used for that
<zul> yolanda:  huh?
<yolanda> +  * debian/control: Add python-pbr and python-d2to1 as build depends.
<yolanda> 9	+  * debian/control: Add python-testtools and testrepository as build depends.
<sk1pper> lunaphyte_:i used netstat -tan | grep 22 but i don't know if that is enough
<lunaphyte_> sk1pper: to start with, the method you'd use depends on which computer you're checking on
<lunaphyte_> the computer you're sshing from, or the computer you're sshing to?
<sk1pper> lunaphyte_: on the computer behind the FW, meaning on the computer which is NATed
<lunaphyte_> the computer you're sshing from, or the computer you're sshing to?
<sk1pper> the computer i am sshing to
<sk1pper> lunaphyte_: does it make a difference actually? with netstat -tan | grep 22 i can see the established connection, does it make a difference to which computer i am checking?
<lunaphyte_> that tells you nothing about a tunnel.
<lunaphyte_> ssh connection != ssh tunnel
<sk1pper> lunaphyte_: how can I check then?
<lunaphyte_> what is the ssh command you're using?
<sk1pper> lunaphyte_: i am not trying to create one, I want to check if already exists, meaning if someone got access on my box and created an reversed ssh tunnel, how can I check if it's still active?
<lunaphyte_> oh, i see.
<sk1pper> that's why I thought that netstat -tan | grep 22 should show me if there is an active ssh tunnel
<hXm> everytime i use apt-get upgrade it says i should restart, but i wont stop the server
<hXm> can i remove that warning? makes me stress
<lunaphyte_> sk1pper: why would someone create a reverse ssh tunnel on your computer?
<lunaphyte_> meaning that they connected to your computer and then used ssh to create a reverse tunnel to somewhere else?
<sk1pper> lunaphyte_: yes
<lunaphyte_> oh, then just do ps -aefwww | grep -iF ssh
<lunaphyte_> and look to see if any ssh processes exist that don't belong
<lunaphyte_> you'll see -R for any reverse tunnels which have originated from your computer
<sk1pper> lunaphyte_: i cannot see any -R in the output that i get from ps -aefwww | grep -iF ssh
<sk1pper> this mean that there is no reversed ssh tunnel?
<skrite> hey all, i am running software that sends text messages to agriculture customers that update them on their field conditions, but my email server (postfix) only accepts about 1 mail / second. How can i speed that up?
<qhartman> skrite, have you looked at this? http://www.postfix.org/TUNING_README.html
<skrite> qhartman: thanks
<qhartman> sure
<skrite> qhartman: still having trouble with it, adjusted the parameter that was supposed to slow things down, and not really any chnage.
<`brendan> anyone running an hp blade 420c gen8 with ubuntu 12.04 w/ emulex OneConnect 10gb NICs?
<`brendan> having issues getting online with the be2net
<`brendan> just installed 12.04.2
<qhartman> skrite, how do you know that the mail server is only accepting about 1 mail per second? Also, what is the load on the server like? Is it a "real" server, or a low resource embedded system?
<skrite> qhartman: it is a vm, and, according to top and htop, it isn't working all that hard. it seems that the delays get longer if sending to the same destination.
<skrite> writing another test script to be sure
<qhartman> skrite, how is the postfix server configured? Does it pass the messages to a smart host or relay  upstream, or is it delivering the mail directly ? If it's passing it on to another interim mail server, it's entirely possible you're being throttled there, and no config changes in the world will fix it
<skrite> no, i am delivering directly
<skrite> and script shows same delay, actually about 3 seconds between mails out
<skrite> whether to same destination or not (different mail server recipiants)
<qhartman> Kind of an aside, but do you have an SPF record pointing at this machine as a valid sender for your domain?
<qhartman> What happens if you send mail to a local recipient, like root?
<skrite> qhartman: will check
<skrite> qhartman: no, do not think i have an SPF record.
<qhartman> skrite, that may not be related to this problem, but may cause you issues at some point.
<skrite> ok
<qhartman> Also, it would be useful if you would paste log output into a pastebin or gist
<skrite> qhartman: will do, also delay is still there if sending to another user on the localhost
<qhartman> ok, then it's almost certain that you are dealing with a config issue
<qhartman> Is DNS on that box working correctly?
<qhartman> delays like that can be caused by DNS tomeouts
<qhartman> s/tome/time/
<skrite> dns seems ok, can ping different domains and first hit is quick. also, the 3.1 delay on sending these messages out seems very specific.
<skrite> think you are right. config
<adam_g> zul, http://people.canonical.com/~agandelman/ca/grizzly/2013.1.1_rebase/  + http://people.canonical.com/~agandelman/ca/folsom/2012.2.4_rebase/  can you take a look plz?
<zul> adam_g: +1
<adam_g> thanks
<adam_g> zul: ugh https://launchpadlibrarian.net/140473550/buildlog_ubuntu-precise-i386.keystone_2012.2.4-0ubuntu2~cloud0_FAILEDTOBUILD.txt.gz
<zul> adam_g:  interesting! :)
<adam_g> notAfter=May 18 19:41:42 2013 GMT
<adam_g> we apparently are not supposed to run tests after last saturday :P
<Daviey> adam_g: Hmm, i'd like to find the commit where this went in
<adam_g> Daviey, i remember certs expiring in a stable branch in the past, but dont remember if it was keystone
<adam_g> checking now
<Daviey> Ah no.. I vaguely remember commenting on an expiring time.. but it wasn't keystone
<Daviey> adam_g: Fancy landing the fix upstream first, then cutting a fresh snapshot? :)
<adam_g> Daviey, ya. ill make sure the new expiry is +1 hour after our PPA build
<Daviey> adam_g: lol.. clearly the proper fix for this is to change the buildd time in packaging.
<Daviey> for giggles, do it in postinst aswell.
<adam_g> :)
<resno> i dont have the root password for a server, how can i change it? i tried going into single mode, but it required knowing the password
<sarnold> resno: quite often root doesn't even have a password configured
<resno> oh! thats right
<resno> so im sunk to find the username and then reset password aye?
<sarnold> resno: if you boot init=/bin/sh, you'll be presented with a root shell, no password, and no standard services running. _you_ are init. you can fix problems like unknown root passwords :)
<ScottK> resno: You have to upgrade through 10.04 though, you can't go straight to 12.04.
<smoser> http://paste.ubuntu.com/5691513/
<resno> ScottK: but it "should" work?
<ScottK> As long as you go via 10.04, yes.
<smoser> "welcome to Ubuntu 13.04.  You can upgrade to Ubuntu 13.04"
<ScottK> smoser: IIRC there's an outstanding bug/SRU for that.
<kirkland> smoser: I fixed that in saucy, bdmurray was working on the SRU
<smoser> good.
<Jeeves> why does my AD logins on my CLI only servers take so long to auth?
<sarnold> Jeeves: often long delays can be traced to failing / timeout DNS resolving or reverse resolving.
<Jeeves> sarnold, how would one go about tracing that?
<Jeeves> sarnold, I'm sure that ONLY the AD servers are listed in the resolv.conf file
<sarnold> Jeeves: you could throw tcpdump or wireshark on one of the clients, login, and see if DNS entries don't get answered quickly or correctly..
<sarnold> Jeeves: .. and repeat on or near the AD server, to see if the slowdown is on the server trying to resolve the client hostnames
<sarnold> there may be log entries about failing resolving somewhere, too; it never hurts to look to see if the software tells you why something is funny :)
<Jeeves> sarnold, ok, thanks.  I'm going to update the box, hit the gym, then have a look when I get home.  The VPN client from here is too slow to see what's going on.
<sarnold> Jeeves: yikes
<sarnold> Jeeves: good luck :)
<Jeeves> sarnold, thanks.
<Jeeves> sarnold, I'm using likewise-open.
<sarnold> Jeeves: more directly, you could use host or dig or nslookup or ping to try resolving and reverse-resolving the server addresses on the client, and the client addresses on the server. ifthose all go quickly enough, you may need to look elsewhere anyhow..
<Jeeves> lol, holly crap batman, that's FAST!
<Jeeves> good bye all. I'm going the gym to remind me how out of shape I am!
<lunaphyte_> i'm doing a new install of 13.04, and having trouble installing grub.
<lunaphyte_> the installer says "unable to install grub in /dev/sda.  executing grub-install /dev/sda failed."
<lunaphyte_> the loggin console says "usr/sbin/grub-bios-setup: error: embedding is not possible, but this required for raid and lvm install"
<lunaphyte_> i'm using the 13.04 mini iso [64 bit].
<lunaphyte_> i have a gpt partition table, with a 25mb bios_grub partition, and the remainder an lvm partition.  this configuration works with 12.10 [and priot]
<lunaphyte_> oh, hmm.  it seems to be trying to install grub to the usb disk i'm booting/installing from.  hmm.
<lunaphyte_> aha, yes, that was it.
<lunaphyte_> saying no to it's "default" attempt and then explicitely specifiying /dev/sdb seems to have worked.
<adam_g> jamespage, merged a buncha your pending stuff, filed some new ones and added some notes to http://pad.ubuntu.com/openstack-series-upgrade-testing
#ubuntu-server 2013-05-23
<keithzg> Why in the world won't Windows run .exe files from Samba shares if the shares are set to read-only? Is there some weird configuration issue here?
<sarnold> keithzg: the user account in question would need read and execute permissions on those files and all needed dlls..
 * keithzg smacks his head
<keithzg> All this time, I could've sworn that setting the files to be executable was the FIRST thing I did, but nope, apparently not, and that solves it.
<keithzg> sarnold: thanks :)
<sarnold> keithzg: hehe :)
<lenny__> hello I am having an issue with vsftpd. I have it setup to only allow local users to access the server. This works great and I can create directories in the users home folder however I am getting an error when trying to create a folder in my /var/www folder that says "550 create directory operation failed"
<lenny__> was being an idiot thought I already gave users access to the folder du :/
<fishcooker> http://paste.ubuntu.com/5692792/
<fishcooker> why there is no that command
<fishcooker> because i refer to this https://help.ubuntu.com/12.04/serverguide/installing-upgrading.html#do-release-upgrade
<lifeless> smoser: hey, you're probably asleep but I'll try anyway.
<lifeless> smoser: sudo resize2fs /dev/sda2
<lifeless> resize2fs 1.42.5 (29-Jul-2012)
<lifeless> Filesystem at /dev/sda2 is mounted on /; on-line resizing required
<lifeless> old_desc_blocks = 1, new_desc_blocks = 117
<lifeless> resize2fs: Permission denied to resize filesystem
<lifeless> [also you've dropped out of #tripleo :(]
<svbito> hello
<svbito> whats the easiest way to install mysql-server 5.6 via puppet?
<svbito> the official Oracle .deb does install in /opt and doesn't copy the init-script to /etc/init.d for example
<jacobw> svbito: Either install the Oracle package and fix it or fix the package and install it
<svbito> jacobw: "fixing" means unpacking, copying stuff to the right location and dpkg-deb --build?
<svbito> good idea... I could put my custom stuff in a postinst
<jacobw> svbito: The correct thing to do would be to build the package from source, or drop the source in the last source package from Ubuntu and try to build from source
<jacobw> svbito: I unpacked last Ubuntu package, dropped in the binaries and fixed the breakages in the init scripts and mysqld_safe
<svbito> just the new binaries needed?
<svbito> I'll try that out...
<jacobw> svbito: The Oracle binaries are built with different options (or the Ubutnu packages assumes the Oracle source is built with Debian specific options, more accurately)
<jacobw> svbito: Things will break, the maintainer scripts, the init scripts and the Debian specific stuff like mysqld_safe all assume the binaries were build with the Debian specific options
<jacobw> svbito: It's messy and not the right way to do it, but it worked for me
<svbito> If mysql shows a "5.6.11" Version, I'm all happy :P
<svbito> init script would be trivial to fix
<svbito> jacobw: how much hassle would it be to build it from source?
<Whir> hi...so I am on a local work machine here..I can easily mount directories from my home server via sshfs to here..my question, how can I disconnect/unmount them? fusermount needs root which I dont have here
<Whir> and I dont want to have these @Transport endpoint is not connected@
<Whir> allover
<Whir> noone?
<RoyK> sshfs should work well as a normal user account
<basil__> hi I need top open port 9000 UDP on my server (Ubuntu 11.1). Could anyone offer advice pls
<Whir> yep RoyK , but I can not close the connection, unmount the folder
<Whir> so if the sshfs dies..I have a lot of not connected zombies
<RoyK> Whir: perhaps the ssh session timed out because of nat
<RoyK> Whir: if so, enable ssh keepalives - add 'ServerAliveInterval 5' to $HOME/.ssh/config on the client
<Whir> ya that is true..but eventually I want to close it!
<Cay> I'm trying to configure an internal network with 10 rackservers and a switch: http://pastebin.com/raw.php?i=p43spnkQ Any ideas anyone?
<svbito> Is the cable really connected? ethtool can't seem to detect a link...
<Cay> svbito, Yeah you are right. ethtool does not detect a link. According to my server host the cables are all connected.
<Cay> Could it be some sort of driver error or missconfiguration causing this behavior?
<svbito> Cay: your configuration looks good... drivers too
<svbito> Cay: em1 and p4p1 connected to the same switch?
<Cay> svbito, I'm pretty sure the internal network has it's own dedicated switch.
<Cay> em1 should not be connected to that one.
<svbito> Cay: and the switch is on? If you have this error with all servers, I would look at the switch
<Cay> svbito, I'm glad you say the configuration and drivers look fine. Yeah looking at the switch would make sense I suppose.
<svbito> how can I debug my postinst script? I think it does not run...
<ScottK> zul: Can python-ceilometerclient be synced from Debian?
<zul> ScottK:  no it should be on the blacklist i think
<ScottK> Why?
<zul> ScottK:  because we dont take the packaging for any of the openstack projects from debian
<ScottK> Seems rather counter to normal Ubuntu policy.
<zul> ScottK:  it is, debian is focusing on the stable version, we arent
<ScottK> In this case though it's the same version.
<zul> ScottK:  and they will diverge when a new cinderclient is out again because we are on a faster cadence
<rbasak> Daviey: did you manage to look at the ubuntu-server ML moderation queue please? If not, can you take it as an action to get more moderators? I think Evan's email might have been stuck for a week now.
<Daviey> rbasak: err, i accepted it
<Daviey> a few days ago.
<Daviey> rbasak: https://lists.ubuntu.com/archives/ubuntu-server/2013-May/006614.html
<rbasak> Daviey: ah. Sorry. It hasn't appeared in my MTA. I think my mail server dedups messages that also went to me privately :-(
<rbasak> s/MTA/MUA/
<Daviey> right
 * rbasak finds that annoying, since he expects the message to appear in two places.
<Daviey> rbasak: I had a multi-user mail server (odd configuration i know!), and that hid messages sent to more than one person.  Had to fix that!
<lotia> is there a sysfs equivalent to /proc/filesystems, I want to list what filsystems are supported on a particular machine.
<lotia> If anyone has a way to do it from python that would be even better.
<rbasak> lotia: I'm not sure. But I wonder if whatever you do will be able to cover filesystems for which kernel modules are available but not loaded.
<bugzc> hello
<hallyn> zul: do you mind pushing debian-unstable spice + http://people.canonical.com/~serge/spice.debdiff to saucy?
<zul> hallyn:  sure
<hallyn> qemu 1.5 is just about ready (tests well, just need to retest when i get the qemu-linaro arm patches)
<hallyn> zul: thanks
<zul> hallyn:  the debdiff fails
<LordOfTime> anyone have any idea how I go about diagnosing why I get 'ssh_exchange_identification: read: Connection reset by peer' once, then when I try and reconnect the remote system works?
<hallyn> zul: fails what?
<zul> hallyn:  fails to apply
<hallyn> to debian unstable's spice?
 * hallyn doublechecks
<hallyn> i just generated it 2 misn before uploading it...
<hallyn> zul: just re-tried, worked here...
<hallyn> now what's weird is, the update-maintainer bit didn't get saved in the debdiff.
<hallyn> zul: does http://people.canonical.com/~serge/spice2.debdiff work?  (against 'pull-debian-source spice' result)
<zul> hallyn:  lemme check
<zul> hallyn:  use me abuse me with a pipe, done
<hallyn> zul: thanks :)
<zul> np
<hallyn> really oughta ask for spice and spice-protocol to go into the server set
<hXm> I like justin bieber
<Raimonds> Hi. Might anyone know what I am doing wrong, because when I try to run ubuntu from my USB I get unable to find a medium containing a live file system. Might it be something with that I have USB 3.0, i just read on forums that it can not read MD5sum, but as the post was pretty old, it might not be the case. http://i.imgur.com/OwxOHD3.jpg
<Raimonds> I am using universal USB installer.
<Raimonds> and my goal is to make ubuntu bootable from USB, so I can use it.
<sarnold> Raimonds: you may have better luck in #ubuntu, this channel is more about server-software development..
<tash> am trying to send a test snmptrap to my Ubuntu server and see this in the snmptrapd logs: No access configuration - dropping trap.
<tash> Any advice?
<tash> I have searched online and have tried some suggestions, but still having issues.
<Raimonds> sarnold: Ok, thanks [:
<sarnold> Raimonds: good luck :)
<LordOfTime> anyone have any idea how I go about diagnosing why I get 'ssh_exchange_identification: read: Connection reset by peer' once, then when I try and reconnect the remote system works?
<sarnold> tash: do you need to define community strings? or allowed / denied source addresses?
<tash> sarnold: well, I'm not entirely sure. I have defined rocummunity <ourstring>
<tash> I even tried authCommunity log,execute,net <ourstring>
<tash> nvm
<tash> think I was just modifying the wrong config file
<mojtaba> Hi, I used fusedav to mount webdav, but I got this error message: "PROPFIND failed: Could not read status line: Connection reset by peer" Does anybody know what should I do?
<sarnold> mojtaba: is the webdav server on the other side of a NAT firewall/router?
<mojtaba> sarnold: Actually it is on a hosting company (Bluehost)
<sarnold> mojtaba: do you have one between your client and the internet?
<sarnold> mojtaba: most NAT firewalls have fairly short inactivity timeouts when they reap sessions..
<mojtaba> sarnold: I guess I do, because I am in university.
<sarnold> mojtaba: can you increase the timeout on idle connection?
<mojtaba> sarnold: how should I do that?
<sarnold> mojtaba: depends on the firewall..
<sarnold> .. but if you're asking, it seems unlikely to be something you have control over? :)
<sarnold> maybe you could write a simple program to write a new file every minute or so. and next minute delete the file.
<mojtaba> Is this command ok? fusedav -t 60-u username -p password http://www.website.com ~/webdavBluehost/
<mojtaba> sarnold: Is this command ok? fusedav -t 60-u username -p password http://www.website.com ~/webdavBluehost/
<shauno> you'll want a space after '60'.  pedantic, but so's fusedav
<sarnold> thanks shauno :)
<mojtaba> sarnold: still I got the same error
<sarnold> mojtaba: oh, it happens very immediately?
<mojtaba> sarnold: Yes
<sarnold> ahhhh.
<sarnold> mojtaba: can you navigate to that URL in a browser?
<mojtaba> sarnold: sure, it is my website
<mojtaba> :)
<sarnold> mojtaba: you might need to break out tcpdump or wireshark to find out what's going on. I'm out of ideas, sorry for the initial distraction :)
<mojtaba> It has a port number, and when I add that port number to the browser it says the connection was reset
<sarnold> oh! yay.
<mojtaba> !!!, but I can have access to the files with this port number via nautilus
<ubottu> mojtaba: I am only a bot, please don't think I'm intelligent :)
<sarnold> really?
<mojtaba> I did not wrote that!
<mojtaba> sarnold: Do you know what is going on? why I can have access to my root directory via nautilus but with that address and port number I just got the error "connection was reset" !
<sarnold> mojtaba: I don't know. normally testing with another program is the place to start :) hehe
<mojtaba> sarnold: Do you know any other program? I just want to have access to that directory via commnad line.
<sarnold> mojtaba: I think any webbrowser ought to have read-only access easily enough.. firefox, chrome-browser, w3m, links, lynx, curl, wget... in addition to the more usual approaches of fusedav or gvfs-based access...
<hallyn> 1619 root      20   0  4440  316  136 R  99.9  0.0  75:15.66 S20postfix
<hallyn> ?
<sarnold> o_O
<RoyK> hallyn: try a tail -f /var/log/mail.log
<RoyK> perhaps something venomous
<sarnold> .. but the init start script?
<hallyn> RoyK: for nwo it's shut down, cooling down.  will look later
<hallyn> yeah
<RoyK> if postfix uses that lot of cpu, seems like an infection from something
<adam_g> Daviey,  cherry-picked updated SSL certs to fix FTBFS. ready for upload to folsom staging http://people.canonical.com/~agandelman/ca/folsom/2012.2.4_rebase/keystone_2012.2.4-0ubuntu2~cloud1/
<adam_g> zul, ^
<josetacos>  using the mini installer everything worked execpt it could not install grub got this error how do i install only grub using the mini installer
<josetacos> "unable to install grub in /dev/sda"
<sarnold> mmm tacos
<sarnold> josetacos: was /dev/sda the correct device? ISTR someone in the last day commplaining that an installer picked the wrong disk for installing grub
<josetacos> only have one hard drive in it
<paranoids> josetacos: is the hdd bigger than 2tb?
<josetacos> no 600gigs
<josetacos> during the install i choosed to use the whole drive
<paranoids> josetacos: did you create a new partition table with the installer? have you tried to dd if=/dev/zero of=/dev/sda (erase your disk) before starting the installer?
<josetacos> i had delete all partitions through gparted before the install
<paranoids> josetacos: strange, I've installed 100reds of systems with mini.iso
<paranoids> josetacos: when you are in the ubuntu installer have you checked the syslogs (more /var/log/syslog)
<josetacos> there was a option i forget what it was that was first but i choose to use the whole disk during the install
<paranoids> I've never used the whole disk option... everytime installed via manual partitioning
<josetacos> how should i have it manually setup
#ubuntu-server 2013-05-24
<Devioustaste> Hello, I was going to install Ubuntu to a software raid 1 drive, where the /boot could be on the same drive(s)/partition or on a seperate. I was wondering if there was a guide/how-to on how to do this with Ubuntu 13.04
<sarnold> Devioustaste: there's some general guidelines here: https://help.ubuntu.com/12.04/serverguide/advanced-installation.html
<Devioustaste> Thanks sarnold, I'll read up on it.
<Devioustaste> sarnold, a little confused. Shouldn't /boot be the first partition on the drive? Or is it not possible to do a boot partition on a softraid on Ubuntu?
<sarnold> Devioustaste: you should be able to do it..
<sarnold> Devioustaste: it used to be necessary to be the first partition, in case your other partitions went past what was accessible to the blocklists or something horribly annoying like that, but I think modern grub2 doesn't have that limitation.
<Devioustaste> Hm, alright.
<Devioustaste> I just want to make sure that I have everything backed up at this point. Really the biggest things would be to back up /home, /var, /etc correct?
<sarnold> Devioustaste: yes
<sarnold> Devioustaste: maybe /usr/local/ if you've done anything in there..
<Devioustaste> I don't think so.
<Devioustaste> I probably should have done a dpkg -l before I started this.
<Devioustaste> Hm... it sees the 72GB Partitions on the drives, but it doesn't see them in Software Raid. :/
<stgraber> zul: ping
<stgraber> zul: you lied in bug 1180381, the package wasn't ready to be synced as we still have to maintain the dh_python2 delta
<uvirtbot> Launchpad bug 1180381 in python-fixtures "Sync python-fixtures 0.3.12-0.2 (main) from Debian unstable (main)" [Wishlist,Fix released] https://launchpad.net/bugs/1180381
<zul> stgraber:  shoot sorry about that
<stgraber> zul: can you please upload a fix?
<zul> stgraber:  yep i will
<Devioustaste1> Hm, I am getting this after booting to a softraid ubuntu server system: http://i.imgur.com/jPMWZji.jpg
<Devioustaste1> Had followed this guide: https://help.ubuntu.com/12.04/serverguide/advanced-installation.html
<Devioustaste1> The above message occurs after Grub, when I select to boot to Ubuntu
<Devioustaste1> If I am configuring softraid on two drives that I want to have use / and /boot should I make everything primary and have the first primary partition be Bootable, and the third Partition be bootable if it contains /?
<Devioustaste1> Cause unfortunately, following this guide https://help.ubuntu.com/12.04/serverguide/advanced-installation.html  led me to have this problem after the installer finished, and ejected the disc, and got past grub: http://i.imgur.com/jPMWZji.jpg
<adam_g> zul, jamespage: did a check of our havana packages, filed some MPs, bugs and some notes: http://pad.ubuntu.com/openstack-dependency-hell. the cheetah bug is the one thing that needs to get fixed outside of our pkg branches
<adam_g> Daviey, ^ maybe you can look at my cheetah fix @ https://bugs.launchpad.net/ubuntu/+source/cheetah/+bug/1183634
<uvirtbot> Launchpad bug 1183634 in cheetah "cheetah pkg does not depend on markdown, but egg requires.txt does" [Undecided,New]
<Senor> I am implementing a web server ,Need I deploy database on one seperate server from logic server and put mamcached one the logic server
<Senor> logic server get data by from memcached , which will update to database server by interval .
<Cay> svbito, Hello thanks for the help you gave me yesterday.
<Cay> The problem was indeed the switch. My server host had forgotten to do something with it (perhaps power it on). And now the internal network works perfectly with the same unmodified configuration I showed you.
<Smrtz_> Hey, I want to set up an email address, i.e. "Smrtz@smrtz.com"  the cheapest way to do this is to set up an email server right?
<svbito> Cay: nice to hear back from you :)
<svbito> Cay: and even nicer that it works now!
<svbito> Senor: You dont have to seperate them, but it has scalability-advantages if you do
<Senor> svbito :If I do it , how can I update memcache at logic server to database server?
<svbito> Senor: what do you mean by "logic server"?
<Senor> deal with logic stuff
<svbito> Senor: an App Server? Apache?
<Senor> tcp server
<svbito> Senor: doing what? a raw tcp connection to a server wont do much
<Senor> gameserver
<Daviey> 2
<Senor> svbito:what do you mean by raw tcp connection ?
<Daviey> jamespage: Hey, if i can cast you back to 2011..  You looked at MIR'ing Markdown, but but decided against it.. Do you remember why?
<svbito> Senor: Sry, I did not understand that it was a infrastructure for a game
<svbito> Senor: Could you sketch out what you have and what you need to clarify your question?
<Senor> my server updates for everu 3seconds , the frequent i/o with database will down its performence
<Syria> Hello
<Syria> is this command supposed to install the latest versions "sudo apt-get install apache2 && mysql-server && php5 php5-mysql && phpmyadmin"
<Senor> So I use memcached , and put database on seperate server to resolve large scale data's bottleneck
<svbito> your server writes every 3s to the database? thats not much...
<svbito> Syria: if you do apt-get update before and remove the &&s.
<jamespage> Daviey, hmm
<svbito> Syria: && is used to say "if the former command succeeded, execute this"
 * jamespage tries to remember
<Syria> svbito:  Then I can use the same command?
<svbito> Syria: just use "sudo apt-get install apache2 mysql-server php5 php5-mysql phpmyadmin""
<Daviey> jamespage: does this help, http://irclogs.ubuntu.com/2011/10/25/%23ubuntu-release.txt ?
<Syria> svbito: Thank you.
<svbito> Syria: you can install multiple packages at once by just concatenating them after apt-get install - seperated by spaces
<svbito> Syria: np
<jamespage> Daviey, I think 'markdown' lacked any active maintenance and is written in perl
<jamespage> so it was not worthy for main inclusion
<jamespage> just to be clear 'written in perl' is not a reason for not including in main
<jamespage> it was more the lack of maintenance both in Ubuntu and upstream
<cemc> hi! I just got an email from ubuntu-server maillist saying that i've been unsubscribed. I did not ask for it. any ideas?
<Daviey> jamespage: hmm, markdown or python-markdown?
<jamespage> Daviey, markdown
<Daviey> jamespage: I think i reread the log.. I thought you decided against python-markdown
<jamespage> no
<Daviey> jamespage: So i am thinking that it makes sense to reconsider a MIR for bug 1183634... What do you think?
<uvirtbot> Launchpad bug 1183634 in cheetah "cheetah pkg does not depend on markdown, but egg requires.txt does" [Undecided,New] https://launchpad.net/bugs/1183634
<jamespage> Daviey, I think so - its only two new source packages for main
<Daviey> jamespage: ok, cool
<jamespage> Daviey, commented
<Syria1> I was installing web server tools on my VPS and suddenly lost the connection, Now when I try to update I get E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
<Syria1> E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
<Daviey> jamespage: cool
<Syria1> svbito: Hi there!
<svbito> Syria1: wait a couple of minutes. Your old install is running in the background
<svbito> Syria1: you cant connect back to this session, but its still there.
<Syria1> svbito: Is this command going to solve the issue? "sudo fuser -cuk /var/lib/dpkg/lock; sudo rm -f /var/lib/dpkg/lock"
<svbito> Syria1: it might break your apt install
<svbito> Syria1: its basically just "overriding" the safety-net which forbids concurrent uses of apt
<Syria1> svbito:  I have been waiting for ten minutes is this enough? What about rebooting the VPS?
<svbito> Syria1: yeah, 10min should be enough. Rebooting would also help. But if you waited for 10mins, the command you mentioned would also resolve the issue
<Syria1> svbito:  I will wait for another 10 minutes then.
<svbito> Syria1: in the future, if you have an unreliable connection, use "screen"
<svbito> Syria1: https://help.ubuntu.com/community/Screen
<svbito> Syria1: it will allow you to reconnect to a previous ssh session
<Syria1> svbito:  Thats cool.
<svbito> Syria1: and helpful - imagine dist-upgrading a big production server and loosing connection
<rbasak> Try byobu - it's a handy front-end to screen and tmux
<rbasak> (hi kirkland :)
<Syria> svbito: phpmyadmin is installed but when I navigate to "siteaddress/phmyadmin" the page just keeps loading.
<Syria> svbito:  It works now but it is very slow!! weird.
<svbito> Syria: is the servers uplink slow?
<Syria> svbito: It's fine now, Maybe I have to be more patient. :P
<svbito> Syria: if you call the site the first time, it could take a while
<svbito> Syria: maybe phpmyadmin caches some things on first execution
<psivaa> hallyn: reported bug 1183766 and bug 1183767 for some new lxc test failures.
<uvirtbot> Launchpad bug 1183766 in ubuntu-test-cases "test_lxc_api  failures in saucy smoke tests" [Undecided,New] https://launchpad.net/bugs/1183766
<uvirtbot> Launchpad bug 1183767 in ubuntu-test-cases "test_lxc_simple failures in saucy smoke tests" [Undecided,New] https://launchpad.net/bugs/1183767
<psivaa> two bugs because there are two failures and I am not sure if they are related. please feel free to merge them if you feel appt. thanks
<hallyn> psivaa: I think they're due to the same thing stgraber brought up yesterday - dhclient on older release is failing on saucy kernel now
<hallyn> stgraber: did you have an open bug for that that I can mark these a dup of?
<hallyn> now what, is NETIF_F_HW_VLAN_STAG_TX the problem there?
<psivaa> hallyn: ok, not aware of that. thanks for looking into it anyway :)
<hallyn> psivaa: I'm not sure it's the case, reproducing in an instance.
<psivaa> hallyn: ack
<hallyn> actually no this seems different:
<hallyn> May 24 04:40:21 utah-9186-saucy-server-i386 utah: lxc-execute: failed to attach 'veth8wW9iy' to the bridge 'lxcbr0' : No such device
<tdn> I just discovered 'atop'. This is a fantastic tool for identifying performance bottlenecks. It supports a long term monitoring mode, in which it logs data to a binary log. I would like to be able to visualize these data in a graph. Is this possible? If so, how? I cannot seem to find out what format the log is saved in. It is binary, but nothing that 'file' will detect.
<zul> jamespage/Daviey: did you guys see adam_g etherpad notes last night?
<hallyn> psivaa: actually I htink it's a dup of bug 1183807
<uvirtbot> Launchpad bug 1183807 in lxc "lxcbr0 is not created on package install" [High,Triaged] https://launchpad.net/bugs/1183807
<samba35> I have installed ubuntu 12.04 server and i have installed another guest  (centos 6.4)on ubuntu now i want to install windows on ubuntu as a another guest but how doi  configure   networking with windows
<hallyn> psivaa: marked them as dups
<samba35> i have only 1 nic i have configure br0 on eht0 with dhcp from external server
<psivaa> hallyn: ok thanks.
<vic_78552> What is the code name for Ubuntu Server 12.04 LTS? Is it Lucid Lynx?
<Pici> !precise | vic_78552
<ubottu> vic_78552: Ubuntu 12.04 LTS (Precise Pangolin) is the current !LTS release of Ubuntu.  Download http://releases.ubuntu.com/12.04/ - Release Info: http://www.ubuntu.com/getubuntu/releasenotes/1204
<vic_78552> I'm looking for firmware to install B320i HP Smart Array RAID adapter, so that Ubuntu 12.04 can see my arrays. Looking at http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/ I don't know which directory has that RAID driver.
<vic_78552> This adapter is installed into our HP DL360e ProLiant Gen8 server.
<vic_78552> And I've installed Ubuntu Server 12.04 LTS 64-bit as its OS onto a USB flash disk drive.
<vic_78552> But, I'd like to move the OS onto the RAID arrays.
<vic_78552> Without the RAID driver, the OS doesn't see the arrays.
<bitbyte> hey guys
<bitbyte> I'm trying to put ubuntu server 13 on my hp micro server and can't really seems to get it booting from the usb its on doing it from unetbootin on osx and when i plug it in the micro server just dosnt see it any ideas ?
<bitbyte> im currently looking at how to use Disk Utility to flag the usb as bootable
<rbasak> Sounds like it could be UEFI related?
<jamespage> rbasak, I uploaded your facter merge for saucy
<zul> jamespage:  i filed the MIR for d2to1 and pbr this morning
<jamespage> zul, great!
<jamespage> zul, you're feeding your python3 porting stuff back to Debian as well right?
<zul> jamespage:  i will be
<jamespage> zul, great
<zul> jamespage:  its slow going right now
<rbasak> jamespage: great - thanks!
<bitbyte> you guys know of any guides for ubuntu server network install
<bitbyte> i can't see to get my hp micro server to recognise my usb
<genii-around> bitbyte: https://help.ubuntu.com/community/Installation/LocalNet
<maxagaz> hi
<maxagaz> does someone know about AWS and RDS ?
<DanC_> I'm trying to use this ubuntu mini-PC as a wifi access point. I got the wifi part working, but wlan0 doesn't have an ip address.
<DanC_> hostapd is running and other devices show the relevant ssid
<DanC_> (I followed http://nims11.wordpress.com/2012/04/27/hostapd-the-linux-way-to-create-virtual-wifi-access-point/ )
<DanC_> I haven't set up dhcpd yet... that's not how the interface gets an ip address, is it?
 * DanC_ gives it a try...
<DanC_> oh. silly me... I see the ifconfig up thingy now...
<dz0ny> hi
<dz0ny> I am having problem with lxc container not getting network address (12.04 LTS with 3.8 kernel, ubuntu-cloud raring container)
<dz0ny> any ideas what could be wrong? here is log https://gist.github.com/dz0ny/fac7d6fb57e79b1689a3
<bitbyte> you guys know how i can set my hods to check nedt reboot
<MagBo_> Hi guys, I have a really stupid question, I'm quite lost, as it's 2nd day in Debian-like repo. I want to set up a xen bridge via Ubuntu's suggested /etc/network/interfaces. I configure stuff, it works after first reboot, but after second reboot whole network table gets messed up and additional interfaces (xenbr1, xenbr2) get spawned.
<MagBo_> Well, strangely enough # route looks good, but neither host-only bridge, nor lan-bridge work anymore, so I can't ssh to the virtual machine I want to run as dom0 from host. :(
<MagBo_> I guess I can iptables my way out of that madness, but I'd like to know the reason of such behaviour and suggested way to deal with it. )
<hallyn> dz0ny: probably best to file a bug showing exactly how the host and containers are set up.
<hallyn> (i'm running out but will look for the bug when i get back)
<mmerlone> greetings
<mmerlone> I run a buch of ubuntu servers, including a dns server. My reverse zone stopped working and need urgent help debugging.
<mmerlone> for instance dig @localhost +trace -x 177.135.94.73 does nothing
<mmerlone> it just happended out of the blue, nothing has changed, and have no clue what's wrong, please help me!
<mmerlone> named-checkzone says zone is ok
<sarnold> mmerlone: is there any information in the logs?
<mmerlone> yes, zone 64-27.94.135.177.in-addr.arpa/IN: loaded serial 2013032604
<mmerlone> zone 64-27.94.135.177.in-addr.arpa/IN: sending notifies (serial 2013032604)
<mmerlone> server in question is ns1.a1.ind.br
<mmerlone> everything seems fine, but the world and even localhost is unable to resolve any reverse
<mmerlone> smells like upstream problem, but not sure.
<sarnold> mmerlone: Host 73.94.135.177.in-addr.arpa not found: 5(REFUSED)
<mmerlone> funny, dig @localhost 64-27.94.135.177.in-addr.arpa axfr dumps the zone ok....
<mmerlone> sarnold: which host are you quering?
<sarnold> mmerlone: that was "host 177.135.94.73 ns2.a1.ind.br"
<mmerlone>  tested on http://network-tools.com/nslook/Default.asp?domain=177.135.94.73&type=12&server=ns1.a1.ind.br.&class=1&port=53&timeout=5000&advanced=true&go.x=21&go.y=9
<mmerlone> it says it is not authoritative
<mmerlone> why would it not be authoritative?
<zokko> hello folks
<zokko> is there any repo for 12.04 with zend-framework 1.12?
<mmerlone> sarnold: I'm still stuck
<mmerlone> it should be authoritative for that zone, but not able even to get an answer from localhost
<mmerlone> your test got refused bcause authoritative problem....
<sarnold> mmerlone: does netstat -lnup show the server even listening?
<mmerlone> yes, you can test a1.ind.br just fine
<mmerlone> why would a reverse zone stop being authoritative?
<dz0ny> hallyn: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1183941
<uvirtbot> Launchpad bug 1183941 in lxc "LXC container fails to get network address" [Undecided,New]
<adam_g> wom 3
<adam_g> zul: http://people.canonical.com/~agandelman/ca/folsom/2012.2.4_rebase/keystone_2012.2.4-0ubuntu2~cloud1/
<zul> adam_g: +1
<ctrox> is there a ppa out there for apache 2.4 with php5 for 12.04? I found one with apache 2.4 but I can't find a libapache-mod-php5 that is compatible
<Devioustaste> What are the minimum packages needed for KDE? Just KDE-workspace I would guess? I don't want the -full package.
<sw> !info kde-plasma-desktop
<ubottu> kde-plasma-desktop (source: meta-kde): KDE Plasma Desktop and minimal set of applications. In component universe, is optional. Version 5:76~pre1ubuntu10 (raring), package size 2 kB, installed size 37 kB
<sw> Devioustaste: probably that, according to https://help.ubuntu.com/community/InstallingKDE: (iii) kde-plasma-desktop --- This will install the core -- the bare-minimum required-- of KDE. That is, kdebase-apps, kdebase-runtime, kdebase-workspace and kdm.
<Devioustaste> Cool, thank you sw
<Devioustaste> sw, what would kde-standard be and such?
<hachre> Devioustaste: probably the 'standard' selection of kde + tools
<sw> !info kde-standard | Devioustaste
<ubottu> Devioustaste: kde-standard (source: meta-kde): KDE Plasma Desktop and standard set of applications. In component universe, is optional. Version 5:76~pre1ubuntu10 (raring), package size 1 kB, installed size 37 kB
<xeberdee> Hey - what the best command line tool for disk admin. Fdisk shows no disks - I'm on an SSD with a 20 TB raid somewhere.
<sarnold> xeberdee: fdisk doesn't 'show disks' -- it works on a disk that you specify..
<sarnold> xeberdee: fdisk is my favorite, but it doesn't understand gpt partition tables, for that I thnk you need gparted or parted or something. (I have to look it up each time I need it..)
<sarnold> xeberdee: to see the disks available to work with, ls -l /dev/disks/by-id   -- or one of the other subdirectories there, depending upon how you'd like to identify the drives
<xeberdee> sarnold: yeah I'm a bit rusty. I just lookedd at sda
<sarnold> xeberdee: sda is fine, if you've got few enough drives that you can tell unambigiously what it is.. :)
<xeberdee> sarnold: Trying to remember how hardware raid looks in dev.
<mikeey> Guys, this might not be the correct channel for this but I'll give it a go anyway; would the following in /etc/smartd.conf send me an email whenever one of my disks is presumed to be failing? "/dev/sda -d sat -t -H -f -l error -l selftest -o on -S on -s (S/../.././01|L/../../6/03) -m email@domain.com"
#ubuntu-server 2013-05-25
<DrasticDragons> Is anyone familiar with Ubuntu > Samba username and password syncs? I just found this http://jaka.kubje.org/infodump/2007-05-14-unix-samba-password-sync-on-debian-etch/  but my knowledge of pam and how it works is non-existant. So I just wanted to get advice before I started to screw something up by pressing enter right now.
<sarnold> DrasticDragons: looks sane to me
<sarnold> DrasticDragons: note that " quotes on that page are mangled, don't expect copy-and-paste to work
<sarnold> DrasticDragons: and it wouldn't hurt to leave a root shell ssh running somewhere while you fiddle with and test PAM :)
<DrasticDragons> sarnold yeah, I ended up stopping that, and am trying to figure out logwatch and why it is not working.
<DrasticDragons> http://ubuntuforums.org/showthread.php?t=2148352 :/ Not really helpful when all it serves me is my hard drive status and a fortune.
<hallyn> zul: smoser: rbasak: I'm ready to upload qemu 1.5 to raring.  Did you want to take a look before I push?
<hallyn> uh, not raring, saucy :)
<sonofzeus> Hi there
<sonofzeus> any python coders here?
<sonofzeus> Hello?
<DrasticDragons> Hm, well, I goofed up with something. After trying to create a new mdadm device, and after a restart, my server is only booting to a black screen after it hits Grub. :/
<DrasticDragons> It still responds to ctrl alt del, but ping -t ipaddresshere only responds with "Destination host unreachable" and "request timed out"
<DrasticDragons> So, any help would be appreciated because otherwise. :(
<sonofzeus> You gotta wait I;ve been waiting for 10 mins
<DrasticDragons> sonofzeus you asked if there are python coders in a ubuntu-server channel. Wouldn't it be better to join #python or #programmers?
<sonofzeus> hehe yep
<DrasticDragons> Also, there isn't a queue for this channel.
<sonofzeus> Yea I didnt mean that sorry
<zul> hallyn:  how about i do it monday?
<hallyn> zul: sure (i'll be out on monday) - it's in ppa:serge-hallyn/virt for now (as well as git://github.com/hallyn/qemu)
<histo> is the server kernel any different than the desktop one?
<cemc> morning. I was unsubscribed yesterday from ubuntu-server maillist, and I didn't know why. I just tried to resubscribe and the confirmation email did not arrive. looked at the email logs and: reject: RCPT from huckleberry.canonical.com[91.189.94.19]: 554 5.7.1 Service unavailable; Client host [91.189.94.19] blocked using dnsbl-1.uceprotect.net;
<tasslehoff> Any tips on a good application/way to share/view the pictures I have on my server? Som dedicated web-solution, maybe?
<RoyK> tasslehoff: what do you want to achive?
<tasslehoff> RoyK: I guess viewing my images in a browser or another client.
<tasslehoff> My own flickr/picasa/smugmug site :)
<RoyK> there are tons of solutions for that
<RoyK> http://galleryproject.org/ is one - I just use igal2
<tasslehoff> RoyK: I figured there would be, but I have actually never looked for this before. Thanks.
<tasslehoff> galleryproject looks good from the screenshots
<RoyK> it's ok, but I've heard of a few issues
<tasslehoff> I'll read up a bit before installing anything. Need to know the security of my server is not compromised.
<RoyK> tasslehoff: good
<Rallias> Is it possible for me to use lxc-create on a preexisting backing LVM store?
<baniir> readahead values set with blockdev don't seem to persist through reboots on 12.04 (ec2); is this expected
<baniir> i think i need devices to have readahead set before mdadm assembles
#ubuntu-server 2013-05-26
<thejoelhansen> Good day all - I'm having an issue with some email forwarding. I've added a forward to /etc/aliases such as
<thejoelhansen> bonk : forwardaddress@mydomain.com
<thejoelhansen> And ran newaliases
<thejoelhansen> However, emails to forwardaddress@mydomain.com just bounce as 'user not found'.
<thejoelhansen> I'm overlooking something. Any links to good articles on creating/ managing email accounts and such command line?
<guma> I have fresh setup server with two network cards both setup as dhcp. Each is plugged to different router. Is there a way to change which one ill be default gateway? I want my eth0 be default gateway it looks like eth1 always is default
<guma> I just figured out...
<thejoelhansen> Hola. I'm having an issue with some email forwarding. I've added a forward to /etc/aliases such as "bonk : joel@mydomain.com". I ran newaliases. However, emails to forwardaddress@mydomain.com just bounce as 'user not found'. I'm overlooking something. Is this a simple fix, or might anyone have any links to good articles on creating/ managing email accounts and such command line?
<Patrickdk> who knows :)
<Patrickdk> you munged the hell out of that, and didn't even keep it consistant
<thejoelhansen> Hey Patrick. I see my typo...
<thejoelhansen> Do you know a good place to learn this sort of thing?
<Patrickdk> well, if your using postfix. the postfix documentation
<yofun> what is the unrar package name?
<DrasticDragons> How do I go about changing resolv.conf if it is overwritten by resolvconf?
<mardraum> DrasticDragons: you put your options in /etc/network/interfaces filw
<mardraum> file*
<mardraum> man resolvconf has examples
<DrasticDragons1> So, if I connect to a server that is running sshd. Then restart that sshd service, shouldn't I be disconnected?
<DrasticDragons1> Cause that is definitely not happening: https://whatimg.com/i/ndzywo.png Which is very concerning.
<mardraum> no, you should not be disconnected
<lifeless> no, you shouldn't be.
<lifeless> restarting sshd restarts the forking parent
<lifeless> not existing sessions.
<lifeless> they remain unaffected
<DrasticDragons1> Hm, alright. Is there a difference between ubuntu desktop and ubuntu server in that regard? Because I could have sworn that I would be disconnected when using ubuntu desktop
<mardraum> no
<DrasticDragons1> :/ weird, wonder why I thought that then.
<Row27> Hey. Is there any easy way to offer sftp without giving everyone default user privileges?
<Cay> Row27, I'm not sure I understand your question fully. Possibly my guide here can inspire you somehow: http://oloflarsson.se/my-server-setup-checklist/
<Cay> The goal with my guide is to create a secure environment where all files are created with mode 700.
<Row27> Cay: thanks. I want a friend to upload files via sftp, because it's more secure than ftp. I'm not that experienced, in my undestanding I have to add a user in order to offer this. But I don't want that he has read access to the fs structure.
<greppy> Row27: this may help: http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
<Row27> greppy: thanks. Will look into this.
<Row27> greppy: exactly what I was looking for. Great!
<greppy> you're welcome. :)
<RoyK> Row27: just use rssh
<RoyK> rssh is designed for this - the article posts a method that's not as good (IMHO)
<hXm> can i modify nano for show line numbers?
<hXm> from the nanorc, not the nano -c filename
<hXm> found it
<RoyK> hXm: use vim ;)
<hXm> nooo i hate vim
<hXm> xD
<RoyK> hehe
<DrasticDragons1> Is there any software in ubuntu's repositories that would allow me to monitor a Perc5i RAID card and any devices connected to it?
<DrasticDragons1> http://hwraid.le-vert.net/wiki/DebianPackages I see that for Debian, but trying to sudo apt-get install mega* doesn't return any package listed there.
<bitbyte> hey guys do any of you know how i would move from osx to ubuntu server
<bitbyte> sorry do you know how to move rya keys from osx platform and move it to ubuntu server ?
<qman__> DrasticDragons1, that site provides third party packages for that purpose and is both debian and ubuntu compatible, the instructions are right there
<qman__> these packages are not in the official ubuntu repositories, just as they are not in the official debian repositories either
#ubuntu-server 2014-05-19
<Macer> what the hell
<Seven_Six_Two> jak2001, you might need an entry in the server's /etc/hosts.allow
<glisignoli> Hello, does anyone have expirence setting up bind9 and remote nsupdates?
<glisignoli> I've follow a few guides but I keep getting SERVFAIL
<glisignoli> Oh I am error... I think it's apparmor
<glisignoli> Or not, bind couldn't write to /etc/bind
<glisignoli> I am smrt
<Pupeno> When I do ssh-add, it asks me for the password of my key, even though I have no password set on it (and pressing enter just adds it). Any ideas why? On other machines this didn't use to happen.
<ice9> how to use DH with sshd?
<ikonia> DH ?
<ice9> diffie-hellman
<ikonia> no idea what that even is
<lordievader> Doesn't ssh do that by default? I've seen a message pop by about diffie-hellman keyexchange from time to time.
<ice9> lordievader: message pop? where?
<lordievader> Probably with ssh -v, or it was on the ssh application on my ipad.
<dasjoe> It tries curve25519-sha256@libssh.org first
<dasjoe> ice9: man 5 ssh_config, Section "Key Algorithms"
<dasjoe> *KexAlgorithms, sorry
<ikonia> ooh the encyption
<ikonia> I thought you meant an application
<ice9> dasjoe: but I have to create the DH group first right?
<ikonia> grup ?
<ikonia> don't just set it in the ss_cnofig which cypers are available
<ikonia> sshd
<ikonia> oops
<ikonia> ssh_config
<ice9> ssh_config or sshd_config?
<ikonia> ssh_config
<ikonia> sshd is the server, not client
<ikonia> I assume you're talking about client config
<ikonia> or are you referencing your ssh server, not client
<Guest67771> hi my ubuntu server is is using ufw, with port 23 allowed. My router has port forwarding setup for both tcp/udp on port 23. Yet a port scanner shows the port as closed. I need it open for a MOO. Any ideas of what errors or things I may have overlooked?
<lordievader> Guest67771: Is there something listening to port 23?
<Guest67771> I have a mOO server, expecting telnet traffic...Is that what you mean?
<lordievader> Guest67771: Perhaps, is that listening to 23? (netstat -tulpn|grep 23)
<Guest67771> showing nothing
<lordievader> Guest67771: So nothing is listing to port 23, that should be your problem.
<Guest67771> does that mean it won't allow traffic in on port 23 - that's my major concern. MOO uses telnet - I'm trying to troubleshoot MOO access to school
<lordievader> There is nothing on your server that accepts connections on port 23.
<Guest67771> ok...that sort of make sense. Back to the manuals. Thank you
<lordievader> Good luck, Guest67771
<Teduardo> Hi there, i've just installed 14.04 on a server and when it boots it comes up and says mei_me initialization failed and then it hangs there forever, i searched on google and it says to update the bios, i've updated the bios and it still does this. is there a setting via grub that i can use to disable mei?
<Teduardo> i would prefer not to recompile the linux kernel
<patdk-wk> teduardo, blacklist the mei module
<elliotd123> I'm having trouble with environment variables in 14.04 - I can't get a script that runs #!/bin/sh to recognize environment variables. Where's the correct place to put non-interactive startup scripts for sh?
<elliotd123> Correction - I don't know where to add the export command to CHANGE the environment variables
<elliotd123> I just noticed that the environ variables work without sudo, but not with sudo
<OpenTokix> elliotd123: sudo resets your enviroment
<OpenTokix> elliotd123: it has to be set inside /etc/sudoers to be allowed
<OpenTokix> elliotd123: this line: Defaults	env_reset
<OpenTokix> elliotd123: to be more specific, and it should not be removed, since its kind of a securityrisk if you can pass enviroment-stuff from normal user to superuser like that
<elliotd123> Got it, thanks OpenTokix. All I needed to do was add a folder to the path variable, so I added it to the file and it's working now. THANKS!
<sander^work> Do anyone know why apache2 wasnt upgraded correctly from ubuntu 10.04 to 12.04? The log of apt-get is here: http://pastebin.com/gHEc7BD0
<sander^work> Package apache2-mpm-prefork is not configured yet.
<shauno> sander^work: line 3 is preventing apache from starting, which throws apt into an error.  it should try to handle it better if mods-enabled/reqtimeout.load is symlinked from mods-available/ (as intended)
<shauno> er, line 4 rather
<shauno> I had a very similar issue because my rsync-fu failed me - I took my config from a previous install, but it created mods-enabled and sites-enabled as regular files instead of symlinks
<sander^work> shauno, Will try*
<sander^work> shauno, correct.. but how do I fix the apt-get thingie after symlinking properly?
<shauno> sander^work: once you've replaced those files with symlinks, just run exactly the same apt operation again and it should figure itself out
<shauno> all that's happening is that apt updates the copies in 'mods-available', and because you have copies of them instead of links to them, your copies are out of date
<sander^work> shauno, do-release-upgrade reports no new releases.
<sander^work> and apt-get dist-upgrade reports the error.
<shauno> ah.  I'd just apt-get install apache2.2-common then
<sander^work> oh. I have to do it with reqtimeout.conf too.
<shauno> if everything in mods-enabled is a proper file instead of a symlink, there's probably a good many things you'll have to do it for - anything that's been updated since the prior version
<sander^work> shauno, thanks alot, it worked now:)
<fridaynext> I've set up an AFP share from my Ubuntu 12.04 server for Time Machine backups, but this pops up about once every 2 months http://share.pho.to/5gIkf
<fridaynext> is there any way to make TM backups to Ubuntu more reliable?
<sarnold> fridaynext: wow. what a can of worms: https://discussions.apple.com/thread/3684176
<fridaynext> sarnold: wow - that is quite the can of worms.
<sarnold> fridaynext: several reports of it failing often even with apple's time capsule. I don't know if that's hilarious or sad.
<fridaynext> sarnold: time to switch exclusively to rsync, it appears.
<fridaynext> I bet you fifty bucks THAT won't fail on me.
<fridaynext> :)
<fridaynext> Well, good to know that it's nothing I'm doing wrong, and it's the damn system that doesn't work properly.
<fridaynext> If only ï£¿ could have made this easy for me. Off to rsync I go.
<sarnold> fridaynext: the downside of course is that rsync doesn't provide the same thing -- there's no back-and-forth through time.. rsnapshot works okay for me, but source and destination drive are in the same machine. heh.
<fridaynext> sarnold: ah.
<fridaynext> But I do'nt really care about back adn forth through time - i just want incremental backups.
<sarnold> fridaynext: no kidding. until today I had a high opinion of time machine..
<fridaynext> sarnold: I've had my share of issues since I started using it.
<fridaynext> Nice as a safety net, but definitely doesn't give me the warm and fuzzies about my content being backed up properly...
<fridaynext> alright, i'm off to go fix this. Thanks!
<sarnold> fridaynext: yeah.
<sarnold> fridaynext: have fun!
<med_> jamespage, zul: will there be a UCA for Trusty at some point or are upgrade/support schemes changing?
<med_> someone just suggested UCA for Trusty could exist (and just have the same pkgs as Trusty proper atm)
<med_> gaughen, ^
<gaughen> med_, yes, the plan is to have  UCA for Trusty but I suspect it won't appear until further along in the Utopic cycle
<med_> gaughen, nod. Filed #1320960
<gaughen> but the 2nd part of that statement is my opinion, so maybe it will be sooner med_
<med_> and thanks pat.
<gaughen> no problem-o!
<lordievader> Good evening.
<hxm> hi, exists a log where I can see what ip is using what port?
<lordievader> hxm: lsof can show those things if I'm not mistaken.
<hxm> with lsof -i I can see the opened ports
<hxm> but not if someone connected time ago
<sarnold> hxm: no such log exists.
<sarnold> hxm: what are you trying to do? there may be ways to get something similar.
<lordievader> hxm: You could use pmacctd to capture flowrecords and use the nfsen collector to log them.
<hxm> i have problems with postfix, and the user swears he is using the proper 587 port but cant sends emails, I see in the logs the error in ehlo command and the doc explains is because a wrongly use of the TLS
<hxm> and im half sure they are missconfigured the mail client, if I configure it, works, if they do, dont
<hxm> but I dont have proofs
<SCHAAP137> hxm, which mailclient is the user using
<ptronico> Hello! I cannot fetch google.com using SSL. It says: "SSL certificate problem, verify that the CA cert is OK." Anyone can help me? Thank!!!
<dasjoe> ptronico: is your computer's clock set correctly?
<dasjoe> "okay"
<dasjoe> <dasjoe> ptronico: is your computer's clock set correctly?
<ptronico> dasjoe: no. its saying "Thu Mar 13 09:43:52 BRT 2008"
<dasjoe> ptronico: fix that (manually) and your problem will probably disappear
<ptronico> dasjoe: I'll try
<ptronico> dasjoe: it worked! tanks a lot dude!
<rostam> hi we have installed server on field running ubuntu 12.04. Due do some performance issues, we need to change the /etc/fstab mount options for "/" (mounted on /dev/sda1 and no lvm).  We can not edit /etc/fstab on each system manually, We need an automated solution, script,.. How could I do manage this? thx
<sarnold> rostam: something like ansible may do the trick, if you want something better than a multiple-ssh kind of tool
<rostam> sarnold, thanks
<brianblaze420> anyone know what I need to do to generate keys for openvpn? in the instructions it says to move a folder from somewhere to /etc/openvpn/easy-rsa/ but I don't seem to be able to find the file to copy :(
#ubuntu-server 2014-05-20
<MACscr> im running ubuntu 14.04 and spamassasin 3.4. Seems that spamassassin isnt creating the /var/run/spamassassin folder when the service tries to start. If i manually create it and start the service again, everything is fine. Any suggestions?
<stoned> is it possible to upgrade to 14 from 10?
<stoned> from 10.04 lts to 12 or 14?
<cfhowlett> !eolupgrade|stoned
<ubottu> stoned: End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
<stoned> The problem is that I am stuck on a live server, 10.04 LTS, and I need a new apache version (2.4)
<stoned> Any current solution that will suffice.
<stoned> hmm
<stoned> I have an idea
<stoned> setup a 64bit 14 lts chroot, setup apache 2.4/php/fastcgi there
<stoned> let's see
<Macer> you cant use lxc?
<Macer> or vbox? :)
<dw1> I installed sendmail and set confAUTH_MECHANISMS and TRUST_AUTH_MECH in sendmail.mc and ran sendmailconfig to regenerate sendmail.cf and added a user but still can't seem to authenticate for relaying.  What else do I need to do?  Install saslauthd, perhaps?
<stoned> Macer, who me?
<stoned> no
<stoned> this is a live server, rackspace, ubuntu 10 lts
<stoned> I think I'll just debootsrap a 64bit debian stable chroot
<stoned> I've never attempted to debootstrap ubuntu in my entire life
<stoned> anyway, I guess I could 'jail' 2.4 apache inside a 64bit chroot
<stoned> make sure it's working on 8080 w/ fast cgi, php5, apache 2.4
<stoned> then just disable the older httpd from 10.04 lts host
<dw1> got it. had to install sasl2-bin which gave me saslauthd and saslpasswd2 where I didnt know I had to add the user ;)
<MACscr> stoned: or just get a second server that you upgrade and migrate things to and then retire the other one?
<stoned> [22:46:47] <stoned> this is a live server
<MACscr> aka, like the proper way to do it =P
<stoned> if I could .. I would.
<MACscr> and why cant you?
<stoned> too many reasons I can't get into right now.
<MACscr> well the hackish solutions you are looking for sound much worse
<MACscr> especially since its a live system
<dw1> actually i was wrong didnt need saslpasswd2 just saslauthd
<stoned> linux chroots are a hack.
<stoned> Ever used BSD jails?
<stoned> And yes, chrooting various server services in linux is also rather advisable.
<stoned> Sounds to me you're unfamiliar w/ this approach of service segregation.
<stoned> not to mention, even if your webserver gets hacked, it's still chrooted. It's a somewhat of a more secure setup as well.
<stoned> Maybe I'll switch to nginx/fastcgi/php instead.
<stoned> it's mostly a static site.
<stoned> just high traffic.
<stoned> actually
<stoned> would you be willing to assist me in setting up fastcgi/mpm-worker/php5-cgi in apache 2.2 on 10.04?
<stoned> That's the one thing I'm having issues. If I could switch to that, problems solved.
<stoned> Currently the server is running Ubuntu 10.04 lts, apache 2.2 w/ mod_php(5) and apache mpm prefork
<stoned> I make a clone of this server at this point
<stoned> I then make changes to the clone (not the live server) and I successfully get fcgid/php5/cgi/apache 2.2 to work correctly
<stoned> I then test my changes on the clone and it works
<stoned> Then I do the exact same steps on the live server that i did on its clone (in theory it should work)
<stoned> but I get internal server error. I can't find anything in /var/log/apache2/error.log (all error log directives point to this file)
<stoned> So that's my current issue really.
<stoned> If anyone of you could help me troubleshoot fcgid and the internal server error, I'd be very grateful
<stoned> https://library.linode.com/web-servers/nginx/php-fastcgi/ubuntu-10.04-lucid hmm.
<stoned> I wonder
<sarkis> hey all, i added an upstart script and run initctl reload-configuration but i don't see my new script when i run initctl list
<sarkis> weird thing is if i run service service-name start it is working
<Siebjee> Does any one know a good cronjob scheduler like application that is scalable (like rundeck or jenkins) but is not one of those 2 ?
<hxm> months ago I configured the port 25 to be opened for only localhost
<hxm> but I dont remember where I did configure that
<hxm> in /etc/postfix not
<hxm> i think I put 127.0.0.1 in the config but dont remember where
<mardraum> for postfix? in main.cf
<nevercast> I wish to partition RHEL and install Ubuntu Server, I then wish to recover the partitions in use by RHEL for use by Ubuntu Server and configure grub for only one operating system. I also need to do this without ever being without an operating system, as I do not have the ability to use recover from removable media
<nevercast> Suggestions ?
<vfw> So you are going to create a dual-boot system?
<nevercast> Only temporarily until Ubuntu is configured to work in place of RHEL, at which point I would like to remove RHEL
<vfw> nevercast: Use non-destructive partition manager to shrink existing partitions in order to leave free space for the new install.
<pmatulis> morning
<vfw> nevercast: http://gparted.org/livecd.php
<vfw> nevercast: ^^^^^^^^^^^^^  ... one example.
<nevercast> vfw, that's for your guidence. It looks to be impossible anyway. As it is an OpenVZ VPS, and I do not have the typical block devices available
<nevercast> *thanks
<vfw> nevercast: Oh, a VPS.  Well, that is different.
<nevercast> I'm uncertain how to accomplish even a simple repartition in an OpenVZ Guest
<vfw> nevercast: You would just need to re-install.
<vfw> nevercast: Or get another VPS
<nevercast> Unfortunately for myself, they only offer RHEL
<vfw> nevercast: How about VBOX?
<nevercast> VM in a VM.. Not a terrible idea, bit more overhead
<nevercast> vfw, as I am only allocated a single IP address, I might run in to some concerns. Though I guess I could run the networking in bridged mode and disable most host networking services
<soren> smoser: Before I start digging on my own, I was wondering if you have any idea where the time is spent when booting a cloud instance? How much is kernel, how much is initramfs, how much is fetching data from metadata service, how much is <each part of cloud-init>, etc.?
<soren> smoser: I just saw http://t.co/JqAg7vOqgv this morning and wondered what those numbers really should be. 75,000 instances across 380 hosts is 197 per host. 6.5 hours is 390 minutes. That's ~two minutes per VM. 30 seconds per VM should be *plenty*.
<soren> smoser: Also, it should be able to process a VM per core. A couple of million VM's should be doable in that timeframe on that many servers.
<jamespage> soren, 2 minutes per vm?
<soren> jamespage: Is my arithmetic off?
<jamespage> soren, let me think
<jamespage> soren, I had some stats on vm creation rate as well
<soren> jamespage: This is assuming each node only handles on VM at a time.
<soren> one VM, I mean.
<jamespage> soren, at peak we hit 4.5 instances per second being created
<soren> Then what the Â¤!"#Â¤ is the rest of the time wasted on?
<jamespage> soren, but that did drop off as load on the compute nodes increased
<soren> jamespage: You shut VM's off again, right?
<jamespage> soren, the cloud controllers (all three of them) get insanely busy
<jamespage> soren, nope
<soren> jamespage: Or did you leave all 11,000 running.
<jamespage> soren, 75k running instances
<soren> Sorry, 75k.
<soren> Ok.
<jamespage> soren, I was surprised exactly how insanely busy they got
<soren> jamespage: Ok, so it's 200 VM's per host running at the same time.
<jamespage> yup
<soren> jamespage: How many cores?
<jamespage> soren, 4 cores
<soren> jamespage: Ok.
 * soren is still not blown away
<soren> Sure, there's a lot of zeros at the end of that number, but one more should be possible.
<jamespage> soren, to me it feels extremely intensive when setting up the instance
<jamespage> prior to it actually being started
<soren> It shoulnd't be.
<soren> There's not much work to do.
<soren> Copy a small image, start it up. After 10-20 seconds, it's idling.
<jamespage> soren, that bit it quite quick
<soren> So where's the bottleneck?
<jamespage> soren, I'm talking about all of the bit prior to that happening
<soren> Oh, OpenStack itself? Scheduling and whatnot?
<jamespage> yup
<soren> Yeah, *that* does not surprise me.
<soren> But it shouldn't be that way.
<soren> We should have no problem scheduling a couple of million instances in a few hours.
<jamespage> soren, we actually started off running neutron networking - but the rabbitmq load was so high with both nova and neutron messages it started to reset connections
<jamespage> soren, had to drop back to nova-network
<soren> Also not surprising :)
 * soren has to run
<jamespage> soren, lol
<jamespage> later
<hxm> i keep receiving this messages in my ssh session fatal: Read from socket failed: Connection reset by peer [preauth]
<zul> jamespage:  i thought i would change the channel topic since you know...quantal has reached eol ;)
<jamespage> zul, for that we need a channel operator
<zul> ah shoot
<tych0> rbasak: have you used uvtool on the trusty i386 images?
<tych0> i don't think it's picking up my nocloud data
<arosales> jamespage: smoser: apologies I didn't send last weeks meeting. Althought it was a quick one I didn't get minutes out so it looks like I will be chairing this week too.
<rbasak> tych0: I think I've successfully used i386 images before. Not sure about the Trusty ones specifically.
<tych0> ok
<tych0> any thoughts on debugging?
<dasjoe> Ah, people working on uvtool :) I asked this before, maybe you can answer this: "Hi, VMs created with uvt-kvm are not persistent, correct? What are possible use cases for uvtool, is there a way to make a VM persistent?"
<rbasak> tych0: "virsh console <name>" just after starting the instance, and you should see console output. Then kill the instance, and examine logs on the disk using mount-image-callback on the file in /var/lib/uvtool/libvirt/images
<rbasak> dasjoe: they are persistent.
<rbasak> dasjoe: you may want them to automatically start. I can't remember if uvt-kvm does that or not, but you can adjust the autostart flag with virsh.
<dasjoe> rbasak: Oh, okay. Thanks! I assumed they got undefined when stopped
<rbasak> tych0: I've just successfully created a trusty i386 VM using uvtool 0~bzr92-0ubuntu1
<tych0> huh
<tych0> oh
<tych0> i'm not on trusty :-)
<tych0> or rather
<tych0> my host isn't trusty
<tych0> that is proably part of it
<rbasak> I can't think of any reason why it wouldn't work.
<rbasak> The PPA (ppa:uvtool-dev/trunk) should have a recent version built for you.
<tych0> ok
<tych0> i should really just upgrade to trusty
<zul> hallyn:  ill try to get to libvirt this week
<hallyn> zul: cool, it's starting to feel far behind :)
<hallyn> thanks
<zul> hallyn:  or i can wait til 1.8.4 next week
<zul> or whatever it is
<hallyn> 9.7.h3 ?
<smoser> arosales, no one ins going to complain if you say you're chairing again. :)
<arosales> smoser: perhaps this time I'll remember to send the minutes.
<www2> hi can any one know why i get this error May 20 18:15:50 localhost postfix/smtpd[22424]: fatal: no SASL authentication mechanisms when i want send a test mail to my server?
<www2> the email send form my gmail adress
<blu3ski3s> sounds like you need to setup SASL - http://www.postfix.org/SASL_README.html
<patdk-wk> not really
<patdk-wk> that says sasl is setup right
<patdk-wk> but his sasl backend doesn't support whatever auth method he is using
<hallyn> zul: feel like doing 1319717 while you package new libvirt? :)
<hallyn> i betcha rbasak will give you a smooch if you do
<hallyn> wait ,i mean he wont' do that
<zul> no smooching
<mdeslaur> hallyn: try bacon
<hallyn> but not canadian bacon.  i hear that'll set off a bad reaction
<qhartman> I have a machine running 14.04 that I'm migrating a 12.04 apache config onto, and it's weirdly not writing a pid file.
<qhartman> Even though it's starting correctly, the init script bombs because it thinks it's not
<qhartman> the permissions on /var/run/apache2 seem fine, and the pid is set to write there
<qhartman> but it never appears, even though I end up with running apache2 processes that are correctly listening. Any ideas?
<qhartman> apache2ctl configtest seems to think everything is ok
<lordievader> qhartman: Might be the change from 2.2 to 2.4.
<rbasak> qhartman: check /var/log/kern.log for any apparmor denials. Is the pidfile in the standard location for Trusty?
<qhartman> rbasak, don't see any apparmor entries, and I believe the pid is the standard place (/var/run/apache2)
<shauno> I appear to have it in /run/apache2/apache2.pid on mine?
<sarthor> HI, My ubuntu stop on grub and must need to press "keyboard ENTER" button, How can i fix this issue?
<qhartman> shauno, /var/run is a symlink to /run
<qhartman> so they should be the same in effect (unless apparmor is getting in the way and not mentioning it)
<qhartman> lordievader, I'm sure that's the root of the problem at a high level, but I need to figure out something more specific to make it go
<shauno> ah, I didn't spot that. seems you are looking in the right place then :)
<qhartman> heh
<qhartman> so, setting "PidFile ${APACHE_PID_FILE}" in apache2 conf allows it to work
<qhartman> even though $APACHE_PID_FILE is set to "/var/run/apache2/apache2.pid"
<qhartman> and that is what it was manually set to in the conf
<qhartman> that's odd, but ok
<[[lutchy]]> qhartman, What's odd?
<qhartman> setting the the PidFile directive to use the variable, instead of the string that is the same as the variable contents, allowed it to start correctly
<qhartman> was: PidFile /var/run/apache2/apache2.pid
<qhartman> changed to: PidFile ${APACHE_PID_FILE}
<[[lutchy]]> On that topic, first time working with Ubuntu (has a few Ubuntu Servers), I find that postfix in ubuntu would remove bounce messages from queue without re-trying or returning to sender? Is this a behavior that has to do with Relay messages?
<qhartman> echo $APACHE_PID_FILE
<qhartman> /var/run/apache2/apache2.pid
<[[lutchy]]> Is $APACHE_PID_FILE an Environment variable ?
<qhartman> [[lutchy]], yes
<qhartman> Gets sourced in the from the "envvars" config in /etc/apache2 by the init script
<[[lutchy]]> Uh, if I am understanding this correctly, you want the init script to modify Apache configs during to startup to applye the Pidfile directive ?
<qhartman> no,m the standard config just uses the vars set in envvars so config changes that are global like that can be done in one place
<qhartman> I'm just puzzled at why setting it to the same value as the var causes it not to work. I must be missing something, like it's not actually the same value and I'm somehow misreading it or something
<qhartman> but, it's working now, so I'm not going to argue, and setting it to ${APACHE_PID_FILE} is probably more correct anyway
<[[lutchy]]> Your explanation is a bit 'garbled' for me to quite understand your problem
<qhartman> don't worry about it, it's under control now
<qhartman> If anyone else is doing a 12.04 -> 14.04 server upgrade that involves apache2, this doc is helpful: http://httpd.apache.org/docs/2.4/upgrading.html
<sarnold> qhartman: funny enough, I -think- I saw exact opposite issues on some of my VMs -- something like the init script didn't report any errors but the server wasn't running when the init script finished.
<sarnold> qhartman: of course my apache configs in those VMs were pretty horrible at that point, I blamed it on the frankenmess I had created :)
<patdk-wk> haven't had any issues :)
<sarthor> HI, My ubuntu stop on grub and must need to press "keyboard ENTER" button, How can i fix this issue?
<patdk-wk> GRUB_RECORDFAIL_TIMEOUT=5
* soren changed the topic of #ubuntu-server to: Ubuntu Server discussion and support | For general (not server specific) support visit #ubuntu | IRC Guidelines: https://wiki.ubuntu.com/IrcGuidelines | Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Docs and resources: https://help.ubuntu.com/12.04/serverguide/ | Utopic (12.10) roadmap bugs, http://status.qa.ubuntu.com/reports/ubuntu-server/release-bugs.html
* soren changed the topic of #ubuntu-server to: Ubuntu Server discussion and support | For general (not server specific) support visit #ubuntu | IRC Guidelines: https://wiki.ubuntu.com/IrcGuidelines | Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Docs and resources: https://help.ubuntu.com/12.04/serverguide/ | Utopic (14.10) roadmap bugs, http://status.qa.ubuntu.com/reports/ubuntu-server/release-bugs.html
<soren> zul: There you go.
<soren> Hm..
<zul> thanks
* soren changed the topic of #ubuntu-server to: Ubuntu Server discussion and support | For general (not server specific) support visit #ubuntu | IRC Guidelines: https://wiki.ubuntu.com/IrcGuidelines | Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Docs and resources: https://help.ubuntu.com/14.04/serverguide/ | Utopic (14.10) roadmap bugs, http://reports.qa.ubuntu.com/reports/rls-mgr/rls-r-tracking-bug-tasks.html#s
<soren> There. Even better.
<soren> Gah, except it's too long.
<sarnold> you could probably trim the "Get involved: " text, it's in the url too
* soren changed the topic of #ubuntu-server to: Ubuntu Server discussion and support | For general (not server specific) support, try #ubuntu | IRC Guidelines: https://wiki.ubuntu.com/IrcGuidelines | https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Docs and resources: https://help.ubuntu.com/14.04/serverguide/ | Utopic (14.10) roadmap bugs, http://reports.qa.ubuntu.com/reports/rls-mgr/rls-r-tracking-bug-tasks.html#server
<soren> sarnold: Good idea. Done.
<soren> booyah
<soren> Only took 4 revisions.
<sarnold> not bad :) hehe
<qhartman> sarnold, heh, I have definitely been in frankenmess land with apache. At my last job I inherited one config that was over 3k lines (not including comments!) that was all in one massive file
<qhartman> Oh the tears, they were bitter
<qhartman> apparently it was something that had been getting rolled forward in this company since apache 1.x days
<sarnold> qhartman: yikes. the pain.
<qhartman> The one upside with that setup is there was one place to look to figure out what was wrong
<lordievader> Wow, 3k lines. Purge and rebuild?
<qhartman> lordievader, yeah, I ended up setting up a temporary box and migrated every site by hand over to it individually to recreate a sane config, and then copied the config back to the production box
<lordievader> That is what I like about Puppet, one place to configure all the servers/virtual-machines.
<qhartman> it took the better part of a week to tease all the pieces apart
<qhartman> yeah, this was back when your configuration configuration management choices were cfengine or SVN.
<jamespage> med_, seriously - bug 1320960
<jamespage> ?
<uvirtbot> Launchpad bug 1320960 in cloud-archive "Add Trusty Icehouse pkgs to UCA" [Undecided,New] https://launchpad.net/bugs/1320960
<med_> jamespage, several folks I work with expected that type of behavior to be the default....
 * med_ explained that was not the default
<jamespage> med_, hmmmm
<med_> jamespage, feel free to close with emphasis.
<jamespage> I'll think about it
<jamespage> we might be able todo something transparent
<med_> an empty repo might do the trick
<jamespage> so it works but is actually a no-op
<keithzg> Ouch, my btrfs drive appears to be so screwed that it's going "Check tree block failed, want=1266349326848, have=18350744064220987392" and refusing to mount. Guess I learn about fixing/recovering btrfs now . . .
<wam> kees: you got this i hope? https://btrfs.wiki.kernel.org/index.php/Problem_FAQ
<wam> keithzg_: even
<keithzg_> wam: Yeah, I'm pretty sure it isn't a "bug" per se though, the power in my building has been very wonky lately and apparently we can't afford more UPS' so although all the primary servers other folks use are on them, I don't have one for my testbed/personal one at the office, so it's been going down hard from time to time :(
<wam> keithzg_: have fun
<axisys> why would swap in use when 25G memory not in use?
<axisys> Mem:  32909200k total,  7345056k used, 25564144k free,   181956k buffers
<axisys> Swap:   499708k total,   290772k used,   208936k free,  2810712k cached
<axisys> should I change the swappiness to 0 ? currently it is 10
<axisys> and do a swapoff/swapon ?
<sarnold> axisys: it's probably not worth the effort
<axisys> xymon alerting 95% swap in use.. even though tons of free ram.. what do you recommend?
<axisys> sarnold: ^
<sarnold> axisys: it might add another four or five seconds to shutdown to 'swapoff' the thing. otherwise it is probably not going to influence much of anything.
<wam> axisys: always use swappiness 0. Nothing else is sane if you have memory. Linux will then first use most of the memory.
<axisys> wam: ok
<wam> axisys: and do a swapoff / swapon cycle after setting it. linux won't clean up otherwise.
<axisys> wam: just did that.. swap use is now 0
<wam> axisys: but you need to know - the used swap in your server is even cached, so not much penalty from it.
<wam> axisys: it's just that linux could just throw the cache away as soon as there's a bottleneck
<wam> axisys: and it's the bottleneck detection that might not be what you want.
<axisys> so I really should not generate alert when swap usage is over 95%
<wam> axisys: let's say 50% swap usage doesn't say much about your memory.
<axisys> since I did not see any slowness with 25 gig ram around
<wam> right, it's all cached.
<wam> it's just cold pages that could be thrown away immediately and that would not have to be written to disk first.
<[[lutchy]]> If you have 25GB of RAM
<wam> here, cold pages are not THAT cold. So swap always has to keep up. So we do swappiness=0. It's with occupied virtual machines.
<[[lutchy]]> With only ONE OS
<axisys> [[lutchy]]: I have 32G total
<[[lutchy]]> Turn of swap
<axisys> [[lutchy]]: yes
<wam> never turn off swap
<wam> you will have NO time to fix oom
<[[lutchy]]> Yes, Turn off swap
<wam> and oom is ALWAYS wrong. Per definition
<[[lutchy]]> The only you have to consider if you an programs that need more than 32GB
<[[lutchy]]> s/only/only issue/
<axisys> currently swap size is 512MB /dev/mapper/volg0-swap
<wam> even 2-4 GB swap is ok. The more the better. Because you earn TIME when oom is active.
<wam> except that a hard reset on every memory shortcoming is acceptable.
<[[lutchy]]> Swap is a safety net but if you have programs running out of memory --- Which will be indicated, then consider swap
<[[lutchy]]> Having Swap on, the Kernel have consider Swap while doing Memory management
<wam> It's all very complicated ;)
<sarnold> axisys: much better would be to alert on swap in and swap out traffic
<wam> correct ^^
<sarnold> axisys: check the 'vmstat 1' output, read the 'si' and 'so' columns
<wam> this will hurt i/o performance.
<sarnold> axisys: most of the time you shouldn't have any; a little is not too bad. a lot is bad.
<axisys> yep they are 0
<sarnold> axisys: I don't know any good way to alert on high values, but it is a more reliable indicator of trouble than a lot of other metrics
<[[lutchy]]> I really depends on what he/she is running
<axisys> he
<axisys> this system has tons of scripts running and backup client.. thats all
<[[lutchy]]> I can't see, one OS, with few functions having a lot of 'swap in' and swap out'
<axisys> nothing bad
<sarnold> still, if you're using much swap it's probably time to buy more memory :)
<[[lutchy]]> Unless there is a memory leak
<[[lutchy]]> sarnold, He/she says he has 32GB
<sarnold> (and by 'using swap' i don't mean your swap space is in use; I mean the 'si' and 'so' columns have much use)
<axisys> sarnold: no.. based on our metrics graph..only some app probably behaved bad for few minutes
<sarnold> [[lutchy]]: good thing he wasn't using much swap :)
<axisys> lot of rams
<sarnold> [[lutchy]]: it gets expensive to add another 32 or 64, hehe
<axisys> [[lutchy]]: he :-)
<[[lutchy]]> I have only 6GB on my server
<[[lutchy]]> Which is Windows, then Hyper V clients
<[[lutchy]]> I have two Hype V clients running .. I have -- mild swap (after a few Windows Updates)
<Havenstance> is there an apt-get solution for ntopng on 13.10?
<[[lutchy]]> Both are Ubuntu Servers
<axisys> understand we don't have any slowness.. so disabling alert about swap measure is probably best bet
<[[lutchy]]> Well, I think, you seem not to understand, I would say best bet is to have swap on
<sarnold> but there's probably no point in alerting anyone about high swap allocation
<dw1> Havenstance: do-release-upgrade :)
<[[lutchy]]> Then look how at 'Swap in' and 'Swap out' account to what what sarnold mentioned
<[[lutchy]]> right ...
<dw1> Havenstance: oh you have til July nm
<[[lutchy]]> That's probably the KERNEL on Heavy IO
<axisys> [[lutchy]]: swap is on
<Havenstance> dw1 just waiting for the newest release of zentyal to drop on  14.04 then i'll update it
<[[lutchy]]> Is your DISK slow ?
<dw1> Havenstance: https://raymii.org/s/tutorials/ntop-ng-installation-on-Ubuntu.html -- use checkinstall to create a package
<[[lutchy]]> 70MB is slow in a Server environment ... for me at least
<Havenstance> thanks man
<axisys> [[lutchy]]: how do I check if disk is slow? hdparm ?
<[[lutchy]]> Harddrive can be handicap.. I am not familiar with raid setup, which can improve read/write performance
<[[lutchy]]> Without OS Write Cache, my Hard Drive can only musta 9/MBs on write
<[[lutchy]]> With OS Cache, I get about 70MB write cache
<axisys> 157.65 MB/sec read
<[[lutchy]]> Looks like you have SSD drive
<[[lutchy]]> ?
<axisys> I dont think so.. how do I find out?
<axisys> HP DL360p
<axisys> smartctl does not say since behind raid controller
<[[lutchy]]> With 157.xxx, it's most likely SSD drive
<[[lutchy]]> Ubuntu has lshw
<axisys> running
<axisys>  *-disk:1
<axisys>                    description: SCSI Disk
<axisys>                    product: LOGICAL VOLUME
<axisys>                    vendor: HP
<fr36> hello
<axisys> [   36.786112] hpsa 0000:02:00.0: RAID              device c2b0t0l0 added.
<axisys> [   36.786319] scsi 2:0:0:0: RAID              HP       P420i            3.04 PQ: 0 ANSI: 5
<fr36> can anyone help me?
<wam> fr36: probably not
<fr36> why not? what is this channel for?
<RoyK> !ask | fr36
<ubottu> fr36: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<wam> fr36: for specific information or questions about ubuntu server somehow i guess
<RoyK> wam: better give him the bot than asking him implicitly to leave :P
<wam> I didn't want him to leave.
<RoyK> well, he didn't
<wam> RoyK: though you're right of course. Didn't know the bot
<wam> ubottu: hello
<fr36> I need to configure my ubuntu box to authenticate to an ActiveDirectory
<RoyK> fr36: login or samba or what?
<wam> fr36: the box or the users on the box?
<fr36> the users on the box
<fr36> my ubuntu box will be a client
<fr36> I thought I should be using kerberos
<RoyK> so users login to ubuntu and want their profile/homedir from a windows share?
<wam> fr36: http://www.lmgtfy.com/?q=ubuntu+user+login+active+directory
<wam> fr36: or is there anything specific?
<fr36> basically users need to authenticate to a AD domain to be able to use the mail server
<wam> fr36: mostly https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto
<wam> fr36: and yes, kerberos is good.
<fr36> my specific question is: how can I find the KDC server?
<fr36> is there a way to locate it?
<RoyK> fr36: it's the dc
<RoyK> fr36: the domain controller
<fr36> right
<RoyK> fr36: the domain controller(s)
<fr36> yes it is, but I have to know its name
<RoyK> fr36: ask the sysadmin
<RoyK> fr36: that's just a machine in the local network
<fr36> that's not an option, it's a big company
<fr36> however the KDC is the Key Distribution Center
<fr36> it's not the Domain Controller
<RoyK> fr36: it is
<fr36> RoyK: I need a way to locate it
<RoyK> fr36: it'll be a *very* large company to have a dedicated KDC
<fr36> RoyK: it is
<RoyK> how large?
<fr36> thousands of employees
<RoyK> dig -t srv _kerberos._udp.XXXXXX.com
<fr36> RoyK: thanks
<RoyK> didn't work here, though
<fr36> why not?
<Armadillos> RoyK: While it's possible the DC and KDC are on the same server, most companies will have that seperate.  Are you on a windows computer that is currently logged into the domain?
<fr36> Armadillos: I can get a hold of one
<fr36> what should I do?
<Armadillos> fr36: Go to that computer, and once your logged in, go to a command prompt.  Type in this command: echo %LOGONSERVER%
<Armadillos> That will give you a DC
<fr36> but not a KDC
 * wam learns
<fr36> I need a KDC to configure a kerberos client
<wam> I'd just use wireshark and see where traffic goes ;)
<Armadillos> KDC is a Key distribution system used to give out Windows Keys, not for Kerboros.
<RoyK> Armadillos: I'm not the one asking questions. I work for a college with some 20k students and 2k employees. We have DC and KDC on the same servers.
<Armadillos> RoyK: Yeah, sorry about that. :)
<fr36> Armadillos: https://help.ubuntu.com/community/Kerberos just says it needs
<Armadillos> fr36: So the KDS they're talking about in that article is usually handled by a DC.  It's part of the Domain Controller.
<fr36> I need to configure the Kerberos servers for my realm but I don't know their name
<wam> fr36: you haven't told us if the dc works or not for this purpose.
<Armadillos> fr36: Are you trying to build another Kerberos system, or trying to get the current server connected to an existing server?
<fr36> just trying to act as akerberos client
<Armadillos> Then the current DCs in place should be fine.  You just need to have that server "point" to one of the DCs.
<fr36> I just need to know what to write in the kdc and int hte admin_server properties of my realm
<Armadillos> fr36: Run that command on a windows box, and it will give you a name of a DC that can handle the KDC requests.
<fr36> should then put that name in the kdc line?
<wam> wtf
<Armadillos> fr36: You'll probably want to use the FQDN, but yes.
<fr36> Armadillos: thank you
<mikey85> http://irclogs.ubuntu.com/2014/05/20/%23ubuntu.txt
<mikey85> look at those logs
<mikey85> I was accused wrongly
<mikey85> press F3 and type in mikey85
<mikey85> You'll see
<mikey85> that's why I was banned from ubuntu
<mikey85> by ikonia
<mikey85> === andrex|on is now known as mikey85_
<mikey85> see that?
<mikey85> that was in the log
<mikey85> ikonia has bullied me time and time again
<Corey> mikey85: That's not topical here.
<mikey85> as well as weaseling her way out of dinner >:(
<mikey85> ahhh lol
<mikey85> i see lol
<mikey85> so she has no say in here? :D
<phillw> Hi good people, I'm following http://maas.ubuntu.com/docs1.5/install.html#pkg-install and it seems very badly broken (the ppa doesn't work, the mass-dhcp and mass-dns do not exist. Is there a working set of instructions for installing cloud onto a trusty server?
<sarnold> phillw: you may have better success in #maas
<phillw> sarnold: thanks :)
<sarnold> phillw: probably you can ignore the ppa advice..
<phillw> sarnold: that'd be fine, but the 'installer does not start... maybe a tasksel command, let me go see
<fridaynext> it looks like plex is no longer available to update via apt-get update / upgrade...
<fridaynext> anyone else had this issue?
#ubuntu-server 2014-05-21
<sarnold> BabyGodzillaIV: that's annoying. please turn it off.
<BabyGodzillaIV> ok.
<sarnold> thanks
<caribou> jamespage: btw, here is the MP for the nova-compute/nova-cloud-controller mods I did for authorized_keys/known_hosts :
<caribou> https://code.launchpad.net/~louis-bouchard/charms/precise/nova-compute/lp1313602-multiline-known-hosts/+merge/218440
<caribou> https://code.launchpad.net/~louis-bouchard/charms/precise/nova-cloud-controller/lp1313602-multiline-known-hosts/+merge/218442
<jamespage> caribou, I saw them in the queue
<jamespage> thanks
<jamespage> caribou, comments on your MP's
<caribou> jamespage: thanks for the MR review, will work on int
<jamespage> (make lint && make test always :-))
<caribou> s/int/it
<caribou> jamespage: yep, beginner's mistake, I always forget about the tests
<jamespage> caribou, its np :-)
<jamespage> caribou, I can't actually push until lint and tests pass :-)
<caribou> jamespage: normal
<owh> I've booted the 12.04.4 server amd64 image to install a server, which appears to have chosen a mirror which doesn't appear to be returning correct data. How do I change mirror, mid install?
<owh> Alternatively, how do I restart the install and select a more appropriate mirror?
<dasjoe> owh: I'd just reboot and select a better mirror
<owh> dasjoe: I cannot select a mirror during the install, unless there is a way that I'm not aware of?
<owh> Let me rephrase. I don't know how to select a mirror during install.
<dasjoe> owh: I have no ISO right now, but iirc you should be able to select "Expert Mode" at the boot screen, alternatively append "debconf/priority=medium" to the boot parameters
<owh> Doh, yes. That makes sense. Tah dasjoe.
<dasjoe> Oh, "priority=low" would be expert mode
<owh> dasjoe: I understand your intent ;-)
<dasjoe> owh: you can go back to non-expert mode after it asks you for which mirror it should use, the installer menu has an element like "set debconf priority"
<owh> During a text install?
<owh> s/text/automated text/
<owh> dasjoe: Or are you thinking about the debian installer?
<dasjoe> owh: I'm thinking about ubuntu's debian installer, the one that looks like this: https://4.bp.blogspot.com/-Cpt5BgXyR6U/UDyK8est5WI/AAAAAAAAJxs/tUyhQGXKKnw/s1600/ubuntu-alternate-cd.png
<owh> Ah, the alternate image, not the one I have here.
<owh> Meanwhile this looks like it's worked. More patience seemed to deal with the incorrect mirror responses. Not sure why, but I learnt something. Much appreciated dasjoe
<dasjoe> You're welcome :)
<owh> Those are the best, you get credit when you just turned up ;-)
 * owh just realised that the comment could be read as an insult. It wasn't!
<ChrisirhC> Can't find this anywhere. Is there a way to get two seperate harddrives to be seen as one?
<jamespage> ChrisirhC, RAID-0 them
<jamespage> ChrisirhC, but do bear in mind one exploded disk == all data lost
<ChrisirhC> Hm. I'll keep that in mind jamespage. thx
<Abhijit> hi
<Abhijit> i pointed my domainname to /var/www/html/mysite/wordpress but still from web browser it goes to /var/www/html only
<Abhijit> this is ubuntu 64 bit on aws
<Abhijit> i created A records with public ip for my domain
<Abhijit> how can i solve this issue?
<dasjoe> Abhijit: edit /etc/apache2/sites-enabled/000-default
<Abhijit> dasjoe, i already edited it. added virtual host entry where document root points to /var/www/html/mysite/wordpress
<Abhijit> but still my website opens at /var/www/html
<Abhijit> in my domain name settings i created a record which uses public ip of this aws instance
<Abhijit> dasjoe, i edited sites-enable and its reflecting in sites-available
<dasjoe> Abhijit: did you reload apache's configuration or restart it?
<Abhijit> yes
<Abhijit> i restarted apache
<Abhijit> dont know how to reload configuration thought
<Abhijit> dasjoe, if i start stop apache it work withougt any green ok message. but if i do restart it says red [fail]
<caribou> Does someone knows good reading references to python unit testing ?
<cfhowlett> caribou ask ##python
<caribou> cfhowlett: good idea, I should start to hang around there
<caribou> cfhowlett: thanks
<Pici> its #python, btw
<jhenke> I am with a problem regarding apache2 mod_ssl and protocl version support, I am a Ubuntu Server 14.04 running, no matter what I enter as SSLProtocol in my apache site configuration, apache always ignores it and just allows TLSv1 connections, I am trying to allow TLSv1, TLSv1.1 and TLSv1.2, but the latter two are never provided
<jhenke> even if you say "SSLProtocol TLSv1.2" only, the server just allows TLSv1 connections
<jhenke> I strictly followed the documentation of mod_sll here: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslprotocol
<jhenke> does anybody has an idea why it ignores the setting? apache does not output any warning
<lightair> hi! could anyone tell where is mysqld runnable located?
<lightair> nevermind
<tych0> hi smoser, i am stumped here: http://paste.ubuntu.com/7497413/
<tych0> what do i need to do to get gpg to look in the right directory?
<rharper> smoser: is linux-image-extra-virtual supposed to be installed in the cloud-images?  I'm testing out utopic images and it's missing virtio-scsi module, which is packaged, but in the extra deb, which isn't in the cloud-image by default
<hallyn> zul: pls to check bug 1321365  while you package new libvirt kthx
<uvirtbot> Launchpad bug 1321365 in libvirt "virsh (ppc) fails with "missing /proc/device-tree/cpu "" [High,Triaged] https://launchpad.net/bugs/1321365
<zul> hallyn:  argh
<hallyn> zul: too late?
<hallyn> if so i'll just do it after release, that's fine
<zul> hallyn:  nah :)
<hallyn> ok
<hallyn> feh.  i'm going to have to assign myself weekly (maybe bi-weekly) days for sru, maybe one per pkg.  sigh
<imdea> Hi i have an ubuntu server 14.04 box that has a NIC with 4 ports. When I do 'ifconfig' I see: p4p1, p4p2, p4p3 and a fourth one called "rename5" that I suppose it's the other port, but why isn't it named like the other ones?
<ndf> hi, is there any reason why my (13.10) login message/motd stuff sometimes does, sometimes doesnt, sometimes twice print out the canonical message and stuff unpredictably when I log in? is it something to do with the decision of whether to show system load details? and how is all this stuff controlled? It doesn't seem to have anything to do with motd... I want to remove it all and set my own motd/login scripts
<hallyn> jdstrand: thanks for the correction :)
<erictr1ck> i had nagios installed on an ubuntu 12.04 machine thorough the default ubuntu packages. now after removing nagios, i am getting the following apache error: "/etc/apache2/apache2.conf: Could not open configuration file /etc/apache2/conf.d/nagios3.conf: No such file or directory". i can start apache by simply creating a blank nagios3.conf file, but this doesnt seem like a proper fix. i cant find why or where apache is trying to acces that file.
<erictr1ck> any help is appreciated
<smb> rharper, It should be in the generic package, will fix it
<rharper> smb: ok, do you want a bug?
<smb> rharper, since that is devel release I think its ok without
<smb> I try to add those missing compared to T
<rharper> smb: awesome!
<rbasak> ndf: see the update-motd package. I guess you probably want to remove it.
<ndf> oh nice, ty
<ndf> =)
<rbasak> erictr1ck: try something like: "grep -r nagios3 /etc/apache2" to see what files in there might mention it.
<rbasak> erictr1ck: also: find /etc/apache2 -name \*nagios3\*
<rbasak> (for any files that mention nagios3 in the name)
<ndf> I guess I could just check out the scripts it sets up
<ndf> thanks anyway =)
<rbasak> np. Hopefully that's enough to dig through the issue. If there's a bug, patches appreciated!
<rbasak> update-motd - superceded by pam_motd in libpam-modules
 * rbasak wasn't aware of that.
<rbasak> /etc/update-motd.d/ seems like the mechanism still though
<ndf> yeah I just sused aptitude show to read the package details and it says it also uses /etc/profile.d
<ndf> *used
<erictr1ck> rbasak: i really dont know what happened. both commands returned nothing and apache was still looking for the nagios config file when starting. i removed the blank file i created, rebooted the machine, and now its fine :/
<erictr1ck> rbasak: of course, the commands did return the blank config file if it was there
<kirkland> rbasak: long, long ago
<vlad_starkov> Question: I'm about to install Asterisk 1.9.0 on Ubuntu Server 14.04 64bit. When I try "sudo ./contrib/scripts/install_prereq install" it throws conflict warnings like "gir1.2-atk-1.0 : Conflicts: gir1.2-atk-1.0:i386 but 2.10.0-2ubuntu2 is to be installed." and so on. Anyone has successfully done that on 14.04?
<[S^K]> Hello, I have a python application that uses urllib2 to retreive a HTTP response from a remote server URI. If I use curl on the URI the response is quick as expected. However, urllib from my python script hangs for 60 seconds before completing. The script does not hang on my ubuntu development machine. What configurations could be causing this to happen?
<lordievader> [S^K]: Resolver time out?
<[S^K]> lordievader: What is that?
<lordievader> [S^K]: cat /etc/resolv.conf
<lordievader> Dns servers to translate a url into an ip adress.
<fridaynext> anybody have suggestions for how to best cache my wordpress sites running on nginx + php5-fpm (without plugins)?
<zartoosh> hi we are using ubuntu 12.04.  We have installed ubuntu on two different partition, e.g.  /dev/sda1 and /dev/sda2. One partition is active all the time, i.e. /dev/sda1. In the field, If active partition is corrupted we have a PIC controller which will detect the failure and switch the boot partition to /dev/sda2. My question is how I can reinstall ubuntu on corrupted partition. This has to be automated, so it requires preseeding. I
<zartoosh>  was thinking of debbootstrap but it seems it does not support preseeding. Any help or suggestion greatly appreciated. thx
<fridaynext> I'm already using APC, and it's not fast enough for me.
<TheJhonny> Hey all,  will $usermod -a -G sudo username, give username sudo rights?
<vonsyd0w> TheJhonny, looks right to me
<vonsyd0w> -a appends and -G sudo will append sudo
<TheJhonny> I'm trying to add a user to list of sudoers.
<TheJhonny> It's not happening.
<vonsyd0w> what happens when you log in as the user and type "groups"
<vonsyd0w> do you see sudo?
<TheJhonny> nope just the username
<vonsyd0w> try useradd -G sudo
<vonsyd0w> try useradd -G sudo "username"
<vonsyd0w> you may need to log in and out as well
<TheJhonny> let me try that.
<TheJhonny> that did it.
<TheJhonny> logging in and out.
<vonsyd0w> nice
<TheJhonny> Thanks vonsyd0w!
<vonsyd0w> no problem
<TheJhonny> now I can use apt-get!
<vonsyd0w> or aptitude :)
<dasjoe> zartoosh: I'd look at debootstrap + chroot + dpkg --set-selections
<bob-libvirt> hi all. could use some help. did a precise to trusty upgrade, everything seemed to go smoothly, but my existing qemu+kvm installation and VM don't work anymore.
<bob-libvirt> when I do virsh -c qemu:///system, I get two errors
<bob-libvirt> error: failed to connect to the hypervisor
<bob-libvirt> error: no connection driver available for qemu:///system
<bob-libvirt> googled lots, of course, but this only seems to happen to people who compile their own libvirt with the wrong config
<bob-libvirt> I didn't compile a thing, just installed using apt-get. already tried a remove -> autoremove -> install again, but still no joy :(
<dasjoe> bob-libvirt: The message tells you "libvirtd is not running or I can't speak to it". Do you have the required packages installed?
<dasjoe> bob-libvirt: i.e. (at least) libvirt-bin and qemu-kvm
<bob-libvirt> dasjoe: I have installed qemu-kvm, libvirt-bin, ubuntu-vm-builder and bridge-utils
<bob-libvirt> tried removing and intalling these packages again, too
<dasjoe> bob-libvirt: Anything suspicious in /var/log/libvirt/libvirtd.log?
<bob-libvirt> errors and warnings
<bob-libvirt> error : virExecWithHook:327 : Cannot find 'pm-is-supported' in path: No such file or directory
<bob-libvirt> warning : qemuCapsInit:856 : Failed to get host power management capabilities
<bob-libvirt> error : virExecWithHook:327 : Cannot find 'pm-is-supported' in path: No such file or directory
<bob-libvirt> warning : lxcCapsInit:77 : Failed to get host power management capabilities
<bob-libvirt> error : virExecWithHook:327 : Cannot find 'pm-is-supported' in path: No such file or directory
<bob-libvirt> warning : umlCapsInit:87 : Failed to get host power management capabilities
<bob-libvirt> info : libvirt version: 0.9.8
<bob-libvirt> error : qemuMonitorIO:603 : internal error End of file from monitor
<vonsyd0w> use paste bin!
<bob-libvirt> sorry
<bob-libvirt> new at this
<vonsyd0w> no worries, are we sure libvirt is running?
<vonsyd0w> the service?
<bob-libvirt> did a ps aux | grep libvirtd
<bob-libvirt> root      1863  0.0  0.1 612912  9696 ?        Sl   May20   0:00 /usr/sbin/libvirtd -d
<bob-libvirt> ^ that's a yes I think?
<vonsyd0w> looks right
<vonsyd0w> thats what it is on my kvm host
<vonsyd0w> your user is still a member of libvirtd as well?
<bob-libvirt> yeah, kvm too
<vonsyd0w> im just throwing stuff out there, im not entirely sure what the issue is. What about the kvm module, is that loaded?
<bob-libvirt> how do I check?
<vonsyd0w> lsmod | grep kvm
<bob-libvirt> kvm_intel             143060  0
<bob-libvirt> kvm                   451511  1 kvm_intel
<vonsyd0w> thats correct as well
<bob-libvirt> weird, right?
<vonsyd0w> yea, did you backup before upgrading? :) i hope it wasn't production. You get the same error when you just type "virsh"?
<bob-libvirt> didn't backup, data's on another disk and it isn't production, just my personal 'learn Linux'-server :)
<bob-libvirt> I'll nuke and start over if necessary, just don't get what's going wrong here
<bob-libvirt> virsh gives a 'Welcome to virsh...' text
<vonsyd0w> when i type virsh and "virsh -c qemu:///system" i get the same thing
<vonsyd0w> the welcome text
<vonsyd0w> at the virsh prompt, type list and see if you see your domains (VMs)
<bob-libvirt> ok, so if virsh -c qemu:///system doesn't work, but virsh does, what could that mean?
<bob-libvirt> error: failed to connect to the hypervisor
<bob-libvirt> error: no valid connection
<bob-libvirt> error: no connection driver available for qemu:///system
<bob-libvirt> error: Failed to reconnect to the hypervisor
<vonsyd0w> thats what you get when you type list?
<bob-libvirt> yeah
<bob-libvirt> at virsh# prompt
<vonsyd0w> hmm, im not sure. you mind sharing your libvirtd.log file? maybe the last 50-100 lines?
<vonsyd0w> if you have pastebinit installed, you can type tail -n 50 $LOGFILE | pastebinit
<vonsyd0w> it'll spit out a pastebin url to share with us
<vonsyd0w> you can also try the libvirt channel: http://libvirt.org/contact.html#irc
<vonsyd0w> They'll be able to answer your question alot faster than me. I'm just a curious helper
<bob-libvirt> http://paste.ubuntu.com/7498881/
<vonsyd0w> yea, i'm at a loss, i dont know enough about libvirtd to be too helpful. give #virt channel a try
<vonsyd0w> those failed to load module look like the root of the issue
<bob-libvirt> ok, thanks for taking a look
<bob-libvirt> I'll ask the libvirt guys/gals
<qhartman> I had an "aptitude install" of openjdk-6 get interrupted, and I'd like to be sure that it, and all it's dependencies are installed correctly.
<qhartman> Is there an additional flag I can pass to the reinstall option to do all the deps too?
<qhartman> If not, is there another tool that can achieve this?
<rberg_> 'apt-get -f install' should fix any broken deps I would think
<qhartman> rberg_, cool, I'll give that a shot, thx
<zartoosh> dasjoe; thanks for response could this be scripted ? thx
<xperia> Hi All. I have a small Problem with Apache Proxying Website request and data to NodeJS listening on Port 8081. This is my Apache Config file here. http://pastebin.com/FVFc3QhH
<xperia> I am able to see the NodeJS website when i call it with the Browser however if i want to login and do a second Request Apache just hangs.
<xperia> Can anybody tell me what is needed to fix my Apache Config so i am able to show NodeJS website running on different ports whenever a User call the Website Domain over port 80 without any problem?
<ahmadgbg> Hi, im going to buy 4x4TB hard drives for storage. My question is, should i buy a raid controller for raid 6 or should i use software raid?
<Seveas> raid controller with battery-backed write cache
<sarnold> ahmadgbg: i'd prefer software, whether you use mdadm or zfs (an out-of-tree module) or btrfs (still called experimental by the authors)
<ahmadgbg> sarnold, i have heard of zfs, will it do the job?
<ahmadgbg> i will save like $600-700
<sarnold> ahmadgbg: many people use zfs on linux happily; though I'd strongly recommend reading everything about it before using it, some common and easy mistakes may mean "buy more hard drives"  :)
<sarnold> ahmadgbg: using zfs for your root filesystem still looks pretty complicated on linux, I wouldn't do that.
<sarnold> (people do, but it's complicated.)
<ahmadgbg> sarnold, im planing using a ssd for linux and then raid 4x4TB for storage. I may use a hard drive for raid 1 on the ssd. Will this work to use differend raid on differend hdd
#ubuntu-server 2014-05-22
<Azelphur> hey folks, I'm playing with the skeleton init script (/etc/init.d/skeleton) in the stop function, it seems to call start_stop_daemon --stop twice, the second one seems to hang for me, why?
<HarryMudd> i'm using 12.04 on a VPS and i am allocated 16 ipv6 addresses but even though they are all present in /etc/network/interfaces ipv6 doesn't work
<HarryMudd> i try to ping6 ipv6.google.com for exaple and i get network unavailable
<HarryMudd> the gateway is also in /etc/network/interfaces
<HarryMudd> ipv4 is working just fine
<andol> HarryMudd: Assuming you have the correct info in /etc/network/interfaces it sounds like something you will want to check with support@your-vps-provider.
<andol> HarryMudd: Unless you feel like sharing your /etc/network/interfaces, letting us check for any obvious errors.
<andol> HarryMudd: I guess a paste of "ip -6 addr show" as awell as "route -6" might be helpful too.
<rbasak> jamespage: do we need a mysql family blueprint?
<jamespage> rbasak, gaughen already created one
<rbasak> I don't see it
<jamespage> rbasak, also I'm catching up with the percona guys tomorrow - are you around?
<rbasak> Yes
<jamespage> rbasak, servercloud-u-database
<rbasak> Ah, thanks
<jamespage> rbasak, also how is your curtin?
<jamespage> rbasak, doing the serverstack redeploy today and want to configure a secondary block device during install for use later on
<rbasak> I only know the high level architecture of curtin
<caribou> jamespage: I'm looking at the unit tests for nova-cloud-controller following your MP comments
<caribou> jamespage: I fixed part of it and in the process I'm seeing that part of my modifications are not covered by the current tests
<caribou> jamespage: should I add more tests so they get covered or separate that into another bug ?
<grr911> yo
<grr911> i need to went
<grr911> wtf is plymouth good for on a server ?
<grr911> and how do i get intels framebuffer driver loaded in a nice way ?
<verdeP> if ya gotta get anywhere, the smooth way
<grr911> my TOy server has intel igp and it goes completely apeshizzles without it it seems
<grr911> correction , what is plymouth good for on any linux box ?
<verdeP> idk
<DarkStar1> morning all. I am trying to set the local root for a particular user and followed this : http://unix.stackexchange.com/questions/177/how-do-i-set-the-default-ftp-root-folder-for-an-ubuntu-user-connecting-to-vsftpd . I restarted the daemon but when I login I still get directed to the userâs home i.e. /home/<username>
<DarkStar1> so I set the user_config_dir to /srv/ftp and then in the /srv/ftp directory I created a file named after the user and put the local_root = /path/to/right_directory
<DarkStar1> then changed the owership of both the file and directory to root:ftp
<pmatulis_> morning
<DarkStar1> morning
<cocoa117> how do you make public_key authendication possible when you going through hoops of machines. E.g. server1 should only use firewall's public key to login, even when user connect it through hoops of firewall
<cocoa117> at the moment, it seems the ssh always asking for local machine's private key to authedicates
<rbasak> cocoa117: it's pretty common to have a bastion host setup, where all other machines use a ssh_config with "ProxyCommand=ssh -W other_host:22 foo@bastion" type arrangement.
<rbasak> cocoa117: also, look into ssh agent forwarding, if that's what you want.
<pp20> Hello all. Does anyone have experience with OpenFire? I havent used it in a few years and wondered if it had been superceded by something else before I start working on it again, i.e. dont want to waste my time with OF if there is an equivalant that is better or if OF isnt supported anymore.
<Catdaemon> pp20: I'm currently using it for a project and all I know is it's absolutely awful
<Catdaemon> the BOSH implementation is anyway
<Catdaemon> I'm migrating to ejabberd
<pp20> Catdaemon: "absolutley awful"?... really? how so? The last setup I had was it installed on ubuntu server, managed via a browser and all clients on the network using Spark.
<Catdaemon> the BOSH implementation will randomly stop accepting connections
<pp20> Catdaemon: seemed to run quick, nice OF interface when administering it, clients where Spark so looked ok I guess. could create groups as well which was good for different department.
<Catdaemon> only thing I've changed is I've added a custom authentication query
<Catdaemon> if you're just using the stock interface it's probably fine but the moment you customise it it becomes a nightmare
<pp20> Catdaeomon: sorry, was is the BOSH implementation? is that a client like Spark?
<Catdaemon> BOSH is how you talk to it via HTTP
<Catdaemon> for web-based clients
<pp20> Catdaemon: Oh, ok.
<pp20> Catdaemon: the only way i found out about OF is having watched this ages ago: https://www.youtube.com/watch?v=ytUB5qJm5HE
<pp20> Catdaemon: dont know of that helps
<Catdaemon> I chose it because it looked easiest to integrate, which is true, but it has stability issues
<Catdaemon> ejabberd looks like the only other real option
<Pupeno> Is there a way to specify resolv.conf domain when configuring it through resolvconf from /etc/network/interfaces?
<pp20> Catdaemon: He uses CentOS. oh ok. will have a butchers at ejabberd see what its all about. thanks!
<Catdaemon> if you're not comfortable editing really weird files run away now :p
<Macer> do people still use jabber?
<Macer> too bad it didn't pan out like it should have
<Macer> one IM to rule them all
<Catdaemon> I'm using it for web based IM, not really for its "true purpose"
<Macer> lol
<Macer> an integrated "groupware" chatting? heh
 * Macer remembers when zimbra had awesome potential until they started removing features
<pp20> I guess most people just stick with Skype or whatever googles version is for IM then?
<Catdaemon> google uses xmpp
<pp20> I installed and used this in 2009 just for certain internal staff to use. thought it could have been fully rolled out but never got around to it and then skype seemed to take over the world, well, thats all our clients ever wanted to use.
<Macer> Catdaemon: i figure they'll get rid of it soon once they get their whatsapp working
<Macer> facebook still uses xmpp too
<Macer> i'm sorry. i meant that other thing google uses
<Macer> facebook is whatsapp
<Catdaemon> whatsapp also uses xmpp lel
<Macer> but they all look like they're trying to stray towards proprietary IM protocols
<Macer> oh does it?
<Macer> honestly didn't know that. figured it was its own
<Catdaemon> the technology is very much alive but not for what it was originally supposed to do
<Macer> i think google may have closed its s2s access tho
<pp20> Mace: something else always seems to come along thats for sure. I recently create an appear.in account which so far is much better than skype or google with regards to video quality conferencing. I guess with any video though it depends on the weakest link
<Catdaemon> the video quality isn't due to technical constraints, it's due to cost
<Macer> yeah well. the sad part is the whole world doesn't jump on the same boat ;)
<Macer> and these companies don't want to share ecosystems
<Catdaemon> they only won't share because the market likes ecosystems
<Macer> heh. yeah seems so. but i mean .. cmon. IM should be universal across the board ;)
<Macer> that was supposed to be the whole point of xmpp/jabber but of course it didn't pan out
<Macer> i should try zimbra again inside a container
<Macer> it's been a long while, maybe it has improved. last i remember they were just removing the features that didn't work instead of fixing them
<pp20> Catdaemon: Macer: appriciate the feedback guys! gotta go, might be back later.
<DamienCassou> hi
<DamienCassou> when installing a package from a PPA, I get a dpkg error (code 1) and no further information
 * ogra_ is pretty sure you get more than just an error code
<DamienCassou> http://pastebin.com/Z4LE1RyH
<DamienCassou> ogra_: this is what I manually copy/pasted from the virtual box VM
<ogra_> so it failed during unpack ...
<DamienCassou> ogra_: what can I do?
<bieb> Is there a list somewhere of the differences between 14.04 lts desktop and server? or is it just the server has less "programs" and no gui by default install?
<pp20> bieb: i think... no gui by default and additional options at setup to install LAMP etc
<bieb> pp20: Thanks.. that's what I thought
<bieb> pp20: but gui can be added during install? or need to apt-get after?
<Armadillos> bieb: Usually you'll have to apt-get it after for a server install.
<Armadillos> bieb: It also installs the "server" kernel, which is just a bit different then the desktop one.
<bieb> Armadillos: bit different ... how?
<Armadillos> bieb: That... I'm not too sure off the top of my head... :P
<rberg_> thats not true anymore https://help.ubuntu.com/community/ServerFaq#What.27s_the_difference_between_the_kernels_linux-image-server_and_linux-image-generic.3F_What_architecture_is_linux-image-server.3F_Which_one_should_I_use.3F
<bieb> Armadillos: no prob.. just figured I would ask
<Armadillos> rberg_: Ahh, good to know.
<bieb> rberg_: thanks for that link
<rberg_> np!
<brianblaze420> anyone have any input they can help me with. I want to host a website. I would love to do it from home. Why would you or wouldn't you recommend doing this and what would u recoomend?
<Armadillos> brianblaze420: What do you plan on running on the site, and how much traffic do you think you'll get?
<brianblaze420> its brand new so really none haha
<brianblaze420> and that's the thing for now i know i can handle the traffic
<brianblaze420> so that's why i am thinking about it
<brianblaze420> plus it seems that for the 100 bucks a month it costs to get a dedicated server, if i spend an extra 100 on my ISP i can have more traffic
<brianblaze420> i guess i am wondering if people host their sites from home as well?
<Armadillos> brianblaze420: Do keep in mind that a dedicated server is running in a data center that has redundant power, network, etc.  If you run it at home, and your internet connection goes down, so does your site.
<brianblaze420> i know but like i said i am not expecting crazy traffic right but u r right
<Armadillos> brianblaze420: A lot of people do, but nothing that's "mission critical" or business.  If it's just for a personal site or something like that, then yeah, host it at home.
<brianblaze420> it's the start of my business
<brianblaze420> like in baby steps one of the first haha
<Armadillos> brianblaze420: Also keep in mind that some ISPs can block your site, as they may have something in their contract saying you can't host a server at your home.
<brianblaze420> no for sure i would talk to my isp and get an enterprise contract instead of my residential
<Armadillos> brianblaze420: I would never recommend hosting a business site from the home.
<brianblaze420> u r not the first to say so
<brianblaze420> so i think i must do the right thing lol
<Armadillos> Find a company out there that will host your site, and run it from there.
<pp20> brianblaze40: If you are just testing a site i.e. you want to figure out how to do such a thing, great, go ahead, but if you are having to ask this qauestion AND its for a business I wouldnt attempt it.
<brianblaze420> when i say business it's like selling lemonade lol it's not big
<brianblaze420> and so i hate even saying that
<brianblaze420> but i want it to be one day
<pp20> Im not the type of person to just say "if you dont know it, leave it alone" im just saying if this is for your business then it is highly recommended to have this hosted, for the reasons others have said, traffic, redundancy, hacking etc
<brianblaze420> so i should start thinking about it now is what u r saying :)
<brianblaze420> do u guys think it makes a difference if i go to a local data centre or just check for any online?
<pp20> brianblaze: for testing, playing around, trying to understand how these things work, go ahead and try but there are too many technical reasons to not do this if you dont know what you are doing.
<brianblaze420> i am good to host a site and i am good with servers i am passed learning that stuff I am just really trying to figure out the downsides of hosting from home and when it comes down to it if i ever was hacked i don't want anyone on my home network
<brianblaze420> but i could even stop that from happening
<brianblaze420> but there are lots of good reasons to use a data centre
<brianblaze420> and not many to do it from home
<brianblaze420> so i am not going to fight it lol
<brianblaze420> thanks a lot guys this topic has really got me thinking
<pp20> if you know what you are doing im not sure why youve asked the question? (im not being rude by the way :) ) you need to check with your ISP for a start, too much traffic could result in them blocking your ip. is it really lemonade?
<brianblaze420> i ask because this would be the first real site i would put from my house that could actually get visitors lol
<brianblaze420> i wouldn't expect many but i wouldn't want it to suck for a visitor to come
<brianblaze420> lol
<pp20> brianblaze420: fair enough, either way, good luck! hope you do well but for this instance id go with hosted, it would be less of a headache (easier and faster too), good luck dude! :)
<brianblaze420> thanks a lot
<brianblaze420> i really appreciate it
<lordievader> Good evening.
<pmatulis_> evening
<lordievader> Hey pmatulis_, how are you?
<pmatulis_> not too bad lordievader , gonna rain here and then hockey tonight
<lordievader> It just stopped raining here. Wish it would continue, then it would cool down a bit.
<morph-> anyone know if there is a free alternative to linxacademy.com
<mdeslaur> hallyn: thanks for testing the qemu-kvm package...seems we keep colliding :P
<hallyn> mdeslaur: yeah, i guess they worked around it in their own pkg so maybe don't care about the qemu fix, but then why mark it as affecting qemu...
<hallyn> (they haven't responded to anything i've said)
<sudormrf> hey guys.  I am looking to generate a key with dnssec-keygen that is going to be the primary dhcp and dns server on a lan.  I am looking at using hmac-md5, but it looks like I cannot use the ZONE flag for the name.  If I use the HOST flag, will there be issues?  I looked at the MAN pages and it doesn't really go in depth about the difference and/or why you cannot use ZONE with hmac-md5 (not strong enough?), just wondering if
<sudormrf>  HOST is ok.
<fivetwentysix> My server that hosts novafist.com canât receive email externally :(
<fivetwentysix> Are my mx records okay?
<sudormrf> http://www.cyberciti.biz/faq/unix-linux-bind-named-configuring-tsig/
<sudormrf> that answered my question
<guntbert> fivetwentysix: try yourself with   telnet 198.199.110.182 smtp      does it respond?  you can  terminate the session with    quit
<fivetwentysix> guntbert well i use port 587
<fivetwentysix> ostfix responds
<fivetwentysix> but when i send emails to my domain from gmail for example
<fivetwentysix> the emails dont appear in my mailbox
<fivetwentysix> but when sent locally it works
<guntbert> fivetwentysix: in that case try a full delivery - you need to talk smtp with postfix
<fivetwentysix> guntbert: how?
<guntbert> fivetwentysix: well ... thats easier for me to do than to tell you - if you want I can give it a test
<qman__> fivetwentysix: gmail and other internet providers will connect to you on 25, not 587
<guntbert> qman__: good point!
<sarnold> and your port 25 just stalls; it would be better to configure your firewall to REJECT those packets than DROP them
<qman__> fivetwentysix: most non-business ISPs block incoming 25, with no recourse, to prevent spam
<fivetwentysix> oh
<fivetwentysix> should i open 25 as well?
<qman__> You must to receive internet mail
<qman__> You also need mx records pointing at your server
<sarnold> mx records look good
<guntbert> fivetwentysix: on another line: do you have experience in configuring a mail server? if not you should not run one that is open to the internet
<fivetwentysix> that did the trick :)
<fivetwentysix> thanks qman__
<qman__> fivetwentysix: in order to avoid getting on spam lists, you need to make sure your configuration is secure, and I highly recomend a spam filter
<qman__> I've had success with Scrollout F1
<fivetwentysix> qman__: how do i know if my configuration is secure?
<qman__> fivetwentysix: that's where the experience comes in, internet email is a big deal
<sarnold> time was there was a very nice mail testing tool, you'd telnet to it and it would test the machine you telnetted from :)
<guntbert> fivetwentysix: why do you need a public mail server at all?
<fivetwentysix> guntbert: not sure where else to host it
<fivetwentysix> and i dont wanna pay for extra cloud services like gmail or whatever
<guntbert> fivetwentysix: well I use zohomail
<qman__> Well, some basics, make sure you only accept mail for your own domain, you don't allow unauthenticated relay, your passwords are secure, and set up spf
<qman__> And a good bidirectional spam filter for insurance
<fivetwentysix> qman__: smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination okay?
<qman__> As long as mynetworks is set correctly (nothing on the internet)
<fivetwentysix> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
<qman__> That's good, you should be ok on the relay front
<fivetwentysix> Thanks for your help qman__
<ahmadgbg> Hi guys, what is the best and simplest solution for server backup?? NAS or should i build a computer? NAS are very expensive for like 8 slots. What do you recommend?
<qman__> ahmadgbg: backups are a very complex subject, and you need to take into consideration what your specific needs are, related to cost, availability, speed, reliability, size, etc
<ahmadgbg> qman_: i need atleast 16TB with raid 5
<ahmadgbg> a qnap 8 bay is like $1200
<qman__> ahmadgbg: with standard quality drives, raid 5 offers no protection beyond about 8tb
<ahmadgbg> qman_: you mean because of the rebuild time?
<qman__> No, because of the unrecoverable error rate
<ahmadgbg> qman_; okey.. so what should i run instead?
<qman__> With a URE of 10^14, you are expected to run into one long before you hit 16tb
<qman__> You would need drives with a URE of 10^15 or better, or use raid10, or raid6
<qman__> Be warned, raid6 is very slow
<ahmadgbg> qman_: how can i use raid 10 with many drives, isnt it only for 2?
<qman__> Based on personal experience with all three, I would use raid10
<qman__> No
<qman__> Raid10 is with any even number of disks
<ahmadgbg> But it wont work like raid 6
<qman__> 50% capacity hit across the board, for the redundancy
<ahmadgbg> right
<ahmadgbg> I will have many differend raids for each pair?
<qman__> No, it stripes across mirrored pairs
<ahmadgbg> but i lose more space than raid 6
<qman__> With 8 disks in raid 10, you will have 4 disks worth of capacity, you can lose any one disk, and up to 4 if you get lucky on which disks they are
<ahmadgbg> hmm.. i need space.. its a storage server
<qman__> Raid 6 would give you 6 disks of capacity, but it would be very, very sloe, and only offer 1 disk of protection with standard URE 10^14 disks
<ahmadgbg> my plan was to have a 5x4tb in raid 5 for the server and 4x4tb in the nas
<qman__> And your rebuild time would be like 3 weekss
<ahmadgbg> Is the read and write speed slow or just the rebuild
<qman__> all, read is fastest but still not that fast
<qman__> Write is really slow
<ahmadgbg> so im kinda screwed :P
<qman__> I had a 11 disk raid 6 of 1tb sata disks, write speeds peaked around 35MB/s
<qman__> Reads could hit 70 or 80
<ahmadgbg> The problem is that the hard drives are so expensive. Im going with Seagate Constellation ES 4TB which costs around $380... Should i go with WB red? they are like half the price
<qman__> I replaced it with a 20-disk raid10
<qman__> Those disks should be URE 10^15, so you could use raid 5
<qman__> But I would not put more than 4 disks per raid set
<qman__> 8 bay, 2 raid 5s
<qman__> If you use red drives, stick with raid 10
<qman__> I have had good results with red drives in raid 10
<ahmadgbg> i have only 8 slots for the drives
<ahmadgbg> what should i do D:
<ahmadgbg> :D
<qman__> Unfortunately 8 is a bad number for parity raid
<qman__> I would do raid 10
<qman__> If you had 9, you could do two raid 5s with one hot spare
<ahmadgbg> should i go 4x4tb on server with raid 5 and for the NAS 4x4tb raid 5?
<qman__> As long as you use the good drives that should be ok
<ahmadgbg> Seagate or WD?
<qman__> And make sure you implement SMART monitoring
<qman__> I personally do not buy seagates anymore, too many failures
<qman__> The WD equivalent is the RE4
<ahmadgbg> even the enterprise?
<ahmadgbg> so going Seagate on the server and WD red on the nas, what do you think about that
<qman__> That's a good strategy
<qman__> But wd red is not 10^15
<qman__> Only RE4s are
<qman__> Or RE3, last gen
<ahmadgbg> RE4 are actually cheaper than seagate
<ahmadgbg> should i go RE4 on all
<qman__> I would, or if you want to spread your risk, 4 of each
<ahmadgbg> i want to save money :D
<qman__> Lots of people use seagates, I just have better luck with WD
<hallyn> jdstrand: gah.  i still have NOT reproduced your particular qcow2 corruption problem.  i suppose i should focus on the one i did get a few days ago, as that seemed easy to reproduce
<ahmadgbg> qman_ how about WD SE
<qman__> Not sure, I tried to open the spec sheet and my browser crashed
<qman__> Check the unrecoverable read error rate, 10^15 or larger is ok for raid 5 at your sizes
<qman__> 10^14 is not good enough
<ahmadgbg> qman_: its says: <10 in 10^15
<qman__> Sure? Should be 1 in X
<qman__> 10 in 10^15 is the same as 1 in 10^14
<ahmadgbg> http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-771475.pdf
<ahmadgbg> the RE are: <10 in 10^16
<qman__> That's a pretty underhanded advertising tactic
<ahmadgbg> ye :P
<qman__> But yeah, the se would not be good enough
<qman__> For raid 5
<rberg_> and honestly raid6 might be fast enough for backups depending on how many users and how much data
<ahmadgbg> Okey! Thanks for the help Qman :D
<devslash> will Ubuntu Server work if  I install it on a PC and move the hard drive to a different server with different hardware
<Patrickdk> devslash, depends on your definition of work
<sarnold> devslash: "probably"
#ubuntu-server 2014-05-23
<adam_g> smoser, around?
<jdstrand> hallyn: hrm.. both sarnold and I are now pinned on the saucy version
<jdstrand> but I'd be happy to try a new version
<lordievader> Good morning.
<sarnold> jdstrand: did you notice mdes laur posted qemu updates to the security proposed ppa? I wondered if we were tripping over something that might have been fixed in the giant block level auditing...
<jdstrand> sarnold: I say the call for testing. I did not do it yet. I hadn't considered that it would fix our issues because I figured the fixes were likely in 2.0, but if mdes laur patched trusty too, probably worth trying
<jdstrand> s/say/saw/
<sarnold> jdstrand: aww. I hadn't considered that they might not have affected trusty. now I'm dissapointed.
<jamespage> gnuoy, https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1322498
<uvirtbot> Launchpad bug 1322498 in ceph "Unable to set swift container ACL's on existing containers" [High,Triaged]
<jamespage> building here - https://launchpad.net/~ceph-ubuntu/+archive/edgers/+build/6034662
<gnuoy> jamespage, thanks
<cocoa117> when you using ProxyCommand to jump through hoops, you have to have authendication to those hoops machine on your local machine (public key wise), otherwise you can't get on to next one. Is there anyway to allow the machine connect to it authendicate this rather then the local machine initialised the connection?
<hxm> hello
<lordievader> o/
<morph-> could anyone here help me with my ubuntu server? i ended up somehow installing a bunch of kernel images and headers and now i'm stuck booting into this one particular kernel. I just want to revert back to my old one but its a remote server so I can't actuallly see grub when it comes up
<mardraum> morph-: you have a remote server without any management out-of-band that can't boot?
<morph-> i can go into rescue mode or something
<morph-> but I can't KVM or anything to actually mess with it while ist booting
<mardraum> how are you able to get it into "rescue" mode
<morph-> go into OVH manager
<morph-> select rescue
<oro> hi all, anyone has a workaround for trusty's network device reanming bug? (https://bugs.launchpad.net/ubuntu/+source/biosdevname/+bug/1284043)
<morph-> from netboot
<uvirtbot> Launchpad bug 1284043 in biosdevname "udev renaming the same hardware network i/f to different name, breaks networking and firewall" [High,Confirmed]
<morph-> then reboot the server
<morph-> its a server from ovh.ie
<oro> i am aware of udev's "predictable device naming" feature, but it's not predictable at all.
<mardraum> do they offer documentation about what that rescue mode does?
<morph-> yea
<morph-> 1 sec
<mardraum> I don't want a link, I want to know if you have read it :p
<morph-> mardraum http://help.ovh.com/RescueMode
<morph-> ive used it plenty of times
<morph-> i dunno how to fix this
<morph-> trust me i didnt coem in here and ask first
<mardraum> if you can get access to the shell of your machine, can you remove the problem kernel packages?
<morph-> yeah im ssh'd in my server right now
<morph-> it works
<morph-> its just this kernel keeps lagging me out
<morph-> but i dunno how to undo all of this
<oro> i have already put 80-net-name-slot.rules and 80-net-setup-link.rules and deleted, had it auto-recreated, and also edited 70-net-persistence-rules but it still unpredictable. sometimes my devs renamed to "rename5"
<mardraum> remove the kernel packages
<mardraum> leave the ones that WORKED
<morph-> mardraum http://pastebin.com/w9yNncTr
<morph-> thats from grub-mkconfig
<mardraum> ok?
<morph-> Ubuntu, with Linux 3.8.0-41-generic
<morph-> is the one i want
<morph-> do i just like
<mardraum> remove the others
<morph-> go into /boot
<morph-> and remove all this stuff?
<mardraum> well, I would use apt-get
<mardraum> you have used it before right?
<mardraum> how did you install these kernels....
<morph-> some with apt-get
<morph-> some with dpkg
<mardraum> that's ok then
<morph-> i have no idea what the file names were though
<morph-> they're not like /boot/initrd.img-3.13.5-vanilla
<morph-> linux-image-3.13.5-vanilla?
<morph-> is taht the format maybe?
<mardraum> dpkg --list
<morph-> yay
<morph-> okay one more thing
<morph-> i know when it gets down to it i wont be able to remove this kernel im booted into
<morph-> it'll throw an error telling me i can corrupt everything blah blah
<morph-> how do i get past that?
<mardraum> I've not seen that sorry
<morph-> mardraum http://puu.sh/8XEQu/6920cfaa56.png
<morph-> marcoceppi
<morph-> mardraum
<morph-> I got it :)
<morph-> thanks a ton mardraum
<jamespage> zul, https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1322568
<uvirtbot> Launchpad bug 1322568 in libvirt "nova interface-attach fails" [Undecided,New]
<jamespage> :-)
<jamespage> zul, not quite sure why I did not see that pre-release
<jamespage> I'm pretty sure tempest does lots of those
<caribou> gnuoy: just following up to your answser in #juju as it pertains to the nova-cloud-controller charm
<gnuoy> caribou, hi, I'm in an upgrade-charm debug session for nova-cloud-controller as I type
<caribou> gnuoy: in the compute_changed() function I just printed the migration_auth that comes from "relation_get('migration_auth_type')
<caribou> gnuoy: when running "juju upgrade-charm", it prints None as the value; I must be missing something
<gnuoy> caribou, you need to give it the relid and unit id
<gnuoy> hang on, I'll paste bin
<caribou> gnuoy: that's what I thought; I got misled by the fact that compute_changed doesn't ask for one; I can change that
<gnuoy> kk
<caribou> gnuoy: you can still paste what you have, it'll help me
<gnuoy> sure, one sec
<gnuoy> caribou, sorry, I lost connectivity for a bit there. http://paste.ubuntu.com/7505148/
<caribou> gnuoy: np
<gnuoy> caribou, Iwhen I run that I'm only getting the private address of the compute host so I guess the compute host is not setting anything when the relation is joined
 * gnuoy checks
<gnuoy> caribou, do you have enable-live-migration enabled ?
<gnuoy> 'migration_auth_type' is not set by the compute node if enable-live-migration is not True
<caribou> gnuoy: well, my config file does set it
<caribou> gnuoy: maybe I should explain what I try to achieve instead
<gnuoy> sure
<caribou> gnuoy: I've fixed nova-cloud-controller & nova-compute to transfer authorized_keys/known_hosts files in multi-lines
<caribou> gnuoy: I'll get you the Merge Reqs:
<caribou> gnuoy: https://bugs.launchpad.net/+branch/~louis-bouchard/charms/precise/nova-cloud-controller/lp1313602-multiline-known-hosts
<caribou> jamespage: suggested to rerun the hooks for relations in order to get that multi-line setup to be applied when we upgrade the charm
<caribou> gnuoy: my mistake is to suppose that all relations were available in 'upgrade-charm'.
<gnuoy> caribou, they are all available, what makes you think they aren't ?
<caribou> gnuoy: well, I suppose they are if I explicitely call them by rid, in relation hooks there's no need for that apparently
<caribou> if I understand it correctly
<caribou> gnuoy: I mean I do not need to supply the relation-id in a relation hook when doing 'relation-get'
<gnuoy> caribou, you don't need to explicitly set relation id when you're in the context of that relation. But in upgrade charm your not in the context of any relation so it needs to be set explicitly
<caribou> gnuoy: sorry for all those nOOBs assumptions, I'm just getting into those charms mechanisms
<gnuoy> caribou, don't apologise, no problem at all
<YamakasY> how can I make my mirror smaller ? it's 200GB!
<YamakasY> anyone ?
<gnuoy> YamakasY, have asked in #ubuntu-mirrors and looked https://wiki.ubuntu.com/Mirrors for expected mirror sizes ?
<gnuoy> " The Ubuntu archive, as of 2013-04-04, uses about: 642GB of disk space for the Ubuntu package archive. "
<YamakasY> gnuoy: not loked there yet
<caribou> gnuoy: maybe I misunderstood what jamespage asked for
<jamespage> caribou, nope- the conversation above looks on the right track :-)
<caribou> jamespage: thanks for the confirmation
<caribou> jamespage: there is also a dependancy on the order of the upgrade : nova-cloud-controller must be upgraded first to make the new relations available to nova-compute
<jamespage> caribou, actually I don't think that will matter
<caribou> jamespage: well, if nova-compute runs & no indexed relation is there, it will do nothing
<jamespage> caribou, if you do it the other way around, nova-cc will set the data and the nova-compute nodes will just pickup the new relation format
<jamespage> caribou, yes
<caribou> hence nova-cc needs to be to the latest version first
<caribou> jamespage: I mean it will not break anything, but just not use the multi-line format
<caribou> so someone not knowing about the specific ordering requirement will not get a functional live-migration ssh key setup after the upgrade
<caribou> if nova-compute is upgraded first
 * zul shakes his fist at tempest
<oro> anyone has a workaround for trusty's network device reanming bug? (https://bugs.launchpad.net/ubuntu/+source/biosdevname/+bug/1284043)
<uvirtbot> Launchpad bug 1284043 in biosdevname "udev renaming the same hardware network i/f to different name, breaks networking and firewall" [High,Confirmed]
<caribou> jamespage: gnuoy: running compute_changed() in a non relation hook context is rather difficult :
<jamespage> caribou, there should be lots of examples of how todo that already in the nova-cloud-controller charm
<caribou> many of the function used make the assumption that all relations are available
<gnuoy> caribou, note that those which need to be called outside of a relation context allow the rid to be passed in
<gnuoy> def compute_joined(rid=None, remote_restart=False):
<caribou> gnuoy: I fixed many of them, but the call to shh_compute_add fails because it calls helpers that expect  some environment variable to be there
<caribou> gnuoy: yeah, i've done all of this, the whole relation get/set is fixed accordingly
<caribou> gnuoy: here is an example : http://paste.ubuntu.com/7505499/
<gnuoy> caribou, just to be pedantic "all relations are available" in all hook contexts. And there is no hook context where they're all available without having to set a rid for ones outside of the current context.
<caribou> gnuoy: agreed, that why I added rid & uid to the call so I have them, that works
<gnuoy> kk
<caribou> gnuoy: it's the call to ssh_directory_for_unit which calls remote_unit that expects $JUJU_REMOTE_UNIT to be set; maybe I should change that to use a unit passed as argument
<caribou> gnuoy: since I know it already
<gnuoy> sounds good to me
<caribou> gnuoy: just that the fix becomes more intrusive that I expected ( or rather that I'm used to)
<gnuoy> yeah, I think you've been unlucky
<caribou> gnuoy: from the look of it, the current compute_joined was written to be called in a relation hook only
<caribou> gnuoy: I must change it to be called in any context
<caribou> gnuoy: I'm fine with it
<gnuoy> caribou, no, it is called in other relation contexts already, hence the ability to pass in the rid
<gnuoy> shared-db-relation-changed calls it for one
<caribou> gnuoy: it calls compute_joined, not compute_changed
<caribou> compute_changed is argumentless atm
<gnuoy> caribou, ah, you said compute_joined in your previous comment "the current compute_joined was written to be called in a relation hook only"
<caribou> gnuoy: oops, sorry :-/
<gnuoy> np :)
<caribou> ok, now that I got blessing for people who know, let's get that working :-)
<Werkena> Hi, How do I make sure whenever a service e.g. apache stops to make sure it be restarted again.....apart from using cron to check on a timely basis.
<rberg_> Werkena: upstart can restart processes that crash
<Werkena> rberg: Can you take such an instances where the sysadmin wants to ....e.g. just unpluging a wifi usb AP and replugging it would make hostapd to freez/stop....so I have to restart it manually....or if some how the usb wifi is pluged after the hospad service already started, it wouldn't restart itself.....so I wanted it in such like scenario....
<rberg_> for hardware events I would look at writing udev a rule
<Werkena> rberg: I think I understand you now, Should I only include the word "respawn" in the init.d of the script (for hostapd) like found in this post.....https://forums.plex.tv/index.php/topic/109449-respawn-on-crash/
<klander> hey guys. whats the easiest way to port your deployed apps to apache 2.4 from apache 2.2 ?
<klander> this blog mentions automated deployments but i really don't know what he's talking about: http://www.justgohome.co.uk/blog/2014/04/new-in-14-04-apache.html
<klander> does anyone know what he's referring to?
<TJ-> klander: vrtualised instances using deployment and configuration management tools; Chef, Puppet, Salt, Ansible,  etc, etc,
<caribou> gnuoy: jamespage: FYI, looks like I got the compute_changed() to work in non-relation hooks (i.e. upgrade-charms)
<caribou> I'll give it more tests next monday & fix the unit-tests
<gnuoy> caribou, excellent
<caribou> gnuoy: jamespage: your help was very valuable, thanks for it
<gnuoy> np
<jamespage> caribou, yw
<smoser> kirkland, bummer: https://bugs.launchpad.net/cloud-init/+bug/1322692
<uvirtbot> Launchpad bug 1322692 in cloud-init "seed_random runs too early if local datasource used" [Medium,Confirmed]
<adam_g> smoser, eeek https://bugs.launchpad.net/cloud-init/+bug/1316475
<uvirtbot> Launchpad bug 1316475 in tripleo "trusty hang on first boot post deploy" [Critical,Triaged]
<smoser> adam_g, bah.
<smoser> good debugging.
<smoser> adam_g, you can just disable that datasource
<smoser> thats the easiest thing to do .
<adam_g> smoser, yeah..
<adam_g> smoser, how do i disable it?
<smoser> dpkg-reconfigure cloud-init will allow you to select
<smoser> or you can just pars/edit /etc/cloud/cloud.cfg.d/90_dpkg*
<smoser> adam_g, that just plain sucks
<adam_g> smoser, yeah. its still not clear to me why its happening on a small percentage of our servers and not others. im happy to test whatever you come up with.
<smoser> adam_g, well, it would not hang if either:
<smoser> a.) there was no ttyS1
<smoser> b.) there was data to read on the ttyS1
<smoser> c.) the read failed.
<kirkland> smoser: okay...suggestions?
<smoser> no good suggestions at the moment
<vonsyd0w> Hello! I'm trying to get my dhcp server to dynamically update my dns server with hostnames, but dhcpd keeps spitting out these errors: dhcpd: Unable to add forward map from $HOSTNAME. to $IP: connection refused - Anyone familiar with it?
<sarnold> vonsyd0w: 'connection refused' could be generated by a firewall on the dhcp machine, a firewall on the dns machine, or the dns server not being configured to accept connections on that IP/port
<vonsyd0w> firewall on the dhcp! wow forgot
<vonsyd0w> let me check now...
<kingbeowolf> how do you guys control your raid?
<dcosnet> telekinetics
<dcosnet> O:-)
<rberg_> with mdadm.. how else?
<kingbeowolf> so no hardware?
<kingbeowolf> im looking at a 4 disk ssd raid
<kingbeowolf> maybe 5
<rberg_> I have used some hardware.. I find megacli obtuse
<kingbeowolf> what do you think of this? http://www.amazon.com/gp/product/B004JPHAF0/ref=s9_wish_co_d0_g147_i4?ie=UTF8&colid=12KKAP4FH9RM4&coliid=I3TX9VQI5ZJ53U&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=typ-top-left-1&pf_rd_r=1ZG25XSSJ2F44974WDGZ&pf_rd_t=3201&pf_rd_p=1780082482&pf_rd_i=typ01
<rberg_> personally I would stick to software raid for 4 or 5 disks
<kingbeowolf> i think i have a bottle neck some where with this 4 disk raid 0
<kingbeowolf> using mdadm
<vonsyd0w> sarnold, that was it! A firewall issue. I forgot my dhcp server (my edgemax router) had explicit deny rules set. I had to create an allow rule for port 53, its working now
<sarnold> vonsyd0w: oh! nice :D
<sarnold> vonsyd0w: thanks for reporting back, I love learning what fixes things :)
<fridaynext> has anyone used this before? http://sourceforge.net/projects/automysqlbackup/?source=dlp
<fridaynext> I'd like to set up a cron job to back up my mysql DB's, and that looks to fit the bill, but it hasn't been updated in over a year.
<remix_tj> fridaynext: a collegue of mine implemented this, works well, dumps when requested-
<fridaynext> remix_tj: recently?
<remix_tj> last july
<fridaynext> remix_tj: meh, close enough. it's not like commands to back up a db have changed in 6 months.
<fridaynext> mysqldump -u me -pblah, etc.
<remix_tj> oh, yeah
<fridaynext> I'd write the scripts myself, but I'm too lazy.
<[[lutchy]]> What's wrong with just a routine mysql dump?
<vonsyd0w> fridaynext, Percona XtraBackup is another option: http://www.percona.com/doc/percona-xtrabackup/2.1/
<vonsyd0w> I haven't used it, but it seems well maintained
<vonsyd0w> and good docs
<remix_tj> automysqlbackup also sends report, helps with a lot things for lazy sysadmins
<[[lutchy]]> hmmmm...
<remix_tj> and you know, you're not a senior sysadmin until you're lazy
<fridaynext> remix_tj: have i been upgraded to senior??? nice!
<[[lutchy]]> No offense, but it's like another software to keep up2date.
<fridaynext> really all I want to do is back up the db, zip it, and move it into the user's owncloud folder (daily).
<remix_tj> [[lutchy]]: your code has to be tested and updated by yourself, drilling down problems when issue appears
<fridaynext> dammmit, i'm just going to write the cron job for it.
<fridaynext> no reason to install something else.
<remix_tj> when the code is written by others for many people, it's well tested (hope) and problems are eventually drilled down by more people than yourself
<[[lutchy]]> Now if I make it simple...
<[[lutchy]]> s/now/not/
<remix_tj> yeah
<remix_tj> simple means 2 lines of code
<[[lutchy]]> I like simplicity when it comes to sysadmin...
<remix_tj> more than two is already on the road for "complex" :-P
<[[lutchy]]> remix_tj, Yeah, only time it breaks, is bash or something else changed :-p
<remix_tj> yup :-)
<[[lutchy]]> In my experience, I've seen some folks come with complicated solutions to solve a simple solution (not sure if they are trying to impress someone or not)
<[[lutchy]]> s/simple solution/simple issue/
<Joe_knock> Hello
<[[lutchy]]> Hi
<Joe_knock> Would it be possible to use wubi.exe to install ubuntu server alongside winXP? Using ubuntu12.04 server
<[[lutchy]]> That's 'ubuntu12.04' part confused me a bit...
<Joe_knock> [[lutchy]]: 12.04 is the version of ubuntu server that I have.
<[[lutchy]]> Joe_knock, If I understood correctly, you want to install Ubuntu Server under ubuntu 12.04 along side winxp ?
<[[lutchy]]> I have about 4 Ubuntu Server VMs, but I would assume that the installer, which I can test in a VM, will automatically recognize WinXP :/
<[[lutchy]]> wubi.exe to install ubuntu, using ubuntu12.04? webi.exe is a Win program..
<lordievader> Joe_knock: Wubi hurts performace, not really what you want on a server.
<Joe_knock> lordievader: I just need it for home-testing and playing around with it. It isn't a production server.
<Joe_knock> [[lutchy]]: That is my point. I want to use wubi.exe to install ubuntu server alongside WinXP
<lordievader> Still, wubi is ugly and should die. But that is just my personal opinion.
<Joe_knock> lordievader: I respect your opinion, but I am just clarifying whether it is possible or not. I am restrained in that I cannot make the system run ubuntu on its own.
<[[lutchy]]> From what I understood, wubi was just a more easier way to install Ubuntu under Windows XP ?
<[[lutchy]]> Not Windows XP, but under any Windows version that is supported
<lordievader> Hmm, haven't done a wubi install in years. But I suppose that if it is possible to install the desktop the server part shouldn't be a problem.
<Joe_knock> [[lutchy]],
<Joe_knock> [[lutchy]]: Yes that is correct. It installs "within" windows. so ubuntu kind of lives on top of windows
<Joe_knock> lordievader: Thanks
<guntbert> Joe_knock: just why don't you use virtual machines?
<[[lutchy]]> hehehe
<[[lutchy]]> I have Windows Server 2012 R2, with the latest patches to Hyper V
<[[lutchy]]> I have CentOS, and 2 Ubuntu VM Server
<[[lutchy]]> My http://projects.lhprojects.net/ and http://scm.lhprojects.net/. both running from the same server and from VMs
<Joe_knock> guntbert: The tower I intend using only has 512MB of memory
<[[lutchy]]> Ok...
<[[lutchy]]> Well, IIRC, 14.04 only support 64bit ?
<WACOMalt> Hey folks. I just checked munin on a largely inactive server, and I am seeing a lot of postfix activity http://i.imgur.com/x49HlKk.png
<WACOMalt> should I be worried?
<[[lutchy]]> Joe_knock, Let me guess, no USB, no CD-ROM ?
<guntbert> Joe_knock: thats really low, indeed
<lordievader> !munin
<lordievader> Hmm, thought there was something with munin.
<Joe_knock> [[lutchy]]: It has USB and a CD-ROM drive, but I will install using a virtual drive.
<WACOMalt> well anyways, this server has never ever been used (intentionally) as a mail server.
<WACOMalt> So is this sign of someone using it agains tmy will?
<Joe_knock> guntbert: Which is why I need full resources to try installing a couple of tools  I want to test
<Joe_knock> WACOMalt: if that is the case, why is postfix installed on it?
<WACOMalt> I would venture to guess it came with it
<[[lutchy]]> Postfix by default, is pretty secure
<guntbert> Joe_knock: I understand but cannto contribute anything to your wubi-question - I never used it, not even in a VM
<guntbert> *cannot*
<WACOMalt> how can I check if anyone has been using it?
<[[lutchy]]> All my Ubuntu installations were basic with just openSSH
<Joe_knock> WACOMalt: It looks like only 6 mails have been deferred. Unless I am misinterpreting the graph. so it isnt a lot, compared to previous activity
<WACOMalt> can I check what user initiated those?
<Joe_knock> guntbert: I will test it out in a couple of minutes time.
<guntbert> Joe_knock: Good luck!
<Joe_knock> WACOMalt: yes, you should be able to see activity of sent/received emails. Do you have access to the server?
<WACOMalt> I do, but have no experience with postfix to know where to look
<Joe_knock> WACOMalt: Are you comfortable with the commandline?
<Joe_knock> guntbert: Thanks
<[[lutchy]]> The Mail log, will not tell you who initiated in terms of a *user*... It will tell you the host
<WACOMalt> yes, provided I can get some help as to what to type :P
<[[lutchy]]> Who asked the Mail to be relayed
<WACOMalt> that works [[lutchy]]
<[[lutchy]]> Unless you have SASL auth
<[[lutchy]]> Then you will get a *user*
<WACOMalt> -\(Â°_o)/Â¯
<WACOMalt> I never set that up, so I guess I wont get a user
<WACOMalt> so how do I check?
<[[lutchy]]> How do you want the E-Mail server to be setup ?
<Joe_knock> [[lutchy]]: Wouldn't all that is needed to identify the person is the email address that tried to send the email? Based on the graph, it seems somebody or 6 people or 1-6 people tried to send a total of 6 emails that were "deferred"
<[[lutchy]]> Postfix is very documented and features typically work as expected
<WACOMalt> [[lutchy]], not at all preferably
<lordievader> WACOMalt: Have you by any change installed logwatch?
<WACOMalt> nope
<[[lutchy]]> Joe_knock, no, I can telnet to your server and enter whatever mail from person I like
<Joe_knock> [[lutchy]]: true, but it may be possible that some end-user is trying to send an email.
<WACOMalt> so, how do I check?
<[[lutchy]]> logwatch is really good
<Joe_knock> WACOMalt: Do you want us to check what commands to type in for you? lol
<[[lutchy]]> It's very useful ... I thinking of another program to aggregate results from different servers.. I found logstash
<Joe_knock> WACOMalt: Perhaps this might help -- http://www.postfix.org/postqueue.1.html
<[[lutchy]]> Joe_knock, It's not about if user will or will not send mail... it's based on the policy of the mail server to reject it
<Joe_knock> WACOMalt: I see that the -p part is where you may be looking.
<[[lutchy]]> I have two postfix servers relaying mail..
<[[lutchy]]> I don't know why you would suggest postqueue
<[[lutchy]]> When postqueue is about whatever mail that's currently in the 'queue'
<Joe_knock> [[lutchy]]: I am trying to help him as best I can. Feel free to make a better recommendation
<[[lutchy]]> Yeah, it's about helping one another ...
<[[lutchy]]> I had asked earlier how he wanted his E-Mail server to be setup
<[[lutchy]]> I doubt, when you 'apt-get install postfix', it leaves you as open RELAY
<WACOMalt> [[lutchy]], I answered that question with "not at all"
<[[lutchy]]> Postfix, being complex, has a very simple and well documented
<[[lutchy]]> configuration
<WACOMalt> it looks like one of my users has set up an email address, and they have google set to recieve that for them in their gmail
<WACOMalt> thats all the acticity I can see in postqueue
<WACOMalt> so I guess things are fine?
<[[lutchy]]> Read what postqueue is far ...
<[[lutchy]]> postqueue does not produce logs
<[[lutchy]]> Postfix is simple a MTA, if it's allowed to TRANSFER email, then it's likely a faulty in security
<WACOMalt> ok, then I'm just uninstalling it
<[[lutchy]]> If you don't need a MTA, then yeah, but keep in mind... programs that need a sendmail program will fail
<[[lutchy]]> Bottom line, who accessing your Computer ?
<WACOMalt> honestly, at this point I dont even know. I have 3 authorized users. And I'm about as unfit of a server admin as has ever existed
<WACOMalt> :)
<Joe_knock> [[lutchy]]: the emails weren't delivered, which means they're sitting in the queue, which is why postqueue can tell what emails are there.
<[[lutchy]]> Ok
<Joe_knock> WACOMalt: Do you recognise the email address?
<[[lutchy]]> WACOMalt, There are few things you can to secure it up
<WACOMalt> yes, and no
<WACOMalt> there is www-data@myserver.com
<WACOMalt> and then a few that are actually users
<WACOMalt> but all are trying to send to gmail servers
<Joe_knock> WACOMalt: Identify with the company bureaucracy whether you are allowed to access email accounts, if yes, then maybe you can access the content of the email to see what it says.
<WACOMalt> "the company beaurocracy" = me
<WACOMalt> its just a guy (me) with a box
<[[lutchy]]> What piss you off the most
<Joe_knock> WACOMalt: I think what is happening is that they're using mail-forwarding, and those 6 emails weren't forwarded for some reason.
<[[lutchy]]> The fact, 3 authorized people send Mail
<[[lutchy]]> Or the targets of the E-Mail, by one person, is wrong
<[[lutchy]]> That information can help
<WACOMalt> yeah I'm gonna talk to those 3 people
<WACOMalt> they dont use the emails any more, but I know they had them set up at once point. Gonna askt hemt o remove them from gmail
<[[lutchy]]> BTW, when it's local mail
<[[lutchy]]> It's logged by user
<[[lutchy]]> So, if they send a mail from 'sendmail' program from the server, it will be logged by who
<Joe_knock> WACOMalt: Are they just forwarding from myemail@domain.com to myemail@gmail.com or are you using gmail as your email provider?
<[[lutchy]]> Postfix behaves differently when it comes to local sent mail
<WACOMalt> Joe, the former example
<[[lutchy]]> There is a different daemon that handles local mail
<[[lutchy]]> That should be log, what Ubuntu server do you have ?
<WACOMalt> At current I see nothing to hint at someone misusing the server. So I'm not worried and will jsut ask the users to disconnect google if they arent using the address any more
<WACOMalt> 10.04 :/
<Joe_knock> WACOMalt: Based on what you say, it is actually the automated email forwarder that has placed the emails in the queue (my assumption based on info).
<WACOMalt> hmm possibly
<Joe_knock> WACOMalt: Disconnecting google won't fix it. You need to stop mail-forwarding from: myemail@mydomain.com . What email client do you have access to?
<WACOMalt> you mean on the server?
<WACOMalt> or on my local desktop
<WACOMalt> locally I think I have windows live mail which could connect to those addresses
<Joe_knock> Yes, you need to configure mail-forwarding to be stopped. Find out how the 3 other users setup mail-forwarding previously and tell them to reverse that process.
<WACOMalt> righto. I'll have to look into that tonight though
<WACOMalt> I have to leave for the time being.
<Joe_knock> WACOMalt: Perhaps a webmail client like squirrel or something else might help. Good luck
<WACOMalt> Thank you both for the help. At least my mail wasnt being used for nefarious purposes
<Joe_knock> WACOMalt: If you don't need postfix, best to remove it then.
<WACOMalt> yeah I'll check if anyone else is actually using it, but it certainly looks like they arent
<WACOMalt> ok, I'm off. thanks again!
<fridaynext> what permissions does a mysql user need to be able to dumb a DB?
<[[lutchy]]> root
<fridaynext> i have all my users set at SELECT, UPDATE, INSERT, DELETE
<[[lutchy]]> Depends, the entire DB directory ?
<fridaynext> oh, so only root can dump a db?
<fridaynext> no just individual DB's
<fridaynext> I want to dump DB's daily for my clients running WP sites on my server
<serverhorror> fridaynext: usage and select (on all object) may be enough if you do a mysqldump. but it really depends on the kind of backup you want to do
<fridaynext> serverhorror: just basic.
<[[lutchy]]> thanks serverhorror
<fridaynext> mysqldump -u someone -pblah summatDB > summatDB_today.sql
<[[lutchy]]> I was thinking only 'select'
<serverhorror> i think just about any right implies usage, but granting it makes it explicit in listing the rights also
<fridaynext> this is what i'm getting when i try to use a user's un/pw for a dump http://pastebin.com/TrcETmff
<serverhorror> fridaynext: actually any user can create a backup like this. if you âgrant usage,select on myschema.public_table to ârestricted_backupuserâ@âbackuphost.invalidââ youâll still get a backup just not of all the tables in the database ;)
<serverhorror> s/database/schema
<Macer>            0.25    0.00    2.61   26.12    0.00   71.02
<Macer> i am getting 26.12 in iostat for iowait :/
<[[lutchy]]> iostat?
<fridaynext> serverhorror: what if I grant lock tables - will that fix the error in the pastebin?
<Macer> top too
<Macer> but i wanted to see where it was.. .can't quite put my finger on where i'm getting the pause
<[[lutchy]]> You know fridaynext, give users all access to the DB they OWN
<serverhorror> it should, but it will also â¦. LOCK your tables (no other client can write while the backup is running)
<fridaynext> [[lutchy]]: i'm running wordpress sites, and wordpress codex suggests only granting select, insert, update, delete to mysql users.
<[[lutchy]]> No..
<[[lutchy]]> You can grant access per db, even per table
<fridaynext> http://codex.wordpress.org/Hardening_WordPress#Database_Security
<fridaynext> I know I can do that, but this is just what the WordPress codex suggests.
<fridaynext> I want to keep it as secure as possible.
<serverhorror> fridaynext: donât use wordpress :)
<[[lutchy]]> Macer, Install 'iotop', it can show you IO in terms of IO in regards of DISK usage
<fridaynext> serverhorror: if i had a nickel.
<serverhorror> hehe
<[[lutchy]]> Let me get this right...
<fridaynext> but until I can teach myself a new language and implement a secure e-commerce platform for the 12 sites i'm currently running - i'm stuck with WP.
<[[lutchy]]> You know you can do that but you followed instructions blindly ?
<fridaynext> [[lutchy]]: not blindly.
<Macer> ah ok. let me take a look at it
<serverhorror> fridaynext: truly the permissions depend on the backup. my default solution is to run a backup only slave and go from there (either xtrabackup, mysqldump, â¦) that at least wonât lock the clients out during backups
<serverhorror> fridaynext: e.g. Iâm pretty sure mysqldump âopt â¦ and mysqldump âsingle-transaction â¦  will need different sets of permissions
<fridaynext> if I run mysqldump as root, and put that in a .sh file in the root directory, to be run with the root user's crontab - is that basically secure?
<[[lutchy]]> Yes, but from he is telling me, he already knew beforehand, then apply permission per DB
<[[lutchy]]> NEVER fridaynext
<serverhorror> fridaynext: just donât
<fridaynext> which part - the root user's cron job?
<fridaynext> or running mysqldump as root?
<fridaynext> or both?
<[[lutchy]]> This is how I do it, as opposed to serverhorror
<Macer>            0.25    0.00    2.61   26.12    0.00   71.02
<Macer> oops
<Macer> 12015 be/4 root       48.19 K/s    0.00 B/s  0.00 % 98.63 % dpkg -i ./packages/zimbra-store_8.0.7.GA.6021.UBUNTU12.64_amd64.deb
<[[lutchy]]> I use phpmyadmin, to select what permissions per user has
<Macer> wow... wth?
<Macer> is that because of some awkward lxc kernel translation or something? heh
<[[lutchy]]> I just give full permission to that user to the db
<Macer> iotop has dpkg @ 99% io?
<[[lutchy]]> It avoids any permission issues moving forward
<serverhorror> fridaynext: make it secure: use ssl all over the place (expect about 30% of the original performance). never use root but dedicated role accounts. get rid of the [debian|ubuntu] mysql user
<fridaynext> serverhorror: i've been converting all sites to 100% ssl over the past week, so that much is being taken care of.
<serverhorror> fridaynext: practically Iâm having dedicated schema owners and use those for maintenance like backupsâ¦
<serverhorror> fridaynext: on the webserver part or the mysql part
<fridaynext> webserver
<serverhorror> fridaynext: iâm talking about mysql
<fridaynext> i didn't know using ssl was possible within the same machine
<fridaynext> for mysql
<fridaynext> since it's all on localhost, that is.
<[[lutchy]]> Macer, snippets... do not work.. I can't see headers, you expect people understand what you pasting
<serverhorror> fridaynext: it is. mysql just has the habit of being overly friendly and actually uses the unix socket instead of the tcp socket if you specify localhost but you can tell the (at least) the mysql client to use the tcp socket
<[[lutchy]]> MySQL and SSL serverhorror .. it's frustrating
<[[lutchy]]> Not all clients support SSL with MySQL
<[[lutchy]]> I have stunnel setup .. :)
<Macer> hm. zfs seems to be giving me some pretty bad speeds
<serverhorror> [[lutchy]]: as i said: 30% of the original performance (not 30% drop) 30% left of what you had
<fridaynext> serverhorror: wow that's a huge drop
<serverhorror> (rough estimates of course)
<[[lutchy]]> serverhorror, You didn't say from what I am reading just in case
<Macer> [[lutchy]]: sorry.. it's not zfs. the i/o to the zfs isn't bad. i don't know what is holding it up
<Macer> dpkg in a container seems to be getting held up somewhere
<serverhorror> [[lutchy]]: I was referring to the frustration. Iâd drop mysql without a blink if I had the chance too
<Macer>   TID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND
<Macer> 12015 be/4 root        0.00 B/s    0.00 B/s  0.00 % 99.84 % dpkg -i ./packages/zimbra-store_8.0.7.GA.6021.UBUNTU12.64_amd64.deb
<[[lutchy]]> The socket issue is a problem
<Macer> it's not the disk.. :/
<fridaynext> so how do i avoid doing a mysqldump with locktables? (is that even possible?(
<[[lutchy]]> Especially when I am using stunnel, but just specifying the IP of the localhost should resolve that
<[[lutchy]]> fridaynext, read the error carefully
<fridaynext> [[lutchy]]: it looks like it is definitely going to lock the tables while performing the db backup.
<[[lutchy]]> I would have to defer to serverhorror ....
<fridaynext> oh it's that percent sign, isn't it.
<[[lutchy]]> How big is the DB ? Why can't you schedule a time  ?
<fridaynext> It's probably 30MB
<fridaynext> I can schedule a time, but I'm testing the mysqldump command as the owner of the db before setting up a cronjob that won't work when it's fired
<[[lutchy]]> Regardless, I still have to defer to serverhorror...
<fridaynext> [[lutchy]]: I don't get it - defer b/c I'm too daft to understand, or you don't know what to tell me next?
<[[lutchy]]> My question to serverhorror, if you know, does mysqldump 'lock'?
<serverhorror> 30M should be done in well under a minute with almost any hardware today. depends on your requirements wether that can still be locked or not
<fridaynext> [[lutchy]]: oh.
<[[lutchy]]> Yeah, I agree with serverhorror
<[[lutchy]]> But, are you doing back per user ?
<[[lutchy]]> s/back/backup/
<[[lutchy]]> That's inefficient
<serverhorror> [[lutchy]], fridaynext: look for ââadd-locksâ thereâs also a ââno-add-locksâ (or any other ânoâ¦. options for that matter) so it doesnât necesarily lock. but then it doesnât guarantee consistency (read: you could get a broken backup, missing posts, etc. but 30MB doesnât sound like a high traffic blog) â
<serverhorror> http://manpages.debian.org/cgi-bin/man.cgi?query=mysqldump&apropos=0&sektion=0&manpath=Debian+7.0+wheezy&format=html&locale=en
<[[lutchy]]> Thank serverhorror :)
<[[lutchy]]> Thank you* serverhorror
<serverhorror> personally i do mysqldump âsingle-transaction âopt âtriggers âadd-drop-triggers â¦.
<fridaynext> serverhorror: it's a super high trafficked site, but I just granted lock tables to the user, and it performed the dump in about 0.3 seconds.
<serverhorror> but as I said: I always have a backup only slave so I have no problems with locks
<serverhorror> fridaynext: high traffic in that case means: itâs creating multiple posts per second as the lock would keep you from saving them but not from reading them
<fridaynext> is that a separate mysql user with permissions on all DB's?
<[[lutchy]]> I think the issue is, since fridaynext mentioned user, I still don't get why you don't give the use full privs?
<serverhorror> fridaynext: no itâs separate hardware that acts as a repliation slave
<fridaynext> [[lutchy]]: I've had client's come to me whose sites have been hacked, and I want to keep my sites as secure as possible.
<[[lutchy]]> Do you trust MySQL ?
<fridaynext> I haven't read how mysql gets injected with malware, etc, but I figure as few permisisons as necessary is a good start to keeping it secure.
<serverhorror> fridaynext: the practical solution is actually a âschema ownerâ that can connect from trusted sources.
<[[lutchy]]> It doesn't matter
<[[lutchy]]> You can't prevent SQL injection from MySQL
<[[lutchy]]> You can limit
<[[lutchy]]> A user having entire access to his DB
<[[lutchy]]> The information in his DB get corrupted is not really your issue
<serverhorror> fridaynext: most web apps (including wordpress) donât get hacked because of the base installation but rather because of weak passwords and plugins (which are mostly â¦. letâs say audited to a lesser extent)
<serverhorror> reason no. 1 being weak passwords
<fridaynext> serverhorror: and i'm already enforcing strong passwords, so I guess I don't even need to worry about the user having all permissions.
<serverhorror> you canât possibly get your users to use secure passwords if the wp-admin is on the interwebs
<fridaynext> serverhorror: not sure if sarcastic, but i've enforced strong passwords with a security plugin.
<serverhorror> people tend to use the same password all over the place so itâs not like you can actually help them. password leaks being everywhere and downloads of the files only a google search away
<[[lutchy]]> No one suggested all permissions \
<fridaynext> 16:42 [[lutchy]]: I think the issue is, since fridaynext mentioned user, I still don't get why you don't give the use full privs?
<[[lutchy]]> I suggest all permission on per user database
<[[lutchy]]> Right
<fridaynext> oh
<fridaynext> that's what I thought, and what I meant when I stated it just now.
<fridaynext> so we're still on the same page.
<serverhorror> fridaynext: as i said âschema ownerâ (grant all on customer1.* to schema_owner@secured_host) that is what I use. everything else was impractical to manage for me
<[[lutchy]]> I have been saying the same statement for the past 30 minutes
<fridaynext> okay thanks for the help.
<serverhorror> ok now for my question :)
<[[lutchy]]> I think there was some level of miscommunication
<serverhorror> Iâm looking for image deployment systems. should be able to handle about 50-100 images and scale to deploy to about 10K hosts/year
<serverhorror> [[lutchy]]: I think so too. Practicality and security donât always play well together :)
<[[lutchy]]> uh... When you say Image ? Do you mean, image of a disk ?
<serverhorror> target OS being: all things linux (debian, rhel, ubuntu, â¦)
<serverhorror> [[lutchy]]: yes.
<serverhorror> not necessarily block based but definitely not the usual pxe boot/debootsrap/seed files
<serverhorror> rather something like pxe boot > do_magic.sh (which puts the image on the target, optionally runs post-script, or some kind of first-boot afterwards) > profit
<[[lutchy]]> I am a intermediate sysadmin... I would like to see how you solve this large scare problem
<[[lutchy]]> With tools that Ubuntu offer
<[[lutchy]]> BTW, I don't like Debian... That's why I pick Ubunt
<bekks> kickstart.
<[[lutchy]]> I would think of backup system
<serverhorror> bekks: I thought kickstart was just the native RHEL way of running installation scripts like debian distros have preseed files and the installer
<bekks> It works fine on Ubuntu, too.
<bekks> And it is much easier than preseed files.
<serverhorror> bekks: but will it use the âcurrent package sourcesâ or a frozen state (image deployment). I hav a requirement of âfrozen stateâ
<bekks> It will use whatever your local mirror provides ;)
<bekks> For even larger use cases, you can use http://fai-project.org/ too.
<serverhorror> bekks: that is my problem. I donât have control over the mirrors at our site and the requirement is not to introduce âunwanted changesâ
<bekks> So set up your own mirror. Aint that hard :)
<serverhorror> bekks: If you get my management to sign that Iâll have it in an hour :)
<bekks> Build a test scenario, present it. It will be signed.
<[[lutchy]]> hehehe
<sarnold> serverhorror: surely you want all the updates installed before deployment, right? :)
<serverhorror> sarnold: actually NO! that is the core part of the requirement
<bekks> Get that part signed, too.
<bekks> Otherwise you will be blamed for missing updates :)
<serverhorror> and please donât â¦. image vs. installer based is postgres vs. mysql, vim vs. emacs â¦.
<sarnold> yikes, no updates? o_O
<sarnold> you guys like heartbleed? :)
<bekks> "No updates" is the core part of a totally broken design of how to develop things.
<[[lutchy]]> postgres is way lighter than mysql on default install
<[[lutchy]]> If I had choice, I would chose postgres, but I despise the way they auth
<serverhorror> sarnold: no just 100% verifiable system state. automated image updates are a big part of it. but I need to be able to deploy a system exatly like it was in the revision referenced by $DOCUMENTATION
<bekks> "... includiing all that bugs which where fixed by updates."
<[[lutchy]]> I am not sure if postgres is thinking of security if I have to define how host auth ?
<sarnold> serverhorror: fair enough, updates can always be installed after the system boots
<[[lutchy]]> Am I wrong? :s
<[[lutchy]]> In administrative way, for me to keep editing the host file when I create a new user..
<serverhorror> sarnold: we were done with heartbleed (software update) in about 12 hours and had all the certs revoked and reissued in 3 working days. Iâd say that we were actually pretty fast
<[[lutchy]]> ugg...
<bekks> serverhorror: ubuntu software updates took about 3 hours. I guess you werent that fast, actually.
<[[lutchy]]> Everyone is focuses on serverhorror
<[[lutchy]]> If I have to read, there is a few core issues I disagree with
<serverhorror> [[lutchy]]: pg_hba defines _how_ to do the auth, and the permissions define what to auth. actually a pretty nice separation
<[[lutchy]]> One of them is 'rapid' response
<[[lutchy]]> There is 6 billion people on earth, to expect everyone know the exploit with 24 hours.. uh.. then you had to wait for openSSL to apply a patch
<serverhorror> bekks: but installing the packages is of no help. you need to reboot all the hosts (or at least reastart the daemons). fix software, redeployâ¦. Iâll stick with pretty fast
<sarnold> [[lutchy]]: sorry, I just don't know much about postgres details :)
<[[lutchy]]> serverhorror, <[[lutchy]]> I am not sure if postgres is thinking of security if I have to define how host auth ? is that different from <serverhorror> [[lutchy]]: pg_hba defines _how_ to do the auth, and the permissions define what to auth. actually a pretty nice separation
<bekks> serverhorror: Actually, we werent affected by heartbleed at all, since we had no systems using affected versions. :)
<serverhorror> [[lutchy]]: permissions are grant statements within postgres (authorization), pg_hba can actually do a multitude of authentication...
<bekks> serverhorror: Thats what I call fast. :)
<serverhorror> bekks: cheater! ;)
<serverhorror> bekks: or is it slow because you didnât apply updates and had an old openssl version â¦. SCNR
<bekks> serverhorror: :D - No, in fact, most of the systems werent affected at all.
<sarnold> precise is too new for you? :) gonna give it a bit more time to mature? :)
<serverhorror> the more I read into this image deployment the more I actually want to schedule a meeting and set up my own mirrors....
<bekks> Nope. Solaris 10 wasnt affected at all, same as RHEL up to 6.4, etc.
<serverhorror> I wonder how amazon/rackspace are doing it
<[[lutchy]]> serverhorror, I still like to use Postgres even now... But not many software support it that I like to use... But to consider in a multiple user environment? How would you solve it ?
<serverhorror> [[lutchy]]: create role general_user_role nologin; create role1 ROLE general_user_role; â¦; create roleN ROLE general_user_role; assign rights and be done with it?
<serverhorror> [[lutchy]]: actually i forgot the syntax. most of the time puppet does that for me :)
<[[lutchy]]> I actually didn't't bother to look that up...
<[[lutchy]]> Lucky you, you have your slave minions... :-p
<serverhorror> [[lutchy]]: yeah lucky me â¦ I also have compliance rules. Thereâs no technical problem as bad as having a compliance problem
<bekks> My minions are called kickstart, NIM, Jumpstart and AI :)
<serverhorror> AI?
<serverhorror> Iâll take 10!
<bekks> S11 automated installation. :)
<serverhorror> darnâ¦. artificial intelligence was my hope
<sarnold> NIM?
<bekks> AIX network installation management.
 * genii sips and ponders ksplice
<sarnold> aix hunh? wow ;)
<sarnold> genii: also look into http://lwn.net/Articles/584016/ -- our pals at suse re-did it, kgraft, what with oracle's being all oracly
<genii> sarnold: Oooooo nice
<genii> And not all Oracly
<serverhorror> <rant>I refuse to believe that there isnât a decent system that actually letâs me manage image based deployment. I get all arguments regarding updates and having current systems, but heck: that can also be done right with images, it just needs a different set of practices. </rant>
<serverhorror> everything that comes up is essentially some linux that deploys a sysprepped windows
<[[lutchy]]> I would like see what toolks that ubuntu-server offers ?
<serverhorror> yeah me too :)
<[[lutchy]]> If Ubuntu is another Debian
<bekks> kickstart.
<[[lutchy]]> I rather use Ubuntu because I don't like Debian
<[[lutchy]]> Personally, I like a cross between openSUSE and Ubuntu
<serverhorror> ah what theâ¦ Iâll fiddle around with my pi some more. Monday is coming soon enough, then Iâll at least get paid for research
<[[lutchy]]> I would like a Ncusrse environment sometimes to make my life easier
<[[lutchy]]> and basic.. ip .. etc rules
<sarnold> [[lutchy]]: heh, like yast fifteen years ago? :)
<[[lutchy]]> yast is so useful sometimes
<[[lutchy]]> but it can get in the way
<[[lutchy]]> For example, I din't know how you setup Interfaces in Ubuntu? or the syntax is being used ?
<[[lutchy]]> Even after I made the modifications to /etc/network/interfaces, /etc/init.d/networking restarting would report error
<[[lutchy]]> Even when I am root
<[[lutchy]]> I had to end up ip.. add the 'Alias' with IP and assume on reboot...
<z1haze> can someone please help me add another website to my server? someone had set it up for me in the past and i dont really understand it
<[[lutchy]]> That really depends.. Apache ?
<z1haze> the sites are in /home/www each have their own folder, but they arent shown as folders, they're listed as MS-DOS Applications .. how do I make another one?
<z1haze> yes apache
<z1haze> the stuff is in /etc/apache2 there is the /sites-available and the /sites-enabled folder i KIND of know what it does but not really.. ive got it working to basically the "It works" page
<sarnold> [[lutchy]]: yeah, bad news there -- the 'right way' to do interfaces is 'ifup <ifname>' and 'ifdown <ifname>'. it's insanely confusing why the initscripts don't work, but it winds up completely breaking dbus or upstart or both.
<[[lutchy]]> sarnold, I was discussing how to make me life easier as admin
<[[lutchy]]> It's true
<sarnold> [[lutchy]]: you can add the 'ip' commands right in /etc/network/interfaces. that appears to be the 'blessed' way to do that job.
<z1haze> so how can i add another website?
<[[lutchy]]> sarnold, Keep in mind I am talking about 'Alias'
<[[lutchy]]> sarnold, You can ?
<[[lutchy]]> Ok
<serverhorror> [[lutchy]]: still sarnold is right. âip addr add 192.0.2.1/24 dev eth0â in /etc/network/interfaces is the way. post-up and pre-down will take care of adding/removing the ip when you run ifup eth0 (or ifdown)
<[[lutchy]]> That's not the issue at the end of the day when I ask about tools to make my life easier as admin
<[[lutchy]]> If you can add ip rules.. noted..
<serverhorror> z1haze: âkind ofâ is really broad in that case is another website simply a folder within a virtual host or do you want another virtual host, is it a static site, some php/python/perl application. Your problem description is way to vague to actually give you iinformation
<[[lutchy]]> With Yast, I can tab to network, select interface, and add the ip address
<z1haze> i figured it out, thanks
<z1haze> just had to run the sudo a2ensite thing
<[[lutchy]]> CentOS has 'system-network-tui'
<z1haze> and it makes the stuff for u
<serverhorror> [[lutchy]]: but Yast will make your life more complicated if you just have âthat one little setting yast doesnât know about and keeps overwriting, but is needed so desparatelyâ
<sarnold> serverhorror: btdt :)
<[[lutchy]]> serverhorror, I have used Yast for the last 3 years
<[[lutchy]]> I know it's limits
<serverhorror> [[lutchy]]: another rather simple case where yast is not that helpful: 10 servers that are frontends for a web application. now go add 10 IP based vhosts to each of those hosts. Itâs quite some fun actually running thru at least 300 config screens (assuming you can get there with just 3 screens) to the config on the hosts :)
<[[lutchy]]> Not the case
<serverhorror> [[lutchy]]: imho the only thing makes life easier is extracting the defining system of the use case and automating that to the point where you could be run over by a bus and nobody would notice because all the stuff is âself-serviceâ capableâ¦. now that would be a reason for a big raise
<sarnold> once you get more than two or three servres, using a tool like juju, chef, puppet, ansible, etc., would be the way to go :)
<serverhorror> automation tools are always nice. it makes stuff repeatable and deterministic. i donât do anything anymore that isnât somehow âmanagedâ (not even my workstation or home directory)
<[[lutchy]]> What's important to me is managing and changing things to a server... How would it make my life easier ...
<sarnold> serverhorror: nice. I'm jealous. :)
<serverhorror> sarnold: it didnât just appear at a spawn point. it actually took me 3 years or something to get to that point
<sarnold> serverhorror: lol
<[[lutchy]]> So far, none of Ubuntu servers break
<[[lutchy]]> My VPS had BLUETOOTH software
<[[lutchy]]> I have to talk to host about that... their template is busted
<serverhorror> [[lutchy]]: just scan around maybe itâll find an Airbus or something that you can control :)
<[[lutchy]]> serverhorror, One of my Ubuntu Servers is OpenVZ which a Bluetooth software as a service and running
<[[lutchy]]> serverhorror, I didn't know that OpenVZ had Bluetooth device
<[[lutchy]]> The Ubuntu Servers that I run when I installed them was with openSSH, that I mentioned earlier
<serverhorror> ha! I found yet another discussion about host name schemasâ¦ time for some trolling :)
<miceiken> is there some way to filter spam for mail server?
<fridaynext> miceiken: spamassassin and dovecot sieves.
<fridaynext> btw serverhorror, I took your advice and created a new user with permissions on the tables I wanted said user to back up. works a charm.
<serverhorror> fridaynext: just restrict the host part and you should be fine. if your backup server is somewhat secure you should be fine
<fridaynext> serverhorror: it's all on the same server.
<fridaynext> don't have the time/money to run two servers.
<serverhorror> so if you disk goes up in flames: how do you restore?
<miceiken> http://upload.clusterbrain.net/2014-05-24_0111.png that's a lot of dependencies :P
<fridaynext> serverhorror: well, this is my backup plan. the backups I've been asking you about.
<fridaynext> I backup the db and wp-content folder to each user's owncloud data folder, and they sync with their computer so they always have an up-to-date version of their site's content.
<fridaynext> and I pay for backups at my host (Linode), so if the specific disk goes up in flames, they can just restore the whole image.
<serverhorror> ah makes sense then. for a budget backup that seems a nice option
<fridaynext> serverhorror: thanks!
<fridaynext> serverhorror: it's nice to not hear 'you're doing it wrong!' for once.
<serverhorror> fridaynext: would there be any chance of success suggesting another host with backup software, more time/money to invest and you not being able to actually provide value? â i guess no. so weighing the options: you have a remote backup (hoster) you _could_ even put the owncloud stuff as a addon feature to sell or list it for free on the âfeaturesâ page and gain some more customers.
<serverhorror> fridaynext: get some marketing, some more customers and then (and only then) when the risks get too high (hopefully before any disaster strikes) set up a system that fits the changed requirementsâ¦ place that in the bookable options. make profit, get more customers, â¦.. :)
<fridaynext> serverhorror: i'm not totally following.  are you basically saying, 'Please set up another server for backup" ?
<miceiken> thanks fridaynext
<serverhorror> no Iâm saying: You (like everyone else is too) are restricted by a budget. I truly think that with the options you have that is a sane choice. If, at some point later in time, you decide that the situation has changed, build a system that fits the situation. ALSO: You build something that is valuable, why not be transparent about it and let you customers hear that and make backup something that they
<serverhorror> can choose to have (for a fee), or use it as a marketing instrument and place it on your website like âFull Backups included@
<serverhorror> s/@/:
<serverhorror> canât type anymore sorry
<fridaynext> serverhorror: that's a good idea, actually. To add backups as an extra cost.
<serverhorror> just be sure it doesnât backfire. lots of people expect that to just be there
<serverhorror> donât talk about costs :) â add âextra value packagesâ costs are bad, value is good :)
<serverhorror> .oO(I have the feeling I had to many meetings with management)
<fridaynext> nah, my clients up to this point are very good about paying the bills.
<fridaynext> oh but you're saying, don't add a fee, change the hosting cost overall and explain the added value.
<[[lutchy]]> I play to start a small VPS company....
<[[lutchy]]> Hmm... 'Paying on time'
<[[lutchy]]> s/play/plan/
<[[lutchy]]> I am thinking, why is that so important to you fridaynext  ?
<Joe_knock> fridaynext: all hosts provide the "full-backup" thing. You need to demonstrate that you provide genuine backups that the customer has access to on his own personal data storage, which you should be charging a little for in the full-price and not add it as a fee.
<fridaynext> [[lutchy]]: i don't follow what you're asking
<[[lutchy]]> fridaynext, I think I broached about the customers paying on time...What's important to you ?
<[[lutchy]]> Personally, I don't want erratic customers .. I don't want customer who buy and want a refund later
<fridaynext> Overall, what's important to me is that I have automation in place so that if anything goes tits up, I can get it back online easily, whether that means uploading back to my Linode server or even setting up a sub-par Hostgator shared hosting.
<fridaynext> [[lutchy]]: yeah, fortunately, I have no customers like that.
<fridaynext> [[lutchy]]: they're all very respectful of the time I put in to develop their sites / fix problems / etc.
<fridaynext> and by respectful, I mean they pay the invoices in a timely fashion when I send them out.
<[[lutchy]]> You offering me information
<[[lutchy]]> fridaynext, I appreciate you opinion :)
<[[lutchy]]> However
<fridaynext> uh oh
<fridaynext> the dreaded however!
<[[lutchy]]> I am still confused...Do you need them to pay to make (I think because you need to plan) because if they don't.. you can't pay your servers ?
<fridaynext> They all pay one year in advance, so they are paid up for hosting.
<fridaynext> [[lutchy]]:  is that what you're asking?
<[[lutchy]]> I am thinking
<fridaynext> [[lutchy]]: or are you asking why I don't have a super hefty backup plan in place?
<[[lutchy]]> I love to think
<fridaynext> [[lutchy]]: me too :)
<[[lutchy]]> Personally, My customer will have to make up their own backup plan
<fridaynext> [[lutchy]]: well that's a weight off of your shoulders.
<fridaynext> see, I don't want my customers to do that, b/c that means they're installing PHP plugins on their wordpress sites to do that, and I've watched my server load spike as those PHP plugins backup huge directories.
<fridaynext> So that's why I'm setting up backups via cronjobs, sent to their owncloud directories, so it's all native *nix code.
<fridaynext> no intensive PHP being run where it doesn't need to be.
<[[lutchy]]> That would be a bonus
<fridaynext> i like those server load numbers as close to 0.0 as possible :)
<[[lutchy]]> That's not what I even care about ...
<[[lutchy]]> But... It's interesting to see your point of view
<[[lutchy]]> Personally... cost.. I don't mind suffer cost for 1 year
<fridaynext> well my story in a nutshell -
<fridaynext> I started by hosting with HostGator shared.  Traffic / load got larger, so I upgraded to a VPS for $80/month.
<fridaynext> it. was. horrible.
<fridaynext> mysql crashing all the time, php crashing, apache crashing.
<fridaynext> I asked hostgator wtf was up - and this was with only like 3 or 4 sites.
<fridaynext> so their service was quite literally the worst customer service I've ever dealt with.
<fridaynext> They all but told me to stop hosting sites if I wanted faster performance.  Ridiculous.
<fridaynext> So i switched to Linode and figured, I'll just manage an Ubuntu 12.04 server all by myself.
<fridaynext> Also built a home media server with 12.04, so figured I could learn it in tandem.
<fridaynext> And I've been strengthening my server/backup/troubleshooting skills ever since.
<Joe_knock> hostgator are awesome for those shared 1-click install plans. As far as a VPS goes, you paid too much from them.
<Joe_knock> I was running a decent-sized app on a 1 gig service for $7, granted, those guys fucked me around after a while. I'll never buy from a new outfit ever again.
<IdleOne> can we please keep the language clean in here
#ubuntu-server 2014-05-24
<Joe_knock> apologies
<Joe_knock> there was no other word to use.
<Guest67771> Hi running Ubuntu 12.04 server at home, and I recently switched static IP addreses. Since that time, Webmin won't work - it just shows unable to connect. Would anyone have troubleshotting tips for me - the internet is all good?
<pmatulis_> Guest67771: webmin isn't supported by ubuntu
<pmatulis_> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<Guest67771> Ok....is there another tool to manage scheduled cron jobs?
<dw1> crontab -e will load a text editor
<dw1> crontab --help
<dw1> man crontab
<dw1> oh he left. wups
<hellinterim> What does ubuntu server normally assign the dev device name to usb externals?
<sarnold> hellinterim: /dev/sd* -- perhaps the biosdevname package changes the names..
<hellinterim> i just installed fuse. Was that needed lol because I see sdc now.
<sarnold> the /dev/sdc block device should have existed without fuse; but perhaps the filesystem that is on the block device needed fuse to be mounted
<hellinterim> it's ext3
<hellinterim> hmm well anyway. thanks. cya
<lordievader> Good morning.
<achab> 'morning
<lordievader> Hey achab, how are you?
<achab> fine thanks, and you?
<lordievader> Doing well here too.
<Macer> hm
<Macer> where exactly does lxc get its address from when using dhcp?
<Macer> because i am getting an old dns that i no longer wish to use when the container starts
<Macer> but the old dns seems persistent even tho i have no idea where it is grabbing it from
<pmatulis_> Macer: by default, from dnsmasq
<pmatulis_> there is a network bridge set up (lxcbr0), viewed with 'ip addr show lxcbr0' and 'sudo brctl show'
<Macer> pmatulis_: yeah i disabled that
<Macer> i figured it out tho. thanks anyways ;)
<Macer> so far i have set up quite the little ubuntu server
<Macer> the contianers are great
<pmatulis_> Macer: yep
<pmatulis_> using them now myself
<azim> hi
<wastl> hi
<lordievader> o/
<Macer> well. this ubuntu server is coming along quite well :)
<Macer> i even have tv tuners in it lol
<luttermann84> So... While trying to provision a server using MaaS, apt complained that the Packages file was gone! And it seens to be right, only Packages.bz2 and Packages.gz are avalible! What to do now?!
<Patrickdk> run apt-get update
<luttermann84> Patrickdk: it's kind of hard in the pxe booted environment, it shuts down becaouse of the error from apt.. and it properly wouldn't solve the problem that apt is looking for a nonexistent file.
<Patrickdk> oh, in there
<hxm> i want to send emails using smtp, does not exists a script for do that with TLS support?
<hxm> i dont mind which programming language it is
<hxm> i just found many that wont work
<bekks> hxm: So setup a mail server.
<hxm> i did but I want send authed
<bekks> So configure your mailserver to do so.
<luttermann84> hxm: what is it you want to achieve?
<hxm> bekks: you didnt understand what I said
<hxm> luttermann84: send an email from a background process with a smtp with tls
<bekks> I perfectly did. But you didnt answer my question.
<hxm> the mailserver is working, I can send emails from any mail desktop client, is all these scripts I found which fail with tls
<luttermann84> The best way is proberly to use the local mta on the system to relay the messages, if you are connecting to the local machine you don't need tls, and you can use the mail command.
<hxm> yea, but is the backup server, and I wanted to use the main server as a normal client, but surely I will need to do that
<hxm> btw goal real madrid
<luttermann84> hxm: what?
<SCHAAP137> sup
#ubuntu-server 2014-05-25
<apb1963> .gvfs                           # contains mounted file systems?
<apb1963> .local/share/gvfs-metadata
<apb1963> .Private                        # contains the actual encrypted home directory
<apb1963> .dbus                           # session-specific
<apb1963> .cache
<apb1963> .Trash                          # do I need to say more?
<apb1963> .local/share/Trash
<apb1963> .cddb                           # cached info about audio CDs
<apb1963> .aptitude                       # cached packages lists
<apb1963> Flash-specific:
<apb1963> .adobe                          # Cache for flash, maybe others?
<apb1963> .macromedia   # except for Flash persistence, there is no reason to keep this
<apb1963> Files:
<apb1963> .xsession-errors            # contains errors from the current graphical session
<apb1963> .recently-used              # recently used files
<apb1963> .recently-used.xbel
<apb1963> .thumbnails
<apb1963> .Xauthority                 # session-specific
<apb1963> .ICEauthority
<apb1963> .gksu.lock
<apb1963> .pulse  # directory
<apb1963> .pulse-cookie
<apb1963> .esd_auth
<apb1963> KDE specific:
<apb1963> .kde/share/apps/RecentDocuments # Recent documents on KDE
<apb1963> .kde/share/apps/klipper         # Contains a history of the Klipper clipboard (KDE)
<apb1963> .kde/share/apps/okular/docdata  # you will loose saved scrolling positions of PDFs
<jerrcs> huh
<apb1963> .kde/share/apps/gwenview/recentfolders
<apb1963> .kde/share/apps/kmess/displaypics  # cached other users' profile pics
<apb1963> .kde/share/apps/kmess/customemoticons  # cached emoticons of others
<apb1963> Firefox-specific (see also Profile folder):
<apb1963> .mozilla/firefox/*/Cache
<apb1963> .mozilla/firefox/*/minidumps    # in case Fx crashes dumps will be stored in this
<apb1963> .mozilla/firefox/*/.parentlock       # session-specific
<apb1963> .mozilla/firefox/*/urlclassifier3.sqlite  # phishing database, recreated
<apb1963> .mozilla/firefox/*/blocklist.xml   # blacklisted extensions
<apb1963> .mozilla/firefox/*/extensions.sqlite  # extension database, recreated on startup
<apb1963> .mozilla/firefox/*/extensions.sqlite-journal
<apb1963> .mozilla/firefox/*/extensions.rdf
<apb1963> .mozilla/firefox/*/extensions.ini
<apb1963> .mozilla/firefox/*/extensions.cache
<apb1963> .mozilla/firefox/*/XUL.mfasl     # cached UI data, recreated
<apb1963> .mozilla/firefox/*/XPC.mfasl
<apb1963> .mozilla/firefox/*/xpti.dat
<apb1963> .mozilla/firefox/*/compreg.dat
<apb1963> Opera-specific (related question on Superuser.com: Is documentation available on files and directories in the Opera profile folder?):
<apb1963> .opera/temporary_downloads
<apb1963> .opera/cache
<apb1963> .opera/thumbnails
<apb1963> .opera/opcache
<apb1963> .opera/icons
<apb1963> .opera/application_cache
<apb1963> .opera/widgets/*/cache
<apb1963> .opera/lock
<apb1963> Komodo Edit:
<apb1963> .komodoedit/*/codeintel/db
<apb1963> .komodoedit/*/host-*/*/codeintel
<apb1963> .komodoedit/*/XRE/Cache
<apb1963> .komodoedit/*/XRE/.activatestate/komodo edit/Crash Reports
<apb1963> .komodoedit/*/XRE/.activatestate/komodo edit/*/Cache
<apb1963> .komodoedit/*/XRE/.activatestate/komodo edit/*/minidump
<apb1963> .komodoedit/*/XRE/.parentlock
<apb1963> .komodoedit/*/XRE/extensions.rdf
<apb1963> .komodoedit/*/XRE/extensions.ini
<apb1963> .komodoedit/*/XRE/extensions.cache
<apb1963> .komodoedit/*/XRE/XPC.mfasl
<apb1963> .komodoedit/*/XRE/XUL.mfasl
<apb1963> .komodoedit/*/XRE/xpti.dat
<apb1963> .komodoedit/*/XRE/pluginreg.dat
<apb1963> .komodoedit/*/XRE/compreg.dat
<apb1963> .komodoedit/*/XRE/*.sqlite-journal
<apb1963> .komodoedit/*/pystdout.log
<apb1963> .komodoedit/*/pystderr.log
<apb1963> .komodoedit/*/history.sqlite.bak
<apb1963> .komodoedit/*/running.lock
<apb1963> .komodoedit/*/mutex.lock
<apb1963> .komodoedit/*/*.xmlc
<apb1963> .komodoedit/*/startup-env.tmp
<apb1963> .komoeoedit/*/commandments.fifo
<apb1963> .komoeoedit/*/history.sqlite
<apb1963> GnuPG:
<apb1963> .gnupg/rnd
<apb1963> .gnupg/random_seed
<apb1963> .gnupg/.#*
<apb1963> .gnupg/*.lock
<apb1963> .gnupg/gpg-agent-info-*
<apb1963> Google Chrome:
<apb1963> .config/google-chrome/Default/Local Storage
<apb1963> .config/google-chrome/Default/Session Storage
<apb1963> .config/google-chrome/Default/Application Cache
<apb1963> .config/google-chrome/Default/History Index *
<apb1963> Other apps:
<apb1963> .pulse/icons                  # Pidgin
<apb1963> .java/deployment/cache        # Cached applets
<apb1963> .icedteaplugin
<apb1963> .icedtea
<apb1963> .gnome2/epiphany/favicon_cache
<apb1963> crap!
<apb1963> sorry sorry sorry
<apb1963> jeez
<apb1963> I thought I had something else in my paste buffer
<apb1963> I apologize a thousand times over
<apb1963> I was actually going to ask if anyone had a list of things to exclude from backup.  The above is what I've got so far, but doesn't include system files... or the reverse... what files I SHOULD include, like /etc/passwd /etc/shadow, etc. etc.
<copocaneta> has anyone here successfully set up svn2web? I have a few questions
<MalwareKiller11> hey
<copocaneta> has anyone here successfully set up svn2web? I have a few questions in regards to running "svn propset" for particular repository directories (which don't show up at server side, only at client side)
<lordievader> Good morning.
<MalwareKiller11> Good morning
<MalwareKiller11> How many programmers does it take to change a light bulb?
<lordievader> Hey MalwareKiller11. Pff, no idea...
<MalwareKiller11> None â Itâs a hardware problem
<copocaneta> has anyone here successfully set up svn or svn2web? I have one question in regards to running "svn propset" for particular repository directories (which don't show up at server side, only at client side). my question is, at the svn2web documentation it says 'Add an "svn2web" property to the branch or directory that should get copied', so it tells me to "cd" to my repository subdirectory and run "svn propset", the problem is that this repository 
<Macer> this ubuntu server is a beast heh
<Macer> took me like 1/4th the time to set up ubuntu server than it would have any other type of distro.. plus the lxc stuff is great
<lordievader> \o/
<Macer> lordievader: what made it special are the tv tuner cards ;)
<Macer> and zfs of course
<Macer> zfs ftw
<Macer> i would have tried out btrfs but the raid5 support is fickle
<Macer> i need to set up upsd and smartd as well
<Macer> to email me if a drive breaks :)
<lordievader> TV tuner cards in a server?
<Macer> i already set up dns, zimbra, plex, and shell containers tho... awesome stuff... RIP virtualization
<Macer> yah. it is also a tvheadend server
<Macer> i need to figure out how to forward the hardware to a container and run it from that but that can wait for a bit
<Macer> the goal is to run everything on one server using raidz and containers
<Macer> lxc ftw! the lack of something akin to fbsd jails was kind of a turn off even tho i guess lxc is still more dangerous if a user has root within a container
<Macer> i'm sure that's being worked on tho
<Macer> i have 3 tuners that grab ota stuff when necessary and stream it to xbmc clients around the house
<lordievader> I like KVM more, but to each his own.
<Macer> works wonders for football games :)
<Macer> yah.. i just happened to ask and someone suggested lxc so that's what i went with
<Macer> it's simplicity helped a ton too. plus the ability to run older version of ubuntu helped with installing the zimbra community edition for the email stuff
<Macer> need to figure out how to sync it all with a client but that can wait for later too. the email server works for now which is what matters heh
<Macer> and when i say client i mean contacts and calendar stuff
<Macer> would be pretty cool if ubuntu touch supported such a sync with zimbra out the box :D
<Macer> no more stuck with a conglomerate to ensure contacts and calendar stuff across devices.. i'm sure there are ways to do it but i haven't tried very hard just yet
<copocaneta> has anyone here successfully set up svn or svn2web? I have one question in regards to running "svn propset" for particular repository directories (which don't show up at server side, only at client side). my question is, at the svn2web documentation it says 'Add an "svn2web" property to the branch or directory that should get copied', so it tells me to "cd" to my repository subdirectory and run "svn propset", the problem is that this repository 
#ubuntu-server 2015-05-18
<jrwren> you are looking for information about Xen?
<RoyK> I thought amazon was moving on to kvm these days
<jrwren> good point. I've no idea. I know they used to do Xen. One should investigate this ;]
<Rob__> is there an easy way to bail to busybox prior to getting into the meat of the boot in initramfs so I can check on a few things?
<Patrickdk> break=mount ?
<hadifarnoud> what is the best open source email server that allows creation of accounts via an API?
<rbasak> hadifarnoud: pretty much all of them - they generally support LDAP.
<hadifarnoud> rbasak: but LDAP doesn't cut it for me. I need a REST API to manage those accounts
<tlyng> I'm having problems writing an upstart script and are wondering if someone could help out. It's line #30 at http://pastebin.com/Tx8Epf1p which is not working (/proc/self/fd/9: [ !: not found)
<caribou> Anyone here familiar with CEPH's upstart configuration & not sleeping in Vancouver ?
<hadifarnoud> I want to give my customers email with their own domain. We have a site builder app and allowing them to have emails on their own domain is a must. what do you recommend?
<hxm> hi, I have upgraded ubuntu and now mysql won't start, the mysql.err is empty and I dont find any info about this
<Seveas> check /var/log/syslog and /var/log/kern.log. My spideysense is blaming apparmor :)
<jjohansen> hxm: easiest way is grep DENIED /var/log/syslog  and /var/log/kern.log  that will show up any apparmor rejects
<hxm> yea that's what the first I did Seveas & jjohansen but no mysql lines in those files
<jjohansen> hxm: hrmmm well then it is likely not apparmor
<sarnold> hxm: anything in dmesg?Z
<hxm> no
<hxm> but I think I found the problem
<hxm> http://paste.ubuntu.com/11213028/
<hxm> is like mysql-server 5.6 won't support previous config files?
<RoyK> the only reason to use mysql is with applications that don't support postgresql :P
<hxm> ok
<hxm> i don't win the war just because start an other war
<hxm> just starting*
<sarnold> yeah, mysql updates sometimes break things. oracle is just trying to remind you that they also sell a "real database" if you'd like to employ one of their certified DBAs...
<RoyK> hehe
<RoyK> yeah - just $20k for the wee Oracle server
<hxm> $20k more than mysql
<RoyK> and $20k more than postgresql
<RoyK> which does things better than mysql in almost any way
<RoyK> but then, things like wordpress are fixed on mysql, so we're stuck with it with some apps
<sarnold> I suspect that says as much about those apps as anything else..
<RoyK> I've been working hard to move everything possible over to postgresql
<RoyK> sarnold: indeed
<RoyK> sarnold: hardcoded SQL in the plugins is the main cause
<RoyK> ugly indeed
<sarnold> RoyK: those very same plugins that are a steady stream of CVE requests? :)
<RoyK> CVE?
 * RoyK is not a developer :P
<sarnold> RoyK: mitre vulnerability identifiers
<RoyK> oh, that CVE
<RoyK> half eleven and I'm tired :P
<sarnold> we're getting old man, we're gettin gold..
<RoyK> hehe
<RoyK> sarnold: I taped this on the door to the developers at work https://xkcd.com/327/
<sarnold> RoyK: hahaha a classic :)
<RoyK> sarnold: and then they took it down and I taped this up http://xkcd.com/1513/
<RoyK> (see mouseover on the last one :D)
<sarnold> RoyK: hahhaaha
<RoyK> sarnold: I taped that to their door and waited an hour or two when I found them somewhat clustered around it, puzzled, asking who put it up, and once they saw me, HA! CAUGHT!
<sarnold> hahaha
<RoyK> sarnold: we're still friends, the developers and I <(
<RoyK> ;)
<sarnold> haha good
<roy_> what is a good way to backup a server off server automatically at set times
<RoyK> roy_: what sort of backup software?
<roy_> I looking for a way to backup server
<RoyK> backup to tape? to disk? to cloud?
<roy_> maybe offline to s3
<RoyK> rsync? dirvish?
<RoyK> lots of software out there
<RoyK> dirvish is old, but it works
<RoyK> backuppc is perhaps a bit more modern
<roy_> ok
<roy_> Am looking for one which is easy to setup
<sarnold> RoyK: "FAQ last updated Wednesday, 2005 February 16 by Keith Lofstrom" hehe more than ten years since the last time anyone remembered to update the faq change time :) looks promising, hehe
<RoyK> hehe
#ubuntu-server 2015-05-19
<jrwren> start -v mongodb says start: Job failed to start
<jrwren> there are no logs anywhere that I can find. Where to look?
<sarnold> try /var/log/upstart/mongo* ?
<jrwren> nothing in /var/log/upstart/ nothing in /var/log/syslog
<jrwren> sarnold: I wish :(
<Patrickdk> just run mongo manually and see what happens
<jrwren> Patrickdk: works great :(
<sarnold> jrwren: you could try running fatrace to see what files are accessed
<jrwren> even invoking with start-stop-daemon the way the upstart job does works great.
<Patrickdk> you are running it as the same user as the init script uses?
<jrwren> fatrace is a good idea.
<jrwren> start-stop-daemon has a user option, so yes?
<jrwren> even adding debug to init/mongodb.conf gives no log
<sarnold> anything in dmesg?
<sarnold> I understand if the numa memory allocation policy isn't set correctly for mongo it'll just fall over with an oom
<jrwren> nothing obvious. this is in an lxc and so dmesg is showing me host stuff. Still, nothing with a recent timestamp
<jrwren> and mongo runs fine if I invoke it manually. upstart seems to be the problem?
<shellox> hi
<sarnold> oh man that pokes a neuron..
<jrwren> sarnold: there is an issue with running mongo in a host if its already running in lxc, but this is not that :(
<shellox> I'm using a ubuntu server 14.04, nginx and php-fpm and was wondering where the best place is to install a php application? One developer will need access to it using sftp, so i was thinking /srv/www/my-app and give him access to this directory
<sarnold> jrwren: ah! that's what it was. thanks....
<shellox> is that a sound way to do it :P?
<sarnold> shellox: yeah, it's as good a place as any. debian guidelines might suggest stuffing it somewhere under /var/www but I never really liked that location for locally installed web applications.
<sarnold> jrwren: but dang. :)
<jrwren> is there a way to put upstart into super debug mode?
<jrwren> or /sbin/start into debug verbose++ mode?
<shellox> sarnold: Is it good practice to add a user to the www-data group, so he has write access to directory?
<sarnold> shellox: I'd rather have the directory and files owned by the developer, and make sure the www-data user or group can read the files. I think webservers should only have write access to their log files and databse sockets...
<Patrickdk> webservers shouldn't have to write to them ever
<Patrickdk> your cgi/fcgi might have to, and should be limited
<Patrickdk> it's nice to do something like git or so
<Patrickdk> and just have it continuously get updates pushed to it
<Patrickdk> no need to worry about dev owning files
<jrwren> strace of the /sbin/start is a bit interesting
<jrwren> http://paste.ubuntu.com/11216946/
<Patrickdk> not really, to be expected
<Patrickdk> as strace doesn't follow forks
<jrwren> yeah? the EAGAIN on reads to the /com/ubuntu/upstart socket is to be expected?
<Patrickdk> can't tell, it's all ...
<Patrickdk> but I don't see that
<jrwren> i'll paste again with -f and -s 1024
<Patrickdk> it sent a message, it worked
<shellox> sarnold: I see, that sounds plausbile. Thanks
<jrwren> http://paste.ubuntu.com/11216993/
<Patrickdk> looks like it's working fine
<sarnold> I didn't suggest strace since I expected it to be useless; iirc start just contacts the running pid 1 and asks -it- to start a new job, and upstart uses ptrace extensively when starting new jobs, and .. throw containers inthe mix and I really doubt strace will demystify anything.
<jrwren> ok. maybe trace pid 1?
<Patrickdk> no
<sarnold> I haven't got a clue if that's allowed, and I wouldn't try it on a system I needed to stay alive :)
<Patrickdk> you need to trace the mongodb pid
<jrwren> mongo is fine.
<jrwren> there is no mongo pid
<Patrickdk> sure there is
<jrwren> if I start mongo manually, it runs
<jrwren> if I start mongo by using start-stop-daemon exactly as is in the upstart script, it runs.
<jrwren> upstart is failing.
<sarnold> maybe throw the strace -f on that start-stop-daemon
<jrwren> but that actually works.
<jrwren> oh, on it in the upstart job?
<sarnold> again, since upstart uses ptrace I'm worried it might not be helpful...
<jrwren> oh!
<jrwren> this is a user lxc
<jrwren> and mongodb upstart jobs has
<jrwren> limit nofile 64000 64000
<jrwren> which failed
<jrwren> strace -p 1 showed me.
<jrwren> that was it.
<sarnold> woo!
<jrwren> HUGE thanks for helping.
<jrwren> i don't know if that is a bug or not.
<sarnold> it seems worth filing a bug report
<jrwren> ok.
<sarnold> but I don't know if it ought to be filed against lxc, mongo, or upstart :)
<jrwren> ha! that was about to be my next question
<sarnold> heck file it against all three ...
<jrwren> i'll have to learn how to LP to file 1 bug against all 3.
<sarnold> file it against one package, then hit the "also affects distribution/package" button, and add in another one in the 'source package name' field
<jrwren> thanks.
<sarnold> time to bail, have fun jrwren :)
<jrwren> thanks again. good night.
<hxm> morning
<hxm> i had some problems with mysql, so i unninstalled every mysql packages, i am trying to install mysql-common and it says /etc/mysql/my.cnf.fallback does not exists
<hxm> indeed, i deleted that directory
<rbasak> hxm: purge mysql-common first. Otherwise it'll keep your "modifications".
<rbasak> hxm: in fact, make sure to purge *all* MySQL related packages if you're going to go to the extreme of removing stuff manually first.
<shellox> which permission should the key file for my SSL cert have?
<shellox> i found this guide
<shellox> https://help.ubuntu.com/lts/serverguide/certificates-and-security.html
<shellox> and copied it to /etc/ssl/private
<Sander^work2> In what circumstances is it required to have nfs shares inside a subdir like this: /nfs/host1/share1 and nfs/host2/share2/ instead of having everything in /nfs/share1 and /nfs/share2
<hxm> I have this problem http://paste.ubuntu.com/11223995/ which is a headache for me
<hxm> in the /var/log/mysql/error.log the relevant line is ERROR: 1062  Duplicate entry 'innodb' for key 'PRIMARY'
<hxm> i thought i already deleted database
<rbasak> matsubara_: around? Would you mind driving SRU verification for bug 1443735 for me please? It'll be a while yet - an existing SRU needs to clear before I can upload it and it'll probably sit in the SRU queue for a while after that anyway, but I thought I'd ask you in advance.
<rbasak> https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1443735
 * rbasak wonders where the bot is.
 * matsubara_ looks
<matsubara_> rbasak, ok. I can do that
<rbasak> matsubara_: thanks!
<Voyage>  how to write automated scripts for linux with max possibilities and control?
<jrwren> Voyage: very carefully.
<Voyage> jrwren,  in what way
<jrwren> Voyage: that is how I write automated scripts. I do it very carefully.
<Voyage>  you know scripts that would do stuff that I do in commandline. rsync ssh, copy files, change configs, connect to another server, do stuff, return back. what ever.......
<Voyage> how to do it?
<Voyage> how do you write those
<Voyage> jrwren,  bash or what?
<Voyage> I heard doing this with pythong was a smarter way
<jrwren> Voyage: bash is fine. its nice to have easy access to gnu coreutils things.
<jrwren> Voyage: I recommend you start with bash and use something else only if you need it.
<Voyage> cant python do what bash can?
<jrwren> Voyage: I love python too. I'd not call it "a smarter way"
<Voyage> why
<jrwren> Voyage: it depends.
<jrwren> Voyage: you'll find in tech, a lot of people have strong opinions and like to tell others what they should be doing without any idea of individuals actual needs.
<jrwren> Voyage: because many things can be done simply in bash which aren't quite as simple in python, or... require some external python dependency.
<Voyage> hm
<Voyage> can anyone give an example of things that cannot be done by bash and we need python to do so?
<jrwren> Voyage: there are no absolute answers to these qeustions.
<jrwren> Voyage: python can spawn threads, bash doesn't have primitives for that
<jrwren> Voyage: BUT, python has its GIL, so threads aren't as useful.
<jrwren> Voyage: I highly recommend focusing on solving problems isntead of worrying about differences between python and bash.
<Voyage> hm
<hackeron> hey, anyone has an issue with Ubuntu 15.04 not rebooting without a connector monitor? - Any ideas what could be causing it? -- 14.10 rebooted without issues.
<hackeron> (I'm using ubuntu-server, so no X and I would like to run headless)
<rbasak> hackeron: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1443735 maybe?
<rbasak> You should be aware of that and implement the workaround on every headless box anyway. We should have an update which fixes the default soon.
<hackeron> rbasak: no, not that one - I already have this set on every headless server
<hackeron> rbasak: this is related to 15.04 and I am guessing maybe systemd - plugging in a monitor makes the server instantly boot
<rbasak> hackeron: that's interesting
<rbasak> hackeron: if you figure it out, please let me know. Maybe try a serial USB adaptor to diagnose if that works?
<hackeron> rbasak: I commented on that original bug back in 2011
<hackeron> rbasak: the server is remote somewhere, I am speaking to them on skype and when I reboot the server, it doesn't boot - as soon as a monitor is plugged in, it boots up - nothing in the logs other than:May 19 15:45:20 TimeBox rsyslogd: [origin software="rsyslogd" swVersion="7.4.4" x-pid="1055" x-info="http://www.rsyslog.com"] exiting on signal 15.
<hackeron> May 19 15:53:14 TimeBox rsyslogd: [origin software="rsyslogd" swVersion="7.4.4" x-pid="1653" x-info="http://www.rsyslog.com"] start
<hackeron> the rsyslogd start happens the instant a monitor is plugged in - and this did not happen in 14.10
<rbasak> hackeron: nothing in dmesg?
<hackeron> rbasak: nope, the kernel starts booting the instant the monitor is plugged in - it appears to get stuck in grub
<rbasak> Ah
<rbasak> The only logging you'd get from grub is to the console really (practically that means serial)
<hackeron> trying to boot with nomodeset - but not sure how that will help, if it never starts booting without a monitor :/
<hackeron> rbasak: don't have a serial console though - what do they look like these days anyway? - I only have USB ports, heh
<rbasak> hackeron: yeah I understand. Nowadays the only form I'm aware of are USB<->serial adaptors. I have no idea if grub can use one of those though.
<hackeron> rbasak: even so, what do I connect to the serial end of the adapter?
<rbasak> hackeron: a smartphone video of the screen is another possibility, but also impossible here because your screen won't be plugged in
<rbasak> hackeron: another usb serial adaptor :)
<hackeron> rbasak: the second I plug a monitor in, it boots :/
<rbasak> Yeah
<rbasak> VGA?
<hackeron> rbasak: yep
<rbasak> The only other thing I can think of is to cut the DDC pins with a switch for debugging
<rattking> I alot of OOB managment systems do SOL, some ever provide access via ssh.. very nice compared to some java kvm
<rbasak> It seems a bit of a stretch though I think DDC is the only way grub would know when the monitor gets plugged in
<hackeron> rbasak: hmmm, if I set all the GRUB timeouts to 0 (effectively disabling the menu), it seems to boot, or at least it booted now - trying to reboot
<rbasak> hackeron: maybe also play with https://www.gnu.org/software/grub/manual/html_node/gfxpayload.html?
<hackeron> rbasak: well, I donno what monitor may or may not be plugged in, so I don't want to hard code anything like that
<hackeron> rbasak: and this worked fine in 14.10 - so it seems something in grub between 14.10 and 15.04 broke headless boot on Intel Atom and Intel Celeron machines like Shuttles and NUCs - not good
<rbasak> hackeron: I was thinking of changing it to "text".
<rbasak> hackeron: agreed it's not good. If it can be verified as a bug in grub or grub packaging I'm confident that it'll get fixed. Just need to pin it down.
<hackeron> rbasak: will try - this server is in Moscow and I'm in London so coordinating is hard - I have around 70 servers, around 15 of them are experiencing this. Going to change the grub timeouts on them to 0 as a workaround, then assemble one locally and see if I can pin it down
<rbasak> hackeron: thanks, I appreciate it.
<hackeron> rbasak: no worries :) - also it seems setting timeouts to 0 isn't enough - it also needs GRUB_HIDDEN_TIMEOUT_QUIET=false
<rbasak> hackeron: you are doing BIOS serial console redirection, are you?
<rbasak> aren't doing
<hackeron> what's that? - I'm not doing anythign special - I did do-release-upgrade to 15.04 and it stopped booting without a monitor
<rbasak> hackeron: fairly common on headless boxes. The BIOS presents a serial device and redirects it to the monitor/keyboard.
<rbasak> If that is enabled then I wonder if the BIOS is causing serial output to hang until the monitor is connected for example.
<hackeron> rbasak: it's just an NUC
<kickinz1> hackeron, rbasak, I also experienced grub stuck at menu, when you run update-grub, there is a error message about GRUB_HIDDEN_TIMEOUT_QUIET  and other related option not supported enabled at the same time anymore
<rbasak> I've never handled a NUC physically, so I don't know much about them.
<rbasak> I just don't follow why grub would care whether a monitor is plugged in. I didn't expect it to speak DDC.
<kickinz1> But I was having problem on making my system boot on a bcache rootfs, so I didn't take too much care of this.
<rbasak> So I'm wondering if there's some kind of BIOS interaction going on here.
<rbasak> And serial redirection is the first BIOS interaction I thought of that might be relevant.
<kickinz1> But why would the fact to connect the display make it start ....
<kickinz1> (was on 15.04)
<hackeron> rbasak: ok, it seems GRUB_HIDDEN_TIMEOUT_QUIET=false isn't enough - need to remove splash and quiet also -- if the bios is doing that, why would removing splash and quiet and setting GRUB_HIDDEN_TIMEOUT_QUIET=false fix the issue?
<hackeron> rbasak: and why wasn't it doing that in 14.10 or 14.04?
<rbasak> hackeron: plenty of interactions change between releases. That doesn't necessarily make it a bug in a newer release.
<kickinz1> Hackeron; Do you have this warning when you update grub (translated from french): " Setting GRUB_TIMEOUT to a non-zero value if GRUB_HIDDEN_TIMEOUT is set is not possible anymore"
<rbasak> hackeron: I am just speculating here. First let's figure out what's going on. Then we can talk about whether it's a bug and where and how it might be fixed.
<hackeron> kickinz1: no warnings when running update-grub - I have all timeouts set to 0
<rbasak> hackeron: I'm suggesting that if you have BIOS serial redirection turned on, try turning it off to help pin down the bug.
<kickinz1> hackeron, OK, sorry fo noise, then.
<rbasak> hackeron: I appreciate that's difficult in your situation. It's just a suggestion.
<hackeron> rbasak: I very much doubt the NUC has this feature - this is just a tiny mini PC with an intel celeron CPU - also it's in Moscow -- I'll assemble one locally later today and check
<rbasak> I have some cheap Atom based boards that do it.
<rbasak> Don't NUCs have some basic management as well?
<hackeron> rbasak: not that I know of.. - this also happened on a shuttle with an atom which just has defaults loaded in the bios - it's designed as a cheap desktop
<hackeron> rbasak: this one: http://www.dabs.com/products/shuttle-slim-xs35v3l-black-barebone-system--atom-d2550-2-x-ddr3-sodi-949D.html?utm_source=google&utm_medium=ppc%20product%20search&utm_campaign=Computing%20-%20Desktops%20and%20Monitors%20-%20Desktop%20PCs&gclid=Cj0KEQjwvuuqBRDG95yR6tmfg9oBEiQAjE3RQNyYMACUOhj9Z06x02P_5OPcqAajBUV7pKRbVrcHVS8aAoM58P8HAQ
<hackeron> actually it's a v2 with a VGA: http://us.shuttle.com/barebone/Models/XS35V2.html
<teward> with an Apache web server is there a way to refresh the configurations (like how nginx can do `service nginx reload` and refresh the configurations without booting current connections or having the instance shut down)?
<teward> (but close down the apache instance)
<jrwren> teward: graceful
<jrwren> teward: apachectl has a graceful option
<teward> jrwren: OK, so that will not require a restart of the Apache process, and will gracefully apply the updated config for future connections without disrupting already connected connections?
<teward> that's the problem (can't afford downtime!)
<hxm> i have to say ubuntu 15 ruined my day
<hxm> joking, but still true
<jrwren> https://httpd.apache.org/docs/2.2/programs/apachectl.html  yes
<jrwren> " This differs from a normal restart in that currently open connections are not aborted."
<teward> jrwren: ahhh, that's hyper important, thanks.
<teward> i'm an nginx guy hence my asking :/
<teward> :P
<teward> jrwren: stupid other question: what's the syntax to enforce SSL server side ordering in a config.
<teward> in nginx it's ssl_prefer_server_ciphers, but no clue what it is in Apache
<teward> (getting stuff dumped on me is blah)
<jrwren> teward: SSLHonorCipherOrder on
<jrwren> teward: https://httpd.apache.org/docs/current/mod/mod_ssl.html  double check that its what you want.
<hackeron> rbasak: an update, after some trial an error, it seems only this is required to make these servers boot: GRUB_CMDLINE_LINUX_DEFAULT="nomodeset"
<hackeron> rbasak: so it seems like a kernel bug in that case?
<hackeron> in fact this works too: GRUB_CMDLINE_LINUX_DEFAULT="nomodeset quite splash"
<teward> jrwren: awesome, that's exactly what we needed.  Thanks again :)
<rbasak> hackeron: could be a kernel bug. Can you try the utopic kernel on vivid to pinpoint that?
<hackeron> quiet*
<hackeron> rbasak: sure, let me try - I believe I just change GRUB_DEFAULT=1
<rbasak> hackeron: yep - GRUB_DEFAULT. Though I'm never sure what 1 will do with older kernels being in a submenu now, so I do it by text: http://askubuntu.com/a/216420/7808
<rbasak> I match the exact text strings from the existing /boot/grub/grub.cfg.
<rbasak> Then update-grub.
<rbasak> '>' is for a submenu
<hackeron> rbasak: for some reason it just booted the 15.04 kernel anyway and the sysadmin had to leave - will try to reproduce locally here
<jKaideN> hey guys
<jKaideN> anyone have experience with ILO2 (HP Integrated Lights-Out 2) ?
<rbasak> hackeron: OK. I'm heading out now but will stay online and will check back later. If it does turn out to be a kernel issue, please file a bug - "kernel modesetting hangs headless machines until monitor is plugged in" or something. They'll probably want hardware details.
<jKaideN> I'm trying to install my own ISO (OS) rather than using a cpanel with pre-set ISO's I'm not sure how exactly I can remotely install my own custom ISO
<rbasak> hackeron: if you wanto dig further (we'd love it if you did) then https://wiki.ubuntu.com/Kernel/MainlineBuilds and https://wiki.ubuntu.com/Kernel/KernelBisection will hopefully help pin it down to a single commit.
<jKaideN> in the ILO2 web management I have this thing called "Virtual Media Applet" But i just get java error
<hackeron> rbasak: thank you, I'm just buiding a new NUC here to try to reproduce the problem first :)
<pmatulis> jKaideN: using windows/IE on the client side? if so, that should work
<jKaideN> yeah i am not working though
<jKaideN> Could not initialize class com.sun.deploy.net.protocol.https.Handler$Intializer
<jKaideN> Ah disabled TLS 1.1 + 1.2 on Java
<jKaideN> it's working now
<jKaideN> Ubuntu Server 15.04  or  Ubuntu Server 14.04.2 LTS  ??
<hackeron> rbasak: argh! - I have the same NUC here but a different revision and cannot reproduce the problem here, but 15 of 60 servers have this problem now and they are in client locations so can't really ask them to keep rebooting while I experiment :( - going to try the workaroud and see if the problem goes away for them all
<rbasak> hackeron: a higher or lower revision? I wonder if it was a BIOS bug that got fixed?
<hackeron> rbasak: same bios version, different hardware revision
<rbasak> OK, I guess not then.
<hzut> Hi - Please, let me know a good successor for emule?
<jKaideN> Hey guys anyone here I got a quick question regarding "Virtual Media"
<jKaideN> now, i'm installing Ubuntu Server on my remote dedicated server
<jKaideN> I've got access to KVM switch which has things like remote console to server and this thing called "Virtual Media"
<jKaideN> i've located the virtual media to the ISO i downloaded (ubuntu server) on my client local machine
<jKaideN> Does this upload the iso ? because the iso is around 600 MB and my upload speed is really slow
<jKaideN> was wondering how is the server reading the file from my local PC without me having to upload it ??
<hackeron> rbasak: the plot thickens - I managed to reproduce the problem, but only when doing do-release-upgrade from 14.04 -> 14.10 -> 15.04 -- if skipping 14.04, there are no boot problems - how bizare :/
<jrwren> hackeron: this is the grub thing, right? can you diff -r /boot between a system exhibiting the problem and another not?
<hackeron> jrwren: will do, just helping a client get a system back up and running - thankfully the workaround fixes the immediate issue
<pmatulis> jKaideN: yes, will be slow
<jKaideN> pmatulis, yep i'm setting up right now, um i've got 2 network interfances i've just setup eth0 as primary
<jKaideN> how would i know if thats the correct one ?
<jKaideN> and im stuck at "partitioning disks"
<pmatulis> stuck how?
<jKaideN> Guided - Use entire disk ?
<jKaideN> so many options
<jKaideN> or should i be doing manual for this
<jKaideN> server has 1 500GB  HDD
<pmatulis> jKaideN: depends what you want in the end
<pmatulis> jKaideN: do you need any special partitioning?
<jKaideN> nope
<jKaideN> I don't
<pmatulis> jKaideN: choose 'guided + LVM'
<jKaideN> Guided - use entire disk and set up LVM ?
<pmatulis> yep
<pmatulis> then accpet the next few questions
<pmatulis> (yes)
<jKaideN> it's asking for volume group to use for guided partitioning:
<jKaideN> it automatically says "499.8 GB" leave it as it is/
<pmatulis> yes
<jKaideN> http://i.imgur.com/heR2NoS.png
<jKaideN> is that all good ?
<pmatulis> yes
<jKaideN> upload speed : 47.37 KB/s :(
<jKaideN> #Australia
<sarnold> ow :/
<pmatulis> go australia, those packets are taking the scenic route around corrals and whateva
<hzut> Hi - Please, let me know a good successor for emule?
<jKaideN> lol and my download is 100 MB/s rofl
<jKaideN> for the nameserver i just set it to 8.8.8.8
<jKaideN> thats fine ?
<pmatulis> that's local-specific
<jKaideN> ?
<Walex2> hzut: 'amule'
<jKaideN> how should i manage upgrades on the system? which is preferred?
<jKaideN> no auto updates | install security updates auto | manage system with landscape
<bekks> jKaideN: The way that fits your requirements.
<CrustY__> Hi everyone
<CrustY__> I've faced this issue https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1447654
<CrustY__> and tried to install polkit like in workaround described in comment
<jKaideN> I just went with no auto updates i'll porbably want to manage them myself
<CrustY__> but apt-get install polkit-1 hangs on installing udev
<CrustY__> how can I fix that?
<jKaideN> when you first install ubuntu server is it essential to do 'apt-get full-upgrade' ?
<bekks> jKaideN: apt-get dist-upgrade
<CrustY__> I use it on cloud
<CrustY__> to be clearer: it's droplet in digitalocean
<bekks> jKaideN: full-upgrade isnt even mentioned in the man page.
<jKaideN> bekks, oh i see, is the dist-upgrade any different from normal upgrade
<jKaideN> bekks, in other words why should i be doing dist-upgrade opposed to normal upgrade
<bekks> jKaideN: This article explains it: http://askubuntu.com/questions/81585/what-is-dist-upgrade-and-why-does-it-upgrade-more-than-upgrade
<CrustY__> any help?:(
<jKaideN> do i install GRUB boot loader?
<sarnold> CrustY__: perhaps add a comment to the bug with the information pitti asked for; he'll probably be online in seven or eight hours and might be able to work on it then
<pmatulis> jKaideN: 'apt full-upgrade' will work
<pmatulis> jKaideN: yes, install GRUB
<jKaideN> yep done
<sarnold> heh, I've never seen full-upgrade before.
<bekks> pmatulis: How comes it isnt documented in the man page?
<jKaideN> installing iptables-persistent now
<pmatulis> apt not apt-get
<bekks> ah, oh, ok. TIL. :)
<pmatulis> hopefully to have completion soon
<bekks> :)
<jKaideN> btw im using ufw will that conflict with iptables ?
<jKaideN> like when i allow something on ufw but accidentally deny in iptables which takes highest priority ?
<sarnold> jKaideN: ufw writes iptables rules for you
<bekks> ufw uses iptables, but you're better of using either ufw for administering iptables, or dont use ufw.
<sarnold> jKaideN: I'd recommend picking one; hand-writing rules or using ufw, and stick with it...
<jKaideN> ok since i'm not going to be using much rules everything will be kept simple i'll just go with ufw
<jKaideN> I have
<jKaideN> -P INPUT DROP
<jKaideN>  -P FORWARD DROP
<jKaideN>  is that normal
<jKaideN> is there a way to update python and making sure that two different versions are non-existing?
<sarnold> jKaideN: what are you trying to do?
<sarnold> jKaideN: hint: it's best to pretend python3 and python2 are completely different languages
<jKaideN> update current python from 2.7.6 to 2.7.9
<jKaideN> yes
<sarnold> jKaideN: the easiest way to do that is to upgrade to vivid.
<sarnold> jKaideN: alternatively you could compile your own python fro msource for whatever requires 2.7.9.
<jKaideN> things that use python doesn't require 2.7.9 but I'd like to update python for security reasons as well, rather not keep them outdated
<jKaideN> example: fail2ban requires python >= v2.6 (or >= 3.2)
<sarnold> 2,7,6 fits that..
<sarnold> there's not much outstanding for python2.7: http://people.canonical.com/~ubuntu-security/cve/pkg/python2.7.html
<sarnold> we've rated all those low priority issues
<jKaideN> i should be fine with 2.7.6 ?
<jKaideN> i'm using ufw does this save the table after reboot
<jKaideN> or am i required to install iptables-persistent as well
<jKaideN> also in motd i receive "7 updates are security updates.
<jKaideN> " How do i apply these updates ? through apt-get upgrade ?
<bekks> jKaideN: Just use apt-get dist-upgrade, instead of aptget upgrade, always.
<jKaideN> also on syslog i got something like this:
<jKaideN>  [UFW BLOCK] IN=eth0 OUT= MAC=00:19:.... SRC=128.8.x.x DST=<my server ip>  LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=12690 DF PROTO=TCP SPT=50848 DPT=8333 WINDOW=14600 RES=0x00 SYN URGP=0
<jKaideN> there's a couple of htem
<jKaideN> lol wtf that ip is dreyfus.umiacs.umd.edu
#ubuntu-server 2015-05-20
<ruben23> hi guys how do i install ncurses-devel in ubuntu server..?
<OpenTokix> ruben23: apt-get install libncurses5-dev
<ruben23>  hi guys how do i install ncurses-devel in ubuntu server..?
<rbasak> hackeron: did you get anywhere with that?
<Sander^work> How come mount --bind from fstab dosnt work on ubuntu 6.10, but it does on ubuntu 12.04.. I did this small test: mkdir /tmp/test /tmp/test/works /tmp/test/mounted; echo "/tmp/test /tmp/mounted none bind 0 0" >> /etc/fstab; mount -a; ls -la /tmp/mounted
<rbasak> 6.10?
<rbasak> Bind mounting is a relatively recent kernel feature. I'm not sure it existed in 2006.
<Sander^work> Do you know which kernel version it was introduced in?
<rbasak> I'm not sure, sorry.
<Sander^work> Ok, thanks so far atleast, i'll ask in #kernel
<Sander^work> rbasak, do you remember which file is the bootup init script?
<Sander^work> so I can add --bind rules there.
<rbasak> Sander^work: I would put it in /etc/rc.local or write a separate init script. Cleaner than messing with the existing ones.
<Sander^work> rbasak: is rc.local used after boot mounting in fstab?
<Sander^work> I guess.
<harushimo> question for people on ubuntu maas
<harushimo> i've been stuck on the second step specifically geared towards clustering
<Mega1> is there any here
<harushimo> can anyone assist me on maas
<harushimo> I'm having some problems
<hackeron> rbasak: not had a chance yet - been dealing with others having this issue as well as setting up new customers - will try to have a look later to figure out what exactly is different going from 14.04 -> 14.10 -> 15.04 and just going from 14.10 -> 15.04 and why does the former not boot :/ - so bizare!
<rbasak> hackeron: can't remember if I said this before, but maybe compare /etc between the two options?
<rbasak> hackeron: you definitely ended up on the same kernel version?
<rbasak> hackeron: maybe also compare package lists
<harushimo> anyone can help with MAAS..that would be great
<kickinz1> harushimo, please describe your problem, not sure I can help, but you would get more answer when describing the problem.
<harushimo> here is my problem: for some odd, I update the configuration interface for the cluster. I get two errors message. Clashes with MAAS Dhcp as for the cluster.  Then I get a error message no connections to my cluster
<harushimo> i'm following this documentation: http://www.ubuntu.com/download/cloud/install-ubuntu-openstack
<harushimo> step 3 is giving me the problem
<kickinz1> harushimo, restart maas-dhcp service and maas-clusterd services
<harushimo> would it be sudo maas restart maas-dhcp service and cluster services
<kickinz1> harushimo, on which release are you running maas?
<kickinz1> harushimo, (trusty, vivid)?
<harushimo> 14.04 server
<harushimo> I'm guessing that is trusty
<kickinz1> OK trusty, so you are running upstart. sudo service maas-???? restart
<harushimo> thank you
<kickinz1> harushimo, did it make it work?
<harushimo> nope it says maas-dhcp unreconginzed service
<kickinz1> I don't have a maas server nearby, so I don't remember the services names. You need to check in your /etc/init dir
<Seveas> it's maas-dhcpd
<harushimo> thank you
<harushimo> I'm still getting the same error message: Error: Unable to connect to cluster
<harushimo> i don't understand why I need MAAS to run openstack?
<kickinz1> You will need maas, as maas will take care of managing your hw infrastructure, to start/stop intall automatically the hardware, and create an environment for juju to use and model your openstack on it.
<harushimo> okay
<kickinz1> Then juju will ask maas a server, maas will start one, install ubuntu, keys, etc... on it, then tell juju it is ready, and juju will take over
<harushimo> okay
<harushimo> I want to be able to run cloud foundry
<harushimo> hence, I'm installed on these applications
<harushimo> I mean installing
<kickinz1> OK
<kpettit> Any good tricks for removing false positives for SSH checks?  I seem to get tons of those.
<kpettit> whoops sorry wrong window.  Doing some zabbix junk
<kickinz1> harushimo, I think you will get more help if you join #maas channel.
<harushimo> if anyone answers there
<harushimo> hehe
<harushimo> I'll delete the old and create a new VM
<kickinz1> harushimo, OK
<harushimo> thanks for the help
<kickinz1> harushimo, you are welcome
<harushimo> luckily VM are easily destroy and create
<kickinz1> harushimo, if you are trying to create a virtual openstack over vms, you might want to increase your host MTU to save you some headaches later on (for the tests purposes).
<harushimo> what do you mean MTU? I'm not used that acronym
<harushimo> please forgive me
<kickinz1> harushimo, https://en.wikipedia.org/wiki/Maximum_transmission_unit
<harushimo> how do you increase that?
<kickinz1> harushimo, so tune your host eth with 'sudo ifconfig eth? mtu 9000' for example, where 9000 refers to the size of the mtu (9000 is jumbo frames).
<harushimo> okay
<kickinz1> harushimo, it is just for the purpose of this test setup.
<harushimo> yeah
<kickinz1> harushimo, from what I understood of your test, you will end-up with a virtual maas, serving virtual machines as server to deploy an virtualised openstack, on which you will then create virtual machines (nested virtualisation), to serve a cloud foundry service.
<harushimo> yep
<kickinz1> harushimo, I hope your host is a good one (as lots of RAM, CPUS and disks), forget it on a laptop!
<kickinz1> harushimo, by disks, I meant fast disks.
<kickinz1> harushimo, you will have 7 vm for underlying infrastructure, then the number of nested vm required for your service, so you need to create vms with enough ram to support the nested ones that will sit on top, (so you don't have to reconfigure the underlying machines at the end when creating your service).
<harushimo> right
<kickinz1> harushimo, OK, sorry if I'm captain obvious.
<harushimo> your fine
<harushimo> My machine can handle it
<harushimo> I have i7 with hyper threading enabled with 32 gbs
<harushimo> it will be fine
<kickinz1> OK
<harushimo> its a pretty powerful machine
<harushimo> tips are always appreciated
<eagles0513875__> hey guys how can i use ufw and tell it to forward traffic from one port to another
<kickinz1|bbl> eagles0513875__, does it helps you out 'https://gist.github.com/kimus/9315140' ?
<eagles0513875__> kickinz1|bbl: 404
<kickinz1|bbl> eagles0513875__, https://gist.github.com/kimus/9315140
<kickinz1|bbl> eagles0513875__, ^ opens right on my brower.
<eagles0513875__> kickinz1|bbl: the first link you had ' as part of link
<eagles0513875__> i saw that but im still a bit lost
<eagles0513875__> i dont need nat though
<eagles0513875__> i have node.js running with authbind to bind traffic to port 80 then in this app we have written its using the sails MVC framework and that in tern when im running it on said test server its on a different port
<eagles0513875__> and im not able to connect to local host
<eagles0513875__> either 1) i need to forward traffic coming in on 80 to the port sails is using
<eagles0513875__> or the hosts file
<Onionnion> I'm trying to use this PPA to install PHP 5.4 on a 14.04 server but apt-cache policy php5 isn't finding the 5.4 https://launchpad.net/~ondrej/+archive/ubuntu/php5-oldstable
<Onionnion> the readme on there says it doesn't support 13.10 and above, but guides and tutorials are say it should work still
<kickinz1|bbl> eagles0513875__, sorry I need to go.
<eagles0513875__> kickinz1|bbl: np
<tychicus> just went through the ubuntu openstack multi-install
<tychicus> everything went very smoothly, but after configuring the networks, I can ping the "public address" on the router, but can not ping any instances on the same network
<tychicus> are there any tutorials that discuss how to do this on the ubuntu distribution of openstack
<tychicus> I am guessing that there is something not quite right with the network configuration somewhere
<ebonics> anyone know the most 'safe' but flexible chmod to use in general for webservers?
<ebonics> i would like to have everything just read only but it's not realistic when you're using some huge framework. certain directories need write access etc. is there a catchall i can use? how bad is 775 for everything?
<Sling> ebonics: bad
<Sling> 640 for files, 750 for directories
<Sling> and then set 644/755 for any folders that need writing by the web app like upload/tmp/log/whatever
<Sling> see http://wiki.apache.org/httpd/FileSystemPermissions
<ebonics> Sling, ok cool thanks
#ubuntu-server 2015-05-21
<jrwren> how can I run debian jessie in lxc with network?
<jrwren> trusty runs fine in lxc with network, but jessie, as setup by the download lxc template doesn't bring network interface up
<jrwren> no /run/network dir and so ifup fails /run/network/.ifstate.lock
<radish_> good morning!
<radish_> regarding the logjam exploit, is it planned to backport http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslopensslconfcmd functionality to Ubuntu 12.04 (apache2/mod_ssl)?
<sarnold> good morning radish_; that's currently under investigation; it may require backporting pieces of openssl functionality as well
<StathisA> I need some help. How can I have automatic "sudo apt-get update" but NOT download the updates? somehow I have configured it to check for updates and download them if they exist, but I need only to check - not download unless I do it manually
<StathisA> even though i have "APT::Periodic::Download-Upgradeable-Packages "0";" in  /etc/apt/apt.conf.d/10periodic
<ogra_> perhaps with the --download-only switch ?
<ogra_> oh, update
<ogra_> ignore me
<StathisA> and no allowed origins in  /etc/apt/apt.conf.d/10periodic
<StathisA> but my systems still download the updates - not install them, just download which is annoying
<OpenTokix> apt-get -update --no-download
<OpenTokix> apt-get update --no-download
<StathisA> where do I config this in "unattended-upgrades" config?
<StathisA> i'm not referring to manual "sudo apt-get update"
<StathisA> this is done automatically
<OpenTokix> StathisA: I am not sure what you want. - you want unattended upgrades running, but not upgrade?
<StathisA> ok here's the thing. I have installed "unattended-upgrades" package, and I have configured it to NOT upgrade anything but do a "sudo apt-get update" periodically and get a notification with "apticron" that updates are needed
<StathisA> this is working as intended, nothing is getting installed automatically
<StathisA> but as soon as it checks for the updates, it downloads them too
<StathisA> which is not wanted
<StathisA> now as soon as I login to a server, I can sudo apt-get dist-upgrade and the system installs the downloaded updates
<StathisA> I just dont want it to download them automatically, since this is getting run on multiple systems, and we end up starving for bandwidth when this occues
<StathisA> occurs
<kickinz1> StathisA, I know it is not what you are looking for, but why not put one apt proxy in your infrastructure, i.e. apt-cacher-ng, that will cache only the necessary packages? This way each time you update your servers, you will only download one time from external archive.
<OpenTokix> kickinz1: +1
<StathisA> kickinz1, this is a good advice, but a but a bit of an overkill for what I want to achieve
<kickinz1> StathisA, not so overkill, you need just to apt-get install apt-cache-ng, then add a /etc/apt/apt.conf.d/01Proxy file with 'acquire::http:Proxy "http://ip.of.the.prox:3142";' line in it to your servers. Now each time a server download a package, it will be cache for use by the others, it is not a full mirror.
<StathisA> even if I go that way, the server will still "download" the update from the cacher - which is exactly what I want to avoid
<StathisA> it just minimizes internet b/w
<StathisA> I dont mind systems -checking- for updates over the internet, thats not too much of a hassle
<StathisA> I dont wat systems to download stuff automatically
<StathisA> *want
<shauno> Based on https://wiki.debian.org/UnattendedUpgrades  it looks like you're looking for the APT::Periodic::Download-Upgradeable-Packages  line
<kickinz1> StathisA, I asked mvo, who is the writer og unattended-upgrades, and the maintainer of apt.
<kickinz1> StathisA, it is in /etc/apt/apt.conf.d/20auto-upgrades
<shauno> although if you're just fighting with local network saturation, I'd be tempted to just offset the cron jobs so they're not all running at the same time
<kickinz1> 50auto-upgrades on my server.
<StathisA> i can see 20auto-upgrades in mine
<StathisA> what do I change?
<StathisA> nothing to resemble "auto-download"
<StathisA> just APT::Periodic::Update-Package-Lists "1";
<StathisA> APT::Periodic::Unattended-Upgrade "1";
<StathisA> i do have "APT::Periodic::Download-Upgradeable-Packages "0";" in 10periodic
<StathisA> but no such option in the default 20auto-upgrades
<StathisA> I could add it, but i'm not sure
<kickinz1> mvo: StathisA would like to know how to disable the downloading of upgrades, so unattended-upgrades just tells the admin he has to update things manually.
<kickinz1> mvo: nut don't download automatically packages.
<StathisA> hello, mvo
<mvo> StathisA: best is probably to edit /etc/cron.daily/apt and put --dry-run behind unattended-upgrades
<StathisA> thanks for helping on this, much appreciated
<mvo> ups, sorry
<StathisA> ?
<barnex> Hello. I've been installing various linux distros on various vm and computers, but I've never been in a real server room with rack servers. Is there something special I need to know to install on IBM System x3650 M4?
<kickinz1> StathisA, I think mvo meant sorry for he went out of the channel, and came back.
<barnex> Like should I expect them to have some sort of keyboard/monitor setup ready that will work with no configuration?
<StathisA> oh ok, I dont see joins/leaves
<mvo> StathisA: yeah, I accidently closed the window
<barnex> also does USB boot commonly works on systems like this?
<StathisA> this will still allow apticron to send the notification about the existing updates i guess
<kickinz1> barnex, you might encouter troubles on those if you install debian (due to ethernet drivers), for ubuntu, it is quite satndard install.
<barnex> So I can go there with USB stick only and expect to complete the installation? No PXE setups, serial consoles and stuff like that?
<StathisA> mvo, in /etc/apt/apt.conf.d there's a section "# download all upgradeable packages (if it is requested)
<StathisA> "
<StathisA> perhaps I need to do something there to avoid the download
<mvo> StathisA: the default it "0" for that option, do you have a different value there?
<kickinz1> barnex: it depends, if you want unattended install, you need to either make your own preseed and provide a way to make it load at boot (i.e. mod the usb, or PXE, or a Maas). If you want it to install without any keyboard/display, you will need some tools outside of your server.
<StathisA> in 10periodic i got "APT::Periodic::Download-Upgradeable-Packages "0"
<StathisA> in 20auto-upgrades, i dont have it at all
<StathisA> but somehow updates are still getting downloaded
<mvo> StathisA: did you try if unattended-upgrades --dry-run also downloads the packages? it might do that, the reason is that for e..g. conf-file prompts it needs to inspect the data inside the package
<kickinz1> barnex, I meant install is standard as any othe machine (I had previous x3650M3), but it won't be magic, it will still ask what you want to do (patitionning, language, etc...)
<StathisA> well there's not packages to download atm
<mvo> StathisA: if so, we need a new option for u-u
<barnex> kickinz1: thanks. So basically I need more info about what kind of infrastructure do they have on-site
<barnex> if there's some sort of screen and keyboard I could borrow or some other setup needed
<StathisA> so I cannot really check what its gonna do next time it finds updates
<kickinz1> barnex, except if you go MAAS/PXE/Preseed way, but you still will need some access to the server.
<kickinz1> barnex: yes you will need a keyboard/display.
<StathisA> heh, i'm not asking for something radical like adding a new option. I thought that maybe someone else wanted this and found a way ><
<davegarath> Hi all, I have this problem : /dev/loop0p1: read failed after 0 of 4096 at 257884160: Input/output error.  How can I identify where loop point to ?
<mvo> StathisA: you could use "/usr/lib/update-notifier/apt_check.py --human-readable
<mvo> "
<StathisA> 0 packages can be updated.
<StathisA> 0 updates are security updates.
 * mvo needs to leave for some minutes to get lunch, bbiab
<eagles0513875__> hey all what do i need to do to keep from being disconnected when my ssh session is left idle
<OpenTokix> eagles0513875__: -o TCPKeepAlive
<ikonia> although that won't help if it's the network device killing idle
<OpenTokix> true
<OpenTokix> -o ServerAliveInterval=30 -o TCPKeepAlive=Yes
<OpenTokix> best you can do
<eagles0513875__> OpenTokix: in which configuration file though
<ikonia> eagles0513875__: think about it
<OpenTokix> .ssh/config
<OpenTokix> eagles0513875__: or as a alias
<ikonia> eagles0513875__: are you making a server or client config
<wimpog> Howdy Yâall! I have two servers running 14.04.2: one was provisioned by my hosting provider, and another one â by me. When I apply updates to both of them, sometimes I have to reboot the one that I installed, especially for linux header updates, but it never prompts to reboot the one provisioned by the hosting provider. Whatâs the difference?
<ikonia> are they physical tin or virtual
<wimpog> ikonia: the one that I have to reboot is virtual, the other (no reboot required) is physical
<sponzor> hi. can anyone help me how to add read only user to samba share?
<wimpog> ikonia: could this be the reason?
<ikonia> wimpog:is it asking you to reboot ?
<ikonia> I suspect if it's kernel headers it's because the kernel is being provided from the hypervisor so you need to reboot to pick up differences as it's locekd at the hypervisor
<wimpog> ikonia: I have webmin on both and apply updates through it on both. The virtual one sometimes prompts for a reboot, especially happens when new kernel headers are applied, and the physical one never does that.
<ikonia> wimpog: there we go - webmin
<ikonia> at that point, I'll back away from this discussion
<ikonia> wimpog: webmin is an unsupported and not-recommended product,
<wimpog> ikonia: Oh ok. But I believe I also saw a prompt for a reboot at the command line
<ikonia> wimpog: not going to support your box with webmin on, sorry
<wimpog> ikonia: No, Iâm not looking for support. Iâm just wondering why the same OS on two different machines âÂ one prompts for a reboot and one doesnât. I think your explaination that the one is VM makes a lot of sense
<wimpog> ikonia: next time I apply updates I will take note of it...
<ikonia> wimpog: you are looking for support, you're asking for help as to why you are seeing different situations
<wimpog> ikonia: yeah, is that bad?
<ikonia> no, I just said I won't support your machines with webmin
<wimpog> ikonia: ok, thanks. Not sure whatâs wrong with webmin, and I only use it to check mailqueue and apply security updatesâ¦ and maybe restart apacheâ¦ thatâs about it. Nothing more complex
<rsully> wimpog would be worth learning how to do that from the shell, pretty simple stuff
<wimpog> ikonia: ok, thanks!
<pmatulis> wimpog: webmin is considered hostile on ubuntu. don't use it. at all
<wimpog> pmatulis: ok, I will not. I didnât know that it wasnât desired. and yes rsully I can do all that from the shell, just quicker from webmin
<rsully> wimpog when asking for help you should simplify the problem as much as possible, which means few dependencies. update from shell, see if you get prompted there.
<pmatulis> wimpog: once you learn the shell and other basic things webmin will seem very slow and clunky
<wimpog> rsully: yeah. Definitely do it from shell next time and see what happensâ¦
<wimpog> pmatulis: yeah, thanks!
<eagles0513875__> hey guys how does one go about testing upstart scripts?
<rattking> Hi! is anyone here using a Broadcom NetXtreme II BCM57800 netword card?
<rattking> I am plauged with "bnx2x 0000:01;00.2 eth2: MDC/MDIO access timeoutâ errors on 12.04.05 with the 3.13 series kernels..
<patdk-wk> nope
<rattking> thats fortunate I am not having any luck getting this thing to work :)
<teward> is anyone aware of any case where systemd fails security expectations and threads of processes/services' master process get started as root instead of the user it's set to run as?
<Walex> eagles0513875__: that's an interesting question :-)
<Walex> eagles0513875__: of course you must add them to '/etc/init/' which is an interesting situation.
<teward> nevermind, my situation is unique, and actually my fault
<teward> :/
 * teward kicks himself around the room
<sponzor> hi. i have degraded storage (raid5) if i remove mount point from /etc/fstab (raid storage) and then reboot will boot skip this array check? or do i have somewhere else also to edit boot process?
<sponzor> im working on remote.. so i dont want to be stuck at boot control d and that.. :)
<tychicus> hardware raid 5 or software raid5?
<sponzor> software
<tychicus> and you have a separate boot disk?
<sponzor> yes
<sponzor> this is only storage
<sponzor> boot and lvm is separeted on raid1 2 different hard drives
<sponzor> anything? :P
<tychicus> my thought is that you should be ok, but I'm not 100% certian
<tychicus> I know that there is the âfreeze-reshape option
<tychicus> but I don't think it applies in this case
<dannf> hallyn_: is there a git tree somewhere w/ the latest qemu/ubuntu uploads in it?
<sponzor-> ok server came back up so # at raid line in fstab worked fine :)
<hallyn_> dannf: the latest version for development release is in the debian git tree,
<hallyn_> git://anonscm.debian.org/pkg-qemu/qemu.git
<dannf> hallyn_: ah - which branch?
<hallyn_> ubuntu-dev branch
<dannf> ok
<dannf> hallyn_: looks like it's just back due to security updates
<dannf> s/back/out-of-date/
<dannf> but that's good enough for me atm
<hallyn_> oh, yeah
<hallyn_> i need to import those - i was going to do that the next time that i merge (which i wanted to do this week, but probably wont' get to)
<tarvid> where should ipset be initialized
<Forbidd3n> I can FTP using FileZilla, but when I try to do it via command line it logs in I can change directories, but I get this error if I try to put or list directory - 550 Command PORT failed
<patdk-wk> Forbidd3n, that is expected when your using nat
<Forbidd3n> patdk-wk: it tries to get a directory listing and therefore won't allow me to upload any files
<patdk-wk> yes, that is expected
<tarvid> ls
<patdk-wk> Forbidd3n, if you want to make it work, fix your firewalls
<patdk-wk> otherwise, don't use PORT command
<ay_caramba> hey guys, during a fresh install of Ubuntu-Server 14.01 when you're prompted to put the machine's hostname, if I do a FQDN there when I log into the box would the hostname display the FQDN or just the hostname part?
<quantic> ay_caramba: just the hostname part
<ay_caramba> cool, thanks quantic
<quantic> ay_caramba: i used an fqdn when i installed this - hostname shows shortname, hostname -f shows fqdn
<ay_caramba> got it
<Forbidd3n> patdk-wk: what exactly do I need to do to the firewalls on the remote server for this to work?
<patdk-wk> I dunno
<patdk-wk> and I never said it was the remote server that was the problem
<patdk-wk> the remote server must be able to make a connection from it, back to you
<patdk-wk> so it must be allowed to make outgoing connections
<patdk-wk> your firewall must accept those connections, and send them to your computer
<patdk-wk> normally when one uses nat, this is broken, cause the firewall has no idea where to send these connections to, so it rejects them
<patdk-wk> this is why nat is bad
<patdk-wk> this is also why people don't use ftp
<patdk-wk> besides it's insecure, full of problems, ...
<teward> anyone fluent in udev rules?
<teward> need some assistance
<pmatulis> Forbidd3n: describe your requirements. maybe you don't need FTP
<RoyK> Forbidd3n: don't use FTP
<Forbidd3n> nvm I have it working thanks
<RoyK> don't use antique protocols - I'm learning that the hard way since my boss chose to stick to Amanda backup until we've found something to replace it with - so we've used some weeks swearing about this :P
<RoyK> instead of just ditching the PoS and installing bacula or something - it'd taken far less amount of work and given a better result in the end
 * RoyK is a *wee* bit frustrated
<szronik> WWHat's the best way for me to remotely edit file on my Apache server?
<szronik> Anyone there?
<genii> szronik: Likely most are currently occupied. Best to just wait a while, maybe ask again in 12-15 minutes after more people have left and arrived in the channel
<szronik> genii: Okay, thanks.
<szronik> What's the best way to remotely edit a file on my Apache server? I would like to edit the files directly in Sublime on my Windows machine.
<YamakasY> does anyone know where I can get a newer sssd version for 14.04 ?
<PryMar56> szronik, find an editor with sftp support
<szronik> Well I thought of a couple of solutions
<szronik> 1. Sync the files via ftp
<szronik> 2. Use samba to share the dir
<rsully> szronik is the server on your lan?
<szronik> 3. Edit in Sublime and upload/repeat as needed
<szronik> Yes, on the LAN
<rsully> Generally it is best to use version control like git, and some type of deployment
<rsully> Otherwise I would personally use SFTP and an editor
<szronik> What do you mean by some type of deployment?
<rattking> ssh and vim is always a option if you dont use any managment system like salt,puppet,chef
<szronik> I just said I want to use Sublime though, not vim.
<szronik> I can already ssh and use vim if I wanted to, but that's not what I need.
<rattking> so then you are asking us how to transfer a file to you r server?
<szronik> No, I'm asking about the best way to edit the file remotely.
<szronik> But I want to edit it on another machine, in Sublime.
<szronik> I could just create a share using samba, any other way?
<qman__> szronik: sshfs
<qman__> Oh, windows client
<qman__> Not sure if there's anything else
<szronik> I guess I'll just edit and upload.
<RoyK> szronik: vim
<rattking> heh
<RoyK> or "nano" if you're a realy newbie https://xkcd.com/378/
<szronik> there goes vim again ;-)
<qman__> Vim is what I use, too
<RoyK> szronik: try vimtutor
<RoyK> szronik: a command to start a tutor to vim - it's rather good
<tiblock> Hi. I have newbie question. For example i made project "myproject", where i need to store it on server? /root/myproject/ or /srv/myproject/ or /var/myproject/ or ...?
<concordia71> ciao
<concordia71> qualcuno parla italiano
<szronik> tiblock: store it in your home directory: echo ~/
<tiblock> szronik, thank you
<stephenh> hello, is there a way to specify protocol number with ufw?  not seeing example so far ..
#ubuntu-server 2015-05-22
<echosystm> i'm trying to add a service to upstart
<echosystm> http://upstart.ubuntu.com/cookbook/#id169
<echosystm> i follwed these instructions to figure out the number of times the executable forks
<echosystm> i don't get 0,1 or 2... i get "3"
<echosystm> what do i do?
<|aaron> can someone help me out? i really screwed up the mysql packages / installation on my ubuntu 15 box. i was trying to do a clean reinstall,  made the mistake of deleting /etc/mysql.. now any time i try to add or remove mysql related packages apt-get complains about missing config files from the directory.. the only way to get it to run is if i create empty versions of those files... but then after the install is complete my.cnf, mysql.cnf etc are all
<|aaron> empty. help!
<tch3k> hi
<tch3k> i have installed postfix and i want to send email to yahoo account but it can not, i put in relayhost smtp.yahoo.com
<OpenTokix> tch3k: what does your mail-log say? - I would assume "relaying not allowed"
<OpenTokix> tch3k: Start by configuring your postfix to send directly
<tch3k> it says something like my ip address is banned
<tch3k> i don't know if it exists free relays so i can't put it in the relayshost field so it will send the mail by it self
<stanford_drone> Does anyone know C/C++, Computer Vision/Image Processing, Machine Learning, AI, linux systems programming, or electronics? I'm looking for a programmer to join my Startup. We're going to China (manufacturing is there) from July to November. We're a team of 4. We're building a flying computer. A drone that you can play games with and install apps on.
<rbasak> Ah, is it http://erlerobotics.com/blog/product/erle-copter-ubuntu/?
<rbasak> That looks nice.
<DammitJim> silly question... is it normal that if I set my ubuntu server to do automatic critical updates for the machine to tell me that it needs to be restarted?
<DammitJim> it's happened at least twice in the last 3 weeks
<rbasak> DammitJim: if you're using unattended-upgrades, you can configure for automatic reboots when required if you like.
<rbasak> DammitJim: apart from that, what else do you expect to happen?
<DammitJim> rbasak, I guess my question is more with regards to if this is normal?
<rbasak> DammitJim: kernel updates are normal, and updating a kernel requires a reboot.
<DammitJim> I'm new to Ubuntu with a configuration like this
<DammitJim> I understand that kernel updates are normal
<DammitJim> but are there that many updates going on all the time?
<DammitJim> I don't mind the updates... just trying to figure out what is normal
<rbasak> Yes, updates are common.
<DammitJim> so that I can have an expectation as to how often I need to schedule a maintenance window
<rbasak> If you want to see what's going on, take a look in /var/log/apt/history.log
<DammitJim> rbasak, that's very helpful
<rbasak> For a given package, you can see its changelog in /usr/share/doc/<package>/changelog.Debian.gz
<DammitJim> man, that's a job in itself, huh? to keep up with all the updates that need to be done to the servers...
<DammitJim> is there a good URL where "critical" updates are posted?
<rbasak> unattended-upgrades works nicely :)
<DammitJim> so I know when I definitely need to apply some?
<rbasak> http://www.ubuntu.com/usn/
<DammitJim> yeah, they sound great... but I don't want my servers rebooting w/o me knowing
<DammitJim> thanks! that link is bookmarked!
<rbasak> You can configure whether you want automatic updates or not.
<rbasak> Also whether you just want security updates or all updates.
<rbasak> For example you can set unattended-upgrades to do security updates only, and do manual updates yourself.
<rbasak> (for non-security update)
<DammitJim> I have security updates only
<DammitJim> to be applied automatically
<DammitJim> how about the reboot part
<DammitJim> can you schedule the reboot to only happen at a specific time?
<rbasak> Looks like it, in /etc/apt/apt.conf.d/50unattended-upgrades
<rbasak> Unattended-Upgrade::Automatic-Reboot-Time "02:00";
<DammitJim> nice!
<DammitJim> separate question... this is a file server... I guess if someone was using something on that file server, they'll just loose connectivity to this samba share
<bananapie> can I run a dhcp server without having an IP address on the interface dhcp is listening on?
<OpenTokix> bananapie: oh, intresting question. I dont think so. - but try it =)
<solo1> i ve a problem with ubuntu server  a raid0 during installation ... referred to grub and how to set it
<Pici> [B111[B142111133
<Pici> 5aaaaaaaa1[B[B
<Pici> err
<genii> Pici: Cat typing ?
<Pici> genii: putty froze up for a moment.
<tarvid> 14.04 how do I restart an interface, I am not getting updates on the aliases
<genii> sudo ifconfig eth0:0 down; sudo ifconfig eth0:0 up
<tarvid> would be nice if they didn't rename the interfaces
<genii> tarvid: You can revert the naming by putting grub option of biosdevname=0
<tarvid> trying to avoid a road trip
<genii> This is typical with Dell systems that have the Consistent Network Device Naming
<tarvid> genii, thanks, you're sharp
 * genii makes a fresh pot of coffee and hands out the mugs
<tarvid_> dell r310 ubuntu 14.04 em1 not coming up
<tarvid_> ifdown  em1 && ifup em1 fails interface em1 not configured
<tarvid_> rtnetlink file exists
<tarvid_> i need  help
<tarvid_> loading iptables rules fail - how do i find out where
<Wolfspyre1> Hello gents,
<Wolfspyre1> My infrastructure is a mix of ubuntu 12 and 14 lts. I'm working on a motd chef cookbook, which utilizes the update-motd.d paradigm to generate a dynamic motd on login. I'm seeing the dynamic motd file get generated intermittently.
<Wolfspyre1> both /etc/pam.d/login and /etc/pam.d/ssh have pam_motd.so included. I've not found a rhyme or reason for when it gets updated and when it doesn't.
<Wolfspyre1>  If I didn't want to display real-time ish information at login, it wouldn't REALLY matter that much
<Wolfspyre1> and if I can't get this working, I'll likely just have chef generate /etc/motd statically, and rip out the more dynamic things.
<Wolfspyre>  I'd _LIKE_ to get to the bottom of the intermittent updates though. Does anyone know how the pam_motd magic works well enough to help me sort out what I'm doing wrong?
<Wolfspyre> (appreciate the help, and this channel's existence regardless)
<sarnold> Wolfspyre: you may need to modify the individual scripts that update-motd runs
<sarnold> Wolfspyre: see the bit about caching output inthe update-motd(5) manpage
<Wolfspyre> Hi sarnold. Thanks for the pointer. Lemme look real quick and see if that seems like the culprit.
<Wolfspyre>  Hm. I don't THINK that's quite relevant in this case. Chef is currently generating a script which does an echo, then cat <<EOS with a bunch of ascii. I have a few other additional scripts which will have more dynamic data, but this one isn't. I don't think the target /var/run/motd file is being re-generated, as the date hasn't changed. Removing /var/run/motd causes no motd to be displayed at allâ¦ so it feels like pam_motd.so 
<Wolfspyre> root@ops-c1:~# egrep '^session.*motd' /etc/pam.d/*
<Wolfspyre> /etc/pam.d/login:session    optional   pam_motd.so  motd=/var/run/motd
<sarnold> don't forget login is used only by *getty-spawned logins...
<Wolfspyre> sarnold:  Thanks!  I'
<Wolfspyre> d initially had pam_motd.so in sshd, but wasn't specifying motd=/var/run/motd in that entry.
<Wolfspyre> now:
<sarnold> Wolfspyre: all sorted? :)
<Wolfspyre> root@ops-c1:~# egrep '^session.*motd' /etc/pam.d/*
<Wolfspyre> /etc/pam.d/login:session    optional   pam_motd.so  motd=/var/run/motd
<Wolfspyre> /etc/pam.d/sshd:session    optional     pam_motd.so motd=/var/run/motd
<Wolfspyre> that seems to work much closer to the way I'd anticipated.
<Wolfspyre> thank you VERY much for pointing me in the right direction. it's sincerely apprecaited.
<sarnold> nice :)
<jathan> Hello ubuntu-server channel. Does some one know a guide or manual about using OpenStack with Ubuntu please?
<dasjoe> jathan: check the official Openstack docs? http://docs.openstack.org/kilo/install-guide/install/apt/content/
<jathan> dasjoe: Thanks ;)
<dasjoe> Sure :)
#ubuntu-server 2015-05-23
<hadifarnoud> I did apt-get remove mysql-* because my db server is somewhere else. what I need to add back? I messed it up
<bekks> Where is your db server then?
<hadifarnoud> separate server bekks
<bekks> Then I dont get your question.
<hadifarnoud> I need some libs etc for php to work
<maxb> You haven't explained what you messed up, so it is impossible for anyone to give you useful advice yet
<hadifarnoud> maxb: fair enough
<hadifarnoud> php apparently needs some mysql libs to work (connect to) mysql
<hadifarnoud> when I removed them all, it started to give me error 500
<maxb> Is your PHP installed using Ubuntu's packages?
<maxb> Package dependencies would usually prevent you from breaking things like that, if so, unless you also uninstalled the php5-mysql package too
<IronDev> Hola
<ThomasB> Hi, I've installed lighttpd and set the WWW directory in lighttpd.conf to a mounted drive (/media/IDE HDD), but when I try to access it through my web browser, with indexes turned on btw, I just get 403 Forbidden
<ThomasB> I have no clue how to fix this
<Walex> ThomasB: server logs and anyhow check as which user the 'lighthttpd' daemon is running
<help-me_> i need help
<help-me_> anyone please help me with this :(
<help-me_> !pastebin ./configure --with-showlistmodes --with-listen=5 --with-dpath=/root/Unreal3.2.10.2 --with-spath=/root/Unreal3.2.10.2/src/ircd --with-nick-history=2000 --with-sendq=3000000 --with-bufferpool=18 --with-permissions=0600 --with-fd-setsize=1024 --enable-dynamic-linking checking for gcc... no checking for cc... no checking for cl.exe... no configure: error: in `/root/Unreal3.2.10.2': configure: error: no acceptable C comp
<ubottu> help-me_: I am only a bot, please don't think I'm intelligent :)
<help-me_> !pastebin ./configure --with-showlistmodes --with-listen=5 --with-dpath=/root/Unreal3.2.10.2 --with-spath=/root/Unreal3.2.10.2/src/ircd --with-nick-history=2000 --with-sendq=3000000 --with-bufferpool=18 --with-permissions=0600 --with-fd-setsize=1024 --enable-dynamic-linking checking for gcc... no checking for cc... no checking for cl.exe... no configure: error: in `/root/Unreal3.2.10.2': configure: error: no acceptable C comp
<help-me_> help me :(
<speedy> well please say what you need help with.
<help-me_> ./configure --with-showlistmodes --with-listen=5 --with-dpath=/root/Unreal3.2.10.2 --with-spath=/root/Unreal3.2.10.2/src/ircd --with-nick-history=2000 --with-sendq=3000000 --with-bufferpool=18 --with-permissions=0600 --with-fd-setsize=1024 --enable-dynamic-linking checking for gcc... no checking for cc... no checking for cl.exe... no configure: error: in `/root/Unreal3.2.10.2': configure: error: no acceptable C compiler found
<help-me_> speedy: when i try to install irc in my server
<help-me_> its giving me this error :(
<speedy> name the task you wish to do and ,say the problem your and haveing issue with.
<help-me_> speedy:  I WANT TO INSTALL IRCD IN my VPS
<speedy> im a noob but i know that if your dont fullfill the requirements for the install then it is going to fail on you.
<help-me_> when i start installing IRCD in my vps
<speedy> if it is on a vps then open the router ports .
<help-me_> speedy: its give me error
<help-me_> speedy: how can in open ?
<speedy> what is your server name?
<speedy> did you set the ddns and ip stuff?
<speedy> did you open the ports?
<speedy> what irc program are you using?
<speedy> what irc server program are you using?
<help-me_> i have ubuntu server
<Pici> It sounds like he is trying to compile unreal ircd.
<Pici> !compile
<ubottu> Compiling software from source? Read the tips at https://help.ubuntu.com/community/CompilingSoftware (But remember to search for pre-built !packages first). Also read !checkinstall
<help-me_> i only want to Install IRCD
<help-me_> help me out with this
<help-me_> !checkinstall
<ubottu> checkinstall is a wrapper to "make install", useful for installing programs you compiled. It will create a .deb package, which will be listed in the APT database and can be uninstalled like other packages. See https://help.ubuntu.com/community/CheckInstall - Read the warnings at the top and bottom of that web page, and DO NOT interrupt CheckInstall while it's running!
<Pici> start by installing the build-essential package
<speedy> help-me_,  do you want to compil stuff from source or get a .deb package ?
<speedy> ^^
<help-me_> speedy: from source
<speedy> why do you want to do that?
<speedy> what version  of the ubuntu server? 64 bit? 32bit?
<speedy> 14.04?
<speedy> http://askubuntu.com/questions/398489/how-to-install-build-essential help-me_
<Alina-malina> Alina-malina> loop advice and loop back device are those same hings?
<Alina-malina> <Alina-malina> i want to create a virtual microphone device, so when i turn it on my operating system recovnize it as usb microphone but instead of speaking i want to play .mp3 file, how can i do this?
<speedy> i think not, but im a noob.
<speedy> Alina-malina,
<Alina-malina> whut?
<JanC> Alina-malina: on what level?  ALSA; PulseAudio/JACK/...; GStreamer/... ?
<Alina-malina> well
<Alina-malina> i am not sure yet, since i never used loop back device before
<Alina-malina> jack probably or usb?
<JanC> fake USB would require fake USB & ALSA kernel drivers; that's going to be somewhat hard :)
<Alina-malina> hmm
<Alina-malina> what about webcamera?
<Alina-malina> will ALSA work?
<JanC> I not sure what this all has to do with Ubuntu Server, but it would probably help if you explained what you are trying to do...
<Alina-malina> JanC, well i want to try to write a small loop back device, so when i mount, the ubuntu OS recognize it as microphone for example for skype or other software that requires microphone, and i could play mp3 file and it output to that software
<DonRichie> hi, what is the solution of choice when I need to set up a ftp server?
<Seveas> DonRichie: to tell the users that ftp is obsolete and insecure. Then you set up an sftp server :)
<cryptodan_laptop> Seveas: and DonRichie use SFTP and to use it on Windows download and use WinSCP and voila problem solved
<cryptodan_laptop> on linux you can use sftp on the command line or use filezilla
<DonRichie> Seveas, cryptodan_laptop: Thanks for your answers, I already have a ssh server working but I need a way to jail a user in a directory.
<DonRichie> When I let a user log in into an unpriviledged ssh user he would be able to read all my Readable files
<Seveas> DonRichie: man sftp-server, look for -d. Configure as you wish in /etc/ssh/sshd_config
<cryptodan_laptop> DonRichie: or have a read here http://allanfeid.com/content/creating-chroot-jail-ssh-access or here https://www.linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu
<darius93> DonRichie, you could use chroot
<darius93> or what cryptodan_laptop said
<DonRichie> I considered chroot but think that would be not the best way. Digging deeper into the sftp subsystem is a very good idea if it fits my needs. Thank you :)
<speedy> how do i use get?
<Seveas> DonRichie: well, that does chroot :)
#ubuntu-server 2015-05-24
<tekemperor> Greetings all. I am having trouble pinging ubuntu cloud virtual machines from other machines on my network.
<tekemperor> uvt-kvm ssh <servername> #works, but using another machine on the network and trying to ping (even by IP does not work).
<tekemperor> I followed the guide here... https://help.ubuntu.com/lts/serverguide/cloud-images-and-uvtool.html
<jdv> are they on the same subnet
<tekemperor> No. Host subnet differs from virtual machines.
<tekemperor> Can I bridge the virtual machines to get their IPs from the same DHCP server as the vm host?
<sarnold> did your libvirt set up bridged network with your nic? or are they are on their own private bridge?
<tekemperor> sarnold: I did no manual bridge configuration for this, I am not sure how to answer your question.  Is there a command I can give you out put from to answer your question?
<tekemperor> eth0 on host is 192.168.1.183, virbr0 is 192.168.122.1
<jdv> unless I am misunderstanding you, you should not expect them to be able to see one another until you either add a router or a bridge to allow it.
<tekemperor> jdv, that is correct.  I do not know how to create that bridge.  The instructions I found on http://wiki.libvirt.org/page/VirtualNetworking showed how to do it with a gui, but I have no gui.
<tekemperor> The mode I am after matches the routed mode on that page.
<jdv> what are the subnet masks
<tekemperor> 255.255.255.0 for everything.
<tekemperor> The physical setup is one router (handles dhcp) and two physical machines. The server with the virtual machines, and my desktop. 192.168.1.1 is the router and all physical machines get their IPs from that. Ideally the virtual machines will behave like additional machines on the network.
<tekemperor> Sorry for not starting with that, been at this for a while.
<jdv> youre half in one mode and half in the other, it seems
<tekemperor> Yeah. I'm okay completely wiping the virtual machines and starting over, I just can't find a guide that allows me to set up the libvirt routing mode from the command line with external dhcp.
<jdv> you need them on the same subnet
<jdv> or you put a static route into your physical router, but I am not sure why you want to do this
<tekemperor> I would rather not modify the physical network. I think I need to make virbr0 use 192.168.1.X where X is defined from my router (or outside of its DHCP range).
<jdv> yes, but you have it using 122 which is for switching mode
<tekemperor> I did not manually create virbr0. I don't know how to change it.
<jdv> man libvirt ?
<jdv> it says on your link that it uses dnsmasq
<tekemperor> All right, I think I have to do a little more reading. Thanks for your help.
<jdv> why do you want it in routing mode
<jdv> routed*
<jdv> regardless I think the issue might be your dhcp config, so look at dnsmasq
<tekemperor> Ideally the virtual machines will mimic public web virtual machines.
<tekemperor> I'm trying to create that locally.
<cryptodan_laptop> tekemperor: hav you tried using bridged mode?
<tekemperor> cryptodan_laptop: I have tried, but I must be doing something wrong.
<cryptodan_laptop> bridged mode would allow virtual box the ability to connect directly to your router for a dhcp ip address
<tekemperor> jdv: thanks for your help. I will look into dnsmasq if I cannot figure out how to fix virbr0.
<tekemperor> cryptodan_laptop: how can I set that up?
<cryptodan_laptop> tekemperor: via the network settings in virtualbox
<tekemperor> cryptodan_laptop: I am using uvt-kvm, not virtualbox.
<cryptodan_laptop> have a read here http://manpages.ubuntu.com/manpages/trusty/man1/uvt-kvm.1.html
<tekemperor> So that is the last thing I tried... "virsh iface-bridge eth0 br0; uvt-kvm create testbox --bridge br0"
<tekemperor> uvt-kvm: error: libvirt domain 'testbox' has no NIC MACs available.
<tekemperor> Oh, I just found something I overlooked before... "--template"  I think that will allow me to use the stuff here... https://libvirt.org/formatnetwork.html
<tekemperor> Thanks everyone, I think that will solve my problem.
<tekemperor> Problem resolved, can ping my VMs externally. Thanks again for the assistance. If anyone is curious, uvt-kvm {ssh|wait} breaks on bridged connections. See "https://bugs.launchpad.net/uvtools/+bug/1408596". Wish I found that earlier.
<jdv> interesting. what setup did you end up with
<tekemperor> It is a bridged connection, the DHCP comes from the router. I used "virsh iface-bridge eth0 br0" to create the bridge, and appended "--bridge br0" to uvt-kvm create. Did not have to do any manual network configuration, but I have a vnet0 now in addition to the virbr0 I had before.
<tekemperor> only br0 has a valid IP address.
<speedy> hi everone
<speedy> hi everone
<pmatulis> hello
<speedy> hi
<speedy> * hugs pmatulis ... so lonely in here!!
<speedy> hi hi
<speedy> PryMar56,
#ubuntu-server 2016-05-23
<riz0n> Hello friends, I have an Ubuntu Server (14.04) that uses AWstats. I migrated all my sites from an old server to a new one, and letting awstats generate new "stats" from log files. One of my sites has a log file that is around 2.8 gigs. It has been running for hours now, and to be honest, I don't know what is going on with it. So here's my question. Can I take the awstats files that were
<riz0n> generated on the old server from /var/lib/awstats and place them in /var/lib/awstats on the new server to (hopefully) speed this up?
<riz0n> Or should i just let it keep running and pray it eventually generates stats
<ShekharReddy> hello all can i configure a vhost so that servername can be atlas.omrs.org
<ShekharReddy> i tried but it is giving errors
<hicoleri> How do I make nginx be able to serve webpages through https?
<karstensrage> http://nginx.org/en/docs/http/configuring_https_servers.html
<karstensrage> hicoleri, fyi all i typed into google was nginx https and that was the first hit
<karstensrage> you might at least try before asking such an involved question on irc
<hicoleri> ok
<ShekharReddy> karstensrage:  hello, i jus simply logged in as a root user in ubuntu and installed apache2 webserver and while i configure vhost in it holding serverName: atlas.omrs.com , it is throwing a DNS server error
<ShekharReddy> i registered and enabled the .conf file
<ShekharReddy> i've set the document root to the default apache2 html file (for now )
<ShekharReddy> could you look into this and provide a solution
<ShekharReddy> awaited
<karstensrage> dig any atlas.omrs.com
<ShekharReddy> karstensrage: din't get u
<ShekharReddy> karstensrage:  I am a newbie to ubuntu as wellas apache2
<karstensrage> I can't really teach you perhaps google the Dns error?
<karstensrage> Dig is a dns tool to see if there is an entry for that domain
<karstensrage> If not maybe put it /etc/hosts or your nameserver
<karstensrage> Good night, good luck
<ShekharReddy> karstensrage:can u provide  agood resource where cani get  agood demo about vhost config
<ShekharReddy> locally
<ducasse> ShekharReddy: http://httpd.apache.org/docs/current/
<lordievader> ShekharReddy: There is a dns record for that domain? Resolving that address fails for me.
<frickler> are the Canonical network admins on IRC somewhere? I'm having issues reaching archive.ubuntu.com via IPv6
<maswan> #ubuntu-mirrors
<maswan> you can reach other mirrors fine over v6?
<frickler> maswan: I did not find any others that are not in 2001:67c::/32 yet
<maswan> se.archive.ubuntu.com maybe?
<maswan> also, no, fi, and dk have ipv6
<jamespage> coreycb, hmm ok so now we have troubles; the hashsum of the orig.tar.xz in yakkety for microversion-parse is of course different to the one that already existing in the newton testing ppa
<ronator> hi, maybe someone can help me with TraceFS that came along with kernel 4.1.
<ronator> I installed kernel 4.2 (wili) on two ubuntu servers, both 14.04.4 - now one server hast a tracefs, the other does not (and nagios check_disk fails but that I can fix). Now I wonder, why do I have tracefs on only one server not both?
<ronator> can it be that only system with LVM use tracefs?
<ronator> it's hard to find info on tracefs
<vagarwal> ShekharReddy: can you explain your query here please?
<vagarwal> what kind of issue do you encounter while configuring apache web server?
<ShekharReddy> vagarwal:  it is done, if there are any further i will reach out to you through this channel, Thank you vipu
<ShekharReddy> *vipul
<ShekharReddy> U guys refill the hope everytime i go scarce of it ð
<Charlie2> hello
<Charlie2> anyone an idea how to grow a lxd zfs pool?
<ronator> vagarwal: sudo apachectl configtest
<ronator> so FYI on TraceFS: installing kernel 4.2 and reboot, call mount and tracefs appears. reboot again and the entry is gone ...
<ronator> ubuntu 14.04
<ronator> no idea what will happen on 16.04
<coreycb> jamespage, that's a pain. can we just delete the old one from the ppa?
<jamespage> coreycb, PPA's never forget
<jamespage> so we can delete it all we like, but its trace/signature never goes away...
<coreycb> jamespage, ahh
<jamespage> and subsequent PPA uploads then get rejected
<jamespage> coreycb, repeatable source builds are essential (as I keep winging on about - sorry)
<coreycb> jamespage, yeah..  maybe we should discuss with zigo again
<coreycb> jamespage, or split from debian with deps, but we'd likely still have some that are non-repeatable in the mix
<jamespage> coreycb, we can mitigate to a certain extent by ensuring that the person who uploads to ubuntu or debian also does the upload to the ppa
<jamespage> then the same orig.tar.xz will get used.. but it feels like working around the problem...
<coreycb> jamespage, I thought that was the case for python-microversion-parse but must be not
<jamespage> coreycb, no - I uploaded it to debian, you did the ppa
<coreycb> jamespage, that's right..
<jamespage> coreycb, I've broken things in yakkety a bit - just sorting that out now - duff version in the oslo.concurrency upload  I did
<jamespage> coreycb, btw do you think we could just use an etherpad for the daily CI fix stuff? I'm struggling a bit with the gdoc spreadsheet approach
<coreycb> jamespage, that would probably work.  I like have the pre-populated list of packages in the spread sheet.  it's busy for CI though.
<coreycb> jamespage, I'm taking a look at neutron-lbaas for newton
<coreycb> jamespage, ddellav: I made an update to pkgos-generate-snapshot to handle pkg_name for the neutron-*aas packages - http://paste.ubuntu.com/16631513/
<jamespage> coreycb, great - did you see I'd added that to openstack-pkg-tools with the last merge into yakkety?
<coreycb> jamespage, ah great
<coreycb> jamespage, I can add that tweak to the pkg if you want
<jamespage> coreycb, +1
<jamespage> coreycb, ok unlocked the package builder now oslo.concurrency is sorted out
<jamespage> that should fixup keystone
<coreycb> jamespage, ok thanks
<jamespage> coreycb, for the testing PPA I suggest we just leave in the wedged shim packages for anything NEW
<jamespage> they will get superceeded eventually
<coreycb> jamespage, ok
<coreycb> jamespage, did you create an etherpad?
<jamespage> coreycb, not yet
<ronator> @tracefs: removing the old kernels also seems to help to get rid of tracefs in ubuntu 14.04 when upgrading to kernel 4.4
<coreycb> jamespage, I'm bumping oslo.service to 1.10.0, it may help the neutron-lbaas tests
<jamespage> coreycb, if it does make sure to raise a bug upstream as well
<coreycb> jamespage, actually, just checked, they've bumped to min version to 1.10.0
<fullstop> Hi all.  Is it still possible to see the build logs for packages?  I need to know if lighttpd was built with "--with-webdav-props" or not.
<fullstop> https://launchpad.net/ubuntu/xenial/amd64/lighttpd has a lot of information, but does not seem to include build logs anymore.
<jamespage> coreycb, having a poke at py3 support for keystone as a bit of a side distraction whilst I spin at other things btw
<coreycb> jamespage, awesome
<roaksoax_> jamespage: you guys maintain rabbitmq charms right ?
<roaksoax_> jamespage: err
<jamespage> roaksoax: yes
<rbasak> fullstop: they are there, just click through. Eg. https://launchpad.net/ubuntu/xenial/amd64/lighttpd
<rbasak> uh, https://launchpad.net/ubuntu/+source/lighttpd/1.4.35-4ubuntu2
<fullstop> thanks, rbasak
<rgreen> I'm running 16.04 LTS server and have LXD configured to run a bridge that can access my local network. Despite defining the bridge device in a profile, my containers will not automatically DHCP when started. Any way to get it to run automatically?
<bonzibuddy> hey folks
<bonzibuddy> I'm having an issue starting reverse ssh tunnel with -R
<bonzibuddy> ie, ssh -R 8888:localhost:22 me@myserver.com
<bonzibuddy> I always get a message saying remote listen port 8888 could not open - but there are no processes using it or anything
<bonzibuddy> could it be permissions??
<compdoc> bonzibuddy, why specify a port? means 8888 isnt open on the remote side
<compdoc> should be, tho
<bonzibuddy> i've tried flushing iptables, etc, nothing seems to allow me to open it
<bonzibuddy> im trying to create a reverse ssh tunnel so that i can log in to a NAT'd PC from my VPS
<compdoc> localhost?
<bonzibuddy> i wonder if its because im on a vps
<Sebastien> Hey, so i would like to setup/manage/add/delete email addresses on my server, do you guys know a free panel/GUI interface that is easy to install for this task?
<Sebastien> all i found was webmin, and it broke my firewall i had to reinstall everything
<Sebastien> lol
<nacc> Sebastien: https://help.ubuntu.com/lts/serverguide/email-services.html
<Sebastien> -.-
<nacc> Sebastien: I don't there is any GUI for doing what you want
<nacc> *dont' think
<hallyn> smb: arges: any libvirt upload planned?  i was just onna do a quick upload for bug 1571209
<ubottu> bug 1571209 in libvirt (Ubuntu) "Sockfile check retries too short for a busy system boot" [High,Confirmed] https://launchpad.net/bugs/1571209
<arges> hallyn: nope
<hallyn> ok, thx
<hallyn> ugh.  upstart job is not being installed in yakkety at all.  i don't know tha ti'm ok with that.
<hallyn> (for $reasons)
<fritchie> just finished installing openstack via jujucharms, 2 instances running, question, when I run 'iptables -S' on all nodes I cannot find the floating IP nat rules anywhere, where can I view them?
<sarnold> fritchie: if you've got a horizon instance up I'd expect some information to be there
<fritchie> sarnold, yes I can find the floating ip, it just bugs me that I don't see an IPtables rule
<sarnold> fritchie: aha good so you've got some then :)
<sarnold> fritchie: are they stuffed in a bridge somewhere?
<patdk-wk> don't like stuffed pizza much, it's just too much to handle
<sarnold> the cheese-in-the-crust kind or the it-also-has-a-top-but-it's-not-a-calzone kind?
<patdk-wk> both, the dual layer ones, yes, those are heavy, and half-a-slice is enough
<patdk-wk> the in the crust, the cheese is generally just raw, and kindof nasty
<sarnold> yeah, and often a "cheeze" instead..
<netcrime> Hello. I'm using Nginx with Gunicorn on Django project. I'm bining it tu project-name.socket. But I get 502 http error and Nginx error.log shows connection refused. MORE DETAILS on configuration: http://pastebin.com/mc5hfa4z |    What might be the problem? Solution?
<sarnold> netcrime: check ps auxw | grep gun to see if gunicorn is running
<netcrime> root     27947  0.0  0.1  11740   932 pts/2    S+   16:38   0:00 grep --color=auto gun
<sarnold> netcrime: it looks like you tell gunicorn to listen on /taobao/app/taobao.sock but tell nginx to proxy_pass to ... gibberish? :) try unix:/taobao/app/taoao.sock there too?
<sarnold> netcrime: okay that's the grep I just asked you to run, if that's it, then it looks like gunicorn isn't running either. maybe the "exec bin/gunicorn" needs to be "exec /taobao/bin/gunicorn" instead ?
<netcrime> sarnold: Thanks. I'll go check.
<netcrime> but if I do service gunicorn restart I get gunicorn start/running, process 28012
<netcrime> so doesn't tht mean it is running?
<sarnold> it should; maybe it changed the name. try ps u -28012  to see if it's still running..
<netcrime> USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
<netcrime> nothing more
<sarnold> looks like it dies pretty quickly; check its logs
<netcrime> ok
<netcrime> wait were i can find gunicorn error log ?
<sarnold> poke around in /var/log there might be seomthing
<sarnold> maybe /var/log/upstart/ ?
<netcrime> sarnold: ImportError: No module named 'taobao'[2016-05-23 16:42:21 -0400] [28071] [ERROR] Exception in worker process
<netcrime> taobao is my project name
<netcrime> django project
<sarnold> nice, that's something good and concrete you can work with :)
<netcrime> http://pastebin.com/1sZYy5Le
<netcrime> whole error
<netcrime> hmm but why it trys to import it as module
<netcrime> sarnold: yeah thats a step forward
<netcrime> thanks
<hallyn> smb: could you find it in your heart to pretty please verify bug 1546978 on trusty ? :)
<ubottu> bug 1546978 in libvirt (Ubuntu Trusty) "apparmor does not allow to run qemu-dm executable" [Medium,Fix committed] https://launchpad.net/bugs/1546978
<hallyn> i know technically it's usually not done, but the submitter doesn't appear likely to, and you're really best qualified to ack/nack it
<teward> rbasak: would you mind doing a onceover of a debdiff before I make its packages available for testing, and put an announce out on the server ML for a call for testing of the merge (mainly, installation and upgrade tests, both single and multicore)
#ubuntu-server 2016-05-24
<tx> Hi guys! Anyone deployed OpenStack using MAAS before?
<tx> Do I use the openstack installer on a controller (then openstack gets deployed on free nodes)?
<Vertel> I'm setting up a personal server and I'm currently at the stage of setting up IPSet blocklists that automatically update from known-bad-IP lists. Is there a reason this kind of auto-update-IPSet functionality isn't built into Ubuntu server?
<ShaRose> Vertel I don't know for ubuntu, and there's probably a better tool for it, but I found a guy's script that I use on my router to block incoming connections from countries that you could look at using. http://tomatousb.org/forum/t-605311/blocking-an-incoming-ip-address-solved-sort-of#post-1664196
<ShaRose> you could just point it at a plaintext list of blocks, aka http://www.ipdeny.com/ipblocks/data/countries/cn.zone
<ShaRose> Also, https://github.com/zfsonlinux/zfs/wiki/Ubuntu-16.04-Root-on-ZFS actually works and it's wonderful.
<sarnold> ShaRose: yeah? :) woot
<ShaRose> yep
<ShaRose> playing with it now to make it as non-interactive as I can atm
<sarnold> I haven't looked at the recent instructions but the last time I looked it was more moving parts than I wanted to deal with. It's nice to hear it's coming along :)
<ShaRose> it's still not as easy as integrating it into the actual installer, but it's not too harsh
<thekrynn_> anyone know why screen in ubuntu doesnt give conistant times for when a screen was created?
<ShaRose> gonna make a local mirror for it because I'm installing ubuntu so much :P
<smb> hallyn, maybe I can try... even though I realize now that its a rather "special" setup. Normally qemu-dm is used when xend is used but then the apparmor change is moot since xend starts qemu. There was some way to force the other qemu with libxl... I think
<sarnold> hmm I thought the thing that needed validation was a stupid lttng-5 denial silencing when using the libvirt-"lxc"?
<rbasak> teward: sure, though if it's a merge note that it's quite hard to verify a merge without actually doing the merge.
<jayjay> Hi, i try to install single server openstack with the openstack installer on ubuntu 14.04
<jayjay> but the install seems to deadlock on installing keystone with "idle - hook failed: "config-changed"
<jayjay> all services are deployed with status started except for keystone which has the status error
<rbasak> stokachu: ^
<rbasak> jayjay: stokachu may be able to help assuming he's in today, but based on his timezone he won't be in for a few hours.
<jayjay> tnx rbasak
<m1dnight_> I have a system user for a service and I want to execute a script as that user but ubuntu is asking me for a password.
<m1dnight_> But I don't have one..?
<vagarwal_> is there a way to change static ip in Ubuntu 16.04 without a reboot? networking.service restart and interface shutdown/start is not helping
<rbasak> vagarwal_: ifdown, edit /etc/network/interfaces, then ifup.
<rbasak> (which you need to do locally or very carefully in a screen or something)
<vagarwal_> rbasak: that is not working
<vagarwal_> has anyone not encountered this yet?
<degorenko> jamespage, hi, i found issue with openvswitch package, can you help? :)
<jamespage> degorenko, maybe whats the problem?
<degorenko> jamespage, it is again related to our puppet xenial jobs. So, the problem is incorrect service status report
<degorenko> i tried to file bug on ubuntu, but got some launchpad error :(
<jamespage> going to need a bit more detail...
<degorenko> jamespage, yes, sure, sec
<Jakey3> him are linux containers completely separate?
<Jakey3> to the same extent of 2 vms
<Jakey3> ?
<degorenko> jamespage, for example http://paste.openstack.org/show/498579/
<Jakey3> *hi,
<jamespage> degorenko, what does "sudo service openvswitch-nonetwork status" say?
<degorenko> jamespage, same :) let me sec
<degorenko> http://paste.openstack.org/show/498580/
<degorenko> jamespage, just fyi, looks like this issue with wrong report comes from 12.04, because we have this commit to vswitch module: https://github.com/openstack/puppet-vswitch/commit/be49bd301f6649950d9cc5bb08ee68a293d7058a Jan 15, 2013 :)
<degorenko> jamespage, and here is report when service is running http://paste.openstack.org/show/498581/
<coreycb> jamespage, I'm bumping neutron-lib to 0.2.0, I think that will fix the newton neutron failure
<degorenko> jamespage, i have some network troubles, if you answered on my last message please repeat :)
<tjahneee> Hello, i have a question about accessing files on a windows share. i have mounted a network share on /mnt/share with cifs in /etc/fstab. I have configured this with a read-only account from our active directory for extra security. Now i want to read those files with a php application for copying them to the local webserver path. Now i have the problem that i can't can give read access to those files for user www-data because it is read-only.
<tjahneee> The files are now only accessible with the root user. is there a way such with ln to make a link with read permission for a another user? Sorry for my bad english.
<encod3> Hi! I'm using Ubuntu 14.04LTS and I can't get access to some ports from the exterior. The ports are listed as listening when using "netstat -ltpn", however nmap reports them as closed.
<encod3> other ports, running the same kind of app, are accessible and listed the same way using "netstat -ltpn", but this time reported as open using nmap
<encod3> both apps are using 0.0.0.0
<encod3> any ideas on what I am missing?
<NetworkingPro> yo everyone
<m1dnight_> Are there apps running on the ports, encod3 ?
<m1dnight_> Oh yeah, they are listening. nvm.
<m1dnight_> Do you have ufw or something installed?
<encod3> m1dnight_: it is installed but disabled, iptables is also disabled
<m1dnight_> Switch ports with a working application, see what that tells you.
<m1dnight_> Im a noob as well :>
<stokachu> jayjay: yea I think there is an issue with our keystone revision
<stokachu> jayjay: this on single install?
<six86> Hello. I have a problem with preseeding in 16.04. I used my preseed in 12.04 and it worked fine. With the upgrade, preseeding results in a crippled ubuntu-server where for example "man" or "nano" are missing. The system is not complete anymore.
<six86> Has something changed in preseeding, maybe in tasksel?
<jayjay> @stokachu, yes single install
<stokachu> jayjay: ok, run openstack-juju resolved rabbitmq-server/0; openstack-juju upgrade-charm rabbitmq-server
<jayjay> stokachu: i only tried the single install
<stokachu> I think we need to update the revisions
<jayjay> should i run that in the container?
<stokachu> no from your laptop
<jayjay> ok
<jayjay> http://pastie.org/10850469
<stokachu> jayjay: why did you put sudo in front?
<jayjay> i also did it without :)
<jayjay> same output
<stokachu> do you know how to do it within the container?
<jayjay> yes
<stokachu> ok try that
<stokachu> just use juju
<jayjay> done
<jayjay> what should i juju?
<jayjay> oh sorry
<jayjay> i dont know what to do in the container
<stokachu> export JUJU_HOME=~/.cloud-install
<stokachu> then
<stokachu> juju resolved rabbitmq-server/0
<stokachu> juju upgrade-charm rabbitmq-server
<jayjay> hmm, ERROR no environment specified
<stokachu> are u inside the container?
<jayjay> I did the lxc-attach -n openstack-single-username thing
<jayjay> yes
<stokachu> yea that's it
<jayjay> user ubuntu?
<stokachu> yea
<stokachu> I'll have to help you more after lunch im on my phone atm
<jayjay> np, thanks so far
<stokachu> np it'll probably be 2-3 hours but I'll get you going
<jayjay> great
<guruprasad> I use Ubuntu server vagrant images a lot. I just downloaded the official xenial64 vagrant box and it doesn't look like the virtualbox guest additions are installed.
<guruprasad> Known issue?
<rbasak> Odd_Bloke: ^
<rbasak> (not sure if that's your department or not?)
<Odd_Bloke> rbasak: It is. :)
<Odd_Bloke> guruprasad: Could you check if there's a bug already at https://bugs.launchpad.net/cloud-images and, if not, file one, please? :)
<Odd_Bloke> rbasak: (Thanks!)
<guruprasad> Odd_Bloke: There is already a bug for this https://bugs.launchpad.net/cloud-images/+bug/1565985
<ubottu> Launchpad bug 1565985 in cloud-images "vagrant vb ubuntu/xenial64 cannot mount synced folders" [Undecided,New]
<hallyn> smb: ok well otherwise ask the bug reporter again to verify.
<hallyn> i've got more srus on my list to push out :)
<smb> hallyn, they cannot verify because they don't use *that* version of libvirt
<smb> hallyn, proposed libvirt 1.2.2-0ubuntu13 - they use 1.2.12-0ubuntu14.2~cloud0
<smb> hallyn, actually not sure you did see the email I just sent you which explains a bit more... :)
<John[Lisbeth]> I've got this old compaq that I am setting up just to display htop through ssh, and I am running into a problem where the tty windows on it keep turning off to save power, and I would like to disable this feature.
<John[Lisbeth]> I am not sure which part of the os is responsible.
<stokachu> jayjay: ok im back
<Pici> John[Lisbeth]: what release of Ubuntu?
<Pici> John[Lisbeth]: you can change it via setterm --blank 0          (might also need --powersave off)
<John[Lisbeth]> I think it's ubuntu 16.04 server
<John[Lisbeth]> I'll try that and then we'll wait and see if it turns off
<terje> hi, I'm using vm-builder to create some VM's. I notice that in a trusty guest, the first nic is named eth0 and all is well.
<terje> with a xenial guest, the nic is em1.
<terje> I have to mount the qcow and change it manually
<terje> possible to specify a nic name in vm-builder?
<jayjay> stokachu: im here too :)
<stokachu> jayjay: cool, you back inside the container?
<jayjay> yes
<jayjay>  su - ubuntu
<stokachu> jayjay: do you have a ~/.cloud-install/juju directory?
<stokachu> jayjay: i actually told you wrong earlier, it should be `export JUJU_HOME=~/.cloud-install/juju`
<jayjay> thats better :)
<jayjay> juju status is now working :)
<stokachu> jayjay: ok do juju ssh rabbitmq-server/0
<stokachu> jayjay: sudo apt install pastebinit; pastebinit /var/log/juju/unit-rabbitmq-server-0.log
<jayjay> http://pastie.org/10850671
<stokachu> jayjay: whats in /var/log/juju/?
<jayjay> http://pastie.org/10850673
<stokachu> hmm, unit-rabbitmq-server-0.log
<stokachu> thats the one i want to look at
<JamieDimon> Is it safe to install systemd on Ubuntu 14.04 trusty?
<jayjay> one moment
<jayjay> its a big file
<jayjay> what do you want to know
<jayjay> or should i share the complete file?
<stokachu> jayjay: mainly looking for any tracebacks
<stokachu> python tracebacks
<jayjay> https://ssw.solcon.nl/qdisk/download/4998379595744848c1094c11261624911975
<jayjay> this is the log file
<jayjay> stokachu: can you see something in the file?
<stokachu> one sec
<stokachu> jayjay: i dont see where rabbitmq is reporting an error?
<stokachu> jayjay: says its active and ready
<jayjay> stokachu: i quit the installer
<stokachu> jayjay: thats ok juju is setup in the background
<jayjay> kyestone still reports idle hook failed
<jayjay> config-changed
<stokachu> jayjay: oh.. right
<stokachu> jayjay: ugh sorry why did i think it was rabbitmq
<stokachu> jayjay: can you send me the unit-keystone-0 log?
<jayjay> lol
<stokachu> theres been this ipv6 issue with rabbitmq
<jayjay> stokachu: https://ssw.solcon.nl/qdisk/download/972592784574489333c04f81492838714575
<stokachu> looking
<jayjay> ERROR juju-log FATAL ERROR: Could not determine OpenStack codename for version 8.1
<jayjay> INFO worker.uniter.jujuc server.go:172 running hook tool "juju-log" ["-l" "ERROR" "FATAL ERROR: Could not determine OpenStack codename for version 8.1"]
<stokachu> yea just saw that
<stokachu> hmm
<stokachu> jamespage: what was ^ from again?
<stokachu> jayjay: https://bugs.launchpad.net/charms/+source/keystone/+bug/1572358
<ubottu> Launchpad bug 1572358 in openstack-telemetry (Juju Charms Collection) "keystone FATAL ERROR: Could not determine OpenStack codename for version 8.1.0" [High,Fix released]
<stokachu> jayjay: what does juju status keystone give you?
<jayjay> stokachu: http://pastie.org/private/wk1ovfwaprvdcc3yikra
<jayjay> stokachu: so its a known bug
<stokachu> jayjay: checking the revision you have versus the latest
<stokachu> jayjay: so juju resolved keystone/0; juju upgrade-charm keystone
<jayjay> Added charm "cs:trusty/keystone-255" to the environment.
<stokachu> jayjay: see if the error still occurs
<stokachu> jayjay: it should reinitialize itself
<stokachu> jayjay: you'll probably want to do that to all the charms deployed
<jayjay> keystone is started now :)
<stokachu> jayjay: cool yea, for some reason you're running some older charm revisions
<stokachu> jayjay: not sure why though as we pull from the latest
<jayjay> stokachu: awesome
<stokachu> jayjay: you'll want to run openstack-status again to make sure neutron gets setup
<jayjay> stokachu: yes, keystone is still complaining about ports which should be open but are not
<stokachu> jayjay: can you post an updated unit-keystone-0.log file?
<jayjay> stokachu: yes, one moment
<jayjay> stokachu: cant find the /var/log/juju direcotry anymore
<jayjay> am i missing something?
<stokachu> did you juju ssh keystone/0?
<jayjay> :):)
<jayjay> there it is :)
<jayjay> i was sleeping
<jayjay> stokachu: https://ssw.solcon.nl/qdisk/download/1552257545574490d7721ad56293922517332
<stokachu> sec
<stokachu> jayjay: yea im not sure about that one, best to ask the charmers in #juju about it
<stokachu> jayjay: i would run juju upgrade-charm first on your services though
<jayjay> stokachu: ok i will try that
<jayjay> stokachu: thanks so far
<stokachu> jayjay: np
<terje> hi, I'm using uvtool to provision a VM. I have a bridged interface it's attaching to, br0.
<terje> How can I specify the IP to use on that interface/network?
<jamespage> stokachu, jayjay: upgrade your keystone charm
<stokachu> jamespage: yea hes on 255 now
<stokachu> but seeing [WORKLOAD-STATUS] blocked: Ports which should be open, but are not: 5000, 35357
<jayjay> yes
<jayjay> stokachu: i restarted haproxy and now everything is Unit is ready :D
<stokachu> nice
<jayjay> yes, thanks again for your help
<Sagar> how much a 32GB dedicated server running apache2 and php7.0-fpm is cable of handling concurrent users?
<sarnold> it depends upon your application
<OerHeks> apache has a limit set http://httpd.apache.org/docs/1.3/mod/core.html#maxclients
<Sagar> assuming the best config?
<Sagar> will it be able to handle 10K realtime users?
<jrwren> it depends entirely on the applictaion.
<Sagar> wp site is what i am runnng
<OerHeks> say 25-50 mb, so that would be 600 users
<Sagar> 600 realtime users?
<OerHeks> and then your networkspeed ...
<Sagar> i was running 1k realtime users on a 2gb vps of digital ocean
<OerHeks> we are guessing, with such minimal info
<Sagar> Suggest me the best?
<nacc> Sagar: that's not how this works, tbh. "best" depends entirely on your workload and doesn't really mean anything wrt your original question (you asked for a quantitative answer, "best" implies qualitative)
<patdk-wk> !best
<patdk-wk> !poll
<patdk-wk> damn bot must be getting altimzers
<sarnold> nacc: when you write your application you need to cache all the things: use page caching to cache entire pages, fragment caching to cache all the rendered fragments, memcached or similar to cache 'business objects' and avoid roundtrips to the database, etc. writing scalable webpages takes a huge pile of work.
<sarnold> sigh. not nacc. Sagar of course.
<nacc> sarnold: :)
<patdk-wk> and it highly depends on the usecase
<patdk-wk> personally, I like to run like a wordpress site, locally
<patdk-wk> then push a *static* copy of it publically
<patdk-wk> means no one can leave comments or anything, but I don't care or want that
<Sagar> so if you have a good config apache + varnish + php fpm along with a single wp running
<Sagar> what would u say?
<sarnold> thank you, comment sections are the worst :)
<patdk-wk> varnish isn't a caching solution
<patdk-wk> it's a solution when you *cannot* do proper caching in the application
<nacc> Sagar: what would we say about what?
<Sagar> patdk-wk: what about laravel?
<Sagar> with memcache?
<patdk-wk> never heard about laravel
<Sagar> nacc: about the concurrent users? how much the server can handle
<Sagar> laravel a php framework
<patdk-wk> that is unknown
<patdk-wk> you have to benchmark php
<patdk-wk> if laravel is a php thing, then your just talking about php
<patdk-wk> why confuse it with something else
<kpettit> Anbody have recommendation for creating a self contained app/script that's easy to move arround?  I can't seem to find anything easier that bash.  Python and such always have dependencies that are painful
<sarnold> perl's often installed but that's getting to be less common these days..
<sarnold> and perl's datastructures are annoying if you aren't content with only arrays, hashesh, and int/float/string
<patdk-wk> python has datastructures?
<patdk-wk> python was really annoying me yesterday with itself
<sarnold> python classes are easier to use and build arbitrary forests/graphs/networks of datatstructures.. perl references and worse perl OO is just exhausting. I'm pretty grumpy about python but if shell/sed/awk or perl don't work out, python's not a terrible choice
<patdk-wk> took me awhile, but I got python working the way a *think* is correct
<patdk-wk> no idea, but it gives me the result I'm looking for atleast :)
<patdk-wk> I'm just too used to C, asm, perl, ...
<patdk-wk> give me pointers, dont hide them from me
<kpettit> sarnold: perl still has the same dependency hell though right?  with modules and versions, etc
<kpettit> I'm just wanting to make something that's self contailed that I can put on any server and can run.  Bash is the only thing I can think of that's like that
<nacc> python is present in all ubuntu these days (iirc)
<patdk-wk> bash cannot do that
<nacc> but "any server" is perhaps broader than that
<patdk-wk> it has dependency hell on all the other programs you use to write the bash script :)
<nacc> heh
<kpettit> yeah but Ive got to deal with ubuntun from 10.04 to 16.04 and a bunch of centos machines
<patdk-wk> besides the forkbombing bash does :)
<kpettit> so I'm trying to make something generic that'll work on most linux systems out of the box without having do install a bunch of junk.
<kpettit> I love python, but it annoys the crap out of me when I have to deploy it to other systems
<sarnold> kpettit: I hesitate to suggest it since their community tends to encourage loads of practices I disagree with, but Go aims to provide you with a single executable that you can copy from machine to machine, so long as the architecture matches, it ought to run.
<nacc> heh
<nacc> rbasak: is it expected for squid3's autopkgtests to fail under lxc (appears to be apparmoer related, which i'm assuming would need nested apparmor)
<rbasak> nacc: the test is supposed to declare if it requires full virt.
<nacc> rbasak: well, the version in trusty, running in lxc under xenail doesn't pass tests for me :)
<nacc> for test_zz_apparmor
<rbasak> nacc: so yes if it does that, no if it doesn't. But yeah, if nested apparmor is needed, then perhaps the test should declare it needs full virt.
<rbasak> nacc: try adt-virt-qemu. adt-buildvm-ubuntucloud is useful.
<nacc> rbasak: just says 'needs-root'
<nacc> rbasak: ack, can do, just slower :)
<coreycb> ddellav, manlia's uploaded.  make sure you subscribe ubuntu-mir to the bug so the MIR team is notified to review it.  https://launchpad.net/ubuntu/wily/+queue?queue_state=1&queue_text=
<ddellav> coreycb ok, will do
<cliluw> If I'm making Debian packages for Ubuntu, do I want to install ubuntu-dev-tools or the devscripts package?
<nacc> cliluw: well, you'd be making Ubuntu packages for Ubuntu, to be clear :)
<nacc> cliluw: and i use tools from both, tbh
<cliluw> nacc: According to the apt-cache, it seems devscripts breaks and replaces ubuntu-dev-tools.
<nacc> cliluw: heh, let me look aagain
<nacc> cliluw: i have both installed acc'g to apt-cache right now :)
<nacc> cliluw: version specific breaks and replaces
<cliluw> nacc: Oohh, ok!
<synchronet> Hi, why do we get updates all the time?
<synchronet> do the guys who write the code have their head up thier ass?  I thought they were pros?
<synchronet> load of php updates tonight
<synchronet> cant they get it right?
<rbasak> You should ask for a full refund.
<synchronet> yep
<sarnold> synchronet: https://www.jwz.org/doc/cadt.html
<synchronet> happy to chip in but geez
<shewless> Hi. Is this the right place to ask about "conjure up"? I just want to know if the LXD option uses containers to run the "controllers" of openstack or if it just uses LXD as the compute nodes - if that makes any sense
<synchronet> always kfg updates
<synchronet> sarnold:  I never click anything
<shewless> stokachu: rbasak said you might be able to help if you're there
<sarnold> synchronet: this one should be clicked :) I think it'll resonate
<synchronet> I never click anything
<synchronet> I dont trust any fkr
<synchronet> 26 years on the web has about done me
<sarnold> synchronet: you've been on the web for 26 years and don't know jwz.org? O_o
<nacc> heh
<synchronet> I dont know anything thz days
<synchronet> Lost in Space
<stokachu> shewless: it is pure LXD for both controller and compute nodes
<stokachu> no kvm at all
<stokachu> shewless: i gotta go afk but leave me any messages here and ill answer them when i get back tonight
<synchronet> stokachu: seems a cool guy
<kpettit> sarnold: I haven't ever tried Go.  But it's worth a look.  Never had a reason to try it before, so worth a look at least
<jrwren> https://www.jwz.org/doc/cadt.html  the funny thing is, i filed a netscape2.0 bug in 1995 which was closed in the exact same way upon the rewrite.
<synchronet> :)
<synchronet> some one will kill hundredes of people one day and claim insanity and sat the internet made me do it
<synchronet> say
<synchronet> its getting beyond something, not sure what
<synchronet> is it just money these days?
<synchronet> cant run a simple website without constant interferance?
<synchronet> update needs so they can spam you more
<synchronet> and always to enhance your experience etc
<synchronet> well kffkd off here at the mo
<nacc> synchronet: i feel like this is a bit of a rant that is better suited for #ubuntu-offtopic :)
<synchronet> yeah, sry, bad day
<synchronet> stopped
<nacc> synchronet: :) no problem
<synchronet> :)
<synchronet> ty
<arooni> is it a stupid idea to add my ssh/deploy user to the 'root' group so i dont have run sudo to edit nginx virtual server files ?  am i just being lazy lol?
<patdk-lap> I can't imagine why you would need that
<patdk-lap> why would you *not* want to run sudo?
<synchronet> patdk-lap:  how come other distros are not afraid of root,
<synchronet> I have never had a server hacked in my life
<patdk-lap> lucky you
<synchronet> maybe
<patdk-lap> I have been hacked twice, and by the same kernel vaunerability each time
<patdk-lap> first, the server was slow in getting patched
<synchronet> had a client hacked but that his WPress end
<patdk-lap> second, the CVE was not compiled into that kernel, by the kernel packager
<synchronet> also in 14.04 and proftp there is an expolit
<patdk-lap> oh, websites being hacked are a multible day issue for me
<synchronet> I just basically kicked a client with 5 dedicateds because he could not keep his wp sites up to date, sad but a major pain
<patdk-lap> synchronet, that isn't part of ubuntu though
<patdk-lap> proftpd is part of universe
<patdk-lap> universe is unmaintained :)
<synchronet> patdk-lap:  agreed, its what viryualmin drags in, they fixed it now apparently
<sarnold> kpettit: there's a lot about go the language that looks nice. It looks like a nice application programming language but a poor systems programming language.
<synchronet> virtualmin sry
<patdk-lap> I have and keep my own proftpd as with any other software I need, in my production ppa
<sarnold> patdk-lap: why do you use proftpd? it looks .. iffy.
<patdk-lap> I only use it for myself in one location :)
<patdk-lap> but I do maintain it for others that use it heavily
<patdk-lap> for sftp mainly
<synchronet> be nice if Ubuntu did its own hosting CP
<patdk-lap> hosting CP?
<synchronet> I just do hosting mainly
<synchronet> yeah like virtualmin cpanel etc
<patdk-lap> yuk
<synchronet> whatever
<synchronet> gui guy here
<patdk-lap> I once attempted to use that other cpanel thing for customers before
<patdk-lap> wh??
<synchronet> centos have a panel I believe?
<patdk-lap> filed a bug report, that the admin user used md5 password hashes, and I need that corrected before I could deploy it, as a paying customer
<patdk-lap> they marked my bug as, won't fix
<patdk-lap> I left them
<synchronet> :)
<synchronet> might as well get off the planet these days
<terje> anyone here know much about uvtool?
<patdk-lap> yes, no one *should* get my database, or hash, but lets be relistic
<patdk-lap> expecially with closed source software
<terje> I'm trying to use cloud-init with uvtool but it never seems to read my config
<synchronet> terje: I cant help sry
<terje> :/ it's one of those I've been banging my head on. :(
<synchronet> never give up
<terje> never surrender
<synchronet> where there is a will ...
<sarnold> terje: heheheh
<sarnold> terje: do you get any error messages?
<terje> sarnold: so my situation is..
<terje> I'm not using vibr0, I'm using br0 so I can have my VM directly on my nic
<terje> so using uvt-kvm works just fine, as in my VM boots up, I can virsh console to it
<terje> and it's waiting for an IP via DHCP
<terje> I'm trying to use cloud-init, specifically meta-data to set it's IP statically
<terje> and that part just doesn't work.
<patdk-lap> no idea what a uvtool is :)
<terje> so, no error messages that I have seend.
<terje> seen, even
<sarnold> patdk-lap: this thing https://help.ubuntu.com/lts/serverguide/cloud-images-and-uvtool.html
<rbasak> terje: I wrote uvtool.
<rbasak> terje: I'm not sure about your static IP case.
<rbasak> That's cloud-init's responsibility. uvtool doesn't really do anything with cloud-init stuff apart from pass it on.
<rbasak> Is it metadata or userdata you're using?
<rbasak> Whichever way, are you using --user-data or --meta-data in your "uvt-kvm create" call?
<rbasak> Because if not, uvt-kvm will create its own and thus possibly scupper whatever else you're trying.
<sarnold> rbasak: is libvirt's idea of networking getting in the way here?
<rbasak> That depends on what terje is expecting I think. libvirt packaging sets up a bridge and dnsmasq IIRC. But he might have changed that. uvtool and libvirt VM creation just connects the guest's NIC to a bridge by default.
<keithzg> Anyone know of any decent small-business scale Windows antivirus products (okay, I know that's already thinning the herd precipitously, but bear with me) that can be centrally managed from an Ubuntu server?
<keithzg> Our office's Bitdefender license is expiring and I'd rather not rely on a Windows server to shepherd the Windows instances.
<stokachu> keithzg: nothing like bit defender, there's clamav by that's just for mail
<stokachu> keithzg: I thought windows had something like windows defender that was included
<jjohnston> hello I'm wondering if someone here can help me with conjure-up, lxd and maas
<devster31> what should I look at if the sync command hangs indefinitely?
<stokachu> jjohnston: which version of maas?
<jjohnston> MAAS Version 2.0.0 (beta5+bzr5026)
<stokachu> what issue are you having
<jjohnston> maas is actually pretty happy its more lxd bridge and conjure-up authenticating against maas that I'm having issues with
<stokachu> what version of juju?
<jjohnston> so i have my hosts in a ready state in maas and am running conjure-up openstack using the lxd option
<jjohnston> when I select the lxd domain created by the lxd configuration wizard it complains that lxdbr0 is missing
<jjohnston> lxdbr0 IS missing, but no matter what I do the re-configure lxd wizard won't add the interface
<stokachu> ah
<stokachu> try running like lxc list
<stokachu> see if the interface gets activated then
<jjohnston> negative
<jjohnston> i've even done lxd init and run through resetting everything to no avail
<stokachu> yea ice hit this issue as well
<stokachu> I've*
<jjohnston> so if I go the "use existing maas" option in conjure-up and I put in the api endpoint and api key, it bails with a key error as well
<stokachu> trying to remember what I had to do
<stokachu> jjohnston: you just ending the IP?
<stokachu> entering*
<jjohnston> no i put the fqdn
<jjohnston> with http://
<stokachu> try just the ip
<stokachu> no http
<jjohnston> k
#ubuntu-server 2016-05-25
<stokachu> I should probably be more accommodating there
<jjohnston> KeyError: KeyError('credentials',)
<jjohnston> i'm using the api key from my maas user
<jjohnston> does the specific maas user need to be in the credentials.yaml?
<stokachu> oh maas 2.0 uses username/password right?
<jjohnston> yes
<stokachu> yea.. i need to add support for that
<jjohnston> but presents an api key in the account settings
<stokachu> ah ok maybe it does both
<jjohnston> well maybe not..  it doesn't like my key no matter
<stokachu> yea i think they've changed that
<stokachu> unfortunately i've only tested on 1.9
<jjohnston> should I be trying to put the user name in there and have a corresponding entry in the credentials.yaml for juju?
<stokachu> jjohnston: i think im storing the credentials wrong in the credential.yaml for maas 2.0
<stokachu> jjohnston: you could try adding the credentials manually for juju, then running juju bootstrap to have a controller ready
<stokachu> conjure-up can make use of that as well
<stokachu> i need to get a maas 2.0 up and going
<stokachu> jjohnston: https://github.com/ubuntu/conjure-up/issues/38
<stokachu> feel free to track that there
<jjohnston> k will do, thanks!
<gagagugu> sarnold, ?
<shewless> stokachu: Is there a way to get the controller stuff on LXD but still use KVM for the compute nodes?
<ShaRose> If anyone wants it, I basically edited the existing zfs-on-linux guide to installing 16.04 on zfs root so it's more.. automatic. With environment variables.
<ShaRose> https://gist.github.com/ShaRose/7554a2f3ece4d5a119757d2dacab4a27 hopefully it works for everyone, etc etc don't blame me if it blows you stuff up
<ShaRose> (also, I should probably rehost the bootstrap script..)
<sarnold> ShaRose: please poke rlaager about your updates :)
<ShaRose> sarnold dunno if it's 'bulletproof' enough though, mostly what I did was make things more automatic
<ShaRose> for example, it probably would only work with a single interface
<jelly> what is the optimal way to add 8bit latin1 en_US locale to a xenial 16.04 server?
<sarnold> I think "sudo locale-gen en_US ; sudo update-locale" would do it (based on http://askubuntu.com/a/76106/33812 )
<jelly> I'll see how that works on a fresh system. previously I messed with /var/lib/locales/supported.d/local but the directory doesn't even exist by default in 16.04 http://paste.ubuntu.com/16675192/
<sarnold> I've got a /var/lib/locales/supported.d/ ..
<sarnold> that also looks like it shold work
<jelly> sarnold: did you install a language pack on the system where it exists?  dpkg -S /var/lib/locales/supported.d  says what?
<sarnold> language-pack-en-base: /var/lib/locales/supported.d
<jelly> right
<jelly> coworker did just the core install, even "locales" was missing
<sarnold> hehe
<sarnold> I just used the standard server install image, nothing fancy
<sarnold> but I htink that is something like three times the size of the "core" install
<jelly> honestly I'm not sure why debian and ubuntu don't default to pregenerated locales-all, oh noes, 100MB disk space used
<jelly> I could file a bug for Tivoli and tell them to "dammit, backup files even if their names are invalid UTF-8 bytecode"
<curmet> Hello
<curmet> I accidentally misconfigured my apache ubuntu , then it cant be restarted
<curmet> it showed this error when restarted : "Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details."
<curmet> Itried to purge and install , the problem persists. any idea?
<hateball> curmet: does apache itself spit out any logs or does it actually die before that?
<curmet> hateball: idk , it just doesnt start
<Vertel> Greetings. I'm setting up a personal 16.04 server and am wondering if there's a solid guide to securing it. I want to avoid being one of those servers on the Internet that gets taken over and used to spam China. :P
<Vertel> I do know all the basics; don't open unnecessary ports, only install services I need, public-key SSH required, but I'm not quite sure I'm paranoid enough yet.
<ikonia> curmet: look at the log files as I told you in #ubuntu and fix why it's broken
<ikonia> randomly re-installing won't help
<curmet> hateball, any idea?
<hateball> curmet: Yes, I gave you a suggestion and it seems that ikonia has as well
<curmet> hateball , logged out for awhile lol,which suggestion?
<hateball> curmet: To check for apache logs
<curmet> "[Wed May 25 05:15:37.211997 2016] [mpm_event:notice] [pid 6039:tid 3074554496] AH00489: Apache/2.4.12 (Ubuntu) configured -- resuming normal operations
<curmet> [Wed May 25 05:15:37.214442 2016] [core:notice] [pid 6039:tid 3074554496] AH00094: Command line: '/usr/sbin/apache2'
<curmet> [Wed May 25 05:16:29.664671 2016] [mpm_event:notice] [pid 6039:tid 3074554496] AH00491: caught SIGTERM, shutting down
<curmet> "
<curmet> hateball , that is
<pirx_> hello! i just added a new service in my server, by adding a script to /etc/init.d/ and doing "update-rc.d service defaults"
<pirx_> the service starts fine, but none of the outputs (the echo's) in the init-script are printed to screen anymore
<pirx_> so it seems to work, but its all very clandesine:)
<cpaelzer> pirx_: is that already with systemd , so 15.04 or later I think ?
<pirx_> ah, forgot to say, this is on 16.04, first time i am installing stuff on a 16.04
<cpaelzer> pirx_: ok that makes sense - the old init scripts are only executed by a systemd wrapper
<pirx_> all other servers are still 14.04
<cpaelzer> pirx_: it is intentional that they don't litter the screen with messages
<cpaelzer> pirx_: you should be able to see it at the end of "service yourservice status"
<cpaelzer> pirx_: also in the journal it would show up
<pirx_> so i should just trust that it started ok if it didnt print anything? :)
<cpaelzer> pirx_: well how do you start stop it - with the "service" wrapper or with systemctl ?
<cpaelzer> pirx_: or do you call it directly like /etc/init.d/foo ?
<pirx_> but it also seems that my init-script doesnt work 100% with "service --status-all"
<pirx_> cpaelzer: with service wrapper
<pirx_> --status-all shows [ - ] even though the service is started
<cpaelzer> pirx_: in that case you should expect it to work if you don't see - an error would show up and in general "status" is your way to go
<cpaelzer> pirx_: for the proper integration into status all and so much more it should (these days) best be a proper systemd service/unit
<pirx_> oh crap, just realized that this script lacks a status) argument :)
<cpaelzer> I don't have a link handy but there are good guides for such a transition
<cpaelzer> hateball: you have often a great bucket of great links to refer to - is there a good entry point for sysv to systemd transition for pirx_?
<cpaelzer> I only find upstart to systemd at https://wiki.ubuntu.com/SystemdForUpstartUsers
<stokachu> shewless: yes use openstack base  selection (the first option)
<hateball> cpaelzer: afraid not, I havent really been dabbling anything with systemd yet myself :o
<hateball> currently running 12.04 and 14.04 on all servers, so :p
<cpaelzer> hateball: ok, was just my perception that there is always a handy link from you :-)
<hateball> google-fu goes a long way :p
<hateball> But sadly not read up the subject at hand
<cpaelzer> sadly I don't remember where I started, butI quickly checked and sorted out a few
<cpaelzer> http://unix.stackexchange.com/questions/233468/how-does-systemd-use-etc-init-d-scripts
<cpaelzer> https://fedoramagazine.org/systemd-converting-sysvinit-scripts/
<cpaelzer> but especially (really) understanding what this does is important => https://www.freedesktop.org/software/systemd/man/systemd-sysv-generator.html
<cpaelzer> pirx_: I hope this gives you a good start
<cpaelzer> deadnull_: nice, it is almost like a dance with the underscore :-)
<pirx_> cpaelzer: thanks a lot! i'll have to go through this now it seems:)
<deadnull_> cpaelzer lol :)
<jonah> Hi I wondered if anyone can help at all. I have an ubuntu 14.04 backup server that just uses samba and ftp for some backups. It only has a 10/100 built in lan card as it's pretty old. So I bought a PCI-e Lan card which is gigabit. The problem is it doesn't seem to "just work" haha, it was cheap! So does anyone know how I can detect what the driver is and how to get it up and running so I can benefit from blazing speeds!!!
<jonah> Thanks if anyone can help at all
<ikonia> jonah: find out what chipset the card is
<cpaelzer> jonah: I'd start with lspci - identify which card it is, then once you have the slot  and such rnu lspci again but with -vvv and -s slotspec
<cpaelzer> jonah: that will give you a start info as what the card is really seen - with that you can start looking for support
<jonah> ikonia: well that's just it, I don't know. maybe it was a bit TOO cheap!
<jonah> I tried lspci, but can't see it or don't recognise which entry it could be
<jonah> I can see my 10/100 intel one there
<ikonia> jonah: so that sounds like it's dead
<jonah> but no mention of any sort of ethernet/lan/speeds
<ikonia> it may not show a speed, it's just a description of the device
<ikonia> if you see no device that could be it, then it's probably a broken card
<jonah> ikonia: what do you mean by dead, just broken? The light comes on when you insert an ethernet plug...
<ikonia> take it back and buy a quality supported card
<cpaelzer> jonah: you might "lspci -vvv | pastebinit" so we can look at it
<ikonia> jonah: thats just a link light
<cpaelzer> but I agree to ikonia that it is likely just dead
<jonah> Hi I've pastebinned it here: http://pastebin.com/phV8wQn4
<cpaelzer> jonah: yeah just not showing up likely means dead
<cpaelzer> jonah: for the sake of trying to ressurrect you might save the lspci to a file, move it to another slot - do the same, remove it do the same
<cpaelzer> jonah: and then compare the lspci output files
<cpaelzer> jonah: after all you could also have a disabled pci slot or so
<cpaelzer> jonah: also watch dmesg and such
<cpaelzer> jonah: or shortcut to "buy a good one"
<jonah> cpaelzer: ah yeah that's good idea
<jonah> ok yes I'll try another slot just in case and then just buy a decent one! haha thanks for the help
<cpaelzer> jonah: I have seen weird boards where enabling the primary slot with x16 disables the other slot and such
<cpaelzer> jonah: good luck
<jonah> cpaelzer: thanks
<jonah> also while I'm in here, is there a way to get the backup server to spindown/sleep or even turn itself off and on as it is needed? It only really backs up at night, so it would be great if there was a way to power it down during the day to save it wearing out and then it just come on when the samba, ssh/ftp backups start...
<rbasak> jonah: you can do it but I don't recall the details. pm-suspend on older systems, systemd does something to replace it since Vivid. Most systems can be set to wake on a clock but I don't know the details - either from the BIOS or by adjusting the RTC from the running system. You'll probably need to install some packages as it's not a common server use case.
<jonah> rbasak: ok thanks I'll try and have a google around in that case
<John[Lisbeth]> btw if whoever helped me ealier is still listening, setterm worked for the htop machine
<John[Lisbeth]> tyvm
<rbasak> teward: http://i.imgur.com/3aUIbfv.jpg
<hateball> jonah: do you have other devices on 24/7, perhaps a router? You could schedule WOL for the server, then have it shut off once done
<jonah> hateball: yeah I have the router on all the time and another server which it backs up
<hateball> jonah: well then you could look into scheduling WOL
<hateball> my router has support for it, that's pretty neat
<jonah> hateball: ah ok so the router wakes up the bios wol option? that is cool, how do you then get the server to shut itself down again when it's not doing anything too?
<hateball> jonah: just add a shutdown command after your backup command completes successfully
<teward> rbasak: LOL
<teward> rbasak: that made me smile xD
<jonah> hateball: that's cool I'll have a look thanks again
<jonah> hateball: ah I just thought of something else. If I have 3 or 4 backups that run such as weekly, nightly and another from a different server etc and I add shutdown commands to them they might shutdown each other's backups half way through...?
<teward> jonah: then schedule maintenance windows for shutdowns, etc.
<teward> times where the backups will have already completed and such
<teward> and then schedule the shutdown/reboot then
<jonah> teward: this is where it gets a bit confusing though. say there is an incremental backup that runs, but one night no files have changed so the backup only takes 5 mins but another night loads of new files or changes have been made on the server and the backup takes 2 days. This is why I wondered if there is a way to only shutdown if nothing is going on rather than at a set time
<hateball> jonah: do you run both full and incrementals at the same time?
<rbasak> jonah: get each backup script to hold a lock. Attempt to grab the lock exclusively at the end, and if successful then shut down.
<rbasak> Careful about the race condition though that a shutdown happens just before a new backup is due to start.
<jonah> hateball: yeah they can overlap. As the incremental is nightly and just depends, and the full is weekly. but the full takes a couple days to complete and as I say the incremental depends. then to throw even more into the mix is another server doing a midweek backup too!
<hateball> sounds like there's not much time for the server to be shutdown at all then?
<teward> jonah: I would not be doing shutdowns automatically then if you're stating this
<teward> jonah: instead, you need to schedule time in *all* the backup schedules to do a shutdown/restart, by halting automated backups at that time
<jonah> haha that's true! I just thought there may be a day here or there I could save power and prelong the life of the old box a bit
<teward> jonah: with the backup schedule as you saying running "whenever" you're going to have to halt backups globally to achieve your goal
<teward> the only way to achieve that is to do backups by the backup server being a 'fetcher'
<teward> or, stop all backups
<rbasak> For spinning disks you may actually be shortening their life by spinning them down.
<teward> ^ that too
<teward> rbasak: BTW, can you do a preliminary review of a debdiff for the nginx merge?  At least, to make sure I didn't miss anything blaringly obvious.  I am behind on getting the merge done thanks to network/hardware/firewall replacement
<teward> with no backup for this one :
<teward> :/ *
<teward> rbasak: https://launchpadlibrarian.net/259562731/preliminary-yakkety-merge.v5.debdiff if you have time, if not then don't worry about it
<teward> it'll be underoing testing starting Monday in my VMs.
<jonah> well they're pretty old disks hard disks so maybe they'll live longing just leaving them on all the time?
<jatin30> I am building LAMP from https://help.ubuntu.com/community/ApacheMySQLPHP and I am stuck at point 3 in virtual hosts [19:11] <jatin30> Change the DocumentRoot to point to the new location. For example, /home/user/public_html/ [19:11] <jatin30> how to do this?
<Pici> jatin30: what do you mean?  Are you looking to setup multiple virtual hosts?
<josepht> jatin30: in your .conf file from point 2 edit DocumentRoot to point to where you will be serving http from
<Pici> personally I usually leave it pointing to somewhere in /var/www/
<jatin30> josepht: changed "DocumentRoot /var/www/html " to "	DocumentRoot /home/user/public_html/"
<jatin30> I am new here , so please excuse me.
<jatin30> josepht, will it work fine what I did
<josepht> jatin30: no worries, It will work only if /home/user/public_html is a real directory
<josepht> jatin30: most likely your username is not "user" :)
<jatin30> Ok! i cant find public_html in the path. there is a public tho
<josepht> jatin30: I'm with Pici though, I'd just leave it as /var/www/html, make sure the directory exists and use that everywhere you see /home/user/public_html in the wiki
<jatin30> in point 3 it was given to change it to /home/user/public_html
<jatin30> I cant find var only
<josepht> jatin30: it assumes you will create the directory if it doesn't exist
<josepht> sudo mkdir -p /var/www/html
<jatin30> ok Josepht, can I direct message you?
<josepht> jatin30: if you need to, it's fine here as well in case someone else finds it useful
<huwjr> heya, trying to run php7 apache module, is it normal that there is no php7.conf or php7.load ? I can create these, but just wondering if I am missing something blatant
<sdeziel> huwjr: the files are named php7.0.conf and php7.0.load
<sdeziel> http://packages.ubuntu.com/xenial/amd64/libapache2-mod-php7.0/filelist
<huwjr> nope :/ werenât create..
<huwjr> +d*
<sdeziel> is this the package you (tried to) installed?
<huwjr> yep..
<huwjr> *double checks*
<huwjr> yep. thatâs it :/
<huwjr> all the other files are there
<huwjr> but no load or conf
<huwjr> how bizarre
<sdeziel> huwjr: stupid question but are you checking under mods-available/ ?
<sdeziel> dunno if those are auto enabled during the installation
<huwjr> iâve checked both
<huwjr> the install was done with an ansible playbook, but there were no errors and the .so and everything in /usr/lib /usr/share is instsalled
<huwjr> iâm properly confused
<sdeziel> huwjr: what's the dpkg status of that package?
<coreycb> jamespage, nova 1:2014.1.5-0ubuntu1.5~cloud0 is ready to promote to icehouse-proposed when you have a chance
<huwjr> libapache2-mod-php7.0              7.0.4-7ubuntu2                      amd64        server-side, HTML-embedded scripting language (Apache 2 module
<sdeziel> huwjr: the first field is missing
<huwjr> ii
<huwjr> soz
<sdeziel> huwjr: OK, looks good. Now I'm confused too ;)
<huwjr> yeah...
<coreycb> jamespage, also qemu 1:2.2+dfsg-5expubuntu9.7~cloud3 is ready to promote to kilo-updates
<huwjr> i donât know if perhaps this is related BUT
<huwjr> the OS was installed with a preseed, and it automagically put /home on a separate partitionâ¦ despite having specified atomic
<huwjr> i reinstalled 3 times with the SAME preseed, and every time it has not done that again.
<huwjr> which is batsh**
<sdeziel> huwjr: I doubt that's related. I'd try a manual (re)installation of the package and see what's going on
<huwjr> mm
<huwjr> ta
<huwjr> glad iâm not barking up the wrong tree anyway
<huwjr> sdeziel: would you do a --reinstall
<huwjr> or remove, then install
<sdeziel> huwjr: I think both would do the same
<huwjr> apt-get --purge remove libapache2-mod-php7.0 says itâs going to install php7.0-fpm :/
<huwjr> i repeat INSTALL
<huwjr> why?
<sdeziel> huwjr: I suspect some other package wants a php provider to exist so when you remove the apache implementation it wants to switch to the FPM one to keep the dependency
<huwjr> ah i see
<huwjr> fair enough
<huwjr> reinstall gets: dpkg: error processing package libapache2-mod-php7.0 (--configure): subprocess installed post-installation script returned error exit status 1: Errors were encountered while processing: libapache2-mod-php7.0: E: Sub-process /usr/bin/dpkg returned an error code (1)
<sdeziel> huwjr: you can try to add "set -x" to /var/lib/dpkg/info/libapache2-mod-php7.0.postinst and redo the configuration
<huwjr> as in above set -e or instead of
<huwjr> and thanks *)
<nacc> huwjr: in addition to
<nacc> so above/below
<sdeziel> thanks nacc :)
<huwjr> thanks ..
<nacc> sdeziel: i believe you're right on the reason php7.0-fpm was installed ... (an alternative solution would be to remove the reverse-deps, or to pick a different provider manually)
<nacc> huwjr: would also be curious what `dpkg -L` says for that package, if you haven't uninstalled it yet
<huwjr> E: Internal Error, No file name for libapache2-mod-php7.0:amd64
<nacc> huwjr: also, stock 16.04? not using any PPA?
<huwjr> no, completely stock
<nacc> huwjr: ok, just checking
<nacc> huwjr: what printed that 'Internal Error'? adding the set -x ?
<huwjr> yeah
<sdeziel> huwjr: Xenial received a PHP update (yesterday) so you should have 7.0.4-7ubuntu2.1 available for install  (you currently have 7.0.4-7ubuntu2)
<huwjr> http://paste.ubuntu.com/16684570/
<sdeziel> doubt that it would help with the problem at hand but your version is known vulnerable...
<huwjr> i read the notes, didnât seem to effect
<huwjr> k
<nacc> huwjr: the other thing to try, not saying this will work, is removing 'libapache2-mod-php', rather than the version specific one
<nacc> huwjr: intersting, so dpkg clearly things it the mod .conf and .load are in the file
<nacc> *the pacakge
<huwjr> hehe
<nacc> *thinks
<nacc> gah
<nacc> :)
<huwjr> iâve exhausted a lot of my knowledge, but this is indeed curious
<nacc> huwjr: ok, still reading scrollback, what's the use-case?
<nacc> huwjr: as in, how did this happen? :)
<huwjr> well everything installed fine (AFAIK), dpkg state ii
<huwjr> host was deployed with ansible, so itâs possible something was missed without stderr
<huwjr> assuming an error was on stdout instead of stderr
<nacc> huwjr: any chance you could pastebin /var/log/dpkg.log ?
<huwjr> and i only noticed when php wasnât running on a website i just set up, and couldnât find the .load or .conf
<rbasak> huwjr: if done with ansible, does that mean that you should be able to reproduce? It might be easier to verify if you can reproduce then reduce it to a minimal manual case.
<huwjr> 2016-05-12 17:29:44 status half-installed php-common:all 1:35ubuntu6
<huwjr> built this a while ago, but had some issues with partitions hense only looking deeper today
<nacc> huwjr: ah, that might be the root-cause? like you mentioned, i mean
<nacc> rbasak: good point; huwjr if you wanted to share the playbook, maybe it's something obvious
<coreycb> jamespage: for the ironic newton failure, the tests pass locally but /etc/hosts isn't found when it's run in ci for some reason. and it only fails on yakkety.  not sure why..
<huwjr> you mean the possibility of stderr to stdout?
<huwjr> would be a lot of abstracting from the playbook, but will keep it in mind if i donât get anywhere soon!
<nacc> huwjr: or something isn't doing proper error checking. The dpkg.log should help figure out what initially 'broke' things
<huwjr> you want the full log, or just php stuff
<nacc> huwjr: i guess if you know what to look for, you're welcome to parse through it
<nacc> i realize now the log might be quite large :)
<nacc> huwjr: i would mostly be interested in the php stuff, and especially any errors reported
<huwjr> http://paste.ubuntu.com/16685152/
<nacc> huwjr: ok yeah the 'half-installed' bits are normal
<nacc> iirc, it goes into that state during installation itself
<nacc> and then transitions to 'installed'
<huwjr> yeah noted that now :)
<sdeziel> 2016-05-13 00:27:09 status triggers-pending libapache2-mod-php7.0:amd64 7.0.4-7ubuntu2
<sdeziel> I am not sure what that means ^
<sdeziel> maybe because of the new curl module to enable?
<nacc> i think that's ok, because it's followed eventually with 'trigproc trigproc libapache2-mod-php7.0:amd64 7.0.4-7ubuntu2 <none>'
<nacc> but i'm not sure, tbh
<nacc> err, one less trigrpoc
<nacc> sdeziel: yeah, so i think that's the way dependencies forcing reloads work, it sets off a trigger, dpkg tracks what triggers still need to fire, and then processes the triggers
<sdeziel> nacc: sounds logical
<nacc> the weird part is the end of that log, though
<huwjr> the end?
<huwjr> the end is me madly trying to get it reinstalled - probs :p
<nacc> trigproc -> half-configure -> installed -> upgrade (to the same version?) -> half-configured -> half-installed
<huwjr> oh.
<nacc> and it seems to still be in that half-configured state by the last line
<nacc> huwjr: so it might be your manual intervention, not sure
<huwjr> yeah and dpkg was state: ii to start with
<sdeziel> could the upgrade be a --reinstall?
<nacc> huwjr: is this reproducible
<huwjr> only AFTER reinstall did it fail with iF
<nacc> sdeziel: ah it could be
<huwjr> i did -- reinstall then it entered iF
<huwjr> but before was fine :)
<nacc> let me spin up a container just to see
<nacc> huwjr: sorry, maybe got missed; is this reproducible in multiple ansible deployments?
<huwjr> iâve not retriedâ¦ will do now :)
<huwjr> i suspect it will all go nicely *hehe*
<nacc> huwjr: yeah, i'm tempted to say glitch in the matrix, because if this was more commonly happening i think i'd be seeing a lot mor bugs
<huwjr> oh yeah definitely
<huwjr> the separate partition on /home also spookyk
<nacc> i do get a 'Warning: Could not load Apache 2.4 maintainer script helper.' during the --reinstall, but it succeeded in my container
<nacc> this is with 2.1, fwiw
<nacc> 7.0.4-7ubuntu2.1
<huwjr> ok so
<huwjr> sorry - got distracted
<nacc> huwjr: np
<huwjr> so did an apt update to see what would happen
<huwjr> http://paste.ubuntu.com/16685572/
<huwjr> that at least seem more promising, no?
<nacc> huwjr: so if you do `apt-get -f install` right now, what happens (feel free to pastebin)?
<nacc> i think right now, dpkg is unhappy that libapache2-mod-php7.0 hasn't finished configuring
<nacc> huwjr: you might also try `apt-get -f install libapache2-mod-php7.0`
<huwjr> http://paste.ubuntu.com/16685685/
<nacc> huwjr: ok, try just that last one (so we can remove php7.0 from the noise)-- i assume it will error out the same, but nt sure
<huwjr> do i need to clear the .postinst ?
<huwjr> http://paste.ubuntu.com/16685729/
<nacc> huwjr: you shouldn't ever have to manually muck with those files, afaik -- oh but you altered it, you mean? um, yeah, i guess reset it, but it shouldn' tmatter (the error codes are all the same, it's justmore verbose with 'set -x')
<huwjr> i backed out my set x
<nacc> huwjr: are you able to purge out libapache2-mod-php7.0?
<huwjr> before this lot
<sdeziel> nacc: I'm the one who suggested huwjr to add "set -x" to the postinst
<nacc> sdeziel: ack, i recall -- did we get that output?
<sdeziel> no
<nacc> :)
<huwjr> yeah the output was â¦ E: Internal Error, No file name for libapache2-mod-php7.0:amd64
<huwjr> anywho, purged - but it required me to /install/ FPM which was never installed, i did so
<huwjr> then reinstalled libapache2-modâ¦â¦. and it worked
<huwjr> so it seems thereâs a depend on fpm?
<huwjr> or, it was just in a mess, and i could only purge by installing fpm (thereâs probably a way, Iâm dumb!)
<huwjr> the latter i guess?
<nacc> huwjr: right that's what sdeziel suggested earlier and i agreed (in theory at elast), that there's something else (probably php7.0 itself) requireing a php provider to be installed
<nacc> either -fpm or apache or cgi
<sdeziel> "No file name for libapache2-mod-php7.0" could this be because of the 2.1 update?
<nacc> and since you removed apache, it needed to install the next int he alternatives list
<nacc> sdeziel: it *could* be, but shouldn't be, i don't think :)
<nacc> huwjr: that was the only output?
<huwjr> soz
<huwjr> many many things on
<huwjr> the only output of what sorry?:)
<huwjr> with set x? the only output was above..
<nacc> huwjr: yeah, 'set -x'
<nacc> huwjr: from running that postinst script manually basically
<nacc> huwjr: strange
<nacc> huwjr: i'm still not 100% sure how you got into your original state, but it seems like you are out of it now?
<nacc> huwjr: also, did you reproduce it in a fresh run of the playbook?
 * huwjr scrolls up
<huwjr> yeah that was the only errror
<huwjr> 1 not fully installed or removed
<nacc> ok
<huwjr> well this
<huwjr> 0 to upgrade, 0 to newly install, 1 reinstalled, 0 to remove and 19 not to upgrade.
<huwjr> 1 not fully installed or removed.
<huwjr> After this operation, 0 B of additional disk space will be used.
<huwjr> :)
<huwjr> but thatâs kind of obvious..
<nacc> so the only other thing i could think of is if somehow the archive got corrupted, but i would think the various checks would have noticed
<nacc> or a file didn't get fully downloaded or something
<huwjr> out of the water now, but going to have to rebuild this - or another vm - and just check the process with my plays
<huwjr> not the end of the world
<nacc> huwjr: ack, let us know if it happens again, as i'd like to reproduce it if so
<huwjr> sure! well i appreciate the help and suggestions
<bc2946088> I'm running juju-ceph and it's up and working fine, however, I have a failing SMART status on one of the drives.  Is there a prefered method of replacement?  Should I just let it ride and replace it when ceph picks up the warning, or is it better to replace the drive in ceph before failure?  It seems logical to replace the drive before, but just curious is ceph automagically understands whats going on better when the drive fails and is repla
<bc2946088> ced
<John[Lisbeth]`> I need to make apt auto-approve any package changes
<John[Lisbeth]`> apt-get install foo --auto-approve
<nacc> John[Lisbeth]`: you mean say "yes"? try the -y flag
<John[Lisbeth]`> ty
<sdeziel> it's the first time I hear about "approve"
<sdeziel> oh, nvm
<John[Lisbeth]`> pseudocode
<sdeziel> yeah, I somehow interpret this as a feature similar to apt-mark
<nacc> sdeziel: yeah, i realize that is a reasonable interpretation now too :)
<jonah> Hi does anyone know how to add this rule to iptables on ubuntu: http://ubuntuforums.org/showthread.php?t=2117823&p=12548787#post12548787
<jonah> Herman right at the bottom of this thread suggests this great little iptables rule
<jonah> which I'd like to use
<jonah> but the way it has a # Comment above the line suggests you don't just run that command but insert it into a text file somewhere?
<jonah> or do you literally just type  iptables -I INPUT -p TCP -m state --state NEW -m limit --limit 30/minute --limit-burst 5 -j ACCEPT
<jonah> and that adds it in correctly? or am I supposed to somehow use ufw?
<jjrabbit443> hello
<jjrabbit443> can someone confirm this command will unblock port 443 on my firewall?
<jjrabbit443> "sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT"
<jjrabbit443> is that correct syntax?
<patdk-wk> hmm, cannot guarrentee it will work
<patdk-wk> syntax is correct
<patdk-wk> but that rule highly depends on *what else* is in your firewall
<patdk-wk> and it won't stick between reboots
<jjrabbit443> patdk-wk: how do i make it stick?
<jjrabbit443> do i open firewall config file?
<sarnold> how do you manage your firewall now?
<jjrabbit443> command line i guess
<jjrabbit443> is there a paramater i can add to that command to ameke it permanent?
<sdeziel> jjrabbit443: you can use the iptables-persistent package to save/load the rules for you
<jjrabbit443> for anyone wondering you can execute "iptables-save"
<jjrabbit443> sdeziel: thanks i found the command
<sdeziel> jjrabbit443: despite the name iptables-save will only output the currently loaded rules to the console. It won't persist in any way
<patdk-wk> the question is, what are you using now, ufw?
<patdk-wk> raw
<patdk-wk> cause by default nothing persists, except if you installed ufw
<patdk-wk> or used the iptables-persistent for raw rules
<patdk-wk> don't think firewalld is in ubuntu yet, but not sure
<jjrabbit443> sdeziel: you are right that didn't work
<jjrabbit443> ufw seems much simpler
<sdeziel> indeed
<jjrabbit443> and rules added using that are automatically saved correct?
<sdeziel> probably why u stands for uncomplicated ;)
<sdeziel> jjrabbit443: I would believe so but I don't remember
<jdstrand> yes they are
<jjrabbit443> psh and here i was wasting my time with iptables
<jjrabbit443> thanks guys
<jjrabbit443> jdstrand: confirmed
<jjrabbit443> beauteefull
<jdstrand> cool
<arooni> my ubuntu 14.04 server has rebooted several times without my blessing.  how can i track down why?  i've already investigated /var/log/dmesg /var/log/syslog /var/log/kern.log and didnt see anything notable
<John[Lisbeth]> can you do dual monitors with just tty windows?
<keithzg> stokachu: Windows has Windows Defender included, but only in non-server variants (and not on XP, or at least not in any worthwhile fashion). Sever 2016 will finally ship with Windows Defender, but we have some Windows Server boxes at work for testing because our clients keep running our desktop software on Windows Server for some reason, and I need an antivirus program I can administer from Linux but runs on Windows Server.
 * keithzg is back on IRC after nearly 24 hours idle, heh
<sarnold> arooni: maybe configure a serial console? perhaps your kernel paniced in interrupt context and thus didn't flush logs to disk, and reboots..
#ubuntu-server 2016-05-26
<Troy^> Hey anyone here a virtualbox(vboxwebsrv) user? I'm using ubuntu 16.04 and can't seem to get phpvirtualbox to work with vboxwebsrv. configured config.php in /var/www/html/phpvirtualbox as well configured /etc/default/virtualbox. When I navigate to the phpvirtualbox page it loads up with a config.php error. Even tried starting from scratch and still get a php error. It's like it's not talming to
<Troy^> vboxwebsrv and it should be
<nacc> Troy^: is 'phpvirtualbox' an ubuntu package?
<nacc> Troy^: if it is not, does it work with php7?
<Troy^> nacc apparently i needed to install php-soap and php-xml it's working now though
<nacc> Troy^: if you could let me know if that's a packaging issue,t he latter might be due to php7 pulling php-xml out of hte core, and the former might be a missed dep
<nacc> Troy^: *if* it's an ubuntu pacakge :) -- i can fix it
<kgirthofer> hey alll - trying to ping my domain, getting a unknown host if I leave off the www
<kgirthofer> any ideas?
<andol> kgirthofer: Any chance that you don't have any A record for the bare domain? Seem to recall that being ping is looking for.
<kgirthofer> yea I got that part - I tried cname too
<kgirthofer> used to work
<kgirthofer> even if I edit my host file with the ip i'm trying to resolv still no route to host
<andol> Might be easier for everyone if you specify the domain in question.
<kgirthofer> mydelphic
<kgirthofer> .com
<kgirthofer> it's just a local
<andol> What by you mean by local? It kind of exists in DNS.
<andol> Anyway, I do get a DNS response for mydelphic.com, and while that ip (173.15.136.74) don't appear to respond to ICMP Ping it is responding to http requests.
<kgirthofer> yea we have ping off
<kgirthofer> nah if I do an ns for that domain i get no route to host
<kgirthofer> I should get 10.201.1.100
<andol> Why would you expect to get 10.201.1.100? Aside from that being an RFC1918-address, that is not what it says in DNS.
<kgirthofer> because that's what my internal dns shows
<andol> Also, why do you use the ping too. if you purposely don't expect it to respond to pings? :)
<kgirthofer> not from outside
<kgirthofer> i'm internal - I can ping what ever I want
<kgirthofer> but I'm expecting mydelphic to resolve internally to 10.201.1.100 - one of our webservers
<andol> Also, strictly speaking ping doesn't do a DNS lookup, it does hostname lookup, where DNS is one source, but not neccesarily the default/primary one.
<kgirthofer> ya ping resolves
<kgirthofer> so does internet
<kgirthofer> they translate to www.
<kgirthofer> ugh
<kgirthofer> no parent folder
<kgirthofer> got it
<kgirthofer> fuck i'm exhauted. I'm at 45 hours this week... it's wednesday
<andol> Oh, well, sounds like you solved the issue, whatever it was?
<kgirthofer> ya
<kgirthofer> thanks for your help
<Repox> Hi. So, I just pinged a domain name and I got this result "64 bytes from 149.126.72.171.ip.incapdns.net (149.126.72.171)" I'm unsure as to what the ip.incapdns.net is (I mean, why do I get that information and what do I call it in this context)?
<sarnold> Repox: reverse dns lookup -- it converts IPs back to names
<sarnold> Repox: https://en.wikipedia.org/wiki/Reverse_DNS_lookup
<sarnold> Repox: most tools provide an -n option to disable this lookup
<Lope> If anyone here is running a 4.4 kernel (type `uname -r` to check, you will be if you use Ubuntu 16.04). So if you have a 4.4 kernel and you're running an NFS server, if you could be so kind as to try mounting one of your NFS shares with NFSv3 (instead of the default NFSv4) I would really appreciate you to provide feedback on my Kernel Bug report. https://bugzilla.kernel.org/show_bug.cgi?id=118881
<Repox> sarnold , great, thank you for the info. I'll try and look it up.
<Lope> Just test like this: `mount NFSSERVERIP:/nfs/shared/path /tmp/testmount -o ro,vers=3`
<ubottu> Error: Could not parse XML returned by bugzilla.kernel.org: timed out (https://bugzilla.kernel.org/show_bug.cgi?id=118881&ctype=xml)
<sarnold> Lope: this worked without error: sudo mount -tnfs -o ro,nfsvers=3 192.168.122.1:/srv/mirror/ubuntu /tmp/testmount/
<sarnold> Lope: note nfsvers=3 vs vers=3
<Lope> sarnold: what's the diff between nfsvers and vers ?
<sarnold> Lope: sigh. i typoed "vers3" the first time and didn't notice.
<sarnold> Lope: vers=3 also works
<Lope> what kernel version is your server?
<sarnold> 4.4.0-22-generic #39-Ubuntu SMP Thu May 5 16:53:32 UTC 2016
<Lope> can you please try in this format? `mount 192.168.122.1:/srv/mirror/ubuntu /tmp/testmount -o ro,vers=3`
<sarnold> Lope: worked fine
<Lope> what do you get for `cat /proc/filesystems | grep nfs`
<sarnold> nfs and nfs4
<Lope> ah, same as my ubuntu server. so it's normal not to see nfs3 there.
<Lope> what do you get for these? `cat /proc/sys/fs/nfs/nlm_tcpport` `cat /proc/sys/fs/nfs/nlm_udpport`
<sarnold> Lope: 0 0
<Lope> hmm, i wonder if it's my setup.
<Lope> I'm gonna document my settings as well in the bug report.
<jatin30> I am trying to set up LAMP in my system. It syas in the instructions "Change the DocumentRoot to point to the new location. For example, /home/user/public_html/" but there is no such directory currently present in the system. what to do?
<Lope> sarnold: thanks, I've identified it's my iptables rules somehow blocking NFSv3 but not NFSv4
<sarnold> Lope: woot. :) iirc nfs4 moved to fixed ports, nfs3 still had the portmap and ostensibly selected-at-random ports, right?
<Lope> Yes!
<Lope> exactly, So i scripted and set some options in various config files to try to control those random ports so I could make effective iptables rules.
<Lope> But maybe NFSv3 is not obeying those ports anymore?
<Lope> I don't know.
<Lope> all of the guides I've seen for setting up NFS to work with a firewall say that you must set the various services to use a specific port number. I've been unable to set the port for mountd using the command they recommend: `mountd -p 32767` mountd not found. Yet my nfs server is installed and working, what's going on?
<sarnold> are they fro mthe era of user-land nfs server/
<Lope> I've got no idea.
<Lope> 1. http://nfs.sourceforge.net/nfs-howto/ar01s06.html#srv_security_nfsd_mountd
<Lope> 2. http://tldp.org/HOWTO/NFS-HOWTO/security.html
<Lope> oh, i see the command has changed. now it's rpc.mountd
<jamespage> coreycb, xenial/ironic builds fixed - for some reason, the schroot's where not getting a /etc/hosts - I added this to the copyfiles for the sbuild profile and we're all good again..
<jatin30> can anyone help me with this http://imgur.com/cMB4zM1 ?
<hateball> jatin30: < and > are used for redirecting in the shell, use \ to escape
<ankitkulkarni> jatin30, can you post the output of pwd
<hateball> jatin30: like \<b\>
<jatin30> ankitkulkarni: yes just a min
<jatin30> ankitkulkarni: here, http://imgur.com/cMB4zM1 and can i please dm you?
<ankitkulkarni> yea
<shauno> I think you're overthinking it.  you're trying to >/home/user/public_html/index.html instead of /home/jatin...
<hateball> I only looked at the syntax error bits, heh
<shauno> yeah.  you expect <> to go horribly wrong, and miss that bash is complaining /home/user... doesn't exist
<jatin30> Why am I getting http://imgur.com/Fw6kC2R after installing apache 2 properly
<shauno> jatin30: see my last couple of lines; where your instructions have /home/user you need to replace that with your actual username
<jatin30> yeah I did that
<jatin30> I completed all steps properly
<jatin30> i followed this link https://help.ubuntu.com/community/ApacheMySQLPHP
<jatin30> everything was fine and it initally detected apache so i did not troubleshoot it
<jatin30> and went straight to the virtual hosts and did all what was required , now its not detecting
<coreycb> jamespage, interesting on ironic, thanks
<jamespage> coreycb, I suspect some cruft due to the long running nature of that installation...
<Ergo^> hello, im provisioning 16.04 VM's, they have the "predictable network interface" systemd scheme, now when someone gets an OVA and uses it - the network interface might be completly different however /etc/networking/interfaces has "auto IFACENAME
<Ergo^> " hardcoded, how to deal with that
<rbasak> Ergo^: if you're preparing an image and it'll only get used with one interface, then perhaps turn off the renaming and rely on it being eth0?
<rbasak> I'm not exactly sure how to do that but I believe it's configurable.
<Ergo^> yeah, its supposed to take a symlink for udev to disable it, but its not working
<rbasak> nacc: if you're about during the next hour, shall we sync?
<Odd_Bloke> Ergo^: Ubuntu doesn't ship an /etc/networking/interfaces with hard-coded interface names; how are those getting created?
<Ergo^> Odd_Bloke: maybe during install?, i wrote the provisioning scripts so im not doing it
<Odd_Bloke> Ergo^: Where is the install happening?
<Odd_Bloke> Ergo^: (If you're installing VMs from the ISO, you might want to consider using the cloud images instead :)
<Ergo^> hmm, wait, im actually using a seed file
<Ergo^> let me consult that
<Ergo^> maybe there is something there
<Ergo^> im provisioning with packer
<rbasak> That uses the installer I believe.
<Odd_Bloke> Ah, OK, that makes sense; packer doesn't support the cloud images AFAIK.
<rbasak> File a bug with packer.
<Ergo^> and https://friendpaste.com/O1nBAQvyRzvxprmecZjpT i end up with that
<rbasak> Ubuntu's answer to the general problem is cloud images that use cloud-init.
<Odd_Bloke> Ergo^: But, yeah, if you're doing VMs you'll want to ensure that (a) /etc/network/interfaces isn't being overwritten, and (b) cloud-init runs on boot so it can handle changing interface names for you. :)
<rbasak> cloud-init handles the fact that an image can end up running in a different environment.
<rbasak> Running the installer to set up a VM image that will then run in a different environment is a hack. We'll consider fixes for issues, but we don't think it's the right path forward. Cloud images work far better for this use case.
<Ergo^> https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ - i wanted to use the solution from here
<Ergo^> ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules
<Ergo^> but its not working
<rbasak> I don't know if that exact method applies to Ubuntu, but the general idea should work. If it doesn't, it's either a bug or different instructions need to be followed.
<Ergo^> https://friendpaste.com/2BFcFawTd8D5opSHqClAue - this is my preseed file
<Ergo^> no other places where it can be rewritten
<Ergo^> but I can overwrite it on my own at the end of provisioning... what the /etc/network/interfaces should look like on a cloud image?
<rbasak> http://askubuntu.com/questions/689070/network-interface-name-changes-after-update-to-15-10-udev-changes says to pass net.ifnames=0 on the kernel command line.
<rbasak> Have you tried that?
<Ergo^> that works, i wanted to avoid this solution though :-)
<Ergo^> I guess i can work with that if no other options are available
<rbasak> That seems to be the formal interface in Ubuntu to disable this.
<rbasak> I'm sure you can do it in userspace afterwards, but you'll need to figure out how by following the implementation.
<Ergo^> ok, thx
<tanja84> I would like to know if there could be some problems upgrading a "old" 14.10 server ( with zfs support installed ) to a 16.04 LTS. The reason is that I would be sad if my zfs went down just because of the dist upgrade ( I have a backup but its in the cloud )
<compdoc> I upgraded from 14.04 that used ZOL, to 16.04 without ZOL. works great
<compdoc> I installed 16.04 from scratch, tho
<patdk-wk> why would it go down?
<patdk-wk> if you have dkms installed, the zfs dkms module will override the other module
<tanja84> patdk-wk: well its the zfs kernel module I'm worried for, because I have never tried to dist-upgrade from a non lts to a lts before
<patdk-wk> well, you cannot upgrade from 14.10 to 16.04
<Pici> welll, you can attempt it, but it definitely isn't a supported path
<tanja84> so its a reformat then. Thanks for the answer, I guess it has to run 6 month still
<tanja84> reformat = reinstall
<tanja84> and yes I do know that 14.10 almost have been EOL for a year
<tanja84> I guess it wont be ubuntu next time because if the hazzle to upgrade
<Odd_Bloke> tanja84: There is an upgrade path; you upgrade to vivid, then to wily, then to xenial. :)
<patdk-wk> after you adjust your stuff to use the archive/old-releases servers
<tanja84> Odd_Bloke: well and how much will breake then
<tanja84> after all those steps
<Odd_Bloke> tanja84: They're the same steps that everyone who upgraded from utopic through to xenial will have taken, so they should be pretty well tested.
<tanja84> I guess I just have to change distro when I get some new drive's home to get the local backup but that is still first in 5 - 6 month
<tanja84> Odd_Bloke: well you mean tested as in ubuntu fails
<Odd_Bloke> tanja84: If you aren't interested in a constructive discussion, I can't help you. :)
<tanja84> I du remember kernels from ubuntu failing to boot after upgrades
<tanja84> Odd_Bloke: and do you recover my zfs raid then if it cant find it after the first upgrade
<nacc> rbasak: i'm here now
 * patdk-wk doesn't remember this
<patdk-wk> tanja84, you are also not using lts, so your not exactly using the most stable, and well tested version
<patdk-wk> so having problems, sounds like something you opted for when you started
<tanja84> patdk-wk: that was only because I was miss informed when the server was installed
<patdk-wk> misinformed?
<patdk-wk> the documentation is everywhere
<tanja84> I got the disk from one because I didnt had internet where the pc were
<patdk-wk> installing zfs also, on that ubuntu version is not *supported*
<tanja84> it was in here I was recommended that
<patdk-wk> if the goal was to run zfs, yes, good recommendation
<patdk-wk> if the goal is to have a stable system, without issues, without constant upgrades, no, zfs or that version where not the answer
<patdk-wk> but yes, it does sound like your goal and priorities have changed
<tanja84> well the goal was to secure the data for corruptions wich ext cant
<patdk-wk> yes, good solution
<tanja84> wich the reason there were created a zfs mirror of 3 disks
<patdk-wk> but the side effects of that is, maintaince, and upgrades, and sometimes things breaking
<patdk-wk> cause the solution isn't supported by ubuntu, atleast wasn't till 16.04
<patdk-wk> the solution is not supported at all by anyone else yet
<patdk-wk> except I think debian is starting to
<tanja84> I guess then its complete bye bye linux for recommending things there arent supported
<tanja84> specially in the official channels
<patdk-wk> heh?
<nacc> tanja84: you would have been quite clearly indicated something wasn't supported by adding PPAs, or building from source, or whatever
<nacc> tanja84: and this is all volunteer response in here, anyways
<nacc> tanja84: *technically*, anyone can say anything they want in response to your query
<nacc> IMO, as a system installer, it is on you to make technical decisions about how to install
<nacc> finally, ubuntu != linux
<nacc> tanja84: i'm not trying to be rude, to be clear -- but your responses seem like an overreaction/misunderstanding
<nacc> rbasak: i'll be free to chat after the meeting too
<tanja84> nacc: well since canonical bought ubuntu back in the days then it always sounds like ubuntu is the only linux now a days
<nacc> tanja84: uhhhh
<nacc> tanja84: ok, that's further misunderstanding, let's be clear
<patdk-wk> bought?
<patdk-wk> strange world you live in
<patdk-wk> there are so many, and even more versions of linux os's today, than there where 10years ago
<nacc> rbasak: so we assumed security and updates were in lockstep; perhaps that wasn't always the case. clamav 0.92~dfsg-2~dapper1ubuntu0.2 (security) followed 0.92.1~dfsg2-1.1~dapper1 (updates).
<nacc> rbasak: let me konw if you want to do a hangout today, i know it's getting (is) late your time
<notthistime> can anyone help me port forward. i have port 80 forwarded on a PK5000 but the online port checker says it port 80 ist still closed
<coreycb> jamespage, qemu - 1:2.2+dfsg-5expubuntu9.7~cloud4 is ready to promote to kilo-proposed
<jamespage> coreycb, \o/ - I'll do that now
<jamespage> coreycb, done
<coreycb> jamespage, thanks!
<jamespage> you'll need to manually handle in the bug unless you added it to the changelog
<rbasak> nacc: is now OK?
<nacc> rbasak: sure
<nacc> rbasak: https://launchpad.net/ubuntu/+source/clamav/+publishinghistory?batch=75&direction=backwards&memo=525&start=450
<synchronet> bugs are built in I reckon
<synchronet> bit like the law legal system and solicitors and future work
<nacc> rbasak: https://launchpad.net/ubuntu/+source/clamav/0.92.1~dfsg2-1.1~dapper1
<nacc> rbasak: https://launchpad.net/ubuntu/+source/clamav/0.92~dfsg-2~dapper1ubuntu0.2
<rbasak> http://pad.ubuntu.com/clamav-dapper
<genii> dapper?
<rbasak> Dapper.
<nacc> genii: crazy publishing history :)
<synchronet> Ubuntu can you stop the updates by hiring decent developers
<synchronet> especially server reboot needed ones
<Pici> I don't even know how to respond to that.
<jrwren> synchronet: please remember: http://www.ubuntu.com/about/about-ubuntu/conduct
<patdk-wk> synchronet, why are you compaining about updates?
<patdk-wk> updates coming out often is a good thing
<patdk-wk> but maybe you mean security patches
<patdk-wk> though, dunno what ubuntu developers have to do with any of the above
<synchronet> patdk-wk:  just tired I suppose
<dasjoe> I'm not sure I follow
<synchronet> narrow mindedness is no excuse
<Lope> how can I disable the fancy boot screen in ubuntu-server? I want to see the log
<b4r> funny I was wondering about acquiring a fancy boot screen so as to *not* see the log
<\9> I was wondering today about having a fancy boot screen *with* the log
<sarnold> probably 'plymouth' is the answer to both questions :)
<Sling> Lope: see /etc/default/grub and remove the 'splash quiet'
<teward> sarnold: ohai!
<Sling> (or wherever thats at now)
<sarnold> morning teward :)
<Lope> sling: thanks!
<coreycb> jamespage, neutron 2:8.1.0-0ubuntu0.16.04.2~cloud0 is ready to promote to mitaka-proposed
<b4r> anyone in particular working on php7.0 package and updating to 7.0.7 from currently 7.0.4?
<nacc> b4r: in which release?
<b4r> uh
<b4r> 16.04
<nacc> b4r: well, a SRU microrelease exception has been filed: LP: #1569609
<ubottu> Launchpad bug 1569609 in php7.0 (Ubuntu) "[SRU] microrelease exception for src:php7.0" [Wishlist,Confirmed] https://launchpad.net/bugs/1569609
<b4r> nacc: oh nice, are they filed usuallly on launchpad? I wouldn't mind attempting to keep up with this
<nacc> if that were to be granted, we'd be able to update to 7.0.x
<b4r> tbh it was more of a "woah they updated today and it's not in the repos"
<nacc> b4r: until that happens though, we have to selectively backport
<b4r> understood
<nacc> b4r: well, no package gets updated just becuase upstream does, at least not automatically, in a released version
<sarnold> ... in fact it's fairly rare. firefox, chrome-browser, mysql / mariadb are the most common ones.. there's a few others that get it periodically but it's rare
<nacc> sarnold: good point!
<nacc> b4r: hence the explicit bug requesting it for php7.0
<emdub> hmm, what's the deal with mysql-server on xenial?  dpkg-reconfigure used to prompt for setting the root password, but it doesn't do that in xenial anymore so my database has some root password that i didn't enter
<emdub> (asked in #ubuntu, but this is a -server install so figured i would try here too)
<emdub> i can obviously make it bypass the grant table and fix it, but i feel like i'm missing something or there is a bug here with the package
<emdub> aha, this is a xenial change: https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.7.git/tree/debian/NEWS?id=1025a9fa9c6c112913c59138db49dbc94891d20f
<dasjoe> madwizard: did you see https://github.com/b333z/beadm?
<jjohnston> hello I have a question about booting new nodes in MaaS 1.9
<jjohnston> on new nodes (non-ready) is there a way to force maas to repartition the disks?
<jjohnston> that doesn't include me deleting/recreating the arrays on my storage controller?
<notthistime> i have port 8080 open in router but cannot connect to server. any ideas?
<notthistime>  i can get the server by going localhost:8080
<sarnold> notthistime: check netstat -lnp output, see what address the process it bound to
<notthistime> did netstat not sure what im looking for
<sarnold> if the local address looks like this: 127.0.0.1:2628  then it's not listening externally
<notthistime> 127.0.0.1:53
<sarnold> if it looks like 0.0.0.0:22 or 192.168.122.1:53 then it is listening externally -- the first case, all interfaceds, the second case only that specific IP address
<sarnold> that's probably just a dns server :) look for :8000
<notthistime> no 8000
<notthistime> 8080
<notthistime> listening on 8080
<nacc> notthistime: ok, look for 8080 :)
<sarnold> ah. apparently I'm getting old.
<notthistime> tcp6       0      0 :::8080                 :::*                    LISTEN
<notthistime> im not sure what im looking for
<sarnold> that's an ipv6 address; did you let tcp6 port 8080 through as well? do you have an ipv6 address? should you configure your application to also listen on 0.0.0.0:8080 so it works on ipv4?
<notthistime> ipv6 was set to ignore. changed to DHCP
<notthistime> it works on 0.0.0.0:8080
#ubuntu-server 2016-05-27
<Vertel> I believe I've found a bug in ufw. Where do I go to report it?
<Vertel> Not a serious one, just a that-seems-wrong UI thing.
<sarnold> ubuntu-bug ufw should Do The Right Thing
<Vertel> Specifically, if I try to run "ufw insert 1 deny from [ipaddress] to any" with an empty ufw ruleset, it fails with "Invalid position '1'". My cloud host is firewalling ports, so I'm configuring this to only block IP addresses through fail2ban and ipset, hence why the ruleset is empty; unless those programs populate it, it's intended to be.
<Vertel> That behaviour seem like a bug to you, failing to insert into rule 1 if there's no rules?
<Vertel> But succeeding if I add even a dummy rule.
<sarnold> yeah a quick skim of the manpage makes think that's a bug :)
<Vertel> Cool beans.
<Vertel> (I think this situation was overlooked mostly because you wouldn't normally expect the ruleset to be empty with a default policy of allow; in my specific situation it's safe and secure, but as a rule...)
<jatin30> I am getting this error can someone help please http://imgur.com/w4DQvav ?
<Seveas> jatin30: you're pasting random crap in your terminal, that ain't gonna work
<jatin30> Seveas: I was trying to set password for my root for mysql
<Seveas> I can see that. But instead of pasting random trminal output from somewhere, try understanding what you're doing :)
<Seveas> 'cause on line 1 you already see that you don't have access to do this
<Seveas> and all the other lines would have failed anyway, as they include the mysql prompt...
<sarnold> jatin30: try: sudo mysql -u root -- and see if that gets you the mysql> prompt ..
<jatin30> sanold: no its not working
<jatin30> sarnold: no its not working
<sarnold> jatin30: what error message do you get?
<jatin30> ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
<sarnold> hmm, I thought user root via unix sockets were allowed in without password
<madwizard> dasjoe: Nope. Thanks
<madwizard> dasjoe: Gonna be checking this out
<jklare> Hi, i am working in the openstack-chef team and we are deploying mitaka on trusty. I want to add gnocchi to the integration test setup on jenkins for trusty, but i realised that the "gnocchi-api" and "gnocchi-metricd" package seems to be only available for the mitaka release on xenial. Any chance it will be ported to the cloud-archive for trusty? @jamespage
<jamespage> jklare, hey
<jklare> jamespage hi :)
<jamespage> lemme check - we had alot of issues with dependencies for gnocchi and it got dropped from the UCA for trusty as a result
<jamespage> jklare, it might need to wait until coreycb shows up - I know he has more context as to why its not in
<jklare> jamespage ok, thanks
<jamespage> coreycb, hmm pre mile beta versioning is confusing charms when deploying newton
<jamespage> the config-changed  hook things there is an upgrade avliable and tries todo it...
<jamespage> as the versions are still mitaka major version aligned right now
<coreycb> jamespage, jklare: I forget what the issues were with backporting gnocchi.  I'm trying a build again on trusty to see.
<jklare> coreycb cool, thanks
<coreycb> jklare, np
<coreycb> jamespage, is it the shapshot package versions that are forcing an upgrade?
<mdeslaur> nacc: are you working on the php7.0 merge?
<SeanS> hey all, Im setting up an openstack lab in LXD containers, host and containers are all running 16.04. Im running into an apparmor issue. 'ip netns add test' in the controller container returns 'mount --make-shared /var/run/netns failed: Permission denied'
<SeanS> dmesg shows "[645048.140027] audit: type=1400 audit(1464352113.453:7943): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxd-controller_</var/lib/lxd>" name="/run/netns/" pid=5107 comm="ip" flags="rw, rshared""
<jamespage> coreycb, yes - the newton ones currently look like mitaka versions
<jamespage> but the PPA say newton
<jamespage> coreycb, I could fix this in the configuration file that generates the jobs...
<jamespage> its possible to override the version generated from pbr
<coreycb> jamespage, either that or perhaps we could detect dev versions in the charms
<jamespage> coreycb, I think we can do something in the configs for the builds - trying now
<jamespage> coreycb, ok - I've massaged the config file for newton to inject X.X.X.0a1 versions - we can switch back to automatic versioning once upstream tag the first beta's
<coreycb> jamespage, ok, thanks
<sschirrxq> Hello, i am trying to setup a mdadm software raid as a luks device on top of it. i am using a keyfile and added the device in the crypttab and fstab. the problem is that the luks device is not opened during boot. after the boot completed i can open the luks device and mount the filesystem. can anyone help me?
<sschirrxq> maybe the raid is not loaded before luks opens the device...
<yossarianuk> hi - is there an easy way of shrinking an LVM PV partition within a QCOW2 image ?
<patdk-wk> define easy?
<yossarianuk> prefereably using one of the libguestfs / qemu tools ?
<yossarianuk> or lvm tools / gparted, etc
<yossarianuk> im aware how to grow them using virt-resize - i.e to expand partition, lvm lv and fs in one command
<yossarianuk> (something vmware/vbox cannot do..)
<patdk-wk> it will be a whole chain of commands
<patdk-wk> with a high probability of failure
<patdk-wk> and I dunno why you claim vmware cannot do it
<coreycb> jamespage, nova 1:2014.1.5-0ubuntu1.5~cloud0 is ready to promote to trusty-proposed
<patdk-wk> I do it all the time growing and shrinking in vmware
<coreycb> jamespage, to icehouse-proposed
<yossarianuk> patdk-wk: I mean the ability to resize a disk image/partition + LVM partition + the filesystem in one command
<patdk-wk> I don't see how that is possible in one command using qcow2, but heh
<patdk-wk> I don't use kvm though
<patdk-wk> and I don't use lvm at all
<yossarianuk> patdk-wk: also say you wanted to reize a disk image - but just expand /dev/sda1  (when other partitons exist)
<yossarianuk> in vmware that is hassle
<yossarianuk> you would likely use fdisk/gdisk/kpartx , etc
<yossarianuk> kvm = virt-resize
<patdk-wk> kvm doesn't even know what a disk is :)
<patdk-wk> that is a qemu thing
<yossarianuk> sure
<yossarianuk> its libguestfs-tools that does the 'majic' though
<yossarianuk> *magic*
<patdk-wk> yes, I know nothing about libguestfs-tools, you can keep talking about it to me, but heh, I have never used it, and have no plans to ever use it
<patdk-wk> if it does it in one step nice, dunno how it can really do that though, guess your vm has to be powered off to do that, and I don't power off my vm's
<patdk-wk> and dunno what kpartx has to do with resizing partitions
<yossarianuk> yes it has to be powered off...
<patdk-wk> all my resizes are online operations
<yossarianuk> i.e say you wanted to just expand /dev/sda1 here is the command (just for interest) -> virt-resize --expand /dev/sda2 --LV-expand /dev/vg_guest/lv_root  olddisk newdisk
<yossarianuk> (sorry sda2 in that example)
<patdk-wk> ya, I don't care :)
<patdk-wk> I am not going to do it
<patdk-wk> I can only give you the *hard way*
<yossarianuk> I know, I use vmware also (at work) there are no tools as flexible ...
<yossarianuk> vmware is more like windows..... kvm moree like linux
<nacc_> mdeslaur: LP: #1586425 filed
<ubottu> Launchpad bug 1586425 in php7.0 (Ubuntu) "Sync php7.0 7.0.7-1 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/1586425
<mdeslaur> nacc: ah, cool
<nacc> mdeslaur: thank you for the ping, though! i'm just starting to catch up on my yakkety work :)
<mdeslaur> nacc: I fixed the test suite on build in the xenial package
<mdeslaur> nacc: once it's synced to yakkety, I'll add it and send it to debian
<nacc> mdeslaur: oh nice!
<coreycb> ddellav, this is what's failing for keystone: http://paste.ubuntu.com/16733690/
<ddellav> coreycb i was just looking at that, that's weird. What do you think is causing that?
<coreycb> ddellav, I'm not sure yet, the last successful build, if you scroll through the past jenkins jobs was against commit faa79c8e183a6d8383c8e34ca737aa20fc3cf693
<coreycb> ddellav, commit faa79c8e183a6d8383c8e34ca737aa20fc3cf693 changed up some config files
<ddellav> coreycb hmm, ok. I guess d/rules needs some tweaks
<coreycb> ddellav, you may just need to change the paths in debian/keystone.install based on the error messages
<ddellav> coreycb ok, i'll take a look at that as well
<coreycb> jklare, I'm not having any luck with gnocchi backport to trusty-mitaka.
<coreycb> jklare, tests are causing carbonara to run out of threads.  trusty python packages build on i386 only whereas xenial are on amd64, so that may be why this surfaces.  I'll open a bug upstream about it.
<coreycb> jklare, jamespage, bug 1586443
<ubottu> bug 1586443 in Gnocchi "i386 tests exhaust threads" [Undecided,New] https://launchpad.net/bugs/1586443
<synchronet> gnu lib c regression?
<synchronet> So I have to reboot my servers gain?
<synchronet> ubuntu updates and reboot needs are getting daft
<dasjoe> Here, you'll probably like this: <Â°(((><
<synchronet> dasjoe:  how you know that?  :)
<dasjoe> Trolls like fish!
<synchronet> lol
<synchronet> I thought you were very clever for a moment
<nacc> synchronet: i appreciate your frustration, but a) there are many versions of ubuntu currently supported, so if you are asking for help, it helps to specify which version you are referring to; b) you are welcome to do whatever you want, if you would rather be insecure and not process updates, you can deal with the fallout of that; c) you've mostly just ranted in this channel for the past few days,
<nacc> that's neither a discussion nor a support, so I would consider it offtopic (#ubuntu-offtopic)
<synchronet> dasjoe: moaning because of a very relevant problem is not trolling
<synchronet> nacc: all I can do is rant?
<synchronet> trying to run a server business using Ubuntu is very trying
<nacc> synchronet: if that is all you can do, please do it in #ubuntu-offtopic
<synchronet> ok
<synchronet> if you dont complain you dont get anywhere
<synchronet> and nothing changes
<nacc> synchronet: if you would like to file a bug, please consider doing that. But I believe so far your complaint is "there are too many updates to Ubuntu", which is nonsensical to me.
<synchronet> file a bug, I just want something that works out of the box
<nacc> synchronet: was something broken or not working for you?
<synchronet> bugs are you devs end
<nacc> synchronet: you have yet to mention any such problems
<synchronet> updates and reboots
<synchronet> twice this week
<nacc> synchronet: those are neither broken nor bugs.
<dasjoe> 16.04 was not affected by the libc regressions
<sdeziel> synchronet: if you find those frequent updates/reboot disruptive, feel free to delay them a bit and apply them in batch at a convenient time
<synchronet> sdeziel: they are security updayes
<synchronet> updayes
<synchronet> updates
<sdeziel> synchronet: yes so that's why I apply them ASAP but you don't seem to like that so I'm proposing alternatives
<synchronet> sdeziel: respect if you part of the security team
<sdeziel> synchronet: I'm not
<synchronet> ah
<synchronet> things are getting more and more complicated I know
<sdeziel> synchronet: re the libc regression. As far as I understand the regression fix (http://changelogs.ubuntu.com/changelogs/pool/main/e/eglibc/eglibc_2.19-0ubuntu6.9/changelog), if you have rebooted after the previous patch (6.8) you don't need to deploy this one
<synchronet> 2.15
<synchronet> as well
<synchronet> tells me I need to reboot
<degorenko> coreycb, hi, i found that swift package missed one config file, as for master-newton and for mitaka: https://github.com/openstack/swift/blob/master/etc/container-sync-realms.conf-sample Is it possible to add it? :)
<degorenko> jamespage, ^
<synchronet> sdeziel: thanks
<sdeziel> synchronet: I would assume it's the same situation on Precise. You can probably ask for clarifications in LP: #1585614 or ask sbeattie
<ubottu> Launchpad bug 1585614 in glibc (Ubuntu) "libc on 2016-05-25 causes Apache not to restart, libm.so.6: symbol __strtold_nan, version GLIBC_PRIVATE not defined in file libc.so.6 with link time reference" [Critical,Fix released] https://launchpad.net/bugs/1585614
<sbeattie> sdeziel, synchronet: that's correct, that you don't need to reboot if you went from the broken update to the fixed one. The issue was that people don't always reboot or restart services completely on libc updates, and the update was breaking things like apache when it was soft reloaded, which happens during events like logrotation.
<sbeattie> same situation for 12.04 and 14.04.
<synchronet> ty
<sdeziel> sbeattie: good, thanks
<synchronet> hetzner dumped 120.04 btw
<synchronet> 12.04
<coreycb> degorenko, sure, mind opening a bug here so we can track it? https://bugs.launchpad.net/ubuntu/+source/swift
<synchronet> why I dont know EOL is good
<synchronet> sbeattie: I noticed apache would not start, I use Virtualmin and people were mentioning that
<synchronet> quick restart and all wa fine
<synchronet> was
<synchronet> no one can know everything
<synchronet> sbeattie: do you think Linux could be made a lot simpler?
<degorenko> coreycb, check please: https://bugs.launchpad.net/ubuntu/+source/swift/+bug/1586483
<ubottu> Launchpad bug 1586483 in swift (Ubuntu) "Swift package missed container-sync-realms config file" [Undecided,New]
<keithzg> Any suggestions for an antivirus program whose administration console can be run on an Ubuntu server? (I've asked this before, I'll probably ask it again, and my fruitless Google searches probably mean the answer is no, but I'm determined nonetheless!)
<synchronet> keithzg: most people deal with AV at local these days
<synchronet> I use clamav etc on the servers, not sure why but comes packaged with Virtualmin GPL
<keithzg> synchronet: Yeah I'm not really worried about my servers (although some, particularly the mail server, do have clamav installed and running), and *most* of our Windows desktops are just using the free Microsoft one built into Windows, which is Good Enoughâ¢, but we do have some Windows Server desktops and Microsoft doesn't distribute Windows Defender for those.
<keithzg> We previously were using Bitdefender, which had a workable central admin console so I could get reports on the state of the various machines, but the admin console was clunky and had to be run from a Windows instance.
<synchronet> its about educating people I think
<keithzg> They're engineers, it's like herding cats ;)
<synchronet> clamav, no idea what it does but take upo some resources
<keithzg> Eh, the instance we have running on our mail server seems quite light on resources. But again, not at all what I'm looking for, I'
<synchronet> I dont think much of server side AV
<coreycb> degorenko, thanks, we'll take a look
<keithzg> d prefer something to run on Windows machines but centrally administer via a Linux server.
<synchronet> ABG do server side
<synchronet> AVG
<keithzg> Last I checked, although they had a product for running antivirus on Linux, they didn't have any for administering Windows instances *from* a Linux instance.
<synchronet> Good spam detection is usually rapped up with AV
<synchronet> its when the click things happen
<synchronet> they
<synchronet> avg free will help at office desk end
<keithzg> Eh, I'm not too worried about email (as aforementioned, we have clamav running on the mail server, and it does get run on each message that comes in or goes out).
<synchronet> not sure what clam av does??
<synchronet> waste of spave matbe?
<synchronet> space
<keithzg> ...it's an antivirus program, that's what the "av" part means. It certainly seems to be more reliable than AVG in my experience.
<synchronet> not sure what it has ever done for me
<synchronet> apart from take up resources
<keithzg> *sigh* Well if anyone is out there that has any suggestions that aren't trolling, I'd be very happy to hear them! Otherwise, cheers everyone, and hope you enjoy your weekends.
<synchronet> not trolling
<synchronet> I have used Linux and I suppose clam AV since 1995 and never got a report about anything
<synchronet> what do you mean by virus
<synchronet> email
<synchronet> please click here
<synchronet> open attachement
<synchronet> I get them every day and have clam av running
<synchronet> so whats the point
<synchronet> spamassissin is a better one
<synchronet> works quite well but does not much more than a email client can do if setup right
<synchronet> education at local end
<genii> keithzg: Actually, AVG has a linux version which allows you to remotely scan and fix Windows machines. But it's a paid version and not free.
<synchronet> hopefully not too much
<synchronet> they used to do a free version
<synchronet> does not matter some dumb fcuk will open an email one day and bam
<synchronet> and clamav would not have picked up on it and thats for sure.
<devster31> can I configure apt to behave like yum regarding new config files? meaning install the new one with a suffix like .aptnew without prompting?
<nacc> devster31: that's a dpkg thing not an apt thing
<nacc> devster31: which sounds like you want the conf file equivalent of --force-confold ?
<dasjoe> apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install your-package
<nacc> dasjoe: thanks :)
<dasjoe> "confold: If a conffile has been modified and the version in the package did change, always keep the old version without prompting, unless the --force-confdef is also specified, in which case the default action is preferred."
<devster31> nacc: thanks, yes, that's exactly what I was looking for
<dasjoe> devster31: use it with --force-confdef, too
<dasjoe> Otherwise existing files you didn't edit don't get upgraded
<devster31> oh, ok, thanks
#ubuntu-server 2016-05-28
<keithzg> genii: I might actually look into that then, thanks! Still debating whether it's entirely worth it, but if we're going to pay for one it'll definitely need to be one that can be administered on Linux, hence my query.
<devster31> are these two equivalent: https://bpaste.net/show/3a062771de90 ?
<gugugaga> where does ubuntu server store all activity logs?
<gugugaga> i'm talking all activity logs
<b4r> uh it's not /var/log/ I take it?
<gugugaga> is it? b4r
<gugugaga> i know some get logged to /var/log/messages
<gugugaga> but i want to know of all possibilities?
<sarnold> devster31: I think so, yes
<lordievader> Good afternoon
<ShaRose> http://ubuntuforums.org/showthread.php?t=2324920 revenge of denvercode9 etc (I've got it too)
<ShaRose> hmm
<devster31> if I don't have a swap partition is dphys-swapfile the recommended choice?
<hallyn> all right, i'm flummoxed.  i have spamassassin installed and running with -u spamd.  as spamd i do sa-learn --spam --mbox spambox; then cat spammsg | spamc -c, it always says 1.5/5.  (where spammsg is saved from the mbox).
<hallyn> spamd -u spamd should end up using /home/spamd/.spamassassin/ bayes files right?
<hallyn> well, spamd has open fds to /home/spamd/.spamassassin/bayes_toks so i guess so
<hallyn> why is it not learning?
<notthistime> my router firewall is off and my pc firewall is off and i still cant access my server. any ideas? the server does work
<geigerCounter> Can I get some help setting up roundcube?
<litledot> Hi. Can Please anyone give me a help here ? I'm trying to configure proftpd server thru port 21. already created a user, but can't login, error 530.
<devster31> how can I debug umask? meaning, I have 3 digitalocean droplets with ubuntu and in one of them umask is 0022 instead of 0002 like the other 2, I didn't touch pam configs or login.defs or GECOs fields or anything
<patdk-lap> ask do?
<patdk-lap> it's not like they use ubuntu
<patdk-lap> they use their own customized install of ubuntu, and that could had changes and adjustments whenever they felt like it
<devster31> I thought they used the ubuntu cloud image from here... https://cloud-images.ubuntu.com/xenial/current/ but still it's weird it happens only in one
<devster31> will ask the
<devster31> them
<patdk-lap> they changed?
<devster31> I don't understand the question
<patdk-lap> I can't find anything that says they use ubuntu's cloud-images
<devster31> I didn't read it anywhere, I assumed, from dpkg -l it really seems they're the same. anyway there's no way to tell from which place umask is being set?
<patdk-lap> there are hundreds of places it could be set
<patdk-lap> normal places would be in your shell start/profile scripts
<devster31> ok, I didn't edit them, I have USERGROUPS_ENAB yes in login.defs, but maybe I found
<devster31> the issue
<devster31> nope
<devster31> yep, pam_umask is not used by sudo -i right?
<geigerCounter> I need some help setting up roundcube
#ubuntu-server 2016-05-29
<syeekick> Anyone got some working examples of their personal rsync commands they use ? i need some for reference:) I apreicate it
<b4r> syeekick: 10 practical examples http://tecmint.com/rsync-local-remote-file-synchronization-commands
<syeekick> b4r thanks my google-fu lacks somewhat lol
<b4r> you'd be surprised how bad mine can be
<syeekick> it's frustrating
<syeekick> i know good use of keywords and dont include product names yeild good results, its just knowing the damn keywords :P
<b4r> good point
<flaccid> hey guys iâm getting invalid manifest for the vmdks in the current xenial ovaâs from cloud-images. is the build broken in some way?
<flaccid> this is when i try to deploy ovf in vsphere client
<flaccid> in the .mf
<flaccid> SHA256(ubuntu-xenial-16.04-cloudimg.vmdk)= 50998ddbddb01404370057f0c65020fab2fab77356a62a25a9badb29f7d44d0a
<flaccid> SHA256(ubuntu-xenial-16.04-cloudimg.ovf.ovf)= 203f259a5fd7bd0a9c98693d7e93eaef927014e3c0585c46a797470b22b1dcf7
<flaccid> smoser: ^^
<berglh> just upgraded to ubuntu 16.04, was running zfs
<berglh> zol* everything is working ok in the new version
<berglh> but i noticed some dkms modules that read: Diff between built and installed module
<berglh> i'm wondering if i can remove zfs-dkms package now or do i still need it
<thekrynn_> in the case where a stat * of a directory results in arg list too long, is there any faster way of achieving the same thing than ls -1 | xargs stat?
<thekrynn_> (other than obviously changing the way the files are stored and sharding it into sub dirs)
<jelly> use find, not ls
<netcrime> How can you check what permissions user has ?
<ShekharReddy> hey guys hello guys when i do php artisan serve in terminal i get this error {"error":{"type":"ErrorException","message":"date_default_timezone_set(): Timezone ID '' is invalid","file":"\/var\/www\/eppudoo.com\/vendor\/laravel\/framework\/src\/Illuminate\/Foundation\/start.php","line":167}
<fermulator> Anyone who runs Landscape; recently I've started getting the useless error message on the web interface: "Landscape is unavailable, Service will resume shortly." -- but it never "resumes shortly" (it's been over 24hrs now....). Which logs in /var/log/landscape-server are relevant to help debug? http://paste.ubuntu.com/16804420/
<fermulator> If I reboot the entire server the service comes back. a bunch of services are clearly stopped: http://paste.ubuntu.com/16804515/
<fermulator> i dunno if this is relevant; http://paste.ubuntu.com/16804813/ (some connection refused stuff, but I don't see why that would cause services to stop themselves)
<blueking> anyone been into this ? -> sudo apt-get install vlan
<patdk-lap> blueking, is that a question?
<blueking> kinda, just wonder how much work there are to get vlan tagging up and go
<patdk-lap> 10seconds to 10hours or more?
<patdk-lap> depends on your skills
<blueking> I am thinking about to skip ISP's homecentral unit and connect mine pc router directly to mediaconverter  fiber <-> cat6
<patdk-lap> do you have an question somewhere in there that can be answered?
<blueking> a sec
<blueking> https://wiki.ubuntu.com/vlan
<blueking> I need to add some more to get tv, phone and lan/data ?
<patdk-lap> heh?
<blueking> they have lan tag-ID 100 101 and 102
<patdk-lap> you will have to talk to your isp for answers
<blueking> I have the info I need  but what I need to do on ubuntu ?
<blueking> trying to find wiki page that has more info about vlan tagging
<patdk-lap> what do you mean more?
<patdk-lap> that page has *all* the info
<patdk-lap> there is nothing *more*
<blueking> :/
<Sling> well there is plenty more information about vlan tagging, but not so much from a host PoV
<patdk-lap> or how to setup/configure it
<compdoc> blueking, somehow I doubt your ISP allows its customers to bypass their equipment. interesting science experiment
<devster31> how can I make changes to /proc/sys/fs/file-max persist across reboots
<devster31> ?
<Sling> in /etc/sysctl.conf
<ShekharReddy> hey guys how do i know the php.ini file used by apache2
<Sling> ShekharReddy: php_info(); output will tell you
<Sling> probably the quickest way of finding out
<ShekharReddy> php_info() where ??
<ShekharReddy> Sling: ^^
<shauno> it's just phpinfo().  but just create a new page on your server that contains just <?php phpinfo; ?>  and then visit it
<shauno> er, phpinfo() rather  heh
<Sling> oh yeah phpinfo :)
<devster31> Sling: thanks
<devster31> should I change /etc/pam.d/common-session or common-session-noninteractive?
<Sling> devster31: what do you want to do?
<devster31> add pam_limits.so to change ulimit for mysql
<Sling> one is for interactive sessions and the other is for non-interactive sessions
<Sling> for mysqld it would be noninteractive
<devster31> ok, is that step required or does it work without that rebooting the system?
<Sling> the pam config files are read as they are used
<Sling> so should be no reboot of the system needed
<devster31> right, also for interactives there's already a line in pam.d/login
<ShekharReddy> shauno:  hello
<ShekharReddy> shauno:  I did create a php file containg the line <?php phpinfo(); ?>  and ran it on server
<ShekharReddy> but i am getting output as  phpinfo();
<ShekharReddy> Sling: ^^
<blueking> compdoc it's doable
<blueking> compdoc do googletranslate norwegian-english on this https://freak.no/forum/showthread.php?t=219922
<devster31> can I untar an archive merging existing directories? like in the tar there's a/b/file1 and I have a/b
<RoyK> if you untar an archive onto an existing directory hierarchy, it'll just overwrite any existing files with the same name
<patdk-lap> did boot_degraded just vanish in 16.04?
<Dachi> A friend installed Ubuntu 16.04 to use as a server for Multicraft. His power went out and he can't log in to the profile he was in. He also can't open the gnome terminal. Did a restart and for a long while the login screen flashed a lot. Help?
#ubuntu-server 2017-05-22
<halp> Quick question
<halp> would apt-get update and apt-get upgrade cause my host key to change?
<cpaelzer> good morning
<henkjan> halp: regular apt-get update en apt-get upgrade should not cause changed hostkeys
<henkjan> halp: upgrade between releases, eg 12.04 to 14.04 or 16.04 could add support for new hostkeys like ed25519
<halp> henkjan: I got the answer already in #ubuntu but ty
<halp> I've wiped and locked down the machine now. It had nothing of value anyways
<CarlenWhite> sarnold, Oh, hey. I did figure out what might be going wrong. It seems like my ISP is indeed stepping in and blocking requests to port :25
<CarlenWhite> Because I was able to connect to the same server from a business network no problem.
<CarlenWhite> If I feel bothered, I'll see if I can bug my ISP to lift that limit else devise a different solution.
<CarlenWhite> Either sanely by having it go to a proper service.
<CarlenWhite> Or tunnel to a work server to facilitate the request.
<Capprentice> Hi! when I run blkid I see these - /dev/sdb: UUID="LSI     M-^@M-^F)%" TYPE="ddf_raid_member"
<Capprentice> How do I make these hdds show up as normal hdds? in etc/fstab?
<Capprentice> The hdd Im booting from is showing this -/dev/sda1: UUID="055b6e93-b53f-4020-96d1-8ad49aad2779" TYPE="ext4" PARTUUID="14b09c11-01"
<cpaelzer> Capprentice: isn't that a fake raid setup?
<cpaelzer> Capprentice: so would mounting it individually not be the wrong things to do?
<Capprentice> cpaelzer, I do not know. I just used fdisk to format the disk partition type to msdos and then create one single partition of ext4.
<cpaelzer> Capprentice: that might even have killed some of the disk data - the "ddf_raid_member" means that this is a fakeRaid
<Capprentice> cpaelzer, How do I make it non raid?
<cpaelzer> Capprentice: TL;DR the bios/hw does part of the raid setup, but would rely on special drivers to do so correctly
<cpaelzer> Capprentice: If you don't want it to be special you need to go to your bios and/or storage controller setup
<Capprentice> cpaelzer, The SATA controller is set as AHCI.
<Capprentice> RAID is not selected there.
<Capprentice> And when installing I passed the argument nodmraid
<cpaelzer> Yeah also the borads/devices doing so get less and less - so it might be safer to go without
<cpaelzer> yet your blockid reports a ddf type device
<Capprentice> cpaelzer, How do I fix it?
<cpaelzer> haven't had  such a system for years - I'm thinking (slowly) ...
<cpaelzer> Capprentice: since I understand that you want to kill the data on it anyway to install fresh or something like it maybe wipe the old signatures and reboot so the kernel stops detecting it as such?
<cpaelzer> Capprentice: dmraid -x or so?
<Capprentice> cpaelzer, The /dev/sdb/c/d can be wiped. I have no data on them.
<cpaelzer> Capprentice: there are more things to wipe it - here is a discussion you might want to follow and try https://ubuntuforums.org/showthread.php?t=1322108
<cpaelzer> dmraid -rE seems to be the consensus in this thread, but since I don't have the device or used it be carful Capprentice
<Capprentice> cpaelzer, I dont even have the package dmraid installed and I selected the AHCI mode. How or why it beacame lke this?
<Capprentice> :(
<cpaelzer> Capprentice: I think the kernel tries to detect
<cpaelzer> Capprentice: but that is only half way done - either "kernel detects fakeraid, userspace consumes and sets it up" OR "wipe it all so it boots without being detected as such"
<cpaelzer> Capprentice: it might have metadata form an old installation I'd guess
<cpaelzer> Capprentice: there are plenty of similar references around like https://askubuntu.com/questions/91167/un-raiding-a-two-disk-fakeraid-array
<cpaelzer> Capprentice: but they all seem to resolve around wiping the unwanted metadata
<Capprentice> cpaelzer, ERROR: ddf1: seeking device "/dev/sdd" to 1024204253954048
<Capprentice> ERROR: writing metadata to /dev/sdd, offset 2000398933504 sectors, size 0 bytes returned 0
<Capprentice> ERROR: erasing ondisk metadata on /dev/sdd
<Capprentice> cpaelzer, This had no previous installation. This is the first installation on the server. I dont know why and how this got attached and now giving me error on trying to remove it :(
<cpaelzer> :-/
<cpaelzer> Sorry Capprentice I can't help more, I think you now need to hope to find somebody with the same or a similar device
<cpaelzer> and while searching for him continue trying to find how to fully wipe it
<cpaelzer> Capprentice: what storage controller is that exactly, so that somebody else here might chime in if he has one
<Capprentice> cpaelzer, I have disabled the controller in BIOS. I dont remember its name and lspci shows  Sunrise Point-H PMC
<mason> Capprentice: Just coming in, but did you do anything to nuke metadata on the disks?
<mason> A not-horrible suggestion prior to using disks that aren't brand new/unused is to dd if=/dev/zero over them.
<mason> Or maybe if=/dev/urandom if you're going to do crypto on the devices later.
<ahasenack> sgdisk -Z is also interesting, as it also takes care of the partition data at the end of the disk iirc
<M3mphiZ> Is there a minimal iso for ubuntu server?
<andol> M3mphiZ: How much such an iso differ from the regular mini.iso?
<M3mphiZ> andol: i thought the mini.iso is for desktop, no?
<andol> M3mphiZ: Well, Ubuntu is Ubuntu. Just that some installers provide different defaults.
<M3mphiZ> andol: thats what i thought, so ubuntu server is preconfigured for server and the rest for desktop, thats why i thought the mini.iso is preconfigured for desktop..
<andol> Unsure exactly what defaults the mini.iso gives you, but I do remember having used it to install a server. Just set the low debconf level and you will be fine.
<andol> ...and if you want to be really sure, start by testing it out in a virtual machien.
<M3mphiZ> andol: what do you mean with lob debconf level?
<M3mphiZ> andol: or better, how do i set it to low?
<mason> ahasenack: Does that know about fakeraid metadata? I think it just wipes partition data, which would leave the fakeraid stuff there.
<ahasenack> mason: don't know, give it a try
<mason> ahasenack: You miss my point. I wasn't asking to ask, I was asking to tell. :P
<ahasenack> where is the fakeraid stuff written to?
<ahasenack> -Z destroys gpt and mbr data structures, it's what the manpage says
<mason> Looks like the last 512K on disk: https://djlab.com/2013/07/removing-raid-metadata/
<mason> Right, but... that's not going to touch the metadata.
<mason> Put another way, -Z very cleanly and precisely destroys the partition structure.
<jamespage> coreycb: hey - the sync process for the UCA is currently broken - a duplicate build snuck into one of the ocata or pike pockets for qemu
<jamespage> coreycb: resolving that now but it currently means that no updates are getting from the build PPA's to the real UCA
<coreycb> jamespage: ack
<jamespage> coreycb: OK I think I've poked it enough and things are now syncing again
<coreycb> jamespage: ok cool
<redvic> Hi, I have not used IRC in 10 years I guess that makes me a newbee...
<ogra_> rather a unpracticed oldie :P
<redvic> thought so, how is it referenced now days
<dpb1> ah
<dpb1> IRC. :)
<redvic> what software is recommended for server virtualisation would like to run two ubuntu servers at once ?
<dpb1> redvic: KVM
<rbasak> redvic: or lxd, for speed and density, unless you specifically need VMs.
<compdoc> I'll have to try lxd someday
<redvic> i use odoo accounting software on ubuntu server 12 lts would like to run two version and one test server
<IShavedForThis_> hey, I'm having problems with a hdd turning to read only mode after a random amount of time. I have already run fsck and can't figure out the problem! has anyone had to deal with shit sort of thing with external drives before?
<compdoc> IShavedForThis_, usually means the drive has problems. use SMART and see
<compdoc> glad you shaved, btw
<IShavedForThis_> hmm okay. is there a command for that?
<IShavedForThis_> hahah thanks.
<compdoc> smartctl -a /dev/xxx
<compdoc> you have to replace the xxx with the drive
<compdoc> pastebin.com the results
<compdoc> may have to use sudo
<redvic> how do i setup kvm? do i load ubuntu server then install kvm and setup my virtual servers from there?
<compdoc> yup. do you have a desktop installed?
<mason> redvic: https://superuser.com/questions/229084/does-displayport-carry-sound-as-hdmi-does
<mason> Um, that didn't copy properly.
<mason> https://help.ubuntu.com/lts/serverguide/virtualization.html
<mason> that one
<mason> So, if you want libvirt, for example: sudo apt install qemu-kvm libvirt-bin
<redvic> what version of LTS ubuntu server is recommended 12 14 ?
<Ussat> we use 16.04 LTS here
<redvic> i know its not server related what IRC client is recommended here ?
<compdoc> 16.04
<redvic> is it possible to setup a server between my wifi access point and internet connection in order to control access to network ? i am helping a school with wifi in all the class rooms for teachers only but students hack wifi and gain access to data
<redvic> wifi password is a problem as students have access to teachers devices
<redvic> can ipfire do something like this?
<redvic> how would i secure data on a wifi network?
<rbasak> cpaelzer: triaging bug 1685332, I think it would be reasonable to say that non-experimental NVMe support for smartmontools is a wishlist request, so Triaged/Wishlist. What do you think?
<ubottu> bug 1685332 in smartmontools (Ubuntu) "does not monitor NVMe drives" [Undecided,Incomplete] https://launchpad.net/bugs/1685332
<teward> powersj: poke.
<powersj> teward: sup
<teward> powersj: thou hast forgotten nginx special triage rules
<powersj> doh
<teward> "Invalid", not "Incomplete", because "Not a bug"
<powersj> Actually I thought I did mark it invalid
<teward> ah, your canned response and the status don't match
<teward> that's whyt
<teward> *tosses phone into /dev/null*
<powersj> yeah ;)
<teward> why*
<teward> powersj: i think we'd need to update the canned comment - it references "incomplete"
<teward> FRAKKK stupid tor >.<
<teward> there we go...
<powersj> that's fair. I get into copy and paste mode, but did remember you prefer invalid to incomplete
<teward> powersj: yeah, i get too many of those "Hey, this doesn't start" "Stop running the other webserver ya ninny" situations
<teward> just got tired of them :)
<powersj> I hear ya
<teward> back in a bit.  IT never sleeps, nor do we get a freaking break xD
<endpoint_david> hey folks, we just released a new version of DBD::Pg; wondering how we get libdbd-pg-perl updated accordingly
<nacc> endpoint_david: it's currently sync'd from Debian (with rebuilds as needed), so I'd guess if Debian updated, we'd pick it up
<jelly> and debian won't update before debian 9 is released (this year, probably)
<nacc> jelly: good point
<nacc> endpoint_david: if there's a strong reason we should update ahead of Debian, I'd file a bug
<jelly> unstable is "slushy", no new upstream version are coming in before stretch release
<endpoint_david> the primary reason is supporting PostgreSQL 10
<endpoint_david> which breaks a few things as far as versioning, etc, internally
<endpoint_david> now, that hasn't been released yet
<endpoint_david> but that means that anyone using Pg 10 in the future is going to have to update DBD::Pg out-of-band AFAICT
<nacc> endpoint_david: ok, i'm not sure we're updating to pg10
<endpoint_david> yeah, I'd expect that isn't going to be in the base dist for sure
<nacc> endpoint_david: it's on, i think, our roadmap for 18.04
<nacc> endpoint_david: let me check my e-mail (i, along with cpaelzer, are the primary packagers for the pg updates)
<endpoint_david> ok, when is the freeze for that?
<nacc> endpoint_david: for 18.04? well, it's not even open yet :)
<endpoint_david> nacc: cool, good to meet you
<endpoint_david> then I haven't missed the deadline there... ;)
<nacc> endpoint_david: i'm *guessing* that when Debian brings pg-10 out of exp to unstable, we'll probably see them pick up the new version of dbd-pg too
<nacc> endpoint_david: it's probably best to file a bug in debian so they are aware of the need to update
<endpoint_david> nacc: so how would this work in the meantime?  generally people will use the PGDG repo, so do we need to package a custom version of libdbd-pg-perl there as well?
<endpoint_david> since it's still pre-release it's kind of moot at this point, just trying to make sure things work out easiest in the future
<nacc> endpoint_david: not sure I follow what the issue is (yet). The version we have in 17.10 (I am assuming) works with the PG in 17.10, right? When we do the migration to PG-10 in Ubuntu (next cycle most likely), there will be a transition tracker (as many packages will need to be rebuilt, updated, etc.)
<endpoint_david> nacc: the problem would be if someone installs the PGDG repo to install pg10 but uses the system libdbd-pg-perl (which doesn't work with Pg 10), then anyone trying to use DBD::Pg wouldn't be able to work with it
<endpoint_david> so to me it looks like the choices are to either package/distribute the updated DBD::Pg in PGDG repo as well or update system libdbd-pg-perl to support it
<nacc> endpoint_david: right, if you have your own repo, then you need to make it self-consistent
<nacc> endpoint_david: you package/ship PG itself?
<endpoint_david> well, the PGDG project does
<endpoint_david> and I'm sure we could get them to include a custom package
<nacc> endpoint_david: yeah, that seems like the right place to resolve this, it's not really an ubuntu issue
<endpoint_david> dumb question: are external repos able to depend on other packages?  we don't want to have to maintain a separate full perl installation for dependencies
<nacc> endpoint_david: well, the packages themselves express their dependencies
<nacc> endpoint_david: i'm assuming the PGDG repo is meant to be added to ubuntu
<endpoint_david> ubuntu or debian both
<nacc> endpoint_david: so they could depend on any ubuntu package; but as with libdbd-pg-perl, they need to ship anything they want to control specifically the version of
<nacc> endpoint_david: otherwise they are reliant on whatever ubuntu/debian decide
<endpoint_david> ok, well that sounds like the way we'll have to go then, thanks
<endpoint_david> thanks for your help
<nacc> endpoint_david: np
<kyle__> Is anyone here pxe installing 16.04 server?  How did you get the serial console to work?  Through 14.04, I was able to just append console=ttyS0,115200 to the boot, and it worked.  Not, not so much
<JrWebDev> is their any good open source ERP system that i can learn from...i want to learn how to setup an ERP system. is their any good open source ERP systems out their just so i can practice and see how an erp is implemented?
<sarnold> !package openssh-client
<nacc> sarnold: !info?
<sarnold> !info openssh-client
<ubottu> openssh-client (source: openssh): secure shell (SSH) client, for secure access to remote machines. In component main, is standard. Version 1:7.4p1-10 (zesty), package size 654 kB, installed size 4629 kB
<sarnold> oh!
<nacc> sarnold: not sure if that's what you were looking for :)
<sarnold> nacc: that's it exactly; thanks
<sarnold> with !package the little guy replies with <ubottu> Sorry, I don't know anything about package openssh-client  -- which looks like it might not understand the https redirect on https://packages.ubuntu.com/  :)
<sarnold> but if you ask the correct thing it still gives correct answers. hehe.
<nacc> sarnold: right, because it's interpreting the whole string as a command (in this case 'package openssh-client') and it happens to look like English :)
<nacc> "Sorry, I don't know anything about <input>"
<sarnold> I wish it replied to a help or !help or commands or !commands or something. sigh :)
<nacc> sarnold: yeah, i wonder if teh command list is too long
<mason> !info xv
<ubottu> Package xv does not exist in zesty
<sarnold> sorry mason, it hasn't existed in a while it looks like https://launchpad.net/ubuntu/+source/xv
<mason> I can hand-build it. But yeah, it's not there in Xenial either.
<mason> I'm thinking of using it to learn .deb packaging at long last.
<nacc> mason: what is xv?
<sarnold> image viewer
<sarnold> it used to be the only thing we had twenty years ago :)
<nacc> sarnold: oh i thought it was some other new thing -- given the reference to 'deb packaging' :)
<sarnold> nacc: https://en.wikipedia.org/wiki/Xv_(software)
<nacc> sarnold: yeah, i've used *that* xv before :)
<nacc> mason: xv is probably better (at this point) as a snap
<sarnold> you'd certainly be done packaging way sooner :)
<nacc> :)
<mason> Ooh, a snap. That's a good idea too.
<mason> Probably worth learning both.
<nacc> mason: for end-user applications, the snap is going to be a lot faster
<mason> Yar. Just saying.
<teward> sarnold: the more you know, huh?
<sarnold> ââ°â­â­â­
<teward> *throws sarnold into /dev/null*
<teward> sarnold: mind a PM?
<sarnold> sure
#ubuntu-server 2017-05-23
<dpb1> sarnold: classy
<dpb1> (the more you know!)
<sarnold> :D
<phibs> For some reason update-grub on my box is *NOT* using UUID in /boot/grub/grub.cfg after the installer runs, this causes it to not boot since the device changes :(  Any hints or tips?
<phibs> (This is 16.04 LTS)
<ChmEarl> phibs, it should be configured in /etc/default/grub, something about UUID
<phibs> yeah disabling UUID is not set, and default is false
<ChmEarl> ok, looking for the setting
<ChmEarl> GRUB_DISABLE_LINUX_UUID=false
<phibs> yeah, it defaults to false ;0
<ChmEarl> some reports that a script is using instead: GRUB_DISABLE_UUID
<phibs> hmm
<phibs> which
<phibs> hmm /dev/disk/by-uuid (the dir itself) does not exist...
<phibs> so the grub-mkconfig is gonna not use UUID since it tests for that...
<arunpyasi_>  Hi all, I have 2 servers, both are running the same website, the website running in my server is fast in the LAN but very slow in internet BUT, if I try to connect to the server which is also in the same LAN then it works fine why is that ?
<ChmEarl> phibs, did you upgrade from Trusty?
<phibs> no, this is a 16.04 fresh install
<andol> phibs: Perhaps a longshot, OpenVZ?
<phibs> bare metal lol
<arunpyasi_> anyone around please ?
<ChmEarl> phibs, /dev/disk/by-uuid is created at bootup
<arunpyasi_>  I have 2 servers, both are running the same website, the website running in my server is fast in the LAN but very slow in internet BUT, if I try to connect to the server which is also in the same LAN then it works fine why is that ?
<arunpyasi_> I think there is some issue with routing
<arunpyasi_> how do I fix it
<arunpyasi_> ?
<phibs> ChmEarl: this is in the installer
<sarnold> arunpyasi_: there's not much to go on there. what kind of troubleshooting have you done so far with what results?
<arunpyasi_> sarnold, I have no idea ..
<arunpyasi_> sarnold, tried rebooting..
<arunpyasi_> sarnold, does iptables work if ufw is disabled ?
<arunpyasi_> and if iptables is flushed ?
<sarnold> arunpyasi_: ufw is a front end to iptables; if you want to use ufw then you should use ufw; if you want to use another tool, or work with it by hand, then do that...
<sarnold> arunpyasi_: 'flush' in iptables usually means 'remove all rules' -- is that what you wanted?
<arunpyasi_> sarnold, yes..
<arunpyasi_> sarnold, but still its not fixed.. thinking the iptables or routing issues
<arunpyasi_> sarnold, I am worried how i can fix it
<sarnold> arunpyasi_: the linux kernel can route and firewall something like five million to ten million packets per second -- what kind of load is your server under?
<arunpyasi_> sarnold, its a simple webserver
<arunpyasi_> with a static file
<sarnold> arunpyasi_: just static content? how many requests per second?
<arunpyasi_> sarnold, one
<arunpyasi_> sarnold, I am the only one trying to access.
<sarnold> okay, so probably not network load then
<arunpyasi_> sarnold, no not the load.
<arunpyasi_> sarnold, is the system issue
<sarnold> what kind of ping times do you get from the machine to the world? what kind of packetloss?
<arunpyasi_> sarnold, no packet losses. the thing is, I tested the network with another machine runnign a webserver at a different port.
<arunpyasi_> the traffic from that webserver opens fine
<arunpyasi_> I mean the website from that webserver opens finee
<arunpyasi_> but not the mains linux server :(
<arunpyasi_> sarnold, you got the scenario
<arunpyasi_> ?
<sarnold> arunpyasi_: not really; I don't know if you've got two machines behind a NAT box or if they are directly routed, dunno if you've got a load balancer in front of them or not, don't know what kind of speeds you're expecting or what kind of speeds you're getting..
<arunpyasi_> sarnold, its like not speed.
<arunpyasi_> its not even opening
<arunpyasi_> thats the thing
<arunpyasi_> sarnold, its behind the same NAT
<sarnold> heck if you're trying to get to these machines by DNS and maybe the name doesn't resolve with your seelected recursors, it could look like slow websites.. but it might be slow DNS instead.
<arunpyasi_> no load balancers
<arunpyasi_> no
<arunpyasi_> its the IP I am trying
<sarnold> alright, so probably not dns, or not exclusively dns anyway :)
<sarnold> so you have port forwarding set up on your NAT router?
<arunpyasi_> sarnold, yes
<sarnold> do you forward e.g. 80 to one computer and 81 to the other?
<arunpyasi_> sarnold, yes
<arunpyasi_> sarnold, that is what I did.
<arunpyasi_> sarnold, if you want the IP, I can send you in PM
<sarnold> sure
<arunpyasi_> sarnold, please check the PM
<cpaelzer> good morning
<seyeongkim> I can't see "nominate for releases" on LP, Do I need specific permission to do that?
<rbasak> seyeongkim: I believe you do, yes. I'm not sure exactly what is needed to be able to see that.
<seyeongkim> I see rbasak, Thanks
<rbasak> seyeongkim: you can ask in #ubuntu-bugs for any nominations you need.
<seyeongkim> ok rbasak
<redvic> hi guys do you recommend automatic security updates on / off on your bare server or on the VM 's or on all ?
<sarnold> we do our best to try to avoid regressions in packages, but sometimes it happens
<sarnold> you'll be safer if you can put the time in to test updates in a testing environment before putting them onto all your other machines, but that's expensive and time-consuming, so many people are content to just turnon automatic updates
<hateball> redvic: well since you have fully functioning (verified) backups of your things, why not?
<andol> redvic: A good tradeoff might be to enable the automatic security updates, but disable it for certain critical packages. The typical examples being database services.
<sarnold> given how many upgrade failures I see in launchpad every single mysql point relesae that sounds like a pretty good idea. :)
<redvic> sorry was away for a moment,
<redvic> so i leave my base installation on manual and have a vm server where i test updates
<redvic> i am using raid so i could disconnect raid test the updates
<redvic> hateball, my server uses raid1 i am busy istalling base server after which KVM and 4x vm servers wuold you recoomend auto update off on the bare/base and update on vm server?
<hateball> redvic: fwiw I've never had any issues with Ubuntu updates
<hateball> that said I tend to not use the automatic function for legacy reasons
<hateball> since it used to be that apt didnt clean up old kernels, so if you had a default LVM setup, well then /boot is on its own partition which then fills up
<hateball> just annoying.
<Fieldy> hello, is there a reasonable path to upgrade in place server 12.04 LTS to 14.04 LTS to 16.04 LTS? or does it make more sense to simply reinstall?
<Ussat> TBH, I would reinstall
<Ussat> but it really depends on apps etc
<Ussat> if its a critical system, build up a 16.04 LTS in parallel to it then migrate
<Ussat> but thats me
<Fieldy> Ussat: yeah that's what i'm thinking. I'm pretty sure I have the resources do a parallel.
<hateball> fwiw I've done such upgrades
<hateball> but yeah it depends on services used
<hateball> for instance if you use apache, things need .conf extension from 14.04 and onwards, or it breaks
<Fieldy> yeah. little diffs between versions... heh
<Ussat> I was gonna say, I have done upgrades like that, it is possible, I just like a clean install etc when possible.....gets all the "cruft" etc out and I always look at older systems and ask why the hell......
<Ussat> I assume this is a VM ? if so, make a snap and try the upgrade and see how works out, worse case, you revert back to the snap and then do the parallel
<hateball> snapshots <3
<hateball> I upgraded something earlier, whose package (third party) just overwrote all nginx configs without asking
<hateball> pretty nice to be able to just revert to snapshot then :p
<Ussat> Yea, I live and die by snaps here
<Ussat> I manage rhel and ubuntu systems here and snaps have saved me a few times
<Jorrit> Hi i'm looking for someone who can help me with configuring DNS on a ubuntu-server
<Jorrit> Did everything i thought was needed, but somewhere along the way it doens't work.
<Jorrit> I just want to make it possible to work outside the office
<Ussat> VPN ?
<Ussat> a TON easier than running your own dns server (is that what you mean by configuring dns) ?
<Jorrit> I thought DNS was the easiest solution
<fallentree> Jorrit: you'll have to explain a bit in more detail what exactly you wish to achieve
<Jorrit> The are students who need to acces the server voor Moodle. Is VPN also possible in such a situation?
<Ussat> honestly, it depends on what you want to do
<Jorrit> voor=for
<Jorrit> Students (about 10 a day max) need to take some courses and employees need to acces the Courses and our CRM
<Ussat> VPN
<Jorrit> Ok and what do I need for VPN?
<Jorrit> We have 100Mbps Up and Down so a strong and fast connection
<fallentree> Jorrit: you want students to access your LAN (office) from "outside" (public internet)?
<Ussat> Jorrit, um......setting up a VPN is non trivial, and porbably not something you can do with just IRC
<redvic> what is recommended hardware or software raid?
<Jorrit> I choose DNS to let them acces Moodle via our website.
<fallentree> redvic: software, unless you need huge arrays
<Jorrit> Fallentree: I want to let them acces it yes via the public internet.. can I sence something like.. unsafe in your q.?
<Ussat> VPN
<fallentree> Jorrit: well, my question was to understand the needed layout of network, but indeed exposing anything to public internet is unsafe and requires proper precautions. Perhaps VPN is indeed the best solution, but as Ussat said, it's not trivial to set up.
<Ussat> also, setting up a DNS server is FAR more risky unless you know exactly what ya doin
<fallentree> Jorrit: you'd need a public server runing (Open)VPN that connects the LAN part of your network with the end users over public internet. Maybe there's a (paid probably) VPN service you can use for that
<Jorrit> Fallentree: Well I need to check it out.. Don't know much about VPN'S other than the use of faking ones location
<fallentree> well, I don't think running an authoritative DNS service is THAT risky, besides one can always use a third party DNS service if they don't want to mess up with setting up DNS correctly.
<fallentree> I'm more concerned with securing the CRM and other services exposed to public internet
<Jorrit> I understand, thats my concern to. But They want it cheap and safe at the same time, in the office.
<fallentree> Jorrit: in short, if your LAN has address space of 10.0.0.0/24, with VPN your end users (studends) would connect to it and have a network interface in that exact range, the VPN only bridges their computer to your LAN over the internet.
<fallentree> so your users can access 10.0.0.0/24 as if it were in their local network
<Jorrit> fallentree: ok so all I have to do: find a tutorial for openVPN like this: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04 and everything will be safer than using DNS?
<fallentree> it'd definitely be safer than exposing your internal CRM and stuff to public internet, yes.
<Ussat> if security is your concern, use a VPN
<Jorrit> Ok, but is VPN legal?
<Ussat> Jorrit, "all you have to do".....
<Ussat> what ?
<fallentree> Jorrit: of course, it stands for Virtual Private Network :)
<Ussat> yes of course
<Jorrit> Ok
<fallentree> Jorrit: another solution would be using ssh tunnels, simpler to set up than VPN, and serves the similar purpose
<Ussat> but again, its NOT trivial, and a quick and dirty tutorial isnt quite.....anyway
<fallentree> Jorrit: if your users are on linux, running a single command would open a "socks proxy" through which they can connect to your internal applications
<Jorrit> fallentree: but I don't think anyone of the students will use linux.
<Ussat> Jorrit, V   P   N
<Jorrit> It's not that populair in Holland (as far as I know)
<Jorrit> Ussat: Thanks :-) I think I'll go with that! lol
<Ussat> Jorrit, TBH at this point, considering the questions etc......you should probably go with a commercial VPN solution
<Ussat> if your users are windows based, there are lots of good ones
<Jorrit> But that comes at a price, I will check the options for the Netherlands
<Jorrit> Thanks so far Ussat and fallentree, I think I'll be in touch (on chat) when I need more info. Gonna check it with my collegea now
<Ussat> Yes, it comes at a proce....and with that price you get a professional setup, maintenance etc
<Ussat> some thing are REALLY worth paying for
<redvic> fallentree, why do you prefer software ?
<fallentree> redvic: yes
<redvic> why?
<Ussat> for several reasons, the best IMHO is that in HW raid if the controller goes bad, you need to replace PHYSICAL HW etc, in SW raid, you dont. UNLESS its a really big array, then you want a SAN or card. It honestly depends on a few things
<roelof> Is it possible to use policies so that I can take care that some people may use some software installed and some not
<roelof> maybe openlapd ?
<fallentree> redvic: what Ussat said. There's no need for HW raid today as CPUs are more than capable. Only with huge arrays that take too much of your CPU could you benefit with a HW card. Also, note that with HW raid, if it fails you need to replace with EXACT brand, and sometimes even exact model as they use proprietary formats that may change in newer models.
<fallentree> redvic: plus, if you use something like zfs or btrfs that does checksumming and real-time (corrupt) data recovery, you must NOT use HW raid. I don't even know if any HW raids are capable of that, maybe the higher end ones.
<Ussat> and honestly if youre in the arena where you NEED a card, you NEED a san
<Ussat> in a system with HW raid, if system craps out, you buy new system, new card etc......with sw raid, pop drive in different system, rebuuld SW raid..done
<Ussat> I am simplifying a bit, but not much, THAT said, I am on a SAN at work
<redvic> awswome thanx you guys
<roelof> Can I make it work with openlapd that a user can log into a server and may use only some software on the server
<fallentree> roelof: what software?
<roelof> for example expensive cad or dtp software , fallentree
<fallentree> roelof: I don't know if ldap can do it, but you should be able to use ACLs to dis/allow access for certain users to certain binaries/paths.
<roelof> oke, and with what software can I make  ACL's ?
<fallentree> roelof: https://help.ubuntu.com/community/FilePermissionsACLs
<roelof> thanks, I will dive into that
<fallentree> roelof: so if iirc you can do something like setfacl -m u:someuser: /path/to/expensive/cad/binary  . That should revoke all rights, for that user on that binary, assuming the default is root owned o+x binary installed by a package
<roelof> thanks , I will experiment with it
<fallentree> roelof: setfacl manpage has more examples
<rbasak> cpaelzer: triaging bug 1685332, I think it would be reasonable to say that non-experimental NVMe support for smartmontools is a wishlist request, so Triaged/Wishlist. What do you think?
<ubottu> bug 1685332 in smartmontools (Ubuntu) "does not monitor NVMe drives" [Undecided,Incomplete] https://launchpad.net/bugs/1685332
<ppetraki> redvic, Ussat, fallentree, if performance doesn't matter software raid is fine. Things will  get interesting as NVDIMM and CrossPoint memory becomes more widespread. Then you'll have access to the same level of writeback performance as a hardware raid controller while keeping your data crash consistent.
<cpaelzer> rbasak: if you doc it as "the non experimental is wishlist" I agree
<cpaelzer> rbasak: but since all thatis on upstream atm it was incomplete for me
<cpaelzer> Triaged would mean we know what to do/pick-up/...
<cpaelzer> which we don't as it doesn't exist
<cpaelzer> rbasak: maybe better confirmed/wishlist
<rbasak> cpaelzer: I've always considered Triaged to mean that the report is valid and the issue is valid, rather than that the developer knows exactly what to do. My point being that the developer has enough information to find out and is unlikely to have to come back and say "the bug is Invalid".
<rbasak> nacc: would you like to chat about the changelog branch? Not urgent.
<nacc> rbasak: sure
<rbasak> nacc: same URL as five minutes ago?
<nacc> rbasak: omw
<cpaelzer> rbasak: in any case I'm fine with wishlist if it is called out that there is still the blocker to need non-experimental for it
<rbasak> OK I'll change it thanks.
<rbasak> cpaelzer: oh, I think I see what you're saying.
<rbasak> I think that's an entirely orthogonal thing.
<rbasak> That Ubuntu doesn't have support for NVMe is the bug. That we don't upload a patch directly because it's non-experimental is separate. An interested developer could always drive it upstream to resolve the bug in Ubuntu.
<rbasak> nacc: https://code.launchpad.net/~racb/usd-importer/+git/usd-importer/+merge/324476
<fallentree> ppetraki: what's the performance penalty?
<ppetraki> fallentree, depends on your workload :) write intensive workloads benefit from a writeback cache the most. Read intensive can get away with a writethrough cache because it's basically a read cache.
<fallentree> ppetraki: in my experience the wb cache benefit is insignificant unless you have a very specific workload that very frequently modifies a relatively small number of pages
<fallentree> I'd say the hybrid drives are far more beneficial in that department, or more advanced tech like ZFS with ZIL caches
<fallentree> though SSDs nowadays tend to make all the irrelevant
<ppetraki> fallentree, like I said, workload specific.
<fallentree> too specific for a blanket statement of "if performance doesn't matter" :)
<ppetraki> fallentree, read the rest of the sentence
<fallentree> I did, but you implied that there's a (significant) performance penalty with software raid
<ppetraki> fallentree, sure, when you don't have a writeback cache that is *crash consistent* it hurts
<ppetraki> fallentree, go ahead and turn on the wb cache on your software raid and yank the power
<ppetraki> fallentree, let me know how that turns out
<fallentree> I never noticed a problem with power failures on our ZFS storage arrays
<ppetraki> fallentree, I'm not interested in an argument, I've been hacking storage for about a decade. I merely wished to add to the conversation so the OP, who is apparently is no longer present, could gain some additional insight in the difference between the two options.
<ppetraki> fallentree, thanks.
<fallentree> what you're talking about is BBU cards where the wb cache kind of ensures that the application sees successful write, "guaranteed" by the bbu in case of power failure at that particular moment.
<fallentree> but in the overall cost-benefit equation, personally I don't find that beneficial over potential problems with HW cards.
<fallentree> I'm not interested in an argument either, I was merely asking about the performance penalty :) Then you shifted goals to wb cache and power failures which has nothing to do with performance.
<ppetraki> fallentree, it's storage, it's raid, it's supposed to be highly available. You get to lose your customer's data exactly once, if your product is in the alpha stage they'll give you a pass, after that, they're shopping for a new array vendor.
<Ussat> ppetraki, sure, but in the long run if performance is that much a issue, SAN
<fallentree> ppetraki: without a proper backup policy, no hardware feature will protect from "losing customer data" :)
<ppetraki> ok I understand what happened
<ppetraki> do you guys know what crosspoint can do?
<Ussat> me, personally, no
<ppetraki> ok
<ppetraki> it is a persistent DRAM that doesn't need any extra power plumbing like NVDIMM does. It's cheaper than NVDIMM but not as fast as DRAM.
<Ussat> nice
<ppetraki> so once you have this as a building block, you can start to have some really interesting designs that normally only lived in SANs
<Ussat> I am more than willing to admit I am not a storeage guy.......I have a enterprise grade SAN I deal with via FC
<ppetraki> no more journaling disks, that memory region is your journal
<fallentree> it's not an either-or replacement for SAN, tho'
<ppetraki> SAN offers so much more than that right? LUNs etc, management plane
<ppetraki> depends on what you want
<fallentree> redundancy, replication, ... :)
<ppetraki> dedup
<fallentree> ugh, dedup
<Ussat> compression, encryption
<Ussat> (yes, we use those last 2)
<ppetraki> compression really doesn't matter that much
 * fallentree yawns and looks at ZFS :)
<ppetraki> only if you can do hot cold separation
<Ussat> ppetraki, we do, ok well the san guys do
<ppetraki> then you can do it on the backend during your garbage collection cycle
<Ussat> Like I said, I admit I am not a storeage guy so...
<ppetraki> encryption kills dedup but it's a use case that some people just have to have
<Ussat> HIPPA
<Ussat> we have to have it
<ppetraki> GOV
<Walex>  ppetraki: lots of people "save" a lot of money by buying "cold" storage systems and running "hot" workloads on them :-)
<ppetraki> yeah
<Ussat> yup
<Ussat> we dont encrypt and its HUGE fins etc
<Ussat> fines
<ppetraki> ZFS is about as good as you're going to get in the freeware world
<fallentree> seeing how memory dedup is so vulnerable and a big no-no, I kinda don't trust the hard storage dedup either.
<ppetraki> I've personally never used it but I know it works
<ppetraki> fallentree, dd if=/dev/zero bs=4096 count=1 | sha1sum -
<ppetraki> fallentree, don't look at the data, look at it's signature
<fallentree> what about it
<ppetraki> fallentree, if you see the same sig more than once, well you just deduped
<ppetraki> not hard
<ppetraki> not free either
<fallentree> what are you talking about?
<ppetraki> how do implement dedup :)
<fallentree> dedup of what? a stream of zeroes?
<ppetraki> what's a thinly provisioned disk?
<Ussat> ...
<ppetraki> a bunch of zero'd sectors
<ppetraki> that the system claims is available from here ... to there
<fallentree> actually, thin provisioning is not that...
<ppetraki> ohs?
<fallentree> yeah. it's not a bunch of zero'd sectors. it's virtual space based on pooled resources.
<ppetraki> it's a virtual range, but the how provision the backend is dependent on the system design.
<fallentree> at any rate, deduplication works by checksumming blocks and the referencing same blocks multiple times, if different consumers expect same data (checksum).
<ppetraki> some arrays will just ingest until they hit 80% unique data and claim they're full
<fallentree> I don't trust it at all, given how memory dedup is vulnerable to abuse and injection of data.
<ppetraki> this is on media
<ppetraki> this is memory, you told the array to write
<fallentree> essentially it's the same thing, with memory not being persistent
<ppetraki> and a barrier between the two
<ppetraki> so I don't see how you can create an vulnerability
<ppetraki> you told me to write X, I wrote it down, now what?
<fallentree> very simple. it's not different than having multiple hard links to the same file, in fact, it's almost the same thing but managed at the lower level than the FS
<ppetraki> I don't care about filesystems
<ppetraki> at all
<ppetraki> blocks
<ppetraki> are what I care about
<fallentree> ppetraki: there's a recent CCC presentation how memory deduped virtual servers can inject data into each other, with help of some vulnerabilities. I suggest you to check it out.
<fallentree> bottom line, race conditions and other specific cases can lead to problems with deduped blocks, so thanks, no thanks.
<ppetraki> fallentree, link? that would be interesting
<fallentree> ppetraki: https://www.youtube.com/watch?v=H9gM938H7qY
<ppetraki> fallentree, thanks
<fallentree> anyway, yes, blocks. like I said, it's the same thing like hard linked files, except it's managed BELOW the FS, ie. at block level.
<fallentree> ppetraki: oh, that's in german... I think this is the original   https://media.ccc.de/v/33c3-8022-memory_deduplication_the_curse_that_keeps_on_giving
<ppetraki> fallentree, I admit I am not a security guy, I have a friend whos a pen tester who freaks me out on a continual basis
<ppetraki> fallentree, yeah its an arms race, and we're always behind.
<patdk-lp> hardly an arms race
<mwhahaha> jamespage: coreycb: btw magnum is broken http://logs.openstack.org/44/467044/1/check/gate-puppet-magnum-puppet-beaker-rspec-ubuntu-xenial-nv/a17b9c8/console.html#_2017-05-23_07_23_39_954393
<patdk-lp> it's more like attempting to mouse proof a castle
<ppetraki> bluerisc is kinda interesting but it operates under the conditions of creating a new binary that has encrypted instructions interespersed. So it runs to the checkpoint and then that chunk of code is run on the offboard engine. If the binary is modified in any way, it traps. That's my understanding of it anyways.
<ppetraki> nasty side effect of exposing race conditions in your code that never existed before ;)
 * ppetraki is really away
<coreycb> mwhahaha: do you know if that was failing any other time since 5/12?  that's when 1.1.9 sqlalchemy went into -proposed.
<mwhahaha> coreycb: it used to pass. We're using updates though
<coreycb> oh you're using updates, ok.
<mwhahaha> coreycb: is seen that error before with rdo
<nacc> coreycb: wanted to check in with you on the django merge for 17.10
<nacc> blake_r: and iirc, you said for maas, you're ok with me uploading and you'll deal with the fallout for maas?
<coreycb> nacc: hey, you'll probably want to check with jamespage tomorrow and see if he ran with it.
<nacc> coreycb: thanks, will do
<Fieldy> ahh. nice fresh 16.04 lts server. glad i'm going this route rather than piddle with hacky upgrades
<Fieldy> can also take my time migrating. thanks for the input folks. and i'm doing certain things differently compared to last time. that's always nice
<compdoc> the Fieldy of dreams...
<blake_r> nacc: yes
<nacc> blake_r: thanks, i'll update the bug so i don't forget this time :)
<Capprentice> What triggers the detection of DMraid?
<nacc> Capprentice: i'd assume an appropriate signature on the device
<Capprentice> I dont want fake raid. The on board raid controller is selected as AHCI ans is disabled that way.
<Capprentice> nacc, What does the OS looks for?
<fallentree> Fieldy: welcome to zystem dee!
<nacc> Capprentice: i'm not sure what you mean?
<dpb1> what is fake raid? :)
<nacc> dpb1: usually it's the onboard raid controller :)
<nacc> dpb1: which is garbage non-raid but claiming to be raid
<dpb1> with out of date firmware to boot :)
<nacc> dpb1: right -- and at that point, swraid is better
<ahasenack> those fake raid bios remind me of the old software modem devices, remember those?
<patdk-lp> you mean current software modem devices?
<ahasenack> they still exist?
<patdk-lp> it's almost impossible to locate a real modem
<Fieldy> gives me a stupid human trick idea; VPS provider, create a "raw" disk device, then another, swraid them. compare performance with and without. would be funny if it was better (not likely)
<patdk-lp> the only real modem is ones that have a serial port on them
<ahasenack> I meant old because I thought they were not manufactured anymore (the software modem ones)
<patdk-lp> Fieldy, they are the same
<patdk-lp> fakeraid is software raid, but with a bios level boot helper
<Fieldy> hardware accel makes a big diff
<patdk-lp> ahasenack, I just bought 4 new ones
<patdk-lp> Fieldy, heh?
<Fieldy> linux sw raid is very impressive though
<ahasenack> fascinating, dial-up lives
<patdk-lp> linux sw raid and fakeraid are the same thing
<patdk-lp> if you install linux instead of windows
<patdk-lp> ahasenack, not dialup, fax :)
<patdk-lp> I use them for faxing
<ahasenack> even more fascinating :)
<Capprentice> nacc, I mean what should I disable or what should I do to make sure dmraid to be disabled.
<patdk-lp> Capprentice, it looks for a fakeraid signature on the disks, that is created by the bios being in raid mode
<patdk-lp> ahci doesn't mean you aren't in raid mode though
<Ussat> go in to the BIOS and turn it off
<patdk-lp> bios firmware naming for items is odd and inconsistant
<patdk-lp> my dells have sata, ahci, and raid options, but ahci and raid are the same thing
<sarnold> ahasenack: oh god I'd forgotten about those 'winmodems'. terrible things.
<Ussat> no, raid and ahci are not the same at all
<Capprentice> patdk-lp, I have a server which was booted without disabling the RAID controller. Installation failed to the disk for reasons I dont know. Later on when I installed 16.04 with the AHCI set (The option is either AHCI or RAID), I found that all of the disks contains raid signature.
<Capprentice> I have removed the signature by booting a live cd and creating a new msdos partition table on each of the disk except the one which had the OS installed.
<Ussat> Capprentice, yes, that is correct, because the fake raid put one on there
<Capprentice> When I finish clearing, after reboot the OS did not boot. I will do a clean install on it.
<Capprentice> How do I make sure no way RAID gets enabled?
<nacc> Ussat: i think patdk-lp meant they are the same as far as their BIOS is concerned (setting name)
<Ussat> Capprentice, have the raid setting off first
#ubuntu-server 2017-05-24
<uxfi> Hwo do I change the username of Ubuntu server?
<uxfi> To change username (it is probably best to do this without being logged in):
<uxfi> Hwo do I do that if I am logged in?
<sarnold> changing usernames is hard
<sarnold> far easier is to create a new user with the name, group memberships, etc., that you want
<uxfi> I get this message
<uxfi> usermod: user mitraj is currently used by process 1861
<uxfi> what do I do?
<bigjazzsound> uxfi: the user will have to not have any processes running to change the name
<uxfi> ah
<uxfi> bigjazzsound how do I do that?
<bigjazzsound> uxfi: you can do something like `ps aux | grep username`. Check the processes that are running under that user. The do `kill processid` to kill them off.
<uxfi> ok
<bigjazzsound> uxfi: some of the processes might be inadvisable to kill, which is why sarnold suggested to make a new user instead with the same permissions, groups, etc
<uxfi> right
<uxfi> like SSH
<bigjazzsound> Exactly
<uxfi> so I should make a new user i guess?
<uxfi> bigjazzsound  well actaully if I can change the name without needing to make a new user is htat possible?
<sarnold> the thing is it's more than just changing /etc/shadow /etc/passwd and their home directory -- you may need to modify mail spool names, crontab names, maybe atd names, etc
<bigjazzsound> uxfi: then you run into the issue with processes running under that user, no?
<sarnold> if you've set up any per-user access controls on databases then those too
<sarnold> etc
<uxfi> bigjazzsound  which isnt many
<uxfi> jsut ZNC
<uxfi> and systemd
<uxfi> bigjazzsound  ill make a new user
<bigjazzsound> Sorry I could not be of much help here
<uxfi> its ok bigjazzsound
<uxfi> i dont want ot lsoe ZNC settings but I can rengegerate them
<sarnold> you can of course move the data by hand..
<bigjazzsound> creating a new user and moving the stuff you need might not be a huge deal
<bigjazzsound> ^^
<uxfi> ah
<uxfi> I forget where it is stored hmm
<keithzg> Well, I must admit to being very confused. Migrated a very old conf to a new server, and I have postfix-pcre installed, but I'm still getting "warning: pcre:/etc/postfix/header_checks is unavailable. unsupported dictionary type: pcre"
<sarnold> keithzg: check output of dpkg -l '*pcre*' and make usre it makes sense
<keithzg> sarnold: only installed packages look to be libpcre3 and postfix-pcre
<uxfi> ok nwo i gave the temeproary account sudo access can I delete  the origianl one?
<sarnold> keithzg: then i'm out of ideas..
<uxfi> ok now i gave the temeproary account sudo access can I delete  the origianl one???
<sarnold> uxfi: (a) test the new account first (b) make sure you copied over -everything- from the original that you want to keep. if youv'e done that then go ahead.
<uxfi> I did sarnold  I think
<uxfi> I tested sudo su
<uxfi> I tested sudo apt-get update
<uxfi> seems to work
<uxfi> I dont have anything in the user folder sarnold the only important thign I ahve is ZNC settings
<uxfi> sarnold also myw ebsite stuff for some reason its not letting me access /var/www? is there a reason?
<uxfi> and also will I lose mysql install?
<sarnold> uxfi: what permissions did you set on /var/www? if you changed owner or set acls you may need to do that again
<sarnold> uxfi: and probably not lose mysql but if your useraccount had privileges within the mysql database that other users didn't have you may need to redo that too
<uxfi> I forget what permissions
<uxfi> sarnold but I made a copy of my /var/www anwyays
<uxfi> bash: cd: /var/www/: Permission denied
<sarnold> check with something like find /var/www -ls
<uxfi> hmmm
<uxfi> bash: /var/www/: Is a directory
<uxfi> sarnold
<uxfi> got any ideas?
<sarnold> uxfi: namei -l /var/www/htdocs
<uxfi> ah
<uxfi> mitraj owns that sarnold  the root user
<uxfi> the account im trying to delete
<uxfi> sarnold https://i.imgur.com/QoHJ4ln.png
<sarnold> uxfi: aha, then you'll want to chown /var/www and subdirs to the new user
<uxfi> ah
<uxfi> a1berto so log into the old account?
<uxfi> oops
<uxfi> sarnold  chown what? chown 770 or?
<sarnold> chown -R newmitraj /var/www
<sarnold> time ot make dinner :) have fun uxfi
<uxfi> ah
<uxfi> what is newmitraj vaishali ?
<uxfi> sarnold ?
<keithzg> sarnold: honestly the header checks are the smallest part of my postfix conf so I've just disabled that for now, heh. Frankly a bit astonished that this config, which was set up on a *Trustix* server until today, is even working! :D
<uxfi> am I doing this right?
<uxfi> what od I do to take contro of my directory when I make a new account?
<uxfi> ah nvm
<uxfi> got it
<uxfi> Question when I delete a account from  Ubuntu (the original admin account) and make a new account will I still get the default ifnormation when I log in (Packages need to be updateD) ?
<uxfi> Question when I delete a account from  Ubuntu (the original admin account) and make a new account will I still get the default ifnormation when I log in (Packages need to be updateD) ?
<uxfi> here we go
<cpaelzer> good morning
<uxfi> :D
<uxfi> wooo
<jamespage> mwhahaha: I've pushed 4.1.1 to updates, but I think that magnum problem might be related to the newer sqlalchemy
<jamespage> this is a bit of a problem for projects which are not following the main release cadence for Openstack
<blueking> dpkg: feil: dpkg-statusdatabase is locked by another process. / N: Fila Â«50unattended-upgrades.ucf-distÂ» in map Â«/etc/apt/apt.conf.d/Â» are ignored, because of not guilty file end. / E: Sub-process /usr/bin/dpkg returned an error code (2)
<blueking> what I do ?
<cpaelzer> blueking: it seems your message is shortened
<blueking> it was in norwegian had to translate
<cpaelzer> blueking: the message "not guilty file end" reads odd - but in general anything that is not .list in /etc/apt/apt.conf.d is ignored
<cpaelzer> ah fine then blueking
<cpaelzer> so the message tells you that this file is ignored - the ending "ucf-dist" suggests on which upgrade it was disabled
<blueking> yes
<cpaelzer> as upgrades usually invalidate old PPA/apt.conf setups they renae them
<cpaelzer> The other message about dpdk DB being locked is usually another process installing/updating something at the same time
<blueking> dpkg: fail/error: dpkg-statusdatabase is locked by another process
<cpaelzer> so if you in a console wrestled with packages, but the auto-updater triggered that might occur (not sure if it has collision detection in unattaneded upgrades)
<blueking> I did 14.04 -> 16.04 distro upgrade.. a few apt upgrades later, the last two I have had this dpkg error
<cpaelzer> so your real issue is the locking then, just to close the ucd-dist here a reference if you want more on that https://askubuntu.com/questions/829370/n-ignoring-file-50unattended-upgrades-ucf-dist-in-directory-etc-apt-apt-con
<cpaelzer> blueking: I think one can check and force to unlock - let me look if I find what I think I remember :-)
<blueking> I'll look into that :)  TY :)
<cpaelzer> blueking: for the locked dpkg it could be an aborted upgrade (aborted harder than ususal to cause this)
<cpaelzer> blueking: please follow this https://askubuntu.com/questions/219545/dpkg-error-dpkg-status-database-is-locked-by-another-process
<cpaelzer> blueking: and let us know if it helps
<blueking> hmm lock file empty ?
<blueking> ok I deleted lock file and that part gone
<blueking> about dpkg locked by another process
<blueking> ok error gone  deleted 50unattended-upgrades-ucf-dist
<cpaelzer> blueking: did you check if there was a process still holding it?
<blueking> yes was none process
<blueking> checked with lsof
<cpaelzer> ok good
<blueking> lock file was empty
<cpaelzer> blueking: now does a new update work now?
<blueking> yes
<cpaelzer> great
<blueking> good to have zero errors :)
<cpaelzer> "flott"
<blueking> norwegian ?
<cpaelzer> no trying to go intercultural with google translate, but I'd have got the meaning of "flott" in german as well :-)
<blueking> ah I see :)
<blueking> 'flott' not youth language :P
<cpaelzer> rbasak: if you are on SRUs today could you take a look on the reasoning why trusty isn't through unapproved on bug 1690730?
<ubottu> bug 1690730 in postgresql-9.6 (Ubuntu) "New upstream microreleases 9.3.17, 9.5.7 and 9.6.3" [High,Triaged] https://launchpad.net/bugs/1690730
<rbasak> cpaelzer: probably worth checking with bdmurray (not here right now).
<rbasak> cpaelzer: FWIW, in the SRU procedure as a deviation from the norm we mark "in unapproved" as In Progress and only Fix Committed once accepted.
<rbasak> cpaelzer: from https://wiki.ubuntu.com/StableReleaseUpdates#Procedure
<rbasak> cpaelzer: so perhaps he missed it for that reason?
<lordievader[m]> Good morning
<cpaelzer> rbasak: thanks I'll sned him a mail to avoid forgetting it
<teward> my apologies for not being at the meeting yesterday
<teward> rbasak: nacc: thoughts?  https://wiki.ubuntu.com/NGINX/ReleaseNotes/Artful  (this is the 'current working draft'
<teward> and i'm tired heh... *sips coffee*)
<rbasak> teward: looks good. Thanks!
<ahasenack> I have a systemd question, and it boils down to "how to disable a service from a package maintainer script (postinst)", considering that in debian/ubuntu by default if you install a service it will be started
<ahasenack> and here is the current example: samba's samba.postinst: http://pastebin.ubuntu.com/24644329/
<ahasenack> the service in question is samba-ad-dc.service
<ahasenack> it does a "ln -s /dev/null /etc/systemd/system/samba-ad-dc.service"
<ahasenack> and via echo asks the user/admin to ignore an error that will show later on
<ahasenack> is that the only way?
<ahasenack> the error you get is just on screen, exit status is zero: http://pastebin.ubuntu.com/24644378/
<Ussat> So....anyone here have experiance setting up 802.1x port secrity on a wired network ?
<teward> rbasak: you're welcome.  I wanted to write it *somewhere* so I just stuck it two levels underneath the NGINX page.  If we need to revise it, let me know, but if not we can use *that* as the release notes for Artful.
<teward> for the nginx subsection.
<teward> the full list of changes was *long* so I only grabbed a few of the pertinent points from the nginx blog post :P
<jge> hey all, I have a network share mounted to an NFS mount point in Ubuntu but when I try to rsync files within that share I get permission denied
<jge> even when I do sudo or use root user on the system
<jge> would that be an indication of how that network share is being mounted
<nacc> teward: will review today
<arunpyasi_> Hi all
<arunpyasi_> Can an ethernet connection be disconnected due to file download ?
<teward> arunpyasi_: if the router or a proxy sends a connection termination signal, possibly.
<teward> why?
<TafThorne> If the download uses all of the available capacity on any part of the end-to-end link a network device might have to drop it.
<TafThorne> As in it has to get a quart into a pint pot and your Ethernet connection might be part of the spillage.
<TafThorne> jge: You get a permssions result for some odd cases in network shares and exports.  Do you have permission to write within the export at all on both ends of the link?
<arunpyasi_> Hmm OK thanks !
<nacc> jamespage: around?
<jamespage>  nacc: yup
<nacc> jamespage: coreycb mentioned syncing up with you to see if you had a chance to test openstack with the django in my PPA for LP: #1605278 (1.11 based)
<ubottu> Launchpad bug 1605278 in python-django (Ubuntu Artful) "Merge python-django 1:1.11-1 from Debian unstable" [Wishlist,In progress] https://launchpad.net/bugs/1605278
<jamespage> nacc: I have not - but lemme check in horizon (which would be the main impact point)
<nacc> jamespage: thanks!
<jamespage> nacc: Django<1.9,>=1.8 # BSD
<jamespage> hmmm
<nacc> jamespage: hrm, prior test was with 1.10.3 and worked (per c#12 in the above bug)
<jamespage> nacc: I'll take a look and see
<jamespage> nacc: the whole of openstack pike b1 is backed up in proposed atm which makes things tricker
<nacc> jamespage: understood
<nacc> jamespage: if you can put it on your probably already busy plate, i'd appreciate it :)
<jamespage> nacc: gah - artful ain't to happy under lxd today...
<teward> jamespage: it's not?  was working decently for me yesterday.  *spins a new container*
<redvic> forgive me for asking this here since it might be off topic but can anybody recommend a web based open source accounting software for business that runs on ubuntu server or at least where i can find such info except google
<teward> jamespage: seems to work fine for me under an LXD container, what're you testing?
<teward> (under 'pure' LXD command line made by me)
<redvic>  forgive me for asking this here since it might be off topic but can anybody recommend a web based open source accounting software for business that runs on ubuntu server or at least where i can find such info except google
<ahasenack> redvic: sorry, have no idea
<redvic> thx
<sarnold> keithzg: _wow_, that's stability :) trustix all the way through to modern. impressive work from postfix team and your management efforts :D
<paxatron4034> Anyone here with corosync knowledge? I have questions on using postgresql with corosync/pacemaker.
<paxatron4034> \?
<sarnold> paxatron4034: you may get better results with a 'concrete' question
<mason> sarnold: Did you know that concrete was used as far back as ancient Rome?
<mason> FWIW: https://en.wikipedia.org/wiki/Roman_concrete
<sarnold> mason: crazy. I guess it makes sense that our accomplishments are built onthe knowledge and experience of previous generations but you just sort of assume that olden times were insanely primitive, right?
<paxatron4034> @sarnold well. I am running postgresql as a resource in corosync. and there is a monitor process that kicks off every few seconds to see if postgresql is alive (it runs a select now). My immediate conserning is that it is generating alot of logs in auth.log, and I am wondering of this is normal behavior https://pastebin.com/UnR3tBdi
<sarnold> paxatron4034: eww, i'm surprised they don't re-use a single long-lived process
<sarnold> paxatron4034: quite often 'large' deployments will shuttle logs to a centralized log server, reducing the impact of logging on disk IO on the individual servers
<paxatron4034> \r sarnold okay, but is this normal behavior for postgresql corosync resource?
<sarnold> paxatron4034: probably
<paxatron4034> sarnold: thanks
<sarnold> paxatron4034: itm ight be worth a report to the project to let them know the logspam is annoying :) maybe they'd be willing to re-do the test..
<sarnold> or maybe that's just the way their tests work out.
<henk717> Hello everyone, i updated the packages on my Ubunu Server 14.04 yesterday and now i am experiencing some of my cron.d jobs no longer running. Can someone help me diagnose this issue?
<nacc> henk717: are you able to determine which packages were updated?
<nacc> smoser: ping
<mason> nacc, henk717: Does 14.04 have /var/log/apt/history.log ?
<mason> That might help.
<nacc> mason: yeah, i believe it should
<mason> Ah, looks like it should be.
<nacc> mason: if not the dpkg log would
<henk717> It was a huge list, the server was quite behind on updates
<henk717> Another server of mine runs on 16.04 with slightly newer packages and has no issues
<henk717> The cron jobs can run if i run them by hand
<henk717> They do not get automatically executed
<nacc> henk717: do you have an example cron entry that fails?
<nacc> henk717: also, do you get an e-mail about any errors
<henk717> Yes, i do it seems to be one entire file. No errors are present in the logs as far as i have seen.
<nacc> henk717: well, it often won't be logged, but if there was an error, I believe root (or the configured user for cron mails) will receive one locally
<nacc> henk717: but it soudns like, it's not failing, it's just not even running?
<nacc> henk717: which file?
<henk717> It looks like it is not even running indeed, cron runs though and some other cron jobs did ran
<henk717> File is /etc/cron.d/overwatch which contents i am currently posting on pastebin for you to see
<henk717> https://pastebin.com/GUE1704S
<nacc> um, i don't think you can have users in the crontab like that
<henk717> It always worked
<henk717> The same file runs perfectly on a 16.04 machine
<nacc> only /etc/crontab (I believe) supports that format (per `man 5 crontab`
<henk717> It would be quite specific if the lower version handles this fine and the higher version handles it fine
<smoser> nacc, here.
<teward> nacc: the system /etc/crontab can have user definitions
<teward> user level crontabs can't
<teward> and user level crontabs are *usually* how you do things
<nacc> smoser: hey, wanted to bounce something off you about the git tooling, if you have a minute for a HO?
<nacc> teward: right, what i said -- but is /etc/cron.d/* a 'system' crontab?
<henk717> In my experience it has been
<smoser> sure
<teward> nacc: yes.
<nacc> henk717: ah ok, it is considered the same, sorry
<henk717> nacc: No problem, i apprechiate you thinking along
<henk717> Fact remains its a proven cron setup prior to the update which runs on a newer cron version as well
<teward> nacc: http://paste.ubuntu.com/24647476/ <- example, from mdadm's automatic crontab it installs
<nacc> teward: yep, i'm seeing that now
<henk717> What makes the issue more difficult is that there is no error anywhere to be seen, and i can run any of the scripts manually without any failure
<nacc> henk717: i'm not sure how to debug it. I would start with adding a new crontab at the same level, with a test cronjob and see if it triggers. Then start adding lines from the non-working to the test one and see when/if it breaks
<henk717> nacc: Currently planning to upgrade to 16.04 if there isn't to much risk involved
<nacc> smoser: re: LP: #1569925, I think one of the two iscsi services is supposed to kill all sessions on shutdown
<ubottu> Launchpad bug 1569925 in systemd (Ubuntu) "Shutdown hang on 16.04 with iscsi targets" [High,Confirmed] https://launchpad.net/bugs/1569925
<nacc> smoser: so if that's not happening, probably that's what needs debugging
<keithzg> sarnold: Yeah, Trustix to Ubuntu 16.04; I'm even more impressed now with the Postfix folks than I already was!
<sarnold> :D
<henk717> Got good news and i got bad news, the upgrade to 16.04 was succesfull. Bad news is cron is still doing the same thing.
<nacc> henk717: seems highlgy likely , if there is an identically configured server somewhere else at the same rev, that something else is going on :)
<henk717> Got more good news
<henk717> 16.04's cron dumps errors
<henk717> The newer versions didn't like the fact the reboot line had no user specified
<henk717> Its all fixed now :D
<nacc> henk717: probably that was required on 14.04 too
<nacc> ?
<henk717> On the new cron, yes totally
<henk717> But it threw no error
<henk717> On the old cron the line likely just got ignored
<nacc> right, i'm saying that there is probably an improvement to be made to the error handling, but that might be why they weren't running
<nacc> the crontab failed to parse
<henk717> The improvement is already made apparently, its just not in the 14.04 version since its out of support
<nacc> henk717: hrm? 14.04 is still supported
<nacc> henk717: perhaps file a bug, or see if one already exist
<keithzg> Hmm, trying to set up a UEFI-capable PXE boot largely via https://wiki.ubuntu.com/UEFI/PXE-netboot-install, but on the (very new and high end!) PC I'm trying it on I'm getting the Intel Boot Agent throwing a fit, complaining "PXE-E79: NBP is too big to fit in free base memory" before it can even load the Grub menu.
<keithzg> Any easy way to chainload into Grub for that?
#ubuntu-server 2017-05-25
<keithzg> Well, still curious, but I found the fifth area where netboot settings lay in the motherboard firmware and seem to have convinced it to indeed use UEFI; failure apparently was due to attempting Legacy booting only over the network boot.
<smoser> nacc, iscsi is fun!
<smoser> interestingly, though, we do not see these issues in vmtest
<smoser> and we do push through non-root iscsi
<smoser> and in maas every day usage (in maas images) we push through iscsi root
<smoser> but both of those cases have cloud-init in them which could be pushing a different shutdown order.
<smoser> powersj, if your'e still arond
<smoser> i think that centos6 migith be as easy as
<smoser> https://code.launchpad.net/~smoser/cloud-init/+git/cloud-init/+merge/324585
<smoser> fudge
<teward> who's got Samba on their desk, from the Security team perspective?
<teward> Server Team*
<teward> if anyone
<rbasak> ahasenack has been looking at it recently I think? ^
<ahasenack> indeed
<ahasenack> what's up?
<rbasak> samba is a weird package though. Many samba issues are from a desktop, not server perspective. It sort of sits between multiple teams.
<teward> ahasenack: just wanted to make sure CVE-2017-7494 was on the radar, and that a fix was included.
<teward> rbasak: true, but in *this* case I'm fairly certain the RCE affects server-side Samba so...
<ahasenack> teward: https://www.ubuntu.com/usn/usn-3296-1/
<teward> ahasenack: not listed for Artful
<teward> the question is Artful because https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7494.html showed on my radar on Ask Ubuntu
<ahasenack> teward: correct
<teward> just tryin to see if 17.10 is still vulnerable so I can edit the answer on Ask Ubuntu accordingly heh
<ahasenack> usns are not issued for in-development ubuntu releases,
<rbasak> Looks like it's stuck in proposed
<ahasenack> artful has 4.5.8+dfsg-0ubuntu0.17.04.1 still
<ahasenack> rbasak: I've noticed this lagging with other packages too
<rbasak> There's a dep8 failure holding it in proposed
<rbasak> Could be an unstable test. I'll give it another retry.
<ahasenack> rbasak: mysql-server-5.7 is also stuck in artful's proposed
<ahasenack> all other released distros have .18, artful has .17
<rbasak> Yeah due to a diaspora-installer problem. Someone on the release team might be willing to allow that one through, but I can't do it :-/
 * rbasak asked in #ubuntu-devel earlier
<ahasenack> it's been like that since may 15th at least, when I first asked :)
 * rbasak asks again
<ahasenack> teward: what was the askubuntu question?
<rbasak> dep8 passed this time. Hopefully it'll migrate on the next publisher run.
<ahasenack> nice
<ahasenack> geez, another samba failed-to-install-upgrade apport bug
<ahasenack> it's always the same, restart failed for some reason
<ahasenack> but systemd doesn't provide any logs by default
<ahasenack> is there a way to have apport include /var/log/samba/log* in these reports? I see it includes other samba bits
<fallentree> ahasenack: makes you wanna cry, amirite?   /zing
<ahasenack> heh
<teward> ahasenack: https://askubuntu.com/questions/918776/re-latest-bug-when-will-ubuntu-be-updating-samba-v4-3-11
<teward> sorry my commute to work took so long :P
<ahasenack> :)
<rbasak> FWIW, samba has migrated to the artful release pocket now.
<paxatron4034> anyone here have experience with corosync?
<Ussat> you know untill the update there is a REAL simple fix
<Ussat> just add nt pipe support = no to smb.conf
<Ussat> restart samba, done
<daveomcd> I'm fairly new to managing an ubuntu server.  I use my to host a rails app.  I've not installed security & non-security updates in some time.  I was going to go about doing that, but wasn't sure if there are some best practices or things I should consider before just running "sudo apt-get update && sudo apt-get upgrade" after taking a snapshot of the server in case something goes wrong with the updates?
<jushur> daveomcd: make a backup before?
<tomreyn> daveomcd: as long as you don't make use of third party apt sources / packages or non-packaged software, only installing patches (which is what the commands you typed above would do), update issues are *really* rare.
<jonfatino> Does anyone have an updated guide to load ubuntu 16.04 from pxe without using nfs. The issue here is squashfs and how to load it. I am ok with putting it inside initrd but need some help.
<jonfatino> https://ubuntuforums.org/showthread.php?t=2074035
#ubuntu-server 2017-05-26
<Pwnna> i'm trying to use lxc and i set a lxc.rootfs = overlayfs:.....:.... but when i try to start the container it says file not found?
<lordievader[m]> Good morning
<DK2> can i install the e1000e  3.3.5.3 driver on a 3.16 kernel verison?
<DK2> im seeing errors in dmesg: e1000 0000:00:05.0 eth0: Detected Tx Unit Hang
<DK2> the e1000 driver is version version:        2.3.2-k
<DK2> 5344 6625464 mms what is the "mms" process? its causing alot of ram usage it semes
<TafThorne> good morning
<lordievader[m]> o/
<Pha4drus> Am I correct to assume Samba CVE-2017-7494 has been patched in 4.3.11+dfsg-0ubuntu0.16.04.7?
<Pha4drus> Reason for asking: https://www.samba.org/samba/security/CVE-2017-7494.html seems to address slightly different things than https://www.ubuntu.com/usn/usn-3296-1/ and https://www.ubuntu.com/usn/usn-3296-2/
<Munt> Hey folks, where is the best place for a nooby to ask questions bout setting up a linode ?
<Pha4drus> Hey Munt. It's pretty quiet here right now. But this seems to be the right place
<Pha4drus> What's your question?
<Munt> I've got so many right now that my heads swimming a little.  I'm gonna have to sit and actually figure that out :p
<Pha4drus> good luck :)
<Munt> thank you Pha4drus
<Munt> When going through their securing your server page they suggest adding a limited user account.  https://www.linode.com/docs/security/securing-your-server#add-a-limited-user-account       When I did this before I found myself having to jump through a lot of hoops in order to upload to the apache www directory (it wants the files as root and i'm uploading them as new-limited-user)   So I had to upload them as new-limited-user and
<Munt>  then via ssh chmod all the files in the directory to root.   I'm doing it wrong I can tell :p   What's the standard way to upload a website usinga limited user account ?
<patdk-lap> it does NOT want the files as root
<Munt> patdk-lap  :  That's good to know.  I've had problems in the past of the webserver not being able to access the files and having to mess with the ownership
<patdk-lap> well you have to give the webserver permission to access it
<patdk-lap> that has nothing to do with ownership
<Munt> ok, I'll go do some testing and get back to you with some more sanity-checked questions :D
<Pha4drus> Munt, webserver group is www-data
<Pha4drus> I mean, webserver apache writes and reads as user www-data
<Munt> I've /encountered/ this before.   Does that mean I have to manually change the owner to www-data after every upload ?
<jonfatino> Hello I am trying to build a pxe boot ubuntu desktop livecd. The issue here is where do I specify squashfs. I do *NOT* want to use a nfs server as the root for livecd
<jonfatino> I have reach 100 different web pages and it seems like you can place squashfs inside your initrd. Does anyone here know how to do that?
<Pha4drus> Munt, there is a way to have SSH write files forcing a default group other than your own. I'll be back in a bit with the details
<soahccc> I have a full disk but no file or directory that even get's close to the disk size... What can that be? I tried to locate it with du command but there is nothing big enough :( I'm confused
<zioproto> coreycb: I am having some trouble rebuilding horizon with the xstatic stuff. I am working on stable/newton. Did something change from usual ?
<zioproto> the problem is
<Munt> Thanks Pha4drus.  I'm currently locked in a cycle of setting up the server , wrecking it and re-imaging it >,<
<zioproto> I do the collect static and compress steps
<zioproto> but I never get the right css files in place
<zioproto> I end up with horizon that points to css files that dont exist
<Pha4drus> Munt: https://stackoverflow.com/questions/3106005/how-to-set-default-group-permissions-for-sftp-uploads
<Pha4drus> Scroll down a bit to the short post
<Munt> Sweet, thanks a lot sir!
<coreycb> zioproto: nothing has changed that i know of. for stable releases I don't regenerate xstatic files.
<zioproto> so you dont do ./debian/rules refresh-xstatic
<soahccc> The only thing that du cannot access are /proc/<number>/task directories but can they eat 200GB?
<coreycb> zioproto: not for stable releases
<zioproto> talking about git://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/horizon
<zioproto> anyway if I do
<zioproto> ./debian/rules refresh-xstatic
<zioproto> in git status
<zioproto> It looks like nothing has really changed
<zioproto> or there are hidden changes in .gitignore ?
<zioproto> sorry my question made no sense
<zioproto> I mean, how do I get the original horizon_10.0.3.orig-xstatic.tar.gz to build horizon then ?
<zioproto> in the pristine-tar branch I dont have this
<coreycb> zioproto: you can pull it from https://launchpad.net/ubuntu/+source/horizon and rename it
<zioproto> ok, lets try this
<zioproto> if this work, we shoud document it for who tries to rebuild the stable release
<zioproto> coreycb: it works, hold on, I tell you what I did
<zioproto> coreycb: https://github.com/zioproto/ubuntu-cloud-archive-vagrant-vm/blob/newton/Readme.md
<zioproto> looks at the section Special case of building Horizon
<zioproto> coreycb: basically the Readme says to generate the orig-xstatic.tar.gz
<zioproto> I have always done like that in the past
<zioproto> and then you end up with horizon without CSS
<coreycb> zioproto: ok i updated https://wiki.ubuntu.com/OpenStack/CorePackages as well
<zioproto> thanks
<nacc> ahasenack: nice work on the samba backlog :)
<ahasenack> nacc: still ongoing :)
<adrian_1908> hello, on my 16.10 Desktop I have the file `/lib/systemd/system/php7.0-fpm.service` that contains data. I cannot find such a file on my 16.04 cloud image (also running PHP7-fpm), any idea where it would be?
<adrian_1908> I have an empty one at `/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/php7.0-fpm.service` but that's probably not serving the same role.
<adrian_1908> Ah silly me, I had temporarily disabled the php service and that removed the file apparently, problem solved :)
<Munt> hey folks I have my url pointing to my linode server, it loads /var/www/ , when trying to use webmin to set the virtual server I get the error "Failed to create virtual server : 'thedomainname.site' is not a valid address"
<Munt> any ideas what I'm doing wrong ?
<Poster> there's not really enough there to troubleshoot with, can you post a screenshot of the window you're seeing?
<Munt> Poster : http://picpaste.com/pics/yUuZhYzA.1495820076.png http://picpaste.com/pics/MXMAhRf0.1495820108.png
<sarnold> Munt: please be careful with webmin and similar tools; they're one of the top vectors for remote breakins; firewall the thing to listen to only a few IPs if you must use it.
<Munt> oh! ... I guess I'm feeling a little overwhelmed as I cannot get my server operational.  Currently formatting the VM and trying again. This time I'll omit the webmin
<sarnold> I like that better :) it may be more work to get going initially but in the long run you'll get more done without it
<genii> sarnold: Is zentyal or whatever the recommended choice these days?
<sarnold> genii: I think I've heard good things about that from channel regulars but I've never read the code..
 * genii makes more coffee
<adrian_1908> On Ubuntu, PHP7 appears to just use symlinks to enable modules, i.e. the `extension=module.so` lines are included into `php.ini` by importing `conf.d/*` right?
<nacc> adrian_1908: php cli? apache?
<adrian_1908> nacc: php cli/fpm. I saw instructions to uncomment `;extension=module.so` on a CMS website, but it seems that isn't how it's done in modern PHP anymore.
<adrian_1908> Just wanted to make sure I understand right what I see. There's a conf.d/ folder full of symlinks that point to a `mods-available/` directory where each module has a file containing the line to include/load the module.
<nacc> adrian_1908: yeah, there's phpenmod/phpdismod to wrap that
<adrian_1908> neat, i'll readup on those commands, thanks.
<nacc> adrian_1908: np
<nacc> adrian_1908: sorry for being slow to respond/terse -- nearing EOD/EOW
<adrian_1908> all good man, have a good weekend.
<nacc> adrian_1908: you too
#ubuntu-server 2017-05-27
<CuChulaind> Hey all. Doing an Ubuntu server install on a used HP Z600 with 3 500GB drives. It shows one as only having 115 MB when I get to the RAID config
<CuChulaind> booting into a liveUSB that particular drive won't let me delete the partition, or deactivate it with gparted
<CuChulaind> What must I do to get this drive emptied?
<CuChulaind> It shows sdb as only 115MB available
<CuChulaind> sda and sdc are just fine
<sarnold> are you sure that's not an on-board usb thing for lights-out or similar?
<sarnold> does dmesg show that it's the right make/model/etc?
<CuChulaind> CuChulaind, figured it out, it was an old LVM, removed the LVM, now all is good
<sarnold> yay
<CuChulaind> sarnold, This is my 1st attempt at a RAID, I have 3 500 GB drives. I believe I would like to run RAID 5
<CuChulaind> This machine is only for me to play on, run some VM's, would RAID 5 be the way to go?
<sarnold> CuChulaind: have you heard about zfs? :)
<CuChulaind> no
<sarnold> CuChulaind: zfs fixes the raid5 write hole, has transparent compression, transparent checksumming, snapshots, and is helping return unicorns to their native lands :)
<CuChulaind> hahah
<sarnold> CuChulaind: I'm a big fan of zfs; give this series of blog posts a quick skim to see i fyou're interested https://pthree.org/2012/12/04/zfs-administration-part-i-vdevs/
<CuChulaind> THis is my play around machine, I'm up for learning and trying anything
<sarnold> excellent :D
<sarnold> it's still a fair amount of work to make zfs be a root filesystem; depending upon what you want the machine to do and how many more drives you have, this may or may not work great
<sarnold> (in case you're curious it's at https://github.com/zfsonlinux/zfs/wiki/Ubuntu-16.04-Root-on-ZFS -- but I didn't use zfs as root on my own system yet, because it looks just that bit too annoying still.)
<CuChulaind> This will be my first RAID, should I start there with traditional first? This machine is quite old, got it cheap
<CuChulaind> and no separate RAID controller FWIW
<sarnold> I much prefer the zfs user interface over the mdadm interface
<sarnold> the seperation of zpool commands to work on disks and zfs commands to work on datasets makes sense to me
<CuChulaind> gotcha
<sarnold> many people have poor opinions on raid controllers; most of the zfs crowd would rather get a much simpler and cheaper HBA instead of a raid card
<sarnold> if the raid card dies you're in trouble; I've heard people say they were never able to put their drives back together again if the card dies
<CuChulaind> IC
<CuChulaind> From the quick read, looks like I install server then install and set up zfs?
<sarnold> yeah
<sarnold> so if you don't have a drive that's in a good position to be the OS drive, then maybe mdadm is the easier/better bet. but I really like zfs and wanted to make sure you knew about it as an option :)
<CuChulaind> what do you mean by having a drive that's in a good position?
<sarnold> either a fourth drive or a usb stick to boot to, or pxe boot, or something similar.
<CuChulaind> OK. I have server on a liveUSB, however it looks like I can't run it live, just have the install and check options
<CuChulaind> CuChulaind, Are you saying to always boot to the liveUSB, and my other 3 zfs drives are all storage
<sarnold> CuChulaind: yeah that's an option -- the SmartOS operating system is designed around this very idea ;)
<sarnold> ubuntu isn't so it probably wouldn't be as pleasant.
<CuChulaind> Other than setting it up, it looks easy to set up :-). The tutes point out just list the devices /dev/sda /dev/sdb /dev/sdc however the don't show a number like /dev/sda3 since 1 and 2 are OS
<CuChulaind> if not using a liveUSB etc
<sarnold> it's usual in zfs land to give the entire drives to zfs. if you're going to stick OS on one partition and data on another, then you'd had to adapt a bit
<CuChulaind> so use 1 drive for OS, and use the other 2 for zfs?
<sarnold> yeah you could do that
<CuChulaind> and the OS of course could be 200GB or so
<sarnold> or less, yeah
<sarnold> for my big machine the OS is on 120 gig ssds (mdadm mirror; I hope they never break because Ihave no idea how to use it :) and the data is on nine spinning metal disks
<CuChulaind> wiw
<CuChulaind> wow
<sarnold> it's a ton of fun to see all those lights blinking when it's mirroring the ubuntu archives or running a scrub
<CuChulaind> sarnold, with traditional RAID does it work the same way on install, you partition a drive for /  /boot and /home, then tell it to RAID?
<CuChulaind> the other drives?
<sarnold> CuChulaind: you could also configure mdadm to set up a raid5 of the drives and -then- create the filesystems on the raid device
<CuChulaind> does on not typically include the OS in RAID
<sarnold> normally you would, yes
<CuChulaind> *does one
<CuChulaind> ok
<sarnold> ubuntu may some day support installing with zfs as root, but it takes work to do it..
<sarnold> I think it'll be really nice to have snapshots integrated with apt-get at that point
<sarnold> I can dream :)
<sarnold> time to run, have fun CuChulaind
<CuChulaind> I agree, I believe I will try the RAID 5 for a bit lots of documentation for ubunut, and then read up on zfs
<CuChulaind> Always looking to learn and stay curent
<CuChulaind> Or maybe not, the ubuntu server RAID instructions are not working, it says to manually partition the first drive, when I try that and say yes, doesn't allow me to set up the ize
<CuChulaind> the inst say to set up the swap on all 3, then another partition as the rest of the drive on all 3 and make bootable, after that go into the RAID config
<Lownin> That's weird. On a brand new install of 16.04, sync-accounts results in "Can't use 'defined(@array)' (Maybe you should just omit the defined()?) at /usr/bin/sync-accounts line 67."
<Munt> I copied my private key from one computer to use on another to access my ubuntu server via ssh.  However on the other computer (the one that did not generate the pair originally) I get "Bad passphrase, try again" despite the password definitely being correct (i have repeated the process several times). I created the duplicate private key by creating a new file and pasting the contents of the key to be copied into it and chmod
<Munt>  to 600 on the secondary computer.  Any ideas where I'm blundering ?
<Munt> ahh .. it was the public key, sorry for the ignorance >,<  That's a result of staying up all night I swear :D
<Munt> Is it normal to be able to connect to SSH via any of the domain names I've set up with Apache/linodeManager?  Is there a way to stop this ?
<Munt> Is it because of the DNS records I set up at my domain name provider ?   www, @, * ?
<ikonia> Munt: ssh has nothing to do with apache
<Munt> that makes sense, I was just confused as to why it seemingly randomly selected one of the domains pointed at the server to connect to when I specified the ssh connection by ip address
<ikonia> randomly selected one of the domains ?
<ikonia> what selected a domain ?
<Munt> i connected like ssh user@122.123.123.123 and my firewall asked me to allow a connection to oneofmydomains.com:22
<ikonia> that will be because of your reverse dns map
<Munt> on my local machine ?
<ikonia> on whatever is the dns resolver for your host
<Munt> I used the "DNS Manager" on my linode account to set up a few domains.  I unfortunately don't understand what a dns resolver is at this moment
<ikonia> thats fine, I wouldn't worry about it then
<Munt> ikonia : Thanks for your time, I'll worry about something else :p
<ikonia> a wise move, I assure you, you've not got a problem though, so don't get hung up on it
<Munt> I know enough to know how badly wrong things can go, but not enough to prevent that :D
<Munt> Do you guys know of a noob friendly incremental backup system for a headless ubuntu server install ? currently this is my backup protocol https://hastebin.com/ipikaxuxaq.pl
<Munt> (tar archive)
<Munt> I seen a youtube video where people had ButterFS and some opensource software that allowed complete tracking of all changes to the system and rollbacks on all modifications.  I cant see m to find it again though (and i'm not using butterfs)
<ikonia> Munt: what sort of thing are you looking to back up ?
<Munt> I'm 'messing' with my ubuntu install (learning) so I want to be able to roll the system back to a pre-messed with state
<ikonia> what sort of thing ?
<Munt> ikonia  : everything
<Munt> I'd like to be able to take the backup and use it to image the server with if necessary
<Munt> image is a strong word.
<ikonia> it's not really realistic to work that way
<ikonia> (hence why I'm asking your goal)
<patdk-lap> sounds like you want lvm snapshots
<patdk-lap> or zfs if you went through the trouble of setting up a zpool
<ikonia> I don't think it's something someone who is learning needs/wants
<ikonia> a simple backup of things you change before you do them would do
<ikonia> and a backup of core config files, so if you need to re-install you can just drop them back in place
<Munt> so, it's not easily achieved for someone of my skill level to have incremental backups of a ubuntu install ?
<ikonia> thats not what I said
<Munt> appologies, <removes words from ikonia's mouth>
<patdk-lap> lvm snapshots are really simple, zfs snapshots even more so, just setting up zfs on ubuntu isn't
<ikonia> if you want to actually have a hard rollback, you can use tools like clonezilla to make an image restore before you make major changes
<patdk-lap> and the installer will setup lvm for you, so no setup needed
<patdk-lap> just make snapshot and restore snapshots
<ikonia> as he's not running zfs and he's already installed probably not using lvm...means he'll need to re-install
<Munt> Currently I;, runnign off an image supplied by linode Ubuntu 16
<patdk-lap> oh, then your super limited to whatever linode supports
<ikonia> Munt: make a backup directly, and just backup core config files (not the whole root file system as you are doing now)
<ikonia> config files are just text so compressed they will take up almost zero space
<ikonia> so you can take a lot of regular backups without thinking
<Munt> ahh, nice.  is there a way to "patch" a fresh linode re-image with the core config files ?
<ikonia> what ?
<Munt> which files am i backing up that should not be ?
<ikonia> so if you change a file...back it up before you change it
<ikonia> it's a simple model
<Munt> I want to protect myself from myself.  I have wiped out several drives before >,<
<ikonia> right, so backup the config files (and use a remote location if you want to be super sure) before you make changes
<Munt> so the var and etc folders ?
<ikonia> no
<ikonia> the config FILES you change
<Munt> say I run a stupid rm command, i want to be able to recover from that.  Going by what you say, maybe a weekly clonezilla coupled with backups of each file that is changed ?
<ikonia> you won't be able to use clonezilla
<ikonia> as you're running in a linode vps
<Munt> ok
<ikonia> you won't really be able to use your current backup technique either really
<Munt> how come ? (and thanks for indulging my curiosity <3)
<ikonia> you're just taking a whole backup of the whole root file system
<ikonia> if you do a "dumb" rm command, either the backup image won't be there to recover from, or you'll have removed the tools/libraries needed to actually interact with the backup
<Munt> I was thinking I could set up a fresh install and extract the tar on top of that
<ikonia> that seems far more effort than it needs to be
<Munt> if i have the backup on a local machine that is
<Munt> ikonia  : I'd love an easier way :p
<ikonia> why don't you just backup the config files you actually want/need
<ikonia> and then either a.) roll back and changes you do b.) re-install and re-place the config file with the backups
<ikonia> a few text files compressed you could do every few hours with zero problem rather than the whole root file system
<Munt> So I would have to create a file list of files that I change in order for them to be cron backed up hourly ?
<ikonia> thats one way,
<Munt> how were you thinking ?
<ikonia> whatever works best for you relly
<ikonia> really
<Munt> at home I just image my drive and re-image it when i break it
<ikonia> right, you're not at home
<ikonia> so you need to change your approach
<Munt> I'm fishing for an approach at the moment
<ikonia> I've just told you a simple one
<ikonia> there are many more
<Munt> Your suggestion is to manually backup each file that is changed ?
<ikonia> automate your key files and/or backup the files you change before you change them
<Munt> Iwas lookin at tools such as rsnapshot and backintime
<Munt> but they seem just out of reach of me at this moment
<ikonia> you can use them, I think it's more likely that you'll end up not being able to use them
<ikonia> (in a real world situation)
<Munt> say someone hacks my server and i need to restore it to a known good configuration.  What would I do?
<ikonia> you don't
<ikonia> you destroy the server
<Munt> after I destroy the server and I want to reinstate all my config and packages what do i do ?  Is there a package list and cofig restoration technique ?
<ikonia> you dno't
<ikonia> you rebuild the server from the ground up, you don't use the backups
<Munt> why ?
<ikonia> because how do you know you're not putting back the exploit that allowed people in
<ikonia> how do you know the backups can be trusted
<Munt> My main objective is to avoid having to rebuild the server from scratch
<Munt> (i've done it 4 times in the past 2 days)
<ikonia> why ?
<ikonia> how have you got into that situation
<Munt> learning and causing problems
<ikonia> how specifically though
<ikonia> most situations you should be able to recover from without a rebuild
<Munt> Often like : I have a problem that I don't fully understand.  -- Follow 30 guides on the internet that dont work -- then I dont want to have a system with the 50 changes i made in frustration
<ikonia> ok, so stop doing that then
<ikonia> thats a user problem
<Munt> a rollback would make my learning much easier
<ikonia> no, learning how to fix the situation and being aware of what you're doing before you do it will make it an easier and better learning process
<Munt> indeed.
<ikonia> blindly following guides you don't understand is the worst thing you can do
<ikonia> more so when so many people write bad/ill informed/works for me based guides
<patdk-lap>  "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.
<Munt> There's only so many hours in the day.  I am a novice.  I'm learning many things.  A rollback solves my problem.
<ikonia> learning how to do it right solves you rproblem
<Munt> Mistakes happen
<Munt> People learn in different ways.  Failure is a popular learning tool
<patdk-lap> you just stated a lack of hours per day though
<patdk-lap> mistakes is the slowest learning method available
<ikonia> but you're not learning failure
<ikonia> you're looking for a way to cheat failure
<Munt> What's so bad about that ?
<ikonia> carry on then
<ikonia> I've no interest in supporting such a bad approach
<Munt> ok
<Munt> I find it hard to believe that i'm the only person wanting a rollback of their ubuntu system
<ikonia> you're not
<ikonia> I roll back my development systems quite often, more so for differential comparision
<Munt> Seems weird that you should focus on criticising my learning techniques.  I have been putting in many hours into understanding this stuff.  The rabbit hole is very deep however.  i often make mistakes, simply not making mistakes is unrealistic.
<ikonia> it is not weird as you are creating the problems
<ikonia> with a minor adjustment and proper approach you'd minimse those problems and when you did have a problem learning more fixing it
<ikonia> it sensible to focus on the real problem rather than look at a shortcut for a fix
<ikonia> and the problem is your approach
<Munt> ikonia : that's easier to say than to do
<ikonia> not really
<ikonia> it's up to you
<Munt> I'm all ears.
<Munt> What's this approach you speak of ?
<ikonia> I've already explained your problem
<ikonia> so it seems attention to detail would also help
<Munt> To me it seems equivalent to someone saying " You dont need to use version control just be better and more careful"
<ikonia> it's nothing like that
<Munt> How does what your telling me differ from that statement?
<ikonia> no-one said you don't need backups
<ikonia> and they are totally different senarios
<Munt> Seems that me admitting to resorting to tutorials when I reach the limits of my knowledge has invalidated my need for a restorable system backup ?
<ikonia> nope
<Munt> Ok, then you are so aggrieved by my attempts at learning ubuntu server that you refuse to help me further ?  Whatever the case thanks for the time so far.
<ikonia> I'm nor aggrieved, I don't believe the way you are trying to learn is a good way, and I think you're trying to shortcut, as a result thats not something I want to support
<Munt> I think you have a limited mental model of how i'm trying to learn
<ikonia> nope
<Munt> I would like you to assume it's more nuanced than the few sentences i've uttered so far.
<ikonia> I think I should probably just let you get on with it
<Munt> no worries.  I'm just a little shook up by your tone.  But that's neither here nor there. have a nice day.
<ikonia> my tone ? I've been nothing but polite
<ikonia> and shook up....really ?
 * Munt leaves it be
<ikonia> if someone backing away from supporting your efforts because they don't agree with your approach "shakes you up" you'll have a hard time
<Munt> I also have been polite and respect that you can choose to help me or not for any reason that you see fit.
<ikonia> right, i've not suggested you've not been polite
<fallentree> Munt: partially reading the backscroll, and keeping in mind that ikonia's advice not to take shortcuts, I suggest you get ackquainted with Ansible or something similar and build yourself a config management so you can rebuild from scratch with a single command. Yeah, even if it's a single server.
<Munt> fallentree : Thanks for the suggestion, I'm reading about it now ... this is a paid solution? I agree with and appreciate the things  ikoni_a suggested other than his contempt for my 'approach'.  Right now I have tarballs and a log(notepad) of all file changes and command so far run on the server, and while that is probably good enough. To save time a complete restoration solution is very handy.
<fallentree> Ansible is fully free and open source config management software.
<fallentree> there are commercial solutions based on it, yeah, but those are additional value services.
<Munt> Ahh, I was getting confused by the Tower product. I'll get reading here, it looks like it could be what I'm after.
<Munt> fallentree : I was looking into bacula also
<fallentree> never used it. these days rsync over ssh and lately zfs snapshots are my cup of data backup coffe.
<Munt> haha, I'm glad it floats your linux mothership
<Munt> I use a front end for rsync (perhaps I'm selling it short) called carbon copy cloner.  Which is what I've been search for an analogue of in the headless ubuntu world
<Munt> s/search/searching
<fallentree> why do you need a front end for the server? You just run it, or put it in a script. It has nice options for inclusion/exclusion of paths, so it's scriptable and thus configurable with ansible.
<Munt> Sorry, I meant I used CCC on a Mac Desktop computer to backup data and restore volumes.
<fallentree> note that I do agree with ikonia, you should back up only data you cannot re-generate, everything else should rely on a clean re-installation procedure. Backing up everything for "easy" restoration is not bad in itself, just insufficient if you have to restore after security breach.
<Munt> agreed.  For now, I'm poking around so much it'd nice to be able to reset and try again repeatedly.  Then I know I haven't forgotten to manually roll anything back.
<fallentree> Then having an Ansible playbook sounds perfect for the job. You get familiar with what to install, in what order, and how to configure it, and have it all scripted.
<fallentree> also using zfs or btrfs snapshots sounds like another easy way to "reset" after poking the wrong hole :)
<Munt> I currently have no understanding as to why that might be the case with those filesystems.  I'll look into that.
<fallentree> because no other file system has snapshotting capabilities? :)  both are Copy-on-write, meaning it's very easy for them to implement snapshots. those are just another reference in the CoW chain.
<fallentree> tl;dr, CoW systems work like this. when a block is copied, only a reference to it is copied, not the block itself. when either the original block or the copy becomes modified, it's copied to another physical location at that moment only, ie. copy on write.
<fallentree> there's much more to it, and there are many other features, but this CoW mechanism lends itself very easily for snapshots. without it, snapshots are very difficult to implement.
<Munt> Sounds exactly like what I'm after.
<patdk-lap> I said that hours ago
<Munt> patdk-lap  :  I don't deny you that :p
<fallentree> just keep in mind that btrfs and zfs are both "kitchen-sink" systems, they're filesystems + volume managers + raid, all in one. might take a bit of a paradigm shift when you work with them after using "simple" filesystems like ext4.
<fallentree> for starters, one of paradigm shifts is that they're pooled, so you don't need to partition the drive (other than what's  minimally required, eg. bios boot + optional /boot + optional swap + btrfs/zfs pool)
<Munt> Currently I lack the understanding necessary to implement most of these ideas.  Now I know where to start looking though.  Thanks to all of you folks for the suggestions.
<fallentree> in that pool you create zfs datasets or btrfs subvolumes, that are "separate filesystems" analogous to having individual partitions. This "separate filesystems" is important when, for example, you rsync with -x
<Munt> What in the extended attributes is important in this scenario ?
<Munt> I mean why does having a separate filesystem have importance with the xattrs
<ikonia> can he use zfs on linode
<ikonia> I thought they where locked to the image file systems
<ikonia> and a shared kernel, so no zfs module
<Munt> I'll have to reserve that approach for my home system then.
<fallentree> Munt: I said -x not -X :)
<fallentree> ikonia: it's possible to pve boot into your own kernel
<ikonia> fallentree: that sounds like a pointless waste of time and effort on linnode host
<fallentree> eh pv
<Munt> lol fallentree >,<
<fallentree> ikonia: when I was using Linode many years ago, I always ran with pv and own kernel
<ikonia> that doesn't change what I said
<fallentree> what, that it's pointless to run your own kernel?
<fallentree> distro kernel, that is
<ikonia> the effort and hassle of keeping that going on a paravm thats ouside of your contol for what gain ?
<fallentree> not sure what hassle that is. iirc it was just a matter of choosing pv from a drop down and it would boot into your image's kernel
<fallentree> now, is zfs an overkill on a linode host? maybe. but btrfs isn't imho
<ikonia> the droplets are supposed to be held in the same configuration as the host offers,
<ikonia> so anything thats outside of that seems a pointless ris
<ikonia> risk
<fallentree> eh, what risk? and droplets are DO, not Linode :)
<ikonia> oops, sorry, don't know why I thought droplets
<fallentree> besides, nowadays Linode switched to KVM, I don't know if that still means running host kernel by default
<ikonia> the risk is if you try to change it outside of the offering, they can shut it down
<fallentree> Linode ran Xen with host kernel because when they started building their infrastructure, pv boot was not available, iirc. they added it later as it became available.
<ikonia> if it's available from linnode as an offering then obviously it's safe
<fallentree> ikonia: I really doubt they'd shut you down for running your distro kernel. I never heard of it, and I ran with pv for years
<ikonia> fallentree: they shut hosts down if you try to change them outside the static offering
<fallentree> what kind of change? it'd be really stupid of them to shut you down because you boot into the distro kernel
<fallentree> many users run CentOS and needed selinux which wasn't available in their host kernel for long time, so they supported pv
<ikonia> fallentree: if the distro kernel is available as an official offering, then it's not a problem
<fallentree> I quit Linode back in 2010, so I admit I don't know if there are any policy changes in the past 7 years. but back then, pv was normal and supported.
<fallentree> I'm also convinced Canonical would've gone after Linode like they did after OVH if they didn't support default Ubuntu installations by not allowing/supporting the Ubuntu kernel be run, while offering "Ubuntu(tm)" images.
<fallentree> But then, back when I was running Linode, the hosts were Ubuntu iirc :)
<ikonia> canonical couldn't do anything
<ikonia> (nor would they care in my opinion)
<fallentree> ikonia: oh so you didn't hear about the OVH issue?
<ikonia> no
<fallentree> wait, I'll find links
<Munt> I just moved to linode after years of using managed cpanel vps's.   Kinda testing the waters now.
<fallentree> ikonia: https://news.slashdot.org/story/16/12/04/2235251/canonical-sues-cloud-provider-over-unofficial-ubuntu-images
<fallentree> ikonia: tl;dr, OVH offers "Ubuntu(tm)" but installs custom grsec kernel, so Canonical threatened OVH to stop using the "Ubuntu" trademark in that case.
<ikonia> lets have a read
<fallentree> afaik it settled with OVH entering the Canonical Certified Public Programme, and dropping the custom kernel
<fallentree> And Canonical was right, if you ask me. Changing Ubuntu like that makes it no longer "Ubuntu(tm)" but a derivative. If things go wrong, it paints a bad picture of Ubuntu, while the problem is in modifications.
<ikonia> an interesting case
<ikonia> more so as canonical removed the word linux from their distrbution and it's trademarks
<tomreyn> said program which involves regular payments, though, IIRC
<fallentree> IANAL but I think that'd be a conflict of trademarks if they kept "Linux" in their own trademark.
<fallentree> tomreyn: it does, but it certifies there's a standard and you get what's advertised.
<fallentree> I was bitten by "waitaminute, this is not Ubuntu kernel" myself with OVH. Granted, it was easy to just reinstall the official image, but again, that just proves the whole problem.
<fallentree> s/image/kernel
<Da9el> Er der en fra Danmark der kunne hjÃ¦lpe mig lidt
<vonsyd0w> if i want to clear any traces of an MAC address and/or UUIDs for a VM template, do you still need to clear udev rules on Ubuntu 16.04?
<hehehe> hey hey
<hehehe> who here runs servers on ovh?
<hehehe> as vps
<hehehe> I wonder if there is a way to clone
#ubuntu-server 2017-05-28
<hehehe> oki
 * hehehe take a sit, takes some lsd
 * hehehe kisses a naked girl
<hehehe> mmmm
<tomreyn> hehehe: try asking in #ovh
<runelind_q> I'm running 16.04 inside lxd and I'm trying to mount an nfs mount and I keep getting operation not permitted
<runelind_q> it works in a 14.04 VM
<trippeh> doubt nfs is properly namespaced so to do that security it would have to be done on the host and mount it into the container fs somehow.
<trippeh> securily even.
<trippeh> I have not used lxc/lxd in many years though so no idea how that would look nowadays.
<trippeh> maybe mount it on the outside, and have a bind mount into the container, which is probably supported in the configs.
<runelind_q> ah, weak.
<trippeh> there is some work upstream to allow namespaces to mount blockdevs and such themselfes, but it is very experimental and I just know a crapton of CVEs will fall out of it :p
<trippeh> not seen anything on nfs yet
<RdeH> my soundcard doesnt work with ubuntu server, its a Realtek-AC97 on a Medion pc MT7
<RdeH> someone?
<RdeH> its working with gdm3 but then again i can't use enlightenment instead of that
<RdeH> doesnt complete mixersettings
<ren0v0> Hi
<ren0v0> I'm wanting to use MinOZW, but i can't find what package its in  http://manpages.ubuntu.com/manpages/zesty/en/man1/MinOZW.1.html
<RdeH> <RdeH> my soundcard doesnt work with ubuntu server, its a Realtek-AC97 on a Medion pc MT7
<RdeH> <RdeH> someone?
<RdeH> <RdeH> its working with gdm3 but then again i can't use enlightenment instead of that
<RdeH> <RdeH> doesnt complete mixersettings
<emr> Hello, i'm looking for good tutorial / article / doc about kvm clustering, any advices? thanks
<tomreyn> most guides i've seen so far are specific to a certain cloud / cluster management software.
<emr> tomreyn, absolutely the most good one i found is https://alteeve.com/w/2-Node_Red_Hat_KVM_Cluster_Tutorial but it using red hat
<tomreyn> you could start by putting together a list of requirements, then check http://www.linux-kvm.org/page/Management_Tools (and elsewhere, since it's not complete) for a mathing management solution and then read up on that
<emr> thanks tomreyn
<tomreyn> hmm yes https://alteeve.com/w/AN!Cluster_Tutorial_2 looks good if you want to do it manually
<tomreyn> i guess much of it is probably not redhat specific.
<emr> actually yes its really good tutorial however there are missing pieces when building it manually
<tomreyn> be sure to take a look at at least openstack before you decide to do it manually
<emr> like corosync.conf
<emr> ok thanks tomreyn
<tomreyn> welcome, good luck
<teward> well I feel stupid today
<teward> i finally realized why my iptables SNAT/DNAT rules for 1:1 NAT between host IPs and containers weren't working - i forgot to add accept rules for the FORWARD rules.  I feel stupid now,
<teward> i finally realized why my iptables SNAT/DNAT rules for 1:1 NAT between host IPs and containers weren't working - i forgot to add accept rules for the FORWARD rules.  I feel stupid now.
<teward> oops, double post?
<teward> also I feel *really* freaking old...
<teward> i have a 12.04 server I forgot about lol
<DK2> how do i recover a mysql backup with rsnapshop?
<DK2> is it just copy ?
<DK2> its a innodb.. figured it out i believe
<DK2> but that database is 2TB big, need to add another drive..
<hikmahgumelar> hi
<teward> hello
<teward> this'll sound like a stupid question but is IPv6 1:1 NAT in iptables the same as IPv4 1:1 NAT?
<Fieldy> hello, im on 16.04.2 LTS. i've installed postfix like i've done on earlier versions. i need to see the logs for postfix, however, i've searched my whole system (especially /var/log) for the usuals and things like mail.log don't even exist. googling around didn't help much. any ideas?
<_KaszpiR_> probably protfix manual ;)
<_KaszpiR_> *postfix
<_KaszpiR_> manual and config file
<patdk-lap> why postfix?
<patdk-lap> postfix does nothing with logs
<patdk-lap> consult your syslog program
<_KaszpiR_> or see systemd settings
<patdk-lap> these days, systemd is the syslog program
<patdk-lap> that then hands it off to rsyslog
<_KaszpiR_> well it can be
<_KaszpiR_> ;D
<_KaszpiR_> but you're right
<_KaszpiR_> now systemd is more than you'd expect
<Fieldy> journalctl -xef | grep -e postfix -e mail -e spam -e clam     is givin me what i was lookin for, just wanted to post a solution (good enough for now)
<andol> Fieldy: If you don't want to do as much grep:ing, try adding "-u postfix" to journalctl.
<Fieldy> andol: ah i did not know about that. thank you. almost got it all going, getting some very long spamc / spamd processing but it does complete. will figure that out later
<Fieldy> just happy i got everything migrated from the old server.
<Fieldy> the secondary MXs can deal with the fallout and hang onto stuff that gets goofed up :P till it's 100%
<Fieldy> lmao i love my buddy who is hosting one of the secondary MXs... saw stuff piling up and sent me a text to check my server. gotta love eagle eye admins
<Fieldy> ...and then i knock my ethernet adapter out of my laptop. yay
<tasslehoff> Guides on removing an mdadm array says first to do --stop then --remove on the device, but after --stop the device is gone. Is that ok?
<tasslehoff> Can I just remove it from /etc/fstab and /etc/mdadm/mdadm.conf and carry on?
<teward> anyone pro at LXD networking in here?
<teward> or even bridging, because I've got a weird IPv6 issue here
<teward> trying to get a bridge to do IPv6 only, but I can't make that bridge without torching IPv4 routing, any ideas how to fix it?
<patdk-lap> heh? doesn't take a pro
<patdk-lap> a bridge has nothing to do with either
<patdk-lap> so something else your doing is the issue
<teward> patdk-lap: well...
<teward> 1:1 IPv6 wasn't working
<teward> probably because no IPv6 NAT heh
<patdk-lap> nat?
<teward> i'm better with IPv4 networking than Ipv6
<patdk-lap> why would you nat ipv6?
<teward> patdk-lap: do you know a way to get IPv6 routes working proper to LXD containers?  Or a better way to do it than trying to bridge interfaces (whcih doesn't work since the host's uplink won't accept multiple MACs apparently)?
<patdk-lap> your talking about proxyarp and proxynd
<patdk-lap> well, no need for proxyarp on ipv4 if your stuck with only a single ip
<patdk-lap> but do you have a single ipv6? or a proper /64?
<teward> patdk-lap: well
<teward> I have a /64 currently.
<teward> four IPs in that range are currently set up to be routed to the host (VPS)
<teward> i have a single container I want to have 3 of those IPs
<teward> hence why i'm confused
<patdk-lap> proxynd would be the simple way
<patdk-lap> though, I will say, I haven't done proxynd for many years
<patdk-lap> you will setup proxynd then just assign the ipv6 address to your lxd guest
<teward> patdk-lap: if I had my way and the hosting company providing the VPS were less stringent on MAC addresses and crap, I"d be able to just have a direct bridge, and then direct-assign things.
<teward> ok.
<patdk-lap> proxynd, says to respond to nd requests on behalf of xxxx (normally put the ip here)
<patdk-lap> linux is calling it proxy_ndp
<patdk-lap> most of this isn't relevent, but the neighbour discovery section is
<patdk-lap> http://www.geeklab.info/2013/05/ipv6-neighbour-proxy/
<teward> patdk-lap: hrm, that doesn't seem to work... blurgh.
<teward> oh well
<teward> it's not being kind :)
#ubuntu-server 2018-05-21
<dpb1> SynfulAck: yup, you got it.  -host was just an example of course.
<Blueking> are there ways to check what cpu we have on pc ?
<Blueking> ubuntu server 14.04
<andol> cat /proc/cpuinfo
<Blueking> TY :)
<RoyK> Blueking: or lscpu
<Mava> hmm, using hp with hardware raid. I should have ~9Tb disk created, but the fdisk shows only 1.1Tb. Any tips what to look for
<tomreyn> Mava: what does the hp raid management utility show?
<tomreyn> the one you can load from the firmware, and the one you can load from linux (hpssacli, hpacucli)
<tomreyn> if both show the full site, see lsblk output, too.
<Mava> the lsblk says 1.1T
<Mava> hmm,, ssacli says "this controller has an incompatible driver"
<Mava> can't be o.0
<tomreyn> which server and raid array controller is it?
<tomreyn> and which ubuntu version?
<Mava> 1604lts, hp 380g10 with with..
<tomreyn> !hwe
<ubottu> The Ubuntu LTS enablement stacks provide newer kernel and X support for existing LTS releases, see https://wiki.ubuntu.com/Kernel/LTSEnablementStack
<tomreyn> try this
<Mava> tomreyn: definitely
<tomreyn> https://community.hpe.com/t5/ProLiant-Servers-ML-DL-SL/P816i-a-Smart-Array-logical-drives-not-presented-to-OS/td-p/7004208
<Mava> tomreyn: seems the controller is HPE Smart Array P408i-a SR
<tomreyn> Mava: note the sattement "(My guess is that the E208i and P408i controllers behave the same way. )" in the linked post
<tomreyn> so just try the hwe kernel
<Mava> tomreyn: definitely hits this case
<Mava> tomreyn: quite funny though since I worked with this matter in somewhere in march / april and this thread has been posted 3 weeks ago =)
<Mava> tomreyn: yup, and works
<Mava> tomreyn: so thanks!
<tomreyn> nice, that's what hwe is for, supporting new hardware
<Mava> in the end it was (surprise) my fault by messing the installation
<Mava> and the hwe seems to work well
<tomreyn> make sure you're well aware of hwe support cycles.
<tomreyn> but you'll want to upgrade the kernel regularly anyways, i guess ;)
<tomreyn> https://wiki.ubuntu.com/Kernel/Support?action=AttachFile&do=get&target=16.04.x+Ubuntu+Kernel+Support+Schedule.svg
<Mava> tomreyn: that i wasnt aware of, thanks for pointing out as well
<Mava> probably the box will be upgrade to 18 at some point in next autumn
<tomreyn> good planning :)
<rbasak> ahasenack: sorry, looks like I missed your email on this again
<rbasak> I wonder if it's my phone marking it as read
<rbasak> I swear I haven't seen it
<ahasenack> hehe
<rbasak> ahasenack: looks good
<rbasak> ahasenack: I'm happy to upload the trees at the current state of both clean-changelog-for-upload branches. Just to confirm that's what you're happy for me to sponsor and upload now?
<nacc> rbasak: so git-ubuntu CI is back to green, right?
<Neo4> hi, who know how to create torrent files?
<Neo4> I created one, and it doesn't load on my virtual machine,
<Neo4> Who can try to load my file http://kselax.ru/wordpress.torrent
<Neo4> how many there seeds/
<Neo4> ?
<Neo4> do you see one seeder?
<Neo4> I open this file on my local computer and seeding now
<Neo4> I simply interesting why I can't load from VM, there trackers shows none of seeds
<swebb> @neo4: one seed, one peer
<Neo4> swebb: and load is going on?
<swebb> Looks like it's downloading
<Neo4> run in cient
<swebb> 100KB/sec
<Neo4> swebb: try there not harm files
<Neo4> really?
<Neo4> try get files
<swebb> It's downloading.  I'd rather not actually open the files since I'm downloading random files off the internet from a stranger. :)
<swebb> killed it
<Neo4> swebb: oh, I'm not a stranger
<Neo4> ok, there pdf books
<Neo4> swebb: see my peers https://ibb.co/cnBqD8
<swebb> Neo4: oh yea?  What kind of dog do I have?  :)
<Neo4> 0 seeds
<Neo4> swebb: what does it mean?
<Neo4> I don't know your dog...
<swebb> Then you're a stranger.  :)
<Neo4> swebb: you can download, why you scare?
<Neo4> just don't run them,
<Neo4> files can harm computer only when you run them
<swebb> I killed the download.  The test worked.
<swebb> Your torrent works.
<Neo4> swebb: Thanks
<swebb> I don't want/need your actual files.
<Neo4> swebb: Ok, I did it behalf test, One and put books, before I put one picture and guy said it might not have downloaded because little size :)
<Neo4> with books more size
<Neo4> swebb: for your own torrent site we need set up your own torrent tracker?
<swebb> No, you can use any open tracker
<Neo4> swebb: and they are enough reliable?
<Neo4> I thought suddenly they are disappeared or works badly
<swebb> sure
<Neo4> ok
<Nafallo> bittornado is still in main. just saying.
<Neo4> anyway for a while use open trakers, and we can in any time set up your own or change trackers for any files
<Neo4> Nafallo: I read this trackers closed now, under low it seems like illegal?
<Neo4> pirate bay was closed
<Neo4> and others trackers
<Nafallo> have a think about content first please.
<Neo4> in Ukraine it's legal, here I haven't heard about blocking some sites, besides russians
<Nafallo> that discussion is sort of off-topic here.
<Nafallo> I'm just saying you have a good client/tracker/whatever for torrents in Ubuntu main. I believe you asked about that.
<Neo4> Nafallo: theoretically content could be any. it's not importent. For example books, I frequently seek in google books
<Neo4> Nafallo: ok
<Neo4> Nafallo: see If I use seed on the same computer and on virtual machine I want to donload I can't why?
<Neo4> it might on the same computer we can't use the same torrent
<Neo4> strange behavior
<Neo4> all my computers have the same outside IP
<Neo4> tracker site might think that this is one computer
<Neo4> or I don't know
<Nafallo> I never said I was an expert in torrenting. please don't hilight about issues with regards to the little knowledge I was able to share.
<ahasenack> rbasak: yes, please upload from the clean-changelog-for-upload branch, thanks
 * dpb1 gets goosebumps
<roaksoax>   /win 10
<Blueking> I have two hdd's  purpose are for media.. one for kids and one for grown up ..  I have used up space on grown up hdd.. and I want to split kids hdd in two  and add it to grown up hdd look like one hdd  how ?
<sarnold> best is to start over with openzfs; take a look at this series of blog posts +
<sarnold> https://pthree.org/2012/12/04/zfs-administration-part-i-vdevs/
<jon_> Neo4, seems like you really want people to run your files.
<Neo4> jon_: no, only test
<Neo4> jon_: If I wanted to do some hurt I would placed my file on torrent sites
<Neo4> jon_: it works, Torrent might not work if you have 2 peers on the same IP and one peer seed other leech, it might tracker can't recognize both peers
<Neo4> for test we need somebody download file. it's the easiest way to test torrent
<swebb> Yea, just /ignore him.
<sarnold> Neo4: I was able to connect and download a megabyte or two no trouble
<Neo4> right, it's work
<JanC> Neo4: your virtual machine is probably behind a NAT; then you need to forward a port to it...
<Neo4> in my modem?
<JanC> in the virtualisation software
<Neo4> vmware?
<JanC> if you use vmware, then in vmware, yes
<JanC> either that or don't use NAT in vmware
<Neo4> What does it mean?
<jon_> what kind of vmware? ESXi or Workstaton or whatev?
<Neo4> JanC: see https://ibb.co/i5YCAo
<Neo4> Shall I off NAT
<jon_> It will be at your modem/firewall as well.
<Neo4> ok, I'll try off and test, right now
<JanC> the real modem/router probably has UPNP enabled to configure port forwarding
<Neo4> yes, without UPnP it doesnt open income port in Transmission
<Neo4> UPnP was off in modem, I on it
<jon_> I'm too paranoid for that.
<JanC> you can also manually forward ports and then Transmission would work too
<JanC> provided you tell Transmission (or whatever torrent client you use) the exact port
<JanC> and yes, you probably want to use bridging instead of NAT for the VM
<Neo4> JanC: with this https://ibb.co/hsdb38
<Neo4> internet doesn't work
<Neo4> will try bridge
<Neo4> I don't understand what is nat, bridge and privet
<Neo4> it's out of my scope :)
<jon_> bridge is like plugging your vm into your modem
<ProCycle> So I've got a broken package that's in limbo (upgrading mariadb-server). It can't install, and I can't remove it because " package is in a very bad inconsistent state; you should
<ProCycle>  reinstall it before attempting a removal"
<ProCycle> Need to completely remove it so I can get it back to a not broken state
<sarnold> apt-get install -f may help
<ProCycle> The problem is the install post script expects a service file to exist that doesn't
<ProCycle> So it will always fail
<ProCycle> I've tried -f, and --reinstall
<Neo4> with bridge Internet works, but download can't. On #transmission guy said it's difficult to test on vmware, better give file somebody
<sarnold> ProCycle: you may need to resort to manual dpkg commands... apt dumps the packages into /var/cache/apt/archives
<Neo4> or apt-get autoremove or autoclean
<sarnold> neither of those is likely to help this situation
<jon_> Neo4, the port could be blocked at your modem.
<ProCycle> I can remove the actual packages with "sudo dpkg --force-all -r mariadb-server-core-10.2"
<ProCycle> But the meta-package still remains
<ProCycle> And still cannot be removed
<Neo4> ProCycle: dependances? What the metapackages? use apt-get autoremove its remove all not needed dependencies
<Neo4> jon_: can't help, I'd better stop try. Need two computers in network. with different IP
<Neo4> tracker determine peers by IP, they see my two peers seeder and leacher and don't allow leeching
<Neo4> How tracker will distinguish peers on the same IP?
<sarnold> trackers cannot
<sarnold> torrents don't work well across NAT routers
<nacc> ProCycle: can you not do the same with the metapackage?
<ProCycle> dpkg doesn't see it
<ProCycle> I've tried
<ProCycle> but apt still acts like it's installed
<Neo4> ProCycle: try reboot comp, it sometimes help
<Neo4> reboot comp and then again repeat remove commands
<rbasak> nacc: thank you for the MP over the weekend. As it passed I landed it this morning and restarted the bastion against it.
<rbasak> nacc: it seems that it's broken on the bastion though :(
<rbasak> The self test fails there too.
<rbasak> I've reverted the bastion for now and waiting for it to restart
<rbasak> I'll look deeper tomorrow.
<ProCycle> After doing "sudo apt-get -f install" to "fix" any dependences I was able to do "sudo dpkg -r mariadb-server-10.2"
<ProCycle> *rage* install script is still broken
<ProCycle> I wonder maybe I should just make a fake service file that does nothing but makes the script happy
<ProCycle> Well this is strange, there's actually a mysqld.service file in /etc/systemd/system/ but I can't start it
<ProCycle> Just says it can't find the unit when I do sudo systemctl start mysqld.service
<rbasak> Ubuntu has never shipped MariaDB 10.2
<Neo4> ProCycle: systemctl start mysql.service without ld
<ProCycle> Tried that too
<Neo4> and?
<Neo4> works?
<Neo4> ProCycle: install mysql instead mariadb
<ProCycle> No it also does not exist
<Neo4> sudo apt-get install mysql-service
<ProCycle> The service files actually do exist though
<ProCycle> So I'm not sure why systemd insists they don't exist
<Neo4> because you didn't install
<Blueking> how to monitor cpu load ?
<Neo4> oh server
<Neo4> ProCycle:
<Neo4> 	sudo apt-get -y install mysql-server
<Neo4> ProCycle: not mysql-service mysql-server I confused
<Blueking> ah forget question.. got munin installed on server
<JanC> ProCycle: you can always cheat and edit the post-install (or whatever) script
<ProCycle> Do I need to do that inside the deb file? Because I tried editing it in the /var/lib/dpkg/info/ directory and it ignored my changes
<JanC> well, maybe more useful when you try to remove it (the removal scripts should come from there)
<JanC> or when just configuring it
<JanC> if you re-install it would likely overwrite...
<Blueking> how to see how many core's and threads mine xeon  cpu has ?
<Blueking> ok  2 core 4 threads..
<ProCycle> Blueking, Should be able to see that with cat /proc/cpuinfo
<Blueking> just wonder why intel says 4 core 8 threads on xeon E3 v3 1230L
<Blueking> model name      : Intel(R) Xeon(R) CPU E3-1230L v3 @ 1.80GHz
<Neo4> Blueking: top or htop
<Neo4> try type top command
<powersj> Blueking: https://ark.intel.com/products/75053/Intel-Xeon-Processor-E3-1230L-v3-8M-Cache-1_80-GHz
<Blueking> my linux reports 2 cpu 2 threads per core
<ahasenack> rbasak: I've got phpmyadmin asking for mysql's root password, but that's no longer used, right?
<Neo4> ahasenack: it seems phpmyadmin only asking about phpmyadmin password
<ahasenack> I will try again on a fresh container, as I was looking for something else, but I think it asked for the phpmyadmin password, and mysql's root password
<rbasak> ahasenack: you shouldn't need one to authenticate as root against the local instance if you are root.
<ahasenack> even though I told it to use the unix socket
<rbasak> It might ask anyway
<ahasenack> it didn't like a blank answer
<ahasenack> (phpmyadmin, that is)
<rbasak> You can still set a MySQL root password if you have to
<rbasak> You can do it if you reconfigure mysql-server-5.7 with a lower debconf priority
<rbasak> (or by hand using the client)
<Neo4> ahasenack: I just remove and installed and it asked only once for phpmyadmin
<ahasenack> it's something else here. "apt install phpmyadmin" doesn't pull in mysql-server, which makes sense, but it asks for the password and tries to connect to a mysql srever on localhost anyway
<ahasenack> ok, so it's a 3 step process
<Neo4> ahasenack: and after root password it ask about phpmyadmin?
<ahasenack> apt install phpmyadmin <-- fails, abort
<ahasenack> apt install mysql <-- works for mysql, but then phpmyadmin tries again, it also fails because mysql isn't running yet
<ahasenack> apt -f install <-- now phpmyadmin can talk to mysql and is happy
<Neo4> might your php can't create database, root misql need for to reach mysql database and create there something
<Neo4> ahasenack: I use for mysql , apt-get mysql-service , it seems there not exists mysql
<ahasenack> mysql-server, sorry
<ahasenack> (in my second line of the 3 steps)
<Neo4> ok
<Neo4> I wrote shell script that install remove mysql phpmyadmin, only once ask
<Neo4> and mysql you can't remove simply purge mysql*
<ahasenack> so the right order would be "apt install mysql-server; apt install phpmyadmin"
<ahasenack> that should work
<ahasenack> can't install them at the same time
<Neo4> if you use only purge mysql* and then will use pat-get install mysql-server it won't ask you about root
<Neo4> yes
<Neo4> mysql at first
<Neo4> then phpmyadmin will create your own database in mysql
<Neo4> you can't install phpmyadmin without mysql and if you remove mysql with database you phpmyadmin will broken
<Neo4> you can't remove mysql and left phpmyadmin to be properly work without reinstall
<teward> rbasak: can you peek at bug 1324062 and determine if the latest status and assignment changes were malicious / accidental / vandalism / stupidity?
<ubottu> bug 1324062 in nginx (Ubuntu) "No lua 5.2 support" [High,Confirmed] https://launchpad.net/bugs/1324062
<teward> before I go with the proverbial hammer into #Launchpad and ask the guy doing those changes they did (twice in the past 24 hours) get squished / prohibited from accessing things
<rbasak> teward: I've seen that person make a ton of unexplained metadata changes in the last day or so.
 * rbasak looks
<rbasak> Well by ton I mean four
<rbasak> In two other bugs:
<rbasak> bug 1077434 and bug 1232469
<ubottu> bug 1077434 in apache2 (Ubuntu) "Apache 2.2.14 Server Status no longer available" [Medium,Confirmed] https://launchpad.net/bugs/1077434
<ubottu> bug 1232469 in apache2 (Ubuntu) "Apache coredump when started with dbd and php5 enabled" [High,Confirmed] https://launchpad.net/bugs/1232469
<rbasak> And your one
<rbasak> That's of the bugs I'm subscribed to
<nacc> rbasak: hrm, if you can pastebin the errors on the bastion, I can try and help
<rbasak> teward: https://bugs.launchpad.net/~farhn shows some more
<rbasak> nacc: thanks, though I'm leaving it until tomorrow now. I reverted already, so I'll try to reproduce first.
<teward> rbasak: I'll poke #launchpad then and ask for a blanket squish.
<teward> that way they can't do much
<rbasak> Thanks
<nacc> rbasak: ah i wonder if the snapcraft being used in CI is a different version than the snapcraft being used by LP
<rbasak> nacc: I wondered that.
<rbasak> nacc: I noticed that the CI is using the deb
<rbasak> With cleanbuild.
<nacc> is LP using the snap?
<rbasak> I haven't looked yet
<nacc> rbasak: the error was the pygit2 import error (i'm seeing that on edge still)
<rbasak> Yeah that sounds familiar
<nacc> ok, i'm looking, this was someting (I thought) we had fixed alrady in snapcraft
<nacc> rbasak: oh you meant you reverted in the store? or in master?
<teward> rbasak: https://answers.launchpad.net/launchpad/+question/669500 for tracking
<rbasak> I reverted on the bastion only
<nacc> rbasak: oh locally, ok
<teward> since #launchpad is dead
<rbasak> I didn't see any way to revert in the store
<rbasak> And I didn't think it deserved a revert in master as CI was broken before anyway
<rbasak> And without knowing what broke it, it wasn't clear to me that reverting could fix it (eg. build environment change)
<nacc> rbasak: you have to use snapcraft to do it, iirc
<rbasak> s/could/would/
<nacc> yeah i'm going to see if one thing i had done before fixes it
<rbasak> nacc: thanks
<nacc> rbasak: your revert of 3294bc6d6c93c8c76f953266f9665ede78c5937d was incomplete i think
<nacc> rbasak: so there's an ordering issue now
<rbasak> My revert?
<nacc> rbasak: speifically http://paste.ubuntu.com/p/T3nSB98vt5/
<nacc> rbasak: yeah, from 48249b21607fdfbb80af9d53e8d0b1375d8778c1
<nacc> rbasak: ok, i think i see the issue -- the _pygit2.so in the snap is linked to the core snap's libgpg-error
<nacc>  libgpg-error.so.0 => /snap/core/current/lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f4630755000)
<nacc> we definitely want that to be the one in the snap, as otherwise we'll get weird issues like this :)
<nacc> i'll see if the ordering helps
<ahasenack> rbasak: oh, this just started happening
<ahasenack> $ git ubuntu clone unbound
<ahasenack> ERROR:root:Is python3-pygit2 installed?
<ahasenack> I did a clone not long ago, today
<ahasenack> I got r428
<ahasenack> yep, it updated about 10min ago
<rbasak> ahasenack: see above. "snap revert" for now please. nacc is already investigating. I'll also take a look tomorrow.
<ahasenack> and I do have python3-pygit2 installed, fwiw
<ahasenack> ah, cool
<ProCycle> How do I kill a running process if Ctrl+C doesn't work?
<yee__>  hi guys, Should be very easy question for you guys. What are the main differences between Ubuntu server 18.04 âliveâ and âalternativeâ? Do they have different purposes?
<dpb1> live == new fast image based installer.  alternative is the d-i based installer that has many more options
<dpb1> tl;dr is, if you need raid, lvm *on your root disk*, or bonding, bridging, vlans *during installation*, you need the alternate installer
<yee__> What is the cloud-init for?
<yee__> what lan card ESX 6.5 drivers would be best fit with new ubuntu server?
<ProCycle> Does the default not work?
<Neo4> ProCycle: in command line kill id_of_process
<dpb1> ... yee__ ok, are you mistaking irc with google?
<dpb1> :)
<nacc> rbasak: confirmed, the order fix does let self-test pass in a build i did locally, i'll submit an MP
<ProCycle>  
<nacc> rbasak: bah, well that was still on my old branch, verifying against master and will send an MP if it passes
<Blueking> http://paste.ubuntu.com/p/gKc9Y7Y6x4/       intel ARK says mine cpu are 4 core..   seemingly I have only had 2 core since I bought mobo + cpu
<nacc> rbasak: https://code.launchpad.net/~nacc/usd-importer/+git/usd-importer/+merge/346428 that passed against master here too
<nacc> and ldd indicates the libgpg-error is the one we built, correctly
<sarnold> CPU(s):                2
<sarnold> Thread(s) per core:    2
<sarnold> I wonder what this tool means by 'threads'..
<nacc> i think that's `lscpu`
<nacc> # logical CPUs = # sockets X cores per socket X threads per core
<sarnold> what's /proc/cpuinfo say on this machine? I'm familiar with that one and expect results I can relate to :)
<nacc> having just learned about it, `lstopo`/`hwloc` may give a better idea of what's going on and if your particular chip has disabled cores
<sarnold> hah yes lstopo is good stuff
#ubuntu-server 2018-05-22
<arooni> is there an ubuntu terminal that supports the OSC 52 ;; would allow set-clipborad in terminal
<sarnold> probably xterm does; maybe urxvt ..
<nacc> rbasak: not sure if you want to just land that fixlet, or try and build it locally to sanity check it is ok? I suppose in the edge channel it's ok to just land it
<nacc> ahasenack: as to the error messages, remember when running from the snap it is only looking in the snap's env, so your system packages are irrelevant
<nacc> ahasenack: it's just a generic message, which implies that it wasn't able to load pygit2 successfully
<nacc> s/load/import/
<xamithan> Just joined to grab topic links and say cheers it fixed my issue~
<lordievader> Good morning
<^kiokoman^> wellcome2
<^kiokoman^> wrong chat sorry
<rbasak> cpaelzer, ahasenack: git-ubuntu edge fixed I believe
<cpaelzer> rbasak: rev 429 or newer?
<cpaelzer> rbasak: yep working on 429 now
<cpaelzer> thank
<cpaelzer> s
<DK2> hello, im trying to setup a hostroute on ubuntu 18.04
<DK2> http://pastebin.centos.org/782911/
<DK2> is the relevant snippet, however when trying to access the 10th subnet im getting no route to host
<DK2> it works perfectly fine when i set a 192.168.0.0/24 ip on the server, however i need the ip to be 192.168.2.0/24
<DK2> any ideas?
<Ool> DK2: you need to have a gateway in the network
<DK2> it is on-link
<DK2> both subnet are in the same vlan
<Ool> same vlan perhaps but not in the same network
<DK2> but shouldnt hostroutes work for exactly cases like this?
<Ool> how can you can to the 192.168.0.0/24 where is your gateway from 192.168.2.0/24 ?
<Ool> how can you go *
<DK2> there is no gateway, it should use 192.168.0.254
<Ool> for me, or the dest is on the same network => no gateway, or is another network => gateway
<DK2> https://netplan.io/examples#directly-connected-gateway
<DK2> but doesnt seem to work
<frickler> thedac: coreycb: any update on https://bugs.launchpad.net/bugs/1750121 ? my suspicion is that this is somehow dependent on your CI/charms setup
<ubottu> Launchpad bug 1750121 in neutron-dynamic-routing (Ubuntu Bionic) "Dynamic routing: adding speaker to agent fails" [High,Fix committed]
<DK2> so, http://pastebin.centos.org/782951/
<DK2> how can i add a second route here?
<DK2> i also want 10.82.27.0/24 to go trough .254
<sveinse> How strong is the recommendation to keep ubuntu-server on a server? I'd like to remove some of the packages this packages depends on a smaller server.
<ahasenack> rbasak: I thought there was a way to pass extra arguments when using git-ubuntu build-source, like genchange's -v<version>, but I don't see that in the --help output. Is there a way?
<ahasenack> ah, I think it's anything at the end that is not recognized as a git-ubuntu flag?
<ahasenack>     if len(args.rem_args) != 0:
<ahasenack>         logging.warning(
<ahasenack>             "Appending specified flags (%s) to `dpkg-buildpackage %s`. "
 * ahasenack tries that
<runelind_q> I'm running 16.04.4.  Whenever I reboot after a kernel upgrade, I run apt autoremove, then it makes me reboot again :|
<runelind_q> any way to get around that?
<genii> Run the autoremove after the kernel upgrade but before rebooting the first time
<runelind_q> good point
<RoyK> runelind_q: seems like an apt bug if you ask me
<runelind_q> I agree, it shouldn't need to happen.
<runelind_q> there were bugs filed about it in 2015
<RoyK> runelind_q: well, ubuntu doesn't really have a medal in bug fixing
<runelind_q> why fix bugs when you can add more features? ;p
<RoyK> runelind_q: exactly
<RoyK> runelind_q: I don't use ubuntu much on servers anymore - I went back to debian
 * RoyK knows he's swearing in church
<nacc> ahasenack: -- ...
<nacc> ahasenack: (cf. `git ubuntu build --help`)
<runelind_q> I do feel like there are much more kernel security updates in Ubuntu compared to CentOS/RH, maybe they're just not fixing them ;p
<nacc> ahasenack: i'm not sure if i've tested buildsource -- , tbh
<nacc> ahasenack: but i think it does work, and needs a MP to add that to the help epilogue
<RoyK> nacc: -- ... means "MS" ;)
<nacc> RoyK: I don't know what you're talking about.
<nacc> RoyK: you mean morse code?
<RoyK> :)
<nacc> rbasak: ok, looks like git-ubuntu.self-test now passes in edge?
<nacc> ahasenack: --^ fyi
<ahasenack> nacc: it worked (-- ...)
<thedac> frickler: We still see that problem. By chance are you at the OpenStack Summit? I'd love to show you what we are seeing.
<thedac> We are not doning anything special in our CI setup. And again the intial peering setup works. It is only after restarting the neutron-bgp-dragent that we see the error.
<nacc> ahasenack: cool
<frickler> thedac: yes, that's because the original bug also doesn't appear in the default initial setup. I only discovered it when setting up a second network node with another dr-agent
<frickler> thedac: and no, I'm not at the summit
<thedac> frickler: what info can I provide to move forward? I can tar up neutron.conf etc
<frickler> thedac: a description how to reproduce would be good. or would there be a way to hold a failed CI node and let me debug it? like we could do on openstack CI? ;)
<thedac> frickler: oK, I'll do a completely manual setup based on the testing documentation (what our CI automation is built on) and see there is any difference.
<thedac> The CI env is inaccessible, unfortunately.
<frickler> thedac: is the testing doc public?
<thedac> frickler: yes, https://docs.openstack.org/neutron-dynamic-routing/latest/contributor/testing.html
<thedac> Our CI scripting is almost exactly that ^^^
<thedac> Only point to highlight is the neutron-bgp-dragent is on its own node.
<frickler> thedac: ah, that's one of the things I asked on LP. you need to install the same pkg version of the bgp agent on the neutron server, because it serves the RPC call from there
<frickler> my patch changes both sides and if they are not in sync, you get that error
<thedac> frickler: they both have the same version of python-neutron-dynamic-routing
<nacc> ahasenack: cool, can you file a bug that build-source's help doesn't mention it, and fix it? :)
<frickler> thedac: hmm, o.k., so I guess it's best if you try to reproduce it manually. for me, the only attempt where I saw your error was when I upgraded from current pkgs to proposed and didn't restart neutron-server. maybe you could try that restart anyway, just to confirm that you don't have the same situation
<thedac> frickler: ok, I'll do a few more tests and report back on the bug
<Nik736> Hi guys, I am struggling with converting my network config to netplan, anyone around that could assist? Would appreciate it, thanks :) Old Config: https://pastebin.com/YjMRhhAa New Netplan Config that does not work: https://pastebin.com/2msq7hYV
<ahasenack> rbasak: would you be interested in this mysql 18.04 bug https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1772337 that has apparmor DENIED messages in dmesg? (https://launchpadlibrarian.net/371151468/Dmesg.txt)
<ubottu> Launchpad bug 1772337 in mysql-5.7 (Ubuntu) "package mysql-server-5.7 5.7.22-0ubuntu18.04.1 failed to install/upgrade: installed mysql-server-5.7 package post-installation script subprocess returned error exit status 1" [Undecided,New]
<sarnold> name="/etc/my.cnf"
<sarnold> first, that's a silly path mysql, and you should feel bad for using it.. second, that has the look of something that ought ot have been included in profiles ages ago..
<teward> wait, that path looks wrong...
<teward> shouldn't it be pulling from the mysql conf roots?
<teward> (mysql i mean)
<teward> ahasenack: rbasak: ^
<ahasenack> apyes, it looks wrong, I commented as such in the bug
<sarnold> that last line is a bit funny too, mysqld running with fsuid 1001??
<ahasenack> it looks like a heavily modified install, even the initscript was changed
<teward> sounds less like a package bug and more of a "PEBKAC User Error" bug
<sarnold> wow
<teward> is "This system is so heavily modified from the defaults it's not supportable by us" a viable response?  (Just saying)
<teward> either of you know if it's possible to get details out of an autopkgtest run?
<teward> beyond the logs that it gives normally
<ahasenack> teward: a local run?
<teward> ahasenack: no, autopkgtest.u.c
<teward> but if i have to do a local run of this package I will be displeased
<ahasenack> teward: there are artifacts you can download, but that's it
<teward> searx breaks with the nginx upload, but the error is uwsgi-level
<teward> ahasenack: where?
<teward> found it nevermind
<teward> grrr yeah the artifacts won't help me here...
<teward> ahasenack: if I were to do a local run of this, I have two questions:
<teward> (1) how would i do that, and
<teward> (2) is there a way to get into the environment if it fails to actually get debugging info?
<ahasenack> teward: http://autopkgtest.ubuntu.com/ and go find your package there
<swein> on a 18.04 server install. When the ISO is booting some services take forever to start and hangs. Snap server, kernel message of scsi_eh blocked for 120 seconds
<swein> anyone seen that
<ahasenack> (it's not loading here, btw)
<ahasenack> swein: the first time you boot it? And it's the "live server" install?
<swein> ahasenack: yes liv eserver install and on first ISO boot
<ahasenack> I haven't seen that, sorry
<ahasenack> but scsi_eh blocked could be a hardware problem, everything ok with your disks?
<teward> yay net lag >.<
<ahasenack> teward: (2) not that I know of
<ahasenack> teward: (1) is doable, is that in cosmic?
<swein> nothing is connected to the megaraid sas controller, it's just plugged in
<teward> ahasenack: yes, though my system here is Xenial
<teward> ahasenack: TL;DR I need systemctl status -l output
<ahasenack> teward: do you know if the test needs a vm, or if it can run in a container? What does d/t/control say?
<teward> ahasenack: E: Unknown, not my package
<teward> still digging
<teward> ahasenack: if you want to help I'd gladly welcome it
<ahasenack> which package is it?
<teward> ahasenack: searx, its autopkgtests were triggered by NGINX uploads.
<teward> somehow
<ahasenack> sure, sounds more exciting than a pile of 10 apache bugs from 200x
<teward> ahasenack: the nginx direct autopkgtests all succeed
<teward> so it's not an nginx-level issue
<teward> digging into the failed tests the error is in the uwsgi package when it tries to load
<teward> and because of systemd its error message is suppressed saying "Run systemctl status uwsgi for details"
<ahasenack> it's usual, I half lost my mind chasing down triggered tests when I uploaded snmp once
<ahasenack> got all the way down to bind9 even
<teward> heh
<teward> well I value a second set of eyes
<teward> actually oddly enough
<ahasenack> ok, so isolation-container, looks like a lxd is fine
<teward> it looks like the test has always-failed since 2018-05-05
<ahasenack> I'll run the tests, but just so you know,
<ahasenack> you would first run autopkgtest-build-lxd to prepare a lxd image for autopkgtest to use
<ahasenack> and then autopkgtest -s -U /path/to/package (or package name) -- lxd <lxd-image-name>
<ahasenack> more or less
<ahasenack> going from memory
<ahasenack> -s is for it to stop when it fails and give you a shell
<ahasenack> -U is to run apt-upgrade, since the image you prepared earlier could have been prepared weeks ago
<teward> ahasenack: indeed.  Though Xenial won't work for it.
<teward> i'll need to use my bionic box
<ahasenack> it should work on xenial
<teward> those scripts don't exist in Xenial
<ahasenack> it probably has the old name, that's all
<ahasenack> adt<tab> I think
<teward> there it is
<ahasenack> don't ask
<ahasenack> I wouldn't know why
<teward> not going to :p
<teward> heh lol
<teward> ahasenack: doesn't work with snapped LXD 3.x
<teward> apparently
<ahasenack> the build-lxd one?
<teward> mhm
<teward> at least, not on Xenial
<ahasenack> do you have a cosmic image already?
<ahasenack> you need to give it the name of an image
<teward> ahasenack: ah, well, there's no Cosmic images for me to pull
<ahasenack> it will boot it, make modifications, and give you a new one
<teward> i already tried
<teward> so
<ahasenack> lxc image copy ubuntu-daily:cosmic local:
<ahasenack> try that
<teward> *now* it works
<teward> when was taht turned on?
<teward> it didn't work last week o.O
<ahasenack> yesterday I think
<ahasenack> or fri
<ahasenack> correct
<teward> ah that explains it
<teward> *waits for the image to copy down*
<teward> (autopkgtests annoy me a little but meh)
<teward> hmm i think my system derped, gonna reboot
<teward> ahasenack: any idea how long it takes for autopkgtests to build the LXD?  Seems to be taking a while, even though I already copied down the image :/
<teward> and as soon as I say that it completed :/
<teward> *kicks self*
<Blueking> what memory stick tool you use to format for dos boot to do bios upgrade ?
<sarnold> last time I needed a dos boot disk I think I found a freedos image somewhere that worked
<Blueking> hmm,, what format tool ? :P
<sarnold> I just used dd to write the thing to a usb stick
<sarnold> if you actually have to *format* something, maybe the mtools package can help
<sarnold> I hope we still package it, any way ;)
<ahasenack> teward: I reproduced the failure locally: https://pastebin.ubuntu.com/p/BZDCmwgcX4/
<teward> ahasenack: it looks like it's a uwsgi failure
<teward> not an nginx one
<ahasenack> is libapache2-uwsgi involved?
<teward> it shouldn't be
 * ahasenack checks
<teward> ahasenack: can you pull `systemctl -l status uwsgi`?
<ahasenack> right, not installed
<ahasenack> teward: https://pastebin.ubuntu.com/p/D3fk24tVwJ/
<ahasenack> super helpful
<teward> ahasenack: no, but that points at the issue not being an NGINX related issue
<teward> and probably a package-level issue
<teward> what's odd is it only fails on three archs
<teward> ahasenack: it's interesting to note, too, that searx's autopkgtest has been failing for a while
<teward> this is the first time it's on my radar though, the last time it worked was prior to may 5th
<ahasenack> I have no idea how these things work
<ahasenack> teward: I get a core dump, actually
<ahasenack> ERROR: apport (pid 10684) Tue May 22 16:16:15 2018: apport: report /var/crash/_usr_bin_uwsgi-core.0.crash already exists and unseen, doing nothing to avoid disk usage DoS
<teward> interesting.
<teward> ahasenack: maybe this needs to be opened as a critical level bug against searx
<ahasenack> searx or uwsgi?
<teward> since the searx tests have failed for everything since may 5th
<teward> ahasenack: searx
<teward> unless uwsgi's autopkgtests also fail
<teward> though i don't see any
<teward> ahasenack: nginx wouldn't have any effect on uwsgi
<ahasenack> well, what crashed was uwsgi
<ahasenack> I'm checking with debug packages to see if the backtrace shows another library
<teward> ack
<teward> ahasenack: if we can rule out nginx as the cause, then I can rest easy, but I'll have to ask the release team to force ignore those tests for this run
<ahasenack> hm, no debug packages for searx
<teward> ahasenack: are there any for uwsgi?
<ahasenack> yes, I installed them, but the backtrace is still invisible in the critical area
<ahasenack> let me paste
<teward> hmm
<ahasenack> teward: https://pastebin.ubuntu.com/p/8DYQSxg93t/
<teward> ahasenack: it sounds to me then like this is a searx bug
<teward> let me check something
<teward> i have an example uwsgi somewhere, and a container that i can test with heh
<teward> ahasenack: if this simple 'hello world' uwsgi app works, then we can blame the searx package
<teward> if it fails as well, then we can blame uwsgi
<teward> either way, nginx is not an issue
<ahasenack> teward: still, that was never enough of an excuse to not chase dep8 failures :)
<ahasenack> it's all part of making ubuntu better :)
<teward> indeed
<teward> ahasenack: happen to have the old commands for adt to run autopkgtests in LXD?  Or should I get a Bionic environment sooner than later :P
<ahasenack> try adt<tab><tab>
<ahasenack> I think the arguments did not change
<teward> dumps me this: https://paste.ubuntu.com/p/64TkTfWDC8/
<teward> so adt isn't an app, but there's adt-sub apps so IDK
<ahasenack> I'm almost thinking it's a permission problem
<ahasenack> teward: right, so first adt-build-lxd
<teward> ahasenack: i did
<teward> it completed
<ahasenack> I think it's just adt-build-lxd <your-cosmic-image>
<ahasenack> then do lxc image list, see if you have an autopkgtest specific image now
<teward> adt/ubuntu/cosmic/amd64 is there, yes
<ahasenack> cool
<ahasenack> now we want adt-run
<ahasenack> I use:
<ahasenack> -U -s -o ../dep8-output --apt-pocket=proposed source-package-name -- lxd adt/ubuntu/cosmic/amd64
<ahasenack> try that
<ahasenack> -U: upgrade
<ahasenack> -s: stops on fail
<ahasenack> -o: output report
<ahasenack> --apt-pocket: tell it to use proposed, like ubuntu does
<ahasenack> -- lxd: virt type
<ahasenack> and the last is the lxd image to use
<genii> <cough pastebin cough>
<ahasenack> I was typing, not copying and pasting :)
<ahasenack> loophole!
 * genii eye-rolls
<sarnold> haha
<teward> ahasenack: worked with adt-run -U -s -u somefilepath --apt-pocket=proposed source-pkg-name --- lxd adt/ubuntu/cosmic/amd64
<teward> triple dash o.O
<ahasenack> oh, right
<ahasenack> why not
<ahasenack> "-u somefilepath" seems wrong, -u is for user
<teward> typo
<teward> -o
<ahasenack> unless that changed between adt and what we have now
<ahasenack> ok
<teward> ahasenack: confirmed it's not an uwsgi segfault, a simple uwsgi app works
<teward> so the issue is searx
<teward> ahasenack: it looks like this was synced in from Debian directly
<teward> what would you suggest for filing the bug against this?
<ahasenack> did your test finish?
<ahasenack> the adt one
<ahasenack> I'm trying to start it manually in a terminal, to see when it segfaults, but am having a hard time with that
<teward> actually looks like LXD exploded
<teward> hang on
<ahasenack> it's not a simple initscript
<ahasenack> traced it to this
<ahasenack> May 22 16:44:30 autopkgtest uwsgi[6741]: + start-stop-daemon --start --quiet --pidfile /run/uwsgi/app/searx/pid --exec /usr/bin/uwsgi -- --ini /usr/share/uwsgi/conf/default.ini --ini /etc/uwsgi/apps-enabled/searx.ini --daemonize /var/log/uwsgi/app/searx.log
<ahasenack> but that incurs in other errors
<teward> ahasenack: running local test now, lxd decided to fubar initially
<ahasenack> ok
<teward> also troubleshooting some major chaos with a VPN tunnel at work so, split-attention
 * ahasenack fetches a snack
<teward> ahasenack: i think we have to contact the Debian people on that
<teward> because why they do taht in the test
<teward> instead of install uwsgi, drop it in the app area, and then call the uwsgi command which runs this as a daemon, (not sure if it can?) it is failing on that command
<teward> which is unique to the test
<teward> let me poke this a bit more
<teward> ahhhhh interesting
<ahasenack> back
<teward> ahasenack: hmm i found something interesting
<teward> i need to do some debugging thoguh
<teward> ahasenack: i think i found the breakage
<ahasenack> sounds good
<ahasenack> do tell
<teward> possibly.
<teward> ahasenack: the problem is I can't find the explicit init.d to call
<teward> but when I try and run uwsgi directly things're not being placed in there proper
<teward> so it might not be the proper 'test'
<teward> is there a way to see the CLI call made to execute uwsgi by systemd or start-stop-daemon?
<ahasenack> I tried
<ahasenack> closest I got was to insert a "set -x" in /etc/init.d/uwsgi just before the do_* call for start
<ahasenack> and then follow in /var/log/syslog
<ahasenack> I got to the start-stop-daemon line I pasted above, at 19:51:15 utc
<ahasenack> but that line in itself didn't segfault
<teward> hmm
<teward> ahhh i think i know what's going on...
<ahasenack> sounds even better
<teward> ahasenack: i manually tried the same command to start uwsgi
<teward> and found this in syslog: May 22 20:44:35 adt-virt-lxd-dxnxve systemd[1]: uwsgi.service: Failed to reset devices.list: Operation not permitted
<ahasenack> I see that all the time in lxds
<teward> and when it tries to start apport crash handler it fails too
<teward> ahasenack: the problem is, that's the only 'error' i can see
<teward> it doesn't actually start the process
<teward> now, when I call the start-stop-daemon line directly?
<teward> it errors with missing file/folder in the python app
<teward> ahasenack: can we call the package broken and blacklist it?
<teward> i don't think there's any rdeps
<teward> and this is a 'new' package
<teward> new as of Bionic
<ahasenack> teward: I get this in a vm: https://pastebin.ubuntu.com/p/r7D9thcbwK/
<teward> ahasenack: i got that too
<teward> check /var/log/uwsgi/app/searx.log
<teward> what do yo usee?
<ahasenack> I have no clue how uwsgi is supposed to work
<teward> ahasenack: neither do I, but if any of the python underneath fails to launch uwsgi itself explodes
<teward> and that could trigger a segfault with a core dump
<ahasenack> teward: I get this: https://pastebin.ubuntu.com/p/P34n2BVckK/
<ahasenack> but note this is running as root, a normal user cannot create that log file
<ahasenack> I was thinking that had something to do with it
<teward> it could
<ahasenack> whatever happened, those vars didn't get expanded looks like
<teward> yeah it didn't
<teward> which it wouldn't from a shell
<ahasenack> I have /run/uwsgi/app/searx/ but it's empty
<teward> well from a shell it drops you into it might not
<ahasenack> deb-confnamespace comes from /usr/share/uwsgi/conf/default.ini
<teward> and that's not being expanded, it seems, by uwsgi properly.
<teward> aha
<teward> ahasenack: ran the uwsgi command that should start uwsgi properly
<teward> getting a permission denied on a bind
<teward> underneath gdb
<ahasenack> teward: it seems to be failing in debian too: https://ci.debian.net/packages/s/searx/
<teward> ahasenack: should we raise a 'critical' or equivalent bug in Debian?
<teward> because it's not fit to exist
<teward> if autopkgtests are dying
<teward> and it's going to block other things here in Ubuntu from migrating from proposed
<teward> nginx included
<ahasenack> I think a bug is ok. debian doesn't yet gate on dep8 tests like we do
<teward> ahasenack: bug on it here?
<teward> (Ubuntu)
<ahasenack> I'd suggest a bug over there, and you can use that bug to ask an AA to let it pass for now
<ahasenack> a bug here too also works, having both linked
<teward> ahasenack: so, serious-level bug on Debian about autopkgtest failures which suggest the application doesn't work?
<teward> 'cause that's where i'm at now
<ahasenack> I don't know enough to say if the app doesn't work or not, but a segfault is bad
<ahasenack> but I didn't check debian to see if it segfaults there too
<teward> ahasenack: i'm inclined to open it here in Ubuntu and say it segfaults horribly
<ahasenack> the fact that the test fails in the same place is suggestive, though
<teward> and the autopkgtests make it fail horrible.
<ahasenack> ok
<ahasenack> do you have the crash file too?
<ahasenack> in /var/crash?
<teward> ahasenack: no but I have gdb trace when you have the application run under uwsgi directly
<teward> so see if this works for you...
<ahasenack> how did you run it?
<teward> gdp --args "uwsgi -s 4000 --ini /usr/share/uwsgi/conf/default.ini --ini /etc/uwsgi/apps-enabled/searx.ini"
<teward> gdb*
<teward> which has uwsgi directly run the application as configured on port 4000
<teward> that gave a permission denied in gdb
<teward> after dropping root privs to uid/gid 33
<ahasenack> I start that as root and it exits after failing to write to that /run directory
<teward> let me replicate again
<yee__> dose anyone have a solution how to fix this problem? https://askubuntu.com/questions/1002933/vmware-dhcp-no-internet-access, same problem in here as well https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624320
<ubottu> Launchpad bug 1624320 in systemd (Ubuntu) "systemd-resolved appends 127.0.0.53 to resolv.conf alongside existing entries" [Low,Confirmed]
<teward> ahasenack: i'm getting the 'no such file or directory' error myself... except when I set the env vars manually
<teward> so...
<ahasenack> which vars?
<teward> UWSGI_DEB_CONFNAME and UWSGI_DEB_CONFNAMESPACE
<teward> UWSGI_DEB_CONFNAME='searx', UWSGI_DEB_CONFNAMESPACE='app'
<teward> which uwsgi conf says it uses to populate the 'fake' options
<ahasenack> that's all way over my head :)
<teward> the workers all segv
<teward> *but* if I run the same command under gdb...
<teward> oooh actually
<teward> i don't get any usable traceback this time
<teward> ahasenack: interesting to note though that i get all the segfault calls, and it constantly respawns
<ahasenack> systemd would do that, but if you started it directly, I don't know what would do it then
<teward> ahasenack: if I start uwsgi directly, I replicate the segfaults
<teward> replicating what systemd does to populate those vars
<teward> and it segfaults
<teward> i'm going to open a critical bug here that has to do with the segv
<teward> because both of us are getting crash dumps
<teward> yep i get a crash dump for uwsgi as well
<teward> in the autopkgtests area
<ahasenack> cool, upload the crash dump too then
<teward> ahasenack: do you think using 'Critical' as the bug importance would be a bad thing?
<teward> this autopkgtest breaks a lot of things...
<ahasenack> probably. I tend to reserve critical bugs sparingly
<teward> well the package simply doesn't work
<ahasenack> someone in #ubuntu-release can let it pass, but that's why having a bug is important, so when they add it to their script they can link to the bug
<teward> indeed
<ahasenack> also link to https://ci.debian.net/packages/s/searx/ saying it's failing there as well
<teward> ahasenack: should I just upload the crash file direct or should I apport-collect the bug number?
<ahasenack> try apport-bug first
<ahasenack> it might pick up the crash file
<Blueking> flashed bios... now I am missing interface em2   the other em1 are there
<teward> ahasenack: nope, fails.
<ahasenack> fails because no network?
<teward> apport-bug says no pending crash reports
<Blueking> shouldn't interface be visible with ifconfig -a ?
<ahasenack> Blueking: probably, try also "ip -l" to be sure
<teward> ahasenack: unless you know how I can put this crash right into the proper package
<teward> because it's crashing uwsgi not searx so it'd pick up as an uwsgi bug
<Blueking> another thing.. when I look into bios  bios tells me I can have 1,2,3 all cores enabled, I've set 'all'  but only 2 cores visible in ubuntu ?
<ahasenack> teward: try https://pastebin.ubuntu.com/p/BQNwmkdC8y/
<Blueking> ip -l
<ahasenack> it's fine if it picks it up as a uwsgi bug, that can be changed
<teward> mmkay.  though i already filed the searx bug
<ahasenack> then just attach the crash file
<ahasenack> Blueking: you checked by looking in /proc/cpuinfo or what?
<Blueking> ahasenack yes
<teward> aaand now I can't close out of this :/
<Blueking> munin reports 2 core too
<ahasenack> Blueking: counted "processor" lines?
<Blueking> processor 0 processor 1
<Blueking> Intel(R) Xeon(R) CPU E3-1230L v3 @ 1.80GHz
<ahasenack> Blueking: check output of dmesg
<ahasenack> there are many messages related to cpus and cores
<ahasenack> look perhaps for "smpboot"
<ahasenack> or "CPU"
<Blueking> how I filter out cpu on dmesg ?
<ahasenack> type dmesg|less
<ahasenack> then use the "/" key and type CPU
<ahasenack> "/" is to search
<ahasenack> when done, use "q" to quit
<Blueking> dmesg | cpu
<ahasenack> "dmesg | less" means send the output of dmesg to the input of less
<ahasenack> no
<Blueking> like this ?
<ahasenack> dmesg | less
<ahasenack> dmesg and less are different programs
<ahasenack> we are using | to connect them
<Blueking> shorewall spams..
<ahasenack> then you can use the arrow keys, page up/down keys, to navigate over the contents of dmesg
<ahasenack> what's the first line you have?
<ahasenack> it should be something like
<ahasenack> [    0.000000] Linux version 4.15.0-22-generic (buildd@lgw01-amd64-013) (gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) #24-Ubuntu SMP Wed May 16 12:15:17 UTC 2018 (Ubuntu 4.15.0-22.24-generic 4.15.17)
<ahasenack> teward: I gotta go
<ahasenack> see you tomorrow
<teward> ahasenack: yep, no problem.
<Blueking> ahasenack [    0.166957] x86: Booting SMP configuration:
<Blueking> [    0.166962] .... node  #0, CPUs:      #1
<Blueking> [    0.182986] x86: Booted up 1 node, 2 CPUs
<teward> bugs're filed though you were pinged in another room
<teward> !pastebin
<ubottu> For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<ahasenack> teward: I subscribed to them
<teward> Blueking: FYI, use a pastebin for multiline.  ahasenack is also having to leave right now.
<teward> ahasenack: ack
<teward> i also poked -release
<teward> to see if they can handwave the failures for nginx
<Blueking> :/
<ahasenack> teward: someone can, might not even have to be an archive admin
<ahasenack> I'm never sure about those permissions
<teward> ahasenack: indeed, they'd [robably be in -release anyways
<teward> or point me where I need to go
<ahasenack> yep
<teward> i know infinity and others have power :P
<teward> anyways, i'm off myself
<ahasenack> cya
<nacc> Blueking: what is your question?
<Blueking> nacc  my mobo's bios tells me I have 4 core  where I can define how many core that can be used 1,2,3 or all
<Blueking> I've defined 'all'
<Blueking> so why ubuntu only see 2 core ?
<nacc> Blueking: what motherboard and cpu is it?
<Blueking> nacc : [    0.162663] smpboot: CPU0: Intel(R) Xeon(R) CPU E3-1230L v3 @ 1.80GHz (fam: 06, model: 3c, stepping: 03)
<Blueking> https://www.supermicro.com/products/motherboard/Xeon/C220/X10SLM_-F.cfm
<nacc> Blueking: can you pastebin the output of `hwloc` ?
<Blueking> hwloc not installed
<nacc> Blueking: ok, install it :)
<Blueking> no connection to net right now :/
<Blueking> just updated bios and some issue with one of interfaces
<Blueking> one got to do something after installing new bios ?
<Blueking> on ubuntu
<nacc> not usually
<Blueking> nacc: in /dev I see i2c-0 i2c-1 i2c2... i2c-7     total eight.. are these about cores/threads ?
<nacc> Blueking: no
<nacc> Blueking: those are i2c devices https://en.wikipedia.org/wiki/I%C2%B2C
<Blueking> ok
<jose-phillips> hey any idea
<nacc> jose-phillips: about what?
<nacc> Blueking: it's relatively rare these days for Linux to not see all the resources on a system
<jose-phillips> i have this sceneario
<jose-phillips> im trying to setup a network where
<jose-phillips> interface eno1 and eno2 are iscsi multipath
<jose-phillips> and i need create a bonding to reach nfs of both interfaces
<jose-phillips> if i leaave the ip configured on eno1 the bonding driver kill automatically the network on eno 1
<jose-phillips> or at least i need one vlan interface that can choose use one interface or anther one
<jose-phillips> using ububtu 18.04
<jose-phillips> ubuntu server
<jose-phillips> complicated eh..
<nacc> "interface eno1 and eno2 are iscsi multipath" seems incorrect to me
<nacc> iscsi is for disk storage
<jose-phillips> i know
<jose-phillips> the server is 100% diskless
<sarnold> iirc you'd use corosync or pacemaker to do your interface failover
<jose-phillips> so they depend to keep alive eno1 and eno2
<jose-phillips> or at least eno1 or eno2
<jose-phillips> now i need to set a extra interface that can manage anther subnet for nfs and should be active-backup
<jose-phillips> in case the target can't be reached for example eno1
<jose-phillips> use eno2
<jose-phillips> with the same ip address
<jose-phillips> bonding not work because when i do bond on the interface kill the interfaces that is using
<jose-phillips> oto take it in the bond0 interface
<Blueking> nacc ubuntu server back online
<nacc> Blueking: cool
<Blueking> hmm hwloc does what ?
<nacc> Blueking: prints detailed info about the hardware topology
<Blueking> installed hwloc   tries it  says no command ?
<nacc> Blueking: sorry, try `lstopo`
<Blueking> no cpu info there
<Blueking> nacc http://paste.ubuntu.com/p/s9GXrnVwth/
<Blueking> nacc http://paste.ubuntu.com/p/vSw2gghjr6/
<Blueking> nacc http://paste.ubuntu.com/p/dTgxRCp5k3/
<sarnold> xnox: hey any chance you still have access to the Better ARK? Blueking here's got a processor that shows up as 4c8t on ARK, but linux only ever sees two cores
<Blueking> sarnold: supermicro mobo's bios I can define how many core to be active  1,2,3, all  this implies 4 core ?
<sarnold> Blueking: what happens if you fiddle with that setting? :)
<sarnold> set it to 1, boot, see what happens, set it to two, tec..
<Blueking> tried set to 3 core no changes
<Blueking> I can test 1 core
<Blueking> 1 active core (bios)  ubuntu still replied 2 core
<Blueking> any idea nacc sarnold ?
<sarnold> no :(
<Blueking> never seen more than 2 core on this xeon cpu...   could it be early versions of this cpu came out with only 2 core ?
<JanC> Blueking: I looked into that yesterday, and this model is always 4-core as far as I could tell
<JanC> there is a E3-1220 or something like that which only had 2 cores
<JanC> maybe your BIOS is hacked and it hides 2 cores used by some bitcoin farm  ;-)
<sarnold> I did vaguely consider it might be counterfeit cpu .. but does anyone do that any more?
<JanC> I'm pretty sure these CPUs are too expensive to design a clone of for that to be lucrative
<JanC> (or even something close enough that it isn't obvious)
<JanC> if anything, a batch that got the wrong fuses blown and identifies incorrectly seems more likely then
<sarnold> ahhh yes that's far more plausible
<JanC> or just some bad firmware
<JanC> I guess trying a firmware (UEFI) upgrade (if available) would be a good idea
<sarnold> JanC: heh I think that was yesterday's project
<Blueking> I'll post a question to shop where I bought mobo and cpu
<JanC> Blueking: are you using an Ubuntu kernel?
<JanC> or something you compiled yourself?
<Blueking> ubuntu kernel
<JanC> I suddenly wonder if Intel disabled cores to fix meltdown/spectre issues?  :P
<sarnold> disabling HT was rumoured to help with something or other.. but cores? I think it'd take disabling all-but-one to make a difference
<Blueking> just checked billing note from shop -> Intel Xeon Quad-Core E3-1230Lv3 1.8GHz 8MB, 25W, LGA1150
<Blueking> bios says 1,2,3,all
<JanC> sarnold: depending on how the cache is shared
<Blueking> could it be bad connect between cpu and socket ?
<JanC> I doubt it would work at all then
<JanC> I wonder if you have accidentally set a kernel parameter or something
<Blueking> I don't have experience to do so..
<sarnold> ohho, what's /proc/cmdline look like?
<Blueking> hmm /proc/cmdline ?
<Blueking> I might have to test with windows OS ..
<JanC> ?
<Blueking> see if windows can access all 4 cores
<JanC> is there anything unusual in /proc/cmdline ?
<Blueking> http://paste.ubuntu.com/p/PMr3bYJcGy/
<sarnold> that's /proc not /proc/cmdline :)
<Blueking> http://paste.ubuntu.com/p/mh5T6PqVZP/
<JanC> hm
<Blueking> I uploaded new intel microcode recently
<JanC> I wonder why this has intel_pstate=disable
<sarnold> well, it was a good theory. bummer.
<Blueking> something suspicious ?
<JanC> not suspicious
<Blueking> intel_pstate=disable ?
#ubuntu-server 2018-05-23
<JanC> pstate is an Intel alternative for cpufreq, but it's possible that it doesn't work well with all CPUs, I don't know...
<JanC> in theory it shouldn't affect # of CPUs though
<JanC> and the two nomdm* are about RAID
<Blueking> I have to ask those guys at server shop then
<Blueking> or test box with another OS
<sarnold> I suspect they will not be able to help you :)
<sarnold> other OS seems like a reasonable enough test, but another *cpu* frmo a different supplier might be more useful still
<Blueking> I have 5 year warranty on such hardware...
<Blueking> might be faulty cpu microcode too ?
<Blueking> got error on it last time I ran apt upgrade
<sarnold> well at least that one might be easy to nail down, uninstall the intel-microcode package, rebuild initrd, reboot, re-test, and check the microcode date in dmesg..
<Blueking> E: intel-microcode: failed to create or prepend the early initramfs to the initramfs
<sarnold> it seems insanely unlikely to me though
<sarnold> we'll publish a new microcode in a few days for the spectre v4, maybe your cpu is covered in that list...
<Blueking>  -> /usr/sbin/iucode_tool: microcode bundle /lib/firmware/intel-ucode/list: unknown microcode format
<Blueking> downloaded from intel: microcode-20180425.tgz
<JanC> Blueking: my guess would be that it's actually a BIOS/UEFI firmware bug (possibly in ACPI)
<sarnold> hmmmm.. I wonder if the fwts package could help?
<JanC> I wonder if there is a kernel parameter to ignore ACPI's core count (or whatever makes this wrong)
<cpaelzer> good morning
<lordievader> Good morning
<xnox> sarnold, I do not have access to Better ARK but people on #clearlinux irc channel do
<xnox> sarnold, lack of CPUs may indicate custom microcode that disables/enables them; or that cpus were fused away, meaning there is a crippled SKU out there aka a cheap edition.
<xnox> sarnold, many of Intel CPUs are the same, and artificially clocked down / cores disabled. And one can sometimes pay to unlock higher clock speeds & cores.
<rbasak> ahasenack: I'd say the reporter has modified his system from defaults so much in bug 1772337 that it's likely to be a configuration problem than a bug in Ubuntu. If he thinks it's a bug he should at least present an explanation as to why. So Incomplete.
<ubottu> bug 1772337 in mysql-5.7 (Ubuntu) "package mysql-server-5.7 5.7.22-0ubuntu18.04.1 failed to install/upgrade: installed mysql-server-5.7 package post-installation script subprocess returned error exit status 1" [Undecided,Triaged] https://launchpad.net/bugs/1772337
<samba35> can some one please tell on 18.04 i have process with sha256sum and it keep running for long time and it kepp cpu busy ,how do i find what it is doing and trace it ,and it keep changeing pid even kill within second it start new same process ,is it normal ?
<Ool> samba35: try ps with the f option to see hierarchy
<samba35> ok ,i will try it when this start
<Ool> did you put some security stuff who want to have hash from each file ?
<samba35> how do i find which package hold this file  /usr/bin/sha256sum
<Ool> apt search sha256sum  ?
<ivoks> dpkg -S /usr/bin/sha256sum
<ahasenack> hm, mod-wsgi dep8 tests passed locally
 * ahasenack clicks the retry button in excuses
<samba35> ps auxf should be ok ?
<Ool> exactly how I use ps :)
<Ool> but someones prefer ps -edf
<samba35> thanks Ool and ivoks
<samba35> ok will that too :) but thanks for give idea get good idea
<Neo4> my shell script functionality, what would be good else to add there?
<Neo4> https://paste.ubuntu.com/p/ChMScTw5sp/
<Neo4> backup, generation and set up sshkey, set up certificates for virtualdomains
<Neo4> I think about create a fullfladgit control panel :)
<olivierb-> Hello everyone, basic question but can not find answer easily on my side. Let's assume I have a dhcp server on my network which assigns IP AND hostname. When my machine boots, it gets the IP but hostname command and /etc/hostname file contains ubuntu. Machine is ubuntu xenial 64bit with minimal set of packages. Furthermore my seconday IP address is on another network served by another dhcp server but this one does not provide host
<olivierb->  names in DHCP offers. How does all this works and what should I add/change to get my hostname properly set ?
<ahasenack> I don't know
<rbasak> olivierb-: if you're using ifupdown on Xenial, then it's done via dhclient.conf and dhclient-script
<rbasak> I'm not sure what the default is or if you need to change it.
<rbasak> olivierb-: it's probably not a good idea to have a server's hostname regularly change though. Unless it's an appliance, I'd lock it in statically on the client side anyway.
<olivierb-> rbasak I managed to get it working once using service networking restart, but it was only once
<olivierb-> name should not change as long as the lease remains same
<ahasenack> there is this fence-agents package in the ubuntu archive, that ships a lot of scripts of the type fence_*
<ahasenack> there is one of those scripts that doesn't work out of the box because of missing python dependencies
<ahasenack> these missing deps are declared as "Suggests" in the d/control file
<ahasenack> that seems wrong to me. If the script doesn't even run, surely those deps should be in Depends?
<ahasenack> bug is https://bugs.launchpad.net/ubuntu/+source/fence-agents/+bug/1772096
<ubottu> Launchpad bug 1772096 in fence-agents (Ubuntu) "fence_vmware_soap is not working after installation of fence-agents" [Undecided,Triaged]
<ahasenack> check comment #2
<ahasenack> and #4
<ahasenack> it's a sync from debian, though
<rbasak> ahasenack: depends on the nature of it. AIUI, if it's not the normal use case of a package, it doesn't hae to be a Depends.
<ahasenack> it's just one of many fence agents the package ships
<ahasenack> take a look at apt-cache show fence-agents
<rbasak> "The Depends field should be used if the depended-on package is required for the depending package to provide a significant amount of functionality."
<rbasak> "The Recommends field should list packages that would be found together with this one in all but unusual installations."
<rbasak> "[Suggests] is used to declare that one package may be more useful with one or more others. Using this field tells the packaging system and the user that the listed packages are related to this one and can perhaps enhance its usefulness, but that installing this one without them is perfectly reasonable."
<rbasak> From https://www.debian.org/doc/debian-policy/#binary-dependencies-depends-recommends-suggests-enhances-pre-depends
<ahasenack> it backtraces
<rbasak> For a package that is essentially a collection of a bunch of different use cases, it's difficult.
<rbasak> People might not want it to depend on every single possible use case dependency package.
<ahasenack> they should have their own package each then, if it pulls in more deps than the maintainer is willing to accept
<rbasak> But by not doing that the user has to know what extra to pull in
<ahasenack> the user will see a python backtrace
<rbasak> Yeah that's not good. It's not necessarily wrong to not have a dependency, but it's reasonable to expect a more helpful error message.
<rbasak> I would leave it to whatever the Debian maintainer thinks is appropriate
<ahasenack> there's a changelog entry even, mentioning the two deps being added as build-depends, and suggests, at the same time
<ahasenack>   * Add python-requests and time to Build-Depends, add python-requests and
<ahasenack>     python-suds to Suggests (needed by fence_vmware_soap).
<rbasak> That sounds reasonable
<ahasenack> I fail to see how
<ahasenack> the package is shipping a binary, like many others it already has, that does not work because of a missing dependency
<ahasenack> it crashes
<ahasenack> apport will raise its head
<rbasak> It can be fixed by adjusting the apport hook or adjusting the error message when the "dependency" isn't found.
<rbasak> It doesn't necessarily have to be declared as a Depends unless it is needed to provide a significant amount of functionality for the package.
<rbasak> The decision is left to the maintainers otherwise, and it seems that they selected Suggests deliberately.
<Blueking> are there any dos tools that can post intel cpu, number of cores and so ?
<compdoc> you mean command line
<compdoc> https://www.tecmint.com/check-linux-cpu-information/
<RoyK> Blueking: lscpu as before
<ahasenack> rbasak: success! "   * Move python3-requests and python3-suds to Depends (Closes: #899381)"
<samba35> why  usr/bin/sha256sum /etc/aide/aide.conf.d/31_aide_rngd keep cpu usage very hight
<samba35> any idea why sha256sum is used for X11 relates file ?
<teward> because the CPU has to calculate the hash sum of a given file
<teward> why it's doing that I don't know, but sha256sum is not a 'light' function in terms of resources
<teward> (any hashsum function will eat CPU)
<teward> (to varying degrees depending on the filesize of the file being hashsummed, and the hashing algo)
<samba35> yes but what kind of with X11
<teward> I... have no idea what you just tried to ask.
<teward> which means either a language barrier, or your question was malformed./
<teward> samba35: as I said, I can't answer *why* it's used for the X11 relates file, but I can answer the "keep cpu usage very high" part because of the nature of what sha256sum does
<teward> i once sha256summed a 240GB disk image file once.  Took full CPU on the 16 cores of that workstation, for a good bit of time.
<teward> (100% usage, on pretty much all cores, until it finished the calculation of the sha256sum)
<samba35> ok ,got it it seems im-config
<samba35> remove this page and let see what happen
<ahasenack> rbasak: little help: is this good? https://pastebin.ubuntu.com/p/ZPCZcYtykt/
<samba35> /etc/apache2/mods-available/proxy_http2.load now sha256sum is using this file
<samba35> so its not static to one file
<samba35> i am not trying encrpth /decrypth any file
<teward> it's not encryption/decryption
<teward> it's hashsumming.  *something* on your system is trying to get hash sums for various files
<ahasenack> samba35: you seem to be using aide. That will hash all files in your system
<teward> ^ that
<samba35> how to i fix this ?
<ahasenack> remove aide
<ahasenack> or figure out why you installed it
<ahasenack> unless this is not your system :)
<samba35> is it relaed to check-security ?
<ahasenack> don't know what that is
<ahasenack> there is no such file or package in ubuntu bionic
<samba35> brb will reboot system ,its keeping cpu very hight and its too hot already
<ahasenack> rebooting won't fix it
<ahasenack> it's likely a cron job, it will just run again
<Blueking> hmm how to open this ? intel-microcode_3.20180425.1~ubuntu0.16.04.1.tar.xz
<Blueking> tar won't work ?
<ahasenack> tar xJf <file>
<ahasenack> J is for xz compression
<Blueking> hmm how do I implement microcode ?
<Blueking> none help file inside this package ?
<ahasenack> I don't know, but there is a package in ubuntu that installs new microcode, you could check how it does it
<Blueking> are there search function inside apt ?
<ahasenack> apt-cache search for packages
<ahasenack> apt-file search for files in packages
<sdeziel> Blueking: installing the intel-microcode package should be all you need
<Blueking> sdeziel how ?
<sdeziel> Blueking: on your next reboot, a fresh microcode will be loaded if one is available
<sarnold> xnox: oh thanks for the #clearlinux tip -- I knew intel binned CPUs pretty heavily but I thought they were *really* diligent about making sure every unique combination had a descriptive name..
<xnox> HAHAHHAHAHAH
<sarnold> xnox: well not poor Blueking is likely to return his cpu because it's not what he thought he bought..
<lyn||ian> sarnold, that is what ark.intel.com is for as there are too many to memorize
<sarnold> lyn||ian: ARK says Blueking's processor should have FOUR cores but it only has TWO cores.
<lyn||ian> wow'
<sarnold> yeah, that's what has me so surprised :)
<sarnold> I've spent so many hours reading ARK details on processors I've thought about buying..
<xnox> sarnold, well.... what does the box say? or the markings on the cpu itself? it might be sub-sku with disabled cores.
<sarnold> Blueking: hey :) do you still have the box? :D
<Blueking> sarnold it's a few months away from beeing used for 5 year :P
<sarnold> Blueking: so.. the box is long since discarded? heh
<Blueking> bios says 4 core
<Blueking> gotta find out how to remove current microcode and force new one in
<sarnold> apt-get install intel-microcode; make sure the initrd is rebuild; then reboot
<sdeziel> Blueking: again, this should all be automatically done on reboot
<sdeziel> Blueking: journalctl -k | grep -i microcode
<sdeziel> but IIRC, this will only load a microcode on CPUs visible by the kernel...
<Blueking> last line didn't post anything
<Blueking> how to remove current microcode.. apt-get install intel-microcode  says 'intel-microcode defined manual installation'
<nacc> Blueking: you mean remove the intel-microcode package? `sudo apt-get remove intel-microcode`
<Blueking> ok used apt-get remove intel-microcode  ->  then apt-get install intel-microcode -> reply from process  "/usr/sbin/iucode_tool: microcode bundle /lib/firmware/intel-ucode/list: unknown microcode format" and "E: intel-microcode: failed to create or prepend the early initramfs to the initramfs"
<Blueking> maybe this error  make it fail update intel-microcode at next boot ?
<sdeziel> Blueking: most probably
<nacc> uh, don't think there should be a /lib/firmware/intel-ucode/list file
<nacc> and yes, if the package failed to install, then it ... didn't install
<sdeziel> Blueking: you asked how to untar the intel-microcode tarball earlier, have you extracted that tarball in that dir?
<Blueking> no
<sdeziel> OK good
<nacc> just did a quick chdist check and yea, there shouldn't be a list file
<nacc> (at least, afaict)
<sdeziel> I can confirm this /list file isn't here on my machines
<Blueking> maybe this was bad thing.. what I did 2 weeks ago ? mv intel-ucode /lib/firmware
<Blueking> tar -xvzf microcode-20180425.tgz
<Blueking> but only had two core before that
<sdeziel> is that the tarball provided by Intel?
<Blueking> yes
<sdeziel> I'd try to do the following: "apt-get purge intel-microcode" then "rm -rf /lib/firmware/intel-ucode" and finally "apt-get install intel-microcode"
<Blueking> ok
<Blueking> ok rebooting now
<Blueking> still 2 core
<sdeziel> Blueking: did you have the "unknown microcode format" error prior to the reboot?
<sdeziel> if no, I'd be curious to see the "journalctl -k| grep -i microcode"
<Blueking> sdeziel: http://paste.ubuntu.com/p/9JmBr77pvZ/
<Blueking> sdeziel: interesting here http://paste.ubuntu.com/p/pSs9NcXDv3/
<sdeziel> enabledcores=1 looks suspicious
<Blueking> only one enabled core..
<sdeziel> you have HyperThreading right?
<Blueking> yes
<sdeziel> OK so that explains the first paste
<Blueking> http://paste.ubuntu.com/p/M7nQ3bjjG5/
<Blueking> so where do ubuntu have these control sets ?
<Blueking> grub/grub2 ?
<Blueking> sdeziel ?
<sdeziel> Blueking: cat /proc/cmdline
<Blueking> sdeziel: http://paste.ubuntu.com/p/t6v8mqtqX2/
<sdeziel> Blueking: so there is no kernel arg that artificially limits the number of cores visible
<Blueking> there must be sumthin ?
<arooni> anyway to check to make sure log rotation is working across web logs/etc.. ? or is this just on by default (16.04 server)
<Blueking> hello Janc
<Blueking> hello JanC
<Blueking> hello JanC_
<Blueking> JanC  you had a peek at mine problem ?
<sarnold> Blueking: has this cpu always had two cores? :)
<Blueking> that I am not sure about
<sdeziel> Blueking: yeah, I'd grep old boot logs for nr_cpu_ids
<Blueking> sarnold  seems only one core  are enabled   with HT it's '2' core
<Blueking> cd ..
<JanC> Blueking: currently my guess would be it's an ACPI problem?
<Blueking> http://paste.ubuntu.com/p/THJS4XjWH3/
<Blueking> not sure
<Blueking> should I goin bios and change ?
<Blueking> what are RCU ?
<Blueking> RCU restricting CPUs from NR_CPUS=512 to nr_cpu_ids=2.
<sarnold> RCU is a go-fast lockless datastructure design scheme
<sarnold> it allows working with stale data in a predictable way
<JanC> and it needs to know how many CPUs you actually have, I suppose
<sarnold> right
<Blueking> hmm I need to uncompress log files ?
<Blueking> to search through old log files ?
<sdeziel> Blueking: zgrep should be able to look into .gz log files
<sdeziel> zgrep -F nr_cpu_ids /var/log/syslog*
<sarnold> vim also has some autorules to expand compressed files in place
<Blueking> kern log files goes back only 3 days..
<sdeziel> Blueking: syslog, not kern.log
<Blueking> nothing there
<sdeziel> do you ship logs to an aggregator/concentrator by any chance?
<sdeziel> Blueking: I'm done for the day but good luck
<sarnold> gnight sdeziel ;)
<sdeziel> thx
<Blueking> still a bug ? -> https://ubuntuforums.org/showthread.php?t=2187699&page=2
<tomreyn> Blueking: it's either still a *BIOS* bug (and will then surely remain that as BIOSes traditionally have a long lifetime) or it remains to be an ubuntu bug which, at least according to this forum thread, was not yet reported (and would thus not get fixed unless identified AND reported independently).
<Blueking> okey
<Blueking> tomreyn: configuration: cores=4 enabledcores=1 threads=8  with command lshw -class cpu
<tomreyn> Blueking: so?
<Blueking> just wonder  cores=4  enabled cores=1  but  the number of threads=8   are it 8 enabled threads ?  thus it indicates 4 enabled cores..
<Blueking> just wonder if ubuntu read bios wrong  where bios say 1 core someplace it means 1 physical cpu ?
<Blueking> it's supermicro mobo
<nacc> Blueking: i don't think the threads relates to how many threads are enabled
<nacc> Blueking: not sure, though, i'd need to read the source to be sure
<nacc> Blueking: what does `grep -c '^processor' /proc/cpuinfo` say?
 * tomreyn would also *assume* it refers to capabilities, not current configuration
<Blueking> inside bios  there intel service thing wich tells status of mobo/cpu   disabled cores = 0
<nacc> tomreyn: yeah, i assume givne the 'enabled' vs. no-prefix for cores, they are distinct for threads too (but possibly not emitting)
<Blueking> nacc nothing.. wrong typo ?
<Blueking> 2
<nacc> Blueking: ok, so you have 1 core enabled with HT on
<nacc> Blueking: which is completely accurate with `lshw`
<Blueking> looks like that yes
<nacc> Blueking: and your BIOS setting is currently set to 4 cores?
<Blueking> 'all'
<Blueking> active cores
<nacc> Blueking: did you figure out what actual model (by the box) you have?
<Blueking> I can define 1,2,3, all
<nacc> Blueking: based upon sarnold & xnox's disucssion above
<nacc> Blueking: it seems most likely you have a buggy BIOS or you have a not-full-core chip
<sarnold> I *really* have trouble seeing supermicro having a bios this buggy
<sarnold> I know bioses suck and all
<sarnold> but defective-CPU sold at a discount is my current favourite theory
<Blueking> billing from shop:  	Intel Xeon Quad-Core E3-1230Lv3 1.8GHz 8MB, 25W, LGA1150
<Blueking> shop didn't have this cpu on shelf.. were some ordering time and had to wait some time
<Blueking> nacc: I updated Bios  2 days ago to see if update fixed number of visible cores
<Blueking> I am gonna put another hdd on mine box and test with windows OS
<nacc> sarnold: yeah, i would agree too
<nacc> Blueking: also, fwiw, your mobo page didn't list this cpu as explicitly compatible
<sarnold> curious
<sarnold> I saw e3 v3-4 xeons on the page and though tit looked good enough
<nacc> i saw e3 1200, and it wasn't immediately obvious to me if that included 1230
<nacc> this person claims to have seen 8 cpus in linux with a 1230: https://superuser.com/questions/851799/proc-cpuinfo-for-xeon-e3-processor
<sarnold> I think that's  adifferent model, no L in that name
<nacc> ah right
<nacc> Blueking: this seems relevant: https://webcache.googleusercontent.com/search?q=cache:eWwSlZlUNDMJ:https://forum.pfsense.org/index.php%3Ftopic%3D128722.0+&cd=3&hl=en&ct=clnk&gl=us
<sarnold> nacc: DUDE
<sarnold> that looks like it exactly
<nacc> they got an actual response from SM
<nacc> i don't know if it's the same mobo, but the symptoms seem oddly similar
<sarnold> the only slight prblem of course is the bios upgrade was done to try to fix this issue
<sarnold> but still, clearing cmos and spending a few minutes to put it all back together again is quick and easy, easier than installing windows anyway :)
<nacc> right
#ubuntu-server 2018-05-24
<cpaelzer> good morning
<lordievader> Good morning
<rbasak> ahasenack: yes
<ahasenack> good morning
<Ussat> so Deploying 1st 18.04 into prod today
<Ussat> \o/
<Ussat> does 18.04LTS come with php 7.2 ?
<sdeziel> Ussat: yes
<Ussat> thanks
<Ussat> building cacti server on 18.04
<Blueking> sdeziel need to do recovery flash of mobo bios to get back cores
<sdeziel> Blueking: as in go back to an older bios version?
<rcm888> I have xrdp 2 issues
<Blueking> sdeziel no   flash with latest bios
<rcm888> no cursor, only X sign
<sdeziel> Blueking: odd but OK :)
<Blueking> https://www.supermicro.nl/support/faqs/faq.cfm?faq=17137
<sdeziel> that looks promising
<sdeziel> so you've been out of 3 cores for ~5y now and a bios upgrade will fix it?
<Blueking> not sure when it did happen
<Blueking> I flashed bios 2-3 years ago
<Blueking> havn't noticed any diff.. only used for router purpose pÃ¥ torrenting
<Blueking> takk :)
<sdeziel> apparently the latest bios dates back to December 21st 2015
<Ussat> OK, so netplan is pretty damm simple, but I am cureious why the change to netplan ?
<blackflow> NIH?
<Ussat> 1st 18.04 is in production now  \o/
<nacc> Ussat: netplan is able to support more complicated, cloud-like networking configurations that ifupdown doesn't (can't) or can but only with massive amounts of pain
<nacc> that's my explanation, at least
<engkur> hi all
<Ussat> nacc, that works....I have found it very simple
<engkur> anyone install ngs3 on ubuntu 18.04
<Ussat> about to start the process to migrate all our 16.04 -> 18.04
<blackflow> nacc: except it doesnt'. netplan doesn't do anything with networking it merely passes on the config to appropriate files/interfaces for networkd and networkmanager.
<Ussat> well start the planning anyway
<blackflow> in other words, it's an abstraction tool. one could easily use networkd directly for same effect, AND stay portable across distros. netplan is another NIH and Canonical-specific bs.
<Ussat> eh...whatever.....I use a total of 2 distros at work so....
<nacc> blackflow: i think the point is you can't do it 'easily' with networkd. I'm not here to argue, though, so have a nice day.
<Ussat> I am all for "easy" TBH, anything that makes my job flow simpler....WIN
<blackflow> it makes _my_ job flow harder though.
<cyphermox> blackflow: my point earlier has been that if you described what is harder for you it's potentially something we can fix
<Ussat> I dont see how, there is nothing stopping you fro useing the lower level networkd commands
<cyphermox> complaining for the sake of complaining, however, if not constructive.
<cyphermox> Ussat: +1
<blackflow> cyphermox: you can't fix it. the part that's harder is custom configuration steps and procedures, just for Ubuntus. right now we remove netplan and use networkd directly. I sure do hope it'll stay that way adn won't become a hard requirement.
<Ussat> considering networkd is here to stay...
<blackflow> I mean, you _can_ fix it, by removing it :)
<Ussat> its not broken, just dont use the netplan layer
<Ussat> there really is no need to remove it
<blackflow> Ussat: are you 100% sure about that?
<cyphermox> so am I.
<Ussat> pretty much
<Ussat> NOTHING is 100%
<cyphermox> if you don't configure anything in /etc/netplan, it won't do anything. You don't need to remove it, but you're free to if you feel the need to
<Ussat> well, death and taxes, but ya
<Ussat> srsly, its a conveniance layer.....dont use it if ya dont want.
<nacc> Blueking: did you figure out your system?
<blackflow> cyphermox: so you're saying that if I remove the /etc/netplan/* files, it will leave networkd configs alone?
<cyphermox> yes
<blackflow> cyphermox: well I have a test server here that's refusing to boot because of missing network config, that says otherwise.
<cyphermox> missing network config maybe, but that doesn't mean it's netplan
<Ussat> I just removed the netplan files on my test VM and boots fine
<dpb1> that's one of the elegant things about it actually.  it's just a renderer
<Blueking> nacc: https://www.supermicro.nl/support/faqs/faq.cfm?faq=17137
<sarnold> Blueking: nice find
<Blueking> it was a guy from shop where I bought cpu and mobo who dig it out for me
<Blueking> similar solution: https://webcache.googleusercontent.com/search?q=cache:eWwSlZlUNDMJ:https://forum.pfsense.org/index.php%3Ftopic%3D128722.0+&cd=3&hl=en&ct=clnk&gl=us
<Blueking> wish me good luck :)
<Blueking> 4 core to be enabled :P
<ahasenack> good luck
<Blueking> taken out cmos battery now gotta wait 20 min
<sarnold> why not poke the pins they suggested?
<nacc> Blueking: yes, that seems to be the same as what I posted earlier (the google cached link)
<Blueking> pins was to do something about ME
<Blueking> nacc sarnold -> http://paste.ubuntu.com/p/VWCdgrcBxK/
<sarnold> YES :D
<sarnold> Blueking: fantastic :D
<Blueking> :D
<Blueking> gotta have a look at munin...
<Blueking> lol.. think I've had only one core for atleast 4 years..
<sarnold> you don't normally think to plot "number of online CPUs" in graphs though
<Blueking> no  but before I only had 2 cpu on graph  now it's 8
<Blueking> verifies that I only had one active core for years
<Blueking> tho  one core were enough for mine use
<Blueking> and started recently using this pc for plex server
<Blueking> and needed to look into it
<sarnold> so hooray for the four-times-speed upgrade :D
<Blueking> :)
<Blueking> no point upgrade to xeon E3 v6 1245 or higher ?
<Blueking> asked shop guy to look into what 1151 motherboards that supports intel quick sync video and xeon E3 with igpu for hw transcoding..
<Blueking> hello RoyK :)
<Blueking> RoyK talked to tony today :)
<RoyK> what?
<libben> Has anyone tried building a router on Bionic Beaver? I've never done a router from scratch. always used pfsense/opnsense and so on. But This time I just want to try build one myself. I do nothing fancy network wise at home. Im going to put it up on a minipc with 4 nics and a wificard.
<libben> Looking at old router builds on ubuntu I feel some things are deprecated on those
<libben> So Anyone can write the steps to take on the new builds. Just the directions, like bullet points. So I can dig down on my own on them instead of guessing on what to do and what is the smartest way of doing things.
<sarnold> probably you'd use netplan instead of writing into /etc/network/interfaces these days
<libben> yeah that was my first thought
<libben> and iptables
<sarnold> and try to switch to ip and the other tools from iproute2 instead of using ifconfig and route
<libben> so netplan, ip forwarding/nat, iptables, ip route and bring up wificard and add dhcp functionality
<libben> bind9 ?
<sarnold> I'd prefer powerdns, unbound and knot are popular choices too, but bind9 is in main.. tough choice there :)
<libben> well im a total novice on these things
<libben> Going for the thing that is understandable and easy guide on
<libben> someone should write a simple router bash script where you just specify your nics and what nic to be wan =)
<libben> pretty amazed that there isnt allready such a package to setup a router on a debian/ubuntu
<sarnold> or worse, there might be dozens of the things :)
<libben> the "love hate" =)
<sarnold> you know how it goes, one works okay but ignores NAT entirely, another would focus entirely on NAT, one would exist just to use ferm, another would try to be an IPAM solution via shell scripts, etc etc..
<libben> yeah it's a shame
<libben> That there is so many ways and opinions some times.
#ubuntu-server 2018-05-25
<rcm888> where can I get help about xrdp?
<rcm888> where is XRDP channel?
<sarnold> you may have better luck to ask more specific questions
<rcm888> I have XDRP problem - cant connect
<sarnold> what error messages do you get on the client and on the server?
<rcm888> cant connect to Xorg display 10,
<rcm888> then disconnect
<rcm888> sarnold: instelld fresh from git, 10.04 lts + lxde
<rcm888> sarnold: 16.04
<rcm888> sarnold: OK, recompiled it again, now it works, but spits error about wcid.
<rcm888> how to completely remove xrdp installed from repo? It is so stupid that you cant rid of pckage.
<rcm888> I had to restore snapshor of vm to make it work
<sarnold> i've never heard of wcid; google shows a bunch of water district information :)
<sarnold> this? looks like a windows thing https://github.com/pbatard/libwdi/wiki/WCID-Devices
<rcm888> yes
<rcm888> I cant make damn keyboard layout work (not switching)
<rcm888> at xrdp session
<cpaelzer> good morning
<Blueking> morning
<lordievader> Good morning
<rbasak> cpaelzer: did you see the dovecot related component mismatches?
<cpaelzer> rbasak: note yet, thanks for the ping
<dpb1> morning all
<kiokoman> morning
<ahasenack> morning
<friendlyguy> hi there!
<friendlyguy> i am wondering how i could change a ubuntu server lts 18.04 to use its mac address as dhcp "identifier"?
<friendlyguy> currently my dhcp-server shows a "mac" for the new host which is 36chars long... i would like to assign a static lease to the server.
<friendlyguy> i am wondering about syslog-ng configuration: i enabled the service through "systemctl enable syslog-ng". after that i started it but not much is going on here. i am wondering if i need to edit the unit-file and pass the config to it
<teward> ahasenack: just to let you know, finally got around to filing that bug upstream for the searx failure, and apw was kind enough to mark the autopkgtests as ignored for this time around.  Thanks for your help hunting that one down.
<teward> and thanks apw for your help as well :)
<ahasenack> teward: upstream in this case is debian or searx?
<teward> ahasenack: debian
<ahasenack> ok
<teward> they didn't notice the package was failing CI
<teward> and searx runs fine directly
<teward> so it's the uwsgi integration there that's broken
<teward> the maintainer is notified now, though, I bothered them direct over on OFTC, as well as with the Debian bug
<ahasenack> yeah, debian isn't gating yet on dep8 tests
<teward> nope.
<teward> but they're aware CI is breaking, and I made a note that downstream in ubuntu it's affecting package migrations
<teward> they're not sure why it's failing, though, so I doubt it'll be a quick fix
<ahasenack> well, it was easy to reproduce
<Tuna-Fish> Hi. When doing an install out of a cd-rom, you can choose "expert mode" (can't remember exact name) that lets you do every stage of the install at a time. If installing from the web using virt-install --location, is there some way to turn on the expert mode?
<tomreyn> Tuna-Fish: de0pends on how you 'install from the web', i guess
<Tuna-Fish> installing to a virtual machine, I was using virsh-install --location
<Tuna-Fish> would be willing to do it another way, if it is easier that way
<Tuna-Fish> the problem is that I am doing this on a server that has no X, and where I cannot get a X shell, so I can only do things through a terminal
<Tuna-Fish> oops, virt-install, not virsh-install
<tomreyn> Tuna-Fish: i'm not actually sure how virt-install does it, but running the (now) "alternative" server installer (maybe also just mini.iso) via PXE/TFTP boot should work
<tomreyn> or just a s a cdrom
<ahasenack> anyone here familiar with unbound?
<ahasenack> https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1771545 is asking that the root.key file be shipped with the library (libunbound2) essentially
<ubottu> Launchpad bug 1771545 in unbound (Ubuntu) "root.key might be missing" [Undecided,New]
<sdeziel> ahasenack: the root.key shipped by the package dns-root-data but unbound also supports fetching/refreshing it
<sdeziel> s/shipped/is shipped/
<sdeziel> ahasenack: the unbound packages provides a script (https://salsa.debian.org/dns-team/unbound/blob/master/debian/package-helper#L66) that will manage the root.key
<ahasenack> the claim, as I understand it, is that apps linked with the libunbound2 library might fail because that root.key file isn't present in /var/lib/unbound
<sdeziel> this helper script is indeed missing from unbound-{anchor,host{
<ahasenack> package-helper is only used by the main unbound package
<ahasenack> unbound-anchor was an example of such a tool
<sdeziel> right
<ahasenack> although it has the -a option
<sdeziel> ahasenack: a possible fix would be to provide the helper in libunbound2 and have a systemd timer unit/cron job to refresh the root.key periodically
<ahasenack> a lib package shouldn't have any of that probably
<sdeziel> granted but the root.key isn't static
<sdeziel> how about making unbound-anchor a depends for libunbound2?
<sdeziel> and ship the cron job in -anchor
<ahasenack> no idea
<ahasenack> I asked to file a bug with debian, since we take this package with basically no ubuntu changes (just apparmor)
<ahasenack> maybe it's expected that apps linked with libunbound2 pull in the main unbound package
<ahasenack> actually, let me check what links with it
<ahasenack> strongswan, opendkim
<sdeziel> unbound-anchor/host should be able to function on their own
<ahasenack> unbound-host doesn't even use the root.key file it seems
<ahasenack> with -v, it always said the resolution was "insecure"
<ahasenack> I found a debian bug about that bit
<ahasenack> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641704
<ubottu> Debian bug 641704 in unbound-host "unbound-host should be preconfigured with DNS root trust anchor" [Normal,Open]
<sdeziel> this unbound-host behavior seems like a different bug to me
<sdeziel> apps using libunbound2 should get the local root.key automatically managed without needing to do it themselve
<sarnold> didn't debian move to packaging all the root hints and keys in one package?
<sdeziel> sarnold: yes: dns-root-data
<sdeziel> the helper script uses that as a preseed for the root.key
<sarnold> thanks sdeziel :D
<ahasenack> but I can remove it just fine
<ahasenack> nothing complains
<sdeziel> ahasenack: if the reporting user doesn't beat me to it, I'll report the issue to Debian
<sdeziel> also, it will be possible to drop the Ubuntu delta as soon as unbound is sync'ed again from Debian
<ahasenack> sdeziel: thanks
<sdeziel> np
<Neo4> when we use let encrypt we can for one certificate to create many domain?
<Neo4> it isn't wildcard?
<Neo4> what is algorithm for shell?
<Neo4> at first ask user to input list needed domain, then generate certificate?
<Neo4> it adds automatically if exists virtual host, if doesn't it doesn't add
<Neo4> I'm going to create shell where I enter list of domains and it should create let'sencrypt certificate and set up automatically
<Neo4> I think about should I create virtual host for mail.kselax.ru?
<Neo4> If I do it will put all certificates automatically, if not it doesn't add
<Neo4> on mail.kselax.ru I can put webmailers
<Neo4> it might useful thing, but each virtual host takes ram
<Neo4> better host all in the same virtual host
<Neo4> put wp site and inside put /roundcube folder
<Neo4> or generate for each host his own certificate
<sarnold> "each virtual host takes ram"
<sarnold> Neo4: don't worry about virtual hosts using ram. ram is there to be used. Do what you need to do.
<sarnold> the *actual* ram use will vary based on what your computer *does*
<sarnold> so don't worry about a few thousand virtual hosts in your web server unless you actually have a few thousand concurrent connections
<Neo4> I think each virtual host it's additional load on apache?
<Neo4> better all put to one host
<Neo4> if we put webmail to separated virtual host somethign like roundcube.kselax.ru it will worse than to kselax.ru/roundcube, isn't it?
<Neo4> but it's not exactly
<sarnold> I can't imagine the difference being more than 200kb
<sarnold> and 200kb is me being rather mean to the apache project :)
<Neo4> sarnold: and it will consume equal CPU and other resources?
<sarnold> CPU should be identical, yes
<Neo4> easier it's create for mail.kselax.ru
<sarnold> memory may be slightly different, but if you've got more than 256MB ram on this machine it isn't even worth thinking about it
<Neo4> then I will simply generate automatically certificates
<sarnold> so do whatever is easiest for you and your users to *use*
<Neo4> 500mb,
<Neo4> but we can add swap
<Neo4> sarnold: ok, I will
<Neo4> sarnold: for me easier writ shell
<Neo4> certbot --apache -d stie1.com -d site2.com -d site3.com and all will automatically added to /etc/apache2/sites-availabel
<Neo4> if there in one site not exists virtual hsot it won't add automatically
<Neo4> will show error and you should manually put path to certificate
<sdeziel> Neo4: I don't know if that would apply to your use case but Let's Encrypt can now sign wildcard certs
<Neo4> sdeziel: no, it will have different domains
<Neo4> wildcard for subdomain
<Neo4> I'm going to finish shell script and then run a few my web projects, chat, online store, etc
<sdeziel> understood, good luck
<Neo4> VPS is foundation, I had better now spend time and then save many times on install
<Neo4> sdeziel: with shell won't problem deploy any CMS or somethign like nodejs
<Neo4> sdeziel: I dreamed about to have this chat http://bizarre.kiev.ua/
<Neo4> only in English, I'm going to create copy
<Neo4> for USA, there will each room main town, will 40 rooms
<Neo4> passed
<Neo4> it's dreams
<Neo4> and think about others projects
#ubuntu-server 2018-05-26
<Neo4> see my mail server
<Neo4> https://mxtoolbox.com/domain/mail.kselax.ru/
<Neo4> not in black list
<cpaelzer> rbasak: actually I do not see the component mismatch
<cpaelzer> rbasak: it fully migrated from my POV
<cpaelzer> new is libstemmer which was in main already
<cpaelzer> and the *lucene things were in in the past as well
<cpaelzer> but since it migrated it should be fine right?
<cpaelzer> rbasak: let me know which component mismatch I miss if there is one left I don't see
<HEBOAXhipp> THIS IS AN EMERGENCY NOTICE THIS IS NOT SPAM: THIS NOTICE IS CURRENTLY GOING OUT TO ALL CHANNELS THROUGH THE FREENODE EMERGENCY NOTIFICATION SYSTEM: GRUMBLE HAS INADVERTENTLY NOT RESET THE FREENODE SECURITY PASSWORD CAUSING A BREAK IN FREENODE SECURITY WHERE ALL PASSWORDS HAVE BEEN RELEASED. PLEASE SEE GRUMLE IN #FREENODE FOR INFORMATION ON HOW TO SECURE YOUR ACCOUNT!!
<HEBOAXhipp> THIS IS AN EMERGENCY NOTICE THIS IS NOT SPAM: THIS NOTICE IS CURRENTLY GOING OUT TO ALL CHANNELS THROUGH THE FREENODE EMERGENCY NOTIFICATION SYSTEM: GRUMBLE HAS INADVERTENTLY NOT RESET THE FREENODE SECURITY PASSWORD CAUSING A BREAK IN FREENODE SECURITY WHERE ALL PASSWORDS HAVE BEEN RELEASED. PLEASE SEE GRUMLE IN #FREENODE FOR INFORMATION ON HOW TO SECURE YOUR ACCOUNT!!
<HEBOAXhipp> THIS IS AN EMERGENCY NOTICE THIS IS NOT SPAM: THIS NOTICE IS CURRENTLY GOING OUT TO ALL CHANNELS THROUGH THE FREENODE EMERGENCY NOTIFICATION SYSTEM: GRUMBLE HAS INADVERTENTLY NOT RESET THE FREENODE SECURITY PASSWORD CAUSING A BREAK IN FREENODE SECURITY WHERE ALL PASSWORDS HAVE BEEN RELEASED. PLEASE SEE GRUMLE IN #FREENODE FOR INFORMATION ON HOW TO SECURE YOUR ACCOUNT!!
<HEBOAXhipp> THIS IS AN EMERGENCY NOTICE THIS IS NOT SPAM: THIS NOTICE IS CURRENTLY GOING OUT TO ALL CHANNELS THROUGH THE FREENODE EMERGENCY NOTIFICATION SYSTEM: GRUMBLE HAS INADVERTENTLY NOT RESET THE FREENODE SECURITY PASSWORD CAUSING A BREAK IN FREENODE SECURITY WHERE ALL PASSWORDS HAVE BEEN RELEASED. PLEASE SEE GRUMLE IN #FREENODE FOR INFORMATION ON HOW TO SECURE YOUR ACCOUNT!!
<HEBOAXhipp> THIS IS AN EMERGENCY NOTICE THIS IS NOT SPAM: THIS NOTICE IS CURRENTLY GOING OUT TO ALL CHANNELS THROUGH THE FREENODE EMERGENCY NOTIFICATION SYSTEM: GRUMBLE HAS INADVERTENTLY NOT RESET THE FREENODE SECURITY PASSWORD CAUSING A BREAK IN FREENODE SECURITY WHERE ALL PASSWORDS HAVE BEEN RELEASED. PLEASE SEE GRUMLE IN #FREENODE FOR INFORMATION ON HOW TO SECURE YOUR ACCOUNT!!
<HEBOAXhipp> THIS IS AN EMERGENCY NOTICE THIS IS NOT SPAM: THIS NOTICE IS CURRENTLY GOING OUT TO ALL CHANNELS THROUGH THE FREENODE EMERGENCY NOTIFICATION SYSTEM: GRUMBLE HAS INADVERTENTLY NOT RESET THE FREENODE SECURITY PASSWORD CAUSING A BREAK IN FREENODE SECURITY WHERE ALL PASSWORDS HAVE BEEN RELEASED. PLEASE SEE GRUMLE IN #FREENODE FOR INFORMATION ON HOW TO SECURE YOUR ACCOUNT!!
<HEBOAXhipp> THIS IS AN EMERGENCY NOTICE THIS IS NOT SPAM: THIS NOTICE IS CURRENTLY GOING OUT TO ALL CHANNELS THROUGH THE FREENODE EMERGENCY NOTIFICATION SYSTEM: GRUMBLE HAS INADVERTENTLY NOT RESET THE FREENODE SECURITY PASSWORD CAUSING A BREAK IN FREENODE SECURITY WHERE ALL PASSWORDS HAVE BEEN RELEASED. PLEASE SEE GRUMLE IN #FREENODE FOR INFORMATION ON HOW TO SECURE YOUR ACCOUNT!!
<HEBOAXhipp> crtcji Nizumzen Guest22358 lifeless jjohansen yeats beatzz DenBeiren_ Neo4 piggah phunyguy led_ir22 SSMAdmin1 Guest91467 dt3k tacoboy lagarcia hggdh inteus guideline jose-phillips Mercury_Vapor de-facto ziyourenxiang mdeslaur yokel marlinc Aison DzAirmaX keithzg trekkie1701c ratliff mikal Mordoc iliv robbiew Pest Bodenhaltung teward kneeki jelly Asandari DalekSec enoch85 beardface ogra_ kiokoman Poster soren Valfor cp
<computamike> hi -
<computamike> not sure if I'm doing this IRC right - I'm stuck using limeChat on a macbook and I'm finding it somewhat challenging
<tomreyn> !irc | computamike
<ubottu> computamike: A list of official Ubuntu IRC channels, as well as IRC clients for Ubuntu, can be found at https://help.ubuntu.com/community/InternetRelayChat - For a general list of !freenode channels, see !alis - See also !Guidelines
<kneeki> Anyone know how to make a symbolic link to something that doesn't necessarily exist, like a path in a web project handled by a router? 'ln -s /var/www/pathToOldFile/upload.php /var/www/pathToLaravelProject/upload
<kneeki> ' doesn't work. =\
<blackflow> kneeki: no, and to what end?
<kneeki> Well, basically I wanted to create a path from an old api to the new api to prevent a 404.
<blackflow> kneeki: so you do a rewrite in the webserver config, not symlinking on the filesystem
<blackflow> can't symlink something that isn't there.
<kneeki> That was my next idea. ;)
<kneeki> thanks blackflow
<rbasak> cpaelzer: dovecot-lucene dovecot-managesieved dovecot-sieve
<dpb1> kneeki: you can make a symlink to something that doesn't exist just fine
<dpb1> dpb@aries:tmp[]$ ln -s /var/foo/doesntexist foo
<dpb1> dpb@aries:tmp[]$ ll foo
<dpb1> lrwxrwxrwx 1 dpb dpb 20 May 26 14:55 foo -> /var/foo/doesntexist
#ubuntu-server 2018-05-27
<Grand> I recently upgraded from Xenial Xenu to Bionic Beaver.
<Grand> I am now unable to download files hosted by my LAMP instance.
<Grand> Anyone know a resolution on this one?
<RDmon> hi
<RDmon> how should I configure netmask in 18.04? by netplan file ofcourse
<Ussat> https://askubuntu.com/questions/972955/ubuntu-17-10-server-static-ip-netplan-how-to-set-netmask
#ubuntu-server 2019-05-20
<majom> Hi, I have set up googe authenticator authentication for ssh following this guide: https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-16-04. The problem is that according to the logs the google authentication is passes but I still receive a seond prompt to enter my verification code. My logs, configuration and outputs are pasted here: https://paste.ubuntu.com/p/yQZs2XDzn9/
<aneon> hi, is there any option for encrypted LVM setup in 18.04 install media?
<majom> aneon, you can choose the encryption method at install time
<aneon> couldnt find it
<majom> it's there
<aneon> under which menu?
<blackflow> I'm not sure the new subiquity has support for that yet, iirc you'd have to use the old installer
<aneon> I wont mind old release, I can always do dist-upgrade
<aneon> the install is failing due to hash mismatch, I tried 6 different mirrors
<blackflow> it's not old release, but the old installer. there's separate ISOs for that. I think it's called the "Alternative installer" here:  https://www.ubuntu.com/download/alternative-downloads#alternate-ubuntu-server-installer
<aneon> okay I will get that one then
<blackflow> infact, that installer is the mature one. the new subiquity, that for some reason is now defaulted to, is still in need of baking to completion.
<aneon> the new thing is horrible
<aneon> I am getting the alternative installer media
<aneon> blackflow: Is there any other install media that has all packages bundled in it?
<lotuspsychje> aneon: feel free to join #ubuntu-discuss
<aneon> some other time
<lordievader> The new installer is quite incomplete. I rember I wanted to reuse an existing LVM setup on a host. All the installer could offer me was to create a brand new LVM setup.
<aneon> dunno why they push beta stuff in release
<weedmic> anyone familiar with urwid?  it's a way to make tui (instead of gui) interfaces?
<lucido> Hi, anyone here familiar with PAM and google authenticator?
<chl_> is anyone using the 'x'-option in tftpd.remap files on 18.04?
<rbasak> weedmic, lucido, chl_: I suggest you just ask your respective questions. People tend not to volunteer themselves for unknown discussions.
<teward> lucido: i know a little bit, but i'll need more details on your *question* specifically to help.  as rbasak said, you should ask your ACTUAL question otherwise we don't usually volunteer for 'unknown' discussions
<virole_bridee> Hello.
<virole_bridee> I have almost no knowledge of Ubuntu Server, and I'm in charge of configuring a new VM that was provided to me.
<virole_bridee> The guys who created the VM used a 18.04 LTS iso, and I played the installation.
<teward> > I'm in charge of configuring a new VM that was provided to me. < if you don't have knowledge to do the configuration, then why did they give you the task heh
<teward> (just saying)
<virole_bridee> -init
<virole_bridee> Is Ubuntu server necessarily including cloud-init, or are there iso images without it ?
<teward> virole_bridee: it's included unfortunately in the Subiqutiy based ISOs.  Alternate ISO or mini.iso won't have it, but you can use Cloud-Init to *start* config and install, then remove cloud-init afterwards
<virole_bridee> as concerns the why : I'm the only Linux guy here, and Ubuntu was forced to us by the final software provider, hence the job for me.
<teward> which is actually what I do with all my VM(s) deployed from the ISO.
<teward> cloud-init makes for fast setup and such, but it's lousy after the fact.
<virole_bridee> OK, thanks.
<teward> (in standard VM installs anyways)
<virole_bridee> But it seems to me that removing cloud-init isn't simply done by removing the pakage, right?
<teward> just `sudo apt remove cloud-init`.  It'll remove the underlying service.
<teward> and then not run anymore.
<teward> unless you mean something else by 'remove'
<virole_bridee> Oh, cool. Thanks a lot .Taht's exactly what I was expecting.
<teward> and yes, just simply removing the package and then doing `sudo apt autoremove` will clean up deps.
<virole_bridee> some formue
<teward> it may leave some configuration files behind but they don't do anything with the service removed.
<virole_bridee> I'll do that
<virole_bridee> Thanks again, you saved my day.
<rbasak> teward: I'm curious: how does cloud-init get in the way for you after an instance deployment?
<teward> rbasak: known issues with hostname not changing, resetting network configs, etc. after the fact.
<teward> "fixed" but not in 18.04.2 ISOs
<teward> at least, fixed *supposedly* from what i've heard
<teward> rbasak: it also irritates the **** out of mee for other reasons, so in *my* case I just purged it from the VM template I use.
<teward> (since i have a VMware cluster I created a template VM that I just clone now :P)
<rbasak> teward: but part of the point is that if cloud-init remains, appropriate actions after VM image cloning are automatically taken :)
<rbasak> teward: are hostname not changing/resetting network configs bugs or just unfortunate defaults for your particular case? Or do you think the defaults are wrong?
<teward> rbasak: different issue
<teward> rbasak: the 'defaults' being wrong have issues open
<teward> there's a current bug in cloud-init where SOMETIMES even if you tell it to not preserve the hostnaame (so you can change hostname on the boxes) it actually *ignores* that setting and  keeps resetting hostnames back
<teward> EVEN IF everything is set to permit hostname changes
<teward> rbasak: don't get me wrong, I *like* cloud-init
<teward> but if it's going to be broken when I set it to allow hostname changes and IGNORE that setting... it's on my 'purge after install' list
<teward> until THAT is fixed...
<teward> (this bug has been reported also)
<teward> rbasak: and I've confirmed it in about 20% of my VM deployments personally and at work.  The only workaround temporarily was remove cloud-init
<rbasak> teward: bug link please?
<teward> rbasak: gotta dig for it, hang on
<rbasak> teward: no rush. I'm just curious to track these things :)
<teward> rbasak: the problem is it's not reproducible all the time
<teward> it's 'hit or miss' so :/
<teward> not sure if the bug has been closed or not already
<teward> ... fooey and I have a meeting i have to jump into
<teward> rbasak: I can't find the bug, it may've been closed upstream, but it's a known 'issue' that i've run into multiple times.  Might just write a new bug and let someone dupe it to a preexisting bug if there is one
<teward> ... after this meeting./
<virole_bridee> teward: sory for my late answer. 'how does cloud-init get in the way for you after an instance deployment?' : while learning how to configure networking, I arrived at a file under /etc/netplan/ mentionning this cloud-init,
<teward> virole_bridee: oh, *that* will still exist.
<virole_bridee> and warning me that all modificaitons would be scratched after reoot.
<teward> but you can edit that freely
<teward> and those changes'll stick
<teward> those only get overwritten when, say, OpenStack or something deploys it
<virole_bridee> OK. Anyway, I removed this cloud thing, which I do not want at any price on a production server.
<virole_bridee> NTW, I know quite well Debian/RedHat/CentOS/OpenBSD, I'll have to learn this Ubuntu animal *^v^*
<rbasak> virole_bridee: most distributions use cloud-init for their cloud images :)
<rbasak> If you're a professional it's probably worth learning how cloud images work.
<rbasak> They are very widely used.
<virole_bridee> Problably, but no cloud here. Purely internal servers.
<virole_bridee> Also, 'most distributions use cloud-init for their cloud images' : but I don't need a cloud image.
<rbasak> They are still relevant for internal-only use.
<virole_bridee> OK, thanks, I'll try to get informed about it.
<weedmic> I get "python3 is already the newest version (3.5.1-3)" when trying to install/upgrade to 3.6.7 on 4.4.0-1083-aws (ubuntu) - does that make sense/is it telling the truth?
<rbasak> weedmic: which Ubuntu release?
<weedmic> Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-1083-aws x86_64)
<teward> that's correct for 16.04
<teward> weedmic: if you intend to install OTHER python versions beware you might torch your system if you're not careful
<weedmic> What badness happens if I force it to go to 3.6.7?
<weedmic> ok, that sounds bad - python is intermixed with the kernel?  it's not outside of it and called?
<teward> it could break anything depending on Py3.5 stuff.  If you need 3.6.7 for dev environments I suggest you look into pyenv so you can have 'userspace' installs of 3.6.7 that wont' affect the system packages
<teward> weedmic: its' not necessarily the *kernel* more like a ton of system utilities and scripts that keep things working
<teward> (note that pyenv isn't supported in here, but it's my suggestoin)
<rbasak> weedmic: you might consider upgrading to 18.04.
<weedmic> can that be done from the kommand line?
<rbasak> I think most AWS users would expect to deploy a new instance with 18.04 to do what they want.
<weedmic> i c - i shall resistance meet, but will bring it up.
<teward> weedmic: i'd back up your stuff first if you want to do an in-place upgrade, but you might do ^ that, deploy a new 18.04, transfer data between old -> new, get things working, decommission old.
<weedmic> not worried about data - worried about lots of docker containers working and setting up all the face nics and things, but I can script it.
<rbasak> worried about lots of docker containers working> seems ironic. Isn't not having to worry the entire point of using Docker in the first place?
<weedmic> all the servers are 18.0x.x except for one - hmmm...
<weedmic> they talk to eachother and if we leave one link out, poof - hours of work figuring it out.  it was assembled by programmers.  if "I" did it it would be a script - that is the same each time it is run.
<ahasenack> rbasak: found this answer for my "what provides <foo>?" question from earlyer
<ahasenack> aptitude search '~Pdefault-mta'
<rbasak> ahasenack: nice, good to know thanks
#ubuntu-server 2019-05-21
<lordievader> Good morning
<lucido> ning
<lotuspsychje> lucido: can we help you?
<lucido> I can't figure out permissions for sshd. Trying to get pubkey authentiacation working. I execute ssh with sudo (as admin user) and if I sed 600 permissions on the user's autorized_keys then I get can't access file and if I set 755 then I get wrong permissions
<lucido> the files in the user's directory have user.user ownership
<lordievader> SSH doesn't like it if someone else  that the owner can read the files.
<lucido> lordievader, how can root(sshd) read the keyfile then?
<lordievader> Which keyfile exactly?
<lucido> authorized_keys
<lordievader> Oh, sshd runs as root and can therefore read `~/.ssh/authorized_keys`.
<lucido> I changed the permission of that file to 640 and added root as group and now it seems to be able to read the keyfile
<lucido> debug1: trying public key file /var/services/homes/borg-backup/.ssh/authorized_keys
<lucido> debug1: fd 4 clearing O_NONBLOCK
<lucido> but it still prompts for passwd
<lordievader> Yes, because you set it to 640.
<lordievader> Authorized keys file should be 600.
<lordievader> rw for only the owner.
<blackflow> infact, permissions are not an issue at all. ownership is.
<lucido> I see, so now sshd can read the keyfile and it still prompts for password. How can I debug that?
<blackflow> lucido: look at the server side logs
<blackflow> lucido: oh btw... what prompts for what password exactly? Sure that's not just the client-side key passphrase?
<lucido> blackflow, I entered a null password (no passphrase). Logs show debug1: fd 4 clearing O_NONBLOCK
<blackflow> lucido: pastebin the full log please. these excerpts out of context are not meaningful
<lucido> blackflow, https://paste.ubuntu.com/p/kDvDxJvDk2/
<blackflow> lucido: looks like the authorized_keys does not contain the key sent from the client.
<blackflow> what exactly did you put into authorized_keys?
<blackflow> and you can also raise verbosity, iirc invalid keys would be logged. just put LogLevel=DEBUG3, restart sshd and try again
<lucido> blackflow, https://paste.ubuntu.com/p/FKPXYWsf96/
<blackflow> lucido: looks broken, you ahve the same key twice, and the second one doesn't start on its own line
<blackflow> (look at the raw source, not formatting done by paste.ubuntu.com)
<lucido> blackflow, ok, heres the sshd output with -ddd: https://paste.ubuntu.com/p/CcJFN5QMCf/
<blackflow> lucido: line 114: debug2: key not found
<lucido> blackflow, what I did now was, I took the .pub file from the client and copied it's contents into the authorized_keys file on the host
<lucido> so now I have in authorized keys: https://paste.ubuntu.com/p/vwkKFdbqwv/
<blackflow> lucido: where does that new line after "ssh-rsa" come from?
<blackflow> I don't think that's right. one key should be on a single line.
<blackflow> openssh-keygen definitely will not put a newline, so I don't know how you created it.
<lucido> https://paste.ubuntu.com/p/7CdMqRfHFw/
<lucido> there is no newline, it's formatting only
<blackflow> lucido: debug2: key not found
<lucido> blackflow, sorry, there was a newline. no clue how it got there
<blackflow> yup.
<lucido> blackflow, now there is no pwd prompt, but I get permission denied. sshd output: https://paste.ubuntu.com/p/PzJkBRtDGR/
<blackflow> that output doesn't mention permission denied, it only says the daemon received sigchld and the client closed connection.
<blackflow> can you pastebin your effective server-side sshd_config? are you using a ssh chroot setup? are all path members to the user's home dir accessible by the user?
<lucido> one sec. very strange, sshd exits if I try to connect to it
<lucido> blackflow, https://paste.ubuntu.com/p/TTqhnggMDS/
<blackflow> lucido: sshd_config doesn't look bad at a first glance. you don't have AllowUser|Group limits, no ForceCommand for sftp-only access. what does the client side say? try using ssh with -vv
<lucido> blackflow, I changed the user's shell from nologin to sh on the server and tried again with -vv (no apparent change)
<lucido> https://paste.ubuntu.com/p/st4mHhcbKS/
<blackflow> lucido: are you sure all path components allow access to the user's home?
<lucido> blackflow, yes, I've checked them all
<blackflow> you have permission denied right after shell request. so something about that user and that shell and that home dir, is not right.
<lucido> borg-backup:x:1033:100::/var/services/homes/borg-backup:/sbin/sh
<lucido> drwx------  1 borg-backup            root  336 May 21 10:29 borg-backup
<blackflow> lucido: it should be /bin/sh
<lucido> noooooooooooooooooooooooooo
<lucido> :)
<blackflow> so problem solved?
<lucido> blackflow, I thought so but no
<lucido> same crap
<lucido> debug2: shell request accepted on channel 0
<lucido> Permission denied, please try again.
<blackflow> try another shell, like /bin/bash
<blackflow> lucido: also, by all path components I meant /var and /var/services/ and /var/services/homes/ .... are they rx (read and execute, as dirs) acessible to "borg-backup" user?
<lucido> nope
<lucido> blackflow, for path permissions I checked them all
<lucido> they are readable and executable to other
<blackflow> so 755 all of them?
<lucido> found one that is drwx--x--x+ 1 root         root         1.6K May 21 10:06 homes
<blackflow> can you also please  ls -la ~/   (feel free to censor sensitive dir names, but not anything else)
<blackflow> lucido: yup, fix that
<lucido> blackflow, it works for another user
<blackflow> lucido: also check that + .... you have ACLs on that homes dir
 * blackflow bets a pizza that's the cause
<lucido> blackflow, this is a synology DSM and it ahs it's own ACL version
<blackflow> ......................... so ...................... not ......................... Ubuntu ?
<lucido> I think I'm missing some custom permissions on the device that is synology specific and has been granted for the working user and not for this one
<lucido> sorry, the client is Ubuntu
<lucido> forgot to mention...
<blackflow> and you're asking in #ubuntu-server .......
<blackflow> if only you could see my face now. thanks for wasting my time.
<blackflow> good luck.
<lucido> thank you for your help so far and sorry for the misunderstanding
<blackflow> who knows what kind of crap that synology did there. could be infinite reasons why you have issues. you should've lead with that first, you'd be told immediately we cannot know what synology did there.
<lucido> blackflow, I know. I'm sorry
<marcoceppi> Looking to get some help with TFTP / Preseed for Ubuntu 18.04. I've sync'd down this entire directory: http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/installer-amd64/current/images/netboot/ and setup tftpd to read it as it's root. I can netboot into an installer but whenever I try to specify a preseed as either tftp or http and made some progress with this preseed file and this boot-screens/txt.cfg: preseed (http://paste.
<marcoceppi> ubuntu.com/p/HXsMDWWQzX/) boot-screens/txt.cfg (http://paste.ubuntu.com/p/rjqDV4Gbd7/)
<marcoceppi> Is there a better example for this other than https://help.ubuntu.com/lts/installation-guide/amd64/apbs02.html? I've used that example preseed with my own values and the directions covered within
<DJ-ArcAngel> lotuspsychje: heh.. ofcourse there is not "trusty" on old-releases.ubuntu.com
<DJ-ArcAngel> think i am screwed
<lotuspsychje> DJ-ArcAngel: if you run ubuntu server, please mind the end of life times, try always to upgrade before it
<DJ-ArcAngel> pls.. do not remind me
<DJ-ArcAngel> i inherited this shit
<DJ-ArcAngel> i know about eol
<DJ-ArcAngel> this company just didn't care for 8 years
<DJ-ArcAngel> now i can fix it
<lotuspsychje> DJ-ArcAngel: also take a look at the 16.04 releasenotes alot of new things changed since 14.04
<DJ-ArcAngel> old-releases goes back to  2006, so why is there no "trusty" ?
<DJ-ArcAngel> there is no 14.04
<DJ-ArcAngel> ah
<DJ-ArcAngel> found it
<lotuspsychje> DJ-ArcAngel: https://wiki.ubuntu.com/XenialXerus/ReleaseNotes
<DJ-ArcAngel> hmm no
<DJ-ArcAngel> that is install cd
<DJ-ArcAngel> no repo dir
<DJ-ArcAngel> http://old-releases.ubuntu.com/ubuntu/dists/trusty
<DJ-ArcAngel> 404
<DJ-ArcAngel> guess i will have to re-install
<Ussat> I would reinstall instead of trying to upgrade from that anyway
<marcoceppi> DJ-ArcAngel: I believe, since 16.04 (and 14.04 EOL) Canonical provides extended security maintenance as a feature of Ubuntu Advantage https://blog.ubuntu.com/2019/02/05/ubuntu-14-04-trusty-tahr However, there is still a trusty in the archive http://archive.ubuntu.com/ubuntu/dists/trusty/ not sure if that helps you
<lotuspsychje> id go with Ussat aswell, backup and go fresh 16.04 or 18.04
<lotuspsychje> why take risk of eol/security
<Ussat> yup...I generally dont like upgrading major versions with prod systems, at verey least, make a snap (assumning a VM) before you try it
<DJ-ArcAngel> thanks marcoceppi, it's worth a try
<DJ-ArcAngel> hangs on grub-common again.. i give up
<DJ-ArcAngel> will be a rebuild
<DJ-ArcAngel> i did it!.. damn thing is 16.04 now.. and site has moved off php5
<DJ-ArcAngel> to php7
<DJ-ArcAngel> system 0 - DJ-ArcAngel 1
<figgis> Hello, I wrote out my question in a paste since it's a bit long winded: https://paste.ubuntu.com/p/WchRcH3fZ4/ tldr; looking for assistance in getting a server with 3 ip's assigned to it. to use the same outgoing ip as the connection was made on. (directed here from #ubuntu)
<lordcirth_> figgis, firstly, why do you need to have 3 IPs?
<DJ-ArcAngel> multi homed.. for webhosting?
<DJ-ArcAngel> or other services
<figgis> A few reasons but biggest is I am trying to tie each individual ip to a single user. Which is what the proxy is for.
<lordcirth_> I suspect there might be easier ways to do what they actually need, than having 3 IPs on the same NIC.
<lordcirth_> figgis, so, you want to treat traffic differently based on user, and so you give each user a different IP to connect to?
<figgis> correct that is what I am attempting to do. But outgoing traffic is all done under a single ip
<figgis> which is not the goal
<weedmic> how is it possible my cpus are pegged near 100%, yet the load average is 3.66 3.56 3.61?  https://pasteboard.co/IfKCWFz.png  help me understand
<lordcirth_> weedmic, The simplified version is, at any given time, on average, there are 3.66 processes requesting CPU time. Load average can easily exceed the number of cores you have.
<figgis> weedmic - That picture is actually showing a pretty high load averages for 2 cores. Some info on load averages: https://scoutapm.com/blog/understanding-load-averages
<weedmic> ok, it's requests on average - not %/cpu use on average - that was a great answer - ty
<rbasak> figgis: so you want that when a user connects to the server, that user can request a SOCKS forward, and those forwarded connections are to be originated from the same IP the user is connected on?
<figgis> Correct! Much better way to explain it than I have
<rbasak> figgis: and second question: is this to be enforced server side?
<figgis> Not enforced exactly, just as a default
<rbasak> figgis: or is something voluntarily done by the user acceptable?
<rbasak> OK
<rbasak> Interesting challenge :)
 * rbasak ponders
<lordcirth_> I am unconvinced that 3 IPs is the best way, but it's certainly do-able
<rbasak> Ideally sshd/ssh would be configurable to arrange that. I don't think it is.
<figgis> In no rush whatsoever :), been pondering this for days. If it's easier to make the incoming connections all on one IP and route outgoing based on user that is acceptable as well. But I don't really see that making much of a difference
<rbasak> My next thought is that some advanced routing is possible such that you could key the outbound IP on something. But you'd need some way to connect that to the user.
<rbasak> http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html comes to mind but isn't exactly the same thing
<lordcirth_> figgis, what do you need to do differently, based on which user it is?
<rbasak> figgis: what if the outbound IP were based on the uid of the originating user process, rather than on the IP the user connected to? Would that be acceptable?
<figgis> Ooh I suppose I could use incoming port as well.
<figgis> Yep that would be completely okay
<rbasak> Then I think I have a solution for you :)
<rbasak> Take http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html
<rbasak> But instead of pointing to the correct table based on IP, you could do it based on fwmark
<rbasak> Then in iptables/ip6tables use -m owner --uid-owner ... and set fwmark
<rbasak> lordcirth_: IPs have reputations, so it seems reasonable for different users to segregated into different IPs. I don't know if that's figgis' reason, but I think that use case at least makes his request a reasonable thing to want.
<lordcirth_> rbasak, to prevent one user getting the whole server banned? I can see that, yeah
<rbasak> figgis: the only catch I have is: will the SOCKS connection originate from the current uid in the case of ssh socks forwarding? I think it will because of privsep and ssh's mechanism for arranging it, but it would need to be tested to be sure.
<figgis> Yeah missed that question lordcirth_, rbasak is correct. I have no intentions of doing anything malicious but I also do want to do my best to make sure my users aren't screwing eachother over without knowingly doing so (which is another problem in itself)
<figgis> good question, i'll let you know
<rbasak> figgis: so then the uid based method would be even better, since it would work for all user connections and not just the ones originating from ssh socks forwarding
<lordcirth_> figgis, makes sense. You could also spawn an LXC container with each IP and a daemon for each user, then bridge them all together. The routing would probably be simpler.
<rbasak> lordcirth_: yeah I was wondering about something along the lines. Rather than a whole container I was going to suggest one network namespace per user, and an sshd operating in each. But I think doing it through the routing tables matches the use case better.
<figgis> I didn't even think about using containers, yeah. Going to give routing with iptables a shot first and see how this goes and if that doesn't work containers may actually be the best bet
<lordcirth_> I don't know if it's relevant, but containers would also allow you to move clients to other servers easily, and some other flexibilities
<figgis> So to answer the uid questions - the socks5 connection does correctly have the users uid when creating the connection as a specific user
<figgis> the container idea is growing on me now though :P
<figgis> awesome though, think I got what I needed so far. Thank you for the suggestions all
<rbasak> \o/
<rbasak> I can't think of a way to ensure that each container only uses the assigned IP, assuming that all three IPs are on the same interface. That's what's putting me off the container idea.
<rbasak> Perhaps pushing everything into a bridge and using iptables would work.
 * codefriar thinks iptables is confusing af
<lordcirth_> rbasak, what do you mean? If the containers are bridged onto the same physical NIC, they will each have their own MAC, and the host bridge will act like a switch.
<rbasak> lordcirth_: I mean that each container configures its own interface, so one user could "take over" the IP of another.
<rbasak> lordcirth_: to avoid that either some different configuration is required, or some enforcement at the bridge.
<lordcirth_> rbasak, but the users don't have root in the container, as I understand it? They are just connecting to a SOCKS proxy?
<codefriar> I have an interesting situation. I've a nearly constant running process taking 55% of a cpu core. dpkg-reconfigure -f noninteractive slapd any idea on how to fix that?
<lordcirth_> codefriar, how long has it been running?
<codefriar> 54 hours
<codefriar> lordcirth_ since shortly after the last boot time
<lordcirth_> codefriar, I would SIGTERM it and run it again interactive
<rbasak> lordcirth_: yeah, fair enough if they don't have root.
<codefriar> lordcirth_ so interestingly enough, slapd isn't installed.
<lordcirth_> codefriar, could it have been rolled back when dpkg-reconfigure failed?
<catbadger> hi all
<catbadger> I have a docker container based off of wheezy. I built apache1 and mod_perl 1.3 from source in there, but apache1 isn't starting. anyone know how to start it?
<lordcirth_> catbadger, If it's wheezy, why is this an #ubuntu-server question?
<sarnold> catbadger: at this point I think you're the apache 1 expert :)
<sarnold> you've worked more with it in the last month than anyone else in thelast decade I think..
<tomreyn> rbasak: it's rather late, but do you think we could have a short notice on mysql defaulting to socket authentication on new installations on the 18.04 release notes? during the past ~ week (maybe 10 days) alone, i saw three people asking (in #ubuntu) how they could login because there was no password set.
<catbadger> sigh
<catbadger> oh look i r'ed the f'ing m.
<tomreyn> (the change seems to have been introduced in 5.7.20-2)
<rbasak> tomreyn: yes, please edit. This rings a bell - perhaps we release noted this in a previous non-LTS release that we could copy the notes from?
<tomreyn> you mean a non lts?
<rbasak> Isn't that what I said?
<tomreyn> oh it's in 16.04's
 * rbasak is puzzled by the question
<rbasak> Ah
<rbasak> If we did it in 16.04, it's probably not correct to release note it in 18.04.
<lordcirth_> Yeah, I thought this was default in 16.04 too?
<rbasak> But you could point people asking to the 16.04 release note even if they're using 18.04.
<tomreyn> sorry yes you said "non-LTS", i need to re-learn to read
<tomreyn> yup, will do so from now on
<rbasak> Thank you for the idea and for checking!
<tomreyn> i was really thinking this hadn't been introduced in 16.04, yet
<tomreyn> https://wiki.ubuntu.com/XenialXerus/ReleaseNotes#MySQL_5.7 prooves me wrong there
<tomreyn> the news-file link is a 404
<rbasak> It's moved to Salsa
<tomreyn> right, i'll see if it can find the new location
<rbasak> tomreyn: https://salsa.debian.org/mariadb-team/mysql/blob/mysql-5.7/debian/master/debian/NEWS
<rbasak> Perhaps it should be tied to the commit like the old link
<rbasak> https://salsa.debian.org/mariadb-team/mysql/blob/14349b00e322f0448f80b2fe472596620349f413/debian/NEWS
<tomreyn> hmm thats a different commit hash?
<rbasak> It's the hash of the blob I think.
<rbasak> The commit hash will encompass it.
<rbasak> To verify you'd need to use ls-tree the commit hash, etc.
<rbasak> (commit tree -> source tree -> debian/ subdirectory tree -> NEWS file blob)
<tomreyn> https://salsa.debian.org/mariadb-team/mysql/blob/1025a9fa9c6c112913c59138db49dbc94891d20f/debian/NEWS uses the old hash
<rbasak> Oh
<rbasak> That might be more correct depending on the version?
<tomreyn> i have no idea what i'm doing, just clicking ;)
<rbasak> Ah :)
<tomreyn> i'll point to your link in https://wiki.ubuntu.com/XenialXerus/ReleaseNotes#MySQL_5.7 - ok?
<rbasak> rmadison says the bionic release pocket has 5.7.21-1ubuntu1, so the release note should refer to that.
<rbasak> So I think my link is the correct one.
<rbasak> tomreyn: yes please - you could just edit the old link
<tomreyn> oh i think putting it into the bionic release notes is actually nonsense now that we learnt that it had been in the xenial release notes already
<tomreyn> so i'm suggesting to just fix the link on the xenial release notes
<rbasak> tomreyn: agreed
<rbasak> tomreyn: your wiki link above said Xenial, not Bionic :)
<tomreyn> yes, but you said "rmadison says the *bionic* release pocket has 5.7.21-1ubuntu1, so the release note should refer to that."
<tomreyn> so i wanted to point out i'll edit the xenial release notes, not bionic's
<rbasak> Oh
<rbasak> Sorry!
<rbasak> tomreyn: in that case _your_ link is the correct one.
<rbasak> (of the blob hash)
<tomreyn> great. all fine, thanks for your time.
<rbasak> tomreyn: thank you for double checking :)
<tomreyn> the same, thanks :)
<xibalba> in netplan, what is the option to modify the search domain
<xibalba> can't find it for the life of me
<xibalba> found it
<blackflow> life saved!
<DammitJim> is it true that openjdk 8 will be supported by Ubuntu until 04/2021?
<lordcirth_> DammitJim, it's in main on 16.04, and universe on 18.04, so it's guaranteed support until 16.04 EOL
<lordcirth_> Which would indeed be 2021
<DammitJim> oh ok, thanks!
<DammitJim> and then for openjdk 11 there is no EOL< right?
<lordcirth_> !info openjdk-11-jdk bionic
<ubottu> openjdk-11-jdk (source: openjdk-lts): OpenJDK Development Kit (JDK). In component main, is optional. Version 11.0.3+7-1ubuntu2~18.04.1 (bionic), package size 1953 kB, installed size 2072 kB
<lordcirth_> If it's in 18.04 main, then at a minimum it's supported until 18.04 eol
<lordcirth_> !bionic
<ubottu> Ubuntu 18.04 LTS (Bionic Beaver) is the 28th release of Ubuntu and the current LTS release. Download at https://www.ubuntu.com/download - Release Notes: https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes
<lordcirth_> 2023 at a minimum.
<DammitJim> gotcha
<DammitJim> oh, but if i wanted to run openjdk-11 on an Ubuntu 16 server, that wouldn't be supported, right?
<lordcirth_> !info openjdk-11-jdk xenial
<ubottu> Package openjdk-11-jdk does not exist in xenial
<lordcirth_> !info openjdk-10-jdk xenial
<ubottu> Package openjdk-10-jdk does not exist in xenial
<lordcirth_> Apparently not?
<DammitJim> blah
<lordcirth_> But 18.04 is already out, so I don't see why you'd need to?
<DammitJim> there are some issues associated with 18.04 for me... (other dependencies)
<DammitJim> like tomcat 7
<lordcirth_> Ah, I see
<catbadger> whoop apache1 running with mod_perl1.3 in docker on 18.04 whoop!
<catbadger> it 500's and the project does not stand up yet though. have to figure out what they were doing in their dumpster to host this fire.
<sarnold> oh man :(
<catbadger> lol
<catbadger> haha
<_KaszpiR_> :D
#ubuntu-server 2019-05-22
<ironpillow> Hi all, I am looking for a resource to learn how to customize ubuntu server ISO. I want to pre-seed it with the applications I need because I will be installing quite a few servers each month. Any advice? thanks!
<sarnold> you'd probably be better served to configure cloud-init and use the cloud-images if you can -- that'll skip basically all the install time, and just jump right to a usable system
<ironpillow> sarnold: I am installing on local machines and not cloud server.
<sarnold> ironpillow: ah, bare metal then? hmm. *maybe* maas can make that more pleasant
<ironpillow> yeah bare metal. don't know about maas. I will look into it. thanks :)
<sarnold> (the truth is not many people do much with the isos; cloud images and cloud-init is way easier and better documented.. debian preseeds are vastly underdocumented :( )
<bryce> ironpillow, might look at https://www.techrepublic.com/article/how-to-create-a-custom-ubuntu-iso-with-cubic/ ?
<ironpillow> sarnold: yeah, it's hard to find how to pre-seed
<ironpillow> bryce: from what I gather, cubic is for ubuntu with gui not ubuntu server.
<marcoceppi> Looking to get some help with TFTP / Preseed for Ubuntu 18.04. I've sync'd down this entire directory: http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/installer-amd64/current/images/netboot/ and setup tftpd to read it as it's root. I can netboot into an installer but whenever I try to specify a preseed as either tftp or http and made some progress with this preseed file and this boot-screens/txt.cfg: preseed (http://paste.
<marcoceppi> ubuntu.com/p/HXsMDWWQzX/) boot-screens/txt.cfg (http://paste.ubuntu.com/p/rjqDV4Gbd7/)
<marcoceppi> Is there a better example for this other than https://help.ubuntu.com/lts/installation-guide/amd64/apbs02.html? I've used that example preseed with my own values and the directions covered within
<sarnold> http://paste.ubuntu.com/p/HXsMDWWQzX/
<lordievader> Good morning
<Mighty_Mel> Morning!
<weedmic> help - is there a way for me to see when the current installation was done of a programe?  and what it was before it was upgraded?  found nothing in man:apt.  perhaps an update log?
<weedmic> nvm found /var/log/apt/history
<weedmic> can having only 4gb free on / - affect cpu usage percent?
<weedmic> I think not - as swap is not on / so nvm
<marcoceppi> Looking to get some help with TFTP / Preseed for Ubuntu 18.04. I've sync'd down this entire directory: http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/installer-amd64/current/images/netboot/ and setup tftpd to read it as it's root. I can netboot into an installer and do the normal setup but whenever I try to specify a preseed as either tftp or http I get a different root menu that makes it seem like the preseed loaded but its
<marcoceppi> still not fully automatic Here are my preseed file and this boot-screens/txt.cfg: preseed (http://paste.ubuntu.com/p/HXsMDWWQzX/) boot-screens/txt.cfg (http://paste.ubuntu.com/p/rjqDV4Gbd7/). Is there a better example for this other than https://help.ubuntu.com/lts/installation-guide/amd64/apbs02.html? I've used that example preseed with my own values and the directions covered within
<lordcirth_> marcoceppi, when you say it's not automatic, what's the first question you get?
<weedmic> Is there a way I can limit the amount of cpu % docker can use/access/occupy?  For example, set a max usage to 40%?  If yes, how?
<stripe> hi all, 18.04 trying to connect lxd/lxc containers to my lan instead of a subnet, none of the documentation will work, I can assign ip's from my dhcp server but then dont get any network access, anyone know of some docs that could help? cheers :0
<stripe> ^:)
<TJ-> with an ifupdown install, does anyone know of a way to restart a remote system's network config without bringing down the interface or interrupting service on existing IP addresses, when new IP addresses have been added in 'interfaces' file?
<rbasak> TJ-: I believe that anything you do is a hack because ifupdown doesn't natively support that. So you might as well bring up the new IP addresses by hand.
<rbasak> Of course that means you never get to test the new interfaces file.
<marcoceppi> lordcirth_: let me run it again, but it's a pretty long menu
<TJ-> rbasak: I thought as much... Just added a lot of IPv6 addresses, time to write a manual script to do it for me
<marcoceppi> lordcirth_: so I get the screen with Installer Boot Menu (which is fine, I haven't tweaked the timeout for that yet) once initrd.gz loads it places me at a screen with "Ubuntu installer main menu" where the first few options are "Access software for a blind person using a braille display", "Detect network hardware", "Configure the network", "Download debconf preconfigured file", ...
<marcoceppi> Ideally, this is where the preseed would have taken place to avoid having to run through these steps on screen
<marcoceppi> lordcirth_: both bionic and xenial give me the same result :|
<lordcirth_> marcoceppi, oh, that menu. That generally happens when you click Back, or something goes wrong
<marcoceppi> yeah, I'm not sure what's going wrong. If it's fetching my preseed and the preseed is wrong or if it's failing to get that far
<rbasak> marcoceppi: hello, BTW :)
<rbasak> Hope you're well!
<marcoceppi> o/ rbasak! Doing well except for this stubborn netboot ;)
<rbasak> Sorry I can't help with that. It's been years since I touched d-i netboot.
<marcoceppi> no worries, it's good to know this menu is because somethings wrong
<marcoceppi> hope you're doing well too!
<lordcirth_> marcoceppi, you can switch to a tty and read the logs
<rbasak> I'm good thanks!
<marcoceppi> lordcirth_: I dropped to a busybox shell and more'd the logs
<rbasak> IIRC d-i is particularly finnicky about preseed syntax and that kind of thing, with not much help if there's something wrong.
<marcoceppi>  /var/log/syslog in particular
<marcoceppi> I saw it set the values from append, and get the value for preseed/url twice
<marcoceppi> but I'm not sure where that woudl be stored if it downloaded it, for example
<marcoceppi> lordcirth_: what should I be looking for?
<lordcirth_> marcoceppi, I forget the path, but there's an installer log as well.
<marcoceppi> lordcirth_: so I found /var/lib/preseed/log which shows my choices from the append line. `/var/log` only has syslog. I'll hunt for installer
<lordcirth_> marcoceppi, That might be the one I'm thinking of. Can you pastebin it?
<marcoceppi> ehhhhhhhhhh, probably not in this busybox, but it's essentially what's in my kernel append. let me try
<marcoceppi> I'm worried that my busy box session didn't have any networking configured lordcirth_, makes me think what I'm presenting in the grub append lines isn't correct or missing an item
<lordcirth_> marcoceppi, you should have 'nc' installed in busybox. "cat log | nc termbin.com 9999"
<lordcirth_> marcoceppi, so, if you are missing a line, generally the installer will just ask you that question - partial preseeds are normal
<marcoceppi> except I set this to critcal, and my preseed file is fetched over the network
<lordcirth_> marcoceppi, and your network didn't come up?
<marcoceppi> It didn't until I ran that step in the aforementioned installer box
<lordcirth_> Do you have multiple interfaces?
<marcoceppi> I have a pastebin now
<marcoceppi> I have 4
<marcoceppi> https://termbin.com/vy6n
<lordcirth_> marcoceppi, "critcal" should be "critical"
<marcoceppi> ... let me try that
<marcoceppi> lordcirth_: thanks for your help, apparently my speeeling caused quite a few days of no progress
<lordcirth_> marcoceppi, lol. So it works now?
<marcoceppi> yeah >.>
<marcoceppi> I just need to get the Installer Boot Menu to timeout and go to the install option I think I have that figured out
<marcoceppi> otherwise install went swimmingly
<marcoceppi> thanks again for your help lordcirth_
<lordcirth_> marcoceppi, you're welcome!
<lordcirth_> strixdio, Are you trying to ssh as root?
<strixdio> any reason a fresh install of ubuntu server would be giving me access denied for ssh?
<strixdio> whoops
<strixdio> no
<strixdio> the standard user that was created in the wizard during install
<lordcirth_> strixdio, and the same password works on a tty?
<strixdio> correct
<strixdio> I'm getting a literal "access denied"
<lordcirth_> strixdio, does it list auth methods when it says that?
<strixdio> hmmmmm actually, hang on a sec.
<strixdio> something isn't right.
<lordcirth_> I would also confirm that it is the host you think it is.
<strixdio> it definitely is
<strixdio> but checking it for a network connection on the TTY, it has nothing
<strixdio> now, I'm used to gentoo method of setting up network connections-- what config file am I using for ubuntu server?
<lordcirth_> strixdio, 18.04?
<strixdio> yes
<lordcirth_>  /etc/netplan/*
<strixdio> interfaces?
<strixdio> o
<strixdio> and restarting the network?
<lordcirth_> strixdio, 'netplan apply'
<strixdio> thanks.
<strixdio> strange though lol
<cyphermox> "access denied" wouldn't be a return due to missing network
<strixdio> hmmm
<strixdio> I can't ping anything though
<strixdio> so I want to first make sure that's all sorted
<cyphermox> yup
<strixdio> derp.
<cyphermox> two machines, one IP?
<strixdio> had it on the wrong network
<strixdio> :D
<strixdio> that's all it was.
<strixdio> not sure why I was getting access denied earlier...
 * strixdio shrugs
<strixdio> anyway, thanks :)
<mwhudson> anyone want to test a live-server installer that supports reusing partitions? :)
#ubuntu-server 2019-05-23
<ironpillow> hi all, I am installing new ubuntu server on a headless machine. If I select "install security updates automatically", will this restart the machine after the updates are installed.
<sarnold> ironpillow: no, it won't
<sarnold> ironpillow: the motd should be amended to add:
<sarnold> *** System restart required ***
<ironpillow> so this WON'T restart correct?
<sarnold> correct
<ironpillow> sarnold: thanks!
<sarnold> $ uptime
<sarnold>  00:23:33 up 155 days,  5:08,  3 users,  load average: 0.00, 0.00, 0.00
<sarnold> heh, that machine's been up a lot loonger than I expected
<ironpillow> awesome!
<Gerowen> On that topic, random thought, what would I dpkg-reconfigure if I wanted to change that option on an existing server installation?  Say I didn't enable automatic updates, and I want to.
<sarnold> Gerowen: I *think* apt-get install unattended-upgrades ought to do the right thing
<lordievader> Good morning
<chl_> ugh, I seem to have forgotten which package I need for being able to ./configure
<chl_> nvm, im an idiot. forgot about autoconf
<Greyztar> hello,i was wondering when using syctl command would options applied then be reset on reboot and to make it persistent i should edit /etc/sysctl.conf instead?
<blackflow> Greyztar: yes, /etc/sysctl.conf or even better a custom file under sysctl.conf.d
<Greyztar> blackflow, thanks, i tried to do sysctl --write net.netfilter.nf_conntrack_buckets=$((${conn_count}4)) which seemed to not work after reboot thanks for asnwer (,")
<blackflow> Greyztar: btw that expression won't work in the .conf
<Greyztar> blackflow, im trying to apply another option aswell,could i perhaps do paste and link what im trying to do so you could sort review it?
<blackflow> sure
<Greyztar> im trying to limit connections using conntracked module with these two options and an rule in iptables https://paste.debian.net/1082777/
<blackflow> Greyztar: where does ${conn_count} come from?
<Greyztar> yeah i did some copy pasteing erhm,i dont think its supposed to be there ,i followed i guide ,cant find it no more though,think its just the value
<Greyztar> would that make sense?
<blackflow> it doesn't. I suggeest you don't set any permanent sysctls if you don't know what you're doing. You'll lock yourself out of the server.
<Greyztar> blackflow, yeah ill see if i can find the guide again,good advice also i didnt really think that one through
<chl_> has xinetd been removed in 18.04?
<blackflow> !info xinetd bionic | nope:
<ubottu> nope:: xinetd (source: xinetd): replacement for inetd with many enhancements. In component universe, is extra. Version 1:2.3.15.3-1 (bionic), package size 112 kB, installed size 318 kB
<chl_> oh, nifty, thanks
<blackflow> then again, there's systemd, so maybe you don't need it at all
<disposable2> is there a way in ufw to set 'ufw default deny' on one interface and 'ufw default allow' on another?
<Greyztar> just wondering,how long could i possibly stay on 18.04 before it stops getting updates?
<Greyztar> thought i read somewhere there was an option to still receive updates after the lts period was over?
<blackflow> Greyztar: 5 years, and then optionally pay up for ESM for anotehr 5
<blackflow> (in total that is, since 2018. "after LTS period was over" you'd need to pay for ESM)
<Greyztar> blackflow, ohh its paid alrighty thanks
<Greyztar> blackflow, its the Ubuntu Advantage i need to buy then right?
<Greyztar> seems the only option,good to know its an option to get support beyond lts if ever needed though
<blackflow> Greyztar: yup, Ubuntu Advantage.
<Ussat> Sigh.....RHEL Removed the ability to do JUST krb auth against a AD domain in 8 without joining the domain, looks like I will be useing more Ubuntu
<teward> lol
<teward> Ussat: sounds like RHEL did an evil
<Ussat> Well......ya
<Ussat> I use quite a bit of Ubuntu right now
<Ussat> Not sure I would call it evil....just......ew
<Greyztar> when i set tracking state with iptables like NEW,RELATED,ESTABLISHED the connection needs to fullfill all of those right not just NEW for an example?
<teward> Greyztar: the connection needs to match *one* of those to be matched.
<teward> at least AIUI
<teward> but I might be wrong
<teward> RELATED,ESTABLISHED tend to go together
<teward> NEW won't have the other two IIRC>
<teward> but don't quote me fully on that
<Greyztar> teward, thank you for informative answer,it got a little confusing hehe
<teward> Greyztar: per the manpage, I use conntrack and --ctstate which state: statelist is a comma separated list of the connection states to match. Possible states are listed below.  <-- this doens't necessarily say it must match ALL
<teward> but that any of the states in the list are matchable
<teward> (manpages are fun, iptables-extensions manpage)
<Greyztar> haha
<Greyztar> yeah i should read more man pages just often i end up not wiser i tend to over complicate what i read
<geodb27> People : hi ! I'm trying to automate the installation process with a preseed file. THings seems to work so far (ubuntu 18.04 LTS server), but the language and keyboard selection. What is the prefered way to have this automated also ?
<leftyfb> geodb27: append this to your kernel line: locale=en_US console-setup/ask_detect=false keyboard-configuration/layoutcode=en console-setup/layoutcode=en keyboard-configuration/xkb-keymap=us
<geodb27> Thanks a lot for your answer leftyfb. I'll give it a try when my in-progress installation is done.
<Greyztar> im wondering,is the snapd stuff useable in production?
<blackflow> Greyztar: depends on what you expect of the "production" :)  For example, snaps auto-update, making them useless on servers in my book.
<patdk-lap> I limit snap usage to configuration utilities, like kubectl and stuff
<Greyztar> blackflow, im just wondering if its ment for production though in term of it being stable and not experimental and such,some time ago i wanted to migrate my own server from Ubuntu to Debian but couldnt get lxc to work so didnt bother,though using snapd now i got it working =)
<Greyztar> i also noticed the lxc version in snapd is 3.13 and on my 18.04 server its 3.0.3
<Greyztar> if i migrate i will miss the easy live kernel patching from Ubuntu though,thats some awsome feature
<blackflow> Greyztar: I say use apt packages where possible, and snaps only if there's no apt package (for the version you want), and of course if the auto-update regime is okay with you.
<blackflow> For me, snaps offer no advantage, if there's an apt package. Any "isolation" one can achieve with snaps is doable with systemd options, apparmor and other tech, which is 100% under your control.
<blackflow> For example, I dislike that I can't customize AppArmor profile of snaps.
<lordcirth> I thought you could?
<blackflow> overwritten on next update
<Greyztar> blackflow, thank you for informative answer,i really didnt know about the auto update feature im not a fan of that so have to look into it
<lordcirth> If I want non-apt packages that I can update ahead of LTS, I use Nix
<Greyztar> noticed my snap program still worked after disableing the snapd service itself,maybe it could work by just enabling it every now and then with cron for updates?
<Greyztar> or maybe its a reason it auto updates and ill end up with a broken system
<OerHeks> snapd.service is the update mechanism
<OerHeks> snaps should work, though, without snapd.service enabled
<Greyztar> OerHeks, nice thanks!
<catbadger> oh so pretty specific question... I'm running a cpanm install (Apache::SSI) for mod_perl1.3, and it's asking for the location of httpd (on repeat forever)... is there some way to preload this via bash?
<catbadger> echo "httpd location" | cpan install blah
<catbadger> echo "httpd location" | cpan install blah -T
<Greyztar> this snap stuff is kinda neat though,i got lxc 3.13 installed on my tiny arm router. Containervisor on 22 dollar equipment i find sweet although its really slow =)
#ubuntu-server 2019-05-24
<mehjari> hi, can anyone help setting up gui in ubuntu server 18.04? i get to remote desktop screen where it shows me "xrdp - just connecting" popup with session dropdown having multiple options.. i tried alll of them but nothing seems to work :(
<mehjari> "systemctl status xrdp-sesman.service" shows this line "ExecStop=/usr/sbin/xrdp-sesman $SESMAN_OPTIONS --kill (code=exited, status=1/FAILURE)"
<mehjari> i am not sure if it is relevant
<tomreyn> mehjari: a GUI is usually the main difference between a server and a desktop (there can be others, such as different hardware, workloads etc.) Do you really need a GUI on your server, or could you also manage it on a remote shell?
<tomreyn> another option would be webmin, a web UI for managing systems. experienced system administrators would usually also frown at this, but might prefer it over a GUI.
<mehjari> tomreyn, i am trying to start a vagrant box in Ubuntu server, it is giving me SSH retry error. some online forums suggested that i should check what is the status of VirtualBox UI at that point, is there any popup etc.
<mehjari> therefore, as much as i hate installing GUI on server, i have to try GUI.
<rbasak> mehjari: I don't know about VirtualBox, but if you were using libvirt+KVM instead, then you could run virt-manager on a different box and connect it to the running libvirt instance on the server to see what the problem is - so no GUI needed on the server itself.
<rbasak> Does VirtualBox not have support for something like that?
<cpaelzer_> rbasak: mehjari: I think you can expose the display
<cpaelzer_> like you'd expose VNC on libvirt
<cpaelzer_> and you can then attach to that
<cpaelzer_> yeah, this looks good https://www.techrepublic.com/article/how-to-connect-to-a-virtualbox-vm-desktop-remotely/
<cpaelzer_> just the first hit on search engine, I did not try it myself
<cpaelzer_> that would allow to see early boot of the guest and such
<cpaelzer_> and IIRC virtualbox can control all on cmdline as well
<cpaelzer_> although I don't know hot to enable the remote display feat there I'm sure that can be found
<mehjari> if vbox is stuck at the popup "enable SLAT2" or VTIX technology in BIOS (which i want to rule out), the it doesn't show up with controlvm cli api as far as i can tell
<mehjari> i am not sure if they have logs which can reflect the state of UI at certain point
<mehjari> the Ubuntu VM is in Azure, and MSFT is charging monies, so i wanted a quick solution.. -.-
<Greyztar> hello,is it normal that with snap apparmor isnt working,this is not on Ubuntu though but on Debian,just wonder in general if apparmor isnt ment to work on other installs with snap?
<Greyztar> and also is it so that apparmor is sort of the sandboxing function of apps?
<tomreyn> mehjari: in case this is still relevant, some folks in #vbox tend to be rather responsive.
<tomreyn> Greyztar: /join #snappy
<Greyztar> tomreyn: thanks i looked for #snap but didnt find any
<mehjari> tomreyn, thanks, will sync with vbox. :)
<Ussat> Well, looks like Canonical might get a new customer....have a call scheduled with a SA today to disscuss Landscape
<teward> landscape is fun.  :P
<teward> (I use it for all my new servers now xD)
<lordcirth> teward, Isn't it expensive? Or is there a community version?
<teward> lordcirth: it does get expensive yes.  (In this case I already have seats)
<teward> (and those're fixed-price not per-minute)
<RoyK> most of what landscape does is easily achivable with simple scripts
<RoyK> or packages already available in ubuntu
<RoyK> so just setup your ansible playbook to add that to your machines and - well - no problem
<rbasak> https://pastebin.ubuntu.com/p/dPQx4RyyzF/
<rbasak> How can I figure out what's using all that memory?
<rbasak> Is that a kernel memory leak?
<lordcirth> rbasak, highly unlikely. Are you low on memory?
<rbasak> https://pastebin.ubuntu.com/p/svVbxh7k9m/
<rbasak> lordcirth: I am. My system has 32G, but it's thrashing.
<rbasak> https://pastebin.ubuntu.com/p/RD7sqVCQFR/
<rbasak> No swap, but I added some to give me some headroom.
<lordcirth> I see. Are you running any network filesystems, or anything which would keep a lot of files open?
<rbasak> No
<lordcirth> rbasak, also, what Ubuntu version and kernel version?
<rbasak> 4.4.0-139-generic with livepatch
<rbasak> 16.04
<rbasak> I could just reboot
<rbasak> But I don't like doing that
<rbasak> Because I'd like to fix the problem for next time too
<rbasak> This is a desktop btw.
<lordcirth> rbasak, what's your uptime?
<rbasak> 175 days
<lordcirth> That's pretty long for a desktop
<lordcirth> What graphics drivers?
<JanC> maybe the live patching messed something up?
<rbasak> AMD
<rbasak> My graphics setup is pretty non-standard, so a leak there could be likely.
<rbasak> 01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Curacao PRO [Radeon R7 370 / R9 270/370 OEM] (rev 81)
<lordcirth> Updating your graphics drivers without a reboot can cause all sorts of problems.
<rbasak> I'd just like to know how to pin the leak down to something, if there's any such mechanism possible.
<lordcirth> That's beyond my skills. But I'd consider 175 days uptime on a desktop unreasonable and just reboot it
<JanC> also, this isn't the proper channel to discuss desktop issues maybe  ;)
<OerHeks> sudo canonical-livepatch status --verbose # gives fixes ""  ?
<lordcirth> True, I didn't even notice
<rbasak> JanC: yeah, maybe :)
<rbasak> I don't need any desktop specific answer
<JanC> maybe the kernel people can give some pointers
<rbasak> Just some help grokking kernel memory information, which isn't desktop specific
<rbasak> smem, etc
<OerHeks> if status says livepatch:  state: applied, you need to reboot anyway, and run ful-upgrade, there might be more kernels and patches waiting...
<OerHeks> 175 days ... awesome
<sarnold> rbasak: wow; are those counts going up over time?
<rbasak> sarnold: AFAICT, yes.
<OerHeks> rbasak, what is the output for inodes: df -i
<rbasak> OerHeks: looks OK. I don't want to paste that (privacy) but apart from snap loopback devices (squashfs), the highest IUse% is 36% for /, so I don't think it's that.
<OerHeks> oke, just checking.
<rbasak> I appreciate the thought :)
<OerHeks> then livepatch should be the culprit, AFAIK, waiting
<rbasak> Earlier I sent SIGSTOP to firefox and snap related process, so I can't run livepatch right now.
<rbasak> (since they were causing the thrashing)
<rbasak> I could resume the snap ones I guess now that I've added swap
<rbasak> I'm quite sure rebooting will fix the issue, but I'd prefer to find bugs before I remove all the evidence :)
<JanC> it might be useful to talk to the kernel and graphics devs
<rbasak> Hmm.
<rbasak> "canonical-livepatch status" hangs, but I don't know if I caused that by interfering with it earlier.
<TJ-> rbasak: can you scan /proc/[1-9]*/pagemap to discover where the memory is allocated?
<rbasak> TJ-: I don't think it's allocated to any process
<rbasak> TJ-: based on smem output from https://pastebin.ubuntu.com/p/svVbxh7k9m/ earlier
<sarnold> rbasak: can you get bcc tools on this system? https://github.com/iovisor/bcc/blob/master/tools/memleak_example.txt
<sarnold> rbasak: if not, perf trace can probably do a similar job, but these are nice tools :)
<rbasak> sarnold: is that packaged? :)
<OerHeks> https://github.com/iovisor/bcc/blob/master/tools/memleak.py
<OerHeks> easy peasy
<TJ-> rbasak: ah, does "smem -w" confirm its kernel mem ?
<rbasak> Looks like it is packaged but only from Bionic :-/
<rbasak> TJ-: right - it's under 'kernel dynamic memory'
<sarnold> rbasak: hey it is! :D bpfcc-tools
<sarnold> rbasak: haha, thanks, I hadn't realized it'd been packaged up yet.
<TJ-> rbasak: "smem -m | tail" might help a bit more
<rbasak> Biggest is <anonymous>                                120    38624  4634930
<rbasak> What are the units?
<TJ-> "smem -m | head -1" :) == " Map                                       PIDs   AVGPSS      PSS "
<rbasak> I did look there! Those aren't units I understand.
<TJ-> The unshared memory (USS) plus  a  process's  proportion  of  shared  memory  is
<TJ->        reported as the PSS (Proportional Set Size).  The USS and PSS only include physical memory usage
<TJ-> "man smem"
<rbasak> Those still aren't units!
<TJ-> rbasak: not my fault!
<rbasak> OK, but my question still stands then :)
<TJ-> rbasak: I'd guess kB the same as free reports?
<rbasak> TJ-: as long as it's not "pages" or something, then that's only ~5G so not my leak :(
<TJ-> rbasak: it is infuriating when it doesn't say
<rbasak> Agreed!
<TJ-> rbasak: use "-k" it shows the units
<rbasak> <anonymous>                                120    36.0M     4.2G
 * TJ- hugs the man-page
<TJ-> rbasak: so no help there then
<compdoc> so gay
<TJ-> compdoc: if you are, so what?
<rbasak> I backported Bionic's bpfcc to Xenial.
<rbasak> But I get
<rbasak> $ sudo /usr/sbin/memleak-bpfcc -o 60000
<rbasak> /virtual/main.c:18:1: error: could not open bpf map: Invalid argument
<rbasak> is maps/stacktrace map type enabled in your kernel?
<rbasak> It might be time to give up.
<rbasak> Thanks to everyone for trying :)
<OerHeks> :-)
<mwheeler-> I just did a fresh install of lanscape on ubuntu 16.04, and when I try to register computers, they won't register and there's a "missing/invalid csrf token" error in the server logs.. google search turns up nothing.. any ideas?
<OerHeks> maybe a strict setting in firefox/chrom(ium), https://get.todoist.help/hc/en-us/articles/208951085-CSRF-token-error-messages
<mwheeler-> OerHeks: the weird thing is that I get the error when trying to register a computer with the landscape-config command
<mwheeler-> so landscape client can't talk to landscape server .. getting CSRF error
<TJ-> mwheeler-: are you having to go through a proxy?
<mwheeler-> nope, no proxy, and both client and server are on the same L2 subnet
<mwheeler-> they're VMs on the same host
<TJ-> can you tell if the token is missing, or invalid - the latter could mean multiple connections causing confusion, the former I'm not sure what
<mwheeler-> good question.. I didn't pay that close attention to the tcpdump.. I'm blowing away the VM right now and rebuilding it just to see if there was something screwy with it.. it was my general "use and abuse" server when I needed to test something
<TJ-> mwheeler-: it sounds like the kind of error coming up from a library, most likely Python
<mwheeler-> TJ-: yeah, in the log message I see zopepublication.py .. so it is likely further down in the stack than landscape
<TJ-> mwheeler-: "zope" look to be the underlying framework they're using
<mwheeler-> yep
 * TJ- recalls trying Zope some years ago and running away, scared
<mwheeler-> I feel that way about most web frameworks
<JanC> CSRF token issues might be a result of an ad blocker or such (blocking cookies or whatever)
#ubuntu-server 2019-05-25
<Greyztar> hello,setup an swap disk and added to fstab,then did mount -a but swap didnt activate,after i reboot it did though is that normal?I know i could swapon just thought by mount -a with the swap options in fstab it should activate?
<OerHeks> sudo swapon --all https://help.ubuntu.com/community/SwapFaq
<Greyztar> ahh thank you OerHeks (,")
#ubuntu-server 2019-05-26
<neildugan> I have a small set of five computers using a NFS file server.. I would like setup to allow anyone to use any of the computers so that when they login and get there own home directory etc.. to do this I thought I would setup a LDAP server, and remote mount a /home directory from the file server... is this basic approach feasible?
<tomreyn> neildugan: generally, yes, but you may run into other limiting factors, such as human preferences ("i want my own computer / keyboard / custom boot screen"), full disk encryption (limited amount of decryption keys), organisational standard compliance ("computer hardware must be attributable to a single user" for security reasons, or to facilitate user support). With an organization this small you may be more flexible, but considering
<tomreyn> these implications (and how they can become relevant should the organization grow later) can be worth it.
<neildugan> tomreyn, thanks for the info.. non of those are a concern atm.. the boss is more concerned with allowing people to play musical chars with computers.
<tomreyn> neildugan: hehe, looks like i'm far off reality.
<uzee> Hi, In the preseed config "d-i mirror/http/hostname string archive.ubuntu.com" is it possible to point to a local host with http?
<uzee> I've copied the entire contents of the ubuntu 18 server iso to a local machine and am trying to use that machine as the installation source in preseed, for e.g:
<uzee> d-i mirror/http/hostname string http://admin.mydomain
<uzee> d-i mirror/http/directory string /ubuntu/ubuntu18
<uzee> but the installer gives me an error saying "no kernel modules found" is having the iso copied locally not enough?
<technoob> Hi
<foo> Having a strange issue with /dev/urandom, I believe: https://github.com/pyca/pynacl/issues/327#issuecomment-491471402 - process hangs for 30 seconds to 1 minute. It's causing process to overlap. I'm beginning to run out of ideas and getting desperate, wondering if anyone here has noticed this on a digital ocean droplet before - thank you
<blackflow> !info haveged | foo: install this
<ubottu> foo: install this: haveged (source: haveged): Linux entropy source using the HAVEGE algorithm. In component universe, is extra. Version 1.9.1-6 (bionic), package size 28 kB, installed size 72 kB (Only available for linux-any)
