#ubuntu-server 2006-07-17
* Starting logfile irclogs/ubuntu-server.log
<gapz> 'lo
* Starting logfile irclogs/ubuntu-server.log
<A-Kaser> poy poy
<gapz> hi A-Kaser
<Stonekeeper> hi. Does anyone know how to send bind9 startup debug info to syslog? It's not resolving hostnames and I'd like to check it's reading in the dbs correctly. Thanks.
<infinity> It should by default be logging to daemon.log anyway.
<infinity> Unless you mean you want more verbosity.
<infinity> If you want increased verbosity or to run it in the foreground instead of as a daemon, etc, try the manpage... named(8)
<Stonekeeper> ah, i was trying bind(8)
<Stonekeeper> thanks
<Stonekeeper> ok, it seems like it doesn't like my db files in a subdirectory. anyone else have this problem? Or should i just chuck everything at the top level (/etc/bind/) ?
<A-Kaser> what is the error ?
<Stonekeeper> loading master file master/db.10.7.0: file not found
<Stonekeeper> master is in /etc/bind
<A-Kaser> named-checkconfig
<Stonekeeper> named-checkconf returns nothing
<A-Kaser> you use chroot ?
<Stonekeeper> no i dont think so
<Stonekeeper> ah i see
<Stonekeeper> thanks. I was transfering old configs over. I see what the problem is now
<A-Kaser> :)
<infinity> Stonekeeper: bind's working directory is /var/cache/bind, is it not?  So anything not there needs to be specified as an absolute path.
<Stonekeeper> infinity: ah right. I've coded in the path, just like the given dbs
<Stonekeeper> the only thing that's foxing me is that named is complaining that it doesn't have permissions to the files, yet, bind owns them. Am checking it out right now
<Ries> morning/afternoon folks
<Stonekeeper> afternoon
<Kelerion> hey guys
<Kelerion> has anyone here had any experience installing ubuntu-sparc on the new t2000 niagara servers yet?
<A-Kaser> no
<Ries> Kelerion: I whish :)
<Kelerion> can't get the damn thing to install ubuntu-sparc on.. keeps locking up at the partitioner... hmph
* Starting logfile irclogs/ubuntu-server.log
<fabbione> Kelerion: i do run it on the t2000
<fabbione> Kelerion: and it works just fine...
<Kelerion> fabbione: am trying to install it from the ubuntu-sparc iso.. but it's stopping on the partioner.. I see theres some bugs on the bugs.ubuntu.com site... any suggestions?
<Ries> Heu guys, I have a question... a client (really true) did a chown on the root of the FS, is there some utility that can restore permission settings on ubuntu server 6?
<fabbione> Kelerion: no. works fine here both from iso and netinstall. If you have specific bug numbers please tell them.
<Kelerion> yeah.. it's this one... identical problem: https://launchpad.net/distros/ubuntu/+source/debian-installer/+bug/50056
<fabbione> Kelerion: never seen anything like that
<fabbione> Kelerion: i suggest you boot in expert mode
<fabbione> and right before the partitioner just to console
<fabbione> dd if=/dev/zero of=/dev/sdX count=1 bs=1024
<fabbione> do it for all the disks in system (assuming you can do it)
<fabbione> to clean up the partition tables
<fabbione> (MAKE SURE YOU KNOW WHAT YOU ARE DOING)
<fabbione> and run the partitioner again
<Kelerion> ok.. good idea... trying it now
<fabbione> Kelerion: be aware that /dev/sdX will destroy the data in the disk
<fabbione> in theory you need to clean up all the disks in the system
<Kelerion> yeah.. it's alright... theres nothing on there at the moment... have already wiped the drive once to do a gentoo install after I ran into this problem
<fabbione> how many drives you have in that box?
<Kelerion> 2
<fabbione> because i wonder if the partition table on the other one is making problems
<fabbione> i guess you have the solaris one and installing on the other
<Kelerion> I did have an idea about taking one out.. in case it was a hardware raid issue.. but wasn't sure if that'd fix things
<fabbione> if so instead of wiping solaris
<fabbione> raid hw? how did you manage to configure it?
<fabbione> actually
<fabbione> hw raid hasn't been tested at all
<fabbione> because my ALOM doesn't support it
<fabbione> and i couldn't find the fw that does that
<Kelerion> I haven't done anything with it.. was just an idea
<fabbione> ah ok.. it's not configured by default
<Kelerion> ahh ok
<fabbione> just unplug the solaris disk
<fabbione> and wipe the boot sector of the other
<Kelerion> I've probably wiped out all partitions on both drives after the amount of messing around I've already done.. lol
<Kelerion> ok.. starting the expert install now
<Kelerion> ok.. done the language, keyboard and cdrom parts of the install..
<Kelerion> do I want to load the preseed file?
<Kelerion> ok.. this sounds like a dumb question even to me.. but wheres the partitioner option on the install menu gone?
<Kelerion> *thinks he shouldn't have loaded the preseed file*
<Kelerion> ok.. /proc/partitions is empty
<Kelerion> must have been something I did before
<Kelerion> ok.. will try and walk through the expert mode.. see what happens now... if still nothing.. will pull one of the drives
<fabbione> you need to get to load extra installer modules before you can see the disks
<Kelerion> ahh
<fabbione> as i said you need to get to the partitioner step without entering it
* fabbione -> bed
<fabbione> good night
<Kelerion> thanks for the ideas :)
<Kelerion> rest well
<gapz> bye !
#ubuntu-server 2006-07-18
<NineTeen67Comet> g'day all .. Anyone in here privy to running Gallery2 as installed by apt? .. I've manually ran it for years, but never let the OS install it for me then use it ..
<NineTeen67Comet> And .. is there a reason there is no ssh server default install for Ubuntu-Server? It went really nice, except I had to find apt-get's keyword for sshd .. it's all up now (sept my hard drives for the sites look like they didn't handle the change in servers quite so well ..
<NineTeen67Comet> Aarrg .. Switching distro's has made my firing up Apache with all my sites not fun .. I created my own file inside /etc/apache2/sites-enabled .. then told /etc/apache2/apache2.conf to seek that file Include /etc/apache2/sites-enabled/justinsteiger.conf .. it's a replica of the 000-example.conf page that was there .. just made sure the directories reflected, and such .. then /etc/init.d/apache2 reload .. leads to a plethora of unha
<NineTeen67Comet> like
<infinity> apache2.conf includes the sites-enabled directory by default.  Explicitely including a file from there as well will lead to it being included twice.
<NineTeen67Comet> Well .. it's only mad about the server name now .. using the servers ip address instead .. Do I ca
<NineTeen67Comet> Do I need to add my server's name in the apache2.conf file spacificly? Or can I edit /etc/hosts /etc/hostname or what not?
<infinity> Is it complaining that it can't reverse resolve your IP?
<NineTeen67Comet> infinity: okay, I'll toss the # I put on there and take mine away ..
<infinity> If so, you should add it to /etc/hosts, yes.
<NineTeen67Comet> infinity: okay .. thank you .. hope this'll get the sites visible again .. mysql is next on my firing line ..
<NineTeen67Comet> It tells me now .. [Tue Jul 18 23:34:28 2006]  [warn]  NameVirtualHost *:0 has no VirtualHosts
<NineTeen67Comet> I think it's reading the 000_example.conf file now too ..
<infinity> You mean 000-default?
<infinity> "a2dissite default"
<NineTeen67Comet> K .. # out the original and un-# my line with just my file .. it's all good now ..
<NineTeen67Comet> yeah 000-default
<infinity> Yeah, the whole point of "sites-enabled" is to be a symlink farm back to ../sites-available ... You can add/remove the symlinks manually, or use a2ensite/a2dissite to do so for you.
<infinity> Yes, I realise it's unintuitive for people used to a monolithic httpd.conf, but it makes perfect sense to those of us who've had to deal with sites with hundreds/thousands of vhosts.
<NineTeen67Comet> aha okay .. I haven't read up on a2ensite etc ..
<NineTeen67Comet> I see it's usefullness .. So I build new vhost.conf files in available then use a2ensite to add them to sites-enabled? .. one vhosts page per site?
<infinity> Well, whatever works for you, really.
<NineTeen67Comet> infinity: I only run at most 10 sites for people, so it's not too bad to go in and # out the vhost lines .. but if I can  do it all with a few commands, that's perfect'er ..
<infinity> On some hosts, I use one per site (www.foo.com, site2.foo.com, www.bar.com, etc), on others I'll use one file per domain (www.foo.com and site2.foo.com both in the "foo.com" file), and on some sites, I use on file per customer, with all their sites in there...
<NineTeen67Comet> I still don't get it .. my default site (let alone all the others) is still not coming up .. No errors etc .. I just dunno ..
<infinity> And some people just ignore the whole thing entirely, stop using the includes, and dump everything in the default site, or whatever.
<infinity> It's intentionally flexible, so you can bend it to your needs.
<NineTeen67Comet> infinity: I'll probably go the single file per client idea .. easier to edit I think .. for my small stuff anyhow ..
<NineTeen67Comet> Is there something else I need to change to get Apache running? I went into apache2.conf and other then the admin email the sites-enable directory is all I needed to change .. The server is still stock (as far as Ubuntu-server LAMP goes) ..
<NineTeen67Comet> If I use the external ip for my router (210.233.209.40) all comes up roses, but the URL doesn't work .. could it be my dynamic ip people? they have the correct IP address ..
<infinity> How are you doing vhosting?
<infinity> NameVirtualHost *
<infinity> <VirtualHost *>
<infinity>  blah blah
<infinity> </VirtualHost>
<infinity> ?
<NineTeen67Comet> infinity: Well, I had just edited/copied the 000-default.conf file .. or is that pointing to my vhost files? .. I need to read it more I think ..
<infinity> If you have a dynamic IP, you almost certainly don't want to be using "NameVirtualHost 1.2.3.4:80", or any other such craziness.
<NineTeen67Comet> infinity: I've been using NameVirtualHost *:80 .. for years .. I just looked and all it had was NameVirtualHost * .. I'm in there now reading up to make sure I didn't over simplify what it needed ..
<infinity> So, what hostname(s) should be working there?
<infinity> http://210.233.209.40/ shows me a site at any rate.
<NineTeen67Comet> Yeah that's the 'default' site .. I'm justin and I run a few other sites for people off the little server I've got .. I've been using Gentoo for a few years (got tired of things breaking with each upgrade) ..
<infinity> The others I see listed from that page all resolve to 210.233.218.6
<infinity> Which I suspect is your problem.
<infinity> Your IP seems to have changed.
<NineTeen67Comet> The others .. hum .. No the IP is good but afraid.org might not have updated them all .. lemme check with them ..
<NineTeen67Comet> Yeah something is fishy then .. afraid.org shows all the sites as pointing to 210.233.209.40 ..
<NineTeen67Comet> It's been like this for a few weeks (same ip) .. Maybe they are broken or something .. I'll pop an e-mail off and check ..
<NineTeen67Comet> n'kay .. e-mail fired off .. Hope that's not it, cuz I've TOTALLY redone my server because of this .. lol
<infinity> Well, I can tell you what IP those resolve to from here, and it's 210.233.218.6, so...
<NineTeen67Comet> Yeah .. I told them that .. Hopefully they'll be quick'ish .. They have been great in the past .. (they meaning "him") ..
<NineTeen67Comet> Thanks for your time . off to work for this guy .. take care ..
<Stonekeeper> hi. Which dhcp server do people here use? The ISC one seems very old. Thanks.
<Stonekeeper> ah, i see there's a dhcp3-server :)
<NineTeen67Comet> Hi all .. recently fired up my LAMP Ubuntu Server and am now trying to get CUPS to play nice with the Printer port attached printer (and share it) .. but the how to I found is lame at best .. so far .. any good links for a headless printer sharing how to?
<RShadow> any amavis-new wizards here?
<lionelp> RShadow: what is your question ?
<RShadow> lionelp, I'm getting this error (amavis[10592] : (10592-01) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20060718T110236-10592/parts: lstat() failed. ERROR\) and I don't have a clue where to start
<lionelp> RShadow: adduser clamav amavis
<RShadow> lionelp, I did
<lionelp> RShadow: on all the parts
<RShadow> lionelp, what do you mean all the parts?
<lionelp> On all the messages you have this error
<lionelp> or only sometimes
<RShadow> lionelp, all the messages
<J_P> hi all
<lionelp> RShadow: you restarted clamd after adding the user clamav to the amavis group ?
<RShadow> lionelp, I prolly didn't.. let me give that a try.. right now I think I have a bigger issue.. I think my fs has become corrupt.. errr.r.. I hate virtual servers
<mpathy> Hi there..
<mpathy> First a little survey: Whats the best filesystem for a Server? ;)
* Stonekeeper hides from the ensuing flamewar
<mpathy> hehe are their so much? :)
<mpathy> only want to know if ext3 reiserfs or xfs :)
<mpathy> And another question: I want to get my ubuntu-server on my rootserver.. Thought about installing it here on my laptop on a seperate partition configuring it, and then uploading that to my rootserver - is it a good idea? And if no, do someone have a better one? ;)
<mpathy> -(first) my
<mpathy> my webserver is like that: http://a15197305.alturo-server.de/phpsysinfo/ and my notebook is a P4 2,45 Ghz - should work hmm? If I include all network drivers?
<lionelp> mpathy: you have a good article on file systems comparison on http://www.debian-administration.org/articles/388
<lionelp> there is no universal answer
<mpathy> And about my server installation "idea"?
<mpathy> Nowhere you get ready images for Ubuntu.. *sigh*
<mpathy> at rootserver providers
<mpathy> lionelp: Okay, XFS was also a choice of me.. ;)
<mpathy> Whats about my idea of installing Ubuntu Server on my home computer and uploading the whole filesystem to my server?
<mpathy> Because of my problem of not having a provider who installing my Ubuntu Server for me..
<lionelp> I understand your problem
<lionelp> it depends on what kind of access you get
<mpathy> I have a rescue system.. Debian one, I think
<mpathy> and I can also install Debian Sarge Minimal and Suse via web interface
<mpathy> shell.. and a backup ftp in the same size as my hard disk
<lionelp> mpathy: the rescue system is network bootable ?
<lionelp> or it is another partition ?
<mpathy> its network bootable. I think :)
<mpathy> I didnt see another partition
<mpathy> than mine
<mpathy> right now it runs already a server, on a Debian Sarge as you see in my link above.. but I want to start over and install my server new but with Ubuntu.
<mpathy> in my link above you also see the partitions right now
<lionelp> I would use debootstrap instead of doing an image personnaly
<lionelp> but you can try your method :)
<mpathy> how I debootstrap ubuntu-server? i want it exactly as the configuration on the cd ;)
<mpathy> 3rd and probably easiest method would be, install the debian minimal system and change sources.list to ubuntu and make a dist-upgrade.. but thats a again no "ubuntu server" installation..
<mpathy> if I debootstrap:  sudo debootstrap --variant=buildd --arch i386 dapper /something/ http://archive.ubuntu.com/ubuntu/ - or is there a special URL for ubuntu-server
<lionelp> There is no special URL for Ubuntu-server
<lionelp> Ubuntu-server CD install ubuntu-minimal and ubuntu-standard
<lionelp> (meta packages)
<mpathy> lionelp: But there must be something special, or do you want to tell me its the same setup as if I use a Ubuntu CD and type server at start?
<lionelp> it is exactly the same
<lionelp> the only difference is the kernel installed by default and the CD content
<mpathy> btw funny package selection via debootstrap.. Is it possible that it wants to install alsa drivers, but for example no "man"?
<mpathy> lionelp: really? :/ thats something I can handle without a special CD.. so its only the name..
<lionelp> once you have debootstrap, apt-get install ubuntu-minimal and ubuntu-standard
<lionelp> install the server kernel
<lionelp> grub
<lionelp> and that's it
<mpathy> lionep: and thats the same package selection as on Ubuntu-Server
<mpathy> ?
<mpathy> and whats the difference between linux-image-server and linux-server? only the name?
<Ries> is there a tool to restore user permissions across a filesystem??
<mpathy> and what are these harden-* packages? are they useful?
<lionelp> sorry mpathy
<lionelp> yes, that is the same selection as on Ubuntu Server installation with what i told before
<lionelp> linux-server depends on linux-image-server
<lionelp> thare are empty meta packages
<mpathy> so linux-server is always right? ;)
<lionelp> yes
<lionelp> I do not use the harden packages personnaly
<mpathy> lionelp; are these harden-* packages useful? i found them right now
<lionelp> be carefull, they come from universe, which means no officiel security support
<mpathy> ah okay.. hmm yes I think I know myself what ports should be open and which not.. or whatever they are supposed to be ;)
<mpathy> they are in debian also.. but okay I decided not to use them
<mpathy> hmm.. it looks like I am ready to go ;)
<mpathy> only one question - on the cd there is an option "Install LAMP server" - which packages does this install? Apache2, mod_php, php5 mysql5?
<lionelp> yes, it is only an apt-get install at the end
<lionelp> I am not sure to remember the exact line
<mpathy> lionelp: where can I check it? is the sourcecode somewhere?
<lionelp> don't know
<mpathy> okay.. but I think its sth like that
<lionelp> it is something like
<lionelp> apt-get install mysql-server apache2-mpm-prefork libapache2-mod-php5 php5-mysql mysql-client
<A-Kaser> poy poy
#ubuntu-server 2006-07-19
<A-Kaser> poy poy
<screeb> hi !
<screeb> I'l looking at UbuntuServerTasks wiki: don't you think slapd should be linked to a "Directory" task instead of "Authentication server"
<[Grendel] > Hi, i would like to know why there is alsa support in the server version?
<[Grendel] > who needs alsa on a server?
<lionelp> [Grendel] : yes there is alsa support in server
<lionelp> some people needs alsa on the server, not me, but some
<lionelp> that was a choice
<lionelp> screeb: Most of people who have a LDAP directory, it is for network authentication, not for Directory purposes
<lionelp> Maybe a Directory can be added
<lionelp> but I think it's fine to keep a "Authentication Server" item
<maswan> We only have ldap for directory (/etc/passwd), authentication is done via kerberos
<A-Kaser> kerberos or radius
<A-Kaser> rarely direct to LDAP
<A-Kaser> may be in proftpd, or libapache auth ldap
<screeb> lionelp: thanks
<screeb> (but I don't agree :p )
<NineTeen67Comet> samba and cups where created by the most evil people in the world I believe ..
<NineTeen67Comet> I'm fighting with getting samba/cups to work (first cups then samba if possible) .. https://help.ubuntu.com/ubuntu/serverguide/C/cups.html . is where I'm reading and it's missing stuff I think ..
#ubuntu-server 2006-07-20
<NineTeen67Comet> I know I need to change something to allow my access to my server to work on cups (normally https://localhost:631 ) .. I need to access my server through my network but https://192.168.0.2:631 isn't working .. help?
#ubuntu-server 2006-07-22
<A-Kaser> Hello
<shambala> hoal a todos
<Ries> Hola shambala
<shambala> alguien de mexico df
<Ries> shambala: I am just a humble dutch guy
<shambala> ok
#ubuntu-server 2006-07-23
<omarkj> Anyone here a dovecot IMAP/POP3 server user ?
<omarkj> I'm having problems using mySQL (or for that matter postgreSQL) to authenticate users.
<omarkj> It's reporting that the type (sql) is not known, but I believe that the dovecot ubuntu package is compiled with mySQL support.
#ubuntu-server 2007-07-16
<pushpop> any1 around
<Burgundavia> pushpop: yep
<BFTD> hey
<BFTD> how do I use make-kpkg
<BFTD> >
<BFTD> is it like
<BFTD> sudo make-kpkg kernel_name ?
<Burgundavia> BFTD: feisty?
<BFTD> yes
<Burgundavia> it does use kpkg
<BFTD> make: *** No rule to make target `menuconfig'.  Stop.
<BFTD> I get that error
<fernando> moin all
<jdstrand> dendrobates, I read the "time to get onboard" email on ubuntu-server the other day.  I have a question regarding LDAP authentication.
<jdstrand> dendrobates, I have been working with kerberos (heimdal) and ldap for an authentication/authorization system, and have some ideas regarding how this could be implemented with ubuntu-server.
<jdstrand> dendrobates, I'd like to know what type of authentication/authorization system you are hoping to authenticate with.
<jdstrand> dendrobates, obviously, there are many choices in how to go about this, but I was thinking that if you had a long-term goal of providing an authentication/authorization server (eg apt-get install auth-server), then the client packages could be tailored towards that.
<jdstrand> dendrobates, they would of course be adjustable to work with other systems.
<jdstrand> dendrobates, my current feeling is that for maximum security, kerberos is used for authentication, and ldap for authorization.  That way sensitive information can be left out of the LDAP server.
<jdstrand> dendrobates, I am currently using this setup on a small LAN with workstations and laptops, and it is working fairly well.
<jdstrand> dendrobates, I say fairly, because there a couple of small issues with disconnected users, when the user is on a network, but can't reach the auth server (it works, but is slow).
<jdstrand> dendrobates, anyway, bottom line, I have gone through the ldap/kerberos maze and understand what needs to be done and would like to help.
<jdstrand> dendrobates, interestingly, with a few backported packages from feisty, you can get all this to work on dapper too.
<dendrobates> jdstrand: the current spec just wants to put some basic packages together.
<jdstrand> dendrobates, as in something like 'apt-get install auth-client'?  Then it gets all the required packages, but lets the user configure them as needed?
<dendrobates> jdstrand: kerberos is something that needs to be tackled, but it is a Gutsy+1 issue, *hopefully* 
<dendrobates> auth-client would depend on ldap-auth-client-config, which would use debconf
<dendrobates> I do plan on a ldap-authentication-server eventually.
<jdstrand> dendrobates, so you want to leave out kerneros entirely for now?
<jdstrand> s/kerneros/kerberos/
<dendrobates> jdstrand: only because of the timeline for gutsy.
<jdstrand> dendrobates, I guess what I am really getting at is that the whole LDAP/Kerberos thing is complicated, and there are many, many ways to implement it, and perhaps targetting a long term goal for some of the short term goals, would make some of the work easier.
<ScottK> jdstrand: Do you have some short term goals that have very little risk of impacting something else that you can suggest?
<jdstrand> dendrobates, eg if we knew we wanted an UbuntuDirectory typoe of thing, we oculd work on kerberos and LDAP and have the client packages bring in everything for that.
<jdstrand> my personal short term goal would be to have kerberos (better) supported in gutsy.  The pieces are there in feisty (eg, no patches are needed AFAICT so far)
<jdstrand> The issue is that pam and nss need to be adjusted in different ways depending on if you are authenticating against ldap or kerberos.  I was just trying to see if there was a long term goal for the authentication/authorization server, we could save some time on the client stuff.
<jdstrand> cause the client packages would be looking to work with the authentication server
<jdstrand> as an aside, better supporting kerberos should allow for easier use of ubuntu with AD.
<dendrobates> jdstrand: I have the idea that once we do the ldap-client portion, we can use that as a model to do the rest.
<ScottK> I think now is the time to be defining the long term goals, but I just got here too.
<soren> 3/win 22
<soren> Um...
<jdstrand> dendrobates, hmmm... but there are so many client choices.  Would you agree that if we had an idea of the type of authentication server that was to be implemented, it might make it easier to define the client?
<jdstrand> dendrobates, because if we say to define an ldap client, that makes a presupposition that down the line passwords will be stored in ldap.  Maybe that is what is wanted, but maybe it isn't.
<dendrobates> jdstrand: I don't think we can assume we will be connecting to an ubuntu server, we should try to support the most common use cases in businesses first.  imho
<jdstrand> dendrobates, this means extra work and configuration for single sign on
<jdstrand> dendrobates, I absolutely agree with your last comment.
<jdstrand> dendrobates, what do you see as the most common use cases?
<jdstrand> dendrobates, which really gets back to my original question...
<ScottK> Which is why it's convenient that one of the steps in writing an Ubuntu spec is defining the use cases...
<dendrobates> jdstrand: AD for sure, than perhaps NDS, SUN, or redhat's openldap,  I'm not totally sure
<jdstrand> dendrobates, for AD, you will need kerberos...
<jdstrand> dendrobates, at least, as I understand it
<dendrobates> ScottK, that is certainly true.  The only reson this spec is so narrow, is because I want to be able to complete something for Gutsy.  I expect this to be rolled under a more comprehensive spec later
<ScottK> Right.  I wasn't suggesting changing the current spec, just start writing the comprehensive one.
<jdstrand> perhaps then it would be good to have somehting like: auth-client-redhat, auth-client-nds, auth-client-ad, auth-client-sun, auth-client-ubuntu
<jdstrand> perhaps all of those don't need to be separate, but you get the idea
<jdstrand> perhaps those are separate packages, or separate debconf choices..
<jdstrand> i am just brainstorming here
<dendrobates> that is kind of what I have in my head.  perhaps an external program that will for the /etc/pam.d config stuff, for debconf, like we do for inetd
<ScottK> User response would, of course, be: I don't want to pick.  I want it all.
<jdstrand> user can't always get what he/she wants  :)
<ScottK> Very true.
<jdstrand> seriously, I don't know all their implementations, but certainly you can't have work with AD and straight LDAP simultaneously
<jdstrand> perhaps down the road some sort of authentication profile could be in place, maybe with hooks in network manager or something, but not for this
<jdstrand> that is not a bad idea actually...
<jdstrand> but still not for this
<jdstrand> dendrobates: well with what you described, there is nothign saying there couldn't be a auth-client-kerberos package/debconf option
<jdstrand> dendrobates, when you said 'like we do with inetd', are you talking about 'update-inetd'?
<dendrobates> just the fact that inted uses a separate app to do that.
<jdstrand> dendrobates, has work been started on any of this?
<jdstrand> eg has that app been started?  a preliminary package put together?
<jdstrand> dendrobates, just thinking I could look at what has been started and jump in
<nealmcb> I'm on the road, haven't read all of this conversation and have to take off now, but I'm very interested in helping make ubuntu authn work well, including kerberos et al.  Thanks, jdstrand and all.  And dendrobates, I'll chime in on your email question also probably tomorrow when I get home....
<nealmcb> talk to you later
<necrite_> hi
<necrite_> anyone here use NFS with one rw directory with more than 500g?
<ivoks> i do
<ivoks> i think i do... let me check
<ivoks> yes, i do
<necrite_> lol
<necrite_> how many g?
<padwan> 990G
<necrite_> OMG
<ivoks> 2T
<necrite_> :D
<necrite_> oks oks 
<necrite_> :D
<ivoks> 2,3 to be exact :)
<necrite_> lol
<jdstrand> dendrobates, I started scripting auth-client-config today
<jdstrand> dendrobates, I thought it should be named auth-client-config instead of ldap-auth-client-config, since it doesn't have to be just for ldap
<miles> what is the name of the tool that installs lamp for you on ubuntu-server?
<Burgundavia> miles: tasksel
<miles> thanks
<dendrobates> jdstrand: I created the package last week.  It should be available soon.
<jdstrand> dendrobates, right now it can update nsswitch.conf with rudimentary settings for ldap and kerberos
<jdstrand> you wrote ldap-auth-client-config?
<jdstrand> dendrobates, the script that will be used to actually update nsswitch.conf and pam?
<jdstrand> dendrobates, or whatever you are calling it.  you wrote it already
<jdstrand> dendrobates, ?
<dendrobates> jdstrand: I created the meta package only that depends on the other packages.
<jdstrand> dendrobates, whew-- I thought I just wasted a bunch of time.  :)
<dendrobates> jdstrand:  What are you writing it in?  debconf?
<jdstrand> dendrobates, no-- the script that will actually do the legwork of updating nsswitch.conf and pam
<jdstrand> dendrobates, ie, the update-inetd equivalent for auth-client (or whatever you named it)
<dendrobates> I am going to create another package, ldap-auth-config, that will own ldap.conf and nssswitch.conf.
<dendrobates> The script should also be in that package.
<jdstrand> dendrobates, ok.  but isn't nsswitch.conf in base-files?
<ajmitch> hi
<dendrobates> ajmitch: hi
<ajmitch> dendrobates: so you're going ahead with your plans for the client configuration
<jdstrand> dendrobates, well, I keep plugging away at it, it won't care who owns the files.
<dendrobates> ajmitch: it is not really client configuration.
<ajmitch> right, ldap-auth-client-config just seems to imply that
<dendrobates> ajmitch: I am trying to fix libpam-ldap and libnss-ldap.
<ajmitch> a worthy goal
<jdstrand> dendrobates, the nsswitch.conf part is working well so far, and I have the infrastructure to update other files, so adding pam in won't be too hard.  I should have something in a few days (at most).
<dendrobates> That is intended to pull functionality out of the current packages and put it in a central package.
* ajmitch most likely won't be there for the meeting
<jdstrand> dendrobates, what are you chaning in libpam-ldap and libnss-ldap?
<dendrobates> It is not intended to be a cli or gui.
<ajmitch> meeting is 15:00 UTC, right?
<dendrobates> look at the design section of https://wiki.ubuntu.com/LDAPAuthentication
* ajmitch was confused by the wiki changing it to local time already
<ajmitch> s/design/implementation/ I hope
<dendrobates> yeah ;)
<dendrobates> Just so you know, I'm functioning at about 15% of brain capacity today due to jet lag.  I will make more sense tomorrow.
<ajmitch> just got back from london?
<miles> I am about to try and install subversion, i have installed apache2, subversion, and libapache2-svn
<dendrobates> ajmitch: I read your spec and looked at the code, and I don't think these are conflicting projects.  I want to fix the packages.  You want to provide a ui.
<ajmitch> yes, most of what I wrote was code to handle mangling pam & nsswitch.conf
<ajmitch> which doesn't matter what pam or nss modules are used
<ajmitch> if there are useful interfaces for managing ldap configuration, etc, I'm all for it
<dendrobates> ajmitch: We should have a discussion on another day, about what functionality should be where.  what dpkg-reconfigure should do and what auth-tool should do.
<ajmitch> definitely
<ajmitch> it was useful to be able to poke stuff into debconf & use dpkg-reconfigure krb5-config
<dendrobates> I'm just too out of it today to be useful.
<ajmitch> we may be able to find a more suitable timezone then :)
<miles> Question - is there a major difference between htpasswd2 and htpasswd?
<dendrobates> that's right you are on the other side of the world.
<ajmitch> which is why I doubt I'll be at the meeting at 3AM local time
<miles> im following this tutorial on setting up subversion with apache on ubuntu, it says use "htpasswd2 -cm yadda yadda" but i dont have htpasswd2
<miles> and its not in ubuntu repository
<miles> so is it ok to use htpasswd or am i missing something?
<ajmitch> most likely it's just renamed for apache2, use htpasswd
<miles> k thanks
<dendrobates> falling to sleep again.  I'll check back in a few.
<ajmitch> ok, see you later
<Innatech> So, I've run into an odd situation. I'm building a custom router. I have two 8GB CF cards fake-raided as a mirror. The mirror is subdivided into boot and root partitions. I then have two 2GB USB pendrives. The first holds /var , /etc , and /tmp and the second is swap. Dapper installs cleanly, but on the first reboot it cannot find an INITAB and stalls out with a runlevel: prompt. Where did I fail? 
<ajmitch> you can't have /etc separate from /
<Innatech> ah. Easy enough. Thanks! 
* Innatech runs off to repartition. 
* miles flexes because he got subversion working
<miles> ajmitch, did u make that up?
<ajmitch> miles: no?
<miles> o, im just wondering how you knew that, thats amazing!
<ajmitch> there's no way that the partition with /etc can be mounted, given that you need /etc/fstab to get to it
<miles> logic, nice
<ajmitch> and to get to that point, you need the init scripts that are on /etc
<miles> yea
<miles> i feel like luke skywalker when obi-wan told him he just took a step into a bigger world
<Innatech> yup, same sort of feeling here. I should have realized the problem, but at least I know I'll never do that again. 
<Innatech> I'll have to script something on login to do what I want, which totally makes sense. 
#ubuntu-server 2007-07-17
<Judge> Are there any programs out there that assist in maintaining log files on a server
<Judge> I've been searching for one, but haven't had any luck.
* Starting logfile irclogs/ubuntu-server.log
<foo> Anyone going to Linuxworld by any chance? 
<wintermu1e> I'm having issues getting a usb2 wireless card to work on feisty server, but works fine on feisty desktop
<wintermu1e> the desktop is using the uhci usb2 driver, while the server is using ehci
<wintermu1e> are there an known issues with this?
<Burgundavia> wintermu1e: likely you need the restricted modules, which may not be instlaled by default
<wintermu1e> Burgundavia: actually, the CVS rt73 (what the card uses) works fine on the desktop.  I believe this is actually a USB issue, since its not in /proc/bus/usb/devices
<wintermu1e> I've compared the kernel configs of the two and they don't seem to be different wrt to usb though
<wintermu1e> hmm, wtf, those weren't usb2.0 ports
<ajmitch> hi stephanbuys 
<stephanbuys> ajmitch, good evening
<stephanbuys> dendrobates, ping
<dendrobates> stephanbuys:pong
<stephanbuys> dendrobates, hi there
<dendrobates> stephanbuys: hi
<stephanbuys> dendrobates, I thought it might be easier to discuss all of the auth stuff in the channel?
<dendrobates> stephanbuys: works for me.
<stephanbuys> dendrobates, it seems that we have a lot of the same problems we are trying to solve
<stephanbuys> dendrobates, this morning I discussed debconf and the configuration of the modules of interest with ajmitch
<dendrobates> stephanbuys, almost certainly
<dendrobates> 
<stephanbuys> it turns out his authtool already supports debconf (kerberos is configured through it)
<stephanbuys> and I'm actively trying to solve things like AD authentication at the moment :-)
<dendrobates> stephanbuys; I am looking at AD ad well.
<stephanbuys> dendrobates, then we _have_ to talk :-)
<dendrobates> stephanbuys: we are so behind other distros at this point, the task seems daunting.
<stephanbuys> I would much rather use a _sane_ debconf backend for authtool and be sure the config files are not clobbered than use our current template file clobbers everything approach
<stephanbuys> hehe
<dendrobates> Yeah, it seemed like the best approach to me as well.
<rbrunhuber> Hello, does anybody know if it is possible to install ubuntu on a ich7r fakeraid level 5 setup?
<stephanbuys> dendrobates, although - looking at something like RedHat ES 5.0's authconfig, its not real rocket science
<dendrobates> the first thing I want to fix are the horrible libpam-ldap and libnss-ldap.
<stephanbuys> dendrobates, it does not seem to me that even RedHat uses something "intelligent" like debconf. they  basically just clobber the config files
<stephanbuys> agreed. 
<stephanbuys> debconf for those packages dont even work
<dendrobates> True, I think we can do better.
<stephanbuys> check https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/70146
<ubotu> Launchpad bug 70146 in libnss-ldap "[SRU]  libnss-ldap for edgy-proposed: Problem with LDAPS" [High,Fix committed]  
<dendrobates> we have the openssl issue as well.
<stephanbuys> ubotu, snap :-)
<ubotu> Sorry, I don't know anything about snap :-) - try searching on http://bots.ubuntulinux.nl/factoids.cgi
<stephanbuys> o - darn - a bot
<rbrunhuber> dendrobates: More support with all those libpam* things would be greatly appreciated. 
<stephanbuys> dendrobates, if I can recommend anything I would ask you consult the templates in the latest version of authtool (link provided on your whiteboard) and check the templates
<rbrunhuber> dendrobates: from my site I always fight with this.
<stephanbuys> we found those libnss and libpam configs to be sane and to work out of the box
<dendrobates> rbrunhuber: I worked as a ldap architect for years, so I know the padl tools well, I should be able to help.
<dendrobates> stephanbuys, How do you handle the /etc/pam.d/* files?
<rbrunhuber> dendrobates: after struggling a while it is happily running now.But I'll never touch it in years :-)
<stephanbuys> dendrobates, good question. I was meant to ping soren about that
<dendrobates> Is soren working on this?
<stephanbuys> dendrobates, but I will happily support pam through that mechanism in authtool
<stephanbuys> dendrobates, ajmitch suggested I consult with soren about it
<stephanbuys> dendrobates, to give you an idea it seems that RHES just overwrites the pam config files with their authconfig tool
<stephanbuys> (also written in python btw)
<dendrobates> and gpl'd, so we  could use parts if we wanted.
<stephanbuys> correct :-)
<dendrobates> I was thing a separate app, that could be called by any package. 
<dendrobates> pam.d configs are too complicated for debconf, imho
<stephanbuys> dendrobates, something like authtool ?
<stephanbuys> authtool already has command-line and gtk interfaces
* stephanbuys has been dreaming about a gtk-based pam management tool for ages :-)
<dendrobates> perhaps, but I was thinking lower level, sort of like what we do with inetd.
* stephanbuys looks confused
<dendrobates> it could be a part of the authtool, but it seems like it should be able to be called separately
<stephanbuys> dendrobates, enlighten me to the inetd mechanism please :-)
<dendrobates> I think its inetd-confg.  It is used by packages that need to add lines to the inetd.conf, so they can't clobber the file.
<stephanbuys> dendrobates, ah - ok 
<stephanbuys> I get the gist. Basically something like a configuration api
<dendrobates> we should never let packages directly edit /etc/pam.d/*
<dendrobates> yes.
<stephanbuys> ok
<dendrobates> But it is tricky.  There are hundreds of use cases.
<dendrobates> I don't think it can be done before gutsy, but I may be wrong.
<stephanbuys> hmm - is there a blueprint for this yet?
<dendrobates> No, it's just an idea bouncing around in my head.  
<stephanbuys> dendrobates, ok - I'll make a blueprint for it - perhaps its something we can look at
<dendrobates> I have a couple of very good programmers looking for something to do, may I can point them at this.
<dendrobates> I have to step away for a little while. I'll be back in a few.
<stephanbuys> dendrobates, ok - I have a question re password expiration
* stephanbuys will hang around
<dendrobates> ask it before I go.
<stephanbuys> dendrobates, I was wondering on how you plan to handle things like password complexity and password expiration
<stephanbuys> complexity can be managed with pam
<stephanbuys> (another feature for this tool)
<stephanbuys> but password expiration seems to be something that is catered for in shadow only
<dendrobates> but, a user could go around pam and set their password directly .
<stephanbuys> ok, so that remains a problem
<stephanbuys> as far as password expiration is concerned libnss should cater for shadow via ldap (although I have not tested it)
<dendrobates> openldap, supports expiration, via the rfc. openldap supports comlpex passwords through overlays.
<stephanbuys> which should (in theory) obsolete the need to libpam-ldap
<stephanbuys> dendrobates, ah - ok
<dendrobates> no we always need pam-ldap
<stephanbuys> dendrobates, then it becomes a matter of catering for client support 
<dendrobates> we have another problem.
<stephanbuys> the client (whether server or workstation) needs to notify the user of password expiration
<dendrobates> nss-ldap and pam-ldap are linked to openldap2.1 from 2004.  the server is openldap 2.3.
<stephanbuys> ugh
<dendrobates> that means we do not have full functionality in our clients.
<stephanbuys> thats a pretty big problem :-)
<dendrobates> this is because of openssl.  
<dendrobates> in openldap 2.4, gnutls will be supported. but it is in alpha now.
<stephanbuys> :-(
<dendrobates> redhat and novell, are not of the same opinion as Debian and have no problem linking to an openldap that is linked to openssl.
<dendrobates> so we have to do what we can and test to see just what is broken.
<stephanbuys> dendrobates, ugh - so one step at a time I guess. 
<dendrobates> yep
<stephanbuys> if nothing else I think we should cover some robust and sensible settings in the config of the tools through debconf
<dendrobates-afk> true.
<dendrobates-afk> be back after I get some breakfast.  Still a little jet lagged, so I woke up at 4:30, and went straight to work so as not to disturb the family.
<ScottK> If there is anyone here who is familiar with mysql source at all, Bug 105225 is probably an easy bugfix.
<ubotu> Launchpad bug 105225 in mysql-dfsg-5.0 "'flush tables with read lock' causes mysql server to deadlock" [Undecided,Fix released]  https://launchpad.net/bugs/105225
<ScottK> This is for a Dapper SRU.
<nealmcb> reminder: server team meeting in #ubuntu-meeting in one hour....
<nealmcb> https://wiki.ubuntu.com/ServerTeam/Meeting
<stiV> hi everyone ... i have a problem with some packages and an automatic installation that is being initiated by a bash-script that is being called in /etc/rc.local. when i start the script "by hand" in a normale console (or via ssh), everything works fine. that packages are being installed, no questions are asked (i adapted the /var/cache/debconf/config.dat for that) and everything works fine. but when the script is being start
<stiV> and postfix, postfix-policyd and clamav fail to install (--configure fails)
<stiV> is there any way to "simulate" an in- and output device?
<stiV> the script, that installs everything is being called from the script that is being started bei rc.local
<stiV> . /root/postinstall-slave.sh > /root/install.log 2>&1
<stiV> i already tried to set "DEBCONF_FRONTEND=noninteractive" and i also had to set "DEBIAN_FRONTEND=noninteractive" because update-inetd uses that variable, but nothing helps
<stiV> i'm out of ideas here ...
<stiV> there are many other packages that are being installed, and they all work (i had to adapt some of them, like ssl-cert)
<nealmcb> stiV: looks like the end of your first line was truncated
<nealmcb> after "is being start"
<stiV> i can see everything, but here is the rest: "(...) being started automatically, it has no input or output target"
<stiV> thx
<nealmcb> stiV: why are you installing things on every boot?  what commands are you using to do the installations? 
<nealmcb> and exactly what error messages are you getting?
<miles> hello all
<miles> i got a question about static ip's....
<stiV> it's a onetime boot script for an automatic installation of many machines
<miles> i edited /etc/network/interfaces and set my appropriate interface card to be static, however, it is still pulling dhcp
<miles> is there something i am missing?
<stiV> is it using dhcp even after you did /etc/init.d/networking restart ???
<miles> yes, it was fine yesterday, i came in today, couldnt find the server, so i connected locally, and it was pulling dhcp
<miles> we got a dhcp server on the network...some dummy set up the network that way here
<miles> im trying to ssh into the server right now to double check that file
<miles> yes this is my file right here
<miles> auto eth0
<miles> #iface eth0 inet dhcp
<miles> iface eth0 inet static
<miles> address 192.168.2.118
<miles> netmask 255.255.255.0
<miles> network 192.168.2.0
<miles> broadcast 192.168.2.225
<miles> gateway 192.168.2.1
<miles> sorry to flood
<miles> i just commented out eth0 being dhcp, maybe i should just delete that line altogether?
<dendrobates> Ubuntu Server team meeting in 5 minutes in #ubuntu-meeting
<stiV> try to use only address netmask and gateway, everything else is clear from that parameters
<miles> k, will try, thanks
<miles> yea...the ip switched to the static one, but this happened yesterday as well...just wait and see i guess
<lionel> miles: restarting networking does not stop dhcp client (yes, it could be a bug). reboot your server to get everything clear or kill it by hand
<miles> rebooted, seems to be fine, thanks
<nealmcb> miles: cool - and I'm glad to have learned something along the way :-) - thanks lionel
<miles> loves linux <----
<miles> esp. ubuntu
<miles> d
<miles> why did it say i left this server?
<stiV> * [miles]  has quit IRC (Remote closed the connection)
<miles> i didnt do that though...interesting
<ZummiG777> Question: I have a couple of Dell PowerEdge 2400 systems with Perc 2/Si RAID controllers.  I read there that Perc 3 and below were no longer officially supported.  Is this true, and if so is there a method to enable the older drivers?
<miles> I installed apache2 via apt-get, and im having trouble locating document root, does anyone know the default folder?
<stiV> miles: /var/www
<ZummiG777> miles: It is usually /var/www
<miles> ahhh....yes, i was looking in /srv/www
<miles> htanks
<miles> thanks
<miles> clea
<soren> miles: Not you. [miles] 
<soren> miles: "[miles] " != "miles"
<miles> o..my bad
<miles> im in the process of setting up a lamp stack, got all the components, i have a test.php page, when i go to the url, my browser tries to download the file rather than interpret it
<miles> im guessing i need to config php.ini and tell it where server root is?
<mralphabet> is php installed?
<miles> yes
<mralphabet> then your http config probably doesn't know about it
<miles> yea i was thinking that might be the second option
<mralphabet> php doesn't care where your document root is
<miles> see, now i am use to configuring apache via httpd.conf, but since switching to ubuntu-server, its kind of different to me
<miles> i am supposed to modify apache2.conf, correct?
<stiV> jep /etc/apache2/apache2.conf is the thing you seek ;)
<miles> yea looking at it now...
<miles> is the php "on/off" switch in that file or in mods-enabled folder?
<mralphabet> go to /etc/apache2/
<mralphabet> do "grep -R -i php *"
<mralphabet> you should get stuff on the mods-enabled folder
<mralphabet> if not, php is not installed right
<mralphabet> if so, restart apache
<mralphabet> and do your test again
<miles> yea i got that stuff
<miles> i also renamed test.php to index.php
<miles> restarting apache...
<miles> nope, going to index.php makes firefox open up a "save as" dialog for the file
<miles> i DL'd the lampp stack via tasksel
<miles> you know, im running subversion on the same apache server, is that a possible interference?
<miles> is anyone here running a lamp server?
<miles> that can assist me in configuring php5
<stiV> !lamp
<ubotu> LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<miles> im downloading xampp, taking a look at their config files and going from there, ill check out that link right now, thanks a lot
<miles> ahhhhhh thanks a lot stiV, i used tasksel to get the stack, but i guess it doesnt get the libapache2-mod-php5 package for you
<miles> everything works fine now
<lousygarua> after installing mediawiki thru synaptic - how can i create antoher wiki on the same server?
<lousygarua> i can d/l the medaiwiki tarball and start from there but if mediawiki updates it won't auto-update all of my wiki's from apt-get update
<miles> can someone tell me how to enable samba-swat?
<miles> !swat
<ubotu> samba is is the way to cooperate with Windows environments. Links with more info: https://wiki.ubuntu.com/MountWindowsSharesPermanently and http://help.ubuntu.com/ubuntu/serverguide/C/windows-networking.html - Samba can be administered via the web with SWAT
<miles> does anyone know how to enable swat?
<Nafallo> I think you need to call FBI and tip them or something like that.
<miles> srs?
<Nafallo> never mind me :-)
<lionel> miles: apt-get install swat ? :)
<lionel> miles: it is not enabled after that?
* lionel has not installed swat for a long time
* miles miles returns from server room
<miles> woops
* miles returns from server room
<miles> there
<miles> yea swat is installed
<miles> i dont know about enabled...it is in the inetd.conf
<miles> file
<lionel> miles: try to point your browser to http://server:901
<miles> i switched my ports.conf to listen on port 901 for apache
<miles> apache stuff shows up when i do that
<miles> when i enable "Listen 901" in ports.conf (apache) i can at least run nmap on localhost and it says port 901 samba-swat is open
<miles> that i my logic behind doing that
<miles> otherwise, http://localhost:901 cant be reached
<fernando> hi mathiaz. After fixing watch files, I need to upload to revu?
<lionel> apache should not liste on port 901
<miles> yea...
<lionel> fernando: I think a debdiff attached on launchpad is the best place
<miles> i have swat listed in /etc/services and /etc/inetd.conf
<fernando> lionel, ok
<lionel> did you try to kill -HUP inetd ?
<miles> no, but i ahve rebooted the machine
<miles> and still nothin
<miles> everything online says make sure inetd.conf is set up
<miles> which it is...i dont realy know what inetd.conf is, so im going to go read up on it
<miles> !inetd
<ubotu> Sorry, I don't know anything about inetd - try searching on http://bots.ubuntulinux.nl/factoids.cgi
<miles> !inetd.conf
<ubotu> Sorry, I don't know anything about inetd.conf - try searching on http://bots.ubuntulinux.nl/factoids.cgi
<miles> sorry for the spam
* Starting logfile irclogs/ubuntu-server.log
* ajmitch really hopes that the server team meeting times don't stay at 15:00 UTC permanently
<fernando> 15:00 UTC is my lunch time  =(
<ajmitch> it's 3AM for me
#ubuntu-server 2007-07-18
* Starting logfile irclogs/ubuntu-server.log
<wintermu1e> anyone know much about routing in linux?
<foo> wintermu1e: Just ask ...
<wintermu1e> ok, anyone know how to have linux dynamically determine which interface to send out packets on for a box with multiple nics all on the same subnet, but where some of the nics may not be plugged in?
<wintermu1e> but the non-plugged in nics could be up and configured
<wintermu1e> or where the place to look for an answer to this might be
<lamont> wintermu1e: sounds like a bonding question
<lamont> or see the kernel docs on multiple routing tables
<wintermu1e> lamont: thanks, hadn't occured to me that bonding might work
<lamont> wintermu1e: traditionally, you get one NIC per subnet, and the choice of which interface to send packets out is based purely upon destination IP
<wintermu1e> lamont: yeah, and it seems that the normal routing doesn't support anything other than that model (you can have two interfaces on the same subnet, but the packet always goes out on the same interface)
<lamont> as it should. :-
<lamont> _
<lamont> :-)
<lamont> damn keyboard
<lamont> the advanced routing tables let you add more things to the selection criteria
<ScottK> BTW, in case any one is interested I'm working on merging dkim-milter 1.2 from Debian with Ubuntu specific stuff (like /var/run is a tempfs).
<ScottK> It's also late here and so I'll finish tomorrow.  Good night.
<wintermu1e> lamont: where is the advanced routing doc?
<lamont> http://lartc.org/ looks promising
<lamont> google: linux advance routing howto
<wintermu1e> thanks
<ScottK> soren: Are you around?
<dendrobates> ScottK: soren is out, can I help?
<ScottK> On Bug #105225, my suggestion would be that if your testing indicates the fix does not harm, upload it to dapper-proposed and let the reporter install/test it from there.
<ubotu> Launchpad bug 105225 in mysql-dfsg-5.0 "'flush tables with read lock' causes mysql server to deadlock" [Undecided,Fix released]  https://launchpad.net/bugs/105225
<dendrobates> bug 125850
<ubotu> Bug 125850 on http://launchpad.net/bugs/125850 is private
<ScottK> dendrobates: Just wanted to follow up with him thee above mysql bug.
<ScottK> No rush.
<dendrobates> He should be back in a couple hours.  Also mathiaz does a lot of work with mysql bugs.
<ScottK> dendrobates: It at least slightly interesting that without security permissions I can tell you were trying to look up a security issue in linux-source-2.6.15
<ScottK> That strikes me as a slight, but unnecessary information leak.
<dendrobates> ScottK: I think that is alright, it's the comments that are private.  From a support customer.  Can you see those?
<ScottK> No, just the package that the bug is in from the LP url that redirects to.
<ScottK> Ah.
<ScottK> I think it would be slightly better to do the permissions check before executing the redirect.
<ScottK> But I'm paranoid.
<dendrobates> create a bug againstr launchpad, and see what they say, I am inclined to agree with you, but I am paranoid as well.  :)
<ScottK> I'll do that.
<eikke> any reason libapache2-mod-security isn't in feisty?
<ScottK> Probably because no one packaged it.
<ScottK> I don't see that in any Ubuntu release.
<ScottK> Nevermind.  I take that back.
<ScottK> It was removed, I'm not sure way.  Generally they don't do that randomly.  At a guess from hints I see on Google, I'd expect a licensing issue.  Not sure.
<eikke> ah, so should be possible to package it myself?
<lionel> It was removed for a licensing issue yes
<lionel> and same for Debian
<eikke> bummer, I like it
<fernando> moin all
<soren> ScottK: I'm around now.
<ScottK> soren: Did you see my comments in the backscroll?
<soren> ScottK: Ah, yes.
<soren> ScottK: the thing is that the SRU policy also states that there must be some way to verify (by more than one person) that the bug has been fixed.
<ScottK> OK.  That was all I had.
<ScottK> Right.  
<soren> ScottK: So I'll need some way to reproduce it anyway.
<ScottK> Well then I guess ask the reporter for a simplified test case...
<soren> ScottK: That's what I did, wasn't it?
* soren checks
* ScottK thinks so
<soren> I believe so.
<ScottK> Alternatively, publish it in proposed, let the reporter test it.  Leave it there, and then the next time someone complains about the bug, say, "Here. try this."
<soren> For now, the fix is actually in my PPA.
<ScottK> In the mean time, the reporter is happy.
<soren> ScottK: I can't just upload stuff to -proposed, can I?
<ScottK> Are you a core-dev?
<soren> ScottK: Nope.
<ScottK> Acutally it doesn't matter.
<ScottK> You need to have an archive admin ack it anyway.
<soren> ScottK: I wasn't just thinking "will Soyuz let me?", but also if I'm allowed to by policy.
<soren> ScottK: Then I'm SOL. :) pitti is picky about these things.
<ScottK> If it were Universe, you'd go ahead and upload it and wait for the archive admin.
<ScottK> Just wait until it's Riddell's admin day to upload it then ;-)
<soren> He has admin days now, too? 
<ScottK> Yes
* ScottK doesn't recall if Main is different, but there's a wiki page on it.
<[miles] > afternoon guys
<[miles] > anyone know if L7-Filtering is available with Ubuntu Server?
<soren> [miles] : What sort of filtering, specifically?
<[miles] > L7
<[miles] > http://l7-filter.sourceforge.net
<soren> Ah, I though you just meant layer 7 in the generic sense.
<[miles] > :)
<[miles] > we could do with trying it out on some of our FW's
<[miles] > which are either 6.06 or 7.04
<soren> [miles] : I see no indication that we support that. Sorry.
<[miles] > ok np
<[miles] > I can compile the source and try it on new installation
<[miles] > thanks anyway
<soren> [miles] : You could file a bug about its absence?
<soren> [miles] : Against linux-source-2.6.22 and iptables (just one bug, but against both of them)
<ScottK> soren: Wouldn't it be a needs-packaging bug?
<soren> ScottK: I don't remember what the criteria are for that.
<[miles] > would'nt class it as a bug anyway 
<[miles] > personally
<soren> ScottK: It involves a patch to the netfilter code in the kernel and a patch against iptables..
<soren> [miles] : Wishlist bug, surely?
<[miles] > well
<[miles] > thats not 100% true
<[miles] > about kernel patching
<[miles] > there is two options
<[miles] > kernel, as you say
<[miles] > and user space
<[miles] > which they say is the planned default method of filtering
<[miles] > http://l7-filter.sourceforge.net/README (Very bottom)
<[miles] > Userspace version
<soren> Ah, sorry. I didn't notice that.
<[miles] > jeje np
<[miles] > I hate reading websites too
<ScottK> [miles] : Any experience or interest in doing Debian packaging?
<[miles] > wow, we have a lot more nicks in here than ever, 62
<[miles] > nice
<[miles] > is Ubuntu Server becoming more popular or what
<[miles] > :)
<[miles] > ok, their dropping like flies
<[miles] > :)
<soren> Ah, yes, the userspace version sounds like what we want.
<ScottK> If [miles]  is interested in packaging it, I'm sure someone over in #ubuntu-motu would be glad to help him do it.
<[miles] > ScottK: I must read up on packaging actualyl
<[miles] > my work load is immense atm tho :-|
<[miles] > and in the evenings, it so hot out here, I can't really be bothered sitting at a keyboard 
<ScottK> If you are interested in deploying this package, it'll be easier for you to deploy it with your own Debian package even if it's not uploaded.
<ScottK> So it'll save you work.
<[miles] > yeah I agree
<[miles] > I know how to package RPM's
<[miles] > cos I worked with SuSE for many years
<[miles] > but not really .deb's
<[miles] > I will get round to looking into it tho
<[miles] > promise
<[miles] > :)
<[miles] > lionel: won't I :-)
<ScottK> Well genericly the stuff in a spec file goes in a debian directory, but there's more to it.
* [miles]  nudges lionel cos he's so god damn quiet
<ScottK> Maybe lionel will package it.
<[miles] > ;-)
<[miles] > http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
<[miles] > I have had sooooooo many crashes in FF, it's unreal
<[miles] > never have I know so many, now that explains it
<[miles] > right, im heading home
<[miles] > see u 2moro
<[miles] > ciao
* ScottK stands up and runs around the room cheering!
<ScottK> I got dkim-filter working with Postfix.
<lamont> awesome
<lamont> any postfix changes needed?
<ScottK> No.
<ScottK> The dkim-filter package in Debian works.
<ScottK> You have to set some options to work with Postfix, but other than the normal stuff to config Postfix to work with a milter, no.
<lamont> ScottK: wietse was pretty proud of his sendmail developer's award
<ScottK> Rightfully so.
<lamont> and lazily so, too.  implementing sendmail-milter support in postfix relieves him of doing milter-esque stuff to postfix
<lamont> very smart move
<ScottK> Why in the world would dkim-filter sign the user-agent header by defult?
<ScottK> Now if he'd just add Mail From rewriting via the milter interface I'd be satisfied.
<ScottK> Key point...  dkim-flter signs the received headers too, so you need to call the milter after the last time Postfix has recieved it or the signature fails.
* lamont diiscovers that dhcp3-client has a non-debconf input (re it's file moving) in gutsy, that dist-upgrading from dapper triggers.  that's not love.
<lamont> I mention it here, since it's a server install I'm hitting it on... :0)
<ScottK> lamont: That'll be something that needs to be dealt with for LTS to LTS+1 upgrades then.
* ScottK re-reads the milter readme.
<lamont> Configuration file `/etc/initramfs-tools/initramfs.conf'                        
<lamont> *** initramfs.conf (Y/I/N/O/D/Z) [default=N]  ? 
<lamont> ouch
<ScottK> That or I messed up my key record....
<hansin321> I just wanted to say that I love the keep it simple design aspects of Ubuntu Server, and how it installs a basic server and leaves the rest up to the user to decide what else they want to install/ports to open, etc.  I guess I was just looking to clarify if this design philosophy is something that Ubuntu Server will try to adhere to going forward.  I am hoping so, because it is a really cool install 'out of the box' compared to
<mralphabet> hansin321: yes
<hansin321> mralphabet: Thanks.  I am glad to hear that, as I really like the approach Ubuntu Server has taken.
<soren> hansin321: That is likely going to keep being the default install, yes.
<soren> hansin321: Other options will be added, though-
<hansin321> soren: Sure.  Kind of like the 'Install LAMP server now' scenario?  But for other things?
<soren> soren: Something like that, yes.
<soren> hansin321: ^^
<ScottK> Well I think I got the Ubuntu specific needs for dkim-milter/dkim-filter sorted out.  Just doing a Gutsy test build and then I'll upload it.
<hansin321> Thanks all.  I enjoy 'listening' in on the chat traffic and getting a sense of where things are headed.
<ScottK> lamont: The DKIM Milter is uploaded.  If you are interested, you can either ask pitti or Mithrandir to pretty please accept dkim-milter 1.2.0.dfsg-1ubuntu1 or just wait until after Tribe 3 releases.
<lamont> what had to change from debian?
<lamont> and after tribe3 is fast enough, I expect... 24 hours and all that
<BFTD> On a remote terminal, how do I enter a command and then close the terminal without killing that process/command I started in it?
<mralphabet> &
<mralphabet> I think
<BFTD> ?
<BFTD> oh
<mralphabet> some command &
<BFTD> so like "& <command>"?
<BFTD> ok
<mralphabet> if you run bash that puts it into the background, though I don't know if the session close kills it
<mralphabet> alternatively you could use screen
<BFTD> I want to compile a kernel, which'll take about 5 hours on this system, but I need to do it over a slow internet connection
<ScottK> lamont: Mostly I added a test for the PID dir and to add it if missing to the init (since var/run is a tempfs) and changed the default config from a Unix socket to TCP localhost port 8891 to it'll work with or without a chroot and no fiddling.
<ScottK> lamont: Also I added info on Postfix integration into README.Debian.
<mralphabet> BFTD: use screen
<lamont> ok.  so mostly stuff that  needs to be in a debian bug report.  cool
<mralphabet> !screen
<ubotu> screen is a terminal multiplexer. See http://www.kuro5hin.org/story/2004/3/9/16838/14935 and http://en.wikipedia.org/wiki/GNU_Screen
<ScottK> lamont: None of what I changes is actually wrong for Sendmail on Debian though.
<ScottK> changes/changed
<lamont> ScottK: true enough, but creating /var/run directories is just a good thing to do in the init.d script, regardlesws
<ScottK> So I should file a bug in BTS on that you think?
<lamont> looks like two severity: wishlist bugs for debian: one for pid dir, and one for localhost switch for chroot happiness
<ScottK> The localhost thing is already allowed for in the supplied config file, it's just not default.
<ScottK> Maybe ask to have it switched to the default for broader compatibility.
<BFTD> hrm, I have ftpd-server installed, how do I ftpd into my server though!!
<BFTD> it tells me connection denied
<lamont> BFTD: I expect it wants to be configured first...
<lamont> I've never used that package though
<mralphabet> BFTD: use sftp
<BFTD> mralphabet isn't sftp like ssh+ftp?
<ScottK> BFTD: Generally, yes, but you don't need to install/configure any extra packages to do it.
<BFTD> hrm
<ScottK> ssh + ftp - plain text passwords and data streaming across the internet and a few other details.
<lamont> ScottK: I use vsftpd wherever anonymous access is desirable
<ScottK> lamont: I'm going to wait on filing bugs and such until I get my licensing questions (see ubuntu-devel) resovled.
<J-_> http://paste.ubuntu-nl.org/30379/ any ideas?
<ScottK> Do you have php-db installed?
<J-_> ScottK: No, should I install it?
<Innatech> is there a .deb of the binary Intel Pro NIC drivers maintained anywhere?
<ScottK> J-_: I know very little about php, but that looks like you are missing a package.  There is a package with php-pear stuff in it.  I think it's php-db, but I'm not sure.  I'd recommend you do some research.
<J-_> k thanks
<J-_> it's a php pear database abstraction layer
<nealmcb>  /join #ubuntu-bugs
* nealmcb . o O (leading space?)  :-/
<soren> Innatech: Not that I know of, no.
<Innatech> soren: thanks. 
<Burgundavia> hey soren
<soren> Burgundavia: Ahoy.
<nealmcb> ScottK: are there forwarders that change user-agent?  that would seem odd.
<nealmcb> but of course much of the world of email is complicated enough to be "odd" :-)
<ScottK> I have no idea.  I have even less idea why someone would care.
<Innatech> does apt-get have an option to include recommends w/o changing its .conf?
<ScottK> I don't think so.
<Innatech> yeah, OK. 
<Innatech> thx. 
<ScottK> Of course you should also keep in mind that I think lots of things that turn out not to be true;-)
<soren> Innatech: apt-get -o APT::Instll-Recommends ought to do it?
<soren> Innatech: The trick being that you have to spell Install correctly, though.
<Nafallo> but correctly spelled
<soren> Nafallo: Quite :)
<Innatech> oh, nice. I forgot about -o . Thanks!
<soren> Innatech: Any time.
* ScottK is glad he posted the caveat.
* Nafallo yawns and think he will go to bed.
<soren> ScottK: *g*
<lamont> ew
<lamont> ScottK: ^^'
<ajmitch> good day
<Taco|king> hey
<ajmitch> soren: I see you stuffed storm into gutsy already
<Nafallo> ehrm
<Nafallo> not my storm I hope :-)
<Nafallo> http://home.nafallo.info/pics/animals/storm.jpg
<soren> Nafallo: That's the one. :)
<Nafallo> :-P
<soren> ajmitch: Yeah. Go me! :)
<ajmitch> yeah
<Taco|king> je looks like a cloud.....thats awesome
<Taco|king> he*
<Nafallo> :-)
<Taco|king> my laptop hates me and linux
<Taco|king> :(
<ajmitch> hm, a section about declining membership for the server team - I probably wouldn't qualify for it now
<ScottK> If you got the message, you qualify.
<ScottK> Since currently the only qualification is to be subscribed to the mailing list.
<ajmitch> nah, it's more than that
<ajmitch> or it should be soon :)
<Innatech> so, the e1000 drivers want the kernel source to compile against. Do I install linux-source or linux-source-2.16.15
<Innatech> or does the former just point to the latter?
<ajmitch> linux-headers-$(uname -r)
<ajmitch> should hopefully be enough for that module
<Innatech> ah, nice. 
<Innatech> thanks. 
<nealmcb> ajmitch: Does server team membership include extra permissions?   What are you thinking in terms of membership requirements?
<soren> ajmitch: Currently, all you get is a shitload of bug mail.
<soren> nealmcb: ^^
<nealmcb> :-)
#ubuntu-server 2007-07-19
<nealmcb> I wonder if it would make sense to split the ldap package/bug mail etc. out to the ubuntu-directory team?
<ajmitch> soren: that's ok, I drink from the firehose anyway
<ajmitch> nealmcb: the ubuntu-directory team is already bug contact for a bunch of these packages
<soren> ajmitch: :)
<ajmitch> maybe in future server team membership could be automatic ubuntu membership
<Innatech> so, modprobe won't detect my Intel NICs, presumably because they're the OEM version. Can I force it somehow? Don't see anything in the man page. 
<soren> Innatech: The driver doesn't detect them? There's always the /sys/bus/*/driver/*/new_id trick. You could try that and if it works, add the pci id's to the module source.
<Innatech> hrrm. Is that procedure outlined somewhere? Sounds like roughly what I need to do. 
<soren> Innatech: I'm looking for some documentation..
<Innatech> thanks. 
<mathiaz> soren: did you try installing using an lvm partition with server cd ?
<soren> Can't find it. "lspci -n" to find the PCI ID. Then 'echo dead beef > /sys/blahblahbla/new_id' as root.
<soren> mathiaz: No, I didn't make it that far. :)
<mathiaz> soren: do you know if it was working ?
* Innatech laughs. Dead beef. 
<Innatech> Thanks again. 
<soren> mathiaz: Nope. I can try right now?
<mathiaz> soren: I'm testing the amd64 cds, and I can't get it work.
<mathiaz> soren: I think it worked once, but I try again and I get stuck.
<soren> mathiaz: Up-to-date ones? It was b0rken the day before yesterday, I think.
<soren> mathiaz: With a clean hard drive? 
<soren> mathiaz: *really* clean?
<mathiaz> soren: I've removed all the partition with fdisk.
<mathiaz> soren: but I wonder if the LVM meta data are still there.
<soren> mathiaz: The guided installer does stuff the same way every time, so if you've just removed the partitions and it creates them the same way again, it'll find the data still there, completely intact. :)
<soren> It works for me in an..
<soren> i386 vmware.
<mathiaz> soren: even if you reinstall ?
<mathiaz> soren: I'm not doing it in a vmware. I'm testing it on a real machine.
<mathiaz> soren: with a real cd.
<soren> mathiaz: Even if you reinstall.
<mathiaz> soren: ok. Thanks - I'll look into erasing lvm metadata from the disk.
<soren> mathiaz: What you're essentially doing is clearing out the partition table (removing the partitions in fdisk), and putting the exact same data back into it again (from the installer). In effect, you've changed nothing :)
<soren> mathiaz: and that is bound to cause confusion.
<soren> mathiaz: A quick pvremove /dev/sda5 is likely to fix it.
<mathiaz> soren: well. I've erased the partition before booting the cd.
<soren> mathiaz: Same thing. 
<soren> mathiaz: It doesn't matter if you reboot in between clearing the part table and putting the data back into it.
<nealmcb> ajmitch: I was confused by seeing openldap2.3 in the server team package report, and now I see that openldap2.2 and openldap2 are in the ubuntu-directory package report.  should 2.3 be moved?
<mathiaz> soren: yop. I understand now. It's a know bug 107205.
<ubotu> Launchpad bug 107205 in partman-auto-lvm "LVM install crashed" [Undecided,New]  https://launchpad.net/bugs/107205
<soren> mathiaz: Heh, the test case fabio mentions is fun.
<soren> mathiaz: It works because the lvm metadata is at the end (IIRC), but that's not touched by the mkfs.ext3.
<mathiaz> soren: that's exactly what I've been doing while testing the cd images.
<soren> mathiaz: Ah, ok. I thought you just retried the lvm one.
<Innatech> OK, so I'm a little lost dealing with the bus and device representations within /sys . Can I just use /etc/sysconfig/hardware to associate the e1000 module w/ the OEM card based on it's PCI ID? 
<soren> Innatech: /etc/sysconfig ? Um...
<Innatech> oh yeah. 
<soren> Innatech: We don't have that in Ubuntu?
<Innatech> long day, sorry. 
* Innatech smacks himself and goes to grab coffee. 
<soren> Innatech: What's the name of the module.
<soren> Innatech: ?
<Innatech> e1000
<soren> Innatech: Then it's /sys/bus/pci/driver/e1000/new_id 
<soren> Innatech: 'echo 1234 fedc | sudo dd of=/sys/bus/pci/driver/e1000/new_id'
<soren> Innatech: Put your vendor_id product_id combo instead of 1234 fedc.
<Innatech> ah, easy enough. 
<soren> Innatech: Not all drivers support it, but a lot do.
<Innatech> I'll go see. 
<nealmcb> soren: cute way to create a file as root without quoting a sh -c echo  :-)
<Innatech> well, I'm not sure if that got me anywhere. I did 'echo 8086 105e | sudo dd of=/sys/bus/pci/driver/e100/new_id' and DD reported the output successfully, but lspci still shows the NICs as unknown intel ethernet devices, and they're not showing up as eth interfaces. 
<soren> nealmcb: "sudo tee" is also good :)
<Innatech> I do see directories for 0000:01:00.0 and 0000:01:00.1 -- which are the addresses reported by lspci . 
<soren> Innatech: lspci will not change.
<soren> Innatech: Check dmesg and output of "ifconfig -a"
<soren> Anyhow, it's 1 am here now, and I've got work tomorrow morning.
<Innatech> soren: it's alive! Where should I send the flowers & chocolates? ;P 
<soren> Innatech: :)
<soren> Innatech: You can fix some of my bugs, and we're even. :)
<Innatech> seriously, thanks much. I would have mucked with that for at least a day or two on my own. 
<soren> Innatech: the new_id trick is hopelessly poorly documented.
<soren> Innatech: You can fix some of my bugs, and we're even. :)
* soren goes to bed.
<ajmitch> nealmcb: only if it'll be useful
<ajmitch> (wrt openldap2.3 & bug contacts)
<leonel> are the plans for another  LTS    gutsy +1 ?
<ajmitch> hopefully, though I don't know if it's been decided yet
<leonel> ok
<leonel> let's see what comes after  gutsy
<nealmcb> ajmitch: offhand, I would think it would be useful to have the same team deal with all the versions of ldap
<ajmitch> as long as *someone* is
<ScottK> Going back to my earlier discussion, if you set up your DNS record correctly, dkim-filter works!
<ScottK> Also sending test messages with an empty body to the test reflectors is problematic.
<wintermu1e> lshw says that my hardware support MII, but mii-tool returns Not Supported error, anyone seen this?
<Burgundavia> soren: you around yet
<Burgundavia> ?
<soren> Burgundavia: I am now.
<Burgundavia> soren: do you have a screenshot of ebox on Ubuntu?
<soren> Burgundavia: They're just like the ones on www.ebox-platform.com.
<Burgundavia> ok, I will steal one then
<soren> Burgundavia: There's a guy who's interested in theming it for Ubuntu, but so far, it's just like upstream.
<Burgundavia> aside from mentioning it has been packaged, anything else interesting?
<Burgundavia> soren: are you able to get me a screenshot with Ubuntu Firefox chrome around it?
<soren> Burgundavia: What's this for?
<Burgundavia> the Tribe3 release notes
<soren> Oh. Would you mind if I see it before you submit it anywhere?
<Burgundavia> it will go on the Tribe3 wiki page at https://wiki.ubuntu.com/GutsyGibbon/Tribe3
<soren> Burgundavia: Alright.
<Burgundavia> soren: worries about too much publicity?
<soren> Burgundavia: Not "worries" per se.
<Burgundavia> given it is pretty raw, i understand
<soren> Burgundavia: I would have just preferred something more complete to present to the hungering masses.
<Burgundavia> welcome to release notes for alphas
<soren> Burgundavia: :)
<madmetal_spyros> hey :)
<Kream> hi all 
<Kream> what's the recommended way to start ntpd at every boot ?
<Kream> /etc/default/ntp does not have anything like NTPD_ENABLE=yes|no
<infinity> Kream: It starts on boot by default.
<infinity> Kream: It will exit if the clock is ridiculously skewed, however (so, you might want something like ntpdate fixing the clock before ntpd starts)
<Kream> all right. 
<Kream> how do i set that up ? something like ntpdate -b pool.ntp.org 
<Kream> so that /etc/init.d/ntpdate is called before /etc/init.d/ntp 
<soren> Kream: IIRC, just install the ntpdate package and it should be called automatically before ntp.
<infinity> If it's not run before ntpd starts, that's a bug.
<infinity> Given that it's run from if-up.d, it better run first. :)
<soren> infinity: Agreed.
<eikke> is there any way to force ntpd to use some ntp server, even if it's got stratum 16?
<soren> eikke: Sure. /etc/default/ntpdate for ntpdate, /etc/ntp.conf for ntpd
<incorrect> i am looking at setting up a firewall
<incorrect> what are the best options these days?
<dendrobates> incorrect: are you looking for a gui to help you?
<incorrect> no
<incorrect> i am not sure if i should use keepalived
<incorrect> or if i could do something similar with fwbuilder and heartbeat
<dendrobates> incorrect if I am not mistaken, keepalived is used for high availibility.
<incorrect> yes
<dendrobates> netfilter and iptables in the kernel are what allow you to create a host based firewall.
<incorrect> i know
<dendrobates> what are you trying to do exactly.
<incorrect> well i have a network, i want to create a firewall for it,
<incorrect> i guess i need to learn more about VRRP
<dendrobates> So you have two machines you want to use as firewalls, and you want to use vrrp to allow failover?
<incorrect> doesn't have to be vrrp
<incorrect> there is the zebra project too
<dendrobates> now I understand.  I have always done this with appliances, but I have heard good things about vrrpd.
<incorrect> err quagga
<incorrect> i have load blancers so keep alived is not really what i want
<dendrobates> you just want state info transferred between firewalls, so if you lose one, you don't drop sessions, right?
<incorrect> bingo
<incorrect> if you know of a good alliance that would be helpful too
<dendrobates> Unfortunately, I have always used firewall appliances for this, but I knew someone who had one cisco pix firewall and used vrrpd to transfer state to a linux box as failover.
<dendrobates> but it looks like it is a abandoned project.
<incorrect> keepalived is a good implementation
<incorrect> what appliance do you use?
<dendrobates> I have used both nokia switched firewalls and most recently cisco pix and cisco asa.
<dendrobates> the nokia's ran checkpoint.
<incorrect> what would you recommend? 
<dendrobates> I liked the nokia's better, but they are very expensive.
<incorrect> i don't like cisco equipment
<dendrobates> usually I didn't have a choice.  
<incorrect> i would have to hire a cisco guy to configure it
<incorrect> fwbuilder might be able to do it for me
* ScottK has a strong aversion to Cisco Pix SMTP Fixup.
<incorrect> they used to say openBSD was about the best things to use for firewalls
<incorrect> err thing
<lamont> ScottK: mine is more of a violent reaction than mere aversion
<ryanakca> ScottK: you were saying you'd like to work with the server team to document setting up the Kolab server?
<ScottK> ryanakca: I was saying I thought kubuntu and server team ought to work together on that.
* ryanakca nods
* ScottK will help, but didn't volunteer to do it all.
<ryanakca> ah, hehe :)
<ryanakca> hmm... maybe get the doc team to help out?
<ScottK> That'd be good.
<ryanakca> Any volunteers willing to help out in setting up/documenting a kolab server on feisty? I can write down the steps, except it won't be exactly "documentation" style
<ScottK> The idea being that there's a synergy here between cool stuff you can do with a Kubuntu desktop and a kolab server running on ubuntu-server.
* ryanakca nods... who's with Kubuntu & doc? nixternal... and jjesse?
<ScottK> nixternal afaik.  Dunno who else.
* ryanakca nods
<ScottK> dendrobates: Do you think this would be something the server team could work on with Kubuntu?
<dendrobates> ScottK: impi linux is using kolab, they might already have this.
<ScottK> What or who is impi linux?
* ryanakca scratches his head
<dendrobates> The only problem I have with kolab is that there is no exchange integration. afaik
<dendrobates> exchange integration is a requirement in many instances.
<ScottK> Sure.
* ryanakca whistles
<ScottK> In this case it's a Kubuntu desktop with Kolab on Ubuntu Server, so it's cool.
<ryanakca> Kolab in the repos is 1.9.4... current version is 2.1
<dendrobates> It certainly sounds worthwhile.
<ScottK> I think mainly what might be needed is some advice an assistance for ryanakca when he hits roadblocks.
* ryanakca nods
<ScottK> Is kolab universe or main?
<soren> no
<soren> :)
<ryanakca> Universe
* soren can't spell :(
<ScottK> Cool.  Then let's update it.
* ScottK being a MOTU we can fix that.
<ryanakca> and eGroupware at 1.2.106-2.dfsg-3 needs updating to 1.4
<ryanakca> ScottK: hmm. do you have commit access to the debian svn? (the sources/etc are all maintained on:
<ryanakca> WARNING: 'kolabd' is maintained in the 'Svn' version control system at:
<ryanakca> svn://svn.debian.org/pkg-kolab/kolabd/
<ScottK> ryanakca: No.
* ScottK figured on grabbing the source package and letting Debian catch up when they catch up.
<ryanakca> shucks... I do suppose we could just send them our copy?
* ryanakca nods
<ryanakca> how would we deal with .src.rpm in packaging?
<ryanakca> (they don't offer .tar.gz)
<ScottK> ryanakca: I'll send it to Debian.
* ScottK will look and see.  With luck it's already dealt with in debian/rules.
* ScottK also notes that there are multiple kolab source packages.
<ryanakca> yep
<ryanakca> methinks that eGroupware would be an easier solution, but might as well update kolab while we're at it
<dendrobates> upstream must have a tar.gz, even if they don'toffer it now.  We should ask.   I can strip off the srpm stuff pretty easily though.
<ScottK> Isn't egroupware one of the server team targets for Gutsy anyway?
<dendrobates> Guys, this is great.  We are actually talking about doing stings in #ubuntu-server.
<dendrobates> instead of the usual - *my apache doesn't work*
<ryanakca> haha :)
<dendrobates> *how do you know it doesn't work*
* ryanakca twiddles while uscan runs
<dendrobates> * it just doesn't*
<ScottK> ryanakca: What are you uscanning?
<ryanakca> ScottK: so, if eGroupware is one of the server team targets, shall we go for it,
<ryanakca> eGroupware
<ScottK> dendrobates: Who was working on egroupware?
* ScottK has no opinion.
* ScottK just saw a chance for synergy.
<ryanakca> update the package, and write the documentation for it, with Kubuntu integration?
<dendrobates> I wouldn't want to discourage anyone from grabbing something and running with it.
<ScottK> Right.
<dendrobates> ScottK: I don't think anyone at this time.  
<ScottK> OK.  I thought that was on the list.
<dendrobates> worst case it brings us up to date with kolab, best case, we have our groupware solution.
<ScottK> Heh.
<ryanakca> ok
<dendrobates> I think it is on the list, but there are too few of us.
<dendrobates> we can't tackle everything at once.
<jtole> hey guys, I know this isn't a ubuntu specific question but I have to ask, what are some of the best ways for monitoring server performance / usage of hardware, I mean how do you keep tabs on what percentage of cpu is being used regularly percentage of memory, bandwidth etc, I mean besides logging in and running ps 
<dendrobates> My *only* concern about kolab is lack of exchange support.  I would like to talk to canonical's support guys and see what customers are asking for.
<ryanakca> dendrobates: so, I'll try out eGroupware... hmm. upstream now includes debian/... which is identical to the debian/ that Debian created for egroupware-1.2.106-2.dfsg
<ryanakca> dendrobates: ok
<ryanakca> dendrobates: how would we get in touch with them?
<mathiaz> jtole: you can have a look at cricket
<mathiaz> jtole: http://cricket.sourceforge.net/
<dendrobates> I work for Canonical, I can just ask them. 
<ryanakca> ah, nice :)
<dendrobates> morning mathiaz.
<mathiaz> dendrobates: morning rick.
<ryanakca> ScottK: *packaging question* If upstream includes a debian/, I have to contact them and ask them to remove it, even though it's identical to the one we created for the last packaged version?
<jtole> mathiaz, thanks, taking a look now
<ScottK> Uh, what package?
<dendrobates> jtole: I second cricket.  It is used by large companies, very sucessfully.
<dendrobates> brb
<ryanakca> ScottK: upstream's egroupware-1.4.001/ contains the debian/ that we created for egroupware-1.2.106-2.dfsg . Can we use it or no?
<ScottK> You can
<incorrect> i can't make up my mind if i should use ubuntu current or LTS
<ScottK> Generally it's good to ask to have it removed, but not critical.
<incorrect> LTS already kinda lags
* jtole is still reading over the web page
<ScottK> ryanakca: As long as it's decent (which since we made it, it should be) it's not a huge issue.  The only critical issues is if you have to remove a file from the debian dir.  You have to repack the source to do that.
<ryanakca> ScottK: ok
<jtole> and cricket works on a client server architecture of sorts, I mean like I said, there is a fair number of computers in need of monitoring here and I would kinda like a collective way to view them all from one location
<ryanakca> hmm.. nope. they modified debian/control to add some dependencies
<ScottK> That's fine
<ScottK> You can probaby assume they didn't do that randomly.
<ryanakca> ok.
<ScottK> Just make sure we have all the depends.
<jtole> ok, now I am still setting it up and reading about it etc but I have installed cricket via apt-get at the moment and I am not entirely sure how I access the cgi of it unless... ah heck, I will start reading over apache config files
* ryanakca nods
<ryanakca> ScottK: ok. I'm confused, mind giving me a bit of advice on if I should use the old debian control, upstream's control, or a mix of the two? (diff, upstream's, old debian, http://pastebin.ca/626244 )
* ScottK looks
<ScottK> Remove the php4 stuff.  We don't ship php4 anymore.
<ScottK> You will also need to remove apache as we only do apache2 now.
* ScottK thinks the perl depends should be ${perl:Depends}, but may have been doing to much python packaging recently.
<ScottK> ryanakca: Other than that it looks not insane.
<ScottK> So I'd take the upstream one (which has changes for the new version) and do the above to it.
<ryanakca> ok
<ryanakca> thanks :)
<dendrobates> I'm back
<dendrobates> At least for a while.  My wife is have her mothers of twins play group at our house today.
<dendrobates> 7 moms + 14 babies = -1 Rick's
<ryanakca> haha :)
<ScottK> Ah.  Very quiet here.  15 year old is not awake yet (even though it's 11AM here), 13 year old is at camp, and the 4 year old and her au pair are at the zoo.
* ryanakca feels young
* soren too
<dendrobates> soren: it'll be soon enough for you.   
<soren> dendrobates: True.
<dendrobates> they usually follow closely behind a wedding.  Sometimes mere days:  :)
<soren> dendrobates: They won't be 15 or 13 years old for a while though. :)
<dendrobates> unless you adopt.
<soren> Nah, if they're that old, it's too late to train them to do dishes and shit.
<ScottK> Dream on.
<soren> I'm not saying that it'll necessarily work if they're younger. I'm just completely SOL if I don't get them until they're teenagers.
<incorrect> i am looking at running up some virtual servers,  i've played with vmware, and that is ok,  but is there anything else of interest? 
<ScottK> dendrobates: What is your srcrpm to orig.tar.gz magic?
* ryanakca wonders if there's a way to automate comparing the debdiffs for all the files in debian/ to their original, and then deleting the .debdiff if there's no difference
<`6og> i'm copying lots of email into an imapd (courier). is 90%cpu usage usaual? the mail client is evolution
<ScottK> If you have them unpacked, diff -ruN will get you the same result as the debdiff.
<soren> incorrect: Depends. VirtualBox is pretty neat and exists in a GPL version.
<soren> incorrect: qemu also works rather well with kqemu.
<ryanakca> ScottK: I have all the .debdiffs in debian/ along with upstream's original files. And most of the debdiffs are exact copies of upstream. I'm trying to delete all the copies...
<soren> incorrect: xen seems to work for a lot of people.
<incorrect> how about running 64bit OS's
<ScottK> Ah.
<soren> incorrect: qemu AFAIR still has issues with that.
<soren> incorrect: The others should be fine, I think.
<soren> incorrect: I've never used Xen, though. I'm not sure about that.
<incorrect> xen didn't seem to have an amd64
<soren> incorrect: "Support for x86/64 is available since Xen 3.0."
<soren> incorrect: From the Xen FAQ.
<incorrect> i wonder if it just hasnt been packaged
<soren> incorrect: E.g. xen-image-xen0-2.6.16-11.2-generic has existed since edgy?
<soren> incorrect: (that's an amd64 image)
<ScottK> ryanakca: What arch is your server going to be?
<incorrect> fair enough
<ryanakca> ScottK: I think 386... the server itself is 64bit, but I don't have anything to build the updated 64bit packages on
<ScottK> OK.  
<ryanakca> ScottK: (other than waiting a couple days to get it built on the Ubuntu buildd)
<ScottK> I can build you i386 packages for testing the kolad updates.
* ryanakca nods, please
* ryanakca is going to go for eGroupware for the production install (for K-D), since it's also part of Ubuntu Server's goals.
<ScottK> OK.  Then maybe I'll quit expending effort on Kolab.
<eikke> soren: doesnt work
<eikke> Server dropped: strata too high
<ryanakca> ScottK: ok
<soren> eikke: ntpdate or ntpd?
<eikke> ntpdate
<eikke> I'd like to have continuous updates through ntpd too, though... problem is I can only access one ntp server
<eikke> its like this: I got an ntp server on my gateway which does work (afaik), now I want all servers in dmz to sync against that one
<eikke> not one-shot at bootup, as some of them tend to drift quite easily :s
<ryanakca> ScottK: know of any php person that I could ask about commenting out certain parts? example: http://pastebin.ca/626277
<soren> eikke: Sorry, got to run for a couple of hours.
<eikke> np :)
<ScottK> ryanakca: What's the question.
<dendrobates> eikke: ntpdate is deprecated
<ryanakca> ScottK: should I leave it commented out, as done by upstream, or uncomment it as done by Debian
<ScottK> In general, I'd tend to follow Debian, but I know nothing about php.
<ryanakca> same here.
<ryanakca> hm
<eikke> dendrobates: I dont want to use it anyway :)
<ScottK> This is probably not a bad place to find someone who knows about PHP and LDAP though.
<eikke> dendrobates: I just want to force ntpd to get the time out of my gateway, whether it likes its stratum or not
<ryanakca> Umm... anybody knoweldgable about PHP & LDAP, should I leave it commented out, as by upstream, or uncomment in, as by Debian? http://pastebin.ca/626277
<dendrobates>  eikke: ntpd -q should behave like ntpdate, and might ignore the stratum stuff.
<eikke> dendrobates: but then I got to execute that command periodicly?
<dendrobates> Yes, in a cronjob, which I consider preferable. 
<ryanakca> ScottK: erm. Does Ubuntu have an AUP/Security Policy for using it's servers/etc that we could copy over, or would we have to write one up?
<ScottK> Dunno
<ryanakca> hmm... ask someone on the CC or in #canonical-sysadmins ?
<ryanakca> (I don't know who knows what, so I'm kindof hopeless when it comes to HR in Ubuntu)
<dendrobates> I'm sure there is an AUP for canonical systems, but why would you copy that?
<eikke> dendrobates: watching tcpdump on my gateway shows activity, but the client log says "no reply, clock not set" after ntpd -q -n -g
<dendrobates> eikke:  What does your /etc/ntpd.conf look like?
<dendrobates> sorry ntp.conf
<ryanakca> dendrobates: *shrugs* to be safe? I've been reading Network Security first-step by Cisco, and the main reason of having an AUP/General Policy is to "Be Safe" in case something ever does happen... mind you, it's only open to Kubuntu Members, so we'll probably never use it.
<eikke> dendrobates: http://pastebin.com/d3599fa7f
<dendrobates> The AUP would be dictated by the policy of the company/organization that runs the system.
<ryanakca> dendrobates: but, then, there's always "inheritance" (*searches for the exact term*)... anything done on the server is the SysAdmin's/Companies fault. If the system isn't secure and someone does something 'malicious' using it, it would be the organisation's fault for not properly securing the system, and they would get the blame... at least that's what I understand from that particular chapter. 
<ryanakca> "downstream liability" is the word I was looking for
<dendrobates> The GPL takes care of liability.  We could include an example of an AUP, though.
<dendrobates> eikke: does smoke.dmz.vtk.ugent.be respond to a ntpdate request?
* ryanakca nods. So, even if the server is publicly used (by Kubuntu Members & certain Ubuntu members), the GPL would take care of all the liability facing the actions of those users?
<eikke> dendrobates: yes, but when running it in debug mode, it says "Strata too high, dropping server"
<dendrobates> It would be up to whoever runs the server to create an acceptable use policy according to their own policies and regulatory requirements.
* ryanakca nods. That being me (who runs the server), hence my asking if there was one premade that I could use, or if I should just modify it from http://www.sans.org/resources/policies/Acceptable_Use_Policy.pdf?portal=5669fd686a0004e05c1713bae9687272
<dendrobates> An AUP should exist, but Ubuntu should not provide it. 
<ryanakca> If Ubuntu has one that's "standard" for it's own servers (not the end user's, but Ubuntu itself as an organisation), I should use it.
<ryanakca> (not in the package, but for the one I'm setting up for kubuntu-devel)
<dendrobates> Are you doing this for canonical?
<dendrobates> is this official?
<ryanakca> dendrobates: https://lists.ubuntu.com/archives/kubuntu-devel/2007-July/001802.html . "Official" no, but I've had good response on the k-devel ML, Hobbsee's for it, and Riddell is for it, and elmo knows about it.
<dendrobates> It's up to you then.  Most network security books have examples, and it is important to present your AUP at login.
* ryanakca nods.
<munckfish> mathiaz: Hello
<mathiaz> munckfish: hi
<munckfish> Hello, do you have a minute to quickly discuss 
<munckfish> lp #106244?
<ubotu> Launchpad bug 106244 in mysql-dfsg-5.0 "CONF Variable in /etc/init.d/mysql unused" [Wishlist,Triaged]  https://launchpad.net/bugs/106244
<munckfish> I won't keep you long cause I need to shut down for the day
<mathiaz> munckfish: ok. Let me check this bug
<mathiaz> munckfish: ok - I see.
<munckfish> I wasn't sure of the process for accepting offer of mentoring
<mathiaz> munckfish: you just need to patch the init script to use CONF instead of the hardcoded filename my.cnf
<munckfish> ok, I have a patch that's no problem
<munckfish> I have applied it to the feisty version and to the current gutsy
<mathiaz> munckfish: ok. You can attach it to the bug
<munckfish> which do you want gutsy version or both?
<mathiaz> gutsy
<munckfish> ok
<munckfish> version number? dch -i just appends ubuntu1 to the end
<munckfish> that ok?
<mathiaz> It won't qualify for an stable release update for feisty
<munckfish> considering such as small change?
<mathiaz> munckfish: yes
<munckfish> really? ok I see
<mathiaz> that's ok - as it's a new release.
<munckfish> once I've done that and if you approve it
<munckfish> what would happen then?
<mathiaz> it'll be published.
<munckfish> ok that's the part of the process that I don't fully understand
<mathiaz> munckfish: do you have a patch for init or debdiff ?
<munckfish> I will upload a debdiff
<mathiaz> munckfish: excellent
<mathiaz> munckfish: attach the debdiff to the bug, and I'll have a look at it.
<munckfish> great, I'll try to do this just now, but I may not get back to this till Monday, I hope you don't mind. It's time for me to switch off you see :)
<mathiaz> munckfish: np.
<munckfish> mathiaz: thx for you time
<munckfish> mathiaz: I have one problem preventing from uploading my debdiff
<munckfish> I have modified only debian/{control,changelog,*mysql.init} but for some reason the debdiff is showing some *.po files has having changed
<mathiaz> munckfish: did you do a debbuild clean before debdiff ?
<munckfish> no but it's was freshly patched from dpkg-source -x *.dsc
<munckfish> I then ran debuild -S
<munckfish> cd ..; debdiff file1.dsc file2.dsc
<ScottK> munckfish: This is common.  Just delete the po file changes from your debdiff before you attach it and all should be fine.
<munckfish> ok will do
<munckfish> any idea why this occurred?
<ScottK> No.  I've seen it before with some packages that have po files, but not all.  Not sure why it happens.
<munckfish> ok I've attached the debdiff, cheers for the help. bfn
<BFTD> http://pastebin.ca/626571
<BFTD> I get that error, how do I update the packages that are in /var/cache/apt/archives ?
<mralphabet> type apt-get
<mralphabet> BFTD: ^^
<mralphabet> BFTD: it will give you all of its options
<coNP> "sudo apt-get update" should do the trick
<BFTD> thats the command I ran when  I got that error
<BFTD> how can I restart apache2?
<BFTD> /usr/sbin/apache2 restart?
<coNP> BFTD: sudo /etc/init.d/apache2 restart
<BFTD> ok
* BFTD makes a note of that command
<BFTD> I'll be using it alot
<BFTD> I noticed that that error makes no really difference, everything gets downloaded and I can still use apt-get
<coNP> you might use reload / force-reload as well
<BFTD> anyone know of some memory intensive cli programs?
<BFTD> command/apps*
<Nafallo> make -j 5000 ? :-)
<Nafallo> fabb_laptop should have some examples ;-)
<dendrobates> 'make -j' without a number will continue forking until it cannot allocate any more memory. 
<ajmitch> morning
<nealmcb> some of the boinc distributed computing apps?  what are you trying to do?
<dendrobates> ajmitch: good afternoon.
<Nafallo> ajmitch: evening :-)
<soren> Heh. My bittorrent client reveals the popularity of the server CD's. It's not all that impressing. :)
<mralphabet> soren: you have your client seeding cd's?
<soren> mralphabet: Yup.
* mralphabet used http to download his
<soren> mralphabet: Yes, the fraction of server CD users using bittorrent to fetch their CD's is likely different from that of the desktop CD's.
<soren> mralphabet: It does reveal an interesting trend, though. :)
* ScottK generally waits until later in the process to upgrade servers and just dist-upgrades them anyway.
<mralphabet> soren: I have a bandwidth limit on my torrents so it was faster to use http
<soren> mralphabet: Your ISP detects that it's bittorrent traffic?
* ajmitch hasn't started fetching the server cd
<soothsayer> Is it considered safe to open the NTP port for UDP incoming? ntpd doesn't act as a server that can itself be queried by default right?
<mralphabet> soren: no, that's a self limitation so it doesn't flood my pipe
<soren> mralphabet: Ah. I've yet to actually saturate my link. :)
<soren> mralphabet: 100 Mbit/s is a lot :)
<mralphabet> soren: I have ~300k inbound and I limit torrents to 200k inbound, http was giving me ~320k so it was going quick
<ajmitch> it would be trivial to saturate mine
<mralphabet> soren: crimeny
<soren> mralphabet: Not at home, though. I have a machine at a co-lo facility for that sort of thing.
<mralphabet> soren: still, it's nice to have a colo
<soren> mralphabet: Very. 
* mralphabet needs to work at an ISP again
#ubuntu-server 2007-07-20
<Innatech> Is there a patch for Quagga yet? https://bugs.launchpad.net/ubuntu/+source/quagga/+bug/48848
<ubotu> Launchpad bug 48848 in quagga "[Dapper SRU]  Assertion failure in OSPF" [Medium,Confirmed]  
<Innatech> grr. :(
<lousygaruserver> hello, i've just noticed that the root's home folder on my server had 0755 permissions
<lousygaruserver> is that known and default? bcoz i thought that /root is a safe place for passwords and keys, which is not readable by anyone by default
<Pumpernickel> Passwords aren't stored in /root, they're in /etc/shadow.
<Michael_T_King> clear
<Eversun> hello is 7.4 good for server?
<Michael_T_King> Heres one for you
<dendrobates> morning all.
<soren> dendrobates: Hi, Rick. You're up early?
<dendrobates> damn babies
<`6og> heh
<`6og> (asking again in hope) - does anyone ehre have experiance with courier imap?
<`6og> i'm wondering about high (90+%) cpu utilisation when copying email from antoehr system
<dendrobates> `6og: it's been a while, but that seems extremely high.  
<`6og> dendrobates, thats what i thought, but felt its worth asking
<`6og> PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
<`6og> 10356 kgoetz    17   0  7800 5468  844 R 85.3  0.3 131:23.17 imapd
<`6og> 85's about as lwo as it gets
<`6og> *low
<dendrobates> do you have the sysstat package installed
<`6og> no
<dendrobates> that package contains iostat and other tools that can be used to record system performance
<`6og> just fixing my sources.list and installing it atm. :)
<dendrobates> might be useful if this as an ongoing problem.  
<`6og> it happens every time i try to copy any large amount of email over
<`6og> large is anything from a few hundred to 35,000, just fyi
<`6og> i wonder if its something to do with the dma/irq bit of my world. the harder i thrash the cpu the slower the network runs (or so it seems to me)
* soren -> lunch
<`6og> later mate
* Starting logfile irclogs/ubuntu-server.log
<jim> I'm having difficulty installing CGI perl module. Any documentation I don't know of?
<soren> jim: Which module and which version of Ubuntu?
<jim> I just want to be able to execute cgiscripts on my Ubuntu Linux 6.06.1
<jim> I thought I only needed cgi.pm
<soren> jim: Apache can execute cgi scripts as it is.
<soren> jim: Depending on your actual CGI scripts, you may need glue code of various shapes and colours.
<jim> soren: I can't execute and don't know why. I am using perl
<soren> jim: Look, to get a helpful answer, it helps if you provide some specific information about: a) what you're trying to achieve, b) what you've done, and c) what happened?
<jim> soren: sorry, let me try. I've installed ubuntu lamp server. php works but perl cgi does not. Perl is installed and I can use it from command line but not from web with cgi
<soren> jim: The information you've given me so far corresponds to calling the IKEA help desk saying "I've bought something from you. I can't assemble it. It's blue." and expecting them to guess which piece of furniture you're trying to assemble and that you tried to stick knob X into hole Y, while you should have poked nail J into hole Z.
<soren> I'm not trying to be offensive, I just find that analogies often make a point come across better. :)
<jim> lol... sorry again
<soren> jim: What's the script? Where have you put? What happened? What did you expect to happen?
<jim> I'm managing server via webmin, and can see other perl modules, but cgi module won't install
<soren> What's the script? Where have you put it? What happens? :)
<soren> And where did you install webmin from? It's not in Ubuntu (we yanked it out long ago).
<jim> The script simply displays its own code and does not execute. It is chmod 755
<jim> is there an alternate to webmin that is prefered?
<soren> You've now answered "what happens".
<soren> What's the script? Where have you put it?
<jim> it is in /home/jim/public_html/cgi-bin
<soren> jim: There's your problem.
<jim> where should they be ?
<soren> jim: By default, random users are not allowed to run arbitrary scripts like that.
<soren> jim: /usr/lib/cgi-bin
<jim> soren:I'll try now
<jim> soren: I've moved the file, now the browser cannot find it.
<soren> jim: How are you trying to access it?
<jim> soren: my-ip-address/~jim/cgi-bin/script.cgi
<soren> jim: You've moved it.. It's at ip-adress/cgi-bin/script.cgi
<jim> soren: my-ip-address/cgi-bin/script.cgi shows internal server error
<soren> jim: Then you cgi script is probably broken.
<soren> jim: You'll find more info in /var/log/apache2/error.log
<jim> soren: Premature end of script headers: env.cgi
<jim> (2)No such file or directory: exec of '/usr/lib/cgi-bin/env.cgi' failed
<jim> soren: above are the error's I've found
<soren> What happens if you type /usr/lib/cgi-bin/env.cgi in a terminal?
<jim> -bash: /usr/lib/cgi-bin/env.cgi: /opt/bin/perl: bad interpreter: No such file or directory
<soren> ...
<dendrobates> edit the cgi script and correct the first line to point to the  correct location of perl.
<soren> jim: " I can use it from command line "
<soren> jim: ?
<jim> soren: Its working now. I had the perl path wrong and of course the file in the wrong place.
<dendrobates> yeah :)
<jim> soren: Thanks for your patience and your help .... !
<soren> np
<jim> soren: what about a webmin replacement? I found webmin here. http://www.howtoforge.com/node/1388
<infinity> webmin is the devil's tool.
<soren> jim: Well, you can get security holes in all sorts of shapes and colours now.
<soren> jim: webmin is great for that.
<soren> jim: But I'm almost sure that's not what you want it for?
<jim> devil's tool ??!!
<soren> jim: But if that's what you want webmin for, you can replace it with a wide variety of stuff. The easiest is probably a compiled version of securityhole.c in your cgi-bin.
<jim> soren: I can remove it and just run from the command line if I have too. 
<soren> jim: I'm trying to use humour to show you that you've asked a question that has no simple answer. I can't tell you what to replace webmin with, if I don't know why you've installed webmin to begin with.
<soren> jim: What are you trying to achieve?
<jim> soren: I only wanted to manage the server remotely, without using command line
<jim> soren: I actually only need it while configuring it and getting it up and running
<soren> soren: "Manage" can mean a lot of things. A combination of http://www.thinkgeek.com/geektoys/warfare/8a0f/ and a simple script can be turned into a clever way to "manage" your power button on your server.
<soren> jim: What *specifically* are you trying to achieve?
<soren> jim: ^^ The power button management system comment was for you too.
<jim> soren: I was only setting up the server so I could learn more about linux and also practice developement of web/php/perl ... etc
<soren> jim: So... When I ask: "What do you want to achieve?", you answer: "I want a webserver, that can interpret php and perl scripts".
<jim> ahh well... yes
<soren> jim: For that, you open a terminal, type "sudo apt-get install libapache2-mod-php5". That installs apache, a php5 interpreter and you already know where to put perl scripts.
<soren> jim: No webmin.
<soren> jim: webmin is the answer to a question noone should ask.
<jim> soren: I'll remove it promptly. thanks
<dendrobates> soren: doesn't ebox answer the same question?
<soren> dendrobates: No.
<soren> dendrobates: Let's play Jeopardy :)
<soren> dendrobates: 'I'll take "Stupid software" for 1000, Alex'.
<dendrobates> soren: sorry, you seem like you need someone to give you a hard time.
<soren> dendrobates: '"Stupid software" for 1000: "This software is a completely useless way to transform a configuration file into a html form"'. BZZZZZTTTTT! "What is webmin?" 
<soren> \o/ I win!
<soren> :)
<`6og> :)
<dendrobates> soren: it's amazing how popular it was 7 or 8 years ago.  until redhat learned the error of it's ways.
<`6og> whats amazing is that its still sort of popular
<soren> ebox asks you questions. Your answers are then turned into a set of configuration file settings, possibly spread out over several packages.
<dendrobates> it comes form commandlinephobia.
<soren> webmin takes the config files from disk, puts a <input type="text" names="foo" />  where you'd normally put stuff into the config file. When you've put stuff in, you click "save" and it writes it back to disk. It's just a retarded, webified, configuration file editor.
<`6og> how many nameservers can you have in /etc/resolv.conf?
<`6og> iirc its unlimited...?
<soren> 3
<`6og> ah ok
<soren> # define MAXNS                  3       /* max # name servers we'll track */
<`6og> is that 3 nameserver+1x search?
<soren> from /usr/include/resolv.h
<infinity> (manpages are good for this)
<soren> You can put more, but they'll probably be ignored.
<soren> infinity: Amazingly so :)
* `6og doesnt have source lying around (he does have man pages though)
<soren> search can have 6 entries.
<soren> All on the same line, IIRC.
<soren> mathiaz: Good morning.
<infinity>               The search list is currently limited to six domains with a total of 256 characters.
<infinity> Really, manpags are good. :)
<infinity> (And yes, it's all on one line)
<dendrobates> welcome mathiaz
<mathiaz> soren: good afternoon
<mathiaz> dendrobates: hi
<dendrobates> I'm finally back on my normal schedule.  damn travel.
<soren> dendrobates: You were remarkably quiet at the meeting yesterday when Colin asked if everyone had gotten home safely :)
<dendrobates> I figured it didn't need repeating.  It's a long story.
<soren> dendrobates: :)
<benlake> anyone running 6.06 and and trying to add a service to logwatch get this error:
<benlake> *** Error: There is no logfile defined. Do you have a /etc/logwatch/conf/logfiles/<service> file ?
<coNP> what do you think about bug 127180
<ubotu> Launchpad bug 127180 in squid "Install squid in chroot by default" [Wishlist,Triaged]  https://launchpad.net/bugs/127180
<coNP> it is a kind of "change default"
<coNP> (bug 127184 is similar)
<ubotu> Launchpad bug 127184 in bind9 "Installing bind9 in a chroot" [Undecided,New]  https://launchpad.net/bugs/127184
<Kamping_Kaiser> i thought bind chrooted itself?
<mathiaz> coNP: In the squid bug, it is suggested that there is the option to install a chroot
<mathiaz> coNP: when installing a package.
<coNP> Kamping_Kaiser: me as well
<coNP> mathiaz: you mean asking the user if she wants it in a chroot or not
<mathiaz> Kamping_Kaiser: I don't think so. You have to configure the chroot.
<mathiaz> coNP: Yes.
<Kamping_Kaiser> hm.
<mathiaz> coNP: but not in the default install.
<coNP> seems fine
<mathiaz> coNP: Just that the package has the ability to install itself as a chroot if the user wants it.
<nealmcb> could someone with the right permissions change this ssh bug from "invalid" to "won't fix" to mirror the recent upstream change?  https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/36907
<ubotu> Launchpad bug 36907 in openssh "scp won't handle remote -> remote file transfers that require password authentication" [Medium,Invalid]  
<mathiaz> nealmcb: done
<nealmcb> mathiaz: thanks!
<jetole> hey guys, I know this is too server specific but since I do run servers and since you guys are smarter then 98% of the people in #ubuntu I have to ask, how do I tell the apt/dpkg system that I don't want it to ever upgrade package X?
<jetole> *is not too server specific 
<infinity> echo "packageX hold" | dpkg --set-selections
<benlake> anyone running 6.06 and and trying to add a service to logwatch get this error: "*** Error: There is no logfile defined. Do you have a /etc/logwatch/conf/logfiles/<service> file ?"
<benlake> the file does exist, BTW
<jetole> infinity, thank you
<mralphabet> benlake: does it have permissions to write to it? does it have the same permissions as the rest of the log files?
<benlake> it has the same permissions as the stuff in /usr/share/logwatch/.. and I'm starting it as root in my testing so it could write to it if it wanted, but I dont think it needs to write anything
<benlake> mralphabet: that answer your question?
<mralphabet> benlake: yes, but it doesn't answer yours ;(
<benlake> mralphabet: :P
<benlake> mralphabet: you have any custom services setup?
<mralphabet> benlake: no
<benlake> mralphabet: and by custom I mean I've pulled it from a 7 box onto my 6.06 :)
<mralphabet> benlake: right, no ;(
<benlake> mralphabet: I have a feeling itll work if I shove it in /usr/share, but ugh
<mralphabet> benlake: hah, probably
<hansin321> I know the server edition used to have a different kernel than regular Ubunut (optimized for server environment).  Is that still the case?
<mathiaz> hansin321: there is linux-image-server
<hansin321> mathiaz: Ok, that is right.  Soemthing was said on a different channel that had me thinking ubuntu server was moving to use the same kernel as plain ubuntu.  Thanks.
<mathiaz> hansin321: I think that -bigiron was dropped a couple of weeks ago.
<hansin321> mathiaz: Maybe that was the issue.  I'll look into it, just out of curiousities sake...
<donspaulding> does anyone know of a way for me to supply a password to sudo from my python script?
<eddie> Is ubuntu - server light weight?
<eddie> or packed with junk?
<donspaulding> yes
<eddie> okay.. *downloads*
<kshahnjd> does ubuntu server come with an sshd? if not could i get a recommendation on what to install?
<donspaulding> it comes with openssh http://packages.ubuntu.com/edgy/net/openssh-server
<kshahnjd> this is a rook question but, how can i get a list of currently installed packages or can someone link me to a basic command list
<kshahnjd> i suppose all debian commands will work
<mathiaz> kshahnjd: yes. all debian commands will work.
<kshahnjd> so, the command 'sudo apt-get install openssh-server' works, but how do I specify to grab the files from another source, like an online repository
<kshahnjd> instead of the cd
<donspaulding> you need to edit /etc/apt/sources.list
<donspaulding> uncomment the online repositories there, but comment out the ones for the CD if you don't plan on keeping it in the drive forever :)
<kshahnjd> so uncomment the 'backports' lines?
<donspaulding> if you want yes.
<kshahnjd> oh nvm, just comment the cdrom lines, there are many repositories defined in the file
<donspaulding> right
<benlake> anyone have some experience with customer services for logwatch in 6.06?
<kshahnjd> an anonymous user in terms of ftp is not a guest user right?
<donspaulding> in what context?
<kshahnjd> like, I disabled anonymous login to vsftpd, and I can't login at all, it won't give me a chance to authenticate
<kshahnjd> so what is an anonymous user then?
<kshahnjd> i've never used a linux ftpd so I'm a bit confused, I use filezilla server on windows
<kshahnjd> *normally
<donspaulding> did you enable local user login after disabling anonymous?
<kshahnjd> no, i'm going to now
<kshahnjd> local users are ones that have accounts on that server
<donspaulding> correct
<kshahnjd> okay, so the admin account, whatever it is, will have a proper authentication
<kshahnjd> nice, it works, beautiful. thanks
<donspaulding> np
<kshahnjd> this is so easy i'm never running a windows server again
<donspaulding> glad to hear it :)  Although they can serve their purpose in large organizations.  I've never seen an OSS product that compares with Active Directory for ease of implementation or management.
* donspaulding ducks before someone shoots
<kshahnjd> I have to install Trac now, but that means python has to get installed first
<donspaulding> hmm, interesting that you should mention that, hold on a second.
<hansin321> eddie: I love the default install.  It is light and you decide at that point what to add.
<hansin321> eddie: With apt-get (or whatever) after you did the install...
<eddie> hansin321.... So its definitly worth it?
<donspaulding> kshahnjd: python is installed by default, have a look at this:http://pastebin.com/f2aad93cc
<eddie> Whats the text based installer like? Complicated?
<eddie> Ah nevermind
<hansin321> eddie: I think so.  I am running it on a 350mhz PII / 392M ram and two NICs.  It is my firewall/gateway and I host some services on it.  I liked it immediately.  I have loaded Red Hat, etc. where it loads tons of junk that I didn't need.  Sure, there maybe be more 'leet' ways of getting the same effect, but for an 'out of the box' experience, I have been very happy with Ubuntu Server.
<kshahnjd> donspaulding: oh wow :)
<donspaulding> It's an outline of getting SVN/Trac installed and creating new projects
<eddie> hansin321: Awesome ... Ill try it later :D
<donspaulding> I based it off of this excellent guide: http://trac.edgewall.org/wiki/TracFeisty
<donspaulding> He has everything there, but it's not arranged very nicely, since he installs and creates a project all at once
<kshahnjd> wow, thank you, probably saved me an hour of fumbling around
<eddie> 500meg disc... nice
<donspaulding> like I said, interesting that you mentioned that, since I'm working on a python script that does all that right now
<kshahnjd> automagically connects all the components?
<hansin321> eddie: Installer is pretty straight forward.  Text based, but nothing too tricky.
<donspaulding> well, creates new projects, the rest of that is all a one time setup, and not nearly as difficult as it looks
<eddie> okay... cheers hansin
<kshahnjd> let me give this a shot
<eddie> hansin321: Does it have ssh server package on the disc?
<donspaulding> good luck
<hansin321> eddie: I can't remember, but if not you can 'sudo apt-get install ssh-server'.
<hansin321> eddie: Also (and someone correct me if this is a bad idea), but I use the 'ubuntu-firewall' program from here: http://rob.pectol.com/content/view/2/1/
<hansin321> eddie: It is just a script I think that allows you to configure it.  I find it is pretty simplistic and works well.
<hansin321> It has a config files that lets you set things like ports to open, if you want to do nat, etc.  I think it just sets all the iptables rules for you, but in a light-weight manner.
<hansin321> eddie: Oh, ssh-server on disk?  Not sure, but very likely.
<eddie> oKAY
<eddie> Okay*
<eddie> yay, 62gb's to copy over the network again :|
<eddie> I have a direct pc-pc connection through an ethernet cable
<eddie> I get about 10/megabytes a second
<eddie> is that good?
<novavision> anyone around?
<novavision> I need some help setting up an ubuntu server with lampp
<Nicke> eddie: That would be 80 mbit/s.. so yes, if the nic's only handle 100 mbit, that's probably good :)
<eddie> Nicke: Okay .. :)
<eddie> Installation time... :p
<kshahnjd> hey donspaulding, so far so good, but i hate running commands if i don't know why they work, I assume chown changes ownership of a file or folder, and the -R appears to be recursion, but what the heck is www-data:www-data
<donspaulding> that's the user and group that you are changing the ownership to
<donspaulding> www-data is the service account that apache runs under
<donspaulding> Windows has a few (poorly utilized) equivalents to service accounts, think of it like IWAM_computername for IIS
<kshahnjd> I see, understood
<kshahnjd> so can I print out a list of users from the shell?
<kshahnjd> and if so, www-data should appear?
<kshahnjd> 'users' just lists me, and me via ssh
<donspaulding> yeah, I'm not sure what the best way to do that is though, I usually just do 'cat /etc/passwd'
<donspaulding> that prints out a list of all user accounts and a good number of details about them
<donspaulding> 'users' lists all user accounts currently logged into the system
<kshahnjd> got it
<eddie> the server installation didnt ask for a password
<eddie> how do I set one?
<kshahnjd> oh, it (trac) wants to use sqlite, no problem if I ask it to use mssql?
<donspaulding> I don't think it works with mssql, sqlite is fine if you're just testing, it comes preinstalled with python and you don't have to do anything to configure it
<kshahnjd> I meant mysql, sry
<donspaulding> oh, yeah, mysql's supported
<kshahnjd> I don't know how to specify the line though
<kshahnjd> they're format is [sqlite:db/trac.db] 
<kshahnjd> [mysql:db/trac.db]  ? :)
<donspaulding> you'll have to look up the syntax for that line on trac's website
<kshahnjd> kk
<donspaulding> should be more like mysql://user@host:port/db_name
* donspaulding says always verify me
<kshahnjd> mysql://root@localhost:3306/trac i guess, let me see
<kshahnjd> i wonder if the db has to be created b4
<kshahnjd> nope :) failed
<eddie> Setting a root password  anyone?
<kshahnjd> uh oh, if I try to initenv again it says does the environment already exist, and so clearly yes it does, but the db connection is screwed up
<kshahnjd> now I gotta modify that setting manual and complete the init
<kshahnjd> eddie: for what?
<eddie> Ubuntu server
<eddie> It didnt ask to set one during installation
<kshahnjd> passwd
<eddie> dont I need to be root to do that though?
<kshahnjd> try it, if not sudo passwd
<eddie> ah yeah
<eddie> cheers
<eddie> "Host key verification failed."
<eddie> damn ssh :|
<eddie> Im such a n00b with it
<donspaulding> heading out now, good luck kshahnjd
<kshahnjd> hehe, thanks, i f*ed myself with the mysql thing
<eddie> does anyone know why I cant connect to my other PC?
<kshahnjd> gotta screw with tracadmin now i think
<eddie> RSA host key for  ********* has changed :|
<lcdd> eddie: ssh is comparing the server's host key against one that you have previously saved. you need to remove the old key.
<eddie> lcdd: How would I go about doing that? o.o
<lcdd> eddie: right next to the error ssh should say which file contains the key
<eddie> okay
<eddie> Add correct host key in...
<eddie> that file ( after that )
<eddie> awesome ... thanks lcdd 
<BFTD> OH CRAP, I just got a kernel panic
<BFTD> VFS unable to mount root partition(0,0)
#ubuntu-server 2007-07-21
<nebuleon> Can anyone assist me with getting 7.04 server to recognize my NIC on installation?
<nealmcb> nebuleon: tell us more.  and check out http://www.sabi.co.uk/Notes/linuxHelpAsk.html
<nebuleon> nealmcb: it simply doesnt recognize my NIC when i install
<nealmcb> nebuleon: try the steps in https://wiki.ubuntu.com/DebuggingHardwareDetection
<wintermu1e> does the interfaces file have support for bonding?
<kshahnjd> mailman or postfix?
<ivoks> are we aware of bug #125471?
<ubotu> Launchpad bug 125471 in mdadm "Booting from a degraded array could be improved" [Undecided,New]  https://launchpad.net/bugs/125471
<ivoks> unbootable system in case od degraded array
<sofval> hello
<sofval> i have 7.4 ubuntu
<sofval> is it good for server with workstation?
<ivoks> you have 7.04 :)
<ivoks> you mean having workstation on server?
<sofval> i have ubuntu 7.4
<sofval> i want her to be the server
<sofval> and my workstations runs xp
<ivoks> sure
<ivoks> but, there is no 7.4 version, only 7.04, which was released in april, 2007. - hence the version - 7.04
<sofval> yeah 7.04
<sofval> sorry
<ivoks> it's ok :)
<sofval> ok
<mralphabet> sofval: you can do whatever you want, it's your machine
<sofval> ok
<sofval> so is it okay to run 7.04 as server?
<ivoks> sofval: yes, there is ubuntu-server 7.04, so i guess it should work :)
<ivoks> otherwise it wouldn't get released :)
<sofval> how to setup static ip to ubuntu?
<sofval> and share internet
<sofval> i have router and switch
<mralphabet> if you have a router, why do you need to share internet through the ubuntu machine?
<sofval> i want ubuntu to manager everything
<sofval> like monitor the clients
<sofval> block the ports
<sofval> block some porn websites
<sofval> and block youtube or other killing bandwidth
<Kamping_Kaiser> sofval, dansguardian ftw
<BFTD> DANSGUADRIAN!!!
<BFTD> yeah
<BFTD> I need to find a windows version of dansguardian
<Kamping_Kaiser> nah, you need an ubuntu gateway ;)
<sofval> ok
<sofval> i quit freebsd
<sofval> its hard for me
<sofval> how to install ubuntu in freebsd box?
<sofval> just insert the disk?
<sofval> and primary reboot to dvd?
<sofval> or cd?
<BFTD> yes
<BFTD> whats wrong with BSD?
<sofval> im tired
<sofval> i dont like it
<sofval> its hard
<ivoks> hehe
<ivoks> don't expect ubuntu-server to be point and click
<BFTD> ubuntu server...I didn't have to do a thing
<BFTD> then again that's what happens when you have someone else set it up
* johnc4510 asks if anyone is around?
<ScottK> !question | johnc4510
<ubotu> johnc4510: Don't ask to ask a question. Just ask your question :)
<johnc4510> ScottK: i have old pentium 166 mmx with 64mb ram 
<johnc4510> can i make a server out of it
<ScottK> Hmmm
<soren> johnc4510: How much hard disk space?
<johnc4510> not asking for support, just is it possible    20gig
<ScottK> Should be able to.
<soren> johnc4510: I think that could work.
<ScottK> Minimum install requirement for xubuntu is 64mb http://www.xubuntu.org/get#requirements
<ScottK> So server should work too I would think.
<soren> I believe I've made Ubuntu work with 32 MB or RAM once. Just for kicks.:)
<soren> So 64MB should be doable.
* johnc4510 says ty all   will play around with
<nealmcb> !memory
<ubotu> A quick FAQ on Memory Management: http://gentoo-wiki.com/FAQ_Linux_Memory_Management For Lubos Lunak's desktop memory usage comparison, see: http://ktown.kde.org/~seli/memory/desktop_benchmark.html
<vas> can someone help me config my hosts file
<vas> I am trying to hook up samba
<nealmcb> no one will know if they can help you unless you tell us a lot more and ask more specific questions.  see http://www.sabi.co.uk/Notes/linuxHelpAsk.html
<nealmcb> Vas ^
<nealmcb> !samba | vas
<ubotu> vas: samba is is the way to cooperate with Windows environments. Links with more info: https://wiki.ubuntu.com/MountWindowsSharesPermanently and http://help.ubuntu.com/ubuntu/serverguide/C/windows-networking.html - Samba can be administered via the web with SWAT
#ubuntu-server 2007-07-22
<eikke> hija
<eikke> I just set up pam_ldap/nss_ldap on some host and configured it. I am able to login, but I got a somewhat strange issue
<eikke> when logging in through SSH, I get /bin/sh as shell. When logging in on a console, I get /bin/bash, as I'd want it
<jbrouhard> same user ?
<eikke> in ldap I got loginShell set to /bin/bash, and getent passwd also shows the correct shell
<eikke> yes
<eikke> I'm quite puzzled, as I only touched the pam.d/common-* files
<jbrouhard> odd
<jbrouhard> well, console is different
<jbrouhard> Uhm.
<jbrouhard> I'm not sure, but aren't login profiles stored in a config file in the users home directory ?
<eikke> I just copied over /etc/skel to the homedir, shouldnt make a difference... using "login" sh isnt started at all, your default login shell as defined by nss should be spawned
<eikke> urgh
<eikke> now it works
<eikke> dont tell me this is some NSCD thingy
<jbrouhard> Dunno, man
<eikke> its the only thing I can think of as I didnt change anything else. Sorry for bothering
<eikke> right, now up to configuring a https based svn server with ldap authentication
<vas> alright
<vas> I am configuring samba on my ubuntu server, I followed the tutorial in the Kubuntu Server Documentation, where I added realm = and KDS =..... but I still cannot find my domain from other computers
<vas> my second line of my hosts file is 192.168.1.204 server1.example.com server1 ... is this sufficient to allow my lan to see my server as a server as a samba server? do I need more config? I have found a couple things on this topic but they vary in this area...
<vas> that or when I add a user (smbpasswd -L -a user1) ... then I typer her password twice it says
<vas> failed to modify password entry for user1
<Tron04> hello! Why are my IDE Drives detected as /dev/sd* when I would expect them to be /dev/hd*? What about DMA then?
<Tron04> Is this something ubuntu specific?
<Kamping_Kaiser> Tron04, SCSI emulation is turned on for all drives
<Kamping_Kaiser> which apparently has benfits, but i dont know them
<Burgundavia> Tron04: it is part of the libata stuff upstream
<fschoep> Sorry to chime in with a question, but a few hours ago my 6.06.1 i386 server almost instantly ran out of memory and swap. Could this have anything to do with the recent iptables / kernel vulnerabilities? I'm pretty sure there was no one on that machine with local privileges and only port 80 (apache2) and 110 (dovecot) are accessible from the outside.
<Burgundavia> if you are concerned, take the computer offline and poke at it
<Kamping_Kaiser> fschoep, do you have any logs which could help you work out what happened?
<fschoep> That's what I did for about an hour, but except for some oomkiller notices in /var/log/messages there is not much to be found it seems.
<fschoep> I can try to search for things interactively?
<fschoep> Most system binaries are all timestamped correctly and no odd login attempts show up.
<fschoep> If the kernel vulnerabilities sound far-fetched, I can indeed try to look elsewhere.
<Kamping_Kaiser> fschoep, check with rkhunter+similar tools. tbh though, if a systems been compromised, the only (sane) way to check it is from a live cd
<fschoep> Kamping_Kaiser: indeed, I'm keeping the old one up just to bridge to a reinstall.
<fschoep> About four years ago I had something similar, which turned out to be a hacked phpBB installation, same symptoms with oomkiller showing up four or five times in the logs in quick succession.
<fschoep> Well, I'll be on investigating this some more during the day while I prepare a stand-in machine. Thanks for the advice.
<`6og> can anyone suggest a good channel to hang out in at 1.30 am?
<`6og> *every* one of my usual chanels is dead :(
<`6og> resending, because i asume it didnt get through last time :|
<mralphabet> it's 1:30 am somewhere all the time
<Nafallo> #ubuntu seems lively, no?
<Bambi_BOFH> anyone here used bind before? i want to setup a dns server for the domain i just got. well, someththing like that.
<ScottK> Bambi_BOFH: Yes.  You can do that with BIND.  BIND is a complex piece of software with lots of knobs, so be prepared to spend time with the documentation and consider buying a book.
<Bambi_BOFH> ScottK, since i'm heading overease in about 27 hours, would doco downloadable off the net be enough to use aes reading material ?
<Bambi_BOFH> (sorry about spelling, that time of night etc)
<Nafallo> bind9-doc includes ARM
<ScottK> Bambi_BOFH: Knowing nothing about your background, it's hard to say.
<Bambi_BOFH> (i'm only leaning to bind because i'm told its The Right Thing, btw)
<Nafallo> well... it is ;-)
<ScottK> But it's certainly a good place to start.
<ScottK> Maybe stop at a good bookstore and pick up a copy of "DNS and BIND" from O'reilly too if you really want to be covered.
<Kamping_kaiser> that might hav eto wait until i get back
<ivoks> every time i thing i understand bind, it surprises me all over again :)
<ivoks> s/thing/think/
<vas> hey
<Kamping_kaiser> hm ivoks is gone
<Kamping_kaiser> vas, hi mate
<vas> hey I have set up Samba onmy server, but when i try to access the share with my mac laptop, I see it in it's rightful Workgroup, and the name comes up correct, but when I click the share to connect it tells me the Alias is gone and I can not find it
<Kamping_kaiser> hm. i dont know about macs
<Kamping_kaiser> is there a way t test if an ntp server is active?
<Kamping_kaiser> half my NTP servers have goen awol (according to ntpq -p ) i'm hoping to test to see if each server is tehre just not in my ntp stuff
<Kamping_kaiser> s/not working with my ntp stuff/
<jbrouhard> not sure if there is a way to test for the NTP itself to be active.. have you logged into the servers and checked to see if NTPD is running ?
<Kamping_kaiser> i dont have logins to the servers, tehy are simply upstreams of my server, which i know have dns entries ( or did when i wrote the config), i cant even guarantee that tehy ahve dns open
<Kamping_kaiser> er, ntp open
<jbrouhard> hmm
<jbrouhard> Try using their IPs instead
<ScottK> Change you ntp server you're looking for to pool.ntp.org and if it gets better it's your upstream.
<Kamping_kaiser> shall i pastebin my ntp config + ntpq -p ? would it help understanding etc?
<Kamping_Kaiser> http://paste.ubuntu-nl.org/30805/
<Kamping_Kaiser> theres the paste, incase it helps
<jbrouhard> I don't know
<jbrouhard> can you use pool.ntp.org ?
<Kamping_Kaiser> +bbs.csie.ncyu.e 220.130.158.54   3 u   61   64  377  352.635  -55.918  22.598
<Kamping_Kaiser> that line is pool.ntp.org
<Kamping_Kaiser> (whatever that is, its the randomly selected server)
<jbrouhard> Which means your client is going out to connect
<jbrouhard> you only have 5 NTP servers being reached, and all your internals aren't working, is that what's being said ?
<Kamping_Kaiser> 5 of my 9 external servers are reached are reached. 1 of my 3 locals are reached (because only 1 is currently configured)
<Kamping_Kaiser> its the 4 externasl that are currently not reached that cause me to worry
<Kamping_Kaiser> 2 of them (ntp1,ntp2.adelaide.edu.au) are brand new (braught online in the last 24 hours), and could have problems, the others i dont know about
<jbrouhard> dunno what to say man
<Kamping_Kaiser> :\ neitehr. thats what 4.20 am does to yo u:|
#ubuntu-server 2008-07-14
<Navop> When asked for primary domaine, must it be a registered domaine, or anything (setting up server)?
<RoAkSoAx> Navop: nope
<RoAkSoAx> not necessarely
<kgoetz> hi all
<kgoetz> i'm trying to use ufw on a gateway system, following the guide at https://help.ubuntu.com/8.04/serverguide/C/firewall.html (under ufw Masquerading). i get the following error when trying to run the http://paste.ubuntu.com/27192/ init script. any suggestions?
<Navop> RoAkSoAx: but is it better being registered
<pschulz01> G'day.. I have a Windows -> linux gateway routing problem.
<pschulz01> Windows is reporting 'no route to host' messages from the gateway, but all my Linux boxes are able to ping through the gw just fine.. including a Linux client running in a VMWARE on Windows.
<pschulz01> I wondering if it a icmp 'do not fragment' windows brain dead type of thing.
<kgoetz> seems my iptables foo is weak :/ i cant even successfully copy+paste out of ahowto and have it work
<kgoetz> i got it suss'ed, the doco isnt clear (imo :))
<levander> Anybody have a recommendation for a good backup program?  One that I can back up the server (which is on a VPS) and back a desktop machine remotely which I've got at home?
<kgoetz> rsync?
<levander> I was hoping for something automated, that was just point and click.
<levander> Looks like bacula and amanda are the two go to packages...  Just gotta figure out which.
<kraut> moin
<uvirtbot> New bug: #248310 in postfix (main) "package postfix None [modified: /var/lib/dpkg/info/postfix.list] failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/248310
<Blinny> I have a backup script in /etc/cron.daily, and /etc/crontab is set to run-parts cron.daily at 1:39AM. However, my backup script isn't beginning until 7:30AM. How should I go about finding out what is causing the delay?
<_ruben> Blinny: you changed that time yourself? since on the box i checked its listed as 6:25am
<yesudeep> I'm getting this error on my ubuntu server installation.  http://pastebin.com/f60f79753
<Blinny> _ruben: Yeah. I have staff coming in at 7AM so I wanted the backup to have a few hours to run before they arrived and needed bandwidth.
<yesudeep> (Re)Installing locales and dpkg-reconfigure locales did not fix the problem.
<Blinny> _ruben: I've manually run all the scripts in /etc/cron.daily, and the only one that doesn't execute quickly is 'apt', which seems to just hang. I'm not sure if it needs arguments.
<yesudeep> How does one fix this?
<_ruben> Blinny: the apt script has a builtin (variable) sleep of ~30 mins
<_ruben> to spread the load on update servers a bit
<Blinny> _ruben: That makes sense.
<yesudeep> The system is running Ubuntu 8.04 LTS
<Blinny> Only files with mode +x are run in /etc/cron.* correct?
<_ruben> guess so, never tried
<Blinny> I do have a set of rsync filters in a file in /etc/cron.daily, but it's chmod'd 600
<_ruben> DESCRIPTION run-parts runs all the executable files named within constraints described below, found in directory directory.  Other files and directories are silently ignored.
<Blinny> Right on.
<Blinny> _ruben: Any suggestions for how to figure this out? I thought about echo'ing out start and end times of every script in /etc/cron.daily so that I'd be emailed more debugging info
<_ruben> Blinny: i'd just create a file in /etc/cron.d/ specifying which script to run at which time
<Blinny> I guess that's an easier way of addressing the symptom.
<_ruben> this way your script's execution time wont be affected by other scripts
<Blinny> Right.
<Blinny> Okay, thank you. I'll keep digging for the cause.
<sommer> yesudeep: try: sudo locale-gen en_US.UTF-8
<ScottK> sommer: These Ubuntu Server book people on the server ML should be hiring you.
<yesudeep> sommer: Awesome.  Thanks :-)
<sommer> ScottK: heh, I like money
<sommer> yesudeep: you're welcome
<ScottK> sommer: Not kidding.
<ScottK> You might even suggest it to one of them.
<sommer> ScottK: ya I'm not against that idea, but I really don't think of myself as a writer :)
<ScottK> Well you would be hugely helpful as a source of relevant and correct facts.  Let the writer make them sound pretty.
<sommer> ScottK: interesting idea, hadn't really thought of something like that... maybe I will send em an email, thanks man
<trakinas> hi guys. im having  troubles with ssh2 not being able to detect and load my keys.
<jdstrand> mathiaz: re bug #247583
<uvirtbot> Launchpad bug 247583 in libvirt "add option to start dnsmasq with a custom configuration file" [Wishlist,New] https://launchpad.net/bugs/247583
<jdstrand> mathiaz: oh, nevermind-- I was thinking you said you wanted hostname, you siad domain name-- nm
<venil> hi, newly installed 8.04 does not respond on ping by its public IP, though is perfectly pingable by local ip;  restart helps for hour or two, but than it stops responding again, any ideas?
<kirkland> jdstrand: bug #248420
<uvirtbot> Launchpad bug 248420 in ecryptfs-utils "please merge ecryptfs-utils_50-3" [Undecided,New] https://launchpad.net/bugs/248420
<kirkland> zul: ^^^
<venil> anyone? i'm new to linux
<kirkland> zul: http://people.ubuntu.com/~kirkland/ecryptfs-utils/
<kirkland> that what you need?
<emgent> kirkland: if you like a can take a look and sponsor it.
<jdstrand> kirkland: ok
<kirkland> emgent: thanks, i think zul had volunteered?
<zul> kirkland: done
<emgent> nice
<emgent> :)
<kirkland> emgent: thanks for the offer!
<emgent> np
<kees> jdstrand: intrepid's vte is here: http://people.ubuntu.com/~kees/intrepid/
<kees> jdstrand: hardy debdiff is: http://people.ubuntu.com/~kees/vte-bold.debdiff
<jdstrand> kees: you're *awesome* :)
<jdstrand> kees: it'll be a few minutes to test intrepid
<kees> jdstrand: heh.  perhaps "nearly-fatally-bored-while-in-chicago"
<jdstrand> kees: isn't that one of the alternate definitions for awesome?
<zul> jdstrand: no its timbuktu
<jdstrand> kirkland: merged
<kirkland> jdstrand: cool, i think zul did it too?
<zul> soren: ec2 domU kernel building for i386 now
<nixternal> any plans on releasing JeOS with a kernel other than the one optimized for VMs?
<delly84> does anyone know anything about client authenticating via ldap?
<delly84> my client authenticates via ldap (i think) and then switches users
<delly84> or maybe logs in as the wrong user
<delly84> i am not sure
<delly84> i have a rather complicated setup, so this might not be the place to ask this sort of question
<delly84> for instance i login via juser and then i end up as kuser in /home/juser
<delly84> for reference kuser is local and juser is a remote user
<delly84> any help would be appreciated
<sommer> delly84: what's the LDAP homeDirectory attribute of juser, and what's the a home directory set to in /etc/passwd for juser?
<delly84> /home/juser
<delly84> yes the homeDirectory attribute is definitely set to /home/juser
<delly84> when i login as juser i end up as kuser in juser's home directory
<sommer> is it correct for both /etc/passwd and ldap?
<sommer> also maybe double check the uid attribute in ldap
<delly84> yeah, i think i messed up the uids
<delly84> hmmm
<kees> jdstrand: success: http://people.ubuntu.com/~kees/intrepid/vte_0.16.14-1ubuntu2.debdiff
<delly84> sommer: thanks for the help, that was the problem
<sommer> delly84: np
 * delcoyote hi
<jdstrand> mathiaz: here are my personal notes for using kqemu: http://paste.ubuntu.com/27322/
<jdstrand> mathiaz: the wrapper script is obviously a hack, but I tlaked to soren and there may be something better we can do in the future.  that said, it works
<mathiaz> jdstrand: great - I'll look into that
<mathiaz> jdstrand: about bug 130238 - should it be close now that there is an apparmor profile ?
<uvirtbot> Launchpad bug 130238 in openldap2 "OpenLDAP chroot by default" [Undecided,New] https://launchpad.net/bugs/130238
<kees> jdstrand: kqemu rocks
<jdstrand> mathiaz: I believe so, yes. apparmor effectively isolates the process much like a chroot
<jdstrand> kees: :)
<kees> kirkland: the "no-degraded" option should maybe be called "no-unexpected-states"
<kirkland> kees: i can see that
<jdstrand> Koon: do you need me to sponsor the intrepid dnsmasq?
<Koon> jdstrand: I need someone... mathiaz proposed to look at it, so sync with him
<mathiaz> jdstrand: you can go ahead with sponsoring
<duiu> I am currently (as in right now) installing Ubuntu Server. I have an 8.7gb IDE install drive, and then two SATA 1 TB drives. I am planning on backuping up the first SATA drive onto the other by doing a clone with 'dd' and then using rsync in cron. The first SATA 1 TB drive I setting the mount point to /srv because it will be used as a fileserver.  What should I mount the second SATA 1 TB drive to?
<duiu> Should I just use any folder (such as /media/1TBbackup)?
<kirkland> duiu: I use /backup
<duiu> ok
<duiu> but I can use anyfolder? I shouldn't mount both to /srv or not mount one at all?
<kirkland> duiu: i'd use a RAID1, personally
<duiu> my processor's not good enough :(
<duiu> 1.9ghz AMD Semperon single core
<kirkland> duiu: ?  for RAID1?  there's very little processor overhead for RAID1
<duiu> really?
<kirkland> duiu: I used an P3-800MHz for a 1TB RAID5 for years
<duiu> oh
<duiu> I was told by someone on the forum my hardware wasn't good enough.
<kirkland> duiu: their on crack
<duiu> hah
<duiu> is there a ubuntu wiki on how to do this?
<kirkland> duiu: not sure... the mdadm man page is pretty good
<duiu> so I'd set the 1TB drives to "use a physical volume for RAID" and configure mdadm after the install?
<jdstrand> Koon: the debdiff for bug #247598 looks good but needs some whitespace adjustments in debian/changelog. can you fix it up and ping me when ready?
<uvirtbot> Launchpad bug 247598 in dnsmasq "dnsmasq might be vulnerable to recent DNS spoofing issue" [Unknown,Fix released] https://launchpad.net/bugs/247598
<kirkland> duiu: are both 1TB drives empty right now?
<duiu> yep
<kirkland> duiu: good, then this is simple
<Koon> jdstrand: sure
<duiu> wait
<jdstrand> Koon: thanks!
<kirkland> duiu: if you use the alternate install, you can setup the raid during the installation
<duiu> they're currently partioned as "use as physical volume for LVM"
<duiu> I'm stil in the install
<kirkland> duiu: mark them as file type Linux Software Raid
<kirkland> duiu: then create an MD device
<kirkland> duiu: then use that as a device for a filesystem, choose your fs type, and mount point
<kees> is there something like update-manager's applet for the server?  some kind of daily email?
<maswan> kees: apticron gives you a useful daily email
<maswan> or, well, daily nags if there are updates
<maswan> it keeps quiet if there is nothing pending. :)
<kees> maswan: ah! perfect.
<duiu> kirkland: how do I mark them as type Linux Software RAID
<Oliber> GFS question: i'm looking at running GFS under VMware (Ubunto GeOS, or Server), would it be acceptable to use a RDM (so the disk appears as another SCSI disk) as normal GFS mount point, i presume there is nothing different about this configuration, rather than using a software iSCSI client in the guest
<duiu> kirkland: do you mean as "physical volume for RAID"
<kirkland> duiu: no
<maswan> kirkland: actually, you don't want to change the partition type to that, since then the linux kernel might try to do it's broken autodetect stuff. mdadm is much cleverer.
<duiu> kirkland: or maswan so what should I format my drives as during the partioning?
<maswan> duiu: either "linux" or "other non-filesystem usage", I think the consensus was. not many things care about the partition flag though.
<kirkland> duiu: hang on a second... i'm booting a VM
<duiu> partition flag? I thought we were talking about filesystem
<kirkland> duiu: filesystem, yes
<maswan> I thought you were talking about partitioning, not filesystem creation.
<maswan> oh, we're in the installer. sorry, I was not in context.
<kirkland> maswan: do you have a partition table on your TB drives?
<kirkland> duiu: ^
<kirkland> duiu: if not, select the "free space" in the installer
<duiu> k
<kirkland> duiu: you're going to do this twice, once for each drive
<duiu> k
<kirkland> duiu: use the free space to create a new partition
<maswan> If you just want to use them as raid volumes, there's actually no need for a partition table.
<kirkland> Use as: ......
<maswan> the whole drives that is. but I guess it might make the installer happier, or something.
<duiu> kirkland: ok
<kirkland> Use as: physical volume for RAID
<duiu> k
<duiu> that's what I was referenceing earlier
<duiu> then configure the softRAID later?
<kirkland> duiu: once you have 2 of those, you'll get a new option
<kirkland> duiu: "Configure Software RAID"
<duiu> have it
<duiu> kirkland: SoftwareRAID doesn't require APIC does it? Because I have to turn that off with my mobo to get Ubuntu to boot.
<duiu> apic=advanced program interupt control
<kirkland> duiu: no
<kirkland> duiu: not that i know of
<duiu> kirkland: then set one of them as active, one as inactive?
<duiu> or both as active?
<duiu> both active
<duiu> :O)
<sourcemaker> is there a known bug regarding the sendmail... I have the following critical problem with sendmail: System stalling on Mail Transport Agent (MTA)
<sourcemaker> but I can reproduce the problem...
<sourcemaker> sorry... can not reproduce the problem
<ScottK> sourcemaker: Sendmail is not a primary MTA package in Ubuntu.  Mostly it's Postfix and some Exim.
<sourcemaker> which package is easier to install?
<sourcemaker> I only need a software for sending emails... not more
<ScottK> I've only ever used Postfix, so I can't give you a comparison.
<sourcemaker> !postfix
<ubottu> postfix is the default !MTA and !MDA on Ubuntu. For help, read https://help.ubuntu.com/community/Postfix and https://help.ubuntu.com/community/PostfixBasicSetupHowto - See also !MailServer
<sourcemaker> ScottK: I only install postfix and thatÃs it?
<sourcemaker> and I can send mails via php?
<lamont> sourcemaker: it's gonna need some php-thingy to generate those. postfix is an MTA
<ScottK> I'd guess you may need some PHP bits too, but I'm not a PHP person.
<ScottK> ;-)
<ScottK> lamont: Speaking of Postfix and scripts...  Did you get a chance to look at mine yet?
<lamont> ScottK: :-(
<lamont> and tonight's not looking particularly promising.  some other non-work stuff that's really piled up and needs some love tonight
<ScottK> Is that "No, I haven't looked at it" or "Yes, I looked at it and it sucked."?
<ScottK> Ah.
<lamont> so... 1) I'll make it inplan for tuesday, poke me tomorrow evening?
<lamont> that's a "lamont sucks"
<lamont> I expect that the code is fine - I looked at it long enough to see the large smtp blocks at the top, and not enough to see why they were there.
<ScottK> K
<ScottK> I cribbed the setup straight from the amavisd-new docs modulo we use a chroot.
<sourcemaker> ScottK: now I have installed postfix
<sourcemaker> I am not sure... but I think apt-get purge sendmail did not remove sendmail at all... there is a startup entry /etc/init.d/sendmail... how can I remove this?
<Koon> jdstrand: fixed (hopefully)
<ScottK> sourcemaker: There may have been some Sendmail bits left behind (shouldn't be, but could be), but Postfix and Sendmail conflict.  You can't have both installed at the same time.
<jdstrand> Koon: ok, look at it in a bit-- thanks :)
<jdstrand> Koon: dnsmasq pushed for intrepid. great job! :)
<Koon> hit me so that I don't fall asleep
<jotil>  i am trying to install SELinux on my box but there is problem booting. i get the initramfs prompt when i change the grub kernel options to "selinux=1 enforcing=1"
<jotil> i removed upstart and installed sysvinit
<jotil> selecting selinux-basic removed apparmor
<jotil> any idea what is going on?
<ScottK> jotil: Shuffling major pieces of infrastructure is not the path to happiness (upstart removal).
<jotil> ScottK: but i can boot with sysvinit. nothing is wrong. just that when i try enforcing selinux, it doesn't load beyond initramfs
<ScottK> jotil: What release on you using?
<Oliber> i don't suppose anyone has a package list for running GFS/heartbeat on 8.04?
<jotil> ScottK: hardy
<ScottK> The hardy selinux packages work with upstart.
<ScottK> The selinux upstream was involved in packaging them.
<ScottK> So I think you're barking up the wrong tree.
 * ScottK doesn't use selinux, so I don't have more specific advice.
<jotil> oh boy! i read somewhere in the wiki ubuntu that i need to install sysvinit
<jotil> wait, let me find it
<jotil> https://help.ubuntu.com/community/SELinux
<ScottK> kees: We don't require people to switch back to sysv-init to use selinux do we?
<jotil> :/
<jotil> it says: 6.Finally, upstart's /bin/init isn't SELinux-enabled. So, you want to aptitude get install sysvinit - at this point, you should reboot...
<ScottK> jotil: That page was written in October 2007 and has not been updated for Hardy.
<ScottK> I don't know if that's changed or not.
<ScottK> Hopefully kees will give us a response.
<jotil> cool. thanks for your support though....
<jotil> but should i wait for kees or reinstall upstart?
<ScottK> Up to you.
<ScottK> I'd suggest reinstall upstart since that's the normal Ubuntu configuration.
<jotil> ok boss... off to reinstalling upstart then...
<kees> ScottK: no, the "selinux" package should handle that correctly.
<kees> all the old stuff about selinux not working is wrong.  Hardy works correctly.
<ScottK> jotil: ^^^
<kees> jotil: prior to hardy, it was very fragile, as you're finding.  :P
<jotil> kees: thanks. i'll revert my box back to upstart then...
 * kees nods
<jotil> and i actually found the Hardy SELinux docs right now... :$
<kees> jotil: to get selinux installed, you should just have to do "apt-get install selinux"
<jotil> rofl
<kees> jotil: heh
<jotil> yeah i just saw...
<jotil> thanks dude
 * ScottK just added a warning to that page.
 * jotil hands ScottK the "lion heart of the day" award for being so thoughtful.. haha
<LieZ^> hi my FTP server running on a remote box caps out at 32KB/s what could be wrong?
<nxvl> dendrobates: hi~
#ubuntu-server 2008-07-15
<dav010> I am installing all of ubuntu-server onto a 10GB drive, and then doing a software RAID1 mirror two 1 TB drives that I will keep data on. I am currently installing the OS, and I set the TB drives to be "physical volume for RAID" I then went to "configure software RAID", "Create MD Drive" and then it asked me how many active drives and then inactive drives for the RAID? WHat do I set. (I set 2...
<dav010> ...and 0). Additionally, after I did that, it told me I had to select two drives, except only gave me the option of selecting one of my TB drives. Did I do this correctly?
<dav010> It looks like I should of set one inactive, and one active. The installer won't let me delete my RAID thats screwed it. It says "it might be in use." Any suggestions on what to do?
<dav010> anyone?
<dav010> anyreason that the RAID can't be deleted? Should I restart the install?
<dav010> screw it, I'm restarting the install
<sly2guy> i have set up an ftp server using proftpd, everything seems to work correctly locally, but I can't seem to access it using a global/remote reference, what might the problem be?
<nealmcb> sly2guy: firewall?
<jords> Er.... something weird is going on. The mysql on my new ubuntu server install will accept a login with any username and no password, but not give any priviliges. More a problem, though, is that the only user you can actually login as and get priviliges is root - all the other users only login with no password even though i've set one for them, and don't get priviliges to do anything
<Kludge^WalesUK> hai
<jords> hey
<Kludge^WalesUK> aha :) Wondering if i could get some seemingly basic assistance? :)
<Kludge^WalesUK> i'm due to have a "ubuntu server" seedbox soon, i've been virtualizing the distro as best i can over win64 vista and VMWare. Just wondering if anyone can help out on any technicalities for remote administration and/or torrent client help?
<jords> I run a ubuntu  server seedbox also...
<Kludge^WalesUK> i've managed to nail installation of X+Wine+Fluxbox+webui+(hopefully) VNC... But i'm aiming for a native client
<jords> I just use transmission-daemon, and then transmission-remote over ssh....
<Kludge^WalesUK> rTorrent and a webui... all my efforts so far (in over 14hrs) have failed (i've re-used the same ubuntu server image)
<Kludge^WalesUK> hmm. not heard of that combo... a webui is nice, but not necessary. I could if need be VNC/FreeNX (another failure on my part) in
<jords> You don't really need a gui, but if you want one I find torrentflux-b4rt works well just by itself if your not too worried about system resource usage (bitcomet is a pig)
<Kludge^WalesUK> i think bitcomet is still banned on many sites for its `behaviour`... I've tried torrentflux-b4rt and wasn't impressed =/ Although it "just works"... I'd still probably prefer WINE+X+WebUI+VNC
<jords> What client are you using with WINE? I'm a utorrent fan myself, but I find transmission is almost as good, and runs on linux natively
<Kludge^WalesUK> would be using uTorrent 1.7.x as i've read that 1.8 beta still has a few problems.. i'm very used to uTorrent as I run it on my server at home. transmission i've not looked into AT ALL to be fair... Just want something functional that has a lot of control..... rTorrent does, but ugh... i find its intuition quite "WTFH IS THIS?"
<Kludge^WalesUK> and not managed once to get a webui working at all =(
<Kludge^WalesUK> you still lurking, jords? :)
<jords> yes :D
<Kludge^WalesUK> aha! just installed transmission... looks very simple... it can't find "transmission-remote" and it doesnt appear in the repos i have
<jords> I donno how complicated your requirements are, but have a look at transmission-daemon and clutch, which is a very nice webui for it. some tricks to get it to run though
<jords> the transmission packages in ubuntu are old, I just compiled the latest version  myself....
<Kludge^WalesUK> i don't have transmission-remote here
<Kludge^WalesUK> gah! *hides* wanna teach a n00b how to compile?
<jords> it's a reasonably new feature. I'll try - ok first step is to remove the old transmission
<jords> it's quite easy really, as long as you don't have dependancy problems
<Kludge^WalesUK> ok, do you want to see how exactly i've bodged a wine+X+utorrent install?
<Kludge^WalesUK> i can just reuse a base vmware image so no need to uninstall :)
<jords> heh nice
<Kludge^WalesUK> it's a well worn image i assure you ;)
<Kludge^WalesUK> ok here's the list of crap i go through (all manually written thanks to VMWare :( )
<Kludge^WalesUK> #
<Kludge^WalesUK> sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get install openssl ssh xserver-xorg xfonts-base xinit xterm xauth wine fluxbox synaptic firefox-3.0 tightvncserver
<Kludge^WalesUK> (62.7MB / 225MB diskspace)
<Kludge^WalesUK> cd /home/kludge && mkdir incoming && mkdir storage && wget http://download.utorrent.com/1.8/utorrent-1.8.exe
<Kludge^WalesUK> vncserver
<Kludge^WalesUK> sudo reboot
<Kludge^WalesUK> startx
<Kludge^WalesUK> open an terminal and command; xrandr -s 1024x768 && winecfg
<Kludge^WalesUK> wine utorrent-1.8.exe
<Kludge^WalesUK> install in c:\windows\system32
<Kludge^WalesUK> run from anywhere wine utorrent
<Kludge^WalesUK> #
<ScottK> !pastebin | Kludge^WalesUK
<ubottu> Kludge^WalesUK: pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<Kludge^WalesUK> okie *hides some more*
<Kludge^WalesUK> how does that `look`? n00bish? LOL
<jords> ok... do you want to give transmission a try? good to lean how to do a basic build of a program too
<Kludge^WalesUK> yeah, just decompressing the 7z archive i have now :)
<Kludge^WalesUK> ok she's booting
<Kludge^WalesUK> ok, booted, i'm at the terminal. just logged in as kludge (non root)
<jords> ok, make a new directory, call it "transmission-build" or something
<Kludge^WalesUK> in ~ /
<jords> yeah, that's your home directory
<Kludge^WalesUK> ok done
<jords> ~ means /home/<your username>
<Kludge^WalesUK> ok, i'm in that dir now
<jords> wget http://download.m0k.org/transmission/files/transmission-1.22.tar.bz2
<jords> tar -xjvf transmission-1.22.tar.bz2 to extract it
<Kludge^WalesUK> ok, done
<Kludge^WalesUK> changed directory to in there as well
<jords> ok... ./configure
<jords> and hope theres no errors
<Kludge^WalesUK> no acceptable C compiler in path
<jords> ooh, forgot that. apt-get install build-essential :D
<Kludge^WalesUK> ;) thanks... quite a few other things missing in the debug too... one sec
<ScottK> Transmission is packaged for Intrepid.
<jords> ScottK: it's packeged, but the version in the repos is very old
<ScottK> It's probably much easier to grab the Intrepid source package and build a .deb locally for your system.
<ScottK> 1.22 is in Intrepid.
<Kludge^WalesUK> this could take a while i'm on dialup :(
<ScottK> https://launchpad.net/ubuntu/intrepid/+source/transmission/1.22-1ubuntu1
<Kludge^WalesUK> ;) just kidding... configure went fine this time
<jords> cool... now type make
<Kludge^WalesUK> no makefile found
<ScottK> Generally you'll be happier in the long run using the packaging system even for local stuff.
<Kludge^WalesUK> aye. well i don't wanna step on toes :)
<jords> ScottK: well I can't claim to know enough about apt to do that...
<ScottK> Easy enough.
<ScottK> Make a new directory to work in.
<Kludge^WalesUK> who am i following now? :X
<ScottK> Your call.
<Kludge^WalesUK> make seems to be failing for some reason
<jords> Kludge: follow him, he knows much more apt than i do :D
<Kludge^WalesUK> you cool with that, jords?
<ScottK> sudo apt-get install devscripts build-essential
<Kludge^WalesUK> done
<ScottK> dget -x https://launchpad.net/ubuntu/intrepid/+source/transmission/1.22-1ubuntu1/+files/transmission_1.22-1ubuntu1.dsc
<Kludge^WalesUK> gah, copy and paste doesnt work over vmware ;( one sec, this'll take a moment
<ScottK> Or you can change the deb-src line for main in /etc/at/sources.list to intrepid, apt-get update, apt-get source transmission
<Kludge^WalesUK> unable to establish SSH connection
<Kludge^WalesUK> SSL*
<ScottK> OK.  Change /etc/apt/sources.list
<Kludge^WalesUK> one sec
<Kludge^WalesUK> what am i adding at the end?
<ScottK> Change hardy to intrepid on the deb-src line (make sure it's deb-src)
<jords> I'm just using ---insecure ... is that any worse?
<Kludge^WalesUK> i have multiple deb-src variables
<ScottK> The first one that has main in it.
<ScottK> Mine would be:
<ScottK> deb-src http://us.archive.ubuntu.com/ubuntu/ intrepid main restricted
<Kludge^WalesUK> the deb-src http://bleg/ubuntu/ hardy-updates main restricted ?
<Kludge^WalesUK> gotcha
<ScottK> Where bleg/ubuntu/ is the path to your local mirror, yes.
<ScottK> Then sudo apt-get update
<ScottK> then sudo apt-get source transmission
<Kludge^WalesUK> fark i didnt sudo edit it... one moment
<Kludge^WalesUK> ok, done
<Kludge^WalesUK> ( fetched 1185KB )
<ScottK> So you have the source?
<Kludge^WalesUK> yeah, i believe so
<ScottK> ls in that dir and see if it's there
<Kludge^WalesUK> yeah, im in that dir still
<ScottK> Then try sudo apt-get build-dep transmission
<Kludge^WalesUK> getting an error, want me to type?
<ScottK> Is it the libcurl-dev one?
<Kludge^WalesUK> no idea =\
<ScottK> Does it mumble about a virtual package?
<ScottK> Trying to save you some typing ...
<Kludge^WalesUK> getting an "E: build-depends dependancy for transmission cannot be satisfied because no available versions of package debhelped can satisfy cersion requirements"
<Kludge^WalesUK> excuse typo's its 5:14am and i'm reading from a VMWare terminal ;)
<ScottK> That's painful.
<ScottK> Let me look at the package
<ScottK> Idiots
<Kludge^WalesUK> :D
<ScottK> The set the version dependency to debhelper 7, but looking at it, I'm almost certain it doesn't need it.
<ScottK> The/They
<ScottK> cd into the package dir
<Kludge^WalesUK> still in thre
<ScottK> then cd into the debian dir.
<Kludge^WalesUK> not one, only daemon
<ScottK> Hmmm.
<ScottK> After you got the source, there should have been a dir called transmission-1.22 there
<jords> there is a debian directory for me
<ScottK> debian is in that one.
<Kludge^WalesUK> wget -x https://launchpad.net/ubuntu/intrepid/+source/transmission/1.22-1ubuntu1/+files/transmission_1.22-1ubuntu1.dsc <- that one?
<ScottK> That one failed for you, right?
<jords> oh.... dget
<jords> not wget?
<Kludge^WalesUK> if you meant to write Dget it wasn't installed, i assumed you meant wget
<ScottK> We did apt-get source transmission instead.
<ScottK> No, I meant dget
<ScottK> Did you install devscripts?
<Kludge^WalesUK> dget not installed then
<ScottK> It's in that pakcage
<Kludge^WalesUK> yeah. maybe not at the right time... one sec
<ScottK> jords: dget uses wget, but it knows about debian package structure so can grab the whole package.
<Kludge^WalesUK> ok, made dir transmission-build sudo apt-get install build-essentails devscripts
<Kludge^WalesUK> changed first line to read intrepid FROM hardly, and to main restricted
<ScottK> Then apt-get update
<ScottK> apt-get source transmission
<ScottK> That should get you transmission-1.22 just sitting there ready to go.
<Kludge^WalesUK> yeah, does now... i rm'd what was in there to make sure
<ScottK> cd into transmission-1.22 and then cd into debian
<Kludge^WalesUK> now dget ?
<Kludge^WalesUK> aha, deb is there now!
<ScottK> No.  We used apt-get source instead.
<Kludge^WalesUK> ok in debian
<ScottK> There's a file called control.
<Kludge^WalesUK> yup
<ScottK> Open it in the editor of your choice
<Kludge^WalesUK> done
<ScottK> See the line called Build-Depends:
<ScottK> It's actually two lines.
<Kludge^WalesUK> yeah i see it... debhelper (>= 7)
<ScottK> Change the 7 to a 6 (we are cheating now, but I'm almost certain it's OK).
<Kludge^WalesUK> done
<ScottK> Next is to install those packages.
<Kludge^WalesUK> ok, so parent dir?
<ScottK> Doesn't matter
<ScottK> When you install binary packages, the current dir doesn't matter.
<Kludge^WalesUK> aha, okie... how'd i install? :)
<ScottK> If you apt-get source, the source gets shoved in the current dir so it matters.
<Kludge^WalesUK> thankyou so much for your patience :)
<ScottK> sudo apt-get install .... the list of packages.
<Kludge^WalesUK> uhm. Did you just miss a step? I just changed "debhelp (>=7 to 6
<ScottK> Right.  Save and exit.
<Kludge^WalesUK> yup;
<ScottK> Then sudo apt-get install debhelper autotools-dev libgtk2.0-dev libevent-dev libglib2.0-dev
<ScottK> Then sudo apt-get install libssl-dev chrpath python intltool
<Kludge^WalesUK> ah the joys of a fast connection, almost done the first bit
<Kludge^WalesUK> ok with ya
<ScottK> Your on Hardy, right?
<Kludge^WalesUK> yeah 8.0x LTS
<ScottK> Then sudo apt-get install libcurl4-openssl-dev
<Kludge^WalesUK> done
<ScottK> Then you've got all the stuff to build the package installed
<Kludge^WalesUK> awesome ;o
<ScottK> Now you want to be in the transmission-1.22 dir
<ScottK> cd .. from debian if you're still there
<Kludge^WalesUK> yep, im there now
<ScottK> Also sudo apt-get install fakeroot
<ScottK> I always forget that one
<Kludge^WalesUK> done
<Kludge^WalesUK> one sec, need a pee
<ScottK> Then debuild -us -uc (the options just mean you aren't going to sign the pakcage)
<ScottK> Do this next one first.
<ScottK> It'll take a while.
<Kludge^WalesUK> ok BACK
<Kludge^WalesUK> next one first still?
<ScottK> debuild -us -uc
<Kludge^WalesUK> fakeroot debian/rules clean failed
<ScottK> Shoot
<Kludge^WalesUK> permission denied... sudo ?
<ScottK> No
<ScottK> let me look
<Kludge^WalesUK> says it cannot remove `third-party/libeven/test/regress.gen.c` premission denied
<Kludge^WalesUK> gugh the typos... *looks at a waiting pint of coffee* <3
<Kludge^WalesUK> debuild fatal error at line 1247
<ScottK> OK.
 * ScottK is trying it.
<Kludge^WalesUK> how may i ask is a n00b supposed to just `know` this? :S
<ScottK> Usually it's easier.
<ScottK> Usually it's apt-get source, apt-get build-dep ..., debuild and you're done.
<Kludge^WalesUK> usually because n00bs install the whole desktop environment?
<Kludge^WalesUK> which has all the dev stuff already?
<ScottK> No, because transmission can be a PITA.
<ScottK> Mostly n00bs stick with the version in the archve.
<Kludge^WalesUK> fair enough LOL... i'm keeping a .txt file on the process, so if/when it works 100% ok, i'll try from the first step
<Kludge^WalesUK> as would i :X
<ScottK> It looks like debian rules is actually using one debhelper 7 feature.
<Kludge^WalesUK> ouch =/ no cheating for ScottK & kludge
<Kludge^WalesUK> if you need me to start again from scratch up to a certain point i can do that :) no worries
<ScottK> The odd bit is it failed for me to, but in a different place.
<Kludge^WalesUK> hmm. you want a transcript (of sorts) of what i've done?
<ScottK> I think I got it.
<Kludge^WalesUK> http://pastebin.ca/1072036
<ScottK> There's a file in debian dir called compat
<Kludge^WalesUK> thats my `transcript`
<ScottK> It'll contain the number 7.
<ScottK> Change the 7 to 6 and try the debuild again
<Kludge^WalesUK> nopers ;(
<Kludge^WalesUK> line 1247 still
<ScottK> OK.  It's working for me.
<Kludge^WalesUK> still cannot remove that file
<ScottK> Let's back up a bit.
<ScottK> Let's rm -rf your transmission-1.22 dir (just the dir, not the other files in the parent directory.
<ScottK> The do dpkg-source -x transmission_1.22-1ubuntu1.dsc
<Kludge^WalesUK> uh permission denied -_-
<ScottK> Ah.
<ScottK> Did you do sudo apt-get source transmission?
<Kludge^WalesUK> it appears so :(
<ScottK> What does ls -l transmission-1.22 tell you?
<ScottK> No problem.  We can fix this.
<Kludge^WalesUK> yup, root owns it
<ScottK> sudo chown -r username:username transmission-1.22 where username is your username
<ScottK> -R sorry
<Kludge^WalesUK> ok kludge owns it now \o/
<ScottK> cd back into transmission-1.22
<ScottK> Then debuild -us -uc
 * Kludge^WalesUK stabbeth
<Kludge^WalesUK> 1247 again
<Kludge^WalesUK> dpkg-source -b transmission-1.22 failed
<Kludge^WalesUK> also can't create some files
<ScottK> OK.  Let's back up.
<Kludge^WalesUK> shall i follow my transcript from scratch?
<ScottK> cd out of your transmission-1.22 dir and rm -rf it
<ScottK> Then do dpkg-source -x transmission_1.22ubuntu1.dsc
<Kludge^WalesUK> ugh, got weirdass file differences now
<Kludge^WalesUK> ok can you check this transcript? if it looks good i'll start over
<Kludge^WalesUK> http://pastebin.ca/1072042
<ScottK> http://pastebin.ca/1072044
<Kludge^WalesUK> right... i'm gonna nuke the work done so far, and follow that spot on... won't be long (Y)
<Kludge^WalesUK> thanks for your patience, you're a GOD amongst men
<ScottK> There's more.
<ScottK> I'm now ahead of you and finding some other stuff.
<Kludge^WalesUK> okie. well i'll follow that until you update the link, i'll inform you of any erroring :)
<ScottK> K.
<ScottK> Updated http://pastebin.ca/1072050
<ScottK> Kludge^WalesUK: Did you see the extra steps I added.
<Kludge^WalesUK> hmm. i have a much older version now (1.06)
<ScottK> Then we didn't get the sources.list done right.
<ScottK> Go back to the dget approach.
<ScottK> That worked for you.
<Kludge^WalesUK> a bit of a mix-up on the `transcript`, my bad
<Kludge^WalesUK> i have it sorted now, will rm un-needed files
<ScottK> http://pastebin.ca/1072052
<ScottK> OK.
<Kludge^WalesUK> almost with you ScottK :)
<ScottK> I've run into another problem I haven't sorted yet.
<Kludge^WalesUK> right, well i'm about to load that URL... everythings worked spot on so far! NO errors \o/ just need to re-write it a little bit
<Kludge^WalesUK> ok finding dh_prep atm
<Kludge^WalesUK> ok found it under install: build (few lines down) dh_prep >> dh_clean -k ?
<ScottK> Yes
<ScottK> One more rules change will be needed.
<Kludge^WalesUK> okie! i'm upto speed, no errors so far ;o
<ScottK> Go on down in debian/rules
<ScottK> Find the line dh_install -a (not -i)
<ScottK> add --sourcedir=debian/tmp to it
<Kludge^WalesUK> where do I hadd the --sourcedir?
<ScottK> Did you find dh_install -a?
<ScottK> You want:
<Kludge^WalesUK> yup, CTRL+W ;)
<nxvl> dh_install --sourcedir=debian/rmp
<nxvl> s/rmp/tmp
<ScottK> What nxvl says.
<nxvl> :D
<Kludge^WalesUK> so now -a at all?
<ScottK> nxvl: Actually we want the -a
<ScottK> Sorry.
<ScottK> dh_install -a --sourcedir=debian/rmp
<Kludge^WalesUK> k done
<ScottK> Save that
<ScottK> then cd ..
<ScottK> so you are in the transmission-1.22 dir
<ScottK> Then debuild -us -uc
<ScottK> I just did it and it worked here.
<nxvl> ScottK: i come in on the middle of the discussion, just write what i understand about it
<nxvl> :D
<ScottK> No problem.
<Kludge^WalesUK> sweet, just going to update my transcript thingo, its lagging a little
<Kludge^WalesUK> dependancies not met DOH!
<ScottK> What does it complain about
<ScottK> It'll tell you what's missed
<Kludge^WalesUK> typo my end i'm thinking line 993
<Kludge^WalesUK> says i don't have all build dependencies met
<Kludge^WalesUK> its wanting `pbuilder` package
<Kludge^WalesUK> will check line 993 somehow
<ScottK> Pastbin the error
<Kludge^WalesUK> i can't :( bloody VMWare
<ScottK> Ah
<Kludge^WalesUK> hmm, the "rules" file has just disappeared... OR i'm going blind
<ScottK> Then sudo apt-get install pbuilder , but I find that a little suprising.
<Kludge^WalesUK> 50/50% of either really
<Kludge^WalesUK> nope still screwing up ;(
<Kludge^WalesUK> dh_install -a --sourcedir=debian/tmp
<Kludge^WalesUK> rmp jesus
<Kludge^WalesUK> one sec, this end (ofcourse)
<nxvl> ScottK: for sync request on universe after IF do i need 2 ACKs or with one is enought?
<Kludge^WalesUK> ok whatever --sourcedir=?? it doesn't exist if that helps?
<ScottK> nxvl: One is fine.
<nxvl> ok, so i just need to wait
<nxvl> :D
<ScottK> Kludge^WalesUK: I've got a better idea (you've been very patient doing advanced stuff).
<Kludge^WalesUK> I'm happy learning if you're happy with spending the time :) it's only 6:30am here ;)
<Kludge^WalesUK> gotta love sleeping disorders \o/ LOL
<ScottK> It's 1:30 AM here and I've got to get to bed soon.
<ScottK> What I did is I uploaded my version to my PPA.
<ScottK> It should appear here shortly: https://launchpad.net/~kitterman/+archive
<ScottK> That or soyuz has eaten it.
<Kludge^WalesUK> i see it (good start)
<nxvl> soyuz is slow for showing things on LP
 * Kludge^WalesUK stabs himself in the kernel and issues a sudo halt
<ScottK> So add deb http://ppa.launchpad.net/kitterman/ubuntu hardy main to your /etc/apt/sources.list to get ready.
<ScottK> Not eaten.
<ScottK> Building now.
<ScottK> Kludge^WalesUK: When you install from a PPA it's just like the regular archives, except not signed.
<ScottK> You'll get asked if you want to install it anyway.
<Kludge^WalesUK> ok altered the sources.list and done a apt-get update
<ScottK> Presumably you'll want to say yes.
<ScottK> It's still building.
<ScottK> What architecture are you running?
<Kludge^WalesUK> atm under VMWare i386 ubuntu server, most likely the same flavour as the seedbox to be
<ScottK> OK.
<ScottK> PPA only builds i386, amd64, and lpia.
<ScottK> I had a sudden fear you might be on a sparc or something.
<Kludge^WalesUK> that would be far too much of a challenge at 1:36am letalone 6:36am ;)
<ScottK> nxvl: Are you going to be around for a bit?
<nxvl> ScottK: 10 or 20 minutes
<nxvl> i want to finish the dvipdfmx MIR
<ScottK> nxvl: Do you think you could take over here and help Kludge^WalesUK with installing from my PPA after it builds?
<nxvl> ScottK: installing as in adding to the sources and apt-getting?
<Kludge^WalesUK> source added :)
<ScottK> apt-getting
<nxvl> ok
<ScottK> Thanks.
<nxvl> what package?
<ScottK> transmission
<ScottK> I think he wants transmission-cli
<nxvl> transmission is kewl
 * nxvl loves transmission
<ScottK> Kludge^WalesUK: I'm going to go to bed.  I have to be in the car starting a 2 hour drive at which I need to be concious enough for complex data analysis in about 6 hours.
<Kludge^WalesUK> used to uTorrent atm
<Kludge^WalesUK> gah! sleep well ScottK, and thankyou <3
<ScottK> I'm sure nxvl will be able to help you the rest of the way.
<nxvl> ScottK: sleep thingt
<nxvl> \o/
<ScottK> Kludge^WalesUK: Let me a note here if it works.
<Kludge^WalesUK> will do!
<nxvl> Kludge^WalesUK: ok, what are we doing and in which stage have be stoped?
<ScottK> This will be enough testing that if it works, I can get an official backport done.
 * ScottK notes it just finished building.
<nxvl> yup
<Kludge^WalesUK> nxvl: uh... bit of a mess really... I can throw you a pastebin of what i've done now if you want?
<ScottK> nxvl: He's added my ppa to his sources.list.
<ScottK> Kludge^WalesUK: We're skipping all that now and using the results of me doing the same thing.
 * ScottK heads to bed.
<ScottK> Good night.
<Kludge^WalesUK> oh sweet ;o ok, so where'd that replace from in the transcript i wonder hehe
<Kludge^WalesUK> night ScottK and thanks again <3
<nxvl> if i have got it correctly
<nxvl> you should just need to write on a terminal: sudo apt-get update ; sudo apt-get install transmission
<ScottK> Actually I think transmission-cli
<ScottK> He's on a server.
<ScottK> He doesn't want the gtk one.
<ScottK> But I really am going to bed ...
<Kludge^WalesUK> seems to have grabbed both
<Kludge^WalesUK> except 1.06 versions, nxvl
<nxvl> ScottK: go sleep!
<nxvl> mm
<nxvl> for some reason ScottK's ppa hasn't build transmission-cli
 * nxvl hecks
<nxvl> checks
 * Kludge^WalesUK ponders starting again from scratch from a point, things are getting messy
<nxvl> oh!
<nxvl> there aren't build still
<nxvl> :D
<Kludge^WalesUK> oh o_O
<nxvl> let's wait a little
<nxvl> soyuz is slow sometimes
<Kludge^WalesUK> i have no idea what of my `transcript` i even need anymore ;( LMAO
<Kludge^WalesUK> feel free to have a look at the mess of; http://pastebin.ca/1072071
 * Kludge^WalesUK rattles nxvl's cage about a bit :innocent:
<nxvl> ok
<nxvl> it's installed
<nxvl> Kludge^WalesUK: now run: sudo apt-get update ; sudo apt-get install transmission-cli
<Kludge^WalesUK> done \o/
<Kludge^WalesUK> told me about them being unverified (correct)
<nxvl> yep
<nxvl> that correct
<Kludge^WalesUK> coolioage!
<Kludge^WalesUK> whats next sir nxvl? i'm in a world of `terminal` pain ;)
<nxvl> what are you trying to do?
<Kludge^WalesUK> uhm. transmission with a webui?
<nxvl> doesn't know transmission that far
<Kludge^WalesUK> theres no X server or window environment installed at the moment
<Kludge^WalesUK> eep LOL great! LOL
<nxvl> you need to search for a web frontend to transmission
<nxvl> or just run it from CLI
<Kludge^WalesUK> i've done that before for rTorrent but none of the frontends i can get working
<nxvl> ypu can still use it from the terminal
<nxvl> well
<nxvl> i need to sleep
<Kludge^WalesUK> same, its 7:13am here ;(
<nxvl> i have already finished with my MIR
<nxvl> Kludge^WalesUK: i need to go work at that time :P
<nxvl> read you!
<Chipzz> Kludge^WalesUK: rtorrent has some issues anyway
<Chipzz> or rather a lib it depends on
<Chipzz> only does 32-bits ints
<Chipzz> signed even
<Kludge^WalesUK> the way things are going, i'm still heading toward WINE+X+fluxbox+utorrent with webui LOL
<Chipzz> so files >2gb don't show correctly
<Kludge^WalesUK> what'd you recommend? >_>
<Kludge^WalesUK> i'm quite impressed by Deluge, its easy to install, navigate, use, and the webui just works out-of-the-box... unlike everything else
<Chipzz> dunnow - have been fucking around a bit with some code for an rtorrent webfrontend of my own, but hit that bug
<Chipzz> there's also this python-based torrent webinterface
<Kludge^WalesUK> ouch ;-/ Might mess about some more tomorrow. See what kTorrent can come up with
<Kludge^WalesUK> oh?
<Chipzz> torrentflux
<Chipzz> I do not recommend it
<Kludge^WalesUK> yeah, tried it, hated it =/ although it CAN use the transmission backend
<Chipzz> eats lots of CPU
<Kludge^WalesUK> AJAX is probably its biggest fault i guess
<jords> I only use torrentflux when i'm on someone else's server :Z
<Kludge^WalesUK> LOL! thats the only ways its `acceptable` :innocent:
<jords> also, install pastebinit
<Chipzz> no, torrentflux's biggest fault is doing torrents in python :P
<jords> it can pastebin for you and should work in vmware
<jords> Chipzz: Is it python or just just bitcomet sucking?
<Kludge^WalesUK> without an X environemt?
<jords> yes
<jords> you can paste the output of a whole command by doing:
<jords> command | pastebinit
<jords> just tells you the url
<Kludge^WalesUK> awesome ;o
<jords> indeed
<Kludge^WalesUK> will test now
<Kludge^WalesUK> mmm think i'm too tired even for that </3
<Kludge^WalesUK> rest time me thinks, its Tue Jul 15 07:29:30 2008
<Kludge^Sl-_-p> BBIAB \o/ thanks for all your help jords ScottK and others <3
<jords> np
 * Kludge^Sl-_-p goes snore his ass off
<exot> hello, I would like to connect to my server using pptp , any leading points ?
<levander> I remember there was some talk about implementing restore points in Ubuntu.  Did that ever get done?
<kraut> moin
<sommer> morning all
<StonedToo> howdy
<knurra> StonedToo: great nick you got!
<nealmcb> levander: can you essentially do restore points via lvm snapshots?
<Shane-S> is there a command to run a hardware check? My server was left in an overheated closet because they shut the air off and is now having LAMP issues, I am not finding anything in sylog, daemon.log, or apache2 error.log
<ivoks> meeting in couple of minutes, right?
<mathiaz> ivoks: yes
<ivoks> ok
<ivoks> mathiaz: i've added Packages affected to https://wiki.ubuntu.com/MigrateOffSSL2
<ivoks> mathiaz: and those are all that we should take care of (some of them are in universe)
<habesh> I have a list of installed packages I saved as pkgs.lst a while ago and want to compile a current list of installed packages to do a diff. Problem is I forgot how I got the first list, it could have been dpkg -l >pkgs.lst, any better ways of getting a list of installed packages on my machine?
<ivoks> dpkg --get-selections
<ivoks> has anyone installed hardy on sparc?
<mathiaz> ivoks: great - thanks
<nealmcb> the meeting is in #ubuntu-meeting - https://wiki.ubuntu.com/ServerTeam/Meeting
<Kludge^WalesUK> lo nxvl :D
<pubo> Hi
<culpritcz> hi
<Kludge^WalesUK> lo
<pubo> Can anybody help me with Apache VirtualDomains?
<pubo> I've set a new virtualdomain, but now I only can enter by using the URL: http://mydomain.com but not with http://www.mydomain.com
<culpritcz> I got problem with fibre channel connection, I loose connection. Can someone help me?
<pubo> should I create a new one file inside of sites-available with this name?
<ivoks> pubo: ServerAlias is your friend
<Kludge^WalesUK> sadly i'm not a tech supporter, but i'm sure someone can help, i'm awaiting someone here myself :)
<pubo> ok, thanks!
<culpritcz> nobody could help me with connection trough fibre channel? ;(
<uvirtbot> New bug: #244411 in samba (main) "Samba shares don't always work with winbind installed (8.04)" [Undecided,Confirmed] https://launchpad.net/bugs/244411
<culpritcz> nobody could help me with connection trough fibre channel? ;(
<ivoks> culpritcz: what's the problem?
<culpritcz> ivoks: 2 hours ago I loose fibre connection, and now I could not connect to SAN
<ivoks> and your SAN is working?
<culpritcz> ivoks: sure, I could not find why the connection is not working, It's on server but where
<ivoks> (i'm on gprs, so i might be 'slow' in response)
<ivoks> so, what FC card do you have?
<culpritcz> hihi, it's in server room, early compaq HBA
<ivoks> umm... which driver is that?
<culpritcz> where I could find it, could not go to the server room
<ivoks> It seems that the Linux 2.6 kernel does not support this card anymore.
<ivoks> The Compaq FibreChannel HBA's has been removed from later 2.6 kernels
<ivoks> like the 2.6.11.
<culpritcz> Emulex Corporation LP8000
<ivoks> i'm talking about FC controller on your server, not SAN
<culpritcz> that is the card in system
<ivoks> i guess you'll need:
<ivoks> http://sourceforge.net/projects/cpqfc
<ivoks> but i don't think that's developed anymore
<ivoks> aaaaaa
<ivoks> lpfc
<ivoks> try modprobing lpfc
<culpritcz> no report on modeprobe lpfc
<ivoks> check dmesg
<culpritcz> for what?
<ivoks> to see if there's any info on LUNs from controller
<culpritcz> no
<ivoks> well, that's the driver for your card
<ivoks> paste dmesg on pastebin
<culpritcz> ????
<ivoks> pastebin.ubuntu.com
<culpritcz> don't know what I should paste there
<ivoks> /var/log/dmesg
<Brazen> ok, so I didn't want to go off on a stupid tangent in the meeting, but would it be possible to keep sslv2 in OpenSSL but just disable it by default?
<culpritcz> thans
<culpritcz> thnx
<ivoks> Brazen: disable as a compile time option?
<ivoks> point of my job is to keep sslv2 in openssl, but disable it on services like apache, postfix, etc...
<Brazen> well, I'm thinking keep it compiled in, but have like a config file or something that can either enable or disable it
<ivoks> i don't thnik that's possible; enable ssl2 for whole sistem trough config file
 * delcoyote hi
<Brazen> yeah, ivoks, I get that, but like someone said, compiling it out of Openssl would make SURE it was gone.  I'm thinking the package could keep it compiled in, but disabled.  That way people with legacy clients could enable it if needed
<Brazen> keep in mind, I'm not a developer, so I just thought I would toss that idea out there
<ivoks> it's impossible, cause openssl is a library
<Brazen> well, that's kinda what I figured
<ivoks> one can't just disable part of the library
<ivoks> well do exactly the same thing per package
<Brazen> okey dokey
<fungo> looks like imq isn't enabled on hard default kernel, how could i recompile the kernel the best way possible?
<uvirtbot> New bug: #237115 in nss-ldapd (universe) "nscd: nss_ldap: server is unavailable" [Undecided,New] https://launchpad.net/bugs/237115
<fungo> i'm interested on using IMQ to shape my download speed
<nealmcb> fungo: in what way do you want to shape it?  kernel compiling info is at https://help.ubuntu.com/community/Kernel/Compile
<fungo> i want to do ingress shaping
<fungo> classfull ingress shaping :P
<nealmcb> e.g.?
<fungo> droping http download packets to reduce acks and overall download speed when i'm playing counter-strike
<ivoks> seems like a sane reason
<ivoks> :D
<nealmcb> :)
<nealmcb> but why not just stop asking for the http traffic?
<fungo> that would kill the connection, wouldn't it?
<fungo> i could stop the downloads, etc, but everything working autonomously would be neat
<nealmcb> fungo: ahh - so you want to be able to browse media-heavy sites while gaming, but want the http traffic to just be slow, so you'll get it to back off by dropping some packets - I guess that makes sense :)
 * nealmcb updates https://wiki.ubuntu.com/MigrateOffSSL2 a bit and emails ivoks
 * lukehasnoname claps
<lukehasnoname> NASA uses Nagios, heh
<FragtioN> Hey guys, anyone know of a bug where traceroutes will report higher (clearly false) latencies than ping, using the same packet size? Im on ubuntu server 8.10 using 2.6.26 @ 1000Hz (i switched to this thinking it might help - default kernel gave the symptom originally)
<FragtioN> if i ping the remote host from windows, i get a pretty stable 2-5ms ping. same thing if i ping it from the ubuntu server; but if I do a traceroute, it will report it as like 35ms ? - every time...
<FragtioN> also tried uninstalling traceroute deb and compiling the latest version - 2.0.11 and that gives the same problem
<FragtioN> running x86_64 on an AMD64 3400+
<tacone> hello. is there any ubuntu room targetting webdevelopers ? (about how to make ubuntu more suitable for them and push them to adopt ubuntu as their developing platform ?)
<lukehasnoname> not that I know of
<lukehasnoname> tacone: ping
<lukehasnoname> ubuntuforums.org might be useful
<FragtioN> seem to have found the problem for anyone who ever gets a similar problem - seems like it was async routing (box was routing through a routerboard with some b0rked routes)
<tacone> lukehasnoname: ok. I was looking for a "team" or something like that.
<lukehasnoname> ask #ubuntu-devel if you must, they aren't web-focused, they're Ubuntu focused.
<lukehasnoname> as in, they actually develop Ubuntu, not just devs who use it.
<tacone> lukehasnoname: ok, there's not yet a team to take care of this kind of thing. I'll search for a team I launchpad or maybe open my own then.
<tacone> I have no problem, just looking for alikes. thanks for now, good evening :-)
<veNom_bz> tacone what do you use for web-development? perhaps you could look for a language specific team.
<tacone> I am a php professional. btw I am the main developer of rapache project (apache easy  configuration tool).
<tacone> I was just looking for people to share best practices or ideas with.
<veNom_bz> perhaps an apache or php channel then or try web developers group on ubuntu server http://ubuntuforums.org/group.php?groupid=2 feel free to discuss ubuntu server specific intricacies here
<tacone> very nice
<nealmcb> FragtioN: very odd.  my offhand guess would be that they are using different kinds of pings somehow (like icmp vs udp or the like), or that the successive ttl values cause the routers to do something odd
<nealmcb> ahh - I see your update now
<AtomicSpark> so i've been messing with samba for 2 days now. trying to get two shares working under two differnt user names (office and manager). turns out, the xp pro machine doesnt want to, for some reason, conenct to the server with two shares of different user names. i'm not sure if this is a problem with windows itself or with the samba server. any ideas?
<AtomicSpark> i might have to add the manager user to the office group, so they can access it via their username too.
<veNom_bz> this is not an ubuntu server probelm. to address your question though windows will not allow it. it is not a samba problem. samba can however be configured to accept only one connection per username at a time though.
<AtomicSpark> veNom_bz: thanks. figured it was a windows limitation. i suppose ill set it up properly. ;)
<d0m1n0ez> this may be a dumb question, but I am looking for documentation for apache on their website.  I installed apache2, but I not sure as to what version of apache the install is (ex: 2.0, or 2.2) is there a way to find out?
<hads> Sure. `dpkg -l | grep apache` will tell you the pacage version installed.
<hads> From that you can derive the apache version
<AtomicSpark> lets say i someday manage to get rid of windows. whats the best way to create network shares? sftp + ssh? samba? that other linux to linux one i cannot think of...
<AtomicSpark> ubuntu doesnt have it installed by default. maybe i shouldn't use it.
<veNom_bz> nfs
<AtomicSpark> yes that one. why isnt it installed?
<nealmcb> jdstrand: I knew there was another factoid we needed: ufw...  and updating !firewall
<nealmcb> !firewall
<ubottu> Ubuntu, like any other linux distribution, has firewall capabilities built-in. The firewall is managed using the 'iptables' command (see https://help.ubuntu.com/community/IptablesHowTo), or GUI applications such as Firestarter (Gnome) or Guarddog (KDE).
<veNom_bz> samba is not linux networks. install what you need. nfs is my recommendation to you however. do some reading http://nfs.sourceforge.net/.
<AtomicSpark> veNom_bz: nfs relys on local group to determin access? not groups on server? seems kind of like a secuirty issue.
<veNom_bz> samba is not *for* linux networks. install what you need. nfs is my recommendation to you however. do some reading http://nfs.sourceforge.net/.
<veNom_bz> if you want a domain style system configured you'd use nis or connect to an ldap server in addition
<AtomicSpark> yes. i started playing around with open ldap server, but didn't get very far.
<ScottK> Kludge^WalesUK: Did you ever get transmission to work?
<veNom_bz> AtomicSpark, this is perhaps the best how to http://times.usefulinc.com/2005/09/25-ldap
#ubuntu-server 2008-07-16
<Kludge^WalesUK> ScottK: nope sadly not =/
<ScottK> Urgh.
<ScottK> Were the packages ok or ???
<Kludge^WalesUK> was up until 7:30am trying to get it sorted... can't remember, just so disheartened LOL
<ScottK> OK.
<ScottK> Maybe we try again later.
<ScottK> All the .debs are published on my PPA still when you want to have another go at it.
<Kludge^WalesUK> aye. been playing about with a few things today, and just want to perfect a working installation of something :) Just playing with different window managers, as WINE just under X looks a bit weird
<Kludge^WalesUK> deluge seemed quite nice, but out of all the clients rTorrent and trasmission are the most stubborn bastards
<ScottK> Kludge^WalesUK: If you can get to the point where you can tell that the transmission backport I did for you at least basically works, I can get it published as an official backport.
<Kludge^WalesUK> hmm. no idea quite what that means, but i assume its a good thing =)
<piv_> hello all,
<piv_> i have a dell poweredge that will not seem to rebuild a drive. I hot swapped one, but it will not build it
<piv_> is there something i can do without rebooting ?
<cmdln> what kind of raid is it?
<cmdln> perc?
<cmdln> lsi something or other
<cmdln> Id try using the megaraid tools
<piv_> I think raid 5
<piv_> Has 5 drives anyway ( i know that isn't what it means)
<piv_> :)
<piv_> i don't know what perc or lsi are, are they RAID controllers? how would i find out?
<cmdln> lspci
<cmdln> figure out what raid card you have
<cmdln> i havent worked with those cards much .... but you might need to load mptsas, and mptctl
<cmdln> then install mpt-status and lsiutil
<piv_> RAID bus controller: American Megatrends Inc. MegaRAID (rev 20)
<piv_> that was from lspci
<cmdln> yeh try installing mpt-status
<piv_> ok
<cmdln> i think it will tell you how many controllers are there
<cmdln> that it can work with at least
<cmdln> then find lsiutils, you can prolly use that to get the raid rebuilding
<piv_> ok, setting up mpt-status gave me an error that mptctl module is missing, is that a kernel mod?
<cmdln> yeh
<cmdln> you can just try to modprobe it
<cmdln> any pam gurus around?
<piv_> modprobe worked
<cmdln> now try mpt-status
<piv_> ioctl: no such device
<piv_> hmm
<cmdln> maybe that card needs a different tool
<cmdln> not sure
<piv_> does not seem to be a lsiutil package
<piv_> cmdln: where is a good place to look for info on this?
<piv_> google just points me to threads about how others have the same problem
<cmdln> lsiutil isnt in the repositories to my knowledge
<cmdln> ive used it on a dell server once before
<cmdln> if you find out the model of the raid card you will be closer
<cmdln> poke around lsi.com
<piv_> thanks
<cmdln> might be able to find something there
<piv_> ok
<cmdln> just depends on what card you have
<piv_> what am i looking for, how to find out what card i have?
<cmdln> i suppose
<cmdln> perhaps you can get the specifics from dell
<piv_> cmdln: thanks, am going to drive home and continue this from there, as either nephish or bitsbam
<piv_> see you in a bit
<ScottK> nxvl: You mentioned last night that you use transmission?
<nxvl> yep
<nxvl> :D
<nxvl> it comes by default on ubuntu
<nxvl> it's cool
<ScottK> nxvl: Would you mind checking that the 1.22 backport I build last night works.
<ScottK> nxvl: If it does, I figure I'll go ahead and make an official backport of it since I've done all the hard part already.
<nxvl> yep
<nxvl> i think i have some torrents on queue
<nxvl> installing
<nxvl> heh this will take some time
<nxvl> it's installing security updates
<nxvl> :P
<nxvl> kees: thank you!
<nxvl> it seems to work
 * nxvl downloads one more torrent
<ScottK> nxvl: Wouldl you please comment that it works in Bug #208836
<uvirtbot> Launchpad bug 208836 in transmission "Backport bugfixes from Transmission 1.1x for Hardy" [Medium,Triaged] https://launchpad.net/bugs/208836
<nxvl> ScottK: yep, i'm testing one more (and faster) torrent and i will comment
<nxvl> yep it work
<ScottK> Great.
<nxvl> works
<ScottK> Thanks.
 * ScottK goes to upload.
<nxvl> whenever you want
<nxvl> :D
<nxvl> btw
<nxvl> ScottK: have you seen an error like this one before: http://rafb.net/p/WdWcWi21.html
<ScottK> You didn't happen to have a non-packaged version of it installed before did you?
<nxvl> well
<nxvl> really don't know
<nxvl> i don't get the error it's a report i have just get
<nxvl> i'm figting with my debian vm to test the upgrade
<ScottK> Not sure.  There's a pycentral option for no-prepare that for some reason I think might help.  I don't recall specifics.  IIRC it's in the man page.
<nxvl> ugh i'm having problems with ftp.debian.org
<nxvl> it must be the massive dns upgrade
<ScottK> Transmission backport is uploaded.  Now we just wait for an archive admin.  Thanks for testing.
<nxvl> No, thank you for packaeging it
<nxvl> :D
<ScottK> That was 2 hours I could've been sleeping, but I have a hard time keeping my fingers off the keyboard when people are installing from source and not using the packaging system.
<nxvl> heh
<nxvl> yes
<nxvl> i experience the same
<nxvl> my daily schedule goes like this:
<nxvl> 9-5:30 -> work
<nxvl> 6:00 - 10:00 -> university
<nxvl> 10:00 - 12:00 -> girlfriend
<nxvl> 12:00 - 1:30/2:00 -> packaging
<nxvl> it's hard to say "i need to go sleep now" your eyes need to just close
<nxvl> need to reboot, kernel upgrade brb
<bitsbam> lo there all, told you i would be back. I am the one that was piv at work, trying to get a dell poweredge to rebuild a drive i just installed, and how are all you?
<nxvl> back
<bawlsac> HY
<bawlsac> I HAVE UBUNTU SERVER
<bawlsac> BUT IT DOSENT WORK
<bawlsac> WYHY UBUNTU DOSENT WORK? !!11
<ScottK> bawlsac: Yelling will get you less help not more.
<cmdln> its just a troll read the handle
<ScottK> Good point.
<ScottK> Thanks.
<cmdln> :)
<cmdln> /ignore bawlsac
<bitsbam> hey again cmdlin
<cmdln> howdy
<emgent> hhahaha
<bitsbam> i had installed a piece of software that could not find a utility.
<bitsbam> or a driver, and i couldn't find it
<bitsbam> i did find that i have an AMI raid controller
<bitsbam> i could not find anything in the ubuntu community documentation, is there an ubuntu-specific tutorial or doc that you know of that might help me get my head around how to talk to my RAID system?
<cmdln> ami is lsi
<cmdln> to my knowledge
<bitsbam> ok, lsi is the company, the driver, ?
<cmdln> the company
<bitsbam> ah, the lsi.com one. ok
<cmdln> if you find out the model of the card
<cmdln> then you can see if there is a utility
<bitsbam> ok
<bitsbam> will see what i can find
<kraut> moin
<hornyforholbach> hello
<hornyforholbach> i'm horny for holbach
<hornyforholbach> nice to meet you
<^Diablo^> question: is there a guide for getting my ubuntu server too work smooth, as when i add a user they get email, vhost ftp, and /home/user/www, this is my 3th installation this week, and i really have trouble finding the answers im looking for @ forums
<jords_> ^Diablo^: I don't know of such a guide, but for ftp I find vsftpd with the local_enable option works well. If you add files to /etc/skel, they will be copied into any new user's directory
<uvirtbot> jords_: Error: "Diablo^:" is not a valid command.
<jords_> What do you want to use /home/user/www for? If you want public html, (ie people can access files in /home/user/public_html with www.yourdomain.com/~user , then theres a apache module to do it
<jords_> Not sure about email, I use google apps for all mine
<^Diablo^> okey ty ill try that
<^Diablo^> i made /home/user/public_html, but no adress there, do i need too setup apache/module or sometihng?
<^Diablo^> apache module how where what? =), im sorry im completly new on this, i just followed howto, and didnt get what i wanted
<Deeps> if you look in /etc/apache2/mods-available
<Deeps> you should see userdir.conf and userdir.load
<Deeps> create links to those in /etc/apache2/mods-enabled and reload apache
<Deeps> you can modify them, but the default is to look in /home/*/public_html
<Deeps> and that space can be accessed through a broswer by accessing http://yourserver/~username
<^Diablo^> ah okey, how do i create a link?, or is it the a2emodenable thing?
<Deeps> oh, nice, yes, you can use a2enmod
<Deeps> nice, didnt know those existed, hehe
<Deeps> i always did it the manual way
<sergevn> uname -a
<^Diablo^> ty i now got You don't have permission to access /~user on this server...
<^Diablo^> what chomod do public_html dir need to have?
<Deeps> so alter the permissions on the directory, and/or put in an index file if you dont have the autoindex module enabled to create automatic directory listings in the place of an index file
<Deeps> 755 is usually a safe bet
<Deeps> user read/write/executable, group+world read+executable only (dirs need to be executable or you get permission denied simply trying to get into them)
<^Diablo^> i made index file set public_html too 755 still same error
<Deeps> restarted apache?
<^Diablo^> ye i did
<Deeps> try to access the file you created directly, rather than simply going to /~user
<Deeps> and ensure the permissions on that are correct (must be world readable)
<^Diablo^> index.html got -rwxr-xr-x
<exalt_> hello, I have constructed my vpn server ( pptpd) and clients are successfully connected to that server, but they can't access any other server in the domain , any help ?
<Deeps> exalt_: ip forwarding enabled?
<Deeps> exalt_: (cat /proc/sys/net/ipv4/ip_forward)
<exalt_> Deeps, hmm
<exalt_> I think I got but I'm still not sure
<exalt_> I get 0
<Deeps> yeah, that means it's not enabled
<Deeps> echo 1 > /proc/sys/net/ipv4/ip_forward
<exalt_> yes I did that
<Deeps> assuming you dont have any obtrusive firewall rules, that'll resolve it
<exalt_> where I configure
<^Diablo^> Deeps: i have tryed added new users, restarting apache but still get permission denied...
<Deeps> ^Diablo^: did you try accessing the file directly, rather than simply trying to view their root directory listing?
<uvirtbot> Deeps: Error: "Diablo^:" is not a valid command.
<Deeps> uvirtbot: ssh
<uvirtbot> Deeps: Error: "ssh" is not a valid command.
<^Diablo^> ye i did, also copyed it as index.htm and index.html
<Deeps> then look in /var/log/apache2/error.log
<Deeps> and see what pops up
<^Diablo^> there are  [error] [client 192.168.0.1] (13)Permission denied: access to /~user denied
<^Diablo^> there are  [error] [client 192.168.0.1] (13)Permission denied: access to /~user/index.htm denied
<^Diablo^> also, [notice] caught SIGWINCH, shutting down gracefully
<Deeps> do you have a user called 'user'?
<^Diablo^> yes i made for test
<exalt_> Deeps, I enabled it, but the vpn client still can't ping another machine
<Deeps> oh, hehe, does the other machine know where to route the packets back to?
<Deeps> i'm guessing your vpn server isn't the default router for the other clients on the network
<Deeps> you probably want to either update all the other clients to know that the vpn subnet goes to it
<Deeps> or update the router to know that the subnet goes to the vpn server
<exalt_> deeps, thank you , I understand  :)
<Deeps> diablo: dunno, ensure that the userdir module is actually enabled? ls /etc/apache2/mods-enabled?
<^Diablo^> yes there is /etc/apache2/mods-enable/userdir.load and userdir.conf
<^Diablo^> can i have done something wrong(again) during some installation?
<^Diablo^> should there be anything under /etc/apache2/sites-available?
<ghatak> Hi, i used binary-sparc in my source list for Gutsy, however the same is not valid for Hardy, what happened to a bunch of sources fetch http://security.ubuntu.com:5001/ubuntu/dists/hardy-security/main/binary-sparc/Packages.gz  404 Not Found
<Deeps> ghatak: http://www.ubuntu.com/getubuntu/releasenotes/804
<gp> hi
<gp> i am installing ubuntu server on HP proliant server with xeon
<gp> whuch ubuntu server i should choose 64 bit amd and intel ?
<Nafallo> yes
<gp> does ubuntu server runs fine on xeon ?
<gp> 64 bit ?
<Nafallo> yes
<gp> i heard there issues of unbuntu server 64 bit on xeon , I hope 8.04 is well tested on xeon 64 bit
<ghatak> Deeps: thanks
<gp> how can i find out on ubuntu server which release it is
<gp> Uname -a gives kernel info etc
<hads> cat /etc/lsb-release
<Deeps> lsb_release -a
<gp> thanks
<gp> also how to find its ubuntu installed is 64 bit or 32 bit edition ?
<Deeps> uname -r
<Deeps> if you're using a 64bit kernel, you're on 64bit
<Deeps> if you're on a 32bit kernel, you're on 32bit
<Deeps> (i think)
<gp> 2.6.20-15-server 32 or 64 bit ?
<Deeps> i'd put my money on it's being 32bit
<Deeps> hmm, i might be wrong about my assumptions regarding 32bit vs 64bit
<Deeps> probably am, infact
<ghatak> Deeps: I am running ubuntu 7.10, I want to upgrade to hardy, however my source list is not playing nice, lot of stuff is missing from standard repositories. by the way the this server is running on sparc hardware. Any recommendations ?
<ghatak> tail /var/log/syslog
<ghatak> ooopps wrong window
<Deeps> ghatak: mailing lists / forums / newsgroups
<gp> for 4 gb 64 bit Xeon server what should be the swap size ?
<gp> normally i take swap double of physical ram
<gp> so it should 8 gb ?
<nealmcb> gp: well, depends on the type of server - normally you don't want a server to swap
<nealmcb> but double the memory is a common choice at least for desktops
<jdstrand> hi nealmcb!
<nealmcb> jdstrand: howdy :)
<jdstrand> nealmcb: I saw your factoid comment
<nealmcb> jdstrand: do you want to cook up some text for ufw, or want me to take a stab at it?
<kirkland> jdstrand: http://people.ubuntu.com/~kirkland/search.html
<sergevn> is it possible to keep filedates when using scp?
<sergevn> nevermind, got it. -p
<mathiaz> kirkland: https://bugs.launchpad.net/bugs/105457
<uvirtbot> Launchpad bug 105457 in mysql-dfsg-5.0 "mysqd_safe high cpu usage" [Low,Triaged]
<emgent> heya
<jdstrand> nealmcb: how about: 'The firewall is managed using the 'ufw' or 'iptables' commands (see https://help.ubuntu.com/8.04/serverguide/C/firewall.html), or ...'
<nealmcb> !firewall
<ubottu> Ubuntu, like any other linux distribution, has firewall capabilities built-in. The firewall is managed using the 'iptables' command (see https://help.ubuntu.com/community/IptablesHowTo), or GUI applications such as Firestarter (Gnome) or Guarddog (KDE).
<nealmcb> !iptables
<nealmcb> hmm - interesting that ufw is in the server guide, but many folks who ask for the firewall factoid will be desktop users
<jdstrand> nealmcb: that is a good point
<nealmcb> let me take a shot at it, after a bit
<jdstrand> nealmcb: thanks!
<mathiaz> kirkland: do you have a user account on wordpress.com ?
<kirkland> mathiaz: dustinkirkland
<nealmcb> jdstrand: how about these...
<nealmcb> firewall: Ubuntu's default firewall manager is !ufw.  As with any other Linux distribution you can also use the 'iptables' command directly (see https://help.ubuntu.com/community/IptablesHowTo), or GUI applications such as Firestarter (Gnome) or Guarddog (KDE).
<nealmcb> ufw: ufw is the Uncomplicated FireWall.  It is installed by default but is initially disabled.  See https://help.ubuntu.com/8.04/serverguide/C/firewall.html
<nealmcb> hmm - don't really want to have a release-specific page reference in a factoid, I'd think
<nealmcb> and https://help.ubuntu.com/community/IptablesHowTo should also have a stable link to ufw info
<nealmcb> I think ufw deserves its own web page....
<nealmcb> sommer: is there a way to get the "latest" page for a topic in e.g. the serverguide?  or some sort of permanent link for common terms?
<nealmcb> A https://help.ubuntu.com/community/UFW page might be best
<nealmcb> or https://help.ubuntu.com/community/ufw
<sommer> nealmcb: not that I know of
<kirkland> lamont: ping
<kirkland> lamont: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/247084
<uvirtbot> Launchpad bug 247084 in bind9 "bind9 init script status_of_proc() call should use pid" [Low,In progress]
<kirkland> lamont: fyi, debian has accepted the status_of_proc() function with pidfile support
<kirkland> lamont: i dropped an updated patch for you in that bug.
<kirkland> lamont: what you have technically works, so no rush
<mathiaz> zul: nijaba https://bugs.launchpad.net/bugs/105457
<uvirtbot> Launchpad bug 105457 in mysql-dfsg-5.0 "mysqd_safe high cpu usage" [Low,Triaged]
<jdstrand> nealmcb: I like the text
<ahasenack> guys, hardy's kvm + libvirt is really slow for me in installing a new distro (dapper, in this case), is there something obvious I'm missing? The machine should be powerful enough
<ahasenack> 2.2GHz c2d, 2Gb ram
<ahasenack> I don't mean to imply it's "faster" elsewhere, it's just what I'm running here
<nealmcb> jdstrand, sommer - is one of you willing to put up a generic page somewhere for ufw?
<ahasenack> cpu usage in virt-manager is very low, as is the host cpu (clocked down to 800MHz, so the virtual machine is not even calling for more cpu)
<ahasenack> interesting, in the command line I cannot boot the dapper iso, but from the machine created with virt-manager I can
<ahasenack> ops, my mistake on that one
 * ahasenack forgot -boot d
<jdstrand> nealmcb, sommer: I certainly like the idea of a generic page, but not sure how different it would be from the one in the server guide
<ahasenack> fwiw, running it manually in the command line (kvm -hda ...) is *much* faster
<nealmcb> jdstrand: yeah - it wouldn't be much different now, but over time it would be the generic place for people to go and see differences over time, could be referred to from the README, etc.
 * nealmcb just divided by time twice - that would be an acceleration...
<PMantis> I installed JeOS 8.04 on ESX 3.5. Working well, except we need more CPUs. When I added a CPU to the VM, it broke networking. Should I use a kernel other than *-virtual ?
 * delcoyote hi
<gp> hello
<mfonz85> hi!
<mfonz85> i need a little help
<mfonz85> 1 minute only
<gp> i am getting strage ports opened at ubuntu server fresh install
<gp> Not shown: 1695 closed ports
<gp> PORT     STATE    SERVICE
<gp> 22/tcp   open     ssh
<gp> 25/tcp   filtered smtp
<gp> 80/tcp   open     http
<gp> 134/tcp  filtered ingres-net
<gp> 135/tcp  filtered msrpc
<gp> 136/tcp  filtered profile
<gp> 137/tcp  filtered netbios-ns
<gp> 138/tcp  filtered netbios-dgm
<gp> 139/tcp  filtered netbios-ssn
<gp> 445/tcp  filtered microsoft-ds
<gp> 771/tcp  filtered rtip
<gp> 1022/tcp filtered unknown
<gp> 1023/tcp filtered netvenuechat
<gp> 1434/tcp filtered ms-sql-m
<gp> 1485/tcp filtered lansource
<gp> 1720/tcp filtered H.323/Q.931
<gp> 3128/tcp filtered squid-http
<gp> 3141/tcp filtered vmodem
<gp> 3456/tcp filtered vat
<gp> is this normal ?
<jussi01> !paste
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<gp> oops
<gp> are these ports supposed to be open ?
<mfonz85> open -> ssh + http
<gp>  filtered vmodem
<gp> ?
<mfonz85> it's normal i suppose
<pteague_laptop> does anybody know if the default rsync is built with --fileflags, --acls, or iconv support ?
<jdstrand> zul, mathiaz: as it seems that bug #244411 was not caused by the security update, I am handing off to you
<uvirtbot> Launchpad bug 244411 in samba "Samba shares never work with winbind installed (8.04)" [Undecided,Confirmed] https://launchpad.net/bugs/244411
<nealmcb> gp: Filtered     means that a firewall, filter, or other network     obstacle is blocking the port so that Nmap cannot tell whether it is     open or closed.
<kees> kirkland: here's what I use for my ~/.devscripts file: http://pastebin.osuosl.org/9564
<kirkland> kees: thx
<spphreak> hello all
<spphreak> anyone setup kerrighed with ubuntu server?  I found the https://wiki.ubuntu.com/EasyUbuntuClustering link and followed the directions.  Pretty good stuff, seemed to run okay, but I don't see any nodes.
<spphreak> I'm just looking to do some SSI clustering with ubuntu.  Looked like kerrighed was my best option.
<Tophat> does anyone know how to mirror a raid server?  ive got Server1 and  I want to copy all the data over to Server2 to preform upgrades to it. so that way i have one working box at all times.
<kirkland> mathiaz: bug #249059
<uvirtbot> Launchpad bug 249059 in lsb "please merge lsb_3.2-14" [Low,In progress] https://launchpad.net/bugs/249059
<Kludge^WalesUK> anyone lurkings
<W8TAH> hi folks -- how do i enable my hardy servers to use frambuffer for the console display and how do i get the pretty colors ?
<W8TAH> also - -one further question -- what is the difference between apt-get upgrade and apt-get dist-upgrade on hardy?
<bitsbam> hello all
<Smaug> hey all
<Smaug> so in apache, i can't seem to disable sites with a2dissite anymore
<Smaug> dunno way
<Smaug> also when i try to reload apache
<Smaug> it says "* Reloading webserver config apache2" but then does not say "[OK]" like it normally does
<Smaug> any ideas on why this might be?
<Smaug> anybody?  :(
<Smaug> also, i restarted apache2, so it now says [ok] when i reload
<Kludge^WalesUK> if i was able to help out i would :(
<Smaug> but it still refuses to disable sites
<Smaug> Kludge^WalesUK: ty for the sentiment
<Smaug> if there is some alternate involved way to disable a site
<Smaug> i'll try that
<Kludge^WalesUK> i'm here to learn as much i can ;) maybe linux will learn not to hate me so much <3
<Smaug> heh
<failure> i hope this is "server specific" if i have fedora and ubuntu, and want to setup pxe with automatic handsfree installer, can  do both through the preseed method or do i have to have two servers, one running kickstart and the other using the preseed method?
<failure> being that i have both fedora and ubuntu to be installed via pxe.
<mathiaz> failure: fedora doesn't support preseed - however, ubuntu supports kickstart
 * Kludge^WalesUK cries and proceeds to stabbeth ubuntu server with a PP3 battery
#ubuntu-server 2008-07-17
<Kludge^WalesUK> anyone here to hear me whine? :P
<veNom_bz> do you need help?
<Kludge^WalesUK> yeah, i think so. Trying to get a ubuntu-server installation working virtually first so it'll be `easier` when i have a remote box
<Kludge^WalesUK> i can't get gdm & freenx to play nicely
<veNom_bz> can this help? http://ubuntuforums.org/showthread.php?t=736509&highlight=ssh+login
 * Kludge^WalesUK clix
<Kludge^WalesUK> hmm, might do, may need to add gdm as a user... will brb and see
<veNom_bz> can i ask why you're using nx for an ubuntu server.... there is no gui, gdm,window manger, xserver, what have you....?
<Kludge^WalesUK> i will have gdm running as well as and X, wine + uTorrent
<veNom_bz> mmmmm
<Kludge^WalesUK> VNC would probably be fine, but FreeNX seems so much quicker
<Kludge^WalesUK> I can't get FreeNX working `optimally` as it is, I have to use "Shadowing" mode, rather than Gnome/KDE/CDE
<Kludge^WalesUK> might see if I can just get to xinit without gdm/xfce4 installed
<veNom_bz> you can set up vnc over ssh and dial down the "data" requested with your vnc client
<Kludge^WalesUK> yeah, VNC seems a lot more reliable and risk-free right now. FreeNX NEEDS a windowing environment, and if you can't startx or xinit over SSH, you're screwed pretty much
<Kludge^WalesUK> luckily i'm virtualizing everything at the moment... A raw ubuntu server installation and an SSH client (which is what my server will have) I then SSH into the VMWare session... so its as "close as possible" to real life circumstances :)
<Kludge^WalesUK> you still about veNom_bz ?
<veNom_bz> yes
<veNom_bz> i didn't detect a question
<Kludge^WalesUK> ok, this should be a really simple question =/ but knowing my luck its not
<Kludge^WalesUK> ok, my VMWare installation i can run xinit fine... i do a whami and its kludge (correct) but when i SSH into my VMWare session i cannot xinit... i have to sudo xinit and the whoami says root =\
<veNom_bz> do you have a user with a userid of root?
<Kludge^WalesUK> no idea. but all i done over VMWare is installed SSH, the rest i've done over SSH to the bridged VMWare session.... the user when i installed it was kludge... who when i do anything administrative i still have to sudo
<Kludge^WalesUK> what'd you suggest, veNom_bz? :)
<veNom_bz> i don't think you're really root in your vm? try "id" does it return a uid of 0?
<Kludge^WalesUK> one second
<Kludge^WalesUK> kludge has a uid of 1000
<veNom_bz> no man
<veNom_bz> in the vm? that is where your problem is right, you're saying xint doesn't run with sudo in your vm correct?
<Kludge^WalesUK> in the VM you can xinit fine... but over SSH i cannot since that, ultimately, is where i'll need to xinit from
<veNom_bz> odd not a problem i've encoutered sorry. you'll need to do some searching or perhaps someone else can assist
<Kludge^WalesUK> ouch =\ thanks for trying :thumbsup:
<uvirtbot> New bug: #249273 in samba (main) "python-samba - where did it go?" [Undecided,New] https://launchpad.net/bugs/249273
<Kludge^WalesUK> anyone familiar with FreeNX or any other remote administration app (VNC?) lurking
<IBeLeeB> greetings..... anyone have any experience with format and partition of large drives? I'm trying to get a 6Tb scsi raid 5 up and running, and not having much luck.
<Dedi> my bind is up and running, but it seems not to load my zones
<uvirtbot> New bug: #249337 in postfix (main) "bash get_cword: command not found" [Undecided,New] https://launchpad.net/bugs/249337
<kraut> moin
<uvirtbot> New bug: #226891 in amavisd-new "upgrade aborts: errors encountered while processing amavisd-new" [Undecided,New] https://launchpad.net/bugs/226891
<MatBoy> [/away
<sommer> morning all
<lukehasnoname> morning
<_ruben> bah .. aparently net-snmpd doesnt have a feature to have your configuration spread over various files and use a wildcard to include them :(
<phaidros> hi, what would be a recommended way if one wants to use trac 0.11 instead of the packaged trac 0.10.4 ?
<phaidros> while: having some instances of 0.10.4 already running ..
<_ruben> phaidros: use the source package to create a proper binary package for 0.11 .. or search the web for a ready made package of 0.11 .. the binary package can then be used to upgrade your 0.10.4 install
<phaidros> _ruben: thanks, but that could break actually the dkpg repo, which should take care of all installed stuff imho ;)
<phaidros> well, not the repo, but the install of trac ..
<phaidros> so, when sooner or later, the ubuntu guys are done packaging 0.11.2 an upgrade might fail
<_ruben> 0.11.2 would replace 0.11 again
<_ruben> as long as you stick to the versioning rules, you're ok .. installing it from source for example would be far worse
<phaidros> _ruben: so to what kind of source package are you referring? tar.gz ? how to make a bin package out of it? or are you referring to .deb packages?
<phaidros> _ruben: could you point to a certain documentation?
<_ruben> sudo apt-get source trac (assuming trac is the (binary) package name)
<_ruben> lets see if i can find the docs i used
<phaidros> _ruben: apt-get source is clear, but then further I'm stumbling blind :)
<_ruben> http://www.debian.org/doc/maint-guide/ch-update.en.html
<_ruben> thats a decent starting point
<_ruben> took me some time to get my head around it aswell, but once you do its rather logical ;)
<phaidros> kewl, thanx
<ikkon> Is there a program I can use to link a few networked ubuntu computers together to make my own "supercomputer"?
<lukehasnoname> kir
<kirkland> kees: http://download.boulder.ibm.com/ibmdl/pub/software/dw/linux/l-bogosec.pdf
<kirkland> nijaba: jdstrand: dendrobates-: you might be interested too.... http://download.boulder.ibm.com/ibmdl/pub/software/dw/linux/l-bogosec.pdf
<nealmcb> kirkland: cool
<nealmcb> kirkland: how about .deb support, and packaging it?
<kirkland> nealmcb: i haven't touched it in 2+ years
<nealmcb> re: final score = 0.0494083111275749 - I think you need a bit more precision there.... :/
<kirkland> nealmcb: but jdstrand and I were just talking about it ;-)
<kirkland> nealmcb: it could easily be taught to do deb's
<jdstrand> nealmcb: heh
<kirkland> zul: http://people.ubuntu.com/~kirkland/ecryptfs-utils/
<kirkland> zul: thanks!
<srastin> I've installed libnss-ldap in Hardy Heron once and now need to change the configuration details.  When I run "sudo dpkg-reconfigure libnss-ldap" nothing happens.  Any ideas?
<sommer> srastin: you're probably looking for sudo dpkg-reconfigure ldap-auth-client
<srastin> sommer: Thanks.  I'll give it a shot in a sec.
<srastin> sommer: Nothing appears to happen when I run "sudo dpkg-reconfigure ldap-auth-client".  I'm trying to get back to the blue screens displayed in http://developer.novell.com/wiki/index.php/HOWTO:_Configure_Ubuntu_for_Active_Directory_Authentication#Accounts
<sommer> srastin: err, try sudo dpkg-reconfigure ldap-auth-config
<sommer> it's one of those
<srastin> bingo.  Thanks.  :)
<sommer> srastin: np
<sommer> srastin: if you just want AD auth you might take a look at the likewise-open package... handles all the gritty details for you :)
<srastin> I'll check it out right now.  Thanks for the recommendation.
<sommer> you're welcome
<sommer> srastin: https://help.ubuntu.com/8.04/serverguide/C/likewise-open.html  as well
<cmdln> anyone do much preseeding?
<cmdln> I cant seem to find the syntax to exclude a package when preseeding
<mathiaz> cmdln: try in #ubuntu-installer
<cmdln> thanks
<soren> kirkland: http://mirrors.kernel.org/ubuntu/pool/universe/e/etherboot/kvm-pxe_5.4.3+dfsg-0.1ubuntu2_all.deb
<emgent> people take a look http://en.emanuele-gentili.com/index.php/2008/07/17/rapache-05-is-out-go-to-test-it/
<nealmcb> emgent: several clicks in and I still don't know what rapache is - some sort of "about" would be handy
<emgent> For those who doesnât know Rapache (ra-pa-che), n. 1. a python + GTK tool that uses the SSH protocol (one day, still local right now) to manage and configure apache2 and all of its modules. GPL`d, Its goal is to provide the user with a simple interface to facilitate the work to those who want to set up a web-server in a few clicks. 2. Rapacious bird (italian: rapace)
<emgent> :)
<nealmcb> :)
<emgent> \sh: o/
<Dedi> how can i list dhcp clients?
<crackintosh> how do I go about applying software updates on a headless machine?
<crackintosh> sudo apt-get dist-upgrade
<crackintosh> ?
<crackintosh> whoops update
<Dedi> update then upgrade
<crackintosh> awesome thanks
<specialKevin> Anybody know a fix for 32bit Hardy running as a Xen Guest where networking doesn't work, 32 and 64bit Dapper run just fine as Xen guest along with Debian Etch
<specialKevin> when I looked through launchpad I saw a bunch of issues but a lot for running Hardy as the host
<Hillaballoo> hey all, I'm having a problem with VNC and KVM...everything I type is gibberish in the host OS
<Hillaballoo> aha!  None of the VNC clients work properly when run remotely from X11 on a mac
<Dedi> what mailserver is good and easy to setup for small env?
<hads> Dedi: Postfix is good
#ubuntu-server 2008-07-18
<WilDec> Does the server.iso's installer/partitioner support RAID installation? I'd think it does, but only the alternate.iso's description on the site mentions RAID ...
<JanC> WilDec: the server installer is based on the alternate installer
<WilDec> JanC: Hi. Clear, but does it include the RAID support?  desktop.iso seemingly does not ...
<WilDec> server is a smaller subset of alternate, but dunno what's "in there"
<JanC> the live CD installer doesn't, but it uses another installer
<JanC> I'm not 100% sure, but I would be surprised if the alternate desktop CD would support it and the server CD wouldn't  ã
<JanC> that wouldn't make sense
<WilDec> Heh.  I was surprised teh desktop.iso didn't!
<JanC> well, somebody would have to implement an easy to understand GUI first
<JanC> alternate/server ISOs are targetted to an  audience that already understands the RAID concept
<WilDec> RH, Centos, Opensuse all have managed to do so ... which is why I asssumed (incorrectly) that it's "there", and, now, am asking if it's "elsewhere".
<WilDec> Sounds like server probly does, but alternat certainly does.
<WilDec> only ~ 150MB diff anyway.  Time for a coffee :-)
<JanC> I doubt the RH installer GUI can explain RAID 0/1/5 to people who haven't installed an OS ever before  ;)
<WilDec> No, but it provides an "easy to understand GUI" for those who do.
<WilDec> er, have.
<JanC> there is a reason why there are several Ubuntu ISOs
<Deeps> GUI or curses text interface?
<JanC> using -desktop to install a server is probably not the best way to go
<JanC> bot maybe there should be an Ubuntu SBS ISO with GUI installer one day  ã
<WilDec> JanC: Yes "there's a reason".  And the "reason" I'm asking, is that those "reasons" aren't clear on the website.
<WilDec> And, I'm not currently trying to install a server -- just a 'minimal' install on an LVM+RAID partition plan.
<WilDec> For which I simply needed the capability to install RAID.
<WilDec> Deeps: That Q for me?
<JanC> WilDec: for "minimal" desktop installations, the -alternate ISO is probably best
<WilDec> Great. Cuz that's what I'm DL'ing :-)
<JanC> or if you're doing an install in a VM, try JeOS or the automatic image builder
<JanC> (the advantage of the -virtual kernel being that it doesn't include drivers for a lot of "real hardware"...)
<WilDec> I'll take a look eventually -- *this* install will (hopefully) be a Dom0.
<JanC> ah, Xen
<WilDec> For now, until pvops grows up.
<JanC> currently, I use kvm for virtualisation on my desktop
<WilDec> Yup, Fine for desktop.  Not so much for hot swap, migration, and pci passthrough -- yet.
<JanC> kvm supports migration
 * Kludge^WalesUK asks a stupid question; "Is it ok to `idle` here, but learn? I'm guessing yes, but I thought i'd be polite and ask" :)
<WilDec> heh.  one out of three doesn't help atm ;-)
<JanC> Kludge^WalesUK: of course that's ok!
<Kludge^WalesUK> \o/ still a bit of a n00b, but playing with ubuntu server in VMWare with a win32/64 SSH client :)
<JanC> WilDec: I'm not sure about the other 2, you'll have to check them yourself
<JanC> ;)
<WilDec> I did.  It don't.  Yet ...
<JanC> Kludge^WalesUK: vmware or other virtualisation software is good to play around (you won't break a "real" system that way)
<Kludge^WalesUK> oh yeah, that's a VERY wise choice for me, i'll soon be at the helm of a 100Mbps server. Linux doesn't (generally) seem to love me too much ;)
<JanC> and feel free to ask questions you have (but be patient to get answers, it might take some time for people to answer)
<Kludge^WalesUK> i'm doing quite well, had ScottK try and help me out with transmission and a webUI, and others with kTorrent and a webUI, but i'm kinda admitting defeat, and going with what i know... although sadly it's not "natively" linux
<JanC> eh
<JanC> I just use bittornado on my VPS  ;)
<Kludge^WalesUK> getting a cheap dedi
<JanC> bittornado + screen
<JanC> so I can access/monitor it through ssh from everywhere ã
<Kludge^WalesUK> =) my bud has been trying to (literally) break my arm into using rTorrent ;( I'm just a GUI man LOL
<JanC> IIRC rtorrent even works on many embedded hardware like routers
<Kludge^WalesUK> yup, it sure does. Although my demands i make i think i'd brick the router :(
<JanC> you know, Asus WL-500g Premium includes a bittorrent client + web admin by default  ;)
<Kludge^WalesUK> my crappy home connection of (currently) 448kbps upstream and running native Win XP SP3 on some crappy hardware, i have almost 550 torrents \o/
<JanC> lol
<Kludge^WalesUK> P4 2Ghz with 1GB of DDR266
 * JanC only uses torrents to download "Big Buck Bunny" and such  ;)
<Kludge^WalesUK> awesome \o/ wonder if you can help me out seeing as you're here, i googled yesterday but came up being just as confuzzled (very easy with me hehe)
<Kludge^WalesUK> if i want to run icecast AS root on startup, is that possible? i've got icewm running when i VNC in which is fine
<JanC> running anything as root is stupid
<hads> Maybe not init :)
<Kludge^WalesUK> icecast needs it, although i'm not sure if i can sudo it
<JanC> wel, almost anything, but certainly anything that is connected to the internet
<hads> Just being smart
<JanC> Kludge^WalesUK: I can't see any reason why icecast would need to run as root
<hads> But yes, running things as root isn't good.
<Kludge^WalesUK> me either. BRB need to add kludge to the sudoers
<hads> admin group
<Kludge^WalesUK> from what i've seen (probably wrong ;( ) i visudo and add Kludge user root with the same ALL=(ALL) ALL ?
<JanC> Kludge^WalesUK: if you need to be able to get admin rights through sudo, at the account to the admin group  ã
<JanC> s/at/add/
<Kludge^WalesUK> what'd happen if i visudo the above?
<JanC> Kludge^WalesUK: why would you risk to break your system by doing something you don't understand if there is a documented way to do things?  ;)
<Kludge^WalesUK> i like to live on the edge of a knife? :/ plus i've spent like 3 days trying to fight ubuntu :P
<hads> `sudo adduser kludge admin`
<Kludge^WalesUK> hmmm. thats much simpler ;o
<JanC> Kludge^WalesUK: well, I suggest you make a snapshot of your VM _before_ you start to experiment with visudo  ;)
<Kludge^WalesUK> LOL, i've worked on progressive snapshots. visudo was the tool chosen on this tutorial... but sudo adduser kludge admin certainly sounds a lot more polite
<JanC> but maybe first try to use Ubuntu as intended
<Kludge^WalesUK> this is going to be a remote box, so no need for an elaborate gnome/kde desktop
<JanC> Kludge^WalesUK: you'll have to log out & back in before the adduser thing will work though
<Kludge^WalesUK> sweet :D
<Kludge^WalesUK> trying not to sound too n00bish ;) google IS my friend.
<JanC> Kludge^WalesUK: there is nothing wrong with being new (but there is nothing wrong with searching the internet too, of course)
<Kludge^WalesUK> exactly ;D
<Kludge^WalesUK> JanC: is there any way to add the user AND place them in the "sudoers" file? when i useradd -m kludge then passwd kludge then login AS kludge and try sudo it complains
<hads> Umm.. what I said before?
<Kludge^WalesUK> sudo useradd kludge admin ?
<Kludge^WalesUK> because thats not workings =\
<JanC> Kludge^WalesUK: did you log out/in after that?
<Kludge^WalesUK> ahh it was adduser kludge admin
<Kludge^WalesUK> DOH!
<Kludge^WalesUK> thank god i'm just not doing this on a live box :X
<Kludge^WalesUK> would it be advisable, or is it just strictly user choice to start a VNCServer on a different `screen` than 1?
<Kludge^WalesUK> anyone lurking for a quick confirmation question?
<Kludge^WalesUK> i'd like to confirm a SAFE way of creating a vsftpd user account... last time i done this i managed to make a SYSTEM WIDE account =\
<Kludge^WalesUK> useradd -m example
<Kludge^WalesUK> passwd example ?
<hads> Safe? Don't use FTP :)
<Kludge^WalesUK> i guess, i'd be happy using SCP, but i want to share :D
<uvirtbot> New bug: #249706 in openssh (main) "ssh-copy-id fails when run with colon (:)" [Undecided,New] https://launchpad.net/bugs/249706
<kraut> moin
<sergevn> good morning
<frippz> I just noticed that two USB-disk drives that I have attached to our file server got mounted differently after a reboot. this caused some problems to be sure. is there anyway to make sure that the same disk gets mounted to the same folder?
<frippz> I'm guessing that UUID has something to with the solution
<_ruben> use UUID's indeed (instead of say /dev/whatever)
<uvirtbot> New bug: #249800 in php5 (main) "PHP 5.2.6-2ubuntu1 FTBFS missing readline.h" [Undecided,New] https://launchpad.net/bugs/249800
<_ruben> you can use the vol_id tool to get the uuid of a certain partition
<frippz> _ruben: thanks, will look into it
<dmseg> heelo, guys iam havin problems with LTSP
<uvirtbot> New bug: #249824 in bind9 (main) "[intrepid] IPv6 unusable" [Undecided,New] https://launchpad.net/bugs/249824
<pschulz01_> Evening.
<pschulz01_> Anyone here using ubuntu on powermac?
<pschulz01_> Kamping_Kaiser: Around?
<WilDec> Where @ server's installer is the option for GRUB, rather than LILO, install?  I'd read that GRUB is the default -- but apparently not, as it's insisting on, and only offering, LILO
<kirkland> nijaba: http://launchpad.net/musica
<nealmcb> WilDec: which release?  what hardware?  are you doing raid?  I seem to recall some unusual circumstances in which lilo is used
<WilDec> nealmcb: release 8.04.1. x86_64. yes on RAID.
<Kludge^WalesUK> anyone setup icecast2 by any chance? :X
<Smaug> so i'm trying to install the php5-cli package, and I'm getting a 404 not found error
<Smaug> using sudo aptitude install php5-cli
<Smaug> nvm it worked
<Smaug> had to do sudo apt-get update and  sudo apt-get upgrade first...
<dm37|Wk> ï»¿How large is a mirror of just i386 of the latest release?  I'm looking to set up a small archive mirror for testing.
<Kludge^WalesUK> anyone lurking?
 * dm37|Wk raises hand
<dm37|Wk> I won't likely be of much help, though.
<Kludge^WalesUK> hehe. Just encountered a minor problem which didnt present itself through VMWare virtualization. I think i nailed it, just got to mess about with a few things :S (potentially VERY scary)
<uvirtbot> New bug: #249881 in openldap (main) "Hardy slapd server is not supporting sasl/external authentication" [Undecided,New] https://launchpad.net/bugs/249881
<nxvl> mathiaz: around?
<tacone> what's the policy for Apache DocumentRoot in Intrepid ? debian now seems to use /srv/www/, will ubuntu stick to /var/www ? where to ask about that ?
<AtomicSpark> other distros use /srv/www/, but that just creates another folder in root. :P
<AtomicSpark> but then again var is for variable program data. so. you can see it from both points.
<Kludge^WalesUK> hey guys, just want to say a HUGE thankyou to all that've helped me out <3!!!
<Kludge^WalesUK> nxvl!
<nxvl> hi!
<Kludge^WalesUK> dudey did you help me out with some ubuntu stuffs?
<nxvl> i can try!
<patrickd> is there an easy way of getting X to work in jeos?
<Kludge^WalesUK> nxvl: no i mean DID you? :D if so thankyou so much, i have my ubuntu server up and running now (not virtually, but in hardware)
<nxvl> D:
<nxvl> :D
<nxvl> awesome!
<Kludge^WalesUK> its running icecast2 at last, goddamn some of the tutorials out there SUCK ASS!
<patrickd> yes.. yes they do
<Kludge^WalesUK> about the only thing i've done that most people would CRINGE about, is have X running LOL... but then again the window manager (not that i need one) is only amiwm or icewm
<patrickd> kludge:  which packages do you need to get X running?
<Kludge^WalesUK> uhm without a `greeter` or anything overly graphical, just xserver-xorg
<Kludge^WalesUK> i could run what i need with just that and xterm (terminal that pops up when you run xinit)
<patrickd> of course
<Kludge^WalesUK> for the window manager i'm using icewm, but think i still prefer amiwm because i'm all retro *rolls eyes*
<patrickd> I haven't tried amiwm before -- does it look like fvwm or something?
<patrickd> oh.. amiga
<patrickd> weird
<patrickd> heh.. talk about retro.  it's hosted on lysator.  That host has been around for as long as I can remember (at least since 1991)
<Kludge^WalesUK> awesome ;o
<patrickd> pre-web
<patrickd> they used to have a big ftp server
<patrickd> man I'm old
<Kludge^WalesUK> LOL! I remember scouring the aminet mirrors... god i still DO miss my amiga :'(
<Kludge^WalesUK> it was an A1230 @ 14/50Mhz with a blizzvision 8MB graphics card ;)
<patrickd> the 1230 was a hacked up 1200 with a 68030?
<Kludge^WalesUK> expansion board in the "trapdoor" slot, yeah
<Kludge^WalesUK> there was a 1230, 1240, and a huge `high end` 060 @ 50Mhz with 166Mhz PPC CPU dual processor ;)
<patrickd> I had a 1020STfm
<patrickd> one of my friends talked me into getting the ST over the Amiga
<patrickd> I did have a NeXTturbo Color though with a 68040
<patrickd> that was a nice box
<patrickd> although I guess I like my macpro more..
<tacone> what's the policy for Apache DocumentRoot in Intrepid ? debian now seems to use /srv/www/, will ubuntu stick to /var/www ? where to ask about that ?
<tacone> has any final decision have been taken ?
#ubuntu-server 2008-07-19
<JanC> tacone: I don't know about any "final decision", but I personally use /srv anyway  ;)
<tacone> JanC: that was not to setup my own server, but because I am developing something related to apache.
<patrickd> grr
<patrickd> apt-get install libgtk-dev should install the 2.0 dev libs not 1.2
<jords> Hmm... I'd like to have 2 programs listen to the same udp data sent to my server (it's netflow data, so nothing is sent back). (One program is my custom accounting system in development, and the other will be ntop for more general analysis) Obviously I can't just set both programs to bind to port 2055, but is there a iptables option to take the port 2055 input and send it to both port 2057 and 2058 (for example) which could then be
<jords> binded onto?
<Nafallo> jords: yes
<jords> Nafallo: any more hints? ;)
<Nafallo> jords: not at the moment.
<bitsbam> hello all
<bitsbam> hey if i have a server, ubuntu 8.4 , is there any reason that i should use the linux-image-server instead of the one that comes with xubuntu (what i am running now)
<zachera> How do I access files from a USB flash drive I plugged into my server?
<ph8> zachera:  If you type dmesg, you should see a series of 'successful mount' style messages, 'usb device ready' and the like, it will also tell you which device pointer it has assumed, e.g. /dev/sdd1
<ph8> then just mkdir /mnt/usbdisk && mount /dev/sdd1 /mnt/usbdisk -- replacing sdd1 with the appropriate device/partition pointer from dmesg
<ph8> dmesg will also tell you if there are any mounting irregularities
<zachera> [  247.729965] scsi 4:0:0:0: Direct-Access     SanDisk  U3 Cruzer Micro  4.05 PQ: 0 ANSI: 2
<zachera> ph8: How do I find out the device/partition pointer?
<zachera> oh shit, wait
<zachera> okay, i got something mounted.
<zachera> But, this is odd.
<zachera> There is two parts to my USB flash drive; one for auto-run and read-only files, then the actual files which I can store.
<zachera> Attached scsi generic sg4 type 5
<zachera> that's the only thing I saw similar to the pointer for the auto-run/read-only files
<ph8> hmm
<ph8> you can maybe just ls /dev | grep sd
<zachera> zachera@apollo:/mnt$ sudo mount /dev/sdb /mnt/usbdisk
<zachera> mount: you must specify the filesystem type
<ph8> and figure it out from a combination of that and the 'mount' command to see what's already mounted
<zachera> whats the file type for FAT32 ?
<zachera> -t vfat ?
<ph8> yup
<zachera> mount -t vfat ?
<zachera> it returned bad file type
<ph8> odd
<zachera> mount: wrong fs type, bad option, bad superblock on /dev/sdb,
<zachera>        missing codepage or helper program, or other error
<zachera>        In some cases useful info is found in syslog - try
<zachera>        dmesg | tail  or so
<ph8> what /dev are you using?
<ph8> ah
<ph8> /dev/sdb is the device
<zachera> ah
<ph8> whereas /dev/sdb1 is a partition on the device
<ph8> ls /dev | grep sdb
<ph8> and you should see some available numbers
<zachera> zachera@apollo:/mnt$ sudo mount -t vfat /dev/sdb1 /mnt/usbdisk
<zachera> zachera@apollo:/mnt$ cd usbdisk
<zachera> zachera@apollo:/mnt/usbdisk$ ls
<zachera> Documents  LaunchU3.exe  lighttpd.conf  my.cnf  php-cgi.ini  php.ini  System  www  zachera
<zachera> zachera@apollo:/mnt/usbdisk$
<zachera> ^_^
<uvirtbot> zachera: Error: "_^" is not a valid command.
<ph8> :-)
<zachera> It worked. :-)
<zachera> THANKS <#
<zachera> <3
<zachera> how do you move a directory
<zachera> unable to remove target: Is a directory
<hads> mv
<zachera> :|
<zachera> zachera@apollo:/mnt/usbdisk/zachera$ mv anope /home/zachera
<zachera> mv: inter-device move failed: `anope' to `/home/zachera/anope'; unable to remove target: Is a directory
<ph8> that's interesting, i'd google that one
<zachera> it moved
<zachera> but
<zachera> i guess it wont overwrite, lol, weird
<zachera> how do you delete everything but certain files
<zachera> like
<zachera> i wanna delete everything BUT jpg files
<hads> Use a for loop
<zachera> :|
<bicz> zachera: rm -rf *.jpg ?
<zachera> nope
<zachera> when files are deleted through RM... can i get them back....
<ph8> there's probably a regex way to do it that would be nice, unfortunately i don't know it
<ph8> lol
<ph8> not really, unless you use system recovery software
<bicz> zachera: write bigger file --> to full space of disk --> delete and re-make this
<ph8> that would stop you being able to retrieve right?
<hads> shred
<Deeps> shred's no good on a journaled file system
<Deeps> as you've got no guarantees that you're writing to the same data space
<hads> That's a point.
<Deeps> rm the files you want rid of, then dd if=/dev/[u]random of=myfile
<Deeps> delete myfile, do the dd again
<Deeps> delete myfile
<Deeps> and dd with /dev/zero again just for good measure
<hads> Or just use an encrypted fs to start with
<Deeps> and thats generally suitable to fuck up most software appliaitons from recoverying
<Deeps> encfs doesnt negate the need to securely delete
<hads> Well if you don't securely delete then someone may be able to recover the encrypted file yes.
<kraut> moin
<Bonfirefliz> ï»¿does anyone know how to route a single port to a specific interface?
<hads> Huh?
<Bonfirefliz> hm let me explain the situation and maybe it will make more sense
<Bonfirefliz> I have a VPN connection that all traffic is going through
<Bonfirefliz> but I want some ports to not use the vpn connection
<Bonfirefliz> and just use my raw internet connection on eth0
<Deeps> look into iptables, fwmark and ip rule
<Bonfirefliz> I think this is doable using iptables, but I have not been able to figure it out
<Deeps> using iptables mangle rules, you can apply a fw mark which you can then match using ip rule
<Bonfirefliz> Deeps, do you know where I can find a good example of this?
<Bonfirefliz> the iptables documentation that I have been looking at is a pretty difficult read
<Deeps> google
<Deeps> with the right keywords
<Deeps> there's no "easy to follow guide"
<Bonfirefliz> definitely a pain to set up
<RattX> vmware - malarky or superior alternative?
<hads> Huh?
<RattX> vmware on ubuntu any good?
<hads> I use KVM myself.
<RattX> ah, never heard of it, will read more
<RattX> vmware install a bit cludgy
<Deeps> depends on what you're trying to virualise
<Deeps> if you're only after linux based systems and have the appropriate virtualisation extentions in your cpu, kvm. if you lack the cpu extentions, xen. if you want to virtualise windows, vmware
<Deeps> (imo)
<RattX> general purpose server instances deeps (openvpn, bind, postfix) nothing hardware Deeps
<RattX> *-Deeps
<RattX> s/hardware/hardcore
<RattX> stupid keyboard
<uvirtbot> New bug: #250090 in samba (main) "winbind upgrade breaks smbusers" [Undecided,New] https://launchpad.net/bugs/250090
 * veovis What A Wonderful World - All Time The Best Hits - Louis Armstrong (xÂ«amarok)
<Bonfirefliz> ï»¿ï»¿Hi, I'm using 8.04 and I am trying to forward all traffic on a single port to go through my eth0 interface.  I have vpn turned on, so all traffic is going through the vpn tunnel -> eth0.  I want to bypass vpn for this one port.
<Bonfirefliz> ï»¿ï»¿I have been looking at the iptables documentation, but have been unable to figure this out
#ubuntu-server 2008-07-20
<godsyn> Please help. Ubuntu 2.6.24-19-server. System clock is running fast, and ntpd is setting it back many times a day.  Example : "Jul 19 15:58:00 synserv ntpd[5564]: time reset -141.725880 s". This is causing other time sensitive daemons to commit suicide. How would I find out why the system clock is fast, and ultimately resolve the issue?
<godsyn> Please help. Ubuntu 2.6.24-19-server. System clock is running fast, and ntpd is setting it back many times a day.  Example : "Jul 19 15:58:00 synserv ntpd[5564]: time reset -141.725880 s". This is causing other time sensitive daemons to commit suicide. How would I find out why the system clock is fast, and ultimately resolve the issue?
<nealmcb> godsyn: ntpd would never do that.  ntpdate would - a separate but related package
<godsyn> removing ntpdate wants me to remove ubuntu minimal :/
<nealmcb> godsyn: one guess is that you have a bad clock in your list of servers, so look at how it is configured.  ntpq -p should tell you more
<nealmcb> don't remove it - fix it
<nealmcb> but fyi ubuntu-minimal is not itself a big deal if you ever do really want to remove something that depends on i
<nealmcb> it
<nealmcb> it is a metapackage
<godsyn> what is an ideal offset for an ntp server?
<godsyn> well, I assume ideal would be 0, what is tolerable?
<nealmcb> it should get below 30, 0.5 is nice
<nealmcb> milliseconds
<godsyn> -5.009   0.774 for #1. still, doesn't account for the 141 second change.
<nealmcb> is there one that is way off?
<nealmcb> which server is it?
<godsyn> that is the most. -ntp2.your.org   216.218.254.202  2 u   42   64  377   45.960   -5.009   2.657
<godsyn> but it just changed 15 mins ago... Jul 19 20:32:44 synserv ntpd[6800]: time reset -38.871876 s
<godsyn> so it'll get worse over the next few hours.
<nealmcb> perhaps something else is setting the time
<godsyn> if so, it fails to mention in messages or daemon.log, and does it whenever it pelases.
<nealmcb> godsyn: very odd....
<nealmcb> paste the other lines of the ntpq -p output (should only be one or two)
<nealmcb> brb
<godsyn> it is a bit, but seeing as there aren't many active the spam shouldn't be too much. sec.
<godsyn>      remote           refid      st t when poll reach   delay   offset  jitter
<godsyn> ==============================================================================
<godsyn> -ntp2.your.org   216.218.254.202  2 u    6   64  377   44.885   -4.632   1.517
<godsyn> +wsip-98-172-32- 68.0.14.76       2 u   25   64  377   80.182    1.876   2.838
<godsyn> -mirror          128.118.25.3     3 u   16   64  377   39.499    2.942   0.935
<godsyn> +puttynuts.com   18.145.0.30      2 u   15   64  377   47.327   -1.202   0.918
<godsyn> *europium.canoni 193.79.237.14    2 u   33   64  377  120.256   -0.650   0.847
<godsyn> server 0.us.pool.ntp.org; server 1.us.pool.ntp.org; server 2.us.pool.ntp.org; server 3.us.pool.ntp.org; server ntp.ubuntu.com (from ntpd, enter replaced with ";" to reduce line feed spam))
<godsyn> *ntp.conf
<nealmcb> godsyn: so that looks great - they all agree within a couple ms - but what is ntpdate using as a reference?
 * nealmcb forgets how ubuntu configures that - looks in init.d
<nealmcb> what is in /etc/init.d/ntpdate?
<godsyn> 404
<nealmcb> hmm - I guessing that ntp has changed how it works since I last looked...
<godsyn> Â /etc/default/ntpdate == "NTPDATE_USE_NTP_CONF=yes; NTPSERVERS="ntp.ubuntu.com"; NTPOPTIONS="";
<nealmcb> any log info in /var/log/ntp or the like?
<godsyn> nothing conserning ntpdate. just ntp saying that it is changing the time.
<nealmcb> has this just happened twice, or for a while?
<godsyn> a while..
<godsyn> dovecot (kills itself if time changes for more than 5 secs) tipped me off about a ?week? or 2 ago.
<godsyn> today, i finially decided to research it.
<nealmcb> what is mirror?
<kaje> I've learned how to use ufw to configure my firewall. How do I set it up so that my rules will be applied when the system reboots? I think it resets to the default when it reboots.
<godsyn> I'd assume the 3rd ntp server. I'll remove it and see if it goes away.
<godsyn> well, that was dumb.. I restarted ntpd to apply the changes.. turns out the ntp servers listed above point to wherever the hell they want. ntpq -p now returns :
<godsyn>  clock1.redhat.c .CDMA.           1 u    3   64    1   63.321   -6.123   0.001
<godsyn>  ntp2.your.org   216.218.254.202  2 u    2   64    1   57.787    3.215   0.001
<godsyn>  skywagon.kjsl.c 69.36.224.15     2 u    1   64    1   75.025    2.625   0.001
<godsyn>  europium.canoni 193.79.237.14    2 u    -   64    1  132.476    6.020   0.001
<nealmcb> yeah - the pool effect
<nealmcb> sorry - that's the best I can do right now - gotta run....
<godsyn> still nothing over 7, but you can see, it is slowly getting worse..
<godsyn> thanks for the assistance!
<nealmcb> :)
<godsyn> kaje, how are you making your changes?
<kaje> ufw allow ssh
<kaje> for example
<godsyn> see /etc/ufw/*
<godsyn> ie :  /etc/ufw/before.rules
<kaje> what do I put in there? ufw allow ssh?
<Qoole> Hi there, can anyone suggest a company to buy a PXE bootable thin client from (the mini-pc variety, preferably VESA mountable)?
<Qoole> for example: http://www.norhtec.com/products/mcsr/index.html
<godsyn> oh.. kaje :
<godsyn> ufw allow ssh enable (enable / diable to enable / diable on boot)
<serafini> Trying to mount an nfs share from a hardy box with -t nfs4 is giving me the error of "Operation not permitted". Mounting it with -t nfs works fine. Could anyone point me towards why ?
<kaje> oh, it does save it between boots... nevermind. Thanks for the help
<godsyn> sef : i'm assuming that is being ran with root priviledges, right?
<godsyn> can I get the full error?
<kaje> I'm trying to use the web interface to configure my cups server, but when I go to 192.168.1.5:631, it gives me a 403 Forbidden error... Any thoughts?
<godsyn> kaje : yep, sec.
<godsyn> see /etc/cups/cupsd.conf
<godsyn> much like htaccess
<godsyn> better?
<godsyn> guess so
<linos> is there a command to type to get a listing of computers on network??  thanks inadvance
<hads> arp?
<nealmcb> linos: even for a local network there is not a foolproof one.
<nealmcb> linos: tell us more about what you're trying to do
<linos> nealmcb, I was told smbtree would work.  does that sound correct?
<hads> linos: tell us more about what you're trying to do
<nealmcb> that might tell you something about computers that are connected to a samba server, but that is a different thing
<nealmcb> but it is sort of like network neighborhood.  but other computers could be lurking
<linos> hads, well, I have a network here a home and I would like to rdesktop a windows pc from my ubuntu edgy system. so I was looking for an easy command to type to obtain the ip addresses on my network
<nealmcb> avahi is another option - zero configuration networking
<nealmcb> I use "service-discovery-applet" to find cooperative local machines
<nealmcb> but I think windows machines are less likely than macs or linux machines to be configured with avahi
<hads> DNS?
<linos> yes
<linos> nealmcb, so there really is no direct command to type to obtain all ip addresses on my local lan
<nealmcb> linos: correct - networking is a very diverse sort of thing
<linos> ok
<linos> thanks for the tip
<nealmcb> but again it depends on what you want.  you can easily configure
<nealmcb> multiple machines to cooperate with avahi to make them all easy to find
<nealmcb> but you can't count on using that to find hackers on your wifi channel etc
<nealmcb> avahi uses mdns, a form of dns
<Kludge^WalesUK> anyone lurking? =)
<exot> hello, I have installed a vpn server, and clients are successfully join the network, but they can only see the vpn server machine, the other two servers aren't accessible, any ideas ?
<Deeps> ip forwarding isn't enabled
<Deeps> and/or your routers dont know that the vpn subnet goes via the vpn server
<Deeps> so the other 2 servers get a ping from an ip that they have no specific routing for, forward it to their default router, which doesn't know that it's supposed to to the vpn server and sends it on elsewhere / bins it
<Deeps> exot: ^^
<exot> Deeps, hi hi
<exot> Deeps, u mean I should install a gateway server and vpn installed on , right ?
<Deeps> exot: no, simply that your router needs to know the route for the vpn client's ip range
<exot> hmm
<Deeps> if your network is on 192.168.0.0/24 and your vpn server on 192.168.0.200 and your vpn clients on 10.200.1.0/24
<Deeps> you'd need to tell your router that 10.200.1.0/24 is routed via 192.168.0.200
<Deeps> easiest way is to configure that as a static route
<exot> great
<exot> I got it
<exot> but regarding to the dns server
<exot> my www server make some redirections
<exot> so, I should tell the dns somehow to resolve special ip's for vpn clients
<Deeps> if you need resolution based on query ip, BIND has a feature called 'views' that would probably serve you
<exot> I see .. I will look for it
<exot> thank you really Deeps
<sigma> i installed apache, how do i release the server to the world so that people can see it from my external ip address?
<Deeps> www.portforward.com ?
<Deeps> by default apache binds to 0.0.0.0:80
<Deeps> so anyone can acccess it as long as your router/firewall permits
<Deeps> default firewall rules tends to be very relaxed too afaik
<sigma> my external ip is http://196.38.218.25, it connects but times out, whats the problem there?
<Deeps> your router or firewall isnt allowing access (didn't i say that already?)
<Cahan> anyone else had the problem of networking seemingly just failing for no explainable reason? iwconfig thinks it's still connected, but the machine cannot be reached via ping, ssh or samba share, and needs to have it's network connection reset in order to function again. (Feisty)
<danilom> hi, i need to setup a mail server (dovecot, postix, squirrelmail) and a proxy server (squid), and to login ina centralized openldap... so there is some web interface to manage openldap in ubuntu server?
<nealmcb> !ebox | danilom
<ubottu> danilom: ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<nealmcb> !ldap
<ubottu> LDAP is the Lightweight Directory Access Protocol. For more information and installation instructions, see https://help.ubuntu.com/community/OpenLDAPServer
<danilom> nealmcb, so it dont use phpldapadmin
<nealmcb> danilom: "it"?
<danilom> nealmcb, i mean ubuntu server
<nealmcb> ubuntu server offers several gui admin tools for ldap, as noted in the help link above
<danilom> nealmcb, thanks
 * nealmcb add eBox to https://help.ubuntu.com/community/OpenLDAPServer
<nealmcb> danilom: my pleasure
<nealmcb> danilom: and let us know how it works out for you and what you prefer!
<danilom> nealmcb, well im asking first, i need to install postfix, dovecot, squirrelmail, squid, samba.. and authenticate it to a openldap.. so im listening for some suggestion...
<nealmcb> run tasksel to get most of the mail stuff nicely integrated, then add stuff like squirrelmail etc
<nealmcb> but I don't know the details of getting mail using ldap - the experts like scottk may be more active during the week
<danilom> nealmcb, the thing is, after i setup all the servers with openldap... some people remain, and need to manage accounts.. but more of these people really dont know what a console is...
<nealmcb> ...getting mail *servers configured* using ldap
<danilom> so im looking for a nice interface...
<ScottK> nealmcb: I've never had to do ldap myself.  From what I've read, it's not so hard from a Postfix perspective once you get the ldap stuff set up.
<ScottK> There are quite a number of how-tos for using ldap to get valid recipients out of an Exhange box, so I suspect they'd be useful as well for a more general case.
<nealmcb> ScottK: ok.  I was wondering about using ldap for stuff like squirrelmail and dovecot also
<nealmcb> danilom: ^
 * ScottK is not the guy to ask about ldap.
<Kludge^WalesUK> heyyyyyyyyyy guys \o/
<Kludge^WalesUK> ScottK <3
 * ScottK has a project in mind that'll need it, but I haven't actually gotten to that stage yet.
<ScottK> Heya Kludge^WalesUK
<danilom> ok im reading nealmcb
<Kludge^WalesUK> howdy dudey! \o/ i has my server now. It's all up and running and was almost painless apart from a few things virtualization didn't account for :D
<nealmcb> so who are our best ldap+mail gurus?  I wonder if ispconfig does anything like that
<Kludge^WalesUK> next lil thing is trying to get a file web-server set up (done that bit) just want it to be authenticated =/
<ScottK> nealmcb: ispconfig does a LOT of things, so it's probably not the best way to figure it out.
<ScottK> nealmcb: Did sommer put anything in the server guide about it?
<Kludge^WalesUK> are you at all familiar with apache, ScottK?
<ScottK> Kludge^WalesUK: No.  I'm more of a mail server guy than a web server guy.
<nealmcb> ScottK: about ldap and mail?  I don't know.  But he's highlighted now :)
<ScottK> There are others here that are.
<ScottK> nealmcb: Yeah.  That was my intent.  We'll see.
<Kludge^WalesUK> hmm cool. I've googled for a few hours, and as far as i can see its something to do with .htpaccess and .htpasswd
<Kludge^WalesUK> I have webmin installed to see if it'd help me any, it helped a little but doesn't do what i need it to do with apache </3
 * nealmcb cheers for the ubuntu server team, where name dropping can be a good thing :)
<Kludge^WalesUK> i'm hoping to learn quite a bit here, and to eventually be able to give advice =) google IS my friend, but gugh, sometimes i've googled for 2hrs or more just to get something to work because some tutorials miss out a step that a techy would just naturally fill-in, a n00b wouldn't know theres a step missing :P
<ScottK> Kludge^WalesUK: I'd encourage you to work from the Ubuntu Server guide as much as possible and where you find such holes, report them so we can fix them.
<Kludge^WalesUK> there's a server-guide?!
<ScottK> Kludge^WalesUK: http://doc.ubuntu.com/ubuntu/serverguide/C/
 * Kludge^WalesUK clicketh
<Kludge^WalesUK> nice one! book marked and will definitely look over :D
<nealmcb> !serverguide
<ubottu> Sorry, I don't know anything about serverguide
 * nealmcb remembers he was gonna talk to sommer about that factoid - oops
<jpds> !search server
<ubottu> Found: aptproxy, ftpd, mldonkey, mda, smtp, teg, ubuntu-server, identify, torrents, compiz
 * ScottK wonders why the server guide is still stamped draft.
<jpds> !serverguide is <reply>The Ubuntu server guide may be found at http://doc.ubuntu.com/ubuntu/serverguide/C/
<ubottu> I'll remember that, jpds
<jpds> nealmcb: There you go.
<nealmcb> jpds: you rock!
<nealmcb> Kludge^WalesUK: note also the reference to the serverguide in the /topic, and many other handy things
<Kludge^WalesUK> i've been idling here for a few days, I didn't notice the topic :X maybe an ONJOIN /notice would be better noticed?
<nealmcb> !ntfs
<ubottu> To view your Windows/Mac partitions see https://help.ubuntu.com/community/AutomaticallyMountPartitions - For NTFS write access, see /msg ubottu NTFS-3g or /msg ubottu FUSE
<GodSyn_BB> Is there an "easy" way to convert from 32bit to 64bit installs? I have a couple of machines I'd like to go 64bit with 32 bit installs.
<nealmcb> ubottu: ntfs is <reply> To view your Windows/Mac partitions see https://help.ubuntu.com/community/AutomaticallyMountPartitions - For write access, see !NTFS-3g or !FUSE
<nealmcb> jpds: I guess I'm still not on the approved list, so if you want to update that one also, be by guest
<nealmcb> (since some channels use other bots like ubot3)
<nealmcb> !fuse
<ubottu> FUSE (Filesystem in Userspace) is a !kernel driver that allows non-root users to create their own filesystems. See http://en.wikipedia.org/wiki/Filesystem_in_Userspace for more on FUSE.  Some examples of filesystems that use FUSE are !ntfs-3g, sshfs and isofs. A full list of Filesystems that use FUSE is here:  http://fuse.sourceforge.net/wiki/index.php/FileSystems
<jpds> !ntfs is <reply> To view your Windows/Mac partitions see https://help.ubuntu.com/community/AutomaticallyMountPartitions - For write access, see !NTFS-3g or !FUSE
<ubottu> But ntfs already means something else!
<jpds> !no, ntfs is <reply> To view your Windows/Mac partitions see https://help.ubuntu.com/community/AutomaticallyMountPartitions - For write access, see !NTFS-3g or !FUSE
<ubottu> I'll remember that jpds
<nealmcb> :)
<GodSyn_BB> going to assume noone knows of a way. Thanks anyways.
<nealmcb> GodSyn_BB: I doubt it
<GodSyn_BB> was afraid of that.
<nealmcb> except remembering packages via dpkg --get-selections for remembering packages etc
<jpds> /13
 * nealmcb wonders about easy ways to sync changes from /etc - and whether any packages have configs that differ between 32 and 64 bit
 * delcoyote hi
<Kludge^WalesUK> anyone adept with apache about? =)
<nealmcb> Kludge^WalesUK: You'll rarely hear a response to that sort of question here, as discussed in the Guide to asking questions on IRC.  Just ask your question.  (And I find sometimes that just forcing myself to actually ask a good question leads me to find out the answer myself)
<nealmcb> (see /topic again)
<Kludge^WalesUK> okie. i'll re-read, thankies
<Cahan> anyone else had the problem of networking seemingly just failing for no explainable reason? iwconfig thinks it's still connected, but the machine cannot be reached via ping, ssh or samba share, and needs to have it's network connection reset in order to function again. (Feisty)
<Dedi> seems compression does not work even its enabled in the backuppc config, anyone any ideas?
<will01> is it possible to run an ftp server over port 110?
<hads> Anything is possible
<Kludge^WalesUK> i have a really serious problem, my /var/logs are 2.2GB, including kernel log of like 700MB. I'm currently locked out even over SSH. the / is 100% full, and the swap is 72% full... Can i safely reboot? =/
<hads> Quite possibly not. If / is full bad things will happen.
<Kludge^WalesUK> i have no idea what's been writing such huge logfiles. I'm thinking its the "monitoring" function of my OVH manager
<hads> Running mysql?
<Kludge^WalesUK> no, i think i was trying to install that and it failed... to the point eventually i got a message that the device was full =/
<Kludge^WalesUK> what exactly is likely to happen if i issue a "hard reboot" nothing is responding, not the httpd SSH, or VNC
<hads> Unsure, you may need console access to access to bring it back up.
<phaidros> where would one best request a backport of an intrepid package to hardy?
#ubuntu-server 2009-07-13
<gletob> Yes
<gletob> billybigrigger_, yes why?
<billybigrigger_> is it installing?
<billybigrigger_> 9.04 wouldn't install on my old p 166mhz, isolinux was giving me problems, i had to eventually do a netboot, but if you got to the installer you got farther than me
<gletob> It's at 22% Loading additional components
<billybigrigger_> you should be good to go then
<gletob> Uh oh! Bad burn! "There was a problem reading data from the CD-ROM.
<gletob> "
<Pirate_Hunter> how do i find my domain, setting up ISPConfig?
<quentusrex> Is anyone here familiar with x509 certs?
<hggdh> quentusrex: shoot
<quentusrex> hggdh: ok, I have had major issues with my certs for over a week... Everything I do to diagnose the issue is fruitless....
<quentusrex> I use TinyCA2 to manage my x509 certs.
<quentusrex> It has worked well for apache, openvpn, and a few other apps.
<quentusrex> But it flat out will not work with openldap
<hggdh> quentusrex: so you have your own private CA
<quentusrex> yes.
<hggdh> so far so good
<hggdh> what happens with LDAP?
<quentusrex> I have confirmed the issue is with MY certs, because I can generate local certs and it works fine.
<quentusrex> here is the bug: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/398366
<hggdh> hold on. what is the difference between "MY certs" and "local certs"?
<uvirtbot> Launchpad bug 398366 in openldap "Certs generated with TinyCA2 and openssl cause errors in openldap and gnutls" [Undecided,New]
<quentusrex> hggdh: I have my real certs,
<quentusrex> generated on my workstation, and I have fake certs generated locally on the server.
<quentusrex> my workstation, and the backups are responsible for generating the companies certs.
<hggdh> oh, OK. My certs == officially issued certs
<quentusrex> we can use real and fake
<quentusrex> to describe them...
<quentusrex> real ones = fail to start, fake ones work just fine.
<quentusrex> I have tried on both ubuntu 8.04 and 9.04 versions of openldap
<quentusrex> I can recreate the issue by creating a new fake CA on my workstation, and it still fails.
<hggdh> OK. Have you checked the certs for similar options -- for starter, by 'openssl x509 -text -in a.cert.file
<hggdh> and comparing both real and fake for differing options
<quentusrex> so, it's either something with the way TinyCA2 generates certs(but doesn't effect openvpn or apache), or I have forgotten a step and repeatedly miss the same step in the cert generation.
<quentusrex> I'll check...
<hggdh> as far as I can remember, TinyCA2 uses openssl to actually do the work
<ScottK> It does.
 * hggdh also uses tinyca2, but no ldap
<infinity> quentusrex: Well, OpenVPN and Apache both use openssl, while openldap uses gnutls, so it's entirely possible that the way TinyCA2 is doing the reqs is just missing a field (or something) that OpenSSL is forgiving about, but gnutls is grumpy about.
<ScottK> Pretty much all the CA packages are front ends for openssl.
<quentusrex> Right, I am aware that tinyCA2 uses openssl, and openldap uses gnutls,
<quentusrex> but I'm unable to figure out which field causes the issues...
<hggdh> yes. TLS is also more picky on the options you specify
<hggdh> what would work on SSL may fail on TLS
<quentusrex> but I have tls setup with openvpn
<quentusrex> and it works.
<infinity> quentusrex: Well, as suggested, you should compare the text dump of the "real" and "fake" certs, and go from there.
<infinity> quentusrex: Anything "different" is suspect.
<pixlbox> need help installing joomla
<hggdh> for example, when you specify Netscape options, and do them wrong. SSL wouls swallow them, TLS will spit them out
<quentusrex> infinity: can you suggest a command to dump all the cert info? (I have a command, but I've been stuck for a week. So I might be using the wrong one...)
<hggdh> the easy way: openssl x509 -text -in <PEM>
<hggdh> just the public cert, no private key here
<quentusrex> right
<quentusrex> everything that openldap seems to say, points to the issue being with the cacert,
<quentusrex> but there is almost no documentation and even less info on the actual error...
<quentusrex> just says tls fails with error code -1
<infinity> Are you doing chain bundling?
<quentusrex> I have one CA, and that is the only thing signing the certs.
<quentusrex> only two levels, no sub CA's.
<hggdh> quentusrex: if a real and a fake cert are the, er, same, and one works and one not, then there is something different on them
<hggdh> you can also dump ASN1 (and I do not remember the opessl command for that, but it is there) the certs. Be prepared to get some sore eyes.
<quentusrex> hggdh: I have compared the two certs
<quentusrex> there are many more fields filled out with the tinyca2 ones...
<quentusrex> the real ones.
<quentusrex> the fake ones have almost no fields set...
<hggdh> so now you have a start
<hggdh> they *are* different
<quentusrex> is there a way to diff them by fields?
<hggdh> no, not really. You will have to do it by hand
<infinity> Don't forget content of the fields.
<infinity> You may have characters gnutls is unhappy with, who knows?
<quentusrex> ok...
<infinity> Maybe you're breaking an RFC, which openssl is notorious for not caring about. :P
<quentusrex> this will be 'fun'
<quentusrex> check this out:
<quentusrex> Certificate:
<quentusrex>     Data:
<quentusrex>         Version: 1 (0x0)
<quentusrex> vs
<quentusrex> Certificate:
<quentusrex>     Data:
<quentusrex>         Version: 3 (0x2)
<infinity> (openssl is the most liberally forgiving software in the world when it comes to sloppy input, which explains why your certs are happy with openssl-using apps, but not gnutls)
<quentusrex> real one is version 3
<quentusrex> great... so now I have to regen all my certs to make gnutls happy.... :(
<hggdh> wow, from V1 to V3... how old is this V1 cert?
<quentusrex> I just generated it with openssl
<quentusrex> that's the fake one that works.
<infinity> V1 is the default with an openssl req with no options, IIRC.
<infinity> But gnutls should be happy with V3, I suspect that's a red herring.
<quentusrex> is there a paste bin that you prefer?
<quentusrex> I'll paste the cert dumps
<infinity> ubuntu.com
<hggdh> yes, it would be good
<infinity> http://pastebin.ubuntu.com/ even
<hggdh> pastebin.ubuntu.com
<quentusrex> http://paste.ubuntu.com/216539/
<quentusrex> those are both the cacerts.
<quentusrex> I hadn't considered that the problem could be with a field in the cert
<quentusrex> I thought it had something to do with corruptions, or not actually being signed or something... but all the verify commands I could find passed.
<hggdh> quentusrex: what time is it now at your locale?
<quentusrex> 5:30
<quentusrex> west coast, USA
<hggdh> of July 12th, right?
<quentusrex> right
<quentusrex> lol
<quentusrex> I see an issue... :)
<hggdh> look at the Not Before timestamps
<quentusrex> right, but the real one you're looking at was just generated to pose as the real one
<quentusrex> both generated with tinyca2 and both fail for the same reasons.
<quentusrex> Just with random information in there
<infinity> Well, does the real real one have that same timestamp? :)
<quentusrex> nope
<hggdh> yes. The point is both of these should *NOT* be valid to begin with
<quentusrex> it was generated in March of 07
<quentusrex> wait,
<quentusrex> that is GMT
<quentusrex> I'm -8 from there.
<quentusrex> so it is valid.
<hggdh> indeed
<hggdh> so a red herring
<quentusrex> yup
<quentusrex> :)
<quentusrex> I'd rather have false positives that turn out to be red herrings, than a false negative and never get a working ldap server... :(
<quentusrex> I'm working on a script that will allow me to tweak the cert generation parameters
<hggdh> OK. Next one. fake one that works has a 1024 key, real one that fails has a 4096 key. Have you tried a fake one with 4096?
<quentusrex> and test it on an openldap server
<quentusrex> yup, and a real one with 1024
<quentusrex> red herring.
<hggdh> OK
<hggdh> quentusrex: the real one is a CA cert
<hggdh> I thought it was an user cert
<hggdh> like the first one
<quentusrex> both should be ca certs
<quentusrex> hmm....
<quentusrex> you're right...
<hggdh> first one should be refused, it does not have 'CA: True" critical constraint
<quentusrex> that's right... I've been using a self signed cert for the fake ones, thinking I had built ca certs.
<infinity> quentusrex: So, some random googling suggests that you need to tell openldap where to find the path to the CA cert.
<quentusrex> brb afk
<quentusrex> infinity: I do, I specify it.
<quentusrex> I think my test case is wrong...
<quentusrex> brb though...
<infinity> quentusrex: Have you run slapd in debug mode (slapd -d -1) to see if it's any more useful?
<quentusrex_> back
<quentusrex_> had to change computers for a moment
<infinity> quentusrex: Have you run slapd in debug mode (slapd -d -1) to see if it's any more useful?
<quentusrex_> infinity, I tried that, but I did not get anything more from it
<quentusrex_> the same one line error. failed to start tls, with the error code -1
<infinity> And I'll assume, since you have a testcase and all, that it's not file permissions?
<quentusrex_> nope, not file permission problem
<quentusrex_> but we've just proved that my test case was flawed.
<quentusrex_> I am not sure I was actually generating a ca cert,
<quentusrex_> but possibly a self signed cert,
<hggdh> well, if you were using the CA cert as an LDAP "user" cert, then ldap would most probably barf
<quentusrex_> so it could have been working because the cert was self signed it didn't need to look for the CA, so it didn't run into the same issue.
<quentusrex_> nope, not an ldap user cert. as the server cert.
<quentusrex_> the ldap server has nothing but default data in it...
<hggdh> yes, server cert == user cert; there are CA certs, and "user" certs
<infinity> Yeah, you need both here in your case...
<infinity> TLSCertificateFile /etc/openldap/currentcert.pem
<infinity> TLSCertificateKeyFile /etc/openldap/currentkey.pem
<infinity> TLSCACertificateFile /etc/openldap/demoCA/cacert.pem
<hggdh> you do not usually run *ON* a CA cert. You deploy a cert signed by the CA
<infinity> The last one needs to be your CA, the first two are the server "user" cert.
<quentusrex_> hggdh, right. that is what I'm doing.
<quentusrex_> but you have to distribute the ca cert along with the client cert and key
<quentusrex_> for tls.
<hggdh> yes, you always have to distribute the CA certs.
<hggdh> or, better saying, the real user should check on the CA cert, ideally out-of-band
<infinity> Yes.  Lots of software out there explodes when you try to use "chained" certs, which is what I was driving at before.
<hggdh> so. when you put the real CA cert (the one in the pastebin) as TLSCACertFile it fails
<infinity> (ie: when your CA is bundled in the cert, rather than being an out-of-band check)
<hggdh> but, when you put the real CA in the TLSCACertFile, you have to change the TLSCertFile accordingly. Did you do it?
 * hggdh BTW asks for pardon on asking dumb questions, but one needs to be sure...
<quentusrex_> yes, I did that... I think I'm on to something...
<quentusrex_> I changed the order of the cert file includes.
<quentusrex_> it changed the error code...
<quentusrex_> if the CAcert line isn't first the error is -34
<quentusrex_> with ca cert first it's -1
<quentusrex_> I finally get an interesting error message:
<quentusrex_>  gnutls-serv --x509keyfile ./ssl/server.pem --x509certfile ./ssl/server.pem
<quentusrex_> Set static Diffie Hellman parameters, consider --dhparams.
<quentusrex_> Error reading './ssl/server.pem' or './ssl/server.pem'
<quentusrex_> Error: Base64 decoding error.
<quentusrex_> I get this when I install gnutls-bin
<quentusrex_> and run that first line....
<JordiGH> Got a problem with two Ubuntu boxen not being able to relay email to one another.
<JordiGH> The problem: http://erxz.com/pb/18721
<JordiGH> web2 is running exim4. I am guessing I need to tweak stuff in web2's exim.conf, but I don't know what.
<quentusrex_> hggdh and inifinity, you were right. It's a bad header.
<quentusrex_> with the real keys I get this error:  gnutls-serv --x509keyfile ./key.pem --x509certfile ./cert.pem
<quentusrex_> Set static Diffie Hellman parameters, consider --dhparams.
<quentusrex_> Error reading './cert.pem' or './key.pem'
<quentusrex_> Error: Base64 unexpected header error.
<quentusrex_> Now, if only there were a way to find how which header..
<ScottK> JordiGH: You need to authorize the other one to relay mail.  I could tell you how for Postfix, but Exim, I have no idea.
<JordiGH> ScottK: Yeah, I have "host_accept_relay = 127.0.0.1 : ::::1 : 192.168.1.0/24" in exim.conf, which seems a bit cryptic.
<ScottK> JordiGH: I'd try adding the IP of the other mail server to that.
<JordiGH> ScottK: You mean the specific one instead of the netmasked IP network?
<ScottK> JordiGH: Is it in 192.168.1.0/24?
<JordiGH> web4 from which I telnetted is 192.168.1.248
<ScottK> OK, then I'm confused.  I'd have expected that to work.
 * ScottK looks around for someone who knows something about Exim.
<JordiGH> Unless those streams of colons don't do what I expect them to.
<infinity> JordiGH: The stream of colons is the IPv6 localhost.
<infinity> JordiGH: Are you using exim's split config, or monolithic?
<infinity> JordiGH: (Maybe you edited the monolithic config, but you're actually using split?)
<twb> ScottK: #debian is full of exim weenies :-)
<ScottK> Yet another reason not to go there.
<JordiGH> Hey, I'm a Debian weenie. :-(
<twb> You have to tiptoe around them
<infinity> JordiGH: Also, if this is exim4, I suspect you want "relay_from_hosts", not "host_accept_relay"
<JordiGH> infinity: /etc/exim only has exim.conf and exim.conf.0
<twb> ScottK: having said that, IME #debian (on OFTC, at least) is more helpful than #ubuntu.
<ScottK> Well I don't go there either.
<twb> #ubuntu is like a preschool full of screaming toddlers trying to configure compiz
<infinity> JordiGH: Eww, and no it's not, you're using exim3... Stop that. :)
<JordiGH> infinity: dapper drake.
<twb> JordiGH: remind us why postfix isn't allowed?
<infinity> JordiGH: exim4 is on dapper.
<infinity> JordiGH: exim3 is in universe and entirely unsupported, no?
<JordiGH> Ah, you're right, exim4 is available.
<JordiGH> twb: It isn't unallowed. You want me to use it instead?
<infinity> twb: Don't get into an MTA flamewar. :P
<infinity> twb: We support both for a reason.
<twb> Eh, sorry.
<twb> I should have added a ";-)"
<JordiGH> I really have no preference.
<ScottK> The reason being infinity likes Exim.
<ScottK> ;-)
<infinity> ScottK: And elmo. :P
<ScottK> That too
<JordiGH> MTAs are like toasters to me. They should toast, and exactly how they toast and which one should toast, I don't really care.
<twb> JordiGH: then probably best to use whatever people around here will provide support for.
<infinity> JordiGH: Anyhow.  exim4 should "just work" when you configure it out of the box.
<infinity> JordiGH: Alternately, switch to postfix, which will also "just work" when configured with the help of people like twb.
<JordiGH> infinity: alright... it's a debconf config, right? At least it is in Debian.
<infinity> JordiGH: I couldn't care less what anyone other than me uses. :)
<infinity> JordiGH: Same as the Debian debconf config, yeah.
<JordiGH> Hmmm... alright, what do I want here? I already don't know what to answer for the first question.
<JordiGH> internet site?
<infinity> Yes.
<JordiGH> convert exim v3 config?
<JordiGH> Okay, internet site.
<twb> I don't provide support for postfix, either.  HAND.
<quentusrex_> hggdh, alright. I've build the test system for the fake certs. I'm actually useing ca certs now...
<quentusrex_> hggdh Any guess as to which of the headers are more likely to cause problems?
<JordiGH> Man, SMTP sounds like LOLcatese to me.
<JordiGH> "HELO web2"
<JordiGH> "Why, hello there, web5".
<JordiGH> "MAIL FROM: <jordigh@gmail.com>"
<JordiGH> "Ah, yes, I see, and who is the recipient?"
<JordiGH> "RCPT TO: <jordigh@gmail.com>"
<JordiGH> "I'm afraid I can't let you do that, Bob..."
<JordiGH> etc
<JordiGH> Alright, so is the default the monolithic or the modular exim4 config?
<infinity> No idea anymore.  It used to be a debconf question, I suspect someone's nixed it.
<infinity> Probably defaults to monolithic now to avoid upstream getting grumpy about stupid Debian users and their bad bug reports.
<infinity> (I use split)
<infinity> JordiGH: If you have an exim.conf in /etc/exim4, you're using monolithic.  If not, it's in /var/lib/exim4, and you're using split.
<JordiGH> I have a exim.conf.template...
<infinity> grep dc_use_split_config /etc/exim4/update-exim4.conf.conf
<infinity> (I knew it was a debconf question)
<infinity> Must just have not been shown at your priority.
<infinity> JordiGH: Anyhow, assuming you're using split, just edit dc_relay_nets in /etc/exim4/update-exim4.conf.conf, re-run "update-exim4.config", and restart exim.
<JordiGH> infinity: It is a debconf question, but wasn't asked at install. It's asked with dpkg-reconfigure, though.
<infinity> JordiGH: That's because dpkg-reconfigure defaults to priority=low
<infinity> JordiGH: Your system's probably set to high or critical.
<JordiGH> Hm... it still thinks that relaying to gmail.com is prohibited.
<infinity> Seriously?
<JordiGH> Yeah, identical SMTP session. :-/
<JordiGH> http://erxz.com/pb/18721
<infinity> http://pastebin.ubuntu.com/
<infinity> That's with lucifer's IP (174.0.107.159/32) in dc_relay_nets
<JordiGH> Wait, I think I had the wrong answer..
<JordiGH> "Domains to relay mail for" that should be *, right?
<infinity> Wow, linking the paste would have been helpful there to prove my point. :P
<infinity> http://pastebin.ubuntu.com/216565/
<infinity> No!
<infinity> No, no, no.
<infinity> * would be an open relay.
<infinity> You only relay for the domains you accept mail for as an MX.
<infinity> Whereas the relaying you want is allowing privileged hosts to relay through you.
<JordiGH> What's the difference between "domains to relay mail for" and "machines to relay mail for"?
<infinity> "machines" is what turns into "relay_nets".
<infinity> Machines is who you will accept mail FROM, to send to anywhere.
<infinity> Domains is who you will accept mail TO, from anywhere.
<infinity> If you're not a secondary MX, relay_domains should be empty.
<infinity> (usually)
<JordiGH> Uhhhh...
<infinity> JordiGH: Here's a simple config: http://pastebin.ubuntu.com/216566/
<JordiGH> Okay, so I did tell debconf to use monolithic config.
<infinity> JordiGH: It accepts mail for all those domains listed, it doesn't forward/relay mail for any other domains, and it accepts mail to ANYWHERE from the IPs listed.
<infinity> JordiGH: (Of course, mine's a split config, so translate as required)
<JordiGH> infinity: Kay... dc_other_hostnames is the machines from which I accept incoming SMTP connections?
<JordiGH> infinity: dc_relay_domains is blank because those machines can send anywhere in the world, right?
<infinity> JordiGH: other_hostnames is all the hostnames/domains that you accept mail FOR.
<infinity> JordiGH: So, my config accepts mail for loki.0c3.net, szeretlek.net, etc...
<infinity> JordiGH: (By default, you'd only accept mail for you actual hostname, without that line there)
<JordiGH> infinity: Oh, so I can't email gmail.com from your machine?
<infinity> JordiGH: But that's for local delivery.
<infinity> JordiGH: You can email gmail.com from my machine if you're listed in relay_nets.
<infinity> JordiGH: relay_nets defines the people who are allowed to send mail ANYWHERE.
<JordiGH> Ah, ok, ok...
<infinity> JordiGH: Anyone not in that list can only send mail to other_hostnames and relay_domains.
<JordiGH> lessee..
<infinity> JordiGH: Note that while the options have different names (obviously), every MTA has this exact concept.  You're filtering on two sets:  "People who can send mail to anyone", and "Anyone can send mail to a specific small set of addresses".
<JordiGH> infinity: Interesting.
<twb> !release
<ubottu> Ubuntu releases a new version every 6 months. Each version is supported for 18 months to 5 years. More info at http://www.ubuntu.com/ubuntu/releases & http://wiki.ubuntu.com/TimeBasedReleases
<twb> !eol
<ubottu> End-Of-Life is the time when security updates for an Ubuntu release stop. See https://wiki.ubuntu.com/Releases
<JordiGH> Yes, I know DD is dead.
<JordiGH> So is my website, kinda, but not because of DD.
<twb> JordiGH: sorry, that was for me.
<twb> I was too lazy to /msg ubotu, sorrry.
<ScottK> Dapper is not dead for this channel, just weaklings who need X.
<ScottK> Actually my desktop is still Dapper.  I haven't ever bothered to upgrade it.
<JordiGH> infinity: http://pastebin.ubuntu.com/216574/
<JordiGH> infinity: Still full of fail. :-(
<infinity> JordiGH: You're running update-exim4.conf and restarting exim after changes, right?
<JordiGH> infinity: ayup. "/etc/init.d/exim4 restart"
<ajmitch> ScottK: you're even worse than me
<twb> My laptop runs Sid because otherwise how can I test that my bugs have ACTUALLY been fixed when maintainers close them? ;-)
<infinity> JordiGH: Oh, but you're still not using split config either.
<infinity> JordiGH: So, editing that probably doesn't buy you much.
<infinity> JordiGH: (Just find relay_from_hosts in your actual config and edit it)
<ScottK> ajmitch: The smaller the computer it seems the newer I use.  Desktop is Dapper, laptop is Jaunty, netbook is Karmic.
<JordiGH> infinity: How about I just use a split config?
 * JordiGH doubts it makes a difference, but whatever.
<infinity> JordiGH: Up to you. :)
 * infinity needs to run off.
<infinity> JordiGH: Ultimately, however you do it, you need exim to think that network is in relay_nets, and you win.
<slestak> n external python package?  I am having import name resolution problems and dont see what is accuring
<slestak> netbook ate my first line
<slestak> is /usr/local/lib/python2.6/dist-packages/ a typical location for an external package?
<JordiGH> /usr/local is stuff not managed by dpkg.
<slestak> i used the modules setup.py
<slestak> it is not in apt
<ScottK> slestak: More likely site-packages, but that may be OK.
<ScottK> slestak: import sys and then print sys.path to see if it's in your path.
<slestak> ScottK: good idea
<slestak> ScottK: last key in path is '/usr/local/lib/python2.6/dist-packages'
<ScottK> Then that should be a fine location.
<slestak> every .py in examples for package xlwt fails with the same error
<slestak>   File "/usr/local/lib/python2.6/dist-packages/xlwt/Worksheet.py", line 52, in __init__
<slestak>     self.Row = Row.Row
<slestak> AttributeError: 'module' object has no attribute 'Row'
<slestak> Row.py is on the dir, and it has a class name Row
<ScottK> Try to append xlwt to sys.path
<slestak> where is that adjusted?
<ScottK> slestak: FYI, xlwt is packaged in Karmic, so you could ask for a backport of the package for whatever release you're using.
<slestak> im supposed to present this at a PUG tomorrow :)
<ScottK> slestak: It's something like sys.path.append("pathyouwanttoadd")
<slestak> dont think backport will be quick enough
<ScottK> slestak: What release are you using?
<slestak> im about the least exp guy in the group
<slestak> 9.04
<ScottK> slestak: What timezone are you in?
<slestak> EST
<JordiGH> infinity: If you're still there, the problem was that exim3 was still running even though I removed the package and /etc/init.d/exim stop didn't stop the daemon either. I killdashnined the process and restarted exim4 and now it works.
<JordiGH> WTF.
 * JordiGH has spent maybe 4 hours on this today.
<ScottK> slestak: If you don't get it figured out tonight, we can probably manage a backport in the morning.
 * ScottK would likely have to mangle some rules to get it done tongiht.
<slestak> that would be awesome.  i used pyExcelerator, maybe I should just present that, its in Jaunty.  I just know xlwt and xlrd have replaced it
<JordiGH> When is sysadmin day? I think I'm gonna demand lots of ice cream for it.
<ScottK> JordiGH: sysadmin day is on the horizon.
<slestak> bofh day?
<JordiGH> Good.
 * JordiGH wonders if he could also demand sexual favours on July 31st.
<slestak> lo0l
<JordiGH> Interesting sysadmin day is the day before my birthday.
<ScottK> The horizon being an imaginary place you can walk towards, but never reach.
<JordiGH> It's actually in a few weeks.
<ScottK> JordiGH: This is probably going to sound silly to you, but we work very hard here to create an environment where everyone will be confortable, so it's not a huge deal, but talking about demanding sexual favors probably isn't the best idea for here.
<slestak> ScottK: I'll try it on another workstation, see if it is consistent
<JordiGH> I guess sex is going to make someone uncomfortable.
<JordiGH> Fine, fine.
<ScottK> slestak: sys.path.append("/usr/local/lib/python2.6/dist-packages/xlwt/")
<slestak> ScottK: i just installed pyExclearator from repo. it works fine.  xlwt is a fork, so I'll just explain that the package imshowing is a lottledated
<slestak> i can wait for karmic
<ScottK> slestak: OK.  I'd try sys.path.append
<slestak> but that will not help me when running a .py in bash?
<slestak> or can i run the exampkles easily from the python shell, after touching up sys.path?
<ScottK> Or edit the start of the example to do it for you.
<slestak> no joy
<slestak> I alsotried adding from xlwt.Row import *
<slestak> well, im done for the night, thx for the help
<quentusrex> hggdh: ScottK: infinity: are you still around?
<quentusrex> I've narrowed the limitations for gnutls...
<ScottK> Maybe.
<quentusrex> I've removed almost all of the cert attributes
<quentusrex> down to the fewest
<quentusrex> but gnutls still can't handle it...
<ScottK> Can gnutls generate certs like openssl does?
<ScottK> If it can, maybe generate a cert from it and see what's in it.
<zpotonaator> hey, can anybody tell me wher's the default logrotate conf for mail.log, currently it's rotating between 06:0 -07:00
<zpotonaator> and only keeping 6 days of log
<zpotonaator> but mail.log is not defined for logrotate to rotate
<zpotonaator> found the solution, it's sysklogd that's rotating the logs by default, /etc/cron.daily/sysklogd, not logrotate
<_ruben> which is a nice default solution, but very managable in the long run, imo
<_ruben> add "not" somewhere in that line :)
<zpotonaator> :P
<Daviey> Hi, Can someone sponser an apache related SRU for Hardy to -proposed for me?
<Daviey> bug #394696
<uvirtbot> Launchpad bug 394696 in apache2-mpm-itk "Please rebuild apache2-mpm-itk [Hardy] to handle updated apache source" [High,Confirmed] https://launchpad.net/bugs/394696
<j0nr> Hi all... running spamd seems to be a none starter for me on my 256MB RAM server. Is there any other ways to begin to control spam thats not too heavy on RAM? thanks
<henkjan_> j0nr: greylisting
<_ruben> tho from what i've read, greylisting is becoming less effective rapidly
<_ruben> rbl checks remain fairly effective
<_ruben> or just upgrade the server :)
<RoyK> I use greylisting and the built-in bayes-filter in OS X mail. The greyfiltering takes out some 90-95% or so and most of the rest is taken by the OS X mailfilter
<RoyK> s/mailfilter/spamfilter/
<Daviey> j0nr: Or switch to a VPS provider that provides a spamd server :)
 * Daviey knows of at least two in the UK that does this.
<j0nr> Daviey: maybe they do... I will enquire
 * j0nr is googleing greylisting
<j0nr> postgrey?
<_ruben> that's one implementation of it, yes
 * Daviey uses postgrey.. Doesn't stop that much tbh.. Mainly due to alias email addresses which formward to my smtp server
<Daviey> j0nr: What sort of mail volume do you have?
<j0nr> Daviey: very little... but enough to want some sort of spam filter... (i dont need a male member enlargement!)
<j0nr> probably <50 a day unwanted emails
<Daviey> j0nr: How many mails in total?
<j0nr> < 60 probably a day inc. spam (
<j0nr> oh actaully.. i am on ubuntu-uk mailing list so more
<Daviey> j0nr: It's just that i have a dedicated spamd server in the same datacentre..  You can use it for a while?
<j0nr> still probably <100
<j0nr> what datacentre?
<Daviey> The same one as you :)
<Nafallo> Daviey: what data centre?
<j0nr> Daviey: oo sounds good....
<j0nr> what are implications?
<Daviey> Nafallo: RHC North
<Sarthor> Hi, there was 2 lan cards in my ubuntu 9.04 i386, (eth0, eth1), i removed one lan card and put other, now my linux gave the name as eth2 to the new lan card, How can i change this eth2, back to eth1,
<Nafallo> Daviey: doesn't sound like London...
<Daviey> Nafallo: Oh, Is it only London that had datacentres? :)
<\sh> Sarthor: vi /etc/udev/rules.d/70-persistent-net-rules.*
<\sh> Sarthor: change the new eth2 to eth1 and remove the old entry
<Nafallo> Daviey: well. that matters anyway ;-)
<acalvo> Hi! I'm making a script to move an LDAP tree to a new one, but I'm having troubles with accents. In the command-line I can see that everything is right, but when it is stored to the LDAP it's all mix up...
<j0nr> Daviey: what about this spam filter then?
<Daviey> j0nr: Ok.. let me add your IP to my firewall
<Daviey> j0nr: -> PM
<awmcclain> I've looked for a while on google for this and I couldn't find it... anyone know how to set up ssh so that files created over ssh are automatically group writable?
<henkjan_> awmcclain: man umask
<awmcclain> henkjan_: No man entry. Also, for some reason  I was under the impression that setting a umask for a user didn't work over ssh, but that makes no sense.
<awmcclain> That gives me enough.
<awmcclain> Hrm, umask 022, but directories are g-w. Maybe it's an issue with bzr over ssh.
<awmcclain> Oh never mind.
<uvirtbot> New bug: #398733 in dovecot (main) "Dovecot Plain auth broken in 1.1.1, fixed in 1.2.1" [Undecided,New] https://launchpad.net/bugs/398733
<maxb> awmcclain: umask 022 explains directories being g-w
<maxb> umask 002 is what would be required
<awmcclain> maxb: Yeah, i just realized that, I changed to 0002 but I'm still seeing the same issue.
<awmcclain> Oh.... let me check the user's profile and see if it's being overwritten
<maxb> profile will not be involved in a bzr-over-ssh session
<maxb> You will likely want to consider setting the umask via pam
<maxb> Do be aware that umask 002 is an insecure configuration for any user whose primary group is not one private to themselves
<awmcclain> maxb: Ah, that explains a lot. Understood. I'm guessing a google search of 'umask pam' is in order.
<maxb> Specifically pam_umask.so
<maxb> and man pam_umask
<maxb> especially the usergroups option
<ruben23> hi i have an existing disk on my server--> but disk is getting full, if i add up another disk can i merge it with my existing idsk..?
<ruben23> particularly im using the directory for saving /var/spool/asterisk/monitor---->rela time saving of voice records..
<ruben23> anyone have idea
<pirx> hi! has anyone used linux-ha (high availability)? looking for a good tutorial/howto...
<jmarsden> pirx: Using Google gets me: http://www.linux-ha.org/HeartbeatTutorials
<shivek> So what's your website url
<shivek> I want to check it out
<balloooza> well... right now I have a photo gallery
<shivek> Give me the url
<balloooza> shivek: http://balloooza.homelinux.com/gallery3
<shivek> mysql ??
<balloooza> shivek: ? what are you asking
<shivek> does the speed depends on my computer specifications or bandwidth or both?
<balloooza> shivek: my bandwith is slow, depending where you are
<shivek> I'm in India
<balloooza> shivek: illinois
<balloooza> shivek: usa
<shivek> my bandwidth is 215kbps
<shivek> ok
<shivek> what's your bandwidth
<balloooza> shivek: ouch, you will never load my site, but I can still help you
<shivek> yeah help me
<shivek> its not loading
<balloooza> shivek: so, what kind of site, for a buisnuiss
<firecrotch> wow I'm in Wisconsin and I can't even load your site, balloooza
<balloooza> shivek: it will be slow, has to go around the world
<balloooza> maby it is not running?
<shivek> no I'm a student I want a personal website
<balloooza> maby the site is closed, I did some maintnence, and maby messed up the firewall
<shivek> balloooza: yeah its not running
<balloooza> so a personal site, like reseme (sorry I cannot spell)
<shivek> balloooza: yeah I'm just 14 and I've developed a site for me. what's reseme?  " D
<balloooza> shivek: same age, that is a thing that you make to get a job (I thought you ment university)
<shivek> balloooza: should I use MySQl or something else
<shivek> Are u also 14 ??
<balloooza> shivek: mysql is a database
<balloooza> shivek: yes 14
<shivek> so do u also wanna become a hacker ?
<balloooza> shivek: ya
<shivek> who are u insipired from
<shivek> I think we should work together
<shivek> Working together we will be masters
<shivek> What all languages do u know??
<shivek> balloooza: Are you there ?
<balloooza> shivek: that is a little off topic, but no languages yet, but I want to get a little development board for my birthday, so I will learn
<shivek> Oh
<shivek> you don't even know html ?
<balloooza> yes, html
<balloooza> shivek: that is a markup language, what you will most likly use for the website
<shivek> yeah
<shivek> I know
<shivek> I know html
<shivek> and I'm learning python 3
<shivek> Do you have an orkut account ?
<balloooza> That is what I will use to program, second q: no
<shivek> What do u mean . I didn't get u
<balloooza> shivek: hu, no orkut, and also if we start bugging people (none here) we should move to pm
<shivek> pm ?
<balloooza> shivek: Private Message
<shivek> ok
<balloooza> but only if we are bugging somone
<shivek> i just want that we should stay in touch.
<shivek> balloooza: Because I've never found anyone of my age who wants to become a hacker!
<balloooza> OK, how wold I do that? I have gmail, I think that is related to orkut?
<balloooza> btw, mw website is not working, have to figure that out
<shivek> balloooza: yeah it is
<shivek> just give me your email id
<shivek> I'll add you
<balloooza> shivek: it is in my info for irc
<shivek> balloooza: and you should get an orkut account
<balloooza> shivek: did you get it?
<shivek> balloooza: no it isn't displayed
<balloooza> oh, let me take off the hide...
<balloooza> now try
<shivek> balloooza: sure and you should also get an orkut account because hackers also need to know moron mentality .
<balloooza> just signing up...
<shivek> balloooza: take mine<shivekk@gmail.com> .yeah cool add me as ypur friend .Search shivek khurana
<shivek> balloooza: What's your full name ?
<balloooza> accualy I put in my birthday, and it said 18
<specto> I hope you guys know that this chat is logged.
<balloooza> shivek: yes, do not say stuff personal, that is why I have not said stuff personal
<shivek> balloooza: Ok. You can still create  one , add any year that it accepts
<shivek> balloooza: it doesn't really matters.
<shivek> specto : thanks for warning :D
<specto> shivek: no problem.
<shivek> balloooza: done ?
<balloooza> ok shivek, I have added you, have you added me?
<specto> !offtopic
<ubottu> #ubuntu is the Ubuntu support channel, for all Ubuntu-related support questions. Please use #ubuntu-offtopic for other topics. Thanks!
<shivek> wait let me see.
<shivek> ubottu: thanks for your advice.
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<balloooza> shivek: lets move this to gmaail chat :)
<shivek> balloooza: I'm coming there
<Pirate_Hunter> anyone here with knowledge of ISPConfig if so, could i get help, trying to figure out why I the browser interface doesnt work even knowing it installed correctly?
<Pirate_Hunter> anyone here with knowledge of ISPConfig if so, could i get help, trying to figure out why I the browser interface doesnt work even knowing it installed correctly?
<ruben23> hi i have an existing disk on my server--> but disk is getting full, if i add up another disk can i merge it with my existing idsk..?
<ruben23> particularly im using the directory for saving /var/spool/asterisk/monitor---->rela time saving of voice records..
<firecrotch> Pirate_Hunter: I myself haven't used ISPConfig, but maybe I can help you troubleshoot...
<firecrotch> Pirate_Hunter: From what I know, it uses Apache? is apache running?
<Pirate_Hunter> firecrotch, should be, how do i check (sorry i am very new to the server side of linux)
<firecrotch> Pirate_Hunter: ps -e | grep apache
<firecrotch> it should print out a line with a number, a question mark (or pts/#), a timestamp, and then the word apache
<Pirate_Hunter> firecrotch, http://paste.ubuntu.com/217104/
<Pirate_Hunter> firecrotch, yah i think that is correct so it is working
<firecrotch> Pirate_Hunter:  Ok, apache is running, so the next step is to check apache's error log, which is located at /var/log/apache2/error.log
<Pirate_Hunter> firecrotch, http://paste.ubuntu.com/217106/ no errors there that i noticed
<Pirate_Hunter> firecrotch, i think it could be ispconfig itself, even so it did successfully compile and give me the login details just doesnt work in browser :s
<firecrotch> Pirate_Hunter:  What is the error you get when you try to access the ISPConfig page?
<Pirate_Hunter> firecrotch, one sec let me check on the actual box but its something like not accessible, temporary down or soemthing
<Pirate_Hunter> firecrotch, xyz.de refused connection - the server might be busy or you may have network connection problem try again later
<Pirate_Hunter> firecrotch, that is all i get nothing more specific
<firecrotch> Pirate_Hunter: Are you trying to connect to it via https ?
<Pirate_Hunter> firecrotch, yup that is what i chose, how come?
<firecrotch> Pirate_Hunter: I think it is a problem with ISPConfig itself, or apache's configuration, since it's refusing the connection
<Pirate_Hunter> firecrotch, ok but how do i go about finding out which is the problem since syslog doesnt say anything
<firecrotch> Pirate_Hunter: If you can paste all of your apache configuration files (/etc/apache2/sites-enabled) I can take a look
<specto> firecrotch: pastbin please.
<Pirate_Hunter> firecrotch, they are default installed via tasksel havent changed anything was meant to once ispconfig was installed
<firecrotch> ISPConfig changes your apache configs, I think
<Pirate_Hunter> firecrotch, :o Oh didnt know that one sec
<firecrotch> Pirate_Hunter: I've come across something that may have something to do with it... is it ISPConfig 2 or ISPConfig 3that you installed?
<Pirate_Hunter> firecrotch, http://paste.ubuntu.com/217116/ i installed 2 since i think 3 is still beta
<firecrotch> Pirate_Hunter: I noticed somewhere that you have to change /bin/sh to point to /bin/bash instead of /bin/dash for the install, or else there will be problems
<Pirate_Hunter> firecrotch, i set up the server based on this tutorial http://www.howtoforge.com/perfect-server-ubuntu8.04-lts-p4 might help to know
<Pirate_Hunter> firecrotch, i did do that, its in that tutorial
<firecrotch> Pirate_Hunter: haha that's where I saw it ;)
<Pirate_Hunter> firecrotch, yup that is what i used for my setup the problem is ispc can only be unninstalled from the browser interface i think otherwise i would do it again
<firecrotch> Pirate_Hunter:  And you are trying to access it via port 81, right?
<Pirate_Hunter> firecrotch, yup just how the online manual states i havent really changed much except the host and a few bits
<firecrotch> Pirate_Hunter: Well, you've got me stumped
<firecrotch> Note to self: don't bother with ISPConfig
<Pirate_Hunter> i will try to unninstall it again, can you at least provide me with a tut for a good server setup?
<firecrotch> Pirate_Hunter: I've used EBox before, but I don't know if it does everything that ISPConfig does
<Pirate_Hunter> ebox will check it out now, what are you using now?
<firecrotch> Well currently I don't have any need for anything other than a simple web server, so I just have a ubuntu 8.10 box running apache and mysql right now
<Pirate_Hunter> firecrotch,  sorry system went down
<ball> Is there a way I can ask an Ubuntu Server box to enter "standby" mode?
<firecrotch> Pirate_Hunter: welcome back :)
<Pirate_Hunter> firecrotch, np well checking out ebox I think just about does what ispconfig does just in a different way still what do i know (all i want is to host my own site(s))
<Pirate_Hunter> \np\*\no problem\
<Pirate_Hunter> firecrotch, what you up to since i got time to spare
<firecrotch> Pirate_Hunter: If it's just going to be a standalone webserver, I personally don't see the need for something like ISPConfig or ebox.  It's pretty easy to host your own websites on a server with just apache, mysql and php installed.  Look into apache virtual hosts
<firecrotch> I'm currently configuring Kubuntu on my boss's laptop
<Pirate_Hunter> firecrotch, oh didnt know i am quite new to this, I think i am ready to start using ubuntu for serious stuff without the desktop feature and wow your boss i can't even persuade anyone to try ubuntu or any linux OS
<Pirate_Hunter> firecrotch, why kubuntu isn't that too bloated (in my opinion)
<firecrotch> Pirate_Hunter: Well, we use ubuntu server for our servers, and Xubuntu on computers that we use to display videos and stuff on digital signage, and I use Kubuntu on my workstation since it's what I prefer, and he likes it :)
<Pirate_Hunter> firecrotch, i bet he likes the eyecandy which is what made me try it in the first place, I have to admit it is neater more like being in an alternate version of windows
<jon_high9000> I am configuring Postfix. mainly, to use postfix as an alternate smtp server in place of gmail. my question is this; i selected internet site and for mail name entered mail.gmail.com. based on what i have described does this sound correct?
<firecrotch> Pirate_Hunter: Yeah, I've always found KDE to be more... Windows-like, and gnome to be more Mac-like
<ball> I like Blackbox
<ball> ...but Gnome and Xfce4 are both things I could put in front of civilians
<firecrotch> KDE seems to be more intuitive to new users who are used to Windows, in my opinion
<Pirate_Hunter> yeah i agree on the kde part except the Mac bit since i havent used OSX :'(
<Pirate_Hunter> ball, the civilians i know run from linux, some find it too hard even knowing the menu is right at the frigging top
<ball> Pirate_Hunter: people are animals and animals fear change
<firecrotch> Pirate_Hunter: Change the menu name to "Start" and put it at the bottom left corner and they'll have no trouble :)
<Pirate_Hunter> i agree most users will be right at home with kde and koqueror needs some praising
<jon_high9000> sorry about this folks. double checked my research and it is correct. my bad.
<Pirate_Hunter> i did, i did they complained on the way they had to do things, if not the apps they wanted are not there even firefox was weird (it has been around for a long time :/)
<howie> i just made the the switch from windows to full ubuntu like 2 weeks ago and i gotta say i couldnt be happier..
<firecrotch> I think this discussion would be better suited for #ubuntu-offtopic  btw
<Pirate_Hunter> true say however im doing something in another box
<Pirate_Hunter> thanks for earlier on firecrotch
<firecrotch> no problem :)
 * ball sighs
<sleepster> I am looking for a patch for my kernel?  It is currently configured for 100HZ and I would like it to be set to 1000HZ.   the I/O performance is terrible when CONFIG_HZ is set to 100 which is the default I believe for ubuntu server kernel
<balloooza> is it possible to dump all the apache configuration, I just want to start over (I realy messed it up, durring an upgrade, did not make backups of the working state, shoot me)
<bogeyd6> balloooza, which ubuntu version?
<balloooza> 8.04
<bogeyd6> nice
<balloooza> nice, my version, or what I did :)
<bogeyd6> baffle, https://help.ubuntu.com/8.04/serverguide/C/httpd.html
<bogeyd6> sorry im at office so im in and out
<bogeyd6> balloooza,
<balloooza> bogeyd6: yes?
<bogeyd6> balloooza,  https://help.ubuntu.com/8.04/serverguide/C/httpd.html
<bogeyd6> start all over with that link
<balloooza> Thanks
<mathiaz> sommer: do you know where a copy of the ubuntu server guide for 7.10 could be found?
<mathiaz> MagicFab: ^^
<bogeyd6> mathiaz, http://ubuntuguide.org/wiki/Ubuntu:Gutsy
<bogeyd6> specifically http://ubuntuguide.org/wiki/Ubuntu:Gutsy#Servers
<MagicFab> bogeyd6, tx!
<bogeyd6> is there a compelling reason to be using 7.10?
<MagicFab> bogeyd6, no, which is why i am helping upgrade / recover data from it :)
<balloooza> now I have a new problem, there are no files in /etc/apache2, yes I doo have a backup of them, but how do I get the original factory files
<balloooza> (ie all I have is httpd.conf)
<bogeyd6> hmm
<bogeyd6> ballooza
<balloooza> bogeyd6: why do you say the name
<bogeyd6> sudo apt-get remove apache2 && sudo apt-get install apache2
<balloooza> running now...
<bogeyd6> kk
<bogeyd6> i always had a problem with it not putting init files back
<balloooza> bogeyd6: still, nothing in the /etc/apache folder
<balloooza> apache2
<alexm> you should add --purge to remove for apt to remove config files
<bogeyd6> yeah
<bogeyd6> just thought of that
<balloooza> ok, doing...
<balloooza> still nothing
<bogeyd6> ok
<bogeyd6> did you do the purge?
<balloooza> yes
<bogeyd6> kk
<alexm> are you concerned about /etc/apache or /etc/apache2 ?
<balloooza> do you know what package the default config is in (I would have guessed apache2
<bogeyd6> balloooza, apt-get --purge remove apache2-common apache2
<balloooza> aeger /etc/apache2
<bogeyd6> balloooza, apt-get install apache2
<bogeyd6> that will work, i just tried it
<balloooza> dont wory about the thing in the beginning awrng thing
<alexm> then you should purge package apache2.2-common
<alexm> dpkg -S /etc/apache2 show the package name owning the file or directory
<bogeyd6> balloooza, sudo apt-get --purge remove apache2-common apache2 && sudo apt-get install apache2
<bogeyd6> it works
<bogeyd6> on 8.04.1
<balloooza> so wait, so far I ran purge remove one, then the install apache2 one, now what do I do?
<bogeyd6> the command i just gave you
<bogeyd6> we didnt do the the -common last time
<balloooza> I am looking for /etc/apache2/apache.conf
<bogeyd6> balloooza, if you run that command it will default everything back to square one, just like you wanted.  sudo apt-get --purge remove apache2-common apache2 && sudo apt-get install apache2
<balloooza> OK,  it didn't, but I will work on it more, obviously I have a non standered problem
<alexm> balloooza: it will remove all the files that came or were created during the apache installation, but not those you created afterwards
<alexm> if you want to make sure that you remove all of them, rm -rf /etc/apache2 after backing it up (just in case) and purging it
<alexm> maybe package etckeeper will help you track changes on /etc/apache2 files, it's worth trying
<ruben231> hi
<ruben231> by default what is the password of root in fresh install ubuntu..?
<ruben231> ubuntu-server
<balloooza> there is none
<balloooza> "for safty:
<ruben231> no password..?
<ruben231> just blank
<balloooza> (ubuntu uses sudo instead of root, this is annoying somtimes, but I have learned to like it,  I do not have to give put a root password
<balloooza> BTW, there is no password, that means you cannot log onto it, this is ubutu security modle, so telling you how-to would be unexceptable, on the forums or here
<bogeyd6> !noroot
<ubottu> We don't support a root password so don't suggest one unless you are going to be here 24/7 to help someone who has problems as a result of having one, many thanks ;-)
<bogeyd6> !root
<ubottu> Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<bogeyd6> sage advice ruben
<ruben23> ok got it
<balloooza> those are some new ubottu commands. saves me typing
<bogeyd6> i wonder
<bogeyd6> !root @ bogeyd6
<ubottu> Sorry, I don't know anything about root @ bogeyd6
<balloooza> bogeyd6: how do I get a list of all ubottu s commands ( I have a feeling he will tell me)
<balloooza> !connands @ balloooza
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<balloooza> !bot
<ubottu> Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://ubottu.com/factoids.cgi - Usage info: http://wiki.ubuntu.com/UbuntuBots
<balloooza> yay, that was it!!
<bogeyd6> i dont know
<bogeyd6> there you go
<balloooza> I got it
<bogeyd6> !iptables
<ubottu> Ubuntu, like any other linux  distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command (see https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw), or 'iptables' (https://help.ubuntu.com/community/IptablesHowTo). GUI applications such as Firestarter/Gufw (Gnome) or Guarddog (KDE) also exist
<DormantOden> hey Ubuntu people
<DormantOden> I seem to have a HUGE memory leakage problem
<DormantOden> anyone know of any active memory readers?
<balloooza> is this an ubuntu problem or ubuntu server
<DormantOden> server
<balloooza> run top
<balloooza> then sort by memory usage
<jbernard> DormantOden: once top comes up, hit 'O', then 'n', then <enter>
<jbernard> DormantOden: that will sort the list by memory usage
<DormantOden> will do =)
<DormantOden> hmm, seems steady now
<DormantOden> I was restarting apache quite alot.... Ill try that alot again :P
<DormantOden> gah!
<DormantOden> Found it!
<DormantOden> Damn you migrate database!
<DormantOden> its going to asplode again!
<DormantOden> quick, how do i stop somthing 0o
<DormantOden> ahhh... it died. ='(
<firecrotch> DormantOden: what are you trying to do?
<DormantOden> stop a massive memory leak
<DormantOden> at least i found the culprit :P
<DormantOden> it used like 2 gigs in 3 minutes 0o
<firecrotch> DormantOden: whats the cause of the mem leak?
<DormantOden> a doogy plugin by the looks of it. I tried to migrate some database things and it exploded
<DormantOden> some chat plugin for redmine to be specific
<DormantOden> How can I stop ruby, just for future needs?
<troglobyte> If I wanted to automate a scp upload to /var/www/dirname (owned by www-data) do I just add the uploading user to the www-data group?
<garchonix> hello
<garchonix> could someone give me a hand? i need to sync two dirs, but transferring only files that in IN THE DESTINATION have mtime < some_time
<garchonix> what would be the best way to do that?
<jfontan1> troglobyte, that and also giving write premissions to group (that must be www-data)
<troglobyte> jfontan1, thanks!
<quentusrex> Is anyone around that is familiar with x509 certs and gnutls?
<Bilge> Even though migrating from LTS to 9.04 would require upgrading in several steps, would it be possible, in future, to upgrade directly from an old LTS distro to a new one?
<infinity> Bilge: We support LTS->LTS upgrades, yes.
<infinity> Bilge: (For instance, we support dapper->hardy right now)
<docta_v> i have some custom packages i've built and i'd like to authenticate them using apt... just wondering what the best method is to deal with trusted.gpg
<docta_v> i was considering either... making my own package to replace this file wholesale... or running a script on every system to add the new key. there doesn't appear to be an easy way to deal with this issue
<majikman> does anyone else here have issues with ubuntu's default configuration of having tomcat log stuff into syslog?
<n8bounds> Hullo all
<KillMeNow> howdy
<n8bounds> anyone here handy with bind9?
<KillMeNow> i'm fairly handy
<n8bounds> i have a in-addr.arpa zone problem...
<KillMeNow> what' the problem
<n8bounds> my bind server hosts a few public zones
<n8bounds> but i never set up a reverse lookup zone
<n8bounds> trying to do that today results in fail
<KillMeNow> well, you normally wouldn't
<KillMeNow> unless the IP range has been swipped to you
<n8bounds> i have to for our mail server
<KillMeNow> for the public side
<KillMeNow> ok, has the IP range been swipped to you?
<n8bounds> our ISP (AT&T) delegates our public subnet's DNS (including the in-addr.arpa) zones to us
<KillMeNow> ok
<n8bounds> right, so the named service restarts fine with the config I have
<n8bounds> but it refuses to answer
<n8bounds> would u mind if i pasted one line from syslog in here?
<KillMeNow> nope
<n8bounds> Jul 13 17:35:11 mail named[21637]: client 65.188.241.191#62828: view external: query (cache) '132.82.145.12.in-addr.arpa/PTR/IN' denied
<KillMeNow> ulness you wanted to use pastebin
<n8bounds> i may have to
<KillMeNow> are you running bind9 in a chroot jail?
<n8bounds> the server's hostname is mail, obviously, and the client ip is an external source--of our network
<n8bounds> negative
<KillMeNow> k
<n8bounds> this is just bind9 apt-got on 8.04.2
<KillMeNow> ok
<KillMeNow> i'm assuming then you created a in-addr.arpa zone for that IP block?
<n8bounds> yes: http://pastebin.com/m7b432cde
<KillMeNow> do you get any errors when you do your rndc reload?
<n8bounds> negative
<n8bounds> named-checkconf & named-checkzone pass fine too
<KillMeNow> have you tried using the host command to dig out the reverse pointers locally to the DNS server?
<n8bounds> no, good idea
<n8bounds> lets see...
<goldrake> hallo
<n8bounds> Host 128-28.82.145.12.IN-ADDR.ARPA not found: 5(REFUSED)
<n8bounds> @goldrake hiya
<KillMeNow> also, the error also says that the query (cache) is denied, i'm not seeing the statement "allow-query-cache" in your named.conf
<n8bounds> well, if i enable that, it just recurses through and ends up without an answer at the root servers...
<KillMeNow> course you didn't post your named.conf
<goldrake> good evening n8bounds
<KillMeNow> hrm...  if you don't "allow-recursion" i'm not sure it will allow it to go to the root servers
<n8bounds> but im trying to be authoritative...
<n8bounds> i dont want it to recurse to the roots
<n8bounds> if you dont mind
<n8bounds> i just enabled query-cache to any
<n8bounds> from your machine, run this command: dig @ns.epescarriers.com -x 12.145.82.132
<n8bounds> you will get NOERROR, but no answer either
<KillMeNow> host 12.145.82.132 gives this reply:  132.82.145.12.in-addr.arpa is an alias for 132.128/28.82.145.12.in-addr.arpa.
<n8bounds> now why would yours be different...
<n8bounds> anyway, that doesn't make any sense either way
<n8bounds> as I have 132.82.145.12.in-addr.arpa as a PTR rr not a CNAME
<KillMeNow> dunno
<KillMeNow> but are you still getting the denied error from localhost?
<n8bounds> yes
<n8bounds> i forgot to mention
<n8bounds> this is "split"
<n8bounds> i have two views
<n8bounds> of which loopback does not fall into the external view
<n8bounds> where that reverse zone is configured
<KillMeNow> figured when i seen the "view external"
<KillMeNow> however, if it works on the internal side, then we need to look at why it's not allowing it externally
<KillMeNow> did you enable IPv6?
<majikman> anyone know how to reconfigure tomcat so that it stops logging into syslog?
<n8bounds> yes
<n8bounds> i did enable ip6
<n8bounds> i finally got my thread started: http://ubuntuforums.org/showthread.php?p=7611249#post7611249
<n8bounds> there are almost ALL the config files
<n8bounds> @majikman, lemme see how I have mine set up
<majikman> n8bounds, i think i have to modify the /etc/init.d/tomcat6 file. ps shows this option.... -outfile SYSLOG -errfile SYSLOG
<n8bounds> check out  /etc/tomcat5.5/logging.properties
<n8bounds> mine logs to syslog, but only on errors, it seems
<n8bounds> mostly it logs to a few files in /var/log/tomcat5.5/
<n8bounds> my init.d script uses "$CATALINA_BASE/logs" "$CATALINA_BASE/temp
<n8bounds> "
<goldrake> good night
<majikman> n8bounds, thanks for looking. thats interesting to know. my logging.properties isn't set to use syslog and my init.d file is hardcoded to syslog. i just changed it and it should hopefully start working the way i want it to now
<n8bounds> @majikman, np. make sure you create the tomcat5.5 subdir in /var/log if its not created already
<KillMeNow> are you running SELinux n8bounds?
<n8bounds> negative
<n8bounds> i have no idea how to add that to ubuntu
<KillMeNow> apparmor is Ubuntu
<KillMeNow> and i've never gotten it to work properly
<KillMeNow> always caused me more pain
<n8bounds> yeah, but i know what apparmor looks like (at least) when it complains in syslog
<n8bounds> and it isnt
<n8bounds> it did when I tried to use a non-default dir for zone files
<n8bounds> so i just went back to /var/cache/bind/
<jdstrand> n8bounds: you could also adjust /etc/apparmor.d/usr.sbin.named
<n8bounds> yeah, i started to do that, but i'd have to do it on about 10 servers
<n8bounds> so i just went the easy way ;)
<n8bounds> it was easier to add one more dir to my /etc/* -R backup script :)
 * jdstrand nods
<KillMeNow> when i resolve ns.epescarriers.com i get 12.145.82.132
<n8bounds> correct
<n8bounds> but if you try to reverse query 12.145.82.132 you get fail
<KillMeNow> yea, it fails
<n8bounds> yeah
<n8bounds> i have no idea why
<KillMeNow> host 12.145.82.132 nx.epescarriers.com gives me fail
<n8bounds> you mean ns, not nx, yes?
<KillMeNow> yea
<KillMeNow> sorry
<n8bounds> cool
<KillMeNow> Host 132.82.145.12.in-addr.arpa not found: 5(REFUSED)
<KillMeNow> that's the exact error
<n8bounds> right
<n8bounds> me too
<KillMeNow> ok, stop and start the named service then hit the syslog
<KillMeNow> make sure everything looks copasetic and all the zone files are actually loaded
<n8bounds> it is
<n8bounds> PS, i would have a big problem if it wasnt
<n8bounds> zone 128-28.82.145.12.IN-ADDR.ARPA/IN/external: loaded serial 2009071315
<n8bounds> that's the wonky part
<KillMeNow> yea, WTF over
<n8bounds> it loads it, but doesnt act authoritative
<phaidros> hm, after installing hwinfo on a machine i get this:
<phaidros> Inconsistency detected by ld.so: ../sysdeps/x86_64/dl-machine.h: 416: elf_machine_rela_relative: Assertion `((reloc->r_info) & 0xffffffff) == 8' failed!
<phaidros> for every command ..
<phaidros> any hints on that? (I'm not wanting to reboot quick, because it is a xen dom0 instance with 8 virtual machines)
<KillMeNow> well, it's not a servfail error, but a refused error
<n8bounds> right
<n8bounds> @phaidros something is seriously wrong
<n8bounds> check your filesystems, you might be full
<phaidros> n8bounds: I expected :/
<phaidros> n8bounds: !
<n8bounds> # df -HT
<phaidros> good hint
<n8bounds> ...if you can
<n8bounds> that is
<phaidros> hehe
<phaidros> of course not
<n8bounds> try to init 1, when u can bring the vms down
<phaidros> ok, full fs makes sense
<n8bounds> yeah..
<phaidros> *sigh*
<n8bounds> @KillMeNow I added another post http://ubuntuforums.org/showthread.php?t=1212421 and I think I know the problem, just not the solution
<phaidros> so, the whole procedure again, all vms down, write users mails before, repair dom0, bring everything up and fix all which broke on the way :D
<n8bounds> bind doesnt seem to think it should be authoritative for that zone
<n8bounds> @phaidros, yeah, might be good to throw an fsck in there somewhere ;)
<n8bounds> KillMeNow: you must be 216.99.213.136
<n8bounds> ;)
<KillMeNow> yes, that's me
<n8bounds> I think I've read the zytrax bind book about 20 times now
<n8bounds> also, the bv ARM isnt very detailed
<KillMeNow> ok for giggles allow-recursion
<n8bounds> ok, standby
<n8bounds> wide open
<KillMeNow> yes, the problem is TOTALLY that it's not acting as authority
<KillMeNow> it punted me to the root servers when you enabled recursion
<n8bounds> ytes
<KillMeNow> https://lists.isc.org/pipermail/bind-users/2004-October/053137.html
<KillMeNow> read that
<KillMeNow> i think that will clear up your problem
<KillMeNow> maybe
<n8bounds> whoa... thats written by The Man, himself..
<KillMeNow> yea
<n8bounds> that has to work. trying it now
<KillMeNow> and the situation sounds just like the one you're experiencing
<n8bounds> yes it does
<n8bounds> why does he write it zone "224-239.0.80.62.in-addr.arpa" { intead of zone "224-239.0.80.62.in-addr.arpa" IN {
<n8bounds> (i thot u needed the IN)
<KillMeNow> it was written in 2004
<n8bounds> ah
<KillMeNow> it's the concept however
<n8bounds> tru
<KillMeNow> and it explains WHY when i do just host 12.145.82.132 i get the cname pointer
<EAS> anyone know what the story is about DRBD8 for Jaunty?
<EAS> do I just need the utils?
<KillMeNow> no idea EAS
<n8bounds> not sure
<n8bounds> @KillMeNow, I changed this part of the external view
<n8bounds> http://pastebin.com/m678ec31b
<EAS> ok, looks like the drbd module is now part of the linux-image-*-server package...
<n8bounds> hmm
<n8bounds> @KillMeNow, I'm getting these now "zone 82.145.12.IN-ADDR.ARPA/IN/external: refresh: non-authoritative answer from master 212.82.225.7#53 (source 0.0.0.0#0)" I must have picked a fools master
<n8bounds> ...any clue on how I find the master for that zone?
<n8bounds> i looks like xbru.br.ns.els-gms.att.net.
<n8bounds> but i may be way off
<KillMeNow> yea, those are the authoriative which CNAME it to you
<KillMeNow> one second
<KillMeNow> heh, ok now i get servfail when i try to grab the reverse
<n8bounds> can you use hostnames as masters?
<KillMeNow> i wouldn't think
<n8bounds> heh, ur right
<KillMeNow> what is your resolv.conf pointed to?
<KillMeNow> or are you doing these queries from a separate machine?
<n8bounds> the latter
#ubuntu-server 2009-07-14
<KillMeNow> and that machines is pointed to what DNS resolver?  i use opendns for my resolver
<KillMeNow> even on my own servers
<KillMeNow> but i don't run external / internal views
<KillMeNow> and i'm running a chrooted bind
<n8bounds> i have my own root server outside this subnet i've been using
<n8bounds> or the att nameservers directly, via dig or nslookup
<KillMeNow> however, my IP space is owned by my ISP
<n8bounds> ah
<n8bounds> must be nice, not having to bother with in-addr.arpa zones ;)
<KillMeNow> so any reverse stuff they deal with
<KillMeNow> well they are basically just like any other zone
<n8bounds> yes, exactly
<KillMeNow> and it makes my life easier to not run internal / external views
<KillMeNow> also i have a MS DNS running for all the windows clients here
<KillMeNow> so internally i don't need one
<n8bounds> I run my MS DNS zones in bind9 :D
<n8bounds> that was a bit tricky ;)
<KillMeNow> you having MS DNS pull from the bind9 server?
<n8bounds> i have a 2003 (R2) MSAD setup here
<n8bounds> with a few hundred clients and a few dozen MS servers
<n8bounds> and all DNS is done on bind9+ubuntu
<n8bounds> including the MS AD zones
<KillMeNow> cool
<n8bounds> with dynamic updates + dhcp3 and all that
<n8bounds> yeah, i was sick of maintaining two widly different name server types
<n8bounds> *wildly
<KillMeNow> 133.82.145.12.in-addr.arpa. 83964 IN    CNAME   133.128/28.82.145.12.in-addr.arpa.
<KillMeNow> when i dig 133.82.145.12.in-addr.arpa. ptr
<n8bounds> yeah, thats when you dug against opendns
<KillMeNow> it looks like you should be trying to serve up 133.128/28.82.145.in-addr.arpa.
<KillMeNow> yes, but that's what MOST ppl will be doing
<KillMeNow> checking against their resolver
<n8bounds> heh, good point
<n8bounds> i agree with you, you must be on to that
<KillMeNow> so when i check, my resolver says "Hey, go check whoever has  133.128/28.82.145.12.in-addr.arpa
<n8bounds> but ATT provisioned me  128/28.82.145.12.in-addr.arpa.
<n8bounds> plus, i dont own the 12.145.82.133.128/28 network.... i dont even know why there are two numbers in the last octet there
<KillMeNow> ahhhah!  128/28.82.145.12.in-addr.arpa. 0 IN     A       67.215.66.132
<n8bounds> i own the 12.145.82.128/28
<n8bounds> .....
<KillMeNow> so when i dig on 133.128/28.82.145.12.in-addr.arpa that is my response...  the A record is 67.215.66.132
<KillMeNow> ahh NM
<n8bounds> Friend, i'm afraid thats just the hit-servfail at opendns
<KillMeNow> the 67.215.66.132 is opendns
<KillMeNow> so they cnamed the 133.128/28.82.145.12 to 128/28.82.145.12
<n8bounds> so what does  133.128/28.82.145.12.in-addr.arpa even mean
<n8bounds> there's one too many sets of numbers there
<KillMeNow> that's the original CNAME
<KillMeNow> so when i do a host 12.145.82.132 i get this response:  132.82.145.12.in-addr.arpa is an alias for 132.128/28.82.145.12.in-addr.arpa.
<n8bounds> i feel thats just more opendns trickery
<n8bounds> when i do it (outside), i get SERVFAIL
<KillMeNow> which then leads me to ask, dig 132.128/28.82.145.12.in-addr.arpa
<KillMeNow> which then tells me that is 128/28.82.145.12.in-addr.arpa
<KillMeNow> yea, and then i get no servers could be reached
<KillMeNow> but since ATT owns that block, they had to CNAME the reverse to you
<n8bounds> yes
<n8bounds> which is why i was digging my ns directly from the outside to troubleshoot this
<n8bounds> and since even that was failing
<n8bounds> i didnt see the point in trying to troubleshoot the resolution of the same fail through opendns or other roots
<KillMeNow> yep, but my thinking is what if they messed up the cname mapping
<n8bounds> so we're back to page 1, where by all accounts, this should be working
<n8bounds> its possible
<KillMeNow> yea, i think you should only have to have the 128/28.82.145.12.in-addr.arpa zone file served
<n8bounds> would my bind server fail to act authoritatively in that case?
<KillMeNow> well, when we ask it using DIG, and you've told it that it's the master, and the SOA points to your DNS to be authoritative i would say it shouldn't
<n8bounds> agreed
<KillMeNow> in your zone file, move the NS    ns.epescarriers.com to the top of the list
<KillMeNow> you have the att.net servers listed first
<KillMeNow> i'm wondering if it reads those top down as ordered list
<KillMeNow> and i would go back to your original config
<KillMeNow> and shouldn't this be uncommented:  ;$ORIGIN 128/28.82.145.12.in-addr.arpa.
<KillMeNow> rather than $ORIGIN 128-28.82.145.12.in-addr.arpa.
<n8bounds> you are very thorough. i really appreciate all your effort here
<n8bounds> lets try that now..
<KillMeNow> well, it seems that if everyone in the world is looking for 128/28.82.145.12.in-addr.arpa that's what you should be serving up
<n8bounds> indeed
<n8bounds> okay, its replying with SERVFAIL still, but its acting as if I'm requesting recursion, which I shouldnt be
<KillMeNow> and it's still loading the zone as expected w/o errors in syslog?
<n8bounds> absolutely
<n8bounds> i tried reversing the order of Mark Andrews' example also
<KillMeNow> nope, seems to be working for me now
<KillMeNow> one sec, lemme verify
<n8bounds> dig @ns.epescarriers.com -x 12.145.82.131  still fails hard
<KillMeNow> yea dig is giving me the SOA now
<KillMeNow> yea
<KillMeNow> bloody hell
<n8bounds> sheesh
<howie> has anyone setup asterisk on ubuntu server?
<KillMeNow> 128/28.82.145.12.in-addr.arpa. 86400 IN SOA     ns.epescarriers.com. postmaster.epescarriers.com.
<KillMeNow> not on ubuntu no
<KillMeNow> i've got mine running CentOS
<KillMeNow> however, check out Elastix
<howie> can i run it on ubuntu?>
<n8bounds> im sure you can
<KillMeNow> probably, just not sure it's in the binary repo
<n8bounds> but a lot of people seem to like this http://www.askozia.com/pbx/
<n8bounds> @KillMeNow what did you query exactly to get that answer?
<howie> im have pass on the askozia
<KillMeNow> most ppl run TrixBox, but Elastix is a port of trixbox since Fonality are a bunch of puss brains
<KillMeNow> can i append stuff to your pastebin?
<n8bounds> please do
<n8bounds> u on this one? http://pastebin.com/m678ec31b
<KillMeNow> yea
<KillMeNow> hope i didn't whack it all up
<KillMeNow> but there is the total response
<Speedy059> Is there another command to download a http file without using "wget" ?
<KillMeNow> sorry, i can't think of one off the top of my head
<KillMeNow> do you not have access to wget?
<n8bounds> axel is a good pkg
<Speedy059> i do, just trying to troubleshoot something
<n8bounds> @KillMeNow, I ammeded your ammendment
<KillMeNow> LOL
<n8bounds> yeah... what is THAT about..?
<KillMeNow> yea, mine was just a DIG on the 128/28 record, you were looking for the specific PTR within
<KillMeNow> mine solidified that you ARE The SOA
<KillMeNow> and that the SOA record is showing up as you put it in
<KillMeNow> 128/28.82.145.12.in-addr.arpa. 86400 IN SOA     ns.epescarriers.com. postmaster.epescarriers.com. 2009071318 14400 7200 2419200 86400
<n8bounds> right, which Does make me happy
<n8bounds> but I cant reproduce that
<n8bounds> even if I take your exact command
<n8bounds> oh wait
<n8bounds> im an idiot
<n8bounds> check this out
<n8bounds> dig 128/28.82.145.12.in-addr.arpa any @ns.epescarriers.com
<n8bounds> there's more data
<n8bounds> from inside my zone file
<n8bounds> it must be my zone file
<n8bounds> here's my current zone file http://pastebin.com/mbffa1bb
<KillMeNow> i just updated the last one with my DIG response
<n8bounds> i must have overwrote it
<n8bounds> refresh it
<n8bounds> i think i hit submit after you
<n8bounds> oh, thats why it changed the name
<KillMeNow> are you catching any errors in syslog?
<n8bounds> no
<KillMeNow> are you getting servfail on my connects or is it giving you any error?
<KillMeNow> or refused?
<n8bounds> all the erros i got before we added Mark's setup are now missing
<n8bounds> I'm still slaving the 82.145.12.IN-ADDR.ARPA domain from the F root server
<KillMeNow> yea, i'm lost now...  you ARE serving up the 128/28.xxxxxxxx zone file, that is evident
<KillMeNow> but it's the bridge between the 128/28.xxxx zone to the 131.82.145.12.in-addr.arpa that looks like it is failing
<n8bounds> i just asked the F-Root about my subnet   dig 128/28.82.145.12.in-addr.arpa @192.5.5.241
<n8bounds> ATT has the ENTIRE 12.0.0.0
<n8bounds> is that what you see?
<KillMeNow> yea which is why they CNAME'd it to you
<KillMeNow> i'm getting time out
<KillMeNow> yes, ATT bought the 12.0.0.0/8 subnet LONG ago
<n8bounds> I had no idea. But this is pretty good proof :  host -vl 199.191.128.105
<n8bounds> i have an idea
<n8bounds> okay, this seems a little close
<n8bounds> closer:   dig 131.82.145.12.in-addr.arpa @ns.epescarriers.com
<KillMeNow> yep
<KillMeNow> little closer i thin
<KillMeNow> think
<n8bounds> okay, if I take out the zone "12.IN-ADDR.ARPA" IN { specification in my named.conf
<n8bounds> i loose the SOA in the dig
<KillMeNow> yea, i'm checking a couple things
<KillMeNow> i think we're pretty close
<n8bounds> think I have to add every sub zone as a slave of ATT as well?
<KillMeNow> a slave of ATT?
<KillMeNow> you're not pulling from them are you?
<n8bounds> no
<n8bounds> i mean, i am for the 12.IN-ADDR.ARPA
<KillMeNow> yea, they are just CNAME'ing the subnet for you
<KillMeNow> no, don't think so
<n8bounds> but i'm master for the 128/28.82.145.12.IN-ADDR.ARPA
<KillMeNow> yes, andthat's what you should be worried about
<n8bounds> right
<KillMeNow> and we get the response we expect for that zone
<n8bounds> I dont think hosting a slave of 12.IN... is helpful in any way
<n8bounds> it just masks the erros
<n8bounds> *errors
<KillMeNow> yea, i agree
<KillMeNow> pastebin your config again pls
<KillMeNow> your current config
<n8bounds> kk
<n8bounds> http://pastebin.com/m3ff3eff7
<n8bounds> holy snap! i think it's going to start working: client 199.191.128.105#35931: view external: transfer of '128/28.82.145.12.in-addr.arpa/IN': AXFR ended
<KillMeNow> woot
<n8bounds> that client is the ATT secondary NS
<KillMeNow> what did you change?
<KillMeNow> you can't see any of the changes i'm doing to the config can you?
<n8bounds> http://ubuntuforums.org/showthread.php?p=7611856#post7611856
<n8bounds> you took out the att ns es
<n8bounds> and moved the origin up
<n8bounds> right?
<KillMeNow> yea
<KillMeNow> cause the att ns stuff isn't needed
<KillMeNow> YOU are the authoritative server
<n8bounds> true
<KillMeNow> so only YOUR ns server should be listed in that zone
<n8bounds> but all my other zones are that way
<n8bounds> att lets me use those two ns' as secondary slaves
<KillMeNow> and now i read through some goodness in the Oriely book on Bind
<n8bounds> for the zones i have delegation for
<KillMeNow> well i didn't know that!
<n8bounds> :D
<n8bounds> it should honestly work either way
<KillMeNow> so those 2 suck off the ns.epescarriers.com ?
<n8bounds> yes
<KillMeNow> how long ago did ATT delegate authority for you?
<n8bounds> ...years
<KillMeNow> ok
<KillMeNow> well now i'm getting refused again on dig
<KillMeNow> hey, look what i get now!
<KillMeNow> ; <<>> DiG 9.5.1-P2 <<>> 133.82.145.12.in-addr.arpa
<KillMeNow> ;; global options:  printcmd
<KillMeNow> ;; Got answer:
<KillMeNow> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46861
<KillMeNow> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
<KillMeNow> ;; QUESTION SECTION:
<KillMeNow> ;133.82.145.12.in-addr.arpa.    IN      A
<KillMeNow> ;; ANSWER SECTION:
<KillMeNow> 133.82.145.12.in-addr.arpa. 79605 IN    CNAME   133.128/28.82.145.12.in-addr.arpa.
<KillMeNow> 133.128/28.82.145.12.in-addr.arpa. 86399 IN CNAME mail.epescarriers.com.
<KillMeNow> mail.epescarriers.com.  3599    IN      A       12.145.82.131
<KillMeNow> ;; Query time: 284 msec
<KillMeNow> ;; SERVER: 192.168.200.194#53(192.168.200.194)
<KillMeNow> ;; WHEN: Mon Jul 13 17:18:15 2009
<KillMeNow> ;; MSG SIZE  rcvd: 120
<KillMeNow> host 12.145.82.132
<KillMeNow> 132.82.145.12.in-addr.arpa is an alias for 132.128/28.82.145.12.in-addr.arpa.
<KillMeNow> 132.128/28.82.145.12.in-addr.arpa domain name pointer mail-mx02.epescarriers.com.
<KillMeNow> looks like it's working now
<KillMeNow> well kinda
<KillMeNow> lemme read that again
<n8bounds> kinda
<n8bounds> yes
<KillMeNow> yea, and now i'm still getting the refused error when i try to host or dig directly off your server
<n8bounds> right
<n8bounds> i wonder if i need these IN designators
<n8bounds> you think?
<KillMeNow> which ones?
<KillMeNow> from the edit i did?
<n8bounds> in the PTR rr s
<n8bounds> yes
<KillMeNow> yes, you need the IN     NS
<KillMeNow> as for the pointers, i think those are OK too
<KillMeNow> you need the IN    PTR     <IPADDR> for the reverse
<KillMeNow> here is the rub as I read and understand it....  ATT creates a delegation called 132.128/28.82.145.12.in-addr.arpa
<KillMeNow> which is the CNAME'd to a delegation called 128/28.82.145.12.in-addr.arpa which yours to SOA
<n8bounds> im following..
<KillMeNow> so in your zone file, you need to $origin 132.128/28.82.145.12.in-addr.arpa no?
<n8bounds> AH!
<KillMeNow> it's like a chain no?
<n8bounds> that makes good sense!
<n8bounds> we shall see
<n8bounds> zone 128/28.82.145.12.IN-ADDR.ARPA/IN/external: loading from master file db.ext.ptr failed: not at top of zone
<n8bounds> oops, i need to edit the named.confxxx
<KillMeNow> yea, i'm gonna go feed my need for nicotine
<KillMeNow> back in a min
<n8bounds> 10-4
<KillMeNow> back
<n8bounds> well
<n8bounds> its close to right
<n8bounds> but not quite
<n8bounds> its good enough to get the deferred mail off my mail server
<n8bounds> so im outa here
<n8bounds> drop me a line at n8bounds@gmail.com sometime
<n8bounds> i owe you a beer if we're ever in the same zip code
<KillMeNow> well if you're in NC, i'm on the west coast
<KillMeNow> but yea, the part that is really making me get stumped is the host 12.145.82.132 coming back to 132.128/28.82.145.12.in-addr.arpa
<KillMeNow> almost seems like ATT has it borked on their end
<n8bounds> i bet they have
<n8bounds> wouldn't be the first time
<n8bounds> I'm in Greensboro
<n8bounds> but shoot me an email if you want
<KillMeNow> Portland OR
<n8bounds> I've been known for travelling
<n8bounds> ;)
<n8bounds> and thanks again
<KillMeNow> heh
<KillMeNow> email sent
<n8bounds> word
<n8bounds> ciao
<KillMeNow> C YA
<TimReichhart> hey guys can somebody point me the correct way to setup a streaming media server like for tv?
<TimReichhart> I want to use ubuntu for OS
<EEoar> howdy
<EEoar> QQ: Can you install PHP5 + Lighttpd without apache2?
<\sh> yes
<EEoar> seems the synaptic pkg_mgr says no
<EEoar> ok....
<\sh> you can't install mod_php5 and lighty
<EEoar> I take it I would need to manually do it?
<\sh> you need to install php5-fcgi + lighty
<\sh> sorry...php5-cgi (which is the fcgi binary)
<EEoar> Can I do that even though I'm a bit of a lighty + php5 idiot?
<\sh> EEoar: if you can read the howto on lighttpd.org..you can do it as well
<\sh> s/org/net/
<\sh> sry..too early in the morning
<EEoar> cool - when I try to remove libapache2-mod-php5 it insists on removing hp5... wtf?
<EEoar> err... hp5 = php5, sry
<\sh> that's normal...:) just let it remove it, and install php5-cgi
<\sh> EEoar: http://redmine.lighttpd.net/projects/lighttpd/wiki/TutorialLighttpdAndPHP <- howto install php with lighty
<EEoar> \sh: Thanks
<\sh> http://www.ubuntugeek.com/lighttpd-webserver-setup-with-php5-and-mysql-support.html <- another howto
<\sh> http://ubuntu-tutorials.com/2008/11/09/install-lighttpd-with-php-fastcgi-on-ubuntu-810/ <- Howto from Christer Edwards
<\sh> now I really need to coffee and some nicotine
<EEoar> I need a cup of coffee, some chocolate and I'm gonna get lighty workin!  I'm in need of phpProxy
<EEoar> (tonight)
<teddy_> Does NGINX work with PHP5 ?
<\sh> teddy_: google's your friend :) http://www.howtoforge.com/nginx_php5_fast_cgi_xcache_ubuntu7.04
<EEoar> does Samba SERVER have a GUI front-end somewhere?
<jmarsden> EEoar: SWAT is a web based front end to configuring Samba...
<EEoar> system-config-samba
<EEoar> oops... yea I saw that too
<EEoar> SWAT?
<jmarsden> SWAT: Samba Web Administration Tool.  package name swat
<jmarsden> I don't use it, but it exists and seems to be close to what you are looking for.
<EEoar> OK, thank you
<jmarsden> No problem.
<EEoar> you guys in Ubuntu land are extremely helpful - this has been a nice transition from the world of Windows to Ubuntu (desktop & server)
<EEoar> now to read and get lighty + PHP5 installed and workin' and life will be good
<Shazburg> I'm looking for a finger to point me in the right direction. I've got my preseed and it's working like a dream. I'm launching from a CD and would like to turn off the language prompt when the installer menu loads so it will timeout and launch my default. Any ideas what I'm missing?
<whalesalad> Hey guys, where is the default logrotate crontab stuff? I can't seem to find it anywhere
<twb> whalesalad: /etc/cron.d/logrotate?
<whalesalad> Not in there =/
<whalesalad> oh hai btw, heh
<twb> $ apt-file show logrotate | grep cron
<twb> logrotate: /etc/cron.daily/logrotate
<whalesalad> Running 8.10
<whalesalad> apt-file command not found
<twb> Plonk.
<Shazburg> whalesalad: /etc/cron.daily/logrotate ?
<whalesalad> nope
<Shazburg> Doh, just realized that's what twb put
<whalesalad> 'tis nowhere to be found =/
<Shazburg> I looked up the package files on the site.
<twb> whalesalad: your installation is damaged, then
<whalesalad> twb: any idea on how to fix things?
<Shazburg> whalesalad: agreed. It should be there: http://packages.ubuntu.com/hardy/i386/logrotate/filelist
<whalesalad> I'm an idiot. I didn't realize you needed to install logrotate. It's installed now,and the files exist. Sorry to bug guys, thanks for the help
<Shazburg> whalesalad: Between you and me, I'll take that kind of problem over a real one any day.
<ball> I should probably try Ubuntu Server on this box
<Anirban> When I am trying to install ufw by "sudo apt-get install ufw" having following error : http://pastebin.ca/1494428
<_ruben> could try sudo apt-get install -f .. to clean up any issues with apt
<sandstrom> I have a VPS where one process (in some circumstances) uses too much memory and gets killed (SIG TERM) by Virtuozzo. Is there a way to remedy this, eg. by setting a cap on memory on my machine, or on separate processes? http://maxgarrick.com/understanding-openvz-resource-limits/#comments
<henkjan_> sandstrom: man limits.conf
<sandstrom> henkjan_: thanks! is data (maximum data size), memlock (maximum locked-in-memory address space) or as (address space limit) the memory limit?
<Bilge> Doesn't Ubuntu ship with some tools to make automatic rotation of a series of files easier?
<Bilge> Such as a rolling backup by keeping only the last n number of days
<Bilge> I know it has something like this for log files, but I don't know if it is general enough to use for any series of files, or what it was called
<alexm> Bilge: logrotate can be used for that
<Bilge> Ah yes that was it
<alexm> but maybe rdiff-backup etc. are better for the job
<Bilge> I wrote my own incremental backup
<Bilge> Using `find`
<Bilge> In bash script
<alexm> using your own tools has some pros (it can be fun and you learn a lot) but the cons are worth considering too (i.e. maintainability)
<Bilge> Only weakness at the moment is that if you include some new files at a later stage, the same date/time tests are applied to them and unless they were created on the same day they were added to the backup list, they won't be included
<Bilge> If that makes any sense
<Bilge> So it needs to scan all of the backups for a given period to determine if they have been backed up before or not
<Bilge> I see rdiff-backup does have an include/exclude system, but I can't see how to define an increment period
<Bilge> In my script I take a snapshot on the first of every month and subsequently perform incremental backups for the rest of that month only
<Bilge> My script also supports simulated runs and other handy features :)
<Bilge> But the real reason I wrote it is because I didn't research existing tools beforehand
<alexm> there's plenty of backup tools, using your own is fine as long as you're happy with it
<Bilge> rdiff doesn't seem to compress backups either
<Bilge> All mine are .tar.bz2'd
<Bilge> So I'm not regretting writing my own at this point
<alexm> we also used our own scripts plus tar and dd with DAT tapes at work, then omniback with DLT, then legato with LTO2 and now we use bacula with LTO3
<Bilge> Also, even though I can specify directories to include/exclude, my script also accepts a list of specific files piped to stdin, so I can build a complex search list using the full power of `find` with it
<alexm> Bilge: maybe you should package it and make it publicly available ;)
<alexm> what works for you may work for others too
<Bilge> It is pretty good :3
<Bilge> But it's not totally configurable
<Bilge> For example you cannot redefine the snapshot period, it's fixed at one month at the moment
<Bilge> You're obviously working for a pretty big company if you can afford to do tape backups and have resources to spare on revamping your backup strategy so often
<uvirtbot> New bug: #399248 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/399248
<alexm> Bilge: i'm working at a big university department and the revamping usually happens when tapes become too small to fit all the users data
<uvirtbot> New bug: #395428 in samba (main) "Panic or segfault in Samba (dup-of: 388483)" [Undecided,Incomplete] https://launchpad.net/bugs/395428
 * jmartelatpapirux is back (gone 02:25:39)
 * jmartelatpapirux has a doubt.
<jmartelatpapirux> Are the script-kiddies a serious problem?
<uvirtbot> New bug: #399282 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.1 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/399282
<forces> hi
<forces> hello?
<sommer> yo
<anirban>  anybody plz look after my problem plz plz .  error code : http://pastebin.ca/1494728
<ttx> slight overrun of the TB meeting... Team meeting in #ubuntu-meeting starting in a few minutes.
<acalvo> Hi!
<acalvo> I've a bunch of computers and printers, and I'd like to manage them using some kind of GUI or WEBUI. I've trying to find any solution that stores all this information under a PDC, but without much success. Does anybody know something that might help? Thanks
<alexm> acalvo: what do you mean by managing? keeping an inventory?
<acalvo> alexm, sort of, being able to see some relevant information, such as IP, MAC address, etc... and apply configuration per IP or per MAC
<alexm> ok, i see
<alexm> there are a few solutions out there whose name i don't remember right now, give me a few minutes
<acalvo> ok, thank you so much
<alexm> aptitude search inventory gave me ocsinventory-server
<acalvo> mmm ok, I've used that
<acalvo> but I need to deploy an agent on every computer
<acalvo> I thought something more automated, and maybe integrated with LDAP
<acalvo> register a computer/printer, make its attributes, fill them and so on
<acalvo> using a DHCP server, for example
<alexm> acalvo: i found glpi but i'm afraid isn't doing all you'd like to
<acalvo> are you doing a research thru all ubuntu's repository?
<alexm> maybe even less than ocsinventory
<acalvo> don't worry then, I was hoping that somebody had had the same problem as I do and found a solution
<acalvo> I'll try again with ocsinventory!!
<alexm> i'm looking package.ubuntu.com/ocsinventory-server related packages and also in packages.debian.org
<acalvo> thank you very much!!!
<alexm> there was something else, if i remember or find it i'll let you know
<acalvo> thank you!
<alexm> acalvo: i found quite a few entries in sourceforge.net... select systems administration category and then search for inventory
<alexm> the one i had in mind before is freenac (now opennac, i think): http://freenac.net/ and https://sourceforge.net/projects/opennac/
<alexm> we use openvmps at work to access control to our ciscos, and this one seems a good candidate to upgrade our current network database
<resno> I just installed Nagios from source and it looks awesome. Is it better to do that or to use the Ubuntu Nagios2 package?
<ttx> resno: it's better to use Ubuntu nagios3 package.
<ttx> (depending on the Ubuntu version you run, of course)
<alexm> nagios3 is available since intrepid
<resno> I see thanks.
<J_5> Anyone have a good link for a "how to" on installing nagios on Ubuntu 9.04?
<Jeeves_> 'apt-get install nagios3'
<Jeeves_> 'cd /etc/nagios3'
<Jeeves_> Edit away :)
<J_5> That's all there is too it?
<Jeeves_> jups
<Jeeves_> there might be some extra packages
<J_5> hmm, ok :)
<Jeeves_> 'apt-cache search nagios'
<Jeeves_> You may find other interesting packages
<J_5> I need apache and php also, right?
<Jeeves_> nagios-snmp-plugins, nagios-plugins*
<Jeeves_> apache yes, php no
<Jeeves_> but if thats needed, the package will take it along
<J_5> Hmm, ok thanks. Looks like I have my afternoon project
<dayo> which command-line mail tool to u use, for automated mails from your server services, e.g. your proxy sending a mail to you.
<alexm> J_5: nagios and munin are documented on karmic serverguide
<alexm> you can get the latest version with bzr branch lp:ubuntu-docs
<alexm> let me know if you need help building the html files
<ejat> how about nagiosql ?anyone try to package it ?
<J_5> how to do I see what "security update" my box needs before I install them?
<alexm> J_5: you mean which version is going to be installed?
<J_5> Yes
<alexm> apt-cache policy nagios3
<Pirate_Hunter> anyone here familiar with ispconfig or knows where i can get help with it?
<Pirate_Hunter> anyone here familiar with ispconfig or knows where i can get help with it?
<shivek> is the command  "sudo dkvg reconfig ddclient"  correct ?
<Pirate_Hunter> dpkg
<Pirate_Hunter> the rest i aint too sure
<Pirate_Hunter> isnt it dhclient?
<resno> Pirate_Hunter: I remember finding a link on linux forums. Its a few years old at this point. Try googling it.
<Pirate_Hunter> resno, link about what, my problem and a few year old, how few?
<resno> Pirate_Hunter: Let me see if I can pull it up.
<Pirate_Hunter> resno, my problem is that i have compiled it succesfully but get connection refused in browser its the second time
<shivek> pirate-hunter: let me check
<resno> Pirate_Hunter: oh, I thought you were asking a question about getting it installed and configured.
<Pirate_Hunter> resno, sorry shouldve stated that from the begining but would you be able to help i dont know what is the problem
<resno> Pirate_Hunter: might it be a firewall issue?
<Pirate_Hunter> resno, clean install no firewall on not even ufw
<Pirate_Hunter> not yet anyway
<resno> is the server running?
<resno> i mean, ispconfig server running
<resno> try running /etc/init.d/ispconfig_server start
<Pirate_Hunter> 8.04 follwed the tut from here (http://www.howtoforge.com/perfect-server-ubuntu8.04-lts-p7) and the homesite (http://www.ispconfig.org/manual_installation.htm)
<resno> Pirate_Hunter: which version of ispconfig are you running?
<shivek> I have converted my pc into a web server. Now how to add files and all ?
<Pirate_Hunter> ispc 2
<shivek> Pirate_Hunter: Is it for me (shivek)
<Pirate_Hunter> nope my last post was for resno
<shivek> OK
<Pirate_Hunter> resno, any idea?
<resno> Pirate_Hunter: the guide says its for 3
<resno> shivek: scp-secure copy paste or ftp
<Pirate_Hunter> there is for 2 & 3 you have to find the right one
<shivek> resno : It isn't ftp. But I don't know about scp.
<resno> You are asking how to add files. there are two methods- ftp or scp. SCP you need to install on your server.
<shivek> resno: I meant webpages.
<shivek> Not files
<shivek> "F
<Pirate_Hunter>  my problem is that i have compiled ispconfig succesfully but get connection refused in browser its the second time can someone help me sort this out
<shivek> pirate_hunter:  I don't know about your problem but can you tell me how to upload webpages on my website.
<shivek> I meant server
<Pirate_Hunter> if you done it right like resno stated ftp or scp you really should investigate how to do so online specially how the server works, your one to say the least
<resno> Pirate_Hunter: are you still having problems?
<Pirate_Hunter> resno, yup no clue how to identify the problem syslog gives me nothing
<resno> Pirate_Hunter: did you try post 81
<Pirate_Hunter> resno, is that a command?
<resno> Pirate_Hunter: No, my mistake. when you access it in your browser, what port are you using?
<Pirate_Hunter> resno, 81 just like the default
<resno> Pirate_Hunter: issue this command in terminal iptables -L
<resno> paste the output here: http://dpaste.com/
<Pirate_Hunter> resno, http://dpaste.com/67087/
<resno> is that the complete file?
<Pirate_Hunter> resno, yup that is all youll get
<resno> Try issuing this command: /etc/init.d/ispconfig_server start
<Pirate_Hunter> /root/ispconfig/httpd/bin/apachectl startssl: httpd (pid 4961) already running
<Pirate_Hunter> its already running on the system yet I cant login or even access the page
<Pirate_Hunter> resno, i can post my syslog maybe it will make more senser
<Pirate_Hunter> to you
<resno> Post it on dpaste.com, I am no expert.
<resno> You are using the 8.04 server and not 9.04 right?
<Pirate_Hunter> resno, lol yup 8.04
<Pirate_Hunter> resno, http://pastebin.com/f23677da0
<Pirate_Hunter> resno, not sure of what to make of this xubuntu-server /USR/SBIN/CRON[7442]: (root) CMD (/root/ispconfig/php/php /root/ispconfig/scripts/shell/check_services.php &> /dev/null), why would it be null
<resno> is this on an internal network? behind a router?
<Pirate_Hunter> resno, its one of my  box connected through a hub to the router, why you ask?
<resno> Pirate_Hunter: Is its IP 192.168.1.80?
<Pirate_Hunter> resno, yup
<Pirate_Hunter> resno, didnt think syslog would divulge that
<resno> Pirate_Hunter: surprise, surprise. line 4005
<resno> Pirate_Hunter: try 192.168.1.80:53
<Pirate_Hunter> resno, ahhhhhh still can you figure anything out why its being blocked
<Pirate_Hunter> awwww*
<resno> did the address above work?
<Pirate_Hunter> resno, oh ddint check one sec
<thierry> hi, can anyone point me some ressource to setup apache2 to the right userdir?
<Pirate_Hunter> resno, no msg - access denied to port 53 of .... the address us a network port which is normally used for purposes other than web browsing. The request has been cancelled for your protection
<Pirate_Hunter> resno, yah the system has ports which are closed but i need the ispc port to work
<resno> Pirate_Hunter: not sure, where to go..
<resno> i didnt see the port running on file, so i guessed at trying that one
<Pirate_Hunter> resno, awww :'( apparently this was supposed to be easy to follow giving me more of a headache and they dont even have an irc :/
<resno> Pirate_Hunter: only suggestion i have is to uninstall and reinstall
<Pirate_Hunter> resno, oh for fudge sake there irc is on invite only i mean wat de fudge
<Pirate_Hunter> resno, this si the second time installing it while following there guides
<firecrotch> Pirate_Hunter: Still having troubles with ISPConfig?
<Pirate_Hunter> firecrotch, yup cant make tails out of the thing why would it refuse the connection when it installed properly
<firecrotch> I probably asked this last time, but did you try accessing the page locally?
<cemc> hi. where can i change the number of minute a sudo password is remembered?
<cemc> number of minutes*
<Pirate_Hunter> firecrotch, how would i access locally you mean on the actual box than yes its the second install also ive changed from https to http
<firecrotch> Pirate_Hunter: From a browser on the machine running ISPConfig
<Pirate_Hunter> firecrotch, i did that is were i try to access it from and the connection is refused and i ahve no clue why, havent found a log for ispc yet which can actually help
<firecrotch> ah alright
<Pirate_Hunter> firecrotch, any ideas their irc is invite only so i wont be gaining access any time soon
<firecrotch> Pirate_Hunter: Firewall on the machine blocking the connection?
<Pirate_Hunter> firecrotch, covered that and no clean install no firewall currently running
<Pirate_Hunter> firecrotch, would my router be blocking the connection would i need to do anything to it?
<firecrotch> Pirate_Hunter:  Router shouldn't be involved at all if you're accessing it from the same machine
<resno> Pirate_Hunter: if you are accessing it from within the same network that wouldnt be ap roblem
<resno> firecrotch: how would open a browser on a server?
<firecrotch> resno:  Some people install a GUI on their servers.  Or links
<resno> firecrotch: ah, i see.
<Pirate_Hunter> resno, default install of icwm and epiphany-browser nothing else for me keep it simple and no gdm etc
<Pirate_Hunter> firecrotch, i use w3m no point installing extra packages still geting used to it
<firecrotch> Ubuntu Server needs a nice default GUI with similar tools to what Windows SBS has
<resno> firecrotch: ive actually always liked not having a gui...
<firecrotch> resno: I like it too, but it would make it easier to replace windows with ubuntu-server for a lot of sysadmins
<bogeyd6> i dont think it would
<bogeyd6> windows server active directory
<firecrotch> what about AD?
<bogeyd6> wrong windows boys, soz
<firecrotch> ah lol
<Pirate_Hunter> no one here can help me?
<bogeyd6> Pirate_Hunter, what is the question?
<Pirate_Hunter> bogeyd6, ispconfig wont connect through on port 81 as connection is being refused
<bogeyd6> it probably is being refused
<bogeyd6> you opened up the firewall ?
<bogeyd6> Pirate_Hunter, "/etc/init.d/ispconfig_server start"    and then a "netstat -tap"
<Pirate_Hunter> no firewall running at the moment, cant go into their irc cause its invite only, no logs stating the problem, compiled correctly but browser feature wont work
<Pirate_Hunter> bogeyd6, http://pastebin.com/f7ae9d127
<bogeyd6> lemme finish up a windows-server guy
<bogeyd6> another exchange problem solved
<bogeyd6> Pirate_Hunter, how do you have your ispconfig logging configured
<Pirate_Hunter> bogeyd6, there is no such thing at least not one that i read while installing it
<Pirate_Hunter> bogeyd6, if there is its being logged somewhere that i dont know
<bogeyd6> oh ok good
<bogeyd6> do you use root or sudo?
<bogeyd6> Pirate_Hunter, do you use root or sudo
<bogeyd6> Pirate_Hunter, ispconfig logs are usually in /var/log
<bogeyd6> Pirate_Hunter, you need to tail the apache error log or the ispconfig log while you are trying to connect to figure out the problem
<bogeyd6> anyways, im outta here for the day. got a business trip schedule to put together
<Pirate_Hunter> ok
<bogeyd6> also
<bogeyd6> Pirate_Hunter, There are logs in /home/admispconfig/ispconfig.log, the webserver log is under /root/ispconfig
<bogeyd6> good luck
<Pirate_Hunter> thanks
<bogeyd6> Pirate_Hunter, known working instructions to install from scratch at http://www.ispconfig.org/docs/INSTALL_UBUNTU_8.04.txt
<bogeyd6> works on 8.04.1 also
<bogeyd6> does not work on 9
<Pirate_Hunter> bogeyd6, ive been using this tut http://www.howtoforge.com/perfect-server-ubuntu8.04-lts-p7 and the installl manual from the home site if it still doesnt work im thinking w**
<sivel> hey guys.  I noticed a blog post about creating a PHP PPA.  Has one been created yet?
<sivel> looking for PHP 5.3 packages to test an applications compatibility
<bogeyd6> Pirate_Hunter, those howto forge tutorials are notorious for having problems, especially with the customization they do
<balloooza> sivel: hi again\
<sivel> balloooza: hey ;)
<sivel> BTW, this is the post I was referring to http://ubuntuserver.wordpress.com/2009/07/09/server-team-20090707-meeting-minutes/
<sivel> trying to install in jaunty btw
<Pirate_Hunter> bogeyd6, yup it seems so might unninstall and do it again but not today considering how long it has taken to put this up
<balloooza> sivel: I guess php5.3 has been out for years, so there seems to be little rush to change (I am allways one for the latest and greatest, and somthing that has been out for years, and is not int eh latest repositorys is certainly wierd)
<sivel> balloooza: it was actually just released not long ago
<sivel> June 30, 2009
<sivel> about 2 weeks ago
<balloooza> sivel: wow, I did not realize that, I thought had not released anything for years (like the last thing was almoest 2 years ago) two weeks is short for somthing, I would wait for 10.04 ubuntu server, I only use LTS for server
<balloooza> 10.04 will likely have php 5.3, probobly not karmic, but you never know
<sivel> according to the meeting from last week it will likely be added to karmic
<sivel> "It was decided to push 5.3 into a PPA to get wider testing from the Ubuntu community. Once the suhosin patch is ported to 5.3 and enabled in the build 5.3 can be uploaded to karmic."
<balloooza> Great, karmic is  coming soon (compared to 10.04) Sorry for the incorrect information, I have not read any server news lately, I just use what ubuntu has, and do not realy care what version is in the .* place, but 5.2 >5.3 seems like many new features
<Tumie> hi, i'm using apache2 , and i want to enable mod_rewrite,, but i've no idea, how i need to do that,
<Bilge> On, the plus side, at least you have mastered, commas
<Tumie> i'm using too much, i know..
<Bilge> sudo a2enmod rewrite
<Tumie> thanks
<KillMeNow> Tumie, make sure you read up on creating the rewrite rules with the VIrtual Host block
<uvirtbot> New bug: #399459 in open-iscsi (main) "open-iscsi in hardy fails to install in pbuilder as a build-dependency" [Undecided,Fix released] https://launchpad.net/bugs/399459
<rsr> hello
<zetanuxi> is there a GUI for 9.04, or is it all command line?
<rsr> how can I see what time cron executes its daily scripts?
<rsr> zetanuxi: If you want a gui you have to install ubuntu-desktop
<rsr> default install has no gui
<zetanuxi> rsr: is that an aptitude install? or do i have to build the server from the desktop version?
<rsr> its an aptitude install
<rsr> althoug I use apt-get
<zetanuxi> rsr: thank you! thats a huge help.
<rsr> np
<uvirtbot> New bug: #394398 in open-iscsi (main) "Logic to determine expected number of running session wrong (regression in hardy's open-iscsi 2.0.865-1ubuntu3.1)" [High,New] https://launchpad.net/bugs/394398
#ubuntu-server 2009-07-15
<twb> !partner
<ubottu> The Ubuntu partnership program is designed to encourage, recognise and endorse Ubuntu expertise and commercial initiatives. It is structured to foster a healthy ecosystem surrounding Ubuntu, to highlight those companies with certified expertise in Ubuntu and a deeper relationship to Canonical. See http://www.ubuntu.com/partners for more information.
<twb> I have a Dapper system in front of me which may have been compromised.
<twb> How can I compare the checksums of all files of all installed packages against what is expected (i.e. listed in /var/lib/dpkg/info/*.md5sums)?
<twb> #debian told me: debsums.
<uvirtbot> New bug: #399571 in dhcp3 (main) "package dhcp3-client 3.1.1-5ubuntu8.1 failed to install/upgrade: subprocess post-installation script returned error exit status 255" [Undecided,New] https://launchpad.net/bugs/399571
<uvirtbot> New bug: #399588 in dhcp3 (main) "package dhcp3-client 3.1.1-5ubuntu8.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/399588
<quizme> hi, i tried to set up a subdomain
<quizme> but it ain't workin'
<quizme> http://dev.thirdreplicator.com/
<quizme> and no errors in my apache log either
<twb> That sounds more like a question for #apache
<twb> Or #httpd or whatever those jackasses use
<Bilge> How can I write a script that has to pass a password to a program such as a script that connects to a MySQL database
<alexm> Bilge: expect
<Bilge> I don't like using non-standard commands in my scripts :P
<alexm> you can try to make your own expect, but i doubt it's worthwhile
<alexm> expect it's been well known and quite useful for a long time, and it's available for Perl and Python too
<alexm> OTOH, in the case of MySQL database there are quite a few options to pass the password
<sandstrom> test
<sandstrom>  /etc/init.d/ufw start says "problem running /etc/ufw/before.rules". How can I get something more verbose, like what rules fail?
<Bilge> How exactly is expect going to allow me to pass my password without storing it in a text file
<_ruben>   -p, --password[=name]
<_ruben>                       Password to use when connecting to server. If password is
<_ruben>                       not given it's asked from the tty. WARNING: This is
<_ruben>                       insecure as the password is visible for anyone through
<_ruben>                       /proc for a short time.
<dayo> how to i let my 32-bit server see all 10GB of RAM? it's an Alternate CD installation.
<Jeeves_> dayo: 32-bit and 10GB ram is not really compatible, afaik
<_ruben> wouldnt the -server kernel do the job, or does have pae have its limits as well?
<_ruben> damn .. i really type like shit lately
<henkjan_> alternate installation maybe doesnt install the -server kernel
<henkjan_> -server kernel is pae and should work with 32bit and lots of ram
<dayo> Jeeves_: henkjan_: so all i need to do is install a 32-bit server kernel?
<Jeeves_> dayo: That might do the trick than, yes
<dayo> Jeeves_: ok, i'll try that. thanks
<to_> hi
<to_> I'm configuring my dns server reading this documentation https://help.ubuntu.com/9.04/serverguide/C/dns-configuration.html but how can I find my own ip address like 192.168.1.10 ? how can I know it?
<alexm> Bilge: when you said you want to pass the password to a command, where does the password come from?
<acalvo> Hi!
<acalvo> I've a PDC with PAM authentification, and I've deleted a user to recreate it. However, the UID seems to be in used already, is there any way to see/manage all UIDs used?
<sandstrom>  /etc/init.d/ufw start says "problem running /etc/ufw/before.rules". Anyone know if I get something more verbose, like what rules fail? Any help is appreciated!
<MT-> I'm getting a WHOLE lot of these lines in /var/log/syslog - Jul 14 07:51:14 insto -- MARK --
<Daviey> MT-: That is by design, you can disable it if you wish
<Daviey> MT-: Currently getting it every 20 mins?
<MT-> Daviey: y
<MT-> a
<MT-> Daviey: I'll let it keep ruinning, just read what it's for
<MT-> I'll just white list it in logcheck
<MT-> Daviey: you know regex?
<Daviey> STAND BACK, I KNOW REGULAR EXPRESSIONS!
<MT-> Daviey: I was just wondering if this looks right -    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: pam_unix\(cron:session\): session (opened|closed) for user (logcheck|root|smmsp)(| by \(uid=0\))
<Daviey> to match what string?
<MT-> I want it to catch lines such as "Jul 14 00:02:10 insto CRON[28104]: pam_unix(cron:session): session closed for user logcheck" but for opened or closed, for user logcheck, root, or smmp, and whether or not the last piece is there. The last part whould be optional.
<MT-> Daviey: sorry, 22hr no sleep on a short nap prior - I already type so and this is making it worse :P
<Daviey> hmm.. your test string does not match your sample string :(
<MT-> which part doesn't?
<MT-> Daviey: http://pastebin.ubuntu.com/218820/
<MT-> Daviey: was I at least close?
<Daviey> MT-: yeah.. sorry you don't have my full attention :(
<MT-> :(
<MT-> Daviey: will you help me anyway?
<Daviey> MT-: "?" is a good way of making  a part optional
<Daviey> ie [by \(uid=0\)]?
<MT-> did you see anything else wrong with it?
<MT-> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: pam_unix\(cron:session\): session (opened|closed) for user (logcheck|root|smmsp)[ by \(uid=0\)]?
<uvirtbot> MT-: Error: ":0-9" is not a valid command.
<MT-> uvirtbot: I think you're a little confused
<uvirtbot> MT-: Error: "I" is not a valid command.
<MT-> Daviey: I'll try that out. When it runs again it'll be palinly obvious how well it worked
<MT-> thansk :)
<MT-> thanks*
<Daviey> i think it's ok
<MT-> :)
<jdstrand> sandstrom: ufw is just running iptables-restore. eg 'sudo iptables-restore -n < /etc/ufw/before.rules'
<sandstrom> jdstrand: thanks! Btw. your previous help on the missing state modul was helpful. After some discussion back and forth they admitted that it was wrong, and had some parallels guy go in and fix it. So thanks again!
<jdstrand> sure
<sandstrom> jdstrand: running the command gives me iptables-restore: line 71 failed. Line 71 is the sole command COMMIT
<ivoks> why o why is my /dev/random idle?
<jdstrand> sandstrom: then I would recommend simply running each rules line in before.rules with 'iptables' prepended to it
<jdstrand> eg
<jdstrand> -A ufw-before-input -i lo -j ACCEPT
<jdstrand> becomes:
<sandstrom> thanks! I'll try that
<jdstrand> sudo iptables -A ufw-before-input -i lo -j ACCEPT
<uvirtbot> New bug: #399638 in nspluginwrapper (multiverse) "package dhcp3-common 3.1.1-5ubuntu8.1 failed to install/upgrade: package dhcp3-common is already installed and configured" [Undecided,New] https://launchpad.net/bugs/399638
<jdstrand> sandstrom: you may want to read 'man iptables' about flusing tables, etc
<jdstrand> bug #399638
<uvirtbot> Launchpad bug 399638 in nspluginwrapper "package dhcp3-common 3.1.1-5ubuntu8.1 failed to install/upgrade: package dhcp3-common is already installed and configured" [Undecided,New] https://launchpad.net/bugs/399638
<sandstrom> jdstrand: thanks!
<sandstrom> jdstrand: the filter syntax in the beginning, filter* :ufw-before-input - [0:0] etc. doesn't map directly onto iptables so that iptables :ufw-before-input - [0:0] => error. Can I safely ignore them?
<jdstrand> yes
<jdstrand> that is a short-hand for creating/flushing the tables
<uvirtbot> New bug: #399468 in samba (main) "samba 3.4.0 depends on ufw" [Undecided,Triaged] https://launchpad.net/bugs/399468
<Bilge> Is there somewhere that documents what all the entries under /dev are?
<ForeverSmurf> hello
<ForeverSmurf> I am attempting to install ubuntu on a remote server for the first time
<ForeverSmurf> I have followed the following guide: https://help.ubuntu.com/community/Installation/OverSSH
<ForeverSmurf> it is an athlon 3800 server with 1GB of ram
<ForeverSmurf> I choose to use the debootstrap_1.0.13~jaunty1_all.deb bootstrap package
<ForeverSmurf> imo everything is installed correctly
<ForeverSmurf>  I have installed grub too which was error free
<ForeverSmurf> however, the server refuses to boot
<ForeverSmurf> I am attempting to get serial consol output from grub but again... no luck
<ForeverSmurf> I'm at a loss as to what to do next
<ForeverSmurf> I do have a question: what is the difference between debootstrap-udeb_1.0.13~jaunty1_all.udeb and debootstrap_1.0.13~jaunty1_all.deb
<ForeverSmurf> serial console output is enabled on the kernel command line too
<Sam-I-Am> you sure grub is pointing to the right place?
<Sam-I-Am> does grub even come up?
<ForeverSmurf> no.... I can't see it from the serial console
<ForeverSmurf> I added those 2 lines    'serial --unit=0.....' and 'terminal --timeout=....' from the http://tldp.org/HOWTO/Remote-Serial-Console-HOWTO/configure-kernel-grub.html guide to the top of grub.conf
<ForeverSmurf> I installed grub using
<ForeverSmurf> root (hd0,0)
<ForeverSmurf> setup (hd0)
<ForeverSmurf> the /dev/sda hard drive IS bootable
<ForeverSmurf> I also installed grub on the other (unused hard drive)
<ForeverSmurf> root (hd1,0)
<ForeverSmurf> setup (hd1)
<ForeverSmurf> the fact that I get nothing on the remote serial console for both grub and the kernel makes it more likely to be a grub/boot issue
<ForeverSmurf> this is my second attempt btw
<ForeverSmurf> the first one went smoothly too
<ForeverSmurf> just didn't fucking boot ;-)
<Sam-I-Am> well, if grub is configured for serial... and you're not seeing any output... i wonder if its even loading grub at all
<Sam-I-Am> might be confused with more than one disk
<ForeverSmurf> yes, that's my opinion
<ForeverSmurf> is it worth trying lilo?
<ForeverSmurf> is it supported?
<Sam-I-Am> lilo might work... although its extremely difficult to debug anything when you can't see it
<ForeverSmurf> or is there some kind of futher testing I could do with grub
<ForeverSmurf> my partition layout is simple
<Sam-I-Am> well, if you had serial output that'd be good
<Sam-I-Am> so grub is on the mbr, right?
<ForeverSmurf>   /dev/sda1 is '/'
<ForeverSmurf>    /dev/sda2 is swap
<ForeverSmurf> yes
<ForeverSmurf> setup (hd0) installs grub on the mbr right?
<Sam-I-Am> as long as hd0 is mapped to sda :)
<ForeverSmurf> yes  I also type device (hd0) /dev/sda
<ForeverSmurf> and device (hd1) /dev/sdb
<ForeverSmurf> is there some way of displaying the mbr
<ForeverSmurf> to check it
<Sam-I-Am> are you in the system?
<ForeverSmurf> sec
<Sam-I-Am> you can dd if=/dev/sda bs=512 count=1 ... that'll get your MBR
<Sam-I-Am> it wont particularly be interesting, but it might say 'grub' somewhere
<ForeverSmurf> it's rebooting into the recovery system
<Sam-I-Am> so this thing has serial but no vga?
<ForeverSmurf> correct
<ForeverSmurf> it's a remove rack server I assume
<Sam-I-Am> ah
<ForeverSmurf> with www.1and1.com
<ForeverSmurf> remote
<Sam-I-Am> so how are you getting serial output?
<Sam-I-Am> terminal server?
<ForeverSmurf> ok... I am in
<ForeverSmurf> apache
<ForeverSmurf> ssh
<ForeverSmurf> postfix
<ForeverSmurf> etc....
<Sam-I-Am> i mean, how are they getting serial output to you?
<Sam-I-Am> it worked enough to install, right?
<ForeverSmurf> console=tty0 console=ttyS0,57600 load_ramdisk=1 prompt_ramdisk=0 ramdisk_size=235280 initrd=linux/rescue32-2.6-sarge.gz pw=$1$6HXoFCFz$njvZtuCPeayMCyNClcorl/ tz=Europe/London root=/dev/ram0 rw BOOT_IMAGE=linux/kernel32-2.6
<ForeverSmurf> that is the /proc/cmdline of rescue system
<ForeverSmurf> so the important lines here are console=tty0 console=ttyS0,57600
<ForeverSmurf> which is what I added to my grub.conf file
<ForeverSmurf> I also enabled the serial output directly from grub itself
<Sam-I-Am> grub does serial at 57600?
<ForeverSmurf> I think it can do
<ForeverSmurf> not sure
<ForeverSmurf> there is an option called serial to grub
<Sam-I-Am> well, if whatever contraption your provider is using to forward is using 57600, then grub needs to use 57600, otherwise you wont see anything... or it'll be junk
<ForeverSmurf> I am not seeing anything at all
<Sam-I-Am> do you have a --speed after the serial directive in grub?
<ForeverSmurf> yes.... I specified serial --unit=0 --speed=57600 --word=o --parity=no --stop=1
<ForeverSmurf> does that look good?
<Sam-I-Am> whats --word=o ?
<Sam-I-Am> should be 8
<ForeverSmurf> ah, I'll change it
<Sam-I-Am> or just leave it out
<Sam-I-Am> just having --speed=57600 should work
<ForeverSmurf> ok
<Sam-I-Am> should default to 8N1
<ForeverSmurf> is it safe to omit --unit=0
<ForeverSmurf> is that also default?
<Sam-I-Am> you need that, if you're using whatever the system thinks is com1
<ForeverSmurf> --parity=no --stop=1
<ForeverSmurf> should I remove them too?
<Sam-I-Am> you can leave those out
<ForeverSmurf> ok
<ForeverSmurf> I'll try another boot
<ForeverSmurf> see if I get anything
<Sam-I-Am> make sure you write grub's config out :)
<ForeverSmurf> the line 'terminal serial'   is correct too right?
<Sam-I-Am> terminal serial?
<Sam-I-Am> hmm
<ForeverSmurf> http://pastebin.com/m36591f87
<ForeverSmurf> that is my entire grub config
<ForeverSmurf> oh wait
<ForeverSmurf> cut some off
<ForeverSmurf> http://pastebin.com/m124cb933
<Sam-I-Am> the serial stuff looks ok
<ForeverSmurf> oh, I forgot I tried with raid this second time around
<ForeverSmurf> that's why I have two entries
<Sam-I-Am> well, the serial stuff should be fixed... hopefully you'll at least get output now
<Sam-I-Am> then you can troubleshoot the next problem
<ForeverSmurf> when you say make sure I write grubs config out
<ForeverSmurf> your mean running grub
<Sam-I-Am> yes
<ForeverSmurf> device (hd0) /dev/sda
<ForeverSmurf> root (hd0,0)
<ForeverSmurf> setup (hd0)
<ForeverSmurf> device (hd1) /dev/sdb
<ForeverSmurf> root (hd0,0)
<ForeverSmurf> setup (hd1)
<ForeverSmurf> replace the second root (hd0,0) with root (hd1,0)
<acalvo> Hello again!
<ForeverSmurf> hello
<acalvo> I'd like to know if there is any alternative to make a software portal, like the CITRIX software does
<acalvo> to let user deploy themselfs some applications
<Sam-I-Am> ForeverSmurf: you might be confusing grub with all the extra crap for the second disk... just have it look at the first one for now.
<ForeverSmurf> the disks are identical
<ForeverSmurf> raid
<ForeverSmurf> sorry, I forgot I was running raid
<ForeverSmurf> first attempt at installing ubuntu on the server I left out the raid
<ForeverSmurf> so I tried again with raid
<Sam-I-Am> well, right now the only thing that matters is getting grub to see the serial port
<ForeverSmurf> nothing yet
<Sam-I-Am> because if that doesnt work you can't do anything else
<ForeverSmurf> yes, I agree
<ForeverSmurf> no joy ;-(
<Sam-I-Am> you could try changing the --unit to 1 or 2
<ForeverSmurf> ok
<ForeverSmurf> I just found this http://www.wehave.net/linux/custom1and1.html
<ForeverSmurf> there is an entry in there for serial consol
<ForeverSmurf> looks same as mine
<ForeverSmurf> but I only have serial --unit=0 --speed=57600
<ForeverSmurf> without the --word=8 --parity=no --stop=1
<ForeverSmurf> is it safe to remove everything from grub appart from the serial consol
<ForeverSmurf> and terinal
<ForeverSmurf> for testing
<Sam-I-Am> probably
<Sam-I-Am> try that config you posted...
<ForeverSmurf> if there is nothing in there will it output anything at all?
<Sam-I-Am> should see a prompt
<Sam-I-Am> or it just telling you its confused
<ForeverSmurf> fingers crossed
<ForeverSmurf> I found this too http://forum.r1soft.com/archive/index.php/t-771.html
<ForeverSmurf> there entires in grub seem to work
<ForeverSmurf> nope
<ForeverSmurf> not looking good at all
<ForeverSmurf> suggests there is something very wrong with my grub
<ForeverSmurf> all the output looks perfect though
<Sam-I-Am> no serial output tho?
<ForeverSmurf> http://pastebin.com/m7f575a53
<ForeverSmurf> no serial ouput
<ForeverSmurf> nothing
<ForeverSmurf> can't login
<ForeverSmurf> imo grub is not even being loaded
<DormantOden> hey ubuntu-server people, every few days my server dies with a "Kernel panic - not syncing error", or just a massive trace =S Anyone know what might cause this?
<ForeverSmurf> maybe I'll try again without raid
<ForeverSmurf> DormantOden, looks like a disk IO error
<DormantOden> I uploaded a picture of it in case it helps: http://dormantmind.com/personal/uploaded/DormantOden/error.JPG
<ForeverSmurf> not syncing is todo with HD right?
<DormantOden> hmmm, isee
<ForeverSmurf> wow, nice screen
<DormantOden> lol
<DormantOden> its usually headless :P
<ForeverSmurf> do you wear glasses?
<DormantOden> no
<ForeverSmurf> you will need some if you look at that screen much longer
<DormantOden> it says "low radition" on it xD
<ForeverSmurf> low radiation for 1980
<ForeverSmurf> high radiation for 2009
<ForeverSmurf> those old screen are dangerous
<DormantOden> could it be due to the kde?
<DormantOden> Ive just seen the line at the top that says ? crash_kexec+....
<ForeverSmurf> well, it mentions smp and irq in there
<DormantOden> whats that
<ForeverSmurf> could be some kind of smp interupt race condition
<ForeverSmurf> I have no idea what that is
<ForeverSmurf> but I think I heard someone say it before
<DormantOden> heh, ok, Ill google
<ForeverSmurf> anyhow
<_ruben> if it runs kde, it aint a server ;)
<ForeverSmurf> it looks more like a kernel linux problem
<ForeverSmurf> rather than something ubuntu specific
<DormantOden> _ruben, some people needed a GUI... You can teach them bash if you want xD
<_ruben> yes, but support-wise that tends to turn a "server" into a "desktop"
<DormantOden> pfff, splitting hairs
<ForeverSmurf> welll
<ForeverSmurf> at least your server runs
<ForeverSmurf> I can't get my working
<DormantOden> this is true
<DormantOden> although the memtest wont load into memory for some reason... stupid grub
<DormantOden> whats up with yours ForeverSmurf?
<ForeverSmurf> can even get grub to load
<ForeverSmurf> what is the difference between debootstrap-udeb_1.0.13~jaunty1_all.udeb and debootstrap_1.0.13~jaunty1_all.deb
<ForeverSmurf> I used the later
<ForeverSmurf> is that an issue?
<Sam-I-Am> i'd use the .deb
<_ruben> the first is only used by the installer, the latter is to be used within an already installed system
<ForeverSmurf> ok. I selected the correct one then
<ForeverSmurf>   /usr/sbin/debootstrap --arch i386 jaunty /mnt/ubuntu http://archive.ubuntu.com/ubuntu
<ForeverSmurf> wat that command correct?
<acalvo> does anyone know a good way to deplay images (like with a partimage server) but changing the machine name of a windows xp?
<Steve[mbp]> Morning
<Steve[mbp]> Morning everyone!
<acalvo> Steve[mbp]: morning? wow, it's 5 pm here!
<_ruben> acalvo: how is windows xp related to ubuntu-server?
<acalvo> _ruben: using partimage?
<acalvo> it's not so related to ubuntu-server, but I guess most of the people that join this channel are working with domains and stuff, so maybe someone had the same problem/question as I had and I can take an advise from him
<neXus> acalvo: no only the domains, also can be something else :)
<acalvo> neXus: well, I guess you get my point
<neXus> acalvo: sure :)
<alexm> acalvo: i guess that dhcp does not the trick, does it?
<acalvo> alexm: well, no, since I need to, at least, run some script into the machine (AFAIK)
<acalvo> I don't know if using, say DHCP/BOOTP, can get the machine name and domain name
<DormantOden> oh globbits.... now my server only lasts 2 minutes xD Hows your server life going ForeverSmurf?
<alexm> you can set dns hostname and domain name through dhcp, but i'm not so sure about windows computer name
<acalvo> alexm: yes, that what I guess
<acalvo> bye!
<Bilge> Is there somewhere that documents what all the entries under /dev are?
<jpds> Bilge: http://www.atnf.csiro.au/people/rgooch/linux/docs/devfs.html
<Ng> where would libvirt/kvm be putting their logs? I'm trying out kirkland's kvm backport with virt-install and it's kinda not really doing anything and I can't see any evidence as to why
<Ng> there's nothing particularly helpful in /var/log/libvirt/qemu/$guestname.log
<Daviey> Ng: if it's dieing, there should be logs there that show the segfault
<Daviey> Ng: on another note, logrotate seems over-keen on them :/
<Daviey> root@katana:/var/log/libvirt/qemu# ls -al | wc -l
<Daviey> 227
<Daviey> root@katana:/var/log/libvirt/qemu# du -h
<Daviey> 680K	.
<Daviey> thanks for gz'ing empty logs :)
<Daviey> Ng: The top line of the log shows the kvm line libvirt is spawning.. have you tried running that manually
<ball> If I add a user with useradd, will that user be able to sudo?
<ball> (does it depend on group membership?)
<RoAkSoAx> ball, after you add the user you need to add it sudo rights like: adduser <user> admin
<RoAkSoAx> and it will be able to sudo
<ball> RoAkSoAx: I don't want him to have sudo rights, so it sounds as though what I want is the default.
<infinity> ball: And you want adduser, not useradd.
<RoAkSoAx> ball, yes. :)
<ball> Thanks
<ball> Oh, I used useradd
<ball> Is that wrong?
<infinity> adduser is a frontend to useradd that enforced extra system policy, makes sure homedirs are set up how you want, blah blah.
<infinity> Either one will add a user though, if all you really cared about was an entry in /etc/passwd.
<ball> I used -m and -b /home
<infinity> Yeah, adduser avoids the needs for -m and -b...
<infinity> Among other things.
<infinity> *shrug*
<infinity> (default usergroups, for instance too)
<Ng> Daviey: I'll give that a go
<ball> hello dinger1986
 * infinity wonders if dinger's clients will keep connecting until we get to dinger2009...
<Ng> wrt bug 269881, comment #4 suggests that --accelerate doesn't do what the manpage says it does. Is that right? Which option does make virt-install tell kvm to use hardware virtualisation?
<uvirtbot> Launchpad bug 269881 in virtinst "Receive "Unsupported virtualization type" unless the -v option is used" [Low,Confirmed] https://launchpad.net/bugs/269881
<ivoks> doesn't kvm do that by default?
<ivoks> it uses /dev/kvm if it exists
<ivoks> oh, hi Ng :)
<Ng> I have /dev/kvm, it's supported hardware and the only option I can pass to virt-install that makes it not say "Unsupported virtualization type" is --hvm which seems to make it call the underlying tool (qemu-system-x86_64 weirdly, not kvm) with -no-kqemu and it then consumes a *bunch* of CPU
<Ng> hi :)
<ivoks> let me boot my virt server
<Daviey> Ng: does that produce "<domain type='kvm'>
<Daviey>   <os>
<Daviey>     <type arch='x86_64' machine='pc'>hvm</type>
<Daviey> ... If so, that is correct
<Ng> <domain type='qemu'>
<Ng>     <type arch='x86_64' machine='pc'>hvm</type>
<ivoks> that's wrong
<ivoks> domain type should be kvm
<Daviey> Ng: You *could* just change it, and re-define it..
<ivoks> hvm means - virtualized
<Daviey> but would be nice to find out the underlying bug
<Daviey> ivoks: but to be "helpful" os type should be hvm :)
<ivoks> 'virt-install --accelerate' should be enough
<Ng> --accelerate gives me the "Unsupported virtualization type"
<ivoks> running as a user or root? :)
<Ng> root all the way down
<ivoks> hm
<ivoks>       msg = _("Unsupported virtualization type '%s' " % (os_type and os_type
<ivoks>                                                            or _("default")))
<Ng> http://paste2.org/p/327165 - that's the command I used
<alexm> ivoks: i have <domain type='kvm' id='1'> but also <type arch='x86_64' machine='pc'>hvm</type>
<Daviey> alexm: /me has already mentioned this
<ivoks> alexm: right, that's ok
<ivoks> what's wrong is domain type qemu, which Ng has
<alexm> Daviey: just confirming that i got it that way too
<alexm> okay, now i realize that Ng had domain type qemu, sorry for intruding
<ivoks> Ng: that command works for me :)
<ivoks> Ng: could you paste the output of it?
<Daviey> ivoks / Ng, Are you both using the same release?
<Daviey> it has changed quite a lot since hardy
<ivoks> i'm using jaunty
<Ng> I'm using hardy with the kvm-84 backport
<Ng> ivoks: http://paste2.org/p/327169
<Daviey> interesting..
<ivoks> how come there's no debug?
<_alkekshi_> Could some one help me?
<Ng> ivoks: I'd love to know that :)
<Daviey> Hardy + Self backport of kvm-79 == "Unsupported virtualization type"
<ivoks> dpkg -l | grep python-virtinst
<_alkekshi_> i'm a newbie and i would like to now what is the easiest way to get samba working
<Ng> 0.300.3-5ubuntu3
<ivoks> maybe that's the problem
<ivoks> i have 0.400
<Ng> fwiw I'm using the kvm-84 backport by way of http://ppa.launchpad.net/ubuntu-virt/ppa/ubuntu
<ivoks> maybe python-virtinst should be backported
 * Daviey has the same package as Ng for python-virtinst
<ball> hello Daviey
<Daviey> hey ball
<ball> Is there a command to watch someone's terminal to see what they type?
<ivoks> Ng: i'd try backporting python-virtinst
<ivoks> it relies on python-libvirt
<ivoks> which is backported
<ivoks> take care guys
<Daviey> o/
<uvirtbot> New bug: #399850 in dovecot (main) "dovecot.conf references /dev/dovecot/dovecot-postfix.conf instead of /etc/dovecot/dovecot-postfix.conf. " [Undecided,New] https://launchpad.net/bugs/399850
<Bilge> How can I check what packages another package depends on?
<dayo> !kernel > dayo
<ubottu> dayo, please see my private message
<dayo> Bilge: apt-cache showpkg <packageName>
<Bilge> Thanks
<Bilge> I guess apt-cache depends would be more appropriate? :)
<Pirate_Hunter> how do i create my domain name on my server, I dont fully understand but is the domain the same as the hostname?
<ball> Not quite
<ball> (in fact, not at all).
<ball> Have you bought a domain
<ball> ?
<Enkz> allmost, hostname is usually the name of your computer inside a network
<Pirate_Hunter> ball nope i havent based on the tuts ive been following it would use the hostname as a domain, is that even possible
<Enkz> you can register it
<ball> ...but you probably don't want to.
<Pirate_Hunter> Enkz, so @example could become @example.lan or com depending on the webserver?
<ball> traditionally a domain name is hostname.domain
<ball> ...or rather an FQDN is (fully-qualified domain name)
<ball> e.g. potch.endoftheinternet.org
<ball> "potch" is the hostname
<ball> endoftheinternet.org is the domain
<ball> you buy a domain name and point it to the IP address of your server (or LAN)
<ball> I have my router forward certain ports on its WAN interface to the server, which is on the LAN side
<ball> ...people using it don't notice.  That's transparent.
<Pirate_Hunter> oh hmmm so for soemthing like @example how would i make it a valid domain, the thing is at the moment buying aint an option until i get into grips with this whole server stuff and i am trying for the third time ISPConfig (yeah i know madness) so wish to understand this whole hostname / domain thing
<Enkz> ISPconfig requires a nameserver, right?
<ball> Pirate_Hunter: mine was free
 * ball shrugs
<Pirate_Hunter> Enkz, not sure just following the tut from the homepage instead of howtoforge site
 * Pirate_Hunter envious of ball, kicks him
<ball> Pirate_Hunter: even when I bought a domain, it was inexpensive
<ball> Pirate_Hunter: is your Linux box at home?
<Pirate_Hunter> ball, yes
<ball> What do you want to do with it?
<ball> (why do you want it to have a domain?)
<Pirate_Hunter> ball, i wish to host my own sites like i said money aint an option at the moment otherwise would be forking Â£30 a month for it
<ball> Web site?
<ball> More like UKP 30/year
<ball> (for a domain)
<ball> hello bin1010
<Pirate_Hunter> ball, oh didnt know quite new to this so is there a way for me to do this been looking for noob tuts on setting up servers but havent got anything
<Enkz0rz> Power went of when I turned on my server; well that's a good sign :S
<ball> Pirate_Hunter: what kind of Internet connection do you have at home?
<ball> wtf.  Ubuntu Server doesn't ship with "banner"?
<Pirate_Hunter> ball, supposedly 16mb, why do you ask?
<ball> Pirate_Hunter: I didn't ask how fast it was, just what /kind/ it was.  Cable?  DSL?  Fibre?
<ball> 16 Mbits/sec is fast btw.
<ball> I'm surprised that's not massively expensive
<ball> Pirate_Hunter: do you have a static IP address, or dynamic?
<Pirate_Hunter> ball, sorry was away
<Pirate_Hunter> ball, I have a dynamic ip, hmmm my irx client didnt warn me weird
<stgraber> a/win 44
<stgraber> oops
<owh> For many and varied reasons I am setting up a "virtual data centre" within my MacBook. There will be two main machines, a Ubuntu Desktop and a Ubuntu Server. I want to store the user data from the Desktop machine on the server. I also want to run an imap server and a mysql server on the (virtual) Ubuntu Server. From a performance and manageability perspective, how should I store the user data on the server? I can use NFS, CIFS or isc
<owh> How do I prevent a kernel upgrade on a production server where I'm happy to upgrade the rest of the updates?
<alexm> this is usually achieved by apt preferences, see man apt_preferences
<owh> Are you telling me that I need to hard-code that I don't want to upgrade the kernel on this server? There's no way I can do something like apt-get upgrade -kernel*
<alexm> you can apt-get install all the packages that you do want to upgrade, i'm not sure if there's an option in apt-get to skip one
<owh> Hmm.
<alexm> apt-get dist-upgrade should tell you which ones is going to upgrade but will ask for permission first
<alexm> just say no and then apt-get install ... (fill the dots cutting and pasting from the previous output)
<owh> It's not that I don't know what it's going to do, it's that I don't want to fsk around with a kernel on a remote server where the detection of the network card is chancy at best. If I apt-get install all the shown packages, there's nothing stopping it to upgrade the kernel if a package I specify depends on the new kernel, so I would need to manually go through the list one-at-a-time.
<owh> Don't you just hate double clicks :(
<alexm> if any of the packages explicitly listed in apt-get install depends on the kernel, you'll be prompted for permission again
<alexm> apt-get install will only proceed without asking if you listed all the packages involved
<owh> Hmm.
<alexm> try it with some other package, apache for instance
<alexm> or choose any other harmless package
<owh> That is exactly what I did before I got here, but then it started whinging about pre-fork and suggested I remove php. So I thought there must be a better way :)
<owh> Is the process to hold a package still echo "pkg_name hold" | dpkg --set-selection
<owh> Or have we "advanced" since 2004?
<alexm> it seems it's still the same way
<ausimage> Anyone understand why a python script used as a daemon would cause dpkg to not find its modules ?
<dayo> in my /var/log/auth.log i have periodic appearances of this:  sudo:     root : TTY=unknown ; PWD=/ ; USER=username ; COMMAND=/usr/bin/gconftool --get /system/http_proxy/port   what does it mean?
#ubuntu-server 2009-07-16
<infinity> ausimage: That's going to need a lot more context, some sort of error output, something.
<ausimage> infinity....
<infinity> ausimage: I run python scripts as daemons all the time (hello, twisted), none of them break dpkg in any interesting ways.  So, yes, need a lot more to go by than your one-liner.
<ausimage> the project is apt-zeroconf and I have apt-zeroconf loading it daemon module in the main script...
<KillMeNow> i've run Python scripts as Daemons as well, and never have they broken my dpkg
<ausimage> BUT when dpkg is involved it cannot find the daemon module
<ausimage> from aptzeroconf.daemon import Daemon
<KillMeNow> dayo, it means that your apache may not be properly patched or someone is trying to execute command line over http
<ausimage> ImportError: No module named aptzeroconf.daemon
<ausimage> is the gist of it...
<ausimage> lp:apt-zerconf/r0.5
<KillMeNow> is there a aptzeroconf.daemon on the system?
<ausimage> apt-zeroconf
<ajmitch> ausimage: how does that relate to dpkg?
<ausimage> I believe so
<ausimage> it only happens when dpkg configures it
<KillMeNow> sounds like he's trying to use dpkg to get a new module
<ausimage> no it is in the lib in 0.5.1
<ajmitch> so you mean that the maintainer scripts break on the package?
<ausimage> yeah... essentially...
<ajmitch> then the package needs fixed, I can only see it in PPAs, so you need to talk to whoever was creating that
<ausimage> I did change its original daemon code to a new daemon class... which required a little munging of the maintainer scripts :/
<ausimage> ajmitch We are the maintainer AFAIK
<ausimage> apt-zeroconf team
<ajmitch> ok, then it's something to take to #ubuntu-motu or similar for packaging help
<ausimage> and me as a active member
<ausimage> oh thought you knowledge of daemons might be more helpful :/
<ausimage> but I can ask there too :S
<ajmitch> no, sounds like a standard python packaging problem
<ausimage> k...
<storrgie> I just installed ubuntu server on a rig and I want to use mpd to play sound
<storrgie> what should I install to get sound working....
<storrgie> via ssh
<storrgie> storrgie@MUSIC:~$ alsamixer
<storrgie> alsamixer: function snd_ctl_open failed for default: No such file or directory
<JordiGH> What webserver for load balancing do you recommend? We're using pound, but it's starting to feel ghetto.
<ball> Never heard of pound
<JordiGH> See? Ghetto.
<JordiGH> nginx instead, perhaps?
<twb> Those are the two I know of
<JordiGH> Apache's httpd can also be a load balancer, right?
 * ball shrugs
<ball> doesn't sound like a job for the httpd anyway.
<JordiGH> ball: what do you use?
<ball> JordiGH: thttpd
<ball> JordiGH: oh, you mean for load balancing?  I don't.
<ball> ...but if I did, I might expect to do it in the router.
 * ball shrugs
<ball> ...or in the OS, depending on the platform
<JordiGH> Router?
<JordiGH> Ubuntu is my router.
<ball> That's an interesting choice.
<ball> brb
<twb> ball: be aware that thttpd is not really maintained, and there are known security patches that are sitting in the mailing list, unapplied.
<ball> twb: thanks for the heads-up.
<twb> A few years ago I spent some time overhauling the package in Debian, but I gave up and switched to vsftpd
<twb> And then I got rid of my server, so now my couple-of-meg worth of text files are served by busybox's httpd :-)
<qman__> a typical http load balancing approach is multiple web servers with round robin DNS
<howie> Im trying to install asterisk and when i "make menuselect" for zapta it says i need to install ncurses, anyone give me a wget to install?
<andresmujica> howie: you'll need ncurses-devel
<howie> well i aptitude install. ncurses-devel but it still says the same thing
<andresmujica> sudo apt-get install ncurses-dev
<andresmujica> just dev
<howie> Note, selecting libncurses5-dev instead of ncurses-dev
<karmst> Hello
<karmst> is anyone available?
<howie> just ask your question and someone will respond if they know the answer
<howie> people multitask..
<karmst> I'm looking for a samba guru
<karmst> I'm having an issue to where I can connect the Ubuntu server to windows shares
<howie> just ask what you need and wait a while :P
<karmst> but I can't get to the samba shares from windows clients
<karmst> it is a 2008 DC
<karmst> and the domain is native 2008
<karmst> Anyone know the secret to connecting to ubuntu from windows through samba?
<karmst> or is there a better, more secure way?
<karmst> hmmm
<karmst> well...It might help it I already had winbind installed
<karmst> har har
<karmst> Anyone familiar with likewise-open?
<MrGlass> hi, im trying to get ftp access on my ubuntu server
<MrGlass> but i keep getting connection refused errors
<_ruben> install your favorite ftp server software, configure it, start it, profit
<MrGlass> indeed
<MrGlass> so i installed proftpd
<MrGlass> and its configured
<MrGlass> but my server keeps refusing connections on port 21
<_ruben> does netstat -lnt show port 21 ?
<MrGlass> ah, no
<MrGlass> what went wrong here
<_ruben> try (re)starting proftpd, and then look at the logs if it still dont work
<MrGlass> hmm
<MrGlass> according to log
<MrGlass> " <NobleArc> ah, that sounds nice.
<MrGlass> [03:17:17] <Nob
<MrGlass> no
<MrGlass> according to log:  Failed binding to ::, port 21: Address already in use
<_ruben> that could be a 'bogus' error, some apps first try to bind to 0.0.0.0:21 (ipv4) and then :::21 (ipv6), and that doesnt work well
<MrGlass> system reboot worked
<_ruben> the microsoft approach :)
<MrGlass> lol
<MrGlass> well, there is no proftpd restart
<MrGlass> and it was clear that it had failed to bind on boot
<MrGlass> wanted to see if i could duplicate the error
<MrGlass> and... ok, fine, im an XP guy
<MrGlass> sue me :P
<_ruben> heheh ;)
<_ruben> im a windows desktop guy and ubuntu server guy ;)
<MrGlass> yeah, well, i do like ubuntu, im just so used to fixing xp
<MrGlass> to gaint hat kind of knowledge of ubuntu would take a years work
<MrGlass> ugh
<MrGlass> now proftpd is telling me direcotry doesnt exist
<MrGlass> despite it listing it and the directory existing
<MrGlass> meh, bedtime
<MrGlass> thanks _ruben
<_ruben> g'nite
<illumin8> Reguarding server edition 9.04, I am running a home server and want to have my website page save forms directly to my server in a specified location. Anyone have any suggestions?
<_ruben> a simple php script would do just fine
<_ruben> or perl, or whatever it is you're familiar with
<illumin8> actually im not with any but that answer gives the direction i need to find out :) Thank you
<dayo> KillMeNow: in my /var/log/auth.log i have periodic appearances of this:  sudo:     root : TTY=unknown ; PWD=/ ; USER=username ; COMMAND=/usr/bin/gconftool --get /system/http_proxy/port   what does it mean?
<dayo> KillMeNow: u said my apache is not properly patched or someone's trying to exec cli over http? what does that mean?
<tweaker25> [03:35] <tweaker25> http://translate.google.com/translate?prev=hp&hl=fr&js=y&u=http%3A%2F%2Fforum.ubuntu-fr.org%2Fviewtopic.php%3Fpid%3D2808462%23p2808462&sl=auto&tl=en&history_state0=
<tweaker25> [03:35] <tweaker25> http://forum.ubuntu-fr.org/viewtopic.php?pid=2808462#p2808462
<tweaker25> [03:35] <tweaker25> http://translate.google.com/translate?prev=hp&hl=fr&js=y&u=http%3A%2F%2Fforum.ubuntu-fr.org%2Fviewtopic.php%3Fpid%3D2808462%23p2808462&sl=auto&tl=en&history_state0=
<tweaker25> [03:35] <tweaker25> http://forum.ubuntu-fr.org/viewtopic.php?pid=2808462#p2808462
<tweaker25> [03:35] <tweaker25> http://translate.google.com/translate?prev=hp&hl=fr&js=y&u=http%3A%2F%2Fforum.ubuntu-fr.org%2Fviewtopic.php%3Fpid%3D2808462%23p2808462&sl=auto&tl=en&history_state0=
<tweaker25> [03:35] <tweaker25> http://forum.ubuntu-fr.org/viewtopic.php?pid=2808462#p2808462
<illumin8> ouch.
<Skaag> I just finished setting up a kerberos realm + managed to kinit from a second linux machine to that realm
<Skaag> and I ran auth-client-config -a -p kerberos_example
<illumin8> _ruben, Thanks I found a page with the info I needed. :)
<modder25> [03:35] <tweaker25> http://translate.google.com/translate?prev=hp&hl=fr&js=y&u=http%3A%2F%2Fforum.ubuntu-fr.org%2Fviewtopic.php%3Fpid%3D2808462%23p2808462&sl=auto&tl=en&history_state0=
<modder25> [03:35] <tweaker25> http://forum.ubuntu-fr.org/viewtopic.php?pid=2808462#p2808462
<Skaag> anyway my question now is, how do users login to the client machine? :-)
<Skaag> without running kinit user/instance
<backenfutter> Hi, I have a very strange issue... One of my customers uses some kind of tracking system, that sends you emails on certain events. These emails contain long strings, which are parsed by some application. Our mailserver is a postfix+amavis. NOW: for some reason, the mail ALLWAYS has a newline after 990 chars when arriving - this leads to a parsing error in the application and I have no clue how to even start. Is there actually a chan
<backenfutter> here comes an example string
<backenfutter> 'UNB+UNOC:3+9900790000008:500+4041408000007:14+090707:1413+90707141309905'UNH+90707141309905+UTILMD:D:04B:UN:4.2'BGM+E01+90707141309905+9'DTM+735:?+0200:406'DTM+137:200907071413:203'NAD+MR+4041408000007::293'NAD+MS+9900790000008::293'CTA+IC+:Frau Stenzel'COM+03301-6080:TE'COM+netz@sw-or.de:EM'IDE+24+116800'DTM+92:20090901:102'DTM+158:20090901:102'DTM+752:1231:106'STS+E01++Z43'STS+7++E03'TAX+6+KAB++++TA'FTX+AAI+++#213492'AGR+E03:E10'
<backenfutter> the last few char always end up as
<backenfutter> [...]3099\r\n 05'
<backenfutter> which is actually looks like this
<backenfutter> 3099
<backenfutter>  05'
<backenfutter> Hi, I have a very strange issue... One of my customers uses some kind of tracking system, that sends you emails on certain events. These emails contain long strings, which are parsed by some application. Our mailserver is a postfix+amavis. NOW: for some reason, the mail ALLWAYS has a newline after 990 chars when
<backenfutter>  arriving - this leads o a parsing error in the application and I have no clue how to evten start. Is there
<backenfutter>                       actually a chance on fixing this without having to rewrite code?
<backenfutter> oops
<backenfutter> sry
<jorgenpt> Hiya, I installed my server using debootstrap & SSH via a booted livecd. I've got some problems with my sw raid: It says "ALERT! /dev/md1 does not exist" and drops me to (initramfs) shell.
<genii> backenfutter: If you have a file smtp.cf   find in it the variable smtp_line_length_limit and set it higher
<jorgenpt> /dev/md1 is /, and if I do mdadm -A /dev/md1 /dev/sd?2, it assembles it, and I can drop out of the shell to resume normal boot.
<jorgenpt> I added the ARRAY entry to /dev/mdadm/mdadm.conf, should that be enough?
<backenfutter> genii: what if I don't have such file? create it? where?
<genii> backenfutter: Did you look in /etc/postfix ?
<backenfutter> yeah
<owh> What seems to be the problem?
<genii> owh: He seems to be affected by this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520674
<uvirtbot> Debian bug 520674 in postfix "splitting long lines in email messages, postfix + amavisd-new" [Normal,Open]
<owh> Does the suggested solution not work?
<genii> owh: I found the bug report just now. Other searching earlier indicated smtp.cf as the location of the setting.
<genii> backenfutter: Suggested in the report is to adjust the lmtp_line_length_limit setting
<backenfutter> genii, owh: So I do what? postconf smtp_line_lenght=2048 ?
<backenfutter>  # /usr/sbin/postconf  | grep line_
<backenfutter> line_length_limit = 2048
<backenfutter> smtp_line_length_limit = 990
<backenfutter> that's the current settings
<owh> backenfutter: Is that where it's wrapping?
<backenfutter> 990 yeah
<owh> Sounds like the go then.
<backenfutter> # /usr/sbin/postconf smtp_line_length_limit=2048
<backenfutter> /usr/sbin/postconf: warning: smtp_line_length_limit=2048: unknown parameter
<backenfutter> ? o0
<backenfutter> time for some coffee d'oh -.-
<genii> You might want -e or such
<Gorlist> ive put a entry into my crontab -e to run a rkhunter scan, then to send a email
<Gorlist> however it never seems to run - if I manually run it, it works but requires sudo, is their something I need todo similary for it?
 * backenfutter thanks genii and owh for the great support
<backenfutter> everything is working now
<backenfutter> and I almost thought, I'd have to go into code... :)
 * owh can take no credit for this :)
<owh> But thanks for the sentiment :)
<MT-> Any ideas how I can track the culrpit to this down? Jul 15 20:02:03 insto sendmail[2816]: n6G123Fk002816: Authentication-Warning: insto.kalliki.com: www-data set sender to admin@domain.com using -f
<MT-> apache obviously - beyond that, I don't know
<owh> Not sure what you're asking MT.
<MT-> owh: Every once in a while I get a random batch of these in my logs and I'm not sure why
<owh> MT-: What is the server running?
<MT-> 9.04
<owh> MT-: No, I mean, what is it doing?
<MT-> lamp
<owh> php or perl?
<MT-> php
<MT-> I forgot lamp can mean perl :P
<owh> Is the PHP code you own, or a packaged application?
<owh> s/you/your/
<MT-> packaged
<owh> Ubuntu packaged?
<MT-> they have repo packages but I run them from tarballs
<owh> Is it up to date?
<MT-> ya
<MT-> Drupal, Mantis, DokuWiki
<owh> Are there "custom" scripts lying around?
<_ruben> why run sendmail? *shiver*
<owh> _ruben: No, to me that looks like a php call to mail().
<_ruben> to me it looks like a log from sendmail :)
<owh> It might not be, but we don't know yet :)
<owh> MT-: The log entry is in your apache log right?
<MT-> syslog
<owh> Crap
<owh> What else is happening on the system at the time of the log entry.
<MT-> hrm - Jul 15 17:40:02 insto /USR/SBIN/CRON[2551]: (smmsp) CMD (test -x /etc/init.d/sendmail && /usr/share/sendmail/sendmail cron-msp)
<MT-> that's teh only thing coming up
<owh> Is it possible that there is a crontab lying around doing this?
<owh> Things to look for: The addresses, are they for existing users, or are they more like spam? Is the server load strange? Are there "extra" processes running?
<owh> Do they come in groups, or at weird times? Do they repeat? What patterns are there?
<owh> At the moment this could be a legitimate process, just not one you know about. It might be a malicious process, but until you've gathered data, there is no way to tell.
<MT-> groups
<owh> When did this first start happening? Was there a special event like an upgrade.
<MT-> they happen about every one or two days. They've been happening since I installed logwatch which is what brought it to my attention
<owh> Does locate smmsp return any results?
<owh> Ditto for cron-msp
<MT-> hrm - nope for both
<MT-> uid=108(smmsp) gid=110(smmsp) groups=110(smmsp)
<owh> Does apropos return anything?
<owh> Hmm, a google showed that that is a sendmail user. Have a look through your dpkg and apt logs
<owh> _ruben: You da man :)
<MT-> nope
<_ruben> does sudo netstat -lntp | grep 25 show anything ?
<owh> Was sendmail installed? Is it currently installed?
<MT-> it is, but not for long
<owh> Hold on, something might depend on it.
<MT-> it shows sendmail
<owh> Just because it's there doesn't mean it's malicious.
<MT-> tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      8727/sendmail: MTA:
<owh> Are you the only administrator?
<MT-> I was going to drop it and use exim instead
<MT-> ya
<_ruben> i'd preplace sendmail with something like postfix .. unless you're a sendmail expert
<owh> Did you install sendmail?
<_ruben> or exim if you prefer that :)
<_ruben> sendmail is a bitch (to configure)
<owh> _ruben: No, it's very friendly, just picky on who it's friendly with :)
<MT-> I did install it once - but that was for some scripts I made once that I no longer use
<_ruben> owh: if i want a bloated mailserver i'd use exchange :)
<owh> Does you lamp server send out any emails?
<owh> _ruben: tsk, tsk :)
 * owh agrees with _ruben :)
<MT-> it does
<owh> Well at present it's likely using sendmail.
<_ruben> sure, sendmail's powerful and feature rich .. but postfix still is way better imho ;)
 * _ruben is currently in the process of migrating a handful of qmail servers to postfix
<owh> MT-: Your original question hasn't yet been answered. If the process continues to run, then the log will just change from sendmail to exim or postfix.
<MT-> doesn't sendmail need either exim or postfix?
<owh> So, back to my original questions. The email addresses, are they from normal users, or are they like spam?
<owh> MT-: No.
<_ruben> postfix doesnt log similar stuff i think
<MT-> they don't look like spam
<owh> Well, the addresses, are they in you user database?
<MT-> ya
<owh> Are they legitimate users?
<_ruben> well .. there's the command (/usr/sbin/sendmail), and there's the mail server (package) sendmail .. exim and postfix both ship wrapper for the sendmail command
<_ruben> the log basically means (as i interpret it), is that user www-data (thus apache most likely) is sending out an email with envelop sender admin@domain.com .. which is far from uncommon to happen
<MT-> ya know.. a pastebin is worth a billion words
<_ruben> can be ;)
<owh> MT-: My battery is running low and I'm getting cold. The problem doesn't appear to be sendmail, but a process that is running on your LAMP server that you don't know about. Check for things like password verification emails etc. Check the crontabs to see if there is a refresh script running for one of you applications. I gotta go.
<owh> Later
<MT-> http://pastebin.ubuntu.com/219652/
<MT-> owh: ttyl, thanks
<MT-> better yet :P - http://pastebin.ubuntu.com/219652/plain/
<lool> ScottK: hola
<lool> ScottK: libcompress-raw-zlib-perl has ben unupgradable for me since some days
<lool> ScottK: This is because libio-compress-zlib-perl depends on libcompress-raw-zlib-perl (< 2.015.~)
<lool> libio-compress-zlib-perl is pulled by libcompress-zlib-perl which is pulled by plenty of packages
<uvirtbot> New bug: #394891 in samba (main) "Samba hangs on startup" [Undecided,Incomplete] https://launchpad.net/bugs/394891
<lool> ScottK: It looks like either libio-compress-zlib-perl needs an update, or we need a conflicts/replace in the new libcompress-raw-zlib-perl
<Skaag> how does a user login to a computer with his kerberos credentials?
<_ruben> Skaag: by entering his credentials at the login prompt ? :p
<Skaag> in what format?
<Skaag> I just tried that
<Skaag> does the user have to exist as a regular unix user first?
<Skaag> basically, I want to reach a stage where my realm users don't have to exist on a realm machine for them to be able to login
<_ruben> username@realm usualy .. and you'll have to take of the homedirs in some way .. either created on the fly or on shared storage .. depends on your setup
<Skaag> Is there a guide for this? to setup shared home directories?
<Skaag> I don't want it to talk to my active directory, I want it to be independent
<acalvo> Hi!
<ScottK> lool: That seems somewhat odd of  libio-compress-zlib-perl.
<ScottK> lool: I can take a look at it, but it probably won't be until late tonight or tomorrow.
<heath|work> For the past couple of days now I have had issues with sshfs. I run the command and it just hangs, has anyone else experienced this?
<heath|work> Googling has gotten me no where, I have tried several things like rmmod fuse, modprobe fuse
<heath|work> For the past couple of days now I have had issues with sshfs. I run the command and it just hangs, has anyone else experienced this?
<axisys> how do I install jaunty ubuntu server on a x2100 thru console and network
<axisys> using PXE
<axisys> ?
<lool> ScottK: That's ok; it's not urgent; I'm happy if you can look at it; it looks like it might make some important server packages uninstallable
<uvirtbot> New bug: #399954 in dhcp3 (main) "Karmic Boot hangs at "Configuring network interfaces"" [Medium,Triaged] https://launchpad.net/bugs/399954
<Steve[mbp]> Morning Everyone!
<MrGlass> morning
<MrGlass> anyone have experience with proftpd?
<MrGlass> when i try to access folders
<MrGlass> its giving me error 550
<MrGlass> which my client says is file/folder doesnt exist
<teddy_> if my motherboard only goes to 4GB max..and I have a 64-bit processor...any reasons to use the 64-bit version ?
<to_> when testing my dns configuration at home (remotely) with my domain 'pnumb.com' over my bind server, I got an answer: http://pastie.org/private/ftzbf2tpgfbt2dausrtkuq but when trying without the @server option, I don't have any answer: http://pastie.org/private/v7wqtnnggxxhqyu9gdzp7w what can be wrong?
<pmatulis> to_: i guess you don't have a default nameserver set up
<pmatulis> to_: pastebin the contents of /etc/resolv.conf
<to_> http://pastie.org/private/agguor5bdxflzua9am8jww
<teddy_> if my motherboard only goes to 4GB max..and I have a 64-bit processor...any reasons to use the 64-bit version ?
<to_> pmatulis: what should I add to resolv.conf?
<teddy_> nameserver dns_ip <Most use 1 or 2 dns servers
<pmatulis> to_: use those nameservers with your dig command
<uvirtbot> New bug: #385994 in dhcp3 (main) "Jaunty - get no dhcp lease, till i call dhclient manually" [Undecided,New] https://launchpad.net/bugs/385994
<uvirtbot> New bug: #354471 in dhcp3 (main) "Jaunty - Can't get dhcp IP address" [Undecided,New] https://launchpad.net/bugs/354471
<uvirtbot> New bug: #327962 in dhcp3 (main) "dhclient ignores additional parameters to the domain-search directive" [Undecided,New] https://launchpad.net/bugs/327962
<uvirtbot> New bug: #275288 in dhcp3 (main) "search options in resolv.conf are separated by \032 instead of a blank" [Undecided,New] https://launchpad.net/bugs/275288
<axisys> how do I install from cdrom remotely thru console? cd is inside teh system . but i see a quick boot from cd and then screen goes blank.. i am assuming it switches to VGA .. is there a way to tell it to use ttyS0 as the console real quick.. i think i have less than a sec to do that
<uvirtbot> New bug: #318723 in dhcp3 (main) "problem gateway set on ppp0 and nat eth0" [Undecided,New] https://launchpad.net/bugs/318723
<to_> pmatulis: I have just added the line: "nameserver 94.23.46.45" but the `dig pnumb.com` command always doesn't return answer...
<to_> may have I to reboot or relaunch network service?
<pmatulis> to_: no
<pmatulis> to_: pastebin the contents of resolv.conf again
<to_> pmatulis: http://pastie.org/private/dd8ircx9cbfxzsyjgcwjkq
<to_> pmatulis: http://pastie.org/private/mgdwyvmnaxj5rtbqourseg here is my whole config for pnumb domain
<uvirtbot> New bug: #400349 in dhcp3 (main) "dhclient-script fails with apparmor" [Undecided,New] https://launchpad.net/bugs/400349
<uvirtbot> New bug: #289236 in dhcp3 (main) "Connection to the network fails" [Undecided,Incomplete] https://launchpad.net/bugs/289236
<uvirtbot> New bug: #285897 in dhcp3 (main) "prepend domain-name-servers does not allow other addresses" [Undecided,New] https://launchpad.net/bugs/285897
<uvirtbot> New bug: #270010 in dhcp3 (main) "dhclient 3.0.6 refuses valid offer" [Undecided,New] https://launchpad.net/bugs/270010
<uvirtbot> New bug: #290489 in dhcp3 (main) "[intrepid, hardy] Can't get DHCP offer without rebooting the OS" [Undecided,New] https://launchpad.net/bugs/290489
<rtg_> kirkland, I anyone dkms'ing the iscsitarget package?
<rtg_> s/I/Is/
<cudev> Can someone help get my devices to come up at boot time? if-up is throwing errors.
<kirkland> rtg_: not that i know of
<kirkland> rtg_: if so, i'd like to get away from it :-)
<rtg_> cudev, its likely bug #399954
<uvirtbot> Launchpad bug 399954 in sysvinit "Karmic Boot hangs at "Configuring network interfaces"" [Medium,Fix released] https://launchpad.net/bugs/399954
<rtg_> kirkland, huh? I thought the decision was to keep iscsi app and driver in sync in one package
<kirkland> rtg_: oh, hmm, well, I have turned iscsi over to the foundations team
<kirkland> rtg_: so I yield to whatever they say
<cudev> rtg_: hmm .. I don't think that is the same issue. I am getting the message: "if-up.d/mountnfs [device__]: lock /var/run/network/mountnfs exist, not mounting"
<kirkland> rtg_: slangasek touched it last
<rtg_> kirkland, ah, which is why cjwatson was asking me questions
<kirkland> rtg_: yeah, dendrobates asked foundations to take it over
<kirkland> rtg_: as sort of common, bringup type functionality
<cjwatson> ... does that mean the dkms source package becomes our problem too?
<cjwatson> for the kernel module?
<cjwatson> btw I don't mean iscsi itself (initiator), I mean iscsitarget
<rtg_> cjwatson, thats my understanding
<cjwatson> bummer.
<kirkland> cjwatson: rtg_: what's the motivation for a dkms iscsi module?
<cjwatson> kirkland: iscsi*target*, which isn't in the kernel proper
<cjwatson> so kernel team doesn't want to maintain the patch aiui
<kirkland> rtg_: we have been carrying it in our kernel, up until now, right?
<rtg_> kirkland, I thought it was because app space needs to stay in close sync with the iscsitarget driver
<cjwatson> ok, well if it's my problem so be it, as long as I know it's my problem
<kirkland> rtg_: is this part of the non-upstream-cruft-cleaning exercise?
<rtg_> kirkland, not really. I'm happy to carry it as long as upstream is active
<cjwatson> I didn't really mean to dredge up an old debate, just wanted to know who was dealing with it :-)
<kirkland> cjwatson: i'd be inclined to let rtg_ have it, if i were you ;-)
<cjwatson> the compile errors didn't look *that* bad ...
<cjwatson> something in proc_dir_entry I think
<cjwatson> I'm happy for us to keep it
<kirkland> rtg_: it's my understanding that upstream for iscsi exists, but isn't active; bug-fix only mode
<rtg_> cjwatson, there is an iscsitarget driver enabled in Karmic
<cjwatson> there wasn't when I tried today
<cjwatson> fwiw
<rtg_> cjwatson, CONFIG_SCSI_ISCSITARGET=m, its got to be building.
<cjwatson> blink
<kirkland> rtg_: are the bits in the tree?
 * cjwatson looks
<rtg_> cjwatson, huh, could be that its not.
<rtg_> looks like its not getting compiled at all. damn
<cjwatson> $ find /lib/modules/2.6.31-3-generic -name \*iscsi\*target\*
<cjwatson> $
<rtg_> cjwatson, likely a makefile issue
<cjwatson> it was listed in the upstream-code spec (whatever it was called) as "manjo is working on getting this back in" or something
<cjwatson> it was formerly in ubuntu/iscsitarget/
<rtg_> it still is
<cjwatson> which is why I came to you guys first
<manjo> yah and its turned off in the makefile
<cjwatson> huh, yeah, so it is
<rtg_> ok, it all makes sense now :)
<cjwatson> #obj-$(CONFIG_SCSI_ISCSITARGET) += iscsitarget/
 * cjwatson catches up
<rtg_> doh
<rtg_> manjo, so are you working on that?
<manjo> rtg_, I yeah I am looking at the arm stuff still... so I wont be getting to it until next week realistically
<cjwatson> so to complete the picture, there's also an iscsitarget source package in universe right now
<cjwatson> it generates an iscsitarget-source binary package already, set up to build with module-assistant
<cjwatson> but it evidently needs forward-porting to a current kernel
<cjwatson> so any dkms work would want to start with that
<manjo> cjwatson, yes I saw that
<axisys> ATZ
<cjwatson> NO CARRIER
<manjo> cjwatson, the version in /ubuntu is the same version they have on the webpage on the BOM file
<manjo> I think 1.4 ... iirc
<axisys> how do I install grub on second disk
<cjwatson> there are a few differences between the kernel's version and the one in the iscsitarget source package
<kirkland> axisys: http://manpages.ubuntu.com/manpages/jaunty/en/man8/grub-install.8.html
<cjwatson> although nothing in the source file that's breaking
<cjwatson> ah, ubuntu/iscsitarget is on 0.4.17, source package is 0.4.16
<cjwatson> or rather 0.4.16+svn162
<manjo> yeah 4.17 is what is on the website that is mentioned in the bom file
<rtg_> cjwatson, so, the kernel version is a bit more current?
<manjo> rtg_, yeah
<cjwatson> marginally, yeah
<manjo> the /ubuntu version is current afaik
<cjwatson> aha, there's a fix for the compile error in svn
<axisys> kirkland: i install the ubunut on second disk .. but when i boot it could not found grub on /dev/sdb .. since the installation automatically installed the grub /dev/sda
<rtg_> cjwatson, are there commits beyon 4.17? I haven't checked since last December.
<manjo> cjwatson, i hit the compile issue when i was working on it... an then quit to work on arm
<cjwatson> rtg_: yeah, including the addition of DKMS support ;-)
<axisys> kirkland: so now that i grub-install /dev/sdb .. it should fix it .. correct ?
<cjwatson> a dkms.conf anyway
<kirkland> axisys: that will definitely put a bootloader on /dev/sdb
<axisys> kirkland: thanks
<rtg_> cjwatson, so the question is, do the server folks want a DKMS package, or would they rather get the iscsitarget module from the kernel package
<kirkland> axisys: which might solve your issue; i'd need to know more before I could guarantee that would solve your problem entirely
<cjwatson> so I think upstream just need to pull their fingers out and do a release
<manjo> cjwatson, so I need to get he new version and debianize it
<cjwatson> manjo: I can do it if you like
<manjo> cjwatson, cool...
<manjo> cjwatson, I have not done ... so I will have to learn :)
 * manjo willilng to learn 
<cjwatson> rtg_: I shouldn't think anyone *really* cares as long as it works, although as usual getting kernel modules from the kernel package is a bit more convenient
<cjwatson> I don't know what the user/kernel sync constraints here are
<rtg_> cjwatson, I just have vague memories of folks complaining that they got out of sync.
<cjwatson> manjo: (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523374)
<uvirtbot> Debian bug 523374 in iscsitarget-source "iscsitarget-source: FTBFS with 2.6.29" [Serious,Open]
<manjo> cjwatson, ack.. thanks for the patch
<cjwatson> so if we want to do that in advance of Debian, best to do it as a bumped Ubuntu version rather than as a new upstream, IMO, so that it's easier to merge later
<cjwatson> heh, that's only up to 29, 30 needs one more. but easy to get from svn
<manjo> cjwatson, looks like non of that is upstream ?
<cjwatson> that's all upstream
 * manjo does a git pull
<cjwatson> err, I meant iscsitarget upstream. no idea about the kernel.
<manjo> ah
<manjo> k
<manjo> rtg_, shall I submit patches to karmic to get the iscisi target to build ? pulled from upstream (iscsi) ?
<rtg_> manjo, yep
<manjo> k
<rtg_> I'll deal with them in the AM unless Andy gets to it first
<manjo> cjwatson, I see 2 patches in the link you posted (last comment) .. good deal will try to integrate to karmic and submit patch
<manjo> patches look relatively small ..
<cjwatson> manjo: best to get them from svn://svn.berlios.de/iscsitarget/trunk
<cjwatson> I think you'll need r214 from there too
<cjwatson> I don't know whether it would be a good idea to just update the kernel wholesale from there
<manjo> trunk/patches/compat-2.6.28.patch is already in karmic source
<rsr> hello
<rsr> how do I check what time cron is doing a logrotate?
<rsr> and maybe change it
<axisys> kirkland: i were able to swap the disk to the other slot of x2100 and still booted fine.. so the grub-install worked
<alexm> rsr: i think that logrotate is run through anacron and /etc/cron.d/anacron says that it starts at 7:30
<kirkland> axisys: cheers
<axisys> kirkland: now if i can get all the boot messages in the console i will be happy ..
<axisys> ttyS0 that is
<rsr> ok
<rsr> I dont have /etc/cron.d/anacron
<alexm> rsr: well, if you installed ubuntu server anacron maybe doesn't make sense, let me see on a server
<rsr> I installed ubuntu server
<rsr> default 9.04 install
<rsr> then installed squid and sarg
<rsr> I think squid is rotating the logs before sarg gets a chance to create the access report
<alexm> rsr: in /etc/cronttab you can see when crontab.daily is run
<alexm> and logrotate is performed in crontab.daily
<alexm> at 6:25 in my case
<Falc> back
<rsr> I dont have that... I only have /etc/cron.daily cron.weekly cron.monthly... they are folders and in these folders there are -x bash scripts but no reference to time or anything
<rsr> I meant +x
<alexm> no /etc/cronttab then? which ubuntu version?
<alexm> btw, the server uses anacron too
<rsr> I think it is 9.04 how can I check
<alexm> lsb_release -a
<rsr> yup 9.04
<alexm> anyway, you must have a /etc/crontab unless cron is not installed
<rsr> alexm: how can I check if cron is working correctly?
<alexm> dpkg -l cron should tell you if it is installed
<rsr> go it
<rsr> thanks
<Bilge> I have found a bug
<Bilge> Settings RS doesn't work in mawk
<Bilge> # for ((i = 1; i <= 10; ++i)); do echo -ne "$i\0"; done | awk 'BEGIN {RS = "\0"}; END {print NR}'
<Bilge> This gives 1
<Bilge> It should give 10
<firecrotch> Bilge:  I get 10
<Bilge> As well you should
<Bilge> I don't, though
<Bilge> I'm running Ubuntu 8.04 (server)
<Bilge> Running awk, which is symlinked to mawk as per default
<firecrotch> I'll try it on my 8.04 server
<firecrotch> Interesting
<alexm> Bilge: it works for gawk
<alexm> did you install mawk by choice?
<Bilge> > Running awk, which is symlinked to mawk as per default
<Bilge> > default
<Bilge> I haven't touched it, it's as it came with the system
<Bilge> Now I must rage because RS is readonly on my system leaving me screwed
<uvirtbot> New bug: #400407 in mysql-dfsg-5.0 (main) "package mysql-server-5.1 5.1.31-1ubuntu2 failed to install/upgrade: el subproceso post-installation script devolvi? el c?digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/400407
<alexm> Bilge: if you don't particularly need mawk, just install gawk instead ;)
<Bilge> I think I should file for divorce
<Bilge> And a bug report
<Bilge> How has this gone unnoticed for so long
<alexm> if it's well documented it may be considered a feature
<Bilge> What may be considered a feature
<alexm> not working as expected ;)
<alexm> now seriously, if you want to report a bug please go ahead
<alexm> good night all
<uvirtbot> New bug: #399569 in gvfs (main) "can not connect to windows share - smb://192.168.3.97/pictures/ (dup-of: 209520)" [Low,Incomplete] https://launchpad.net/bugs/399569
<qman__> I'm having a problem trying to configure a dialup connection with wvdial and pppd
<qman__> I've added my user to the groups dip and dialout, but it's still giving me permission denied when I attempt to run /usr/sbin/pppd
<qman__> the permissions on /usr/sbin/pppd are -rwsr-xr-- root dip
<qman__> I looked at the apparmor profiles and I don't think there is one of pppd
<qman__> so I'm a bit stumped as to why I'm getting denied
<sbeattie> qman__: is there anything in dmesg?
<qman__> no, I don't see anything relevant
<qman__> this is on 9.04 x64, in case that's important
<qman__> oh wow, that was simple
<qman__> had to log out and log back in
<achew22> if using the ecryptfs feature in ubuntu server 9.04 it is supposed to mount the Private directory upon login. Is this done if the user uses a private/public key combo? Also, can a user start a download of a backup into their private folder, exit and expect it to download, complete and then unmount?
<niceuser> Where can I download ubuntu server ?
<achew22> niceuser: http://www.ubuntu.com/getubuntu/download-server
<niceuser> does it suck ?
<achew22> suck is a very subjective term
<Bilge> Oh lawd
<Bilge> I have a query
<achew22> whats your query?
<Bilge> I'm typing it
<Bilge> It's long, give me a sec :P
<Bilge> Given that Ubuntu software packages are never updated by repackaging newer versions of said software, how are security updates created?
<Bilge> Does someone actually take the time to learn the software and write a manual patch?
<niceuser> that sounds like it might suck
<achew22> niceuser: give a category and you might get a more specific answer
<Bilge> Never updating software versions is the one thing that I find does suck
<Bilge> (without upgrading the distro)
<niceuser> I prefer to never upgrade anything unless its broken
<niceuser> or if it sucks
<achew22> Bilge: upstream packages produce patches (people who understand it) the patches are applied to the versions of software in the repositories and all regression tests are applied against them. Once all tests pass a deb is generated. Depending on if it would break dependencies they make a decision of which repository to put it into.
<Bilge> I prefer to * Added niceuser!*@* to ignore list
<achew22> there are lots of repositories for backports and bleeding edge and all kinds of stuff, most of them exist in launchpad
<achew22> Bilge: basically security will get patched in, new features you'll have to wait for an upgrade to ubuntu (or thats how it seems to be working on all my installs)
<Bilge> > upstream packages produce patches | what?
<Bilge> Yes that's right, you don't get new features
<Bilge> But this is what I don't understand
<Bilge> Usually when there is a bug in software, the authors of said software will release fixes forit
<Bilge> So it would simply be a case of compiling the new versions
<Bilge> Yet that never happens; we get security fixes but no new features
<Bilge> How is this even possible
<achew22> source code management
<achew22> see: SVN, GIT, Bazzar (sp?), CVS, generic diff
<Bilge> But who is it actually writing these fixes
<Bilge> If not the original software creators
<achew22> package maintainers
<achew22> and the original designer
<Bilge> So they actually familiarise themselves with the source code of every single bit of software (between them)?
<achew22> it depends on the package
<achew22> OpenSSH is something so important that they release patches to old versions of code that just fix the security hole without adding any of the new features. I believe they call those "backports"
<cjwatson> except that's not how the OpenSSH maintainer does it
<Bilge> With a few exceptions like open SSH, it all seems like a lot of pain for next to no gain
<cjwatson> I know that because I'm the OpenSSH maintainer ;-)
<cjwatson> OpenSSH isn't significantly different from other packages here
<achew22> cjwatson: sorry I was using generalized terms. I can only speak about mythtv which doesn't really sound awesome
<cjwatson> we figure out what upstream changed to fix the problem, and we apply the same patch to whatever we're currently shipping
<Bilge> You'd be better off just compiling the newest versions of software and have not only bug fixes compiled in but also improvements along the way
<cjwatson> if it doesn't apply cleanly, we fix it
<cjwatson> Bilge: doesn't actually work in practice I'm afraid
<infinity> Bilge: No.
<infinity> Bilge: New versions mean new bugs and feature changes.
<infinity> Bilge: Which goes entirely against was most server admins consider "stable".
<cjwatson> the amount of integration required to do that and make it work well with people's expectations of stable releases is sufficiently hard that we only do that in development branches
<achew22> cjwatson: sorry to step on toes. If I got anything wrong can you tell me please
<infinity> Bilge: Stability isn't just about "bug-free", it's about interfaces not changing, not wondering why your random shell scripts stopped working, etc.
<cjwatson> backporting security patches is work, I'll grant you, but it's not as hair-raising as all that
<Bilge> Well it's what I'm being forced to do myself, since my distro is now running software that was created at least 1 if not 2 years ago and doesn't support the stuff I want
<cjwatson> achew22: you didn't step on toes, I was just supplying a factual correction
<Bilge> So now I'm compiling 50% of my services myself
<achew22> thank you cjwatson :)
<infinity> Bilge: Why do you actually require that, other than "yay, new and shiny"?
<cjwatson> this is of course why things like hardy-backports exist
<Bilge> Obviously there is no generic answer to that, I do actually study what new features are available
<Bilge> Generally I find that they are required or highly desirable
<cjwatson> people often have feature requirements of specific packages, but don't want the *rest* of their distribution to change just for security patches
<cjwatson> so we try to support multiple streams
<cjwatson> obviously we can't support everything that way, it's too much work, but it helps some people
<Bilge> I'm not sure I understood what you just said
<cjwatson> http://help.ubuntu.com/community/UbuntuBackports
<Bilge> Why would the distribution change for security patches if someone had a feature requirement
<cjwatson> Bilge: most upstreams release security fixes and new features all mixed up together
<cjwatson> Bilge: what you were asking was why we didn't just build the new upstream releases
<cjwatson> and it's for exactly that reason
<Bilge> I don't really understand what is meant by the term upstream
<Bilge> Are you talking about stuff that the Debian guys create
<cjwatson> upstream => the people who wrote the software originally
<Bilge> OK
<cjwatson> the metaphor is that software flows downstream from its creators
<Bilge> Yes I see that now
<cjwatson> so Debian is (usually) upstream of us, but not normally *the* upstream
<Bilge> Not the ultimate source
<cjwatson> in some cases of course it is, e.g. dpkg
<Bilge> Out of interest, what does Ubuntu server give me above and beyond what Debian server provides. Someone once told me that if I am going to run a distro based on Debian as a server, I may as well stop messing around and just use Debian itself
<owh> The reason I changed from Debian to Ubuntu was a defined release schedule.
<owh> Under Debian, it's released when it's ready, which is fine, but you cannot plan a company around that. With Ubuntu, I know when it's going to happen. I can tell clients about it, we can prepare budgets, etc.
#ubuntu-server 2009-07-17
<owh> In addition, the community spirit within Ubuntu is more inclusive. I found in the past that unless you're a Debian developer it's hard to get your feedback taken seriously. Within Ubuntu the entry point is much more accessible. I'm a full time software developer, but I cannot devote all my time to Ubuntu, but what little time I have is used and appreciated.
<owh> There are technical arguments as well, but they come under the philosophy of making Ubuntu for the people. There's quite a lot of invisible stuff that makes your job as a sys admin simpler.
<Bilge> > With Ubuntu, I know when it's going to happen. | really? how?
<owh> Releases happen in April and October.
<Bilge> Oh distro releases yes
<Bilge> But I can't figure out when I might get access to PHP5.3 if I just sit around waiting for it to appear in my repo
<cjwatson> on security fixes from upstream: it may not be very obvious how this works if you aren't familiar with free software development and are just used to getting a new packaged release from somebody. As an example, this is the last security-related change I needed to backport from OpenSSH upstream: http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/5631
<Bilge> Probably never
<disposable> i have just installed ubuntu 9.04 server (choosing the minimal virtual server option in the installer) and discovered that my loopback device can't be pinged. http://pastebin.com/d46ecbc32 What am i missing?
<owh> disposable: Are you actually running on virtual hardware for starters?
<owh> Bilge: Not sure what you're asking.
<Bilge> cjwatson: my dedicated server provider slightly modifies my installation of Ubuntu and they add openssh to the list of "held back" packages so it never gets updated
<disposable> owh: the machine is in virtualbox. but i don't think loopback device should be affected
<Bilge> Probably to avoid locking myself out through upgrading somehow
<cjwatson> Bilge: *cough* on their head be it, unless they take care of the upgrades centrally
<disposable> Bilge: pinging it with ping6 ::1 works though. but i need 127.0.0.1
<disposable> Bilge: sorry, wasn't meant for you
<disposable> owh: pinging it with ping6 ::1 works though. but i need 127.0.0.1
<cjwatson> disposable: what's in /etc/network/interfaces?
<Bilge> No, it's a dedicated server so it's up to me what I do with it. There's no "central upgrade"
<disposable> cjwatson: see the pastebin link
<cjwatson> oh, yeah
<cjwatson> Bilge: locking yourself out through upgrading would involve carelessness, of course, since upgrades of openssh-server never kill existing connections
<Bilge> But it would be my prerogative to check that it still worked after upgrading
<cjwatson> yes. it's an odd thing for them to do though.
<Bilge> Upgrade > power cut > can't log in > now what?
<cjwatson> (and, IMO, unwise)
<Bilge> I don't know how to configure held back packages
<cjwatson> well, the choice is sometimes between that or everyone *else* can log in ... ;-)
<disposable> cjwatson: and i did try adding "127.0.0.1 localhost ip4-localhost ip4-loopbac" to /etc/hosts. didn't help
<disposable> s/loopbac/loopback
<cjwatson> disposable: I wouldn't expect /etc/hosts to matter; this is below the level of name service
<cjwatson> disposable: the question is why there isn't a "inet addr:127.0.0.1  Mask:255.0.0.0" line in ifconfig output under lo
<cjwatson> I confess to being weirded out though. It *looks* fine, though at after midnight local time I'm probably not awake enough to see the problem ...
<disposable> :) same here
<cjwatson> Bilge: 'apt-get install openssh-server' will disregard holds, if you decide to do that
<cjwatson> or use a full-screen package manager such as aptitude
<Bilge> aptitiude obeys hold backs
<Bilge> Also I just assumed that my provider configured the hold backs but I can't find any information about being able to configure that
<pmatulis> Bilge: why don't you just ask them (what, why, how)?
<Bilge> Because they're assholes
<pmatulis> Bilge: go elsewhere.  is that an option?
<Bilge> They have the best prices
<Bilge> By far
<Bilge> But they're also a foreign company who employ support staff from a different foreign country
<Bilge> If I don't have to deal with them then everything is perfect
<Bilge> $ uptime
<Bilge> up 388 days
<Bilge> The only time its been rebooted was when I was testing to see if my services came back up automatically
<Bilge> (since I wrote a number of custom init.d scripts to go with my self compiled software)
<pmatulis> it's a very bad idea to compile stuff on Ubuntu
<tclineks> i'm trying to run apache with upstart but it immediately daemonizes
<tclineks> thoughts?
<cjwatson> Bilge: it could of course be that apt is holding it back for its own reasons (unsatisfiable dependencies?)
<Bilge> <pmatulis> it's a very bad idea to compile stuff on Ubuntu | what!
<cjwatson> apt-get install would hopefully give you ome hint as to why
<cjwatson> some
<cjwatson> pmatulis: uh, I echo Bilge's "what?"
<cjwatson> pmatulis: hope you're not saying that Ubuntu is no good for developers! :-)
<Bilge> It wasn't a "what?", it was a "what!"!
<cjwatson> let me refine that statement into what I think might make more sense
<Bilge> I think I know where he's going
<Bilge> Another naysayer of anyone who doesn't use packages
<cjwatson> it's usually not a good idea to compile things for yourself and then install them over the top of system-managed software
<Bilge> The way God intended
<cjwatson> *however*
<cjwatson> there's nothing wrong with building things yourself and sticking them in your home directory, or carefully managed in /usr/local or /opt
<Bilge> I'm not installing anything over the top of anything
<cjwatson> that's what /usr/local and /opt are for
<Bilge> All my stuff goes into /usr/local
<Bilge> I don't mess around trying to compile anything heavy like apache or PHP
<cjwatson> right, and although there are a few gotchas that's usually fine
<pmatulis> k, you guys know what i meant
<cjwatson> (radically different /usr/local/bin/perl can cause problems - some care needed)
<Bilge> But I have compiled an FTP server since the Ubuntu implementation was diabolical
<cjwatson> there are lots of FTP servers in Ubuntu
<Bilge> You actually had to put each setting in a separate file
<Bilge> It made absolutely no sense
<cjwatson> vsftpd is popular among competent admins I know
<Bilge> And the old version didn't support TLS encryption either
<Bilge> I decided to go with pureftpd because it seemed pretty simple
<Bilge> I also filed a bug about the terrible implementation
<Bilge> Which was acknowledged and then swept under the run with the rest of them
<Bilge> rug*
<owh> Bilge: Mind taking that chip off your shoulder there?
<Bilge> Seems they've all disappeared now as well
<Bilge> The only one left is the one I reported today
<Bilge> Launchpad didn't get its big tracker reset at some point did it
<Bilge> bug*
<cjwatson> no.
<Bilge> There's no option to adjust time scale so I don't know what happened to them all
<niceuser> so it doesn't suck?
<cjwatson> you can look for all bugs you've reported, and there's an advanced search with which you can search for all bug statuses
<cjwatson> https://bugs.launchpad.net/people/+me/+reportedbugs
<cjwatson> -> advanced search, check all the boxes under Status:, press Search
<cjwatson> oh and possibly also uncheck "Hide duplicate bugs"
<Bilge> I can't figure this out at all
<Bilge> I get different lists of bugs "related to me" depending on what page I was on beforehand
<Bilge> If I go to my profile, I just see the one from today
<Bilge> If I navigate to Ubuntu project first, I can see my old ones
<Bilge> Instead of, but not as well as
<cjwatson> I don't know about related-to but /people/+me/+reportedbugs should be pretty deterministic. (for detailed help on LP, though, #launchpad.)
<Bilge> The URL is slightly different. One is referencing my user name and the other my e-mail address, and it lists different bugs for each
<cjwatson> Launchpad URLs never contain your e-mail address, as far as I can remember. That sounds as if you may accidentally have two Launchpad accounts?
<cjwatson> (though I'm not sure how that would happen without your noticing.)
<owh> It sounds like that to me also.
<Bilge> Yeah there's two
<cjwatson> you can merge them if you want
<Bilge> I would want
<owh> One less mystery for the day :)
<Bilge> They were created one month apart with the same user name
<Bilge> I guess user names aren't unique
<owh> s/same/similar/
<cjwatson> Launchpad user names are unique
<infinity> I see ~bbilge ... What's your other one?
<Bilge> https://launchpad.net/~corporate-scriptfusion
<cjwatson> as in, when you visit launchpad.net/people/+me, it redirects to (in my case) launchpad.net/~cjwatson - the 'cjwatson' bit is the Launchpad user name
<Bilge> https://launchpad.net/~bbilge
<infinity> Those definitely look like very different usernames to me...
<cjwatson> https://help.launchpad.net/YourAccount/Merging
<infinity> Bilge: Don't confuse username with real name.  Real names aren't unique.  Your username is what's in the URL.
<Bilge> I figured from what you just said
<Bilge> Does it matter which one I merge with which
<cjwatson> no, your choice
<infinity> Nope.  Keep the one you prefer the username to. :)
<cjwatson> pick the one you want to keep, request a merge of the other
<infinity> (Or create a whole new account, and merge both to it)
<infinity> It matters if you have things like PPAs, I suppose, where URLs break when merged accounts go AWOL.
<infinity> But that doesn't look to be an issue for you.
<Bilge> This system really does drive me mental
<Bilge> I can't actually log into the other account because the log-in firm is just a button for OpenID which logs me into the wrong account automatically
<Bilge> form*
<infinity> Even if you do a forced logout?
<Bilge> Yes
<Bilge> I just did a cookie smash which fixed it though
<infinity> Weird.  Logging out here deleted the cookie correctly.
<Bilge> It was bouncing back and forth between some subdomains which probably screwed it up
<Bilge> Probably only fails when looking at help
<infinity> If you can reproduce it, I'm sure the LP devs would love a bug on it.
<infinity> And hey, if they don't love the bug, too bad. ;)
<billybigrigger_> anyone here aware of a decent auth log analyzer? like webalizer for access logs?
<jerrcs> Any reason a lot of *.deb files are broken on the installer? I've burned a couple copies of the iso... :/
<twb> jerrcs: define `broken'.
<jerrcs> twb: well, I don't know. it fails to retrieve several of the *.deb files..
<jerrcs> I was hoping it could fallback to retrieving them from a local mirror
<jerrcs> but I don't know how to select that in the installer.
<twb> jerrcs: fails to retrieve them from where?
<twb> What makes you think it's retrieving them from the CD (as opposed to via the network)?
<jerrcs> from the cdrom.
<jerrcs> twb: because I downloaded 577mb of pure iso goodness.. I don't think it would download more packages from the internet when they are already on the cdrom.
<twb> jerrcs: that is not a valid assumption.
<jerrcs> I don't think you understand. It's all good, I found installer components.
<twb> For a single release and architecture, the complete set of all packages is perhaps 5GiB.
<jerrcs> yes. I know that
<jerrcs> and
<jerrcs> I'm talking about core instal lcomponents
<twb> What is the error you see onscreen?
<jerrcs> your basics.. libc6, openssh, stuff like that. I'm seeing corrupt .deb files.. "debootstrap warning... warning: file:///cdrom/pool/main/g/gnupg/gnublahblah.deb was corrupt"
<jerrcs> and it's pretty much like that for all of the packages.
<twb> I see.
<twb> Have you checksummed the burnt CD and compared it to the downloaded .iso, and to the .asc file included with the upstream .iso?
<jerrcs> yes.
<twb> And were they all identical?
<jerrcs> I don't think I'd burn the CD otherwise.
<twb> You can't know the checksum of the CD before you burn it.
<oh_noes> Why doesnt this work? # ufw allow from port 5678/tcp to port 5690/tcp
<oh_noes> Isnt it the correct syntax?
<anirban> I have installed Virtualmin 3.703.gpl module in my Webmin 1.480 panel of my Ubuntu 9.04 HyperVM VPS . Now I have added 1 domain named web2dziner.com using Virtualmin virtual hosts. The problem is when I type http://web2dziner.com (wrong Apache default page ) and http://www.web2dziner.com (the desired page) , it goes to two different webpages. I haven't done any modifications as such directly to the Apache. How to fix it ?
<twb> oh_noes: why do you want to set the source port?
<twb> anirban: webmin isn't supported on Ubuntu AFAIK.
<oh_noes> twb: I'm trying to say, ANY IP address, ALLOW from source port x to source port y
<oh_noes> save me typing 50 lines of "ufw allow x/tcp"
<twb> oh_noes: erm, you can't send a packet *to* a source port.  That doesn't make sense.
<oh_noes> so im not trying to send it to a source port
<twb> oh_noes: packets come *from* a source port, and go *to* a destination port.
<oh_noes> I'm trying to say where the destination port is a range
<twb> Oh, I see, you want a port RANGE.
<oh_noes> Yep, and i cant figure out how to tell ufw that
<twb> I don't know if ufw(8) can express that, but in the underlying iptables-restore syntax it's -m multiport --dports 5678:5690
<twb> Assuming you want to match destination ports, rather than source ports.
<twb> For example, -A INPUT -p udp -m multiport --dports 53,67:69,123 -j ACCEPT
<oh_noes> thanks, yeah not using iptables, because i only need a simple host based single NIC firewall
<oh_noes> i was hoping to express it in a single command
<twb> I think "ufw from port N to port M" means -s N -d M, not --dports N:M
<twb> i.e. the ufw(8) wrapper does not allow you to use --dports
<oh_noes> twb: ok thanks for the clarify, I'll use a quick for i in then
<twb> You can still express it as a single command if you ignore ufw and use the mess of shit in /var/lib/ufw or /usr/share/ufw
<twb> But that may be beyond your capability.
<oh_noes> well not capability, anything is possible
<oh_noes> but beyond what i wish to perform to a server to keep it in a known supported state
<twb> Right
<acalvo> hi
<acalvo> does anyone know how to get a list of used UIDs?
<pirx> awk -F':' '{print $3}' /etc/passwd
<pirx> list of UIDs related to users
<pirx> but there could very well be files with other UIDs in the filesystem
<acalvo> pirx: since I've a LDAP backend, they should be there
<acalvo> but trying to create a new user, it tells me that the UID is in use
<mattt> anyone here use XFS?
<qiyong> what is the kqemu-common pkg used for?
<J_P> hi all
<J_P> Anyone know how I set Umask in proftpd for a specific user create dirs/files with perm rw for owner and group ? I'm doing this http://dpaste.com/68192/  but not works
<J_P> anyone?
<uvirtbot> New bug: #400660 in samba (main) "[hardy]Unable to break ACL inheritance Windows ACL editor" [Undecided,New] https://launchpad.net/bugs/400660
<rgreening> hey, just wondering if anyone plans to package tac_plus-4.5b5-5.tgz and webui-1.5b3.tgz for tacacs? Or is there some licence restriction? It appears to be open sourced and supercedes the old unmaintained 4.0.4 build which was discontinued a coupled of ubuntu releases ago.
<rgreening> new version of tacacs can be found here... http://www.networkforums.net/
<rgreening> you might have to register to download... here's the direct link: http://www.networkforums.net/?q=system/files/tac_plus-4.5b5-5.tgz
<rgreening> ScottK: hey, any ideas on above? I looked over the code. it's all gpl.
<rgreening> except the RSA MD4/5 bit (which seems ok)
<ScottK> rgreening: What's the licensed on the RSA stuff and can it be linked against GPL code?
<rgreening> ScottK: http://paste.ubuntu.com/220536/
<rgreening> ScottK: I believe this was part of the original tac_plus package (which is unmaintained). The rest was re-written in C++ from the ground up.
<rgreening> Oh, and ScottK, here is a bit a little further down same file: http://paste.ubuntu.com/220538/
<rgreening> looks ok to me...
<ScottK> I'd have to go seriously think about why the 4 clause BSD license with the advertising clause is GPL incompatible to know for sure, but I think so.
<rgreening> ScottK: I'm pretty sure this was in the prev tac_plus package we had a couple of releases ago
<rgreening> 4.0.4
<rgreening> yep. just checked. was the same licence then
<ScottK> OK
<rgreening> ScottK: So, I can package and possibly upload?
<ScottK> I don't see why not.
<rgreening> I assume this would go universe initially and we could request to promote to main later
<rgreening> or should we try for main in karmic right away?
<ScottK> All new uploads land in Universe.
<ScottK> Get it there, then there can be a conversation.
<ScottK> "rgreening wouldn't be allowed to break it anymore" probably won't do it.
<rgreening> haha
<rgreening> hmm.. if it stays in universe, I get to maintain it.
<rgreening> if it moves, i wouldn't.. though main would be nice.. i guess
<rgreening> :)
<rgreening> ok, let me package it...
<cudev> I'm having problems getting if-up to work at boot. Everywhere that I've posted/asked so far, the only answer I've gotten is 'strange, that should work'
<Steve[mbp]> Morning Everyone!
<cudev> Morning Steve!
<Steve[mbp]> :-p
<shivek> Hi everyone ^^D
<cudev> HI
<cudev>  Can someone please expand upon what "if-up.d/mountnfs [device__]: lock /var/run/network/mountnfs exist, not mounting" means?
<PC_Nerd101> Hi,  I'm looking for advice on getting ftp accounts for specific virtual hosts in ubuntu (all installed from the standard 9.04 serve repo's).... so that a virtual host in /var/www/<vhostname> would have a specific FTP user for moving files around....  how would I set that up so that the user can only access that directory and not others. ?
<_ruben> PC_Nerd101: use the chroot option of for example pure-ftpd (other ftpd's probably offer similar features)
<PC_Nerd101> ahh ok :) - I've got vsftpd running....
<PC_Nerd101> just a sec
<PC_Nerd101> ok - I think I've got it working by setting up the standard user account, chrooting it in vsftpd config, and I've had to resort to 777 permissions because apache2 is running ( and reading directories) as root/daemon (I think) - its the standard $sudo aptitude install apache2 install - so is there a seperate user I should own it all as ?
<leaf-sheep> !oss
<ubottu> Sorry, I don't know anything about oss
<uvirtbot> New bug: #400776 in openssh (main) "ssh-keyscan(1) hangs if broken server does partial handshake" [Undecided,New] https://launchpad.net/bugs/400776
<michael__> Hi guys. Having issues with pam_krb5. Can kinit and get tickets, but login gives a server not found in kerberos db. (this is after pam-auth-config).
<resno> What is the best way to use webalizer to extract stats?
<resno> Is there anyone who likes webalizer and can get info from it?
<majikman> anyone here running apache httpd that can get this to work? http://httpd.apache.org/docs/2.2/mod/mod_status.html#machinereadable
<zoopster> resno: I use webalizer on jaunty and it works fine are you having trouble?
<resno> zoopster: i am trying to get logs deeper than whats appearing on the html pages. I need stats for a page that is not a top page.
<resno> Has anyone used the command "fileinclude" with webalizer?
<cemc> why is it that when I "ping host", it always thinks for a couple of seconds between each ping? there's no loss, no lag, it just tries to resolve something I think. it's Jaunty. any ideas?
<KillMeNow> mine does the same thing cemc
<KillMeNow> it didn't do it before I upgraded to Jaunty
<KillMeNow> in fact I've noticed that some services are slower to respond
<cemc> KillMeNow: exactly. On Intrepid it was all fine.
<resno> Has anyone had any luck extracting access logs for webalizer?
<zoopster> resno: the only way I can see to do that is log that specific page since webalizer really is just parsing logs for information I can see hits to specific pages in webalizer, so I'm not sure what else you are expecting
<resno> zoopster: I am expecting a miracle. :) If the stats arent there on the html page, are they any where else?
<zoopster> resno: my setup has each virtual host using a separate log and webalizer parses each log and puts the stats in a separate directory for each host
<resno> so webalizer is only a parser for data logs?
<zoopster> resno: doubt it...you may want to look at something like analog which is a really configurable log parser
<resno> i feel stupid. where are logs kept then?
<zoopster> resno: heh...pretty much...it's claim to fame is the slick format it outputs
<zoopster> resno: and the fact that it is blazingly fast
<resno> zoopster: so where can I find the logs then?
<zoopster> resno: /var/log/apache2 or whereever you configured it to be
<resno> ah thanks. that answers that most embarising question
<KillMeNow> resno
<zoopster> resno: no worries...read the conf files...tells you everything you need to know...in most cases
<KillMeNow> if you set a specific log file location in the virtual host block, it could be /var/log/apache/path to logs
<KillMeNow> but if you left it default it will be in /var/log/apache2
<KillMeNow> what are you trying to get out of webalizer?
<resno> i was looking for stats that webalizer wasnt showing. i always thought webalizer was recording and making the stats. but now i get its on a parser. LOL
<resno> where can i find the conf files for apache?
<cemc> resno: /etc/apache2
<funkyHat> Can anyone see why apache might be ignoring this virtual host file? http://pastebin.com/fac87955 :(
<funkyHat> (yes, it is in sites-enabled)
 * KillMeNow[A] is now away - Reason : Off for a while
<funkyHat> All of the other virtual host files work fine
<resno> cemc: is there any reason a virutal server could have it somewhere else? i dont even see an apache folder :(
<cemc> resno: what release are you on? is it apache or apache? AFAIK it's in /etc/apache2
<cemc> virtual server?
<resno> this is a dumb question. would centos put them in the same locatino?
<cemc> no, centos has /etc/httpd
<resno> where can i find out what these folders mean?
<resno> or whats in them?
<cemc> you look in them? :)
<resno> heh, no i mean. like etc, var, or usr
<cemc> oh
<cemc> http://en.wikipedia.org/wiki/Linux_Standard_Base
<cemc> take a look at this, I think
<jmedina> http://pathname.com/fhs
<resno> many thanks.
<resno> is there such a thing as a virtual server? for instance running multiple sites from one server?
<cemc> yeah, what he said
<rags> Is it possible to have multiple SPD entries in ip-sec.conf file? sepcifyig diff n/w but same tunnel??
<uvirtbot> New bug: #400115 in dovecot (main) "package dovecot-pop3d None [modified: /var/lib/dpkg/info/dovecot-pop3d.list] failed to install/upgrade: dependency problems - leaving unconfigured" [Undecided,New] https://launchpad.net/bugs/400115
<A|i> anyone tried installing mysql 5.1 on hardy?
<uvirtbot> New bug: #396202 in sqlalchemy (universe) "exception from sqlalchemy" [Undecided,New] https://launchpad.net/bugs/396202
<uvirtbot> New bug: #400876 in openssh (main) "openssh-server honors .hushlogin but doesn't tell PAM" [Undecided,New] https://launchpad.net/bugs/400876
<bdelin88> is it possible to create a Terminal Server on an ubuntu machine that can all windows clients to use Remote Desktop to access computers connected to the Terminal Server.  I would like to set it up so that a computer on the internet could connect to a windows client connected to the terminal server
<osmosis> how can I tell which drives are paired in a linux software raid 10?  http://dpaste.com/68345/
<uvirtbot> New bug: #400785 in openldap (main) "package slapd 2.4.11-0ubuntu6.1 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/400785
#ubuntu-server 2009-07-18
<linuxviewer> I have an installation of ubuntu and I removed the dual nic network card that was in there and replaced with an identical model number.  However, now I cannot get my NIC up and said device not found.  I assume because of the MAC address change.  Can someone point me in the right direction of what file(s) to edit to put in new MAC address (I am running Ubuntu server mode)
<funkyHat> linuxviewer: the new nic has probably been assigned /dev/eth2 and /dev/eth3, as eth0 and eth1 belonged to the old card
<cblack> Greetings ubuntites!
<cblack> I am having trouble getting a new ubuntu server to respond to external web requests... telnet to port 80 doesn't even work. I have not installed ufw or modified apache configs...
<cblack> I fear the problem might be that this server does not have a good/valid reverse dns entry for itself, but I can't fix that bc I'm not the dns admin for this network
<cblack> attempts to connect to the server do not show in the logs either, localhost connections using lynx do work however
<cblack> I can verify that ufw is not active (ufw status)
<linuxviewer> funkyHat - You are absolutely right.  However, I need them to be eth0 and eth1.  I can see the only place where MAC address I can find is /etc/udev/rules.d/70-persistent-net.rules.  However, I have edited it accordingly (changing MAC of eth0 and eth1) and delting eth2 and eth3, and then did a network restart and it still didnt work.
<linuxviewer> I then did a reboot, and that 70-persistent-net.rules was the same just as if I never changed it AFTER a reboot.
<pmatulis> linuxviewer: try removing that file completely, then a reboot
<linuxviewer> I have stopped udev as well and it seems as though that may have fixed it.
<pmatulis> linuxviewer: did you remove the file?
<tod1> hello room.  I am looking for help with cups.  I keep getting the "403 Forbidden" error when trying to connect via Firefox from another machine.  Thank you.
<rosskouk> Hi i'm in the process of setting up kerberos for nfs4 shares, it all seems to be working but I can't get the ticket lifetime to go any higher than 24 hours, i've modified the user and krbtgt principals and kdc.conf - can anyone point me in the right direction?
<bdelin88> is it possible to create a Terminal Server on an ubuntu machine that can all windows clients to use Remote Desktop to access computers connected to the Terminal Server.  I would like to set it up so that a computer on the internet could connect to a windows client connected to the terminal server
<qiyong> does ubuntu have mplayer?
<shivek> Hi everyone ^^D
<shivek> I've installed apache2 on my pc. I've also configured the dyndns thing. My website is http://shivekkhurana.servebbs.com/ . When I type this using my computer, Firefox redirects to index.html located at /var/www. But when I type it using some other computer, it asks password and username(of my router)
<shivek> Also I'm not able to edit index.html
<shivek> Please Help ^^|
<Bilge> Of God I lol'd
<Bilge> Oh*
<RoyK> lol http://yro.slashdot.org/story/09/07/17/2138213/Amazon-Pulls-Purchased-E-Book-Copies-of-1984-and-Animal-Farm
<shivek> Hi everyone ^^D
<BrixSat> hello
<BrixSat> i have a pc with 2 nic's one connected to a modem (eth0) , the other one to my internal network (eth1), the pc (ubuntu server 9.04) gives dhcp to all network. Question: how can i port forwward from wan the port 13000 to 192.168.182.2
<shivek> Is there anyway by which I can restore my computer to its default settings?
<leaf-sheep> Server fellows, do one know the problem explained by Richard Cavell in http://tinyurl.com/m6m5s6 ?  This involves port forwarding 22 and IP address.
<embrik> I find it difficult to set up my ubuntu server to let all users to have roaming profiles (this is a windows term, don't know what to call it in linux terms). I want all users at school to be able to log on on every workstations and get their own desktop, home-folder and so on. I have read some howtos, but they are a bit too technical. Does anybody know a step by step on this topic?
<dinger1986> does anyone use hylafax?
<rgreening> Looking for some assistance with getting an init.d script up to snuff for a package I am working on. I am using the init.d lsb template script from dh_make. It's for the tac_plus package (4.5b4-5). The daemon runs forgrounded and you have to explicitly '&' it. I can't seem to get the script correct in any case (tried --background).
<GilJ> Guys I was wondering why it says "Permission denied, please try again." when I connect to my Ubuntu SSH Server. I created an account, set the password and put the user in the AllowUsers list in /etc/ssh/sshd_config
<pmatulis> GilJ: maybe pastebin your sshd_config file
<GilJ> pmatulis: What's the pastebin package again? Don't have it installed yet and it's a non-graphical client
<KillMeNow[A]> pastebin is a online website
<KillMeNow[A]> www.pastebin.com
<ScottK> There is the pastebinit package.
<KillMeNow[A]> cool, didn't know they put out a package for it
<GilJ> http://pastebin.com/f6471e755
 * KillMeNow is no longer away : Gone for 1 day 1 hour 21 minutes 50 seconds
<pmatulis> GilJ: doublecheck the username and password you're connecting with
<GilJ> pmatulis: Already did that, tried it a few times. It should be correct.
<KillMeNow> user group?
<GilJ> KillMeNow: None set
<KillMeNow> does it have a home directory?
<GilJ> KillMeNow: The user I created? Yes
<KillMeNow> and it has the proper permissions?
<pmatulis> GilJ: restart the ssh daemon, attempt to connect, check your logs (auth.log)
<KillMeNow> check the auth....  you beat me to it pmatulis
<GilJ> auth.log says I try to connect with logname=
<GilJ> so no logname
<GilJ> Ok I found what the program was. I had a typing error in the username on the server >_<
<KillMeNow> that would do it
<embrik> wow, this is irc - linux - freeware -  helping each other - right
#ubuntu-server 2009-07-19
<FFForever> Hi
<FFForever> how can i reencrypt a public key?
<pmatulis> FFForever: what sort of key?
<FFForever> rsa private key for ssh logins, sorry i meant private
<pmatulis> FFForever: use '$ ssh-keygen -p'
<pmatulis> FFForever: you don't actually re-encrypt.  you simply will be changing the passphrase to decrypt
<FFForever> pmatulis, i already decrypted it
<pmatulis> FFForever: just use the command i suggested.  see the man page if you like
<FFForever> kk
<jeeves> is there a way to allow access to the log files through the CLI (without using sudo) so I can access the log files with GL_Tail
<pmatulis> jeeves: see 'man logrotate'
<pmatulis> jeeves: you want to change the default mode of the log file in question
<jeeves> pmatulis, ???
<FFForever> how do i enable log rotations, i ran /etc/cron.daily/syslogd manually removed over a gig of logs...
<pmatulis> FFForever-Away: it should run by default.  is it not sysklogd?
<pmatulis>  /quit
<FFForever> back sorry had to go
<loongson_> 389-directory server is a successor to LDAP
<loongson_> and packages are already available at REBU
<loongson_> REVU
<ScottK> loongson_: You'll probably do better to bring it up during the meeting on Tuesday.
<FFForever> can i run a sharepoint server?
<twb> FFForever: I'm not stopping you.
<loongson_> Okay, Tuesday UTC1500?
<loongson_> but it is midnight at my place
<ScottK> That's the best chance for it.
<ScottK> loongson_: Or maybe mail to ubuntu-server mailing list.
<loongson_> That maybe a better idea............ I have lectures in the next morning
<FFForever> whats wrong with my system? 462M	/var/log
<FFForever> my local system only uses 45mb
<FFForever> how can i remove old logs?
<jmarsden> FFForever: The rm command works fine for removing log files, just like any other files...
<FFForever>  78M -rw-r----- 1 syslog adm       78M 2009-07-18 19:17 syslog
<jmarsden> As for why you got bigger logs on one machine than another, it could be you have different levels of logging configured on the two machines... or that one is rotating log files more often than the other...
<jmarsden> Is there any content in the syslog file that suggests what the underlying issue is?
<twb> FFForever: the problem is that logrotate is either not installed or not configured correctly.
<FFForever> twb, how do i configure it correctly this is insane....
<Dustan> Hello all, I am looking for some advice on backup solution for a ubuntu(lamp) vps I just set up. I'd like to do something that runs automatically (daily/weekly) downloads to my home computer.  I'm am pretty inexperienced but willing to get my hands dirty. What are my possible solutions?
<FFForever> i should be using a default ubuntu server install
<twb> FFForever: it is configured correctly by default.  Therefore something must have broken it.
<FFForever> twb, how can i reconfigure it back to the default
<twb> FFForever: in particular, make sure that cron and logrotate are installed, that crond is running, and that /etc/cron.daily/logrotate exists, that /etc/crontab will run-parts on cron.daily @daily, and that /etc/logrotate.conf is sensible.
<Dustan> I've read that the sql databases can be difficult to backup?
<FFForever> twb oddly it just installed
<twb> Dustan: SQL isn't a kind of database.  It's an API for interacting with databases.
<Dustan> I told you I was inexperienced lol.
<Dustan> I am however learning at an accelerated rate!
<Dustan> Jumping in the deep end.
<twb> Dustan: a RDBMS such as PostgreSQL has files on disk, but these files are usually in an inconsistent state (e.g. due to buffering).  To back up such a database, you should use the database-specific "dump" functionality to extract a coherent backup.
<twb> Dustan: you should probably ask your RDBMS vendor (e.g. #postgres) about how to do that.
<jmarsden> Dustan: Or man mysqldump if you are using MySQL :)
<Dustan> I was reading about that, you want to dump them, then backup the inage
<twb> jmarsden: I don't think we should encourage people to use mysql :-(
<jmarsden> twb: Original request was for backup of a LAMP stack, in which M usually represents MySQL...
<Dustan> So I need to take special care to make sure I am backing up my databases properly, but what about the act of backing up and getting the stuff to my local computer?
<twb> jmarsden: I missed that, sorry.
<twb> Dustan: I tend to use rsnapshot for that, but I'm biased by way of working with its maintainer.
<Dustan> I have seen a few tutorials on the subject, but was wondering what you guys though would be best in my scenario?
<jmarsden> Dustan: There are many options, so many it is hard to know what you will prefer.  rsnapshot or rdiff-backup or one of many mamy otehr tools will do remote backups
<twb> The overkill end of the spectrum is populated by amanda and such
<twb> amanda scares the shit outta me
<Dustan> I would probably put preference towards ease of use/configuration.
<Dustan> I am running ubuntu at home too, so that should help a bit.
<Dustan> let's say I go with rsnapshot, my vps dies, how difficult is it to restore?
<Dustan> I get back to a fresh ubuntu install and upload my backup image, a little cli magic and im back?
<jmarsden> Dustan: try rsnapshot as a place to start.  For the MySQL backups I put a script like http://pastebin.ubuntu.com/221584/ into /etc/cron.daily/backup-mysql-database  and it does its thing, keeping 7 days worth of backup copies for me... adjust as necessary for your own needs, and make sure the file is chmod 0700 so only root can read it
<Dustan> sorry if these are stupid questions
<jmarsden> Dustan: Usually you would back up data and config files, not everything on the server... package management etc will mean you don't becessarily want to back up all installed programs etc etc. with rsnapshot.
<jmarsden> Unless your home-to-VPS link is VERY fast, a full backup of a server could take a looong time...
<Dustan> Ok, thank you for the clarification.
<Dustan> Makes sense
<Dustan> getting the packages back is pretty simple anyways, I got pretty efficient at it breaking stuff the first few days. I even made a script to do it all for me :)
<jmarsden> Right, as long as you make and back up a list of what packages are installed, getting them all back after a fresh install is usually straightforward.
<Dustan> Cool, thanks for the direction guys, I really appreciate it!!!, It's been a of of fun getting this all up and going.
<jmarsden> No problem.  dpkg --get-selections will output a list of your packages, so you can redirect that to a file and then back that file up...
<MrGlass> hi
<MrGlass> i am having trouble install APC (for php5) and xsl
<jmarsden> MrGlass: sudo apt-get install php-apc       # should install APC just fine...
<jmarsden> In other words, it should install just like all other packages are installed.
<MrGlass> right
<MrGlass> well, actually, the guides i found online said to use pecl
<MrGlass> so i did
<MrGlass> but aparently i was missing apache2-dev
<MrGlass> so it wouldnt install
<MrGlass> still no idea on xsl though
<jmarsden> Undo that and use the packaged version.  When it exists, always use the packaged version.
<jmarsden> sudo apt-get install php5-xsl     shoudl handle that one...
<jmarsden> as before... they install just like all other packages...
<MrGlass> yay
<MrGlass> thanks jmarsden
<MrGlass> yeah, dunno y google didnt just show that
<MrGlass> much easier
<jmarsden> No problem :)  In future you can use http://packages.ubuntu.com to search for packages before you google...
<MrGlass> lol, fair point
<MrGlass> i was just googling the errors i got
<jmarsden> The guides you found were for older version of Ubuntu, basically.
<MrGlass> yeah, not surprising
<MrGlass> btw, whats the diff between aptitude and apt-get?
<jmarsden> They both install packages, some people liek one and some like the other... aptitude does more to help with managing dependencies than apt-get, which is great when it works and a nuisance when it doesn't quite work.
<MrGlass> hmm, k
<MrGlass> right, im gonna go celebrate finally getting this server configured right
<MrGlass> while it backs up
<MrGlass> lol
<MrGlass> cya
<jmarsden> Bye :)
<Byron_> Hello everyone.
<Byron_> I finally have my Ubuntu server running smoothly.
<Byron_> I have 3 sites being hosted on it.
<Byron_> Just wanted to get an idea about a book. Is the "Ubuntu 9.04 Server: Administration and Reference" a worthy purchase?
<jmarsden> Byron_: I think it is so new that few people have read it... no reviews yet on Amazon, etc.  Maybe you can flip through it in a local brick and mortar bookstore before purchase, to make sure it suits your needs?
<Byron_> jmarsden: That's the unfortunate part. Nobody near me carries it. I'm feeling like this book only exists in my head.
<jmarsden> Then it's basically a US$25 gamble at this point... so if your company is paying, fine, if you are paying, maybe wait a while?
<Byron> Checking IRC for a copy of the book so that I have something to read and better understand the server I built. I'm going about it all blindly and resolving issues, but that's only going to get me so far without knowing exactly how/why that error happened in the first place.
<Byron> No, this book is being purchased by me.
<jmarsden> So... have you read all the Debian and Ubuntu docs online already?  At least the Ubuntu Server Guide... ?
<jmarsden> https://help.ubuntu.com/9.04/serverguide/C/
<Byron> No luck finding a server guide, either. I don't live in the woods for this book to be so elusive.
<jmarsden> It is elusive because it has only been published for about six weeks :)
<jmarsden> Read the official docs for now, and look for that book in another month or two, when it is likely to have been more widely distributed.
<Byron> I live near the very busy part of SoCal. I'm surprised I'm not seeing at least a copy or two near me.
<jmarsden> Understood... I'm in SoCal too... but the world of Ubuntu servers has survived for years without this particular book... so you can probably get equivalent information elsewhere, including online.
<qman__> This is the best linux book I have, though it's not ubuntu specific:  http://www.apress.com/book/view/9781590594445
<qman__> adapting it to ubuntu requires a little bit of experience, but it has a lot of good information
<qman__> it covers a lot of good security practices, why they're good, and how to do them
<Byron> Sorry, checking out the server guide online. I'll take a look at that book as well.
<loongson_> are anyone on the MOTU team?
<jmarsden> I wish I were... maybe one day :)  I suggest you try asking your question in #ubuntu-motu
<loongson_> I know, I was sent here by that group
<loongson_> Anyone who are MOTU
<loongson_> would you please review all 389-related packages
<loongson_> https://launchpad.net/~ubuntu-389-directory-server
<loongson_> in REVU?  They needs to be advocated before 389 can make it to Karmic
<loongson_> 389 is the LDAP successor and it definitely needs to be included by Karmic
<jmarsden> You'd probably have more success on a weekday, at a time when either the USA is mostly awake, or at a time when Europe is awake... right now the USA is mostly asleep (10pm here in California) and most of Western Europe is not yet awake :)
<richardcavell> Can anyone help me with getting ssh to work?  I can ssh to other computers over the Internet but they cannot ssh to me
<mattt> richardcavell: firewall?
<richardcavell> iptables returns nothing, mattt
<richardcavell> I've set up port forwarding - port 22 from the Internet to my computer through the modem. Like I said, I can ssh out but they can't ssh in.
<MrGlass> hey
<MrGlass> how do i uninstall an app?
<MrGlass> from command line
<MrGlass> ah, remove
<MrGlass> lol
 * qman__ is listening to "Still" by "Geto Boys" from the album "YTMND Soundtrack - Volume 4"  [0:07/4:03]  [128 kbps]
<qman__> oops, wrong channel, sorry
<petx> hi all... I try to show request time out while pinging other PC on network... any idea??
<orogor> hi here
<orogor> when creating a raid with md , can i specify a device as an uuid instead of a devfs name?
<orogor> also , why is sata_nv missing ?
<orogor> haa sorry , it s built in
<piegod> Hello, I've tried to follow the guide at https://help.ubuntu.com/community/Internet/ConnectionSharing but on connected machines I get no Internet connectivity (eth1 is a WiFi AP, eth0 has Internet)
<piegod> what am I doing wrong?
<Bilge> Life
<piegod> ?
<jpds> orogor: Sure, the uuids are at /dev/disk/by-uuid/
<orogor> jpds, what would be the sintax for that ?
<orogor> i replace /dev/sda by uuid=1234455  ?
<jpds> sudo mdadm --add /dev/disk/by-uuid/ /dev/sda ?
<jpds> by-uuid/skajfdskdafhqwruqw *
<orogor> actually i ask before i never saw anyone doing this in any exemple or  doc
<orogor> thanks
<jpds> Well, the stuff in /dev/disk/by-uuid/ are just symbolic links to ../sda1, etc.
<orogor> haa, never paid attention they were symlinks
<orogor> bbl
<pixlbox> this question may be off topic, i have ftp set up so i can access my fonts from elsewhere for some reason the fonts arnt uploading to the server correctly, its just listing them there the files themselves are 0KB
<BrixSat> hello
<BrixSat> i have a pc with 2 nics eth0 is wan and eth1 is lan, how do i forward from eth0 the port 13000 to 192.168.182.2 wich is on eth1?
<pmatulis> BrixSat: see http://www.debian-administration.org/articles/73 for an example
<BrixSat> pmatulis thanks
<rferrada> alo?
<rferrada> dears, im new in this chat...and im having problems with mu new server
<rferrada> i just installed again a server with ubutnu 8.04L with a new IP address but the dns server still ask me for the old IP address, so when i do ping to this server appair like unreachable
<rferrada> somebody there?
<rferrada> toc toc ...someboy in the room???
<Tom_Ass> yes, but I can't help you with that problem
<rferrada> :( thanks anyway to respond
<rferrada> i dont know why there are a lot of people in the room and nobody say nothing
<BrixSat> hi
<BrixSat> say again.. you have a dns installed on a fresh machine and it asks for the old one?
<BrixSat> the problem is not on that one rferrada the problem is probably on the machine that dhcp your server
<BrixSat> and by the way dns takes time to spread
<BrixSat> in some cases 48 hours
<aent> hi... I was wondering if I could set a max upload/download speed for certain IP addresses? either in apache or somewhere else?
<rferrada> hi thanks !...no, i re install one server with a new IP address but the dns still when i do ping is looking for the old ip
<BrixSat> aent using a php script you can control the upl / dnl speed
<rferrada> the dns is installed in the PDC server
<BrixSat> rferrada so way till the pdc server rehash the config
<BrixSat> inside the network can you ping your server?
<BrixSat> using ip and not dns
<aent> its not a php script...
<zoopster> rferrada: you need to update your named server with the new ip address
<rferrada> no, i can ping my selft (the server) and also i got connection with the internet but the another pcs, can to ping to th "name server" just directly to the IP address
<BrixSat> so problem is not on your server
<rferrada> yes, thay can ping to the Ip, but not the name
<pmatulis> rferrada: so change you dns configuration (point the name to the new IP)
<zoopster> rferrada: change the "A" record on the dns entry pointing to that server
<BrixSat> but on pdc, update the condifg like zoopster said
<pmatulis> wow, triple blast
<rferrada> so..change the A in the dns entry?
<BrixSat> yes
<rferrada> thanks, one question more...how is called this file because i try to find some file that cintain this name and i coulnt
<BrixSat> rferrada to simplify use webmin ;) a web interface to control the server ;)
<zoopster> rferrada: where does your named server - you mentioned a PDC...is the named server running on windows?
<rferrada> no it run with a old gentoo
<rferrada> i mean pdc is gentoo my server is ubuntu
<pmatulis> rferrada: maybe http://en.gentoo-wiki.com/wiki/BIND
<rferrada> yes i will try with that...thanks a lot for your help...
<zoopster> pmatulis has all the links!
<rferrada> i will try tomorrow morning
<pmatulis> first hit from google for "gentoo bind"
<rferrada> thanks guys
<BrixSat> where does normaly iptables rules stay?
<rferrada> sorry the last question is for me?
<BrixSat> :P If you know the answer yes ;)
<rferrada> hahah..is runnugn in the old gentoo (PDC)
<BrixSat> why does iptables -t nat -A PREROUTING -p UDP --dport 13000 -j DNAT --to-destination 192.168.182.2:13000
<BrixSat> get's destination anywhere on nat list?
<BrixSat> DNAT       udp  --  anywhere             anywhere            udp dpt:13000 to:192.168.182.2:13000
<zoopster> BrixSat: there is no "normal" location, but logically you save them in /etc using iptables-save and restore from there using iptable-restore. I use UFW to make it simpler for me so they are saved elsewhere for me
<BrixSat> ;)
<ricdanger> hi
<ricdanger> is there any alternative software to canonical landscape (somehthing like the ~opensource spacewalk)?
<RoyK> what is it landscape does so well?
<pmatulis> ricdanger: no
<ricdanger> how do you handle updates on multiple servers?
<ricdanger> i'm currently using puppet for configuration changes
<ricdanger> but I just don't trust it for upgrades
<pmatulis> ricdanger: good call
<ricdanger> my problem is that I'm handling updates of both desktop and server
<ricdanger> desktops can be turned off by users
<ricdanger> so the upgrade can go wrong
<ricdanger> and it only have a total lack of reporting for this kind of operations
<RoyK> if it's just software upgrades, then just install cron-apt and configure it to do it all automatically
<ricdanger> i was undert the impression cron-apt would only fetch the packages
<RoyK> by default, yes
<ricdanger> maybe I should take a better look at it :D
<RoyK> but you can configure it to install them as well
<ricdanger> that's great
<ricdanger> and is there a way to prevent it from installing kernel upgrades?
<ricdanger> that messes up+ with my vmware installation
<ricdanger> they must be done manually, because of the "vmware-tools"
<RoyK> not sure
<BlasterMaster> has anyone experience with "desktop sharing" under "freenx"?
<ricdanger> I setup a server 2 months ago
<ricdanger> maybe I can help
<BlasterMaster> ok i want to set the server up that i can have a remote desktop with freenx
<RoyK> ricdanger: http://ubuntuforums.org/showthread.php?t=238706
<ricdanger> blastermaster: as far as I remember, it was quite straight forward to setup with an apt-get and nx-setup (i guess it was called like that)
<ricdanger> i only had a problem with some user password that had a minus character as the first character
<ricdanger> do you have anyu specific p+roblemn?
<RoyK> ricdanger: in short - apt-get install wajig, wajig hold <package name>
<BlasterMaster> i want the same session which i have on my local display, but i cant get connectet with this session
<BlasterMaster> maybe i dont know how to setup the node.conf
<ricdanger> uhmmm...
<ricdanger> I never did that with nx
<ricdanger> only with vnc
<ricdanger> :S
<ricdanger> I just create "NX" sessions and attach them with the nx cl'ient
<BlasterMaster> for me it would be nice to see so that i can use amarok on both session
<pmatulis> RoyK: why not just use aptitude for pinning?
<RoyK> probably works just as well
<RoyK> I'm not into aptitude
<ricdanger> I never used aptitude
<ricdanger> never undestood the advantages of it over apt
<RoyK> well - catch you guys later
<pmatulis> ricdanger: if you can avoid installing extra packages, especially ones from universe, then you should do so
<BlasterMaster> so am i wrong to have the same displayed on both screens with nx?
<BlasterMaster> i tried to create a shadow session but it never worked
<pmatulis> ricdanger: btw, pinning with aptitude is as simple as 'sudo aptitude hold gdm', if you wanted to pin the gdm package
<axisys> i have two 80gb disks (sda and sdb) on x2100 . i am running jaunty server on sdb.. how do I mirror sda .. so incase sdb goes bad, i can boot from sda ?
<axisys> in solaris i just  use svm (solaris volume manager) to take care of that
<jgedeon> axisys you can set them up in a software raid.
<jgedeon> But if you are worried about losing something soon you can dd the drive.
<axisys> jgedeon: no fear of loosing anything..
<MT-> You guys have any idea what's going on with lines 18 & 19 and the duplicates of those?
<MT-> and the link...http://pastebin.com/m36d3ddeb
<pmatulis> MT-: no home for user 'nobody'?
<MT-> pmatulis: is there supposed to be?
<MT-> pmatulis: I'm just curious why those are showing up
<MT-> ls
<pmatulis> MT-: ls?
<MT-> pmatulis: sorry, I was sending my bot something and spaced on what I was sending and doing and pretty ,uch had a cataclismic brain fart
<pmatulis> MT-: i think what you're seeing is an application dropping privileges.  it starts as root but then drops to nobody
<MT-> oh
<MT-> hrm... would supybot do that?
<pmatulis> MT-: no
<MT-> oh..
<pmatulis> you start supybot as your regular user right?  i think it complains if you try to start it as root
<MT-> ya, I run as normal
<pmatulis> MT-: anyway, i just did a test.  i became root and then su'd to nobody.  i get the message 'Successful su for nobody by root'
<MT-> So it's not root becoming nobody
<pmatulis> yes it is
<pmatulis> "i became root and then su'd to nobody"
<MT-> .... sorry...
<MT-> lemme guess - next line should be a little more explanative that it is
<MT-> pmatulis: thanks :)
<MT-> I'll try to watch that sometime and catch the pid to track it down :)
<FFForever> why is sendmail-mta using such a high amount of cpu when sending messages (brings me over 1.0 load avg), is there better alternatives then sendmail-bin for sending mail with php
<MT-> FFForever: mail(
<MT-> FFForever: mail()
<MT-> FFForever: you do know that 1.0 means 1 process average, right?
<MT-> it's not a %
<FFForever> what is a zombie process?
<MT-> FFForever: a process that started running, finished its job, but didn't stop execution
<FFForever> how do i locate them, top says i have 4, are they bad?
<FFForever> MT-, how does my log files keep getting around 500mb+??
<FFForever> root@chr1831:~# du -sh /var/log
<FFForever> 1005M	/var/log
<FFForever> was 2.1gb yesterday
<MT-> FFForever: pastebin this  du -hs /var/log/*
<FFForever> http://pastebin.com/f79cf896d
<MT-> FFForever: look at mail*
<FFForever> MT-, i see, what about syslog?, thats 60mb =\
<MT-> FFForever: check that you're not being spammed
<MT-> look at the obvious first
<MT-> if the errors in mail* point to syslog, then go there
<FFForever> Jul 19 06:36:21 chr1831 sm-mta[5140]: n6G8FkUS003836: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
<FFForever> Jul 19 06:36:21 chr1831 sm-mta[3820]: n6G8FkUS003836: SYSERR(root): putbody: write error: Broken pipe
<FFForever> i thought i fixed that by installing sensible-mda
<MT-> are you using exim4?
<FFForever> not that i know of, i am operating a outbounds only mailer (sendmail-bin)
<FFForever> just so php can send emails
<MT-> aptitude install sendmail
<FFForever> will that open port 25 for everyone to mail through me?
<FFForever> i just want php to be able to send mail, no one else
<MT-> no ubuntu app defaults to public incoming 25
<FFForever> ahhhh
<MT-> you can easily configure them for that - but 80% of users probably don't want that - guessing
<FFForever> MT-, can i add suphp to log rotation?
<MT-> !info suphp
<ubottu> Package suphp does not exist in jaunty
<MT-> !suphp
<ubottu> Sorry, I don't know anything about suphp
<MT-> If ubottu doesn't know about it - I would suggest no
<FFForever> MT-, i installed it manually, it runs php as the uid/guid of the user and not as www-data
<MT-> oh - then ya - I would say don't do that
<FFForever> !libapache2-mod-suphp
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<ScottK> MT-: Why are you recommending Sendmail?
<MT-> ScottK: it seemed to be what he was trying to use
<MT-> sorry
<ScottK> Generally for Ubuntu we prefer Postfix and Exim4 and all the help docs are written for Postfix.
<ScottK> MT-: Many MTA packages provide a sendmail binary.
<MT-> FFForever: ^
<MT-> ScottK: I'll suggest better from now on :)
<ScottK> MT-: OK.  Sounds good.
<ScottK> Postfix is generally the best recommendation for here.
<arrrghhh> soooo does anyone know of a good cli "jukebox-like" program?  all i really want is a web ui to control it (like vlc) - i've seen all these cli/headless solutions for streaming (i have a daap firefly server setup arleady) but i want something that plays thru the local server hardware instead of streaming it to another device.  for me, this would be easier then i am not tethered to the stereo system anymore!
<arrrghhh> or do most use their servers for streaming instead of hooking the server to a physical amplifier?  it seems the configuration i desire is uncommon.
<arrrghhh> anybody at least be able to help me out with sound?  i get an error when trying to run alsamixer.
<simon-o> arrrghhh: are you sure #ubuntu-server is the right place?
<arrrghhh> well i'm running a server install... there's no gui...
<simon-o> arrrghhh: and you want sound on a server?
<arrrghhh> well, initially i didn't... but i'm finding streaming it to another device is cumbersome, i'd much rather just play the music directly off the server and control the software thru a webui...
<arrrghhh> er control the software that plays the music thru a webui.
<arrrghhh> and i figured this room would have more server-minded peoples that would have more useful suggestions than just the plaim ubuntu room :D
<mattgyver> Hi, im running fail2ban but it appears that its releasing the ip bans though i have set the ban time set to -1, the logs show several "Error: Unknown communication issue" does anyone know how to remedy this?
<arrrghhh> i really just want a music device that's not my craptacular ipod which no longer shuffles music.  i'd like something that i don't need to hook a screen up to that plays music easily.
<simon-o> arrrghhh: ok I understand. I can't help you there. but I think in #ubuntu they can. and besides that it's !weekend
<simon-o> !weekend
<ubottu> It's a weekend.  Often on weekends, the paid developers, and a lot of the community, may not be around to answer your question.  Please be patient, wait longer than you normally would, or try again during the working week.
<arrrghhh> yea, i see.
<arrrghhh> i'll try over in ubuntu, i just usually am met with a flood of suggestions that require an X server at the very least, and then the flaming starts as to why i'm not using a full desktop blah blah have  you checked in ubuntu-server y'know.
<simon-o> arrrghhh: ok, good luck :)
<arrrghhh> thanks!
<MT-> come back... I had an idea
<MT-> lol
<MT-> oh well
<user345fgh> hi
<user345fgh> is there some sort of console editor to add services that start at runtime?
<jpds> user345fgh: Yes, init.d and update-rc.d
<RoyK> looking into zfs on opensolaris, linux comes short
<pmatulis> user345fgh: please investigate the chkconfig package
<pmatulis> (a type of "port" from red hat)
<pmatulis> it's in universe however
<Pit3r> good nigh everyone
<Pit3r> someone already install citrix xenapp client in ubuntu 9.04 64bits?
<axisys>       
<axisys> how do I build software raid 1 between sda and sdb ? i have jaunty server running on sda1 ..
<axisys> i dont want to reinstall to create md0 (mirror of sda1 and sdb1)
<billybigrigger> can someone here shed some light on how i go about getting webalizer to read more than 1 access log?
<billybigrigger> everytime apache rotates the log i loose my stats
<orogor> hi here
<orogor> anyone familiar with initramfs grub and boot stuff ?
<orogor> i am  trying to boot to a raid 10 system with  separate /boot , however i keep having problems
<billybigrigger> LogFile="cat /var/log/apache2/access.* > /var/log/apache2/awstats"
#ubuntu-server 2010-07-19
<pmatulis> Jeeves_Moss: ok
<pmatulis> metalfan___: repair with a rescue cd maybe
<metalfan___> thx
<metalfan___> i did go down the the server a few minutes ago....then it worked
<metalfan___> i aborted the prompt a few times
<ziggles> hey guys, does anyone know if i reconfig mysql-server.... will i lose my databases?
<uvirtbot> New bug: #607039 in autofs5 (main) "NFS automount failover doesn't work" [Undecided,New] https://launchpad.net/bugs/607039
<Nhawdge1> Hey all i'm looking for some answers about the /etc/motd file
<Nhawdge1> in particular I want to append an actual update to the standard dynamic information without loosing the dynamic stuff
<qman__> Nhawdge1, add it to /etc/motd.tail
<qman__> at least, I think that still works
<qman__> that's how it used to work
<Nhawdge1> actually
<Nhawdge1> I found a bit better of a method
<Nhawdge1> aparrently they added an /etc/update-motd.d folder
<Nhawdge1> it runs all the scripts in there to create the motd
<Nhawdge1> which is a much better solution
<pschulz01> Greetings.. does the JeOS install still exist? I can't see  the install option on 10.04 server or alternate.
<cs1> guys
<cs1> where can i find my LDAP password??
<cs1> guys
<cs1> please help me
<cs1> i need help badly
<Jordan_U> !details | cs1
<ubottu> cs1: Please give us full details. For example: "I have a problem with ..., I'm running Ubuntu version .... When I try to do ..., I get the following output: ..., but I expected it to do ..."
<cs1> ooohh
<cs1> ok
<cs1> im having problem with setting up the LDAP server
<cs1> i follow the documentations on the ubuntu server guide
<cs1> then when i try to add the ldap script for the frontend part...
<cs1> it ask me for my LDAP password
<cs1> im running ubuntu server 10.04
<pickles> anyone know of a nice guide for a proxy server + dns on xen or kvm?
<henriquev> I need to set up a controlled/paid wi-fi hot spot, any idea? I'm looking for something like a access point (or software to be run in a computer) with an API that allows me to control the access to the Internet (like a firewall or something)... I intend to develop the connection management system.
<larsemil> anyone here? i have some questions. first off - i have an iscsi mounted on the kvm host. for the virtual guests, should i a) have one partition with lots of images, b) do an lvm and create a logical volume for each guest or c) some other setup?
<jussi> morning all
<jussi> Ive got dovecot running (have had for a while), with squirrelmail. we need auto responders and filters etc, so I installed avelsieve. problem is, I cant get it to run.
<jussi> I tried adding managesieve to dovecot.conf, as per this page: http://workaround.org/ispmail/lenny/server-side-sieve-filtering - but that gives me: @emailserver:~$ sudo /etc/init.d/dovecot restart
<jussi>  * Restarting IMAP/POP3 mail server dovecot                                     Fatal: Unknown protocol managesieve
<jussi> any ideas on whatws going wrong for me?
<joschi> jussi: which version of ubuntu and dovecot are you using?
<jussi> its 8.04 and let me just check - whatever is in the repos I expect
<jussi> jussi.schultink@emailserver:~$ apt-cache policy dovecot-imapd
<jussi> dovecot-imapd:
<jussi>   Installed: 1:1.0.10-1ubuntu5.2
<jussi> joschi: ^^
<joschi> jussi: I think you're out of luck. the managesieve plugin/protocol is shipped since dovecot 1.1.
<joschi> you are using dovecot 1.0
<jussi> oh :(
<joschi> but you can use the cmusieve plugin and use another managesieve implementation
<jussi> hrm
<jussi> can you point me to some docs or give me some ideas on what and how?
<joschi> jussi: http://wiki.dovecot.org/ManageSieve
 * jussi reads and scratches head
<jussi> might pop over to #dovecot, see if theyve some recommendations
<joschi> jussi: ehm, just read the wiki page. it clear mentions pysieved...
<jussi> joschi: which does not appear to be in the repos?
<joschi> jussi: so?
<joschi> jussi: and BTW: http://packages.ubuntu.com/lucid/pysieved http://packages.ubuntu.com/karmic/pysieved
<joschi> you can always do a backport
<jussi> joschi: I would much prefer to use something from the repos. (Im sorry if this came across the wrong way, I did read the wiki page)
<rahman> Hi, when I install openldap why there is no configuration questions asked like this : http://imagebin.org/105899 I'm on 10.04 btw
<joschi> rahman: https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
<rahman> joschi: I already read it the problem is when I do "sudo dpkg-reconfigure slapd" it doesnt ask for domain name, organisation name, admin password, backend db etc. It only asks if I want to keep db when I purge slapd and if I want v2 compatiblity
<spajderix> hi
<spajderix> is there a way to install php5.3 and php5.2 on one machine without having to compile it from source?
<joschi> rahman: and where in the guide I posted does it say, that something like this should happen? or that there's a debconf frontend for openldap at all?
<joschi> spajderix: if you find a .deb package providing a non-conflicting PHP installation: sure, then it's possible
<joschi> spajderix: out-of-the-box with only official ubuntu packages: no
<rahman> joschi: it says in the installation section : "The installation process will prompt you for the LDAP directory admin password and confirmation. .......If you require a different suffix, the directory can be reconfigured using dpkg-reconfigure."
<joschi> rahman: the installation process of libnss-ldap... not slapd
<joschi> rahman: and to be quite frank, I can't find the quote you posted on https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
<spajderix> joschi: then compilation awaits me ... thanks for your help:)
<joschi> spajderix: at least you only have to compile only one of the two versions yourself ;)
<rahman> joschi: thanks for the hint it seems I am reading 9.10 docs.
<joschi> rahman: oh, that's bad. the ubuntu 9.10 docs on openldap were/are really broken. there's already a "popular" bugreport on launchpad on this
<spajderix> joschi: that's what i thought of, i guess 5.3 from repo and 5.2 from source will be easier since I want to use 10.04 :)
<rahman> joschi: bad luck :) I did a google search and didn't notice the 9.10 part of the result url
<spajderix> joschi: another question then: is there a way to get ./compile params for php5.2 used in ubuntu deb package?
<joschi> spajderix: just get the source package and take a look at the specs in ./debian
<spajderix> joschi: ok, thank you for your time :)
<rahman> my ldap setup seems completely messed up: I get ldap_*: Internal (implementation specific) error (80) when I try to add ldif. opensldap FAQ says its a permission problem and when I do "chmod -R openldap:openldap /var/lib/ldap" I get chmod: invalid mode: `openldap:openldap' I did a purge and reinstall btw. Still no go
<larsemil> rahman: chown, not chmod
<joschi> hi, I have a problem with the a dynamic file template in rsyslog. it seems rsyslogd wants to write to the log files in /var/log/%HOSTNAME% before the directory was created.
<joschi> at least in normal mode. in debug mode (`rsyslogd -c4 -d`), it creates the directory just fine.
<joschi> I've posted details about my configuration, the error message and part of the debug output under http://pastie.org/1048389
<joschi> it could be related to Bug #484336 and changing the owner of /var/log to the user 'syslog' works, but I'd rather avoid that
<uvirtbot> Launchpad bug 484336 in rsyslog "/etc/rsyslog.conf permissions incorrect/missing for creation of dynamic files" [Undecided,Confirmed] https://launchpad.net/bugs/484336
<jussi> joschi: thanks for your pointers, Ive found a package and installed, just figuring out the configs now :)
<rahman> larsemil: someone needs to fix openldap FAQ then :) thanks
<joschi> rahman: be a hero and send an email to the author of that FAQ entry with your correction ;)
<jussi> looking at: http://isp-control.net/documentation/howto:mail:install_avelsieve_for_webmail - how do I determine the correct UID and GID I need for section 4?
<jcastro> zul: can you linke me to the server daily build spec for maverick?
<zul> jcastro: sure
<zul> jcastro: https://blueprints.edge.launchpad.net/ubuntu/+spec/server-maverick-daily-vcs
<joschi> jussi: the user needs access to your sieve files (see http://wiki.dovecot.org/LDA/Sieve/CMU)
<uvirtbot> New bug: #493736 in mod-wsgi "intrepid and jaunty may have buggy mod-wsgi 2.3" [Wishlist,Confirmed] https://launchpad.net/bugs/493736
<jussi> joschi: is there any big issue if I get it wrong, then go change it? is it going to eat things?
<rahman> its realy getting on my nerves. I can't restart slapd, it complains No configuration directory was found for slapd at /etc/ldap/slapd.d/ even it is there and the permissions are openldap:openldap
<joschi> jussi: if the uid and gid are wrong, pysieved simply can't read and/or write the sieve files - or cmusieve can't. but that won't blow up your server
<jussi> joschi: ok, great. thank you
<joschi> rahman: does it contain the cn=config.ldif file and cn=config subdirectory or is /etc/ldap/slapd.d/ empty?
<joschi> rahman: I personally found the cn=config style configuration a major PITA and reverted to good old slapd.conf
<rahman> joschi: both files are there
<joschi> rahman: especially since the meta backend doesn't support dynamic configuaration yet
<joschi> rahman: check /etc/default/slapd for which one is actually used
<joschi> rahman: you can't use both at the same time
<rahman> joschi: but the openldap wiki encoures to use dynamic conf as they say they can drop old style anytime. And in /etc/defaults/slapd SLAPD_CONF= is empty so it should use  /etc/ldap/slapd.d as described in that file. But I set it to SLAPD_CONF=/etc/ldap/slapd.d still same
<joschi> rahman: the openldap wiki can say a lot of things. as long as the meta-backend can't be configured that way, I couldn't switch configuration style even if I wanted to
<jussi> hrm, so problem now is that pyseived wont start. Ive tried starting it from the init.d script, but it doesnt work, when I run it straight, then: http://paste.ubuntu.com/465815/
<joschi> jussi: "IOError: [Errno 13] Permission denied: '/var/run/pysieved.pid'" is pretty obvious, isn't it?
<jussi> joschi: yes, but what do I do about it :D do I just chown the pid or?
<joschi> jussi: either create a directory /var/run/pysieved, `chown` it by pysieved's user and create the PID file in this directory, or create the PID file in /tmp (or any other world-writable directory)
<jussi> joschi: ahh, thanks
<uvirtbot> New bug: #596758 in mod-wsgi (universe) "KeyError in module 'threading' with Python 2.6.5 and mod-wsgi 2.8" [Low,Triaged] https://launchpad.net/bugs/596758
<jussi> getting theremow, but Ive now run into: Fatal error: Allowed memory size of 16777216 bytes exhausted (tried to allocate 1048576 bytes) in /usr/share/squirrelmail/plugins/avelsieve/include/managesieve.lib.php on line 457
<qman__> jussi, the solution to that depends on whether or not the script you're running is supposed to use more than 16 megs of RAM
<qman__> if it is, increase the limit in php.ini
<qman__> if it isn't, you'll have to find out why it's using that much
<jussi> but the amount of bytes exhasted is more than the amount it tried to allocate? is that a cumulative figure?
<qman__> that's a hard limit per-script
<qman__> so it includes all the functions and data used
<jussi> hrm
 * jussi doesnt know
<qman__> boosting it to 32 or 64 megs shouldn't hurt as long as you've got plenty of free RAM
<qman__> if it still hits the raised limit it's probably a problem with the script
<jussi> ok, which should I be working with? /etc/php5/apache2/php.ini
<jussi> /etc/php5/cli/php.ini
<qman__> is the script run from a web browser or the terminal
<jussi> browser (so I know the answer ;) :D)
<jussi> right, do I need to restart apache to get that to take?
<jussi> ok, so theres an issue with the script. :(
<jussi> Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 1025 bytes) in /usr/share/squirrelmail/plugins/avelsieve/include/managesieve.lib.php on line 459
<qman__> yeah, if it's using 64 megs there's definitely something wrong
<RoyK_wrk> anyone that knows any open webinar software?
<nimrod10> hi guys have you experienced the ubuntu-server 10.04 x64 installer that can't get a dhcp address during install ? It fails for me , but after I hit reconfigure again it gets a dhcp ip
<Jeeves_> nimrod10: Yes.
<Jeeves_> Do you have it connected with a switch with spanning tree enabled?
<Jeeves_> The switch usually checks the port for 37 seconds if it won't break anything if it's really enabled
<nimrod10> I have it connected to a cisco switch yes, at the moment I don't have a log in there
<Jeeves_> during that time, you do have link, but no connectivity
<nimrod10> Jeeves_, so what you're saying is to disable the spanning tree to fix this ?
<Jeeves_> nimrod10: http://www.itsyourip.com/cisco/how-to-enable-spanning-tree-portfast-in-cisco-catalyst-switch-ios/
<Jeeves_> Don't disable spanning tree, enabled portfast
<Jeeves_> That will give you a warning
<Jeeves_> because portfast introduces risks for spanningtree, but if you're not going to connect that port to another switch, that's ok.
<nimrod10> yes I see , I was reading through the page you gave, me and I seem to recall something I read about blocking vs Forwarding on cisco
<Jeeves_> That's spanning tree indeed
<Jeeves_> If it's enabled, the port starts in Blocking-mode
<nimrod10> thank you Jeeves_ I'll get the guy with the logins to change that and I'll try it now
<Jeeves_> np!
<kirkland> hallyn: see http://blog.dustinkirkland.com/2010/02/ksm-now-enabled-in-ubuntu-lucid.html for help on how to verify KSM
<rahman> I see this insyslog when trying to start slapd:          slapd[8115]: daemon: bind(8) failed errno=13 (Permission denied)
<nimrod10> rahman I haven't used slapd but that looks like a regular file/directory permission issue to me
<rahman> nimrod10: which is annoying, I checked /etc/ldap/slapd.d and /var/lib/ldap all are set to openldap:openldap as supposed to be.
<rahman> I will try to completely purge and reinstall
<nimrod10> check the location of the pid file
<Jeeves_> rahman: It gives a permission denied on bind()
<Jeeves_> Are you root while trying to start it?
<smoser> zul, sponsor https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/43574
<uvirtbot> Launchpad bug 43574 in xinetd "Needs Ubuntu-style init script" [Wishlist,Triaged]
<rahman> Jeeves_: yes did it with sudo. But never mind. I purged it, completely removed all ldap directories and reinstalled it. It know works. So it seems it was a meesed up setup. Thanks anyways.
<RoyK_wrk> anyone that knows any open webinar software?
<alex88> hi guys, i'm doing ssh tunnel and after some time i can't navigate, wget on vps (ssh server) says
<alex88> Connecting to www.google.it|209.85.135.104|:80... failed: No buffer space available.
<alex88> any help?
<RoyK_wrk> alex88, are you using ssh keepalives?
<AnAnt> Hello, how can I make the value of gecos field always the same as cn in LDAP service ?
<tola> Hi, are the AMI IDs on this page up to date? http://uec-images.ubuntu.com/releases/lucid/release/ I can't find those AMIs in the Community AMIs directory on EC2...
<alex88> RoyK_wrk: dunno how to check?
<alex88> btw, my own server has problems, lynx can't either navigate
<RoyK_wrk> Alblasco1702, to enable keepalives, add these two lines to /etc/ssh/ssh_config on the client
<RoyK_wrk> http://en.wikipedia.org/wiki/Lemon_curd
<RoyK_wrk> erm - ops
<RoyK_wrk> "ServerAliveCountMax 100" and "ServerAliveInterval 1"
<alex88> RoyK_wrk: after reconnect i've the same issue..waiting for some time worked..
<alex88> don't know why it happens, is possible because somebody was downloading from my server?
<alex88> with download accellerators?
<pmatulis> RoyK_wrk: making us desert?  yummy
<pmatulis> *dessert
<tola> Ah, is it possible to create an instance of an official Ubuntu AMI using Amazon's web-based console or do you have to use the command line tools instead because the AMIs are hosted elsewhere?
<alex88> RoyK_wrk: vps control panel says rcpsndbuffer is full, so i think there is no way to change that limit
<nimrod10> alex88, who's eating all the memory needed by ssh ? who's filling that buffer ?
<alex88> nimrod10: maybe a friend downloading with download accellerator..is there a way to check that buffer?
<alex88> for example, what is using that, how much?
<nimrod10> if you install iptraf you can see some statistics about your network cards , about the buffer I don't know how you'd see how much data is in it.
<alex88> nimrod10: thank you, i'll check..because on the vps panel i can see the used buffer
<alex88> so there is a way also on the system i think...maybe some /proc/ value
<alex88> cause is useless that they give you 100mbit internet connection if everything stops with buffer full
<alex88> i've tried that but it works on localhost and openvpn interface, not on venet0 that's internet... :/
<nimrod10> I don't know if you should blame it on the net connection, your ssh buffer resides in memory, and that is were the problem lies , some people donwloading stuff can't fill the ssh buffer, they can only fill the memory outside of your buffer
<alex88> it's not the ssh buffer, but the network buffer inside the kernel
<alex88> i've just told that i can't navigate via ssh tunnel, when the buffer is full also lynx on the vps and wget can't work
<alex88> then if the buffer is full other packets get dropped
<Jeeves_> How can I connect a Debian bug with an Ubuntu bug?
<jpds> Jeeves_: Via v6!
<jpds> Jeeves_: I think that you can only do that in Launchpad.
<jpds> Jeeves_: (+) Also affects distribution â Debian
<Jeeves_> jpds: Yes, found it through #launchpad. Thanks anyway. :)
<Jeeves_> And no v6 jokes!
<Jeeves_> Ubuntu will be sorry if it can't be downloaded on it's ipv4 island :P
<jpds> Jeeves_: What? releases.u.c has 3 4A records. :-)
<Jeeves_> jpds: That's only two in a few minutes! :)
<Jeeves_> jpds: By the way. All the nameservers are ipv4 only. :P
<hallyn> kirkland: thx
<remix_tj> does anyone knows where to put upstart scripts in lucid?
<jpds> remix_tj: /etc/init/
<uvirtbot> New bug: #607242 in image-store-proxy (main) "image-store needs to select kernel to boot based on host release" [Undecided,New] https://launchpad.net/bugs/607242
<remix_tj> jpds: thanks, i'll take a look
<uvirtbot> New bug: #604870 in cyrus-sasl2 "cyrus-sasl2 fails to build from source in maverick" [High,Confirmed] https://launchpad.net/bugs/604870
<sommer> morning all
<ttx> sommer: o/
<smoser> cjwatson, "grub-pc grub-pc/install_devices multiselect WHAT_HERE" ?
<cjwatson> smoser: just nothing after multiselect
<cjwatson> smoser: and 'grub-pc grub-pc/install_devices_empty boolean true'
<cjwatson> smoser: that's off the top of my head though
<smoser> thanks
<uvirtbot> New bug: #607311 in samba (main) "mount.cifs fails with "cannot allocate memory"" [Undecided,New] https://launchpad.net/bugs/607311
<benedikt> how can i rename a kvm/libvirt virtual machine? (not the hostname, but the name libvirt/kvm konws it by, domain?)
<resno> ive got a server that has no more hdd space, what can i do to easily remove unused apps/etc to get space back
<ph8> hey all, I don't suppose anyone knows an auto responder I can use with postfix?
<geneticx> when someone says "PCI experience required" do they mean peripheral component interface
<uvirtbot> New bug: #607339 in awstats (main) "Upgrade package to 7.0" [Undecided,New] https://launchpad.net/bugs/607339
<ruben23> hi guys how do i check if my audio device is detected and properly install on my ubuntu
<ND-work> hey guys
<ND-work> quick question
<VMTester> can anyone point me to a good guide to installing vmware server 2.02 on ubuntu server 10.04?
<NightDragon> i am looking for a way to install windows on client computers with PXE , using a ubuntu box as my server
<VMTester> I've run through http://hmontoliu.blogspot.com/2010/04/installing-vmware-server-202-in-ubuntu.html a few times, but have not been able to get it installed correctly yet
<NightDragon> any ideas?
<benedikt> how can i rename a kvm/libvirt virtual machine? (not the hostname, but the name libvirt/kvm konws it by, domain?)
<RoyK> mmmhhh.... new number chruncher - this one with 2x12core opterons and 64 gigs of ram :D
<cloakable> RoyK: But will it blend? ;)
<oru_work> if I have the ip, how can I find out its location ?
<jord> Hey. fsck hangs when it runs at boot on 10.04. It's been sitting there for a while and I can't cancel it or access at all. Any ideas why? / is ext4
<RoyK> cloakable: blend?
<failover> lol
<pmatulis> i'm looking for a mailing list manager that integrates well with an LDAP backend for storing memberships
<webPragmatist> is there a sshd log of sorts?
<pmatulis> webPragmatist: try auth.log
<webPragmatist> pmatulis: that only shows pam info
<pmatulis> webPragmatist: not according to what i see.  increase you log level
<failover> pmatulis, i'm think sympa could work with ldap
<failover> oh, too late
<jord> I'm setting up mdadm RAID5. I unplugged one of the drives in the hope of simulating a failed drive. The machine won't boot, just hangs with a fsck message. Any ideas where to look for clues? I've looked in /var/log but can't see anything.
<jord> If I plug the drive back in, it boots.
<TannerF> hi, i get "bash: php: command not found" even though php is installed
<ajmitch> you probably want php5-cli
<webPragmatist> is it possible to force an sshd "sftponly" user to a specific gid?
<cloakable> make that gid their primary group?
<webPragmatist> oh hrm
<webPragmatist> what if they aren't a part of that group heh
<failover> sudo chown user.group_you_want ssh_user_home_folder && sudo chmod g=+s ssh_user_home_folder
<failover> after do that every file you create on "ssh_user_home_folder" will be in the "group_you_want" group
<TannerF> thanks, ajmitch
<webPragmatist> failover: but the issue is when they create directories those directories aren't +s
<webPragmatist> g+s
<webPragmatist> failover: yea like i saidâ¦ g+s will not be on directories written in the home directory
<qman__> webPragmatist, I've got a daily cron script as a workaround
<qman__> it's hacky and slow
<webPragmatist> qman__: nothing in sshd_config ?
<webPragmatist> i have it chrooted
<qman__> I don't think sshd has a force group option
<qman__> but I could be mistaken
<webPragmatist> yea nothing useful
<webPragmatist> isn't there a way to use bashrc to set a specific chmod
<webPragmatist> for newly written files
<qman__> ah
<qman__> "it takes the fsgid of the current process, unless the directory has the setgid bit set, in which case it takes the gid from the parent directory, and also gets the setgid bit set if it is a directory itself."
<qman__> so if you recursively apply the group-owner and setgid flag, your system should theoretically maintain that state unless someone manually changes it
<qman__> and with sftp-only access that shouldn't happen
<webPragmatist> woh
<webPragmatist> where do you see this?
<webPragmatist> i don't see it in sshd_config
<qman__> it's in mount's manual
<qman__> it's not SSH specific
<webPragmatist> qman__: whats the name of the command?
<webPragmatist> just setting gid= ?
<qman__> ?
<qman__> you set the group-owner with chown or chgrp
<qman__> and then set the setgid bit with chmod
<webPragmatist> right but +s works on files created
<webPragmatist> not directories
<failover> work's on directories too
<qman__> +s means two different things for files and directories
<qman__> on directories it's setgid
<qman__> err, nevermind, it's setgid on both
<qman__> it just behaves differently
<webPragmatist> failover: i meanâ¦ if you create a directory in a directory which is +s it doesn't keep +s
<qman__> webPragmatist, yes it does
<webPragmatist> i just tried it :(
<qman__> if it didn't, something else happened
<qman__> because it most certainly does
<webPragmatist> well then crap
#ubuntu-server 2010-07-20
<webPragmatist> my ftp client must be setting the chmod?
<qman__> drwxrwsr-x  15 ryan smbusers 4.0K 2010-07-16 21:17 Tools
<qman__> that's what it should look like
<webPragmatist> yea
<webPragmatist> my ftp app is setting the permission implictly
<webPragmatist> on directories atleast
<webPragmatist> files it does okay
<qman__> the other option, and this is how I found that bit in the mount manual
<qman__> is to mount your filesystem with the grpid option
<webPragmatist> is implicitly set it  with moun
<qman__> that makes it behave like setgid is set
<webPragmatist> does it force it to do be that gid?
<webPragmatist> instead of this weird crap where it the user can make it whatever gid
<qman__> all it does is cause new files that are created to inherit the group ID from the parent directory, instead of the group-owner of the process that creates it
<webPragmatist> hrm
<qman__> it does not affect the user's ability to change the group-owner
<webPragmatist> fallacies of using sshd for ftp or something?
<qman__> not at all
<qman__> ftp would have this same problem in the same scenario
<webPragmatist> hrm
<qman__> it's a simple system permissions and data structure problem
<qman__> when you give multiple users write access and the ability to change permissions, you will run into this stuff
<webPragmatist> well with ftp could you prevent a user from changing permissions?
<qman__> not that I'm aware of, unless it was a special option in a particular ftpd
<qman__> let me check if there's a setting for that
<webPragmatist> well i don't really care to have an ftpd tbh
<qman__> I wouldn't
<qman__> doesn't look like anything in chattr for that
<qman__> so you'd have to use apparmor or selinux or something
<dominicdinada> Anybody hear anything about any 3rd party module support from webmin yet ?
<qman__> I have a file with a list of directories, which contains unescaped symbols and spaces
<qman__> I need to process this with a for loop, so I need to escape them
<qman__> is there an easy way to do that to the entire file?
<qman__> nevermind that, I found a different way to approach the problem
<webPragmatist> torrent
<webPragmatist> grr
<ader10> I can't install Ubu Server from a USB flash drive. I get a notification saying that the CD-ROM can't be detected (even with "--cdrom-detect/try-usb=true") Please help me install it from the USB flash drive.
<ader10> Also, what is up with 10.04's documentation being out-of-date? https://help.ubuntu.com/10.04%20LTS/installation-guide/ is missing and the samba file server installation guide is wrong
<qman__> ader10, I believe the link you're looking for is https://help.ubuntu.com/10.04/installation-guide/index.html
<ader10> the link on https://help.ubuntu.com/10.04/serverguide/C/installation.html is broken, then
<ader10> Also EM64T is called Intel 64 now
<qman__> Intel changes the name of that about once every six months
<ader10> I can't find anything in that guide to help me insall from a flash drive
<ader10> (I am pretty sure that Intel 64 is the last time they'll change it)
<ader10> The actual error text is "There was a problem reading data from the CD-ROM. Please make sure it is in the drive. If retrying does not work, you should chek the integrity of your CD-ROM. Failed to copy file from CD-ROM. Retry?"
<ader10> If you search for the first 2 sentences exactly on google you'll see that nobody has had this problem solved
<ader10> I can't take Ubuntu Server Edition seriously if nobody bothers to fix the installer
<DrPoO> has anybody installed pptpd on 10.04?
<DrPoO> has anybody setup vpn capabilities with 10.04?
<twb> I need the default umask for users to be 077.  If I just tell pam-auth-update to edit common-session and set it explicitly, that'll probably affect root and system users, too, and might cause bad juju.
<twb> Anybody know the "right" way to tell pam_umask(8) to affect only users â¥1000 ?
<twb> I'll just try turning it on for all users and see how badly it breaks things
<EvilTrek> how do I remove a single rule from IPtables?
<twb> -D
<EvilTrek> -D will remove the single rule?
<twb> But generally you ought to use iptables-restore and write your rulesets with an editor, since iptables-restore is atomic at the table level.
<EvilTrek> well i'm kind of just starting to use iptables, so I havent reached that point yet atm o.o
<EvilTrek> bear with me if i ask stupid iptables questions xD
<twb> #netfilter
<Roxyhart0> hi there ...i need to edit the file rules-save for iptables and then run it as iptables, somebody know how to do that, as i edit it but iptables -S doesn load those changes
<twb> Is there a way to change plymouth's background colour (from purple to black) without messing around creating a whole new "theme"?
<twb> Answer: yes
<twb> >>/lib/plymouth/themes/ubuntu-logo/*.script echo 'Window.SetBackgroundTopColor (0.00, 0.00, 0.00); Window.SetBackgroundBottomColor (0.00, 0.00, 0.00);'
<twb> Er, not quite.  But editing the existing calls to those functions suffices.
<|eagles0513875|> hey guys i have a question about squid and squidguard.
<|eagles0513875|> i have a single nic setup on my server would you guys recommend a 2 nic setup. one nic on the dmz the other nic on the internal network?
<twb> |eagles0513875|: it doesn't make a difference
<twb> Two NICs is slightly more convenient to code for.
<|eagles0513875|> ok it has a built in nic and i dont mind using it
<|eagles0513875|> twb: ill give it a shot but atm cant get it going
<|eagles0513875|> but thanks for the info :)
<twb> You can always use trunking to run several logical NICs over a single physical NIC, assuming you're running Ubuntu on your router
<|eagles0513875|> O_O
<|eagles0513875|> no im not twb im running belkin proprietary software
<uvirtbot> New bug: #605721 in tgt (universe) "tgtd target will not start unless it's configured with "allow-in-use yes"" [Medium,Triaged] https://launchpad.net/bugs/605721
<larsemil> anyone used a dell powervault 660f?
<twb> larsemil: what's the real question?
<larsemil> twb: i might get one for cheap. so i am looking for opinions on it.
<larsemil> so i rephrase: does anyone have any pros/cons on a powervault 660f? i want to know allt your experiences when coming to it
<twb> hardware is hardawre
<larsemil> and there is good and bad hardware. :)
<twb> As long as there are drivers in the default kernel, I don't care about it
<uvirtbot> New bug: #607646 in php5 (main) "Segmentation fault in PHP5 with pgsql module" [Undecided,New] https://launchpad.net/bugs/607646
<silentwhisper> hi
<silentwhisper> my server is always access denied
<silentwhisper> anyone can help me
<silentwhisper> please
<Jeeves_> silentwhisper: ssst!
<Jeeves_> </bad joke>
<Jeeves_> silentwhisper: Define 'my server'. Which service on the server gives access denied?
<Jeeves_> http/smtp/ssh?
<silentwhisper> http
<Jeeves_> as which user is your webserver running?
<silentwhisper> all of my files are root:root
<silentwhisper> how to determine that?
<silentwhisper> more info
<silentwhisper> my server ip is 192.168.254.10
<twb> ss -ap | grep http
<silentwhisper> router ip 192.168.254.254
<Jeeves_> silentwhisper: can you pastebin an 'ls -al' from the directory you're trying to see?
<silentwhisper> thanks
<silentwhisper> "/var/www"
<silentwhisper> i tried chmod 644 and 755 as well but no luck
<Jeeves_> 12:03 < Jeeves_> silentwhisper: can you pastebin an 'ls -al' from the directory you're trying to see?
<Jeeves_> !pastebin?
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<Jeeves_> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Jeeves_> Just go into /var/www and type 'ls -al'
<Jeeves_> copy/paste all the output into the pastebin
<silentwhisper> what is pastebin
<silentwhisper> is it notepad?
<twb> silentwhisper: plonk
<Jeeves_> silentwhisper: Did you see the message from ubottu ?
<silentwhisper> please bear with be im totally noob
<Jeeves_> silentwhisper: even more important to read everything that comes along
<Jeeves_> I asked ubottu to tell you about pastbin
<Jeeves_> Read those lines, read my lines, copy/paste! :)
<silentwhisper> ah let me check on it its my first time to join here
<Jeeves_> That's ok :)
<Jeeves_> I'm not in a hurry :)
<silentwhisper> are you always here?
<Jeeves_> Yes, just about.
<Jeeves_> I have no life
<Jeeves_> (and no customers ;))
<silentwhisper> i really need alot of help im just starting to learn ubuntu
<Jeeves_> My hourly rate is 75 euro's
<Jeeves_> (That's a joke, obviously ;))
<\sh> Jeeves_: that's cheap ;)
<Jeeves_> \sh: I know. I'm just starting. So I can use every Unique Selling Point :P
<Jeeves_> \sh: So, are you hiring? :P
<larsemil> Jeeves_: what would i hire you for?
<Jeeves_> Ah, you're too far away. In a country where I never want to be in. :)
<twb> .us?
<Jeeves_> twb: Correct :)
<Jeeves_> larsemil: Clue on Ubuntu, Internet, stuff
<twb> maybe after china buys them out
<Jeeves_> twb: They allready did. .Us just doesn't know yet :)
<larsemil> Jeeves_: i do the same. starting for real during autumn.
<\sh> Jeeves_: sysadmin? fai experience? puppet experience? not windows hating? not closed source hating? datacenter experience? if so, send a CV to me...working country will be germany then :)
<Jeeves_> larsemil: Cool.
<Jeeves_> \sh: I'm pretty close to the german border. But germany is kinda big :)
<\sh> Jeeves_: karlsruhe, baden-wuertemberg :)
<binBASH> :)
<twb> I don't hate windows -- just so long as I don't have to use or support it ;-P
 * binBASH will be in KA tomorrow ;)
<Jeeves_> \sh: Hmm. That's a four hour drive.
<Jeeves_> My wife won't like that :P
 * Jeeves_ agrees with twb :)
<\sh> Jeeves_: you can rent nice houses here :) or buy one :)
<larsemil> i would move for a decent job
<\sh> binBASH: where? 1&1 ;)
<Jeeves_> Although, I must say. I've got no issues with Windows 7 yet.
<twb> Here we basically give the windows bits to our interns, because they're the ones who have used windows most recently
<binBASH> \sh: A5 :D
<binBASH> I will drive from Zurich to Ludwigshafen
<Jeeves_> \sh: Have you ever heard the language you guys are speaking? It's very difficult for the dutch to accept that they speak that on a daily base :)
<binBASH> through Karlsruhe :D
<Jeeves_> binBASH: You're in zurich?
<binBASH> Jeeves_: Yup
<binBASH> I worked in Ettlingen before :D
<Jeeves_> I was in .ch two weeks ago. In Steffisburg.
<Jeeves_> I've been to Zurich last year. Someone I know works at Google there.
<\sh> Jeeves_: english :)
<Jeeves_> \sh: Liar! :)
<binBASH> Jeeves_: Our office is nearby google office ;)
<silentwhisper> i hope i could have an IT job
<\sh> Jeeves_: no...we are speaking english then...
<twb> In .ch do you have to carry a US-104 keyboard with you everywhere just so you don't go insane trying to hack on servers with insane localized keyboards?
<Jeeves_> \sh: http://bit.ly/bLTf2s
<Jeeves_> \sh: Yes, but if you leave the office?
<RudyValencia> man I'm trying to find a better job
<binBASH> twb: Well, I brought my German Keyboard to Zurich when I moved there :D
<\sh> Jeeves_: also english...at least me :) I'm speaking mostly in english even with my wife :)
<\sh> Jeeves_: but yes, you would have to relocate ;)
<twb> English is the lingua franca, man
<binBASH> Anyways, I'm typing blind. Don't need it really
<twb> I bet even somali slave traders speak english
<silentwhisper> ah ubuntu pastebin got it sir
<Jeeves_> Btw: Haven't done anything with puppet yet
<Jeeves_> silentwhisper: Good, link?
<twb> binBASH: yeah, but double-bucky-cokebottle to enter a left brace is aggravating
<Jeeves_> I have used cfengine, though
<binBASH> twb, I switched server console to German layout. :)
<twb> Jeeves_: puppet is basically cfengine with different annoyances
<binBASH> I'm the only one doing system admin onsite.
<Jeeves_> twb: More or less annoyances? :)
<twb> I haven't used cfengine enough to say
<binBASH> I tried puppet for config management. But I switched now to kokki. It's chef like tool but you can code in python ;)
<twb> but forcing me to install ruby is annoying, and they always want me to deploy the latest alpha snapshot of puppet
<binBASH> don't want to learn ruby really
<twb> And puppet's wire protocol lacks ANY kind of version negotiation
<twb> binBASH: yeah, well, puppet "helpfully" uses a DSL
<binBASH> twb: Most people I know use chef or fabric to manage their servers
<Jeeves_> Ok, so cfengine is the way to go than :P
<binBASH> I don't know someone who uses puppet actually
<twb> chef is just a minor NIH of puppet
<twb> (AFAICT)
<twb> You still have to use ruby on the nodes, at least
<binBASH> yup
<binBASH> that's why I'm using kokki. ;)
<binBASH> python is already installed on the nodes.....
<larsemil> do i need any special hardware to connect to a fibre channel san or does it use ethernet?
<twb> Well, I suppose yaml is at least well-defined
<twb> (I hadn't heard of kokki before.)
<binBASH> twb: Yeah, I found it when I googled for python config management tools ;)
<silentwhisper> too bad my internet connection is very slow
<silentwhisper> tried paste
<silentwhisper> then i will give the link
<silentwhisper> correct?
<binBASH> twb: http://github.com/samuel/kokki-cookbooks
<binBASH> some example recipes ;)
<binBASH> silentwhisper: yup
<twb> Well, bugger.
<twb> Password resetting works with 8.04 desktops, but not 10.04 desktops.
<twb> (Using LDAP with the ppolicy overlay.)
<twb> ldap.conf is the same on both...
<silentwhisper> sample
<silentwhisper> http://paste.ubuntu.com/466407/
<silentwhisper> is it correct?
<remix_tj> yes
<twb> OK, the problem is something to do with pam_unix being first and pam_ldap being second in lucid
<Jeeves_> That's stupid
<twb> Yes
<twb> Yes it is.
<Jeeves_> (as are more things in Lucid)
<twb> Clarification: I'm using libpam-ldap and libnss-ldap, with OpenLDAP on both ends, using the ppolicy overlay
<Jeeves_> Oh wait. Did I say that out loud? L:)
<ewook> Jeeves_: no, not really :p
<twb> I should also note for the record that nis.schema is JUST SO WRONG, and libpam_ldap's internals are pretty ugly (if reasonably clear).
<Jeeves_> Imho, Hardy is still the best Ubuntu around.
<Jeeves_> It's just too old
<twb> Hey, waitaminute...
<twb> Why isn't slapd enforcing non-crap passwords?
<Jeeves_> And, IMHO, Canonical focusses on the Cloud far too much
<twb> It's doing so on the hardy desktops...
<Jeeves_> Does anyone know if openstreetmaps.org has an Google-maps-like API for pointing out where people are?
<twb> I wonder if that bullshit where ubuntu moved the ldap configuration INSIDE THE LDAP DATABASE is causing this issue.
 * twb digs out a recent serverguide
<binBASH> I'll go a bit swimming, got holidays, cya around ;)
<Jeeves_> binBASH: See ya
<Wampyre> Hello. How can I test communication between my server and a GSM modem connected to ttyS0?
<Jeeves_> Wampyre: apt-get install minicom
<Wampyre> Thanks Jeeves_, done.  Now googling for usage :)
<Jeeves_> :)
<ajdkfla> how do I reinstall in apt
<ajdkfla> apt-get
<ajdkfla> reinstall a package
<ajdkfla> I installed lvm2 and my wifi cutout in the middle of the install
<ajdkfla> and I wasn't using screen!
<Roxyhart0> hi there, somebody know what is the protocol 17 and 6?
<joschi> ajdkfla: apt-get install --reinstall [...]
<joschi> ajdkfla: or in your case probably just `apt-get install -f`
<pmatulis> Roxyhart0: udp and tcp respectively
<ajdkfla> ajdkfla: apt-get install --reinstall <package> ?
<Jeeves_> Speaking of cfengine and puppet
<Jeeves_> http://www.cfengine.org/cftimes/articles/0000000040.html
<ajdkfla> sorry freaking out lvm2 seems to have screewed my network
<joschi> Roxyhart0: also taking a look into /etc/protocols might help ;)
<Roxyhart0> thanks
<pmatulis> Roxyhart0: next time, 'grep 17 /etc/protocols'  and so on
<Roxyhart0> Hi there, im looking for a tool to block P2P, somebody have any recomendation? id see 17 filter and ipp2p but not sure which is good or if there is another  even better
<pmatulis> Roxyhart0: use netfilter/iptables (linux built-in firewall) - use ufw to configure
<Roxyhart0> yes, both tools also use iptables...im looking for some doc how to do just with iptables
<sabgenton> is there a way to share a file quickly with out using samba?
<sabgenton> ssh?
<sabgenton> I want to  share an Iso over the network and mount on  another machine
<Roxyhart0> scp?
<Roxyhart0> to share or just copy?
<sabgenton> Roxyhart0: can I mount somehow?
<sabgenton> share
<joschi> sabgenton: if the other machine has a FUSE implementation, you could use sshfs
<sabgenton> ones karmic ones lucid
<sabgenton> sudo apt-get install sshfs
<sabgenton> ?
<joschi> sabgenton: yes
<sabgenton> quick howto?
<sabgenton> mount
<pmatulis> sabgenton: http://tinyurl.com/3yen5w4
<joschi> sabgenton: http://wiki.ubuntuusers.de/FUSE/sshfs
<joschi> *sigh* no initiative from anyone these days...
<joschi> sabgenton: meh, sorry. it's german
<joschi> meant to post https://help.ubuntu.com/community/SSHFS
<sabgenton> thanks
<Roxyhart0> other question...any good proxy server?
<joschi> Roxyhart0: for which protocol?
<Roxyhart0> most important p2p, irc, ssh, htmp
<Roxyhart0> html
<joschi> Roxyhart0: so you're looking for a SOCKS proxy
<joschi> take a look at dante
<Roxyhart0> thanks joschi
<joschi> how can I tell d-i or more precisely partman that I want to have the remaining free space of a hard drive (after the partitions have been created) in a LVM volume group?
<joschi> e.g. create a partition with 10G in the volume group and have the rest unassigned to any LV, but assigned to the volume group
<DrPoO> I want to check on which device a particular directory is mounted to... how can I do this?
<ehazlett> greetings all... i'm trying to set quota's on an NFS mounted dir -- is that possible?
<uvirtbot> New bug: #607648 in freeradius (main) "package freeradius-mysql (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Invalid] https://launchpad.net/bugs/607648
<cemc> hi. I have a 10.04 LTSP install. I want my thin clients to run only chrome at boot, with autologin, no other stuff (no panels, no possibility to run other stuff), is it doable? any howto on it (especially the autologin+bare minimum part) ?
<silentwhisper> where is the link for pasting image?
<uvirtbot> New bug: #607835 in drbd8 (main) "New Upstream Release DRBD 8.3.8.1" [Medium,In progress] https://launchpad.net/bugs/607835
<goldins> is there a way I can mirror a filesystem on two servers over the network?
<jpds> goldins: DRDB?
<NarbeH> i got No route to host when i want to send mail. (Postfix -  Mail agent: squirrelmail)
<jpds> goldins: http://www.drbd.org/ â
<goldins> hmm
<goldins> thanks
<NarbeH> i got No route to host when i want to send mail. (Postfix -  Mail agent: squirrelmail)
<NarbeH> anyone please?
<Mithos> any reason when I do this: iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
<Mithos> i get this: iptables: No chain/target/match by that name
<Mithos> on an Ubuntu server image btw
<Mithos> er server*
<NarbeH> anyone please help me in postfix
<Mithos> where can the kernel's config files be on the drive?
<pmatulis> Mithos: in the /boot directory
<Mithos> ah its hiding xD
<Mithos> er...
<Mithos> or its hiding elsewhere...
<pmatulis> Mithos: hiding?
 * Mithos kicks his system
<matt_keys> I have a fresh install of server 10.04 amd64. on install i only selected vm host and ssh. virt-manager, virt-viewer, xterm, ubuntu-vm-builder are custom additions. i changed networking to bridge eth0 and set the template to use br0 by default. when attempting to create a vm I get the following error: http://pastebin.com/27vxhNHr
<matt_keys> anybody ever seen that one?
<EvilTrek> pmatulis:  yeah its hiding somewhere, but its not in /boot
<EvilTrek> pmatulis:  perhaps because its a VPS?
<EvilTrek> o.o
<jpds> EvilTrek: Xen?
<EvilTrek> jpds:  no openvz
<pmatulis> matt_keys: how did you create the vm?
<EvilTrek> jpds:  the datacenter the VPS is at didnt have zen
<EvilTrek> er xen*
<jpds> EvilTrek: Isn't the kernel managed by the host with that?
<EvilTrek> jpds:  indeed i'm trying to ping the host now xP
<matt_keys> Unable to complete install '<class 'libvirt.libvirtError'> operation failed: failed to retrieve chardev info in qemu with 'info chardev'
<pmatulis> matt_keys: how did you create the vm?
<matt_keys> pmatulis: through the gui
<matt_keys> pmatulis: it's a win08 x64, 4gb ram, 40gb disk. i selected windows, windows 2008 from the type drop-down
<matt_keys> does it if i allocate all at once or uncheck for thin provisioning
<NarbeH> i got No route to host when i want to send mail. (Postfix -  Mail agent: squirrelmail)
<pmatulis> matt_keys: is your host 64 bit?
<matt_keys> pmatulis: yes
<matt_keys> Linux libvirt01 2.6.32-23-server #37-Ubuntu SMP Fri Jun 11 09:11:11 UTC 2010 x86_64 GNU/Linux
<pmatulis> matt_keys: do other guests install ok?
<matt_keys> pmatulis: haven't tried any others yet, this was the first one :(
<pmatulis> matt_keys: please try
<matt_keys> will do, brb.
<matt_keys> just checked and the disk was created both times in /var/lib/libvirt/images, just didn't go past that
<matt_keys> pmatulis: creating a ubuntu 10.04 i386 server vm, 20gb disk, 512mb ram
<matt_keys> pmatulis: btw these are on dell poweredge 1855 blades, so I have 9 more if I need to test... they're all identical setups
<matt_keys> pmatulis: ubuntu vm seems to have installed/started ok
<matt_keys> digging for another win32 iso
<matt_keys> win7 64 would be a good test, right?
<pmatulis> matt_keys: it's another test, yes
<matt_keys> win7 64bit started as well
<matt_keys> something specific with server 2008 64bit?
<pmatulis> matt_keys: some drivers may need to be digitally signed
<matt_keys> pmatulis: never makes it that far... it goes to create the domain and crashes there before the vm has a chance to start. win7 64bit just gave me the BSOD
<pmatulis> matt_keys: dunno
<matt_keys> BSOD error msg was "STOP: 0x0000001E (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)"
<matt_keys> pmatulis: filed a bug report here: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/607884
<uvirtbot> Launchpad bug 607884 in libvirt "10.04 amd64 libvirt+qemu fails to install Win Server 08 x64 or Win7 x64" [Undecided,New]
<matt_keys> thanks for your help
<pmatulis> matt_keys: you're welcome
<talcite> hey guys, the UUID in the kernel bootline should match the UUID of the root partition correct?
<Jordan_U> talcite: Yes.
<talcite> Jordan_U: is there any reason why a UUID of a softraid array would change suddenly?
<Jordan_U> talcite: Not that I know of, but I don't do much with RAID.
<talcite> Jordan_U: hmm that's ok. Thanks. I'll just change it manually to match. It's really weird that it happened though
<Jordan_U> talcite: update-grub should update your grub.cfg to match the new value.
<talcite> Jordan_U: hmm, I'm stuck in an initramfs shell. I don't think I have access to /boot actually
<talcite> or is it just not automatically mounted?
<talcite> Was grub's menu.lst removed in 10.04? I'd like to verify that the kernel options on boot are using the correct UUID
<qman__> talcite, 10.04 uses grub2 by default, which does not have a menu.lst
<Italian_Plumber> wasn't that first considered a "bug" tha'ts going to be "fixed" in 10.04.1?
<qman__> what, exactly?
<qman__> grub2's configuration structure is completely different from the old grub
<Italian_Plumber> maybe I'm remembering something wrong
<qman__> the bits you're supposed to change have moved to /etc
<pmatulis> talcite: cat /proc/cmdline
<webPragmatist> do i have to do anything after I add a file to /etc/logrotate.d
<talcite> Hmm ok I see. I've found the /etc/ bits now.
<talcite> It's still weird though. cat /proc/cmdline gives a different UUID than from the UUID of my root partition
<Jordan_U> talcite: If you boot holding shift you can get the grub menu and temporarily change the menu entry to boot, then "sudo update-grub" should fix things permanently.
<talcite> well, I should clarify, /proc/cmdline gives a different UUID from the one that mdadm -D /dev/md0 reports
<talcite> hmm
<talcite> are they supposed to be different ones?
<talcite> Jordan_U: yup, I ran the update-grub command, but it didn't seem to change anything. The UUIDs reported by /proc/cmdline and mdadm are still different
<Jordan_U> talcite: cat /proc/cmdline prints the kernel parameters that were passed to the kernel when you booted.
<talcite> ah, so I'll need to reboot
<Jordan_U> talcite: To check the UUID that grub will pass next boot look in /boot/grub/grub.cfg
<talcite> ah. Thanks. I've never used grub2 before
<Jordan_U> luis_lopez: You're welcome.
<pittstains> anyone know how to update the output of the df command?  i deleted some large files but i'm getting the same output
<pittstains> gaaaaaaaaaaaaah
<pittstains> too late
<pittstains> giving me output for every directory
<pittstains> can't stop it with control C
<pittstains> wrong window... sorry!  still would like help with the df question though
<qman__> df generates fresh output each time you run it
<qman__> if the information is wrong, it's more likely that your filesystem is reporting incorrect information, or that you didn't actually delete said files
<qman__> were they hard-linked elsewhere?
<pittstains> qman: thanks
<pittstains> i don't believe they were hard linked anywhere else
<pittstains> they were apache log files
<qman__> yeah, then probably not
<qman__> but they should also not be that big
<pittstains> it was 10GB -- my predecessor put them in a non-standard location, so logrotate never touched them
<pittstains> qman__: i just used the rm command... i know that doesn't delete them in a non-recoverable way, but shouldn't it free up the space?
<qman__> generally, it does delete them in a non-recoverable way
<qman__> unless you have an undelete system configured
<pittstains> no undelete system configured... i mean unrecoverable in the way the shred makes files unrecoverable
<pittstains> *in the way that shred
<qman__> rm simply unlinks them
<qman__> which leaves the data free to be overwritten
<qman__> unless it's linked elsewhere
<qman__> it would show up as free space
<qman__> if it really is a filesystem inconsistency, fsck will fix it
<pittstains> good suggestion... thanks
<LowValueTarget> mysql wont start on my 10.04 box
<LowValueTarget> any ideas
<binBASH> check error log in /var/log/mysql/
<LowValueTarget> binBASH: nothin in there
<binBASH> check diskspace
<binBASH> it should contain something if you start mysql ;)
<LowValueTarget> noting in any log
<binBASH> again check diskspace if logs are empty
<yabbo> ok im trying to install ubuntu server on a dell power edge 6450 but when i try the server CD it says it cant install the kernel modules for the architecture
<yabbo> its a quad P4 700 mhz system so it should install
<yabbo> or do i need to go out and download server 7.10 or something
<FunnyLookinHat> Is there any way to save the response of a request i issue via TELNET to a file?  I.e. I want to try to send a custom request to a server with HTTP and save the response file
<jpds> yabbo: 7.10 is dead.
<yabbo> i know but 10.04 wont install
<jpds> Well, noone's going to help on using an unsupported release. ;-)
<yabbo> do > file.txt at the end of the command and it will log it to the file
<yabbo> well then can you help me get 10.04 working lol
<LowValueTarget> it was apparmor if anyone cares
<jpds> yabbo: dmesg | tail in a pastebin would be useful to.
<pittstains> qman__: so, i ran fsck -ns /dev/foo (still mounted), and i get a list of errors... wondering if there's a way to fix this that is safe, easy, and reliable...
<pittstains> if i reboot later, will it just run the check on boot and do the right thing?
#ubuntu-server 2010-07-21
<pittstains> not sure how else i'd unmount it because it's a remote server and the OS (/, /boot, everything) lives there
<Jordan_U> pittstains: You should *never* run fsck on a mounted extn filesystem.
<pittstains> i thought it was safe with the -ns flags
<pittstains> read-only mode
<pittstains> am i wrong about that?
<Jordan_U> No, that's correct.
<pittstains> Jordan_U: whew! so any idea about the proper way to repair it, given my circumstances?
<Jordan_U> pittstains: I think that even though it's safe, running fsck on a mounted system isn't meaningfull as a mounted FS looks like a broken one (the journal looks like it needs to be replayed, parts of the FS read earlier are inconsistent with parts read later if something changed)
<Jordan_U> pittstains: So you can "sudo touch /forcefsck" to cause an fsck to be run at next boot, but don't be too worried about errors from fsck on a mounted fs.
<pittstains> Jordan_U: thanks for that info.  i generally don't work too close to the filesystem, so that's helpful info.  however, i think i actually do have a problem: i deleted a large file and dh gives me the same output.
<pittstains> also, the file deleted instantly.... usually there's a little lag for big files
<pittstains> Jordan_U: will the forcefsck file be deleted after the next boot?  also, which log should I check to see the results of the check?
<Jordan_U> pittstains: Do any applications still have the file open?
<pittstains> good question... it was a log file being written to by Apache (it had grown to 10GB)
<Jordan_U> (you can check that by running "sudo fuser /path/where/the/file/was".
<pittstains> doesn't show up under ls any more.... running fuser now...
<Jordan_U> pittstains: In unix files aren't truly deleted untill no references to them exist, that includes hard links and open file handles.
<pittstains> fuser says no such file or directory... if i restart apache that should close any handles though
<Jordan_U> pittstains: Try "sudo lsof | grep /path/to/file" instead.
<pittstains> lsof not found?
<Jordan_U> That's surprising, are you sure you spelled it correctly?
<pittstains> LSOF, right?
<fallous> should be in /usr/bin/
<pittstains> oh, i forgot this is a debian box and not ubuntu -- should be the same though, right?
<Jordan_U> pittstains: sudo apt-get install lsof, and let's continue this in #debian since it's off topic here.
<pittstains> thanks, jordan
<yabbo> looks like ubuntu doesnt support this system
<yabbo> that sucks
<yabbo> too old of a dell
<yabbo> exit
<pittstains> for anyone who was following my convo with Jordan_U, the reason the file didn't delete is that Apache was still using it.  restarting Apache freed up the file to be deleted, and df now reports as expected.
<DukeOfMilan> I'm trying to Kickstart a server but getting "bad archive mirror" w/ us.ubuntu.com/ubuntu, any ideas?
<jpds> DukeOfMilan: It's us.archive.ubuntu.com
<jpds> DukeOfMilan: Which are part of the US is the server physical based?
<DukeOfMilan> Right, sorry--typed it wrong.  This is what I'm using: http://us.archive.ubuntu.com/ubuntu
<DukeOfMilan> SF Bay area
<jpds> That should work.
<DukeOfMilan> Here's the line from ks.cfg:
<DukeOfMilan> url --url http://us.archive.ubuntu.com/ubuntu
<jpds> DukeOfMilan: You might want to use http://mirrors.us.kernel.org/ubuntu/ instead however - as that's based in California.
<DukeOfMilan> Hmm, I'll try that, thanks.
<DukeOfMilan> Can I just use it like that in the ks.cfg, or do I need to add: dists/lucid or anything more specific?
<jpds> I'm looking for Kickstart documentation on it just to be sure.
<DukeOfMilan> It didn't like the url I was using, and it takes like 15min to get to the part of the install where it fails.
<DukeOfMilan> I'm using "The Official ubuntu Server Book" as a guide, btw.
<jpds> DukeOfMilan: As far as I can see, that line should be fine.
<DukeOfMilan> I'm trying: url --url http://mirrors.us.kernel.org/ubuntu
<DukeOfMilan> I'll know in about 15min if it worked. :)
<jpds> DukeOfMilan: http://ubuntuforums.org/showthread.php?t=880829 describes what it's trying to do internally.
<DukeOfMilan> jpds: same error message I'm getting, maybe same issue.
<ruben23> hi guys when i install ubuntu-server using a sas HDD do i need to laod drivers during the install or no need..?
<qman__> ruben23, if it works, then no
<qman__> "installing drivers" is basically a thing of the past
<ruben23> ok
<qman__> either it's in the kernel or it isn't, as long as you run the latest updates
<qman__> and if it isn't in the kernel, but does exist, you'd have to compile it yourself anyway, quite the task
<silentwhisper> sir jeeves
<ruben23> hi si rt-kernel used by ubuntu-server studio..?
<silentwhisper> my server is access denied
<silentwhisper> pls help how to troubleshoot
<silentwhisper> anyone pls help
<qman__> !details | silentwhisper
<ubottu> silentwhisper: Please give us full details. For example: "I have a problem with ..., I'm running Ubuntu version .... When I try to do ..., I get the following output: ..., but I expected it to do ..."
<silentwhisper> when i try to browse http://bits.ath.cx
<silentwhisper> access denied appears on the screen
<silentwhisper> within the network ok
<silentwhisper> but outside the network access denied appear
<ruben23> any used rt kernel on ubutu-server..?
<silentwhisper> it been a week i keep receiving this error
<silentwhisper> i was able to make right less than a week
<silentwhisper> untill access denied appears
<qman__> silentwhisper, what software are you using? what do you expect to see? what authentication mechanism is in use?
<silentwhisper> im using ubuntu 10.04 deskstop and installed apache2
<silentwhisper> at local host is says "it works"
<silentwhisper> but in the internet error
<qman__> silentwhisper, that access denied page is not an apache access denide page
<qman__> first make sure that URL is pointing to your server, and that ports are forwarded
<silentwhisper> http://paste.ubuntu.com/466724/
<silentwhisper> yes sir im using dyndns
<silentwhisper> and my port 80 is forwarded
<silentwhisper> im using ddclient to update my ip regularly
<silentwhisper> this http service is intermittent
<qman__> silentwhisper, it is a DNS issue
<qman__> accessing your IP works
<qman__> http://120.28.128.42/
<qman__> it isn't pointing to your IP
<qman__> ;; ANSWER SECTION:
<qman__> bits.ath.cx.		60	IN	A	222.127.223.69
<silentwhisper> what seems to be the problem sir?
<qman__> bits.ath.cx does not point to you
<silentwhisper> how can i fix it?
<qman__> so it's either the wrong URL, or your dyndns is configured wrong, or you have a dynamic IP and it's not updating
<qman__> any number of reasons
<silentwhisper> for sure i have dynamic ip
<qman__> you need to have a script or service to update the IP information with dyndns
<silentwhisper> because my service provide is for home user only
<silentwhisper> how can i do that?
<qman__> I don't know how to do it with dyndns.org, I use afraid.org myself
<qman__> but there should be instructions at dyndns.org
<silentwhisper> i'll check on it also
<silentwhisper> thanks qman
<silentwhisper> i'll try it
<silentwhisper> how did you found out my hosts is not redirected correctly to my ip
<qman__> the error page that was showing is not an apache error page, it's some other software
<qman__> so then I compared the results of `dig bits.ath.cx` to the IP you are chatting from
<qman__> and they are different
<qman__> I then tested browsing to your IP, which worked
<silentwhisper> wow
<silentwhisper> thanks
<silentwhisper> you can get my ip while were chatting?
<qman__> yes
<qman__> freenode does not obfuscate them
<qman__>  /whois me, and you'll se mine
<cjs> How do I detach a logical volume (i.e., make it disappear from /dev/mapper)?
<cjs> Ah, vgchange -a n <name>.
<silentwhisper> i type /whois qman but no output
<qman__>  /whois qman__
<silentwhisper> "/whois qman"
<qman__> and it may not show up on this screen depending on your chat client
<qman__> xchat shows it in the 'server' tab
<silentwhisper> it does not show up
<qman__> ah, you are using xchat
<qman__> in that case, you can also right click on my name, and hover it
<qman__> and it will show you
<silentwhisper> real name,user,country
<qman__> yes
<qman__> under user, it shows you my IP, though my ISP has reverse DNS so it shows you the name
<silentwhisper> reverse dns
<silentwhisper> ah
<Moltar> Hi.  I'm having a problem with a GPT formatted boot volume, my server gets a 'boot failure' after the installer has completed installing into the GPT partitions.  I'm using 10.04 server.  Could anyone suggest a fix or a way to troubleshoot this?
<tcw> Does the latest ubuntu server edition do some kind of automatic NIC teaming in a default installation?
<silentwhisper> help pls
<silentwhisper> i have dynamic ip
<silentwhisper> which is the best dns to use and easy to configure
<twb> Any of the ones your PPP/PPPoE/PPPoA client can auto-update
<twb> Since you're probably doing PPPoA on an appliance modem/router with its default proprietary firmware, that set may well be the empty set.
<silentwhisper> which is easier to use dydns,no ip,afraid etc
<silentwhisper> and which client is easier to configure
<silentwhisper> i have a dynamic ip
<twb> Most clients support a large number of providers.
<silentwhisper> which client is easier to configure for different dns
<twb> I can't comment on that.
<silentwhisper> when you are setting a server using dynamic ip what client you usually use?
<twb> I don't.  I have a class C.
<tcw> years ago no-ip was pretty easy to use
<tcw> havnt used it in 5+ years though
<tcw> assume its only gotten easier
<twb> What they all boil down to is a post-ACK hook that issues an HTTP POST with the appropriate username, password and IP fields.
<tcw> how can i get a list of network interfaces in a machine (interfaces that currently are not brought up) i.e: i have added a secondary PCI NIC but I am unsure if it is classified by the system as eth1 or something else
<twb> tcw: ip link show
<Hilikus> hey guys
<Hilikus> i have a backup system set up using passwordless ssh login. for some reason, if the user disconnect unexpectedly (their internet died) my system only realises the user disconnected after like 2-3 hours
<Hilikus> any idea why is that?
<Hilikus> is it rsyncd or is it sshd or what?
<twb> Because you aren't using -oBatchMode=yes ?
<Hilikus> where??
<twb> In your .ssh/config or on the command line.
<Hilikus> in the client's ssh client??
<twb> In whatever is invoking SSH
<Hilikus> and this is a switch in ssh? i'll look it up
<Hilikus> sounds about right, but i still don't understand what it does
<Hilikus> whats password querying??
<Hilikus> i just want to make sure i'm not making my system more vulnerable my setting this to yes
<silentwhisper> hi to all
<silentwhisper> i learned setting webserver using apache
<silentwhisper> what service i must learn next
<silentwhisper> im studying on my own please guide mo
<silentwhisper> guide me
<silentwhisper> pls
<Hilikus> silentwhisper: ssh? it depends what you're interested in?
<Hilikus> samba?
<larsemil> silentwhisper: what do you want to do?
<larsemil> silentwhisper: you have php support? mysql? that would be something
<kblin> hi folks
<kblin> it looks like myu ipv6-only system only tries to look up A records for hostnames instead of AAAA records. is there a setting I need to pass to the resolver to make it look for IPv6 records as well?
<kblin> ah, nvm, pebkac. I keep forgetting to use ping6
<twb> Does lucid's slapd have that weird thing I heard about, where the config is stored *in* the database?
<joschi> twb: yes
<joschi> twb: but it's not specific to lucid
<twb> Where can I read about that?
<joschi> twb: it's the new, "better" way of configuration propagated by the openldap people
<twb> "sudo -ux getent passwd x" fails, but "getent passwd x" works, which indicates there's a missing access parameter -- but on my 8.04 system BOTH work, and it has an identical slapd.conf
<joschi> twb: unfortunately, it's still incomplete, e.g. it's not possible to configure the meta-backend through the cn=config interface
<twb> joschi: well, I remember the #openldap people griping about Ubuntu adopting it before it was really ready
<joschi> twb: http://www.openldap.org/doc/admin24/slapdconf2.html
<joschi> twb: "Unlike previous OpenLDAP releases, the slapd(8) runtime configuration in 2.3 (and later) is fully LDAP-enabled and can be managed using the standard LDAP operations with data in LDIF."
<twb> Does that mean that slapd.conf is not changed at all -- it's simply EXPOSED via the LDAP API?
<joschi> twb: no. either you use the traditional slapd.conf, then it's just a read-only version in cn-config
<joschi> twb: or you exclusively use cn=config and have no slapd.conf at all
<joschi> twb: the data is then stored in /etc/ldap/slapd.d/...
<joschi> twb: on the plus side, you can change slapd's configuration on the fly without a restart/reload using cn=config
<twb> Hm.  I have a new lucid install (i.e. not upgraded), and it has a slapd.conf.  How did it get there, if Ubuntu doesn't use it by default?
<joschi> twb: see /etc/default/slapd
 * twb looks
<twb> SLAPD_CONF= (i.e. the empty string) in there, which means "use slapd.conf" according to the comments.
<joschi> twb: do you have a different ubuntu lucid than me? mine says: "If empty, use the compiled-in default (/etc/ldap/slapd.d)."
<twb> Oh oh oh oh oh
<twb> I'm very very very very stupid
<twb> I forgot that the DESKTOPS are migrating 10.04, but the server is still hardy
<twb> Sorry for wasting your time
<silentwhisper> next i want to try i mail server
<silentwhisper> can you guide me
<twb> The problem must be elsewhere
<silentwhisper> pls
<Jeeves_> silentwhisper: Try the Ubuntu Server Guide
<Jeeves_> Morning, all
<silentwhisper> hi good am to you too
<silentwhisper> here in our country, its 2 in the afternoon
<ader10> My question is here: http://ubuntuforums.org/showthread.php?t=1535426 Please help if you can
<zul> ivoks: around?
<ader10> somebody answered my question
<silentwhisper> need guide how to set up a typical mailserver
<silentwhisper>            help
<larsemil> silentwhisper: have you looked at the server guide?
<larsemil> http://doc.ubuntu.com/ubuntu/serverguide/C/email-services.html
<TeTeT> smoser: do you maintain the euca2ools for Karmic? there is a question in the answer tracker that looks like a bug to me: https://answers.launchpad.net/ubuntu/+source/eucalyptus/+question/118429
<uvirtbot> New bug: #608154 in mysql-dfsg-5.1 (main) "MySQL bug(s) crash akonadiserver" [Undecided,New] https://launchpad.net/bugs/608154
<smoser> TeTeT, i will look later
<andol> joschi: Just curious, you don't happen to be the same joschi the one on serverfault?
<joschi> andol: I am
<andol> joschi: Ok, was mostly curious, having seen the same nick both there and here.
<uvirtbot> New bug: #608177 in squid (main) "squid crashed with SIGFPE in main()" [Undecided,New] https://launchpad.net/bugs/608177
<uvirtbot> New bug: #608182 in nut (main) "problems with ups (mge pulsar es 8+)" [Undecided,New] https://launchpad.net/bugs/608182
<uvirtbot> New bug: #608189 in samba (main) "package smbclient 2:3.4.7~dfsg-1ubuntu3 failed to install/upgrade: ile tar rovinato - l'archivio del pacchetto Ã¨ danneggiato" [Undecided,New] https://launchpad.net/bugs/608189
<kaushal> hi
<kaushal> is there a way to know the controller card details on ubuntu server 8.04 ?
<pmatulis> kaushal: start with 'lspci -vvnn'
<kirkland> SpamapS: https://blueprints.edge.launchpad.net/ubuntu/+spec/server-maverick-uec-monitoring
<_chris_> can i somehow tail the activity of a port ?
<SpamapS> _chris_: sure, you can use tcpdump to sniff the traffic, or you could log using iptables
<pmatulis> shouldn't 'mount -a' mount nfs shares?
<SpamapS> pmatulis: unless it has a 'noauto' option
<kirkland> ccheney: please push to lp:~uec-provisioning/uec-provisioning/trunk
<pmatulis> SpamapS: thanks
<_chris_> SpamapS, thx thats what i was looking for :)
<andreserl> ttx, howdy!! Can you take care of bug #607835 when you have the time please?
<uvirtbot> Launchpad bug 607835 in drbd8 "New Upstream Release DRBD 8.3.8.1" [Wishlist,Confirmed] https://launchpad.net/bugs/607835
<ttx> andreserl: please subscribe me to it, will do in my next sponsoring spree if nobody beats me to it
<andreserl> ttx, ok thanks :)
<benedikt> where does libvirt/kvm store its disc images by default?
<edwin_> i want to set up a mail server
<edwin_> please guide me
<kim0> edwin_: check this out https://help.ubuntu.com/community/Postfix
<edwin_> thanks kim8
<edwin_> but how can we retrieve the mail
<edwin_> typically what i see is user can retrieve mail through website am i right?
<\sh> edwin_: http://workaround.org/ispmail/lenny <- this is for debian, but works on ubuntu...follow the steps...
<edwin_> postfix is commandline type
<edwin_> not gui type
<edwin_> for user
<kim0> edwin_: you'd need a webmail (which is a separate thing) .. try http://openwebmail.lagmonster.org/  or atmail.com
<kim0> edwin_: or search for zimbra.com .. it's an all in one monster solution .. probably close to what you're looking for
<edwin_> thanks guys for the links
<edwin_> nowadays how is an emailserver setup for user
<edwin_> is it gui type / still shell type/commdline type?
<Wampyre> Hi
<Wampyre> I have a service that is set to start with runlevel 2, but it's not doing so.  Once the computer starts up, I can start the service manually using the same script.  What do I need to check?
<sommer> morning all
<Jeeves_> Hi
<Wampyre> Ola!
<Jeeves_> Wampyre: Is it upstart or plain-old init?
<Wampyre> How can I find out?
<rapha> Hi all, does Ubuntu Server not have PEM installed anymore?
<qbitza> Wampyre, update-rc.d
<Wampyre> The script exists in /etc/rc2.d
<Jeeves_> Wampyre: So it's plain-old init :)
<rapha> (Also there don't seem to be any PEM packages - I'm trying to get vsftpd virtual users working as per ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.2.2/EXAMPLE/VIRTUAL_USERS/README - can somebody help me?)
<Jeeves_> Wampyre: Convert it to upstart
<qbitza> Wampyre, as in sudo update-rc.d <service> defaults
<Jeeves_> that's easy
<qbitza> update-rc.d shouldn't be bothered
<qbitza> It can do either, afaik
<jjohansen> Daviey: Bug #599450
<uvirtbot> Launchpad bug 599450 in linux "[apparmor] getattr handled incorrectly in 2.6.35-6.7" [High,New] https://launchpad.net/bugs/599450
<Wampyre> qbitza, I've done that, while installing the application.  It has created the necessary scripts, but the service is still not starting.
<Wampyre> Jeeves_, how do I convert it to upstart?
<ScottK> Good morning sommer.
<sommer> :-)
<Jeeves_> Wampyre: Read the files in /etc/init
<Jeeves_> There pretty logical
<Jeeves_> upstart is the way to go anyways, so.
<qbitza> Wympyre, I agree with Jeeves, upstart is the way of the future
<qbitza> Wampyre, is this your own script?
<Wampyre> Nope, comes with the software
<Wampyre> I just needed to update the paths in it.
<Jeeves_> Wampyre: Which software
<Wampyre> zabbix
<Wampyre> Apparently it depends on mysql starting before it does.
<uvirtbot> New bug: #608292 in bind9 (main) "Sync bind9 1:9.7.1.dfsg.P2-2 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/608292
<phretor> I had several LocalForward entries in my .ssh/config and I would like to open an ssh connection to the machines in a sort of "background mode" - is this possible?
<Jeeves_> phretor: What do you mean?
<Jeeves_> phretor: You mean that a script can open connections without usernames and passwords?
<phretor> Jeeves_: well, I'd like to put the ssh client in the background so I don't have to open another shell to, say, connect to locally forwarded ports.
<Wampyre> In an upstart script, the start on parameter tells the script what to depend on?
<Jeeves_> Wampyre: Yes
<Jeeves_> You can configure your own events (i believe) and runlevels
<Wampyre> How would I create a dependency upon mysql?
<Jeeves_> That's a good one :)
<Wampyre> so just; start on (mysql) ?
<Jeeves_> that might work, yes
<Jeeves_> Wampyre: I'm trying to find some documentation on that
<Jeeves_> Wampyre: http://upstart.ubuntu.com/getting-started.html
<Jeeves_> In the bottom, it talks about initctl -emit
<Jeeves_> initctl emit
<Jeeves_> Wampyre: Have a look at /etc/init/mountall.conf
<Jeeves_> 'emits' is the configuration keyword
<Jeeves_> So if you change mysql.conf to 'emits mysql', than zabbix will start when mysql is started
<Jeeves_> Upstart is pretty cool, actually.
<Wampyre> Ah! So if I add "emits mysql" to mysql.conf, then I can use "start on (mysql)"
<Jeeves_> Too bad that so many programs aren't fixed to use it yet
<Jeeves_> Wampyre: That's how I read it, yes :)
<Jeeves_> Anyways, I'm afk for a while
<Wampyre> Thanks ffor the assistance :)
<Jeeves_> np
<remix_tj> anyone has experience with postfix and postfixadmin's vacation?
<remix_tj> i got this vacation working only for an email.
<remix_tj> there is no way to get it working for other emails...
<lamont> remix_tj: postfixadmin's vacation?  do you mean the vacation package, or some other thing?
<remix_tj> some other thing
<remix_tj> a postfix vacation with a sql backend
<lamont> it's specific to postfix?
<remix_tj> what do you mean?
<lamont> when you say "a postfix vacation", do you mean that it's specific to postfix, or that it's "just another vacation binary" that happens to have an sql backend?
<remix_tj> uh, seems to be a postfix problem, because the vacation script gets not called
<remix_tj> i've an email (a@b.it) which is (when vacation is active for that user) an alias for a@b.it,a@b.it@autoreply.b.it
<remix_tj> the mail gets delivered to a@b.it but not to the autoreply one, which is the address that generates the automatic email
<Hilikus> can i create a user in my system that will be login in through ssh that i can keep in its own home dir? i.e. so that he doesn't see or can move to the rest of my system?
<lamont> that'd be because postfix explicitly blocks routing via multiple @s
<pmatulis> Hilikus: yes
<lamont> --> broken vacation package if it's depending on source routed email to work
<pmatulis> Hilikus: "chrooted ssh"
<Hilikus> pmatulis: is that a chroot jail?
<Hilikus> ok, thats what i thought
<Hilikus> thanks pmatulis
<lamont> sadly, chroots are frequently trivial to escape
<Hilikus> yes, i've heard
<Hilikus> any other idea lamont
<Hilikus> ?
<pmatulis> lamont: oh, how so?
<pmatulis> lamont: ssh ones specifically
<lamont> pmatulis: dunno about ssh in specific, but various approaches exist, depending on the environment handed to the user in the chroot
<lamont> if you can get root inside the chroot, then the most trivial is to mount the real root disk somewhere, and chroot into that.
<hallyn> (use pivot_root to prevent the usual chdir-based chroot escapes)
<Hilikus> i want to give access to a user to come in and see their backups and their backups only. maybe i can restrict the also the commands allowed in the console?? to just do ls and get or whatever download command is needed?
<lamont> Hilikus: sounds like you want sftp-only
<Hilikus> i thought sftp still needed ssh access and a system account
<Hilikus> but yes,i was thinking of using sftp
<lamont> yeah.  ISTR sftp-only users were possible with modern ssh
<remix_tj> lamont: but the strange thing is that works for assistenza@b.c.it@autoreply.b.c.it but not for lorenzettoluca@b.c.it@autoreply.b.c.it
<lamont> interesting
<pmatulis> Hilikus: yes, sftp chroots are built-in
<Hilikus> i don't have any ftp or sftp daemons running and i can connect to my server using sftp currently
<pmatulis> Hilikus: it'a a hidden/internal subsystem to ssh
<Hilikus> so, since i there's no daemon, where do i tell it it is a sftp-only access??
<remix_tj> lamont: that's why i'm asking for help, this is driving me crazy :-)
<pmatulis> Hilikus: ask the great oracle
<Hilikus> i'm not sure what to search for
<pmatulis> Hilikus: "sftp chroot"
<Hilikus> thanks pmatulis
<pmatulis> Hilikus: you're welcome
<MTecknology> How should I go about adding a module to ejabberd?
<oru_work> how to compress a directory with tar ?
<FunnyLookinHat> tar -czvf file directory
<kalkin-> hi guys
<kalkin-> i'm trying to rebuild php with --with-curlwrappers
<kalkin-> i followed this guid http://panthar.org/2006/06/15/php-with-mssql-on-ubuntu-606/
<kalkin-> with php 5.2 it works flawless
<kalkin-> but with 10.4 and php 5.3 it fails
<kalkin-> this are the errors i get
<kalkin-> dpkg-source: info: use the '3.0 (quilt)' format to have separate and documented changes to upstream files, see dpkg-source(1)
<kalkin-> dpkg-source: unrepresentable changes to source
<kalkin-> dpkg-buildpackage: error: dpkg-source -b php5-5.3.2 gave error exit status 1
<kalkin-> any idea whats wrong?
<SuperLag> Can you pass a regex to apt-get? How would you say, apt-get install all-of-the-tomcat6-packages
<pmatulis> SuperLag: apt-get install tomcat*
<pmatulis> or tomcat6*
<SuperLag> excellent, thank you
<pmatulis> SuperLag: test with simulate switch (-s)
<SandGorgon> hi guys.. i have gotten a hosted ubuntu 8.04 and am deploying my web app for the first time. my question is about security - what is a reasonably good, reasonably out-of-the-box intrusion detection system - I have heard about OSSEC and Snort
<hazmat> regarding using cloud-config on ec2 w/ lucid, are packages supposed to be installed before the runcmd are executed?
<hazmat> hmm.. it looks like cloud-init is parallelized via upstart so the command execution portion (runcmd) can't depend on packages installed by cloud-init..
<ejat> any respond / update on bug 337976
<uvirtbot> Launchpad bug 337976 in ubuntu "[needs-packaging] Package Redhat's oVirt for use on Ubuntu" [Wishlist,New] https://launchpad.net/bugs/337976
<pmatulis> ejat: read the bug to find out
<dupondje> Hi guys, I would like to know if its possible get get new debian php package getting sru'ed
<dupondje> fixes quite some amount of dirty bugs
<io> I have a dedicated server from a host that refuses to use a clean image from the Ubuntu website without installing a ton of packages before handing it over to their customer. Is there a straight forward way of comparing what packages a clean image usually gives, against their image, so that I can remove the additional packages they install?
<Jeeves_> dpkg --get-selections
<io> Jeeves_: manpage has little information. What does that do?
<Jeeves_> io: it shows which packages are installed on your system
<bjorr> anyone help out with a strange nagios error?
<Jeeves_> So if you do it on both machines, you can create a diff on both configurations
<Jeeves_> bjorr: Maybe
<bjorr> fuck already broke rule 1
<bjorr> ill pastebin
<Jeeves_> bjorr: And there's the second! :) No swearing :)
<bjorr> http://pastebin.com/0B494S4Y
<io> Jeeves_: That shows both packages from a clean image, and packages that somebody has installed?
<bjorr> from /var/log/nagios/nagios.log
<Jeeves_> io: All installed packages
<bjorr> already been to #nagios, we couldnt solve it there
<Jeeves_> bjorr: It segfaults
<bjorr> ive crawled forums all day for this
<Jeeves_> bjorr: Try to start it witouth daemonizing
<io> Jeeves_: Is there a list of packages installed on a clean image?
<bjorr> how do I do that?
<Jeeves_> io: Yes, just after you installed a machine and typed 'dpkg --get-selections'
<Jeeves_> bjorr: /usr/sbin/nagios3 /etc/nagios3/nagios.cfg
<Jeeves_> bjorr: Without the -d switch, Nagios won't daemonize to the background
<Jeeves_> O
<Jeeves_> I'd love to help further, but I promised my wife I'd watch a movie with her. :)
<io> Jeeves_: What extra packages does -server install?
<Jeeves_> So I gotta go.
<Jeeves_> io: No clue.
<pmatulis> Jeeves_: enjoy
<Jeeves_> Thanks!
<bjorr> No dice jeeves
<bjorr> damn you jeeves wife! i needed him more!
<Lichte> I just installed 10.04 and nothing comes up on the screen when I start it up........is there some kind of framebuffer turned on during install ???
<Lichte> I can't ssh in either since it's turned off by default
<NightDragon> (13:54.25) â¢ Â Â Â Â Â Â Â Â Â [ NightDragon ]: hey guys
<NightDragon> (13:54.28) â¢ Â Â Â Â Â Â Â Â Â [ NightDragon ]: question
<NightDragon> (13:54.48) â¢ Â Â Â Â Â Â Â Â Â [ NightDragon ]: ...my department wants to digitize all of their paper files. Does anyone have a good suggestion for a document management solution?
<NightDragon> (13:55.19) â¢ Â Â Â Â Â Â Â Â Â [ NightDragon ]: i was going to suggest Acrobat for the software they use to ditgitize, but i'm guessing theres got to be a better way to manage the files then to just store them in folders
<NightDragon> err yeah
<NightDragon> that sucked
<NightDragon> ...but does anyone have some good advice?
<qman__> NightDragon, if you can convince them to change, a wiki-style setup is much better to work with
<qman__> but if not, there are still version control/management solutions for more traditional documents
<NightDragon> well these are student records that they are trying to digitize
<NightDragon> so we are trying to find a structured solution for records storage
<NightDragon> more then like a doku/wiki type setup, you know?
<NightDragon> unless wiki's apply to this sort of thing in some really nice way
<qman__> not especially
<qman__> it's just a great way to work with other people as opposed to word documents or PDFs
<qman__> but if they're basically read-only, PDFs are a fine way to do it
<qman__> however, it should be noted that plain text/markup is much easier to search than binary document formats
<NightDragon> well i was planning on suggesting PDF's as a format, as Acrobat is a _really_ good solution for digitizing records
<NightDragon> but i'm trying to find something that works well for storing/accessing them
<io> !info doxfs
<ubottu> Package doxfs does not exist in lucid
<pmatulis> !search doxfs
<ubottu> Found:
<bleything> I just had a weird experience with groups... I added my user to a group by hand-editing /etc/group, logged out and in, no dice.  used usermod, same deal.  then rebooted and it had taken effect
<bleything> are groups cached or something?
<pmatulis> bleything: next time use 'adduser'
<Lichte> I just installed 10.04 and nothing comes up on the screen when I start it up........is there some kind of framebuffer turned on during install ???
<jord> Hi, how do I turn off any splash stuff on boot? I'm trying to figure out why the machine won't boot.
<pmatulis> jord: configure GRUB
<pmatulis> jord: how depends on GRUB1 or GRUB2
<jord> pmatulis: I've got 10.04, so grub 2?
<Lichte> I have the same problem
<pmatulis> jord: /etc/default/grub for the latter
<pmatulis> jord: GRUB_CMDLINE_LINUX_DEFAULT="debug" for the most verbose boot
<jord> pmatulis: Cool, thanks. Will probably be back with more info :)
<jord> pmatulis: Ahh, I see
<pmatulis> jord: make sure you run 'update-grub' as the file says
<jord> pmatulis: Ok, will do
<bleything> pmatulis: will do, thanks.
<uvirtbot> New bug: #608423 in mysql-dfsg-5.1 (main) "post-start script broken" [Undecided,New] https://launchpad.net/bugs/608423
<Lichte> where do I go to allow ssh login on boot ?
<ScottK> Lichte: Install ssh is all you need to do.
<coxn> I want a script that, when run, has a session like this: http://sillyidea.pastebin.ca/1905532
<coxn> Does such a thing exist in some corner? If not, if I were going to do that in python, what module(s) should I be looking at?
<Lichte> ScottK: can't do that, the screen goes blank during boot
<ScottK> If you don't have ssh installed, there's not much you can do then.
<Lichte> I guess I'll have to go back to 9.10
<Jordan_U> Lichte: Did the LiveCD work correctly?
<jeremyn> i'm having a problem with amavisd-new, for some reason i get a "Virus scanning skipped: Exceeded storage quota" whenever it tries to process an email with a tar file attached. it doesn't have this problem with gz or zip files. it may have been like this since i set it up. any ideas?
<jeremyn> it has the problem with tar.gz files too
<jeremyn> the tar files i'm testing with only contain one very small text file
<Jordan_U> Lichte: Or, since we're in #ubuntu-server and you probably used the server CD, try holding shift during boot and adding "gfxpayload=text" (on its own line) to the first menu entry by pressing 'e' (press ctrl+X to boot the edited entry).
<Lichte> Jordan_U: yeah, no livecd for the server
<Lichte> Jordan_U: that goes at the end of the kernel line, no ?
<Jordan_U> Lichte: No, on its own line.
<Lichte> ok, I'm off to try again
<blackstar256> are are some advantages of ubuntu server over other distrobutions
<Lichte> Jordan_U: that didn't work either
<Jordan_U> Lichte: Any output at all when you try to boot?
<Lichte> Jordan_U: when I erased the "quiet" at the end of the kernel line, I got some kernel output until the screen went blank again
<Lichte> Jordan_U: I can tell it's booting up by the HD activity
<Lichte> I just can't get any text output
<FunnyLookinHat> Is there a way to force my DNS to refresh?  I'm fairly certain there isn't... but here's hoping :)
<Jordan_U> Lichte: You can use the server install CD to chroot in and install ssh.
<Lichte> Jordan_U: then what?  How do I fix the screen output ?
<Jordan_U> Lichte: I think there's even an option to setup the chroot automagically, "repair broken system" or similar.
<Lichte> Jordan_U: I've done that too
<Jordan_U> Lichte: Check dmesg for anything that looks relevant.
<Lichte> I have 3 servers to upgrade, ,my boss isn't going to allow no screen output, I don't care personally, I'd rather have headless servers
<Jordan_U> Lichte: Try adding "nomodeset" to the kernel parameters.
<Lichte> Jordan_U: OK
<cloakable> FunnyLookinHat: more detail please :) how are you getting dns, and how do you want it to refresh?
<Jordan_U> Lichte: Or maybe hook a DVD player up to the monitor with a loop of random boot messages to make your boss happy :)
<Lichte> Jordan_U: :))
<Lichte> Jordan_U: that worked!  I now have sshd installed
<Lichte> nomodeset did the job
<Lichte> who's the genius that decided a graphical boot on a server was a good idea ??
<sysdoc> Since webmin is no longer in the repos, is there a replacement for it??
<cloakable> ebox :)
<FunnyLookinHat> cloakable: well - does my machine cache a host lookup after a single attempt for a while?  Because I setup a cname over an hour ago and it still isn't showing up with host
<sysdoc> cloakable, thanks
<cloakable> FunnyLookinHat: I wouldn't know. so you have a caching nameserver installed?
<cloakable> FunnyLookinHat: *do
<FunnyLookinHat> cloakable: oh no I don't - I'm just fetching my DNS lookups from the DNS server provided by my ISP
<FunnyLookinHat> You can ignore me :)
<FunnyLookinHat> I've realized I'm just impatient
<cloakable> FunnyLookinHat: heh :)
<FunnyLookinHat> Ok - better question - I'm having trouble finding the syntax to upload just a single file with rsync over ssh
<cloakable> upload, or sync?
<FunnyLookinHat> upload.
<Hilikus> i'm having a problem with sshd. i created a group and added a user to that group
<Hilikus> then in my ssd_config i have
<FunnyLookinHat> cloakable: only want to use rsync because it compresses a bit
<Hilikus> AllowGroups backup_reader
<FunnyLookinHat> cloakable: otherwise scp would probably be fine
<Hilikus> but when the user tries to log in auth.log reports
<Hilikus> not allowed because not listed in AllowUsers
<Hilikus> am i missing something? my logic is that it should be allowed because even though it is not in AllowUsers, it is in AllowGroups
<cloakable> FunnyLookinHat: rsync -t <filename> server:/path/to/directory/
<cloakable> FunnyLookinHat: I'd think, reading the manpage
<FunnyLookinHat> cloakable: Yeah that's what I thoguht - I was just checking if my interprettation of the manpage was right :)
<cloakable> FunnyLookinHat: :)
<Moltar> I'm having a problem with 10.04 server, it will not boot after the install when installing on a GPT formatted partition.  The BIOS just says 'boot fail hard disk 0'.  This is on an IBM x series server with a 3TB RAID volume.  Can anyone suggest a way to troubleshoot this or maybe a pointer to some documentation?
<Jordan_U> Moltar: Software RAID or Fake RAID?
<Lichte> thanks for the help Jordan_U
<Jordan_U> Lichte: You're welcome.
<Lichte> laters
<Jordan_U> Moltar: Can you run this script: http://sourceforge.net/projects/bootinfoscript/ and pastebin the RESULTS.txt?
<Hilikus> can i have allowUsers and allowGroups in sshd at the same time??
<Moltar> Jordan_U: Hardware RAID, an IBM RAID controller
<pmatulis> Hilikus: the sshd_config man page will tell you
<Jordan_U> Moltar: Ok, then the fact that it's RAID should be irrelevant for this purpose.
<Hilikus> then i'm reading at the wrong place
<Hilikus> it doesn't say anything about itr
<Jordan_U> Moltar: The output from the boot info script would still be usefull.
<pmatulis> Hilikus: read the section explaining the AllowUsers parameter
<Moltar> Jordan_U: I tried that script yesterday and it complained that the 'core.img' file was not recognized in that small bios_grub flagged partition.  But if I dump the first block with dd it looks the same as the core.img file to me.
<Jordan_U> Moltar: Did you do any repartitioning after installing grub? Does the script show grub as being installed to the mbr? (the full output would be usefull)
<Moltar> Jordan_U: OK, I'll have to reboot from the DVD in rescue mode and run that again.  I've also tried using the efi boot option, with that I at least get what looks like the start of the kernel and initrd loading but nothing after the initrd message.
<Hilikus> pmatulis: i did, and still nothing specific about combining it with allowGroups
<Hilikus> for some reason the behaviour i'm seeing is that allowGroups is ignored, but that's not what the man says
<Hilikus> so i'm probably doing something wrong
<Hilikus> i want to allow certain users AND certain groups
<pmatulis> Hilikus: "The allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups."  if you have restarted sshd and this statement proves to be wrong then open a bug
<Hilikus> that doesn't say anything about my questions. that's when there are conflicting permissions. it doesn't say that each directive overwrites everything below it
<Hilikus> eMBee August 2, 2006:    i did a few quick tests on the interaction of AllowUsers and AllowGroups and it seems that they canât really be used together
<Hilikus> hmmm
<Moltar> Jordan_U: I've screwed around with this system so much that I'm starting from scratch, I'll paste that RESULTS.txt from the bootinfo script after I reinstall to avoid totally confusing the issue
<silentwhisper> great day to everyone
<Hilikus> whats the diff between a user group and a system group?
<pmatulis> silentwhisper: thank you.  to you as well
#ubuntu-server 2010-07-22
<lownoize> hi
<uvirtbot> New bug: #608477 in samba (main) "package winbind 2:3.4.7~dfsg-1ubuntu3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/608477
<lownoize> is anybody here running vsftpd under ubuntu 10.04 server x64?
<lownoize> and has an idea what could be the problem for the bug 590537
<uvirtbot> Launchpad bug 590537 in linux "lo: Disabled Privacy Extensions" [Undecided,Incomplete] https://launchpad.net/bugs/590537
<Moltar> Jordan_U: I finally got the system re-installed from the DVD, here's the boot info script output if you have a second to look at it:  http://pastebin.com/z4ZZhyW2
<zoooom> I setup ubuntu to run an ET server. I can ping with it's IP but not it's name.  Do I need to run DNS on it?
<NightDragon> okay, so since when is wpkg 'easy software deployment'?
<NightDragon> is WPKG really as easy at it gets?... its about as easy as defusing a bomb
<Jordan_U> Moltar: Interesting, and when you try to boot what happens?
<Moltar> Jordan_U: It just says 'boot failed: Hard disk 0'.  Not terribly helpful.
<Moltar> Jordan_U: That message is coming from the BIOS.  On these IBM boxes, it's uEFI, not really BIOS.
<Jordan_U> Moltar: If you hold shift during boot is "GRUB" ever printed to the screen?
<randy_> ?
<Moltar> Jordan_U: Let me go try that.
<Moltar> Jordan_U: No, it still just says Boot Failed.  It's like it doesn't recognize the MBR or something.
<Jordan_U> Moltar: Are you sure that you're booting in BIOS mode rather than UEFI mode?
<Moltar> Jordan_U: Pretty sure.  If I reduce the size of the RAID array so it's less than 2TB, I can install and I'll end up with a fdisk formatted drive that works just fine.  I don't have to change anything in the BIOS to do that other than delete a disk from the RAID array.
<Jordan_U> Moltar: Maybe the BIOS code is trying to be too smart for its own good. Try asking in #grub.
<Moltar> Jordan_U: I've tried using the grub-efi-amd64 package and re-creating the /boot partition as msdos so that the EFI BIOS can find it.  That allows me to set up an EFI boot option with the grub.efi image file.  That gets rid of the 'boot failed' message, but leaves me stuck after the initrd has been loaded.
<Moltar> Jordan_U: Thanks for looking, I'll go try the #grub group.
<Jordan_U> Moltar: There's been a lot of work kernel side recently to get video with EFI going well. This probably isn't very usefull to you on a production server, but maverick would likely work better when booting via UEFI.
<Moltar> Jordan_U: Thanks, I'll at least try downloading and installing it.  It'll be worth a shot to see if it will boot at least.
<Jordan_U> Moltar: You're welcome.
<ader10> I can't use pureadmin to modify virtual users. pureadmin doesn't recognize that I have a user ftpuser and a group ftpgroup already made and it keeps trying to make them
<ader10> And becauseit can't create the user and group, it won't even open the virtual user window
<ader10> Any help on fixing pureadmin would be appreciated
<zoooom> I setup ubuntu to run an ET server. I can ping with it's IP but not it's name.  Do I need to run DNS on it?
<qman__> zoooom, you don't need to run DNS on that server necessarily, but you do need to create a DNS entry for it, or whatever other name service you're using
<ader10> zoooom: If it's behind a dynamic IP it would be easiest to use a dynamic dns service
<zoooom> maybe I'm getting it wrong but If I'm using DHCP from my router shouldnt I be able to ping it by name?
<qman__> not likely
<qman__> your router would have to have a dynamic DNS on it
<qman__> most stock firmwares don't
<qman__> dd-wrt can
<zoooom> no I mean on my local network
<qman__> yes
<ader10> zoooom: likely
<qman__> your router would have to run a DNS server that can update itself based on the DHCP leases it's handing out
<zoooom> yea  it doesnt respond to it's name  but I can ping 10.0.0.101
<qman__> most routers' stock firmwares can't do that
<qman__> dd-wrt has the software to do it
<zoooom> OK I'll just use the ip then    thanks
<ader10> Can anybody help me figure out how to get symlinks working with pure-ftpd
<ader10> My user can't even see them
<ader10> (virtual user)
<ejat> bug 523148 , is it will be fix in LTS ? or maverick ?
<uvirtbot> Launchpad bug 523148 in libvirt "virsh console does not work (/dev/pts/1: Permission denied)" [Undecided,Invalid] https://launchpad.net/bugs/523148
<spartan07> crontab not working. running LTS 8.04. tried editing 2 ways 1) crontab -e and 2) nano /etc/crontab
<spartan07> when I run the command on the terminal it runs perfectly
<bogeyd6> spartan07, paste command
<spartan07> for testing:  echo "Nightly Backup Successful: $(date)" >> /home/seg02/vTigercrons/test.log
<spartan07> need for work:  /var/www/vtigercrm/cron/modules/com_vtiger_workflow/com_vtiger_workflow.sh
<spartan07> bogeyd6, the way it is in crontab -e : 05 * * * * /var/www/vtigercrm/cron/modules/com_vtiger_workflow/com_vtiger_workflow.sh >>/home/seg02/vTigercrons/workflow.log 2>&1
<bogeyd6> oh
<bogeyd6> there is your probb
<spartan07> im running tail -f for the echo command running every min
<spartan07> ??
<bogeyd6> 05 * * * * /var/www/vtigercrm/cron/modules/com_vtiger_workflow/com_vtiger_workflow.sh > /home/seg02/vTigercrons/workflow.log 2>&1
<spartan07> bogeyd6, not 2 >?
<spartan07> isnt >> append?
<bogeyd6> im telling ya
<spartan07> ok 1 sec running
<bogeyd6> 05 * * * * /var/www/vtigercrm/cron/modules/com_vtiger_workflow/com_vtiger_workflow.sh >>/home/seg02/vTigercrons/workflow.log 2>&1
<bogeyd6> wtf
<bogeyd6> 01 00 * * 1 /root/archive-mail > /var/log/archive-mail.log 2>&1
<bogeyd6> 01 01 * * * /root/zimbra-backup > /var/log/zimbra-backup.log 2>&1
<bogeyd6> that is my crontab on the zimbra server, works like a champ and the >> was causing the commands not to work
<bogeyd6> Linux zcs 2.6.24-28-server #1 SMP Fri Jun 18 14:47:02 UTC 2010 x86_64 GNU/Linux
<spartan07> running 8.04?
<spartan07> no go
<bogeyd6> kk
<spartan07> bogeyd6, echo running every min. not running :(
<bogeyd6> you are trying to echo from a crontab command?
<spartan07> bogeyd6,                   01 * * * * echo "Nightly Backup Successful: $(date)" > /home/seg02/vTigercrons/test.log
<spartan07> just for testing
<bogeyd6> uhm
<bogeyd6> why not just put it into a .sh file and lets it run it that way
<spartan07> just doing it to test the crontab. the other command is running .sh file but its not running either
<spartan07> bogeyd6, wierd it ran but it truncated and time the command ran was 20:01:01 PDT 2010.
<spartan07> its 21 20:11:02 PDT 2010, so its running but not running every hour
<spartan07> sorry every min
<twb> You haven't asked it to run every minute
<twb> You've asked it to run on the first minute of every hour
<spartan07> LOL
<spartan07> how would every min be?
<twb> * 1  * * *  echo foo
<twb> There should be a header present when you run "crontab -e"
<spartan07> no header
<spartan07> https://help.ubuntu.com/community/CronHowto
<spartan07> it says minute(s) hour(s) day(s)_of_month month(s) day(s)_of_week user command
<twb> Oh, sorry, every minute of every hour would be "* *  * * *  echo foo"
<spartan07> 01 *    * * *   is right for every min right?
<fallous> no
<twb> No.
<fallous> all asterisks for the time
<spartan07> * *   * * *  is every min?
<fallous> yes
<fallous> 1 * * * * would be the first minute of every hour, * 1 * * * would be every minute during the 1am hour
<spartan07> what about every 5 min? sorry for the basic quesitons I thought I had this figured out
<spartan07> echo command is running every min <--awesome
<fallous> comma-separated
<failover> My bind is eating 160mb of ram, this is right?
<failover> About 200 machines use this server as nameserver
<fallous> so for every 15 minutes, say, you'd do 0,15,30,45 * * * * echo foo
<spartan07> ok so 5 min would be 0/05 *  * * *
<fallous> */5
<spartan07> fallous, thank you
<fallous> np
<twb> fallous: dnsmasq certainly doesn't need that much ram
<fallous> erm, that was failover not me ;)
<failover> :)
<twb> Sorry
<spartan07> fallous, how would I tag a date to a log  for example the cron */5 * * * * /var/www/vtigercrm/cron/modules/com_vtiger_workflow/com_vtiger_workflow.sh > /home/seg02/vTigercrons/workflow.log 2>&1
<fallous> I script pretty much exclusively with perl, not shell
<spartan07> ok
<spartan07> thank you guys for the help. crons working now. I guess they were always workign correctly
<spartan07> LOL
<ajmitch> */5 * * * * /var/www/vtigercrm/cron/modules/com_vtiger_workflow/com_vtiger_workflow.sh >  /home/seg02/vTigercrons/workflow.log
<ajmitch> sorry, was trying to append date
<ajmitch> $(date +\%Y.\%m\%d.\%H\%M) in the filename
<FOCer> can't start mysql on 10.04 after making some configuration changes, even after reverted the changes and reboot the server it won't start either.
<FOCer> any help would appreciated.
<silentwhisper> is there an easy way to setup a mail server
<silentwhisper> most of the tutorial are way to long to follow
<KurtKraut> silentwhisper, if this mail server need to exchange e-mails with other servers around the internet (like @gmail.com), yes, it is a pain in the ass and very long process you need to follow.
<KurtKraut> silentwhisper, everything that differ from the steps the tutorials provide will lead to all your e-mails being labelled as spam
<ader10> Can anybody help me figure out how to get symlinks working with pure-ftpd? My user can't even see them (virtual user)
<qman__> ader10, symlink paths are relative to the environment you're in, so if they point to something that exists outside of your chroot, or is in a different location because of the chroot, they won't work. Use mount -o bind if you need to link something outside the chroot.
<ader10> qman__: http://www.pureftpd.org/project/pure-ftpd says that symbolic links can be followed even if outside the chroot
<qman__> it must pre-process them then
<qman__> sure the links are valid?
<qman__> I make them backwards by accident a lot
<ader10> I'll double check
<ader10> Yes, the link works
<qman__> ok
<qman__> --with-virtualchroot: usually, when a user is chrooted (-A and -a options), it's impossible to go out of his home directory. Enabling that feature makes it possible: symbolic links are always followed, even if they are pointing to directories not located in the user's home directory. ... This feature isn't enabled by default.
<qman__> in the compilation switches
<qman__> I'm guessing the built in package doesn't have that switch
<ader10> ugh, dumb compilers
<qman__> it's a security feature
<qman__> mount -o bind will work around it
<twb> http://mywiki.wooledge.org/FtpMustDie
<qman__> that too
<ader10> thank you qman__
<ader10> wait, it's still not showing
<ader10> The mount --binded folder works, but it doesn't show in the listing
<qman__> that's a bit strange
<qman__> maybe it's got a single-filesystem limitation or something
<Hilikus> can someone help me with sftp? my connection is dropping right after the user is authenticated successfully
<Hilikus> here are the logs of the client and server
<Hilikus> http://pastebin.ca/1905802
<twb> Hilikus: how are you invoking the client?
<Hilikus> sftp user@server
<Hilikus> -v for debugging
<twb> Hilikus: try that on mazinger itself
<Hilikus> same thing twb
<qman__> Hilikus, I've run into that in two cases--it'll do that if the user does not have a valid shell, and it'll do that if their home directory doesn't exist and they're chrooted
<twb> Hilikus: pastebin "iptables-save -c" on mazinger
<Hilikus> that user does not have a valid shell. i read that for sftp only i could leave the shell /bin/false
<Hilikus> i only want to give the user sftp access
<twb> Hilikus: that's not how you do it
<Hilikus> damn
<ader10> Strange, the mount --binded folder doesn't show in FileZilla but it does show in Windows Explorer
<qman__> users need a valid shell to sftp
<qman__> chroot them with the Match block and force-command internal-sftp
<twb> Yep
<Hilikus> http://www.minstrel.org.uk/papers/sftp/builtin/
<Hilikus> step 8
<Hilikus> bullet 2
<Hilikus> so that's wrong then
<qman__> yes
<Hilikus> ok, so i'll change the user's shell
<twb> Hilikus: anything more complicated than what qman__ just said is the Old Way
<qman__> even with the Old Way, they still needed a valid shell
<qman__> I used the one included with jailkit
<twb> Actually that URL is using Match, so it isn't far wrong
<qman__> but with the New Way, it doesn't matter
<qman__> also, I'm fairly certain that bit about root needing to own the home directory is wrong
<qman__> the user needs to own his own home directory
<Hilikus> thats my next problem
<Hilikus> if what the website says is true then it makes sense, cause right now the dir is now owned by root
<Hilikus> and i get this error when chrooting
<Hilikus> Jul 22 02:12:29 mazinger sshd[14872]: fatal: bad ownership or modes for chroot directory component "/tmp/"
<Hilikus> the user's home is in /tmp/test
<Hilikus> and ChrootDirectory /tmp/test/
<qman__>  /tmp does have bad modes
<qman__> it's 777
<Hilikus> man does say that it should be owned by root
<qman__> the parent directory to the home directory must not be world writable
<qman__> and should be owned by root
<Hilikus> This path, and all its components, must be root-             owned directories that are not writable by any other user or group
<qman__> but the home directory itself should be owned by the user
<Hilikus> that's where i'm, confused. why would i need to chown the user's home to root
<Hilikus> it says THIS path
<qman__> you shouldn't
<qman__> but the directory containing the user's home must be root
<qman__> and all directories above it
<qman__> and must not be writable by anyone else
<qman__> but the user's home should be owned by the user, and writable by the user
<qman__> it wouldn't make a lot of sense if it wasn't
<qman__> the user then couldn't create any files or directories
<Hilikus> ok, so its every other dir in the path that shoyld be owned by root, except the actual, last dir in the path
<qman__> yes
<silentwhisper> how to confine a user to its own home directory only?
<qman__> silentwhisper, chroot
<Hilikus> yes, and in sftp only
<spartan07> FYI: * * * * * echo "$(date)" >> /home/test.sh >> /home/spartan7/test.log 2>&1  gave me the datestamp and output of the script on the log.
<spartan07> quick question. if everything is running good on ubuntu 8.04 server should I install 10.04?
<qman__> spartan07, that's appending the date to test.sh
<spartan07> qman__, its running the script though
<qman__> if it is, that's a pretty bizarre parsing
<qman__> I wouldn't rely on it
<qman__> * * * * * /home/test.sh >> /home/spartan7/test.$(date).log is better
<spartan07> ok I wont then. ok
<qman__> or, if you want the date in the log, add it to the script
<qman__> rather than a dated log
<spartan07> is there a way to pipe output of the script to a script that adds the date?
<qman__> sure, but that's a bit of a waste
<spartan07> i'll figure it out. I need to learn to bash script
<spartan07> for now I'll do what you mentioned and make a dated lof file
<spartan07> *log
<qman__> to make the script add the date, just add echo $(date) to the end of it
<spartan07> ok , let me try. thanks!!!
<qman__> oh, also
<qman__> what I gave you won't work as-is, you need to put it in quotes
<qman__> * * * * * /home/test.sh >> "/home/spartan7/test.$(date).log" 2>&1
<qman__> since the default output of date has spaces in it
<imyousuf> I have installed UEC and downloaded the lucid lynx 64 bit version from the store. Now when I am trying to run the image I am getting - http://paste.ubuntu.com/467353/ My machine configuration is core i7, 4G RAM, 1G VGA, Lucid Lynx 64-bit. Any idea how I could solve it?
<silentwhisper> is this correct ?
<spartan07> qman__, thank you that exactly what I have been trying to do all afternoon! im gonna idle here, maybe I can learn something LOL
<Hilikus> is it not legal to hard link to a dir?
<silentwhisper> sudo chroot /home/edwin
<silentwhisper> very slow internet connection i need to restart brb
<Hilikus> qman__: i think that all the dirs in the path should be owned by root
<Hilikus> check this out
<Hilikus> http://www.debian-administration.org/articles/590
<Hilikus> its really strange though, why would the user's home dir be owned by root
<Hilikus> ChrootDirectory /home/%u
<Hilikus> which is the user's home dir
<Hilikus> The directory in which to chroot() must be owned by root.
<twb> Isn't there a %x variable specifically used for the home dir?
<twb> yeah, %d
<Hilikus> yea, but still, whatever is the dir of the jail, it should be owned by root
<imyousuf> I have installed UEC and downloaded the lucid lynx 64 bit version from the store. Now when I am trying to run the image I am getting - http://paste.ubuntu.com/467353/ My machine configuration is core i7, 4G RAM, 1G VGA, Lucid Lynx 64-bit. Any idea how I could solve it? (re-run)
<Hilikus> so i don't understand how to trap a user in its own home
<Hilikus> since its own home would have to be owned by root
<Roxyhart0> HI there somebody know how i can create a virtual interface but not associated
<Roxyhart0> to any ethX?
<larsemil> imyousuf: dont you need like three computers to use UEC?
<imyousuf> larsemil: I made the same computer as node control and cluster control
<imyousuf> do I still need 3 computers? I am absolutely new to UEC, so please forgive my ignorance or stupidities.
<larsemil> imyousuf: i did not use it myself, sorry
<imyousuf> no problem larsemil, in that case I am just did one step more than you :)
<larsemil> i think you need two nodes atleast
<imyousuf> hmm
<imyousuf> where do I find documentation on that?
<imyousuf> because its first time I heard that I need *at least* 2 computers :(
<smoser> TeTeT, i responded to https://answers.launchpad.net/ubuntu/+source/eucalyptus/+question/118429
<smoser> i think the user has a funky environment in some way.
<smoser> note that the program they're running is in /usr/local/bin
<TeTeT> smoser: ah, ok, I don't have 9.10 any longer around, otherwise I'd have tested it
<smoser> i didn't see anywhere we the opener mentioned the client (where euca2ools was being run)
<smoser> the server is seemingly carmic
<smoser> karmic
<overrider> What is (argueably) the most used tool to monitor my servers logfiles, and send me e-mail on things that look suspicious? On my OpenBSD Machines i like to use logsentry; is that also the tool of choice on Ubuntu Server? Thanks
<larsemil> nagios maybe?
<_ruben> overrider: we use SEC (simple event correlator) for that
<binBASH> moin \sh
<\sh> hey binBASH
<binBASH> Gruss aus LU :P
<uvirtbot> New bug: #608646 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/608646
<silentwhisper> what mail server is usually used in accessing through web
<Carachi> hello, i try to install postfix but i have this problem: when i test postfix via telnet  (ehlo) it  not write AUTH LOGIN PLAIN and AUTH=LOGIN PLAIN . how can i solve it?
<qman__> Carachi, it isn't supposed to, or at least none of mine do
<qman__> the process is telnet, ehlo hostname, user username
<Carachi> qman__ i do ehlo hostname
<Carachi> 250-kalilab.it
<Carachi> 250-PIPELINING
<Carachi> 250-SIZE 10240000
<Carachi> 250-VRFY
<Carachi> 250-ETRN
<Carachi> 250-STARTTLS
<Carachi> 250-ENHANCEDSTATUSCODES
<Carachi> 250-8BITMIME
<Carachi> 250 DSN
<qman__> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<qman__> but yes, that's the same thing I get
<Carachi> and how can i solve this problem?
<qman__> I wasn't aware that's a problem
<qman__> my servers send mail just fine
<qman__> ah, pretty sure what you're looking for is smtpd_sasl_auth_enable in /etc/postfix/main.cf
<Carachi> yes is enable
<progre55> hi people! I've got a server that's using the CEST timezone.. how can I change it to UTC? and will it affect the applications and services running on it? like, mysql
<sommer> morning all
<progre55> day
<uvirtbot> New bug: #608685 in bind9 (main) "bind9 fails to start in Lucid Lynx, can't read openssl.cnf" [Undecided,New] https://launchpad.net/bugs/608685
<qman__> progre55, timestamps and such use UTC, so there's nothing to worry about there
<qman__> that is, file timestamps and database transactions
<qman__> log timestamps will change
<qman__> the command is `sudo dpkg-reconfigure tzdata`
<progre55> qman__: thanks. but will I have to reboot then?
<qman__> probably not
<qman__> I haven't tried it but I don't see why you would need to
<progre55> qman__: I've been using puppets, and my server shows me "Thu Jul 22 13:55:34 CEST 2010" while my client has "Thu Jul 22 11:55:40 UTC 2010". and I'm getting errors while connecting.. I was assuming there was a problem with timezones, as the connection is over SSL
<qman__> progre55, timezone is not likely the problem
<qman__> run `date -u` to ensure they agree on UTC
<progre55> qman__: sec
<progre55> yeah, they're the same..
<progre55> qman__: familiar with puppets by any chance? =)
<qman__> no, I'm not
<qman__> I mean, it might be a problem, but that'd be rather silly of it
<progre55> qman__: well, I'll try to google more then =)
<progre55> qman__: thanks man, appreciate
<qman__> if the systems agree within the minute to UTC it _should_ make any time-based authentication systems work
<qman__> no problem
<psteyn> Hi guys, I've removed two NIC's from a server and left only the 1.  it's still called eth2 even on reboot...is there a way to 'rescan' / 'remap' it so that it's eth0?  This is ubuntu 9.10
<qman__> psteyn, remove the entries in /etc/udev/rules.d/70-persistent-net.rules
<hggdh> Daviey: euca 2.0 i386 is in the archive, but not amd64
<uvirtbot> New bug: #608761 in tftp-hpa (main) "initrd.img ....... ready hangs" [Undecided,New] https://launchpad.net/bugs/608761
<urbis> moin
<urbis> little help with proftp needed
<SandGorgon> hi guys.. quick question. I read somewhere that EXT3 filesystems give better performance than EXT4 for MySQL. Is that true ? What filesystem are you guys using _in production_ ?
<Hilikus> is it safe to do security based on user's groups? i have two groups: backup and sftp. one gives it access to reading the backups, the otherone gives them limited, chrooted access through sftp. sshd makes this distinction based on the user's group. is this safe?
<Jeeves_> Anyone here in the UK?
<rcsheets> I am trying to install Windows Server 2008R2 using virt-manager on a 64-bit lucid server. The ISO boots up fine, but as soon as I click "next" on the first installer screen, I get this: http://i.imgur.com/Tomty.png
<dominicdinada> why is the servers asking about grub configs after the updates... i do believe this crap is bugged.... Update? Crash my servers ? not good
<pmatulis> rcsheets: someone was saying the same thing yesterday. i believe they filed a bug
<rcsheets> i see
<rcsheets> thanks. i'll look around launchpad.
<pmatulis> rcsheets: it you're around tomorrow i can let you know exactly, i have it in my irc client logs
<rcsheets> cool
<rcsheets> i'll try to stop by
<rcsheets> i see a bug about >4 vCPUs
<uvirtbot> New bug: #572791 in php5 (universe) "php5 is 5.3, but not fully supported by Drupal6" [Undecided,New] https://launchpad.net/bugs/572791
<dominicdinada> Drupal = Trash
<koolhead17> kees: ping
<uvirtbot> New bug: #608930 in libnss-ldap (main) "libnss-ldap needlessly (and indirectly) depend on libpam-ldap" [Undecided,New] https://launchpad.net/bugs/608930
<bogeyd6> how do i disconnect an iscsi connection? (i am the initiator)
<lowridah> anyone familiar with kickstart options for ubuntu installs?
<lowridah> I've got a %pre directive with a script that switches to TTY6, takes input for variables that get exported to /tmp/includes which is referenced earlier in the KS file, so I can set IPs and such from one menu prior to install
<lowridah> this works great in Fedora/CentOS but in Ubuntu there doesn't seem to be a /tmp folder for ramdisk, does anyone know where ubuntu's chroot ramdisk is at during install?
<stinger05> hi there
<stinger05> does ubuntu 10.04 come with a GUI after installing it ?
<lowridah> not server, no.
<lowridah> if you need a gui i suggest desktop
<stinger05> well actually i wanted a server with a GUI
<nealmcb> stinger05: but there are various options: https://help.ubuntu.com/community/ServerGUI
<lowridah> red the arguments against part real good though
<stinger05> ok thanks guys
<stinger05> later.
<lowridah> really odd, I can have %pre touch /tmp/includes but the code ran in %pre won't write to /tmp/includes
<jord> How can I tell my ubuntu 10.04 install to continue booting even if it can't mount one of my (non-boot) hard drives?
<jord> Now, it just hangs if it fails to mount /dev/md0
<talcite> hey guys, I'm trying to start up an iscsi target using tgtd, over an infiniband connection, but I'm getting an error "cannot initialize RDMA; load kernel modules?". The modules for iSER are loaded.
<talcite> I'm also using IPoIB though, is it possible that you can't have both at the same time?
<FunnyLookinHat> Anyone know how to restart Subversion on 10.04 ?
<rcsheets> pmatulis: i found the bug. it's not quite the problem i'm seeing. thanks though.
#ubuntu-server 2010-07-23
<pmatulis> rcsheets: ok
<rcsheets> pmatulis: in fact, it turned out to be my own pure stupidity, not a bug at all
<Roxyhart0> hi there...i got a question i change the IP in a diferent vlan for my samba PDC server but know when i try to join client to the domain or access to the domain client that were already joined, i got the message that can not find the domain (there  are no firewall) between diferent vlans. Somebody know what could be the problem?
<mase_wk> hi guys, can anyone tell me the correct way to disable / enable the upstart enabled init scripts ?
<mase_wk> should  update-rc.d work still or is there another way to do it ? i tried removing mysqld with update-rc.d however it still appears to start on boot
<silentwhisper> how is the basic step by step setting up of mail server?
<silentwhisper> postfix,dovecote,and squirel is this correct
<silentwhisper> ?
<mase_wk> silentwhisper: yeh that sounds about right
<mase_wk> postfix+dovecot is a good combination
<dominicdinada> has anybody had any problems with samba shares since the most recent update today ?
<hungnv> hello everyone
<hungnv> I have a question about apt-get and dpkg. Once I use apt-get install or dpkg -i packagename, some package popup a buffer ask me to input data, likes ldaputils, it asks me for ldap server address, ldap version...
<hungnv> how can I just skip that buffer?
<twb> hungnv: set the debconf priority to critical, or if you're scripting, set the debconf UI to "noninteractive".
<twb> hungnv: obviously this shouldn't be done blithely, since some of those questions are important
<hungnv> twb: yes, I'm scripting. I have about 100 clients and now I must install just one application for all. Now I'm on server side and excecute my deployment script to do that job automatically.
<hungnv> config files was created before, after installation completed, I just copy configuration file to right place
<twb> It'd be better to preseed the answers to ldap-auth-config
<hungnv> twb: what do you mean?
<twb> Rather than saying "don't ask me" and then overwriting whatever it does -- which can cause problems if there's an upgrade (such as a security update), it'd be better to provide the answers in advance, letting it write the correct file itself.
<hungnv> it will takes a very long time to do such a simple job
<lowridah> if the servers to be deployed to aren't already in action you can kickstart them, specify the packages to install, and configure the LDAP settings in preseed or ks
<lowridah> otherwise you might consider looking into puppet+mcollective if you plan on doing large scale software deployments
<lowridah> hungnv:  http://blog.hjksolutions.com/articles/2007/07/27/unattended-package-installation-with-debian-and-ubuntu
<twb> I don't know why you'd go with kickstart over preseeding.
<lowridah> because i remember all the kickstart directives i'd need to install ubuntu
<lowridah> i have to look at preseed examples?
<twb> Yeah, so it's really only for RHEL refugees
<hungnv> lowridah: thank for the link
<lowridah> hungnv:  np
<lowridah> twb:  if that was true, ubuntu wouldn't be so anaconda compliant
<silentwhisper> hi i like to setup webmail
<lowridah> i'm not debating how to deploy, i'm just saying what i do.
<twb> Fair enough
<twb> As for me, I preseed Debian and kickstart RHEL
<hungnv> lowridah: I deploy these software for clients, not for server
<silentwhisper> postfix, them imap then squirel is this correct?
<lowridah> i kickstart ubuntu and the redhats off a WDS server
<lowridah> call me crazy.
<twb> WDS?
<lowridah> windows deployment service
<twb> Is that Windows <something>?
<twb> Right.
<lowridah> yes, i deploy most OSes off a windows box.
<twb> We don't have Windows at all
<lowridah> ahh i work in web hosting, we have all flavors.
<hungnv> lowridah: you link is exactly what I want
<hungnv> :-)
<lowridah> awesome =)
<imp7> ok guys, the internet told me to come here and ask apparmor questions.
<imp7> I have a java app that is spawning threads or something that look like this: profile="/server/bin/linux-x64/app-monitor//null-16//null-17"
<imp7> The null-16 and 17 change.. is there a way to use a variable in the profile name?
<imp7> like profile="/server/bin/linux-x64/app-monitor*"
<imp7> I have another java app that is showing up in aa-unconfined like this: 16362 /server/runtime/bin/pc-app (../runtime/bin/pc-app) not confined
<twb> imp7: #ubuntu-hardened is probably better for apparmor
<twb> But we can also try to help
<imp7> thanks :)
<twb> (Admittedly, I don't know the answer to that one myself.)
<lowridah> it was all moonspeak to me
<twb> lowridah: apparmor is a LSM (linux security module) that adds MAC (mandatory access control) based on paths, where selinux uses inodes.
<lowridah> ahh
<twb> His problem is that his java apps change the paths they need all the time
<lowridah> i see
<twb> imp7: silly question: when you say "threads" are you talking about green threads, pthreads, or conventional processes?
<imp7> not sure myself
<imp7> they arnt in ps but show up in the kern.log while my profile is in complain mode
<twb> Hum
<imyousuf> I have installed UEC for the first time (total newbie) on a single node with node controller option selected and downloaded the lucid lynx 64 bit version from the store. Now when I am trying to run the image I am getting - http://paste.ubuntu.com/467353/ My machine configuration is core i7, 4G RAM, 1G VGA, Lucid Lynx 64-bit. Any idea how I could solve it?
<hggdh> imyousuf: run 'euca-describe-availability-zones verbose', and check the values there
<imyousuf> doing it right now hggdh
<imyousuf> hggdh: http://paste.ubuntu.com/467812/ Not sure what is wrong
<imyousuf> but the free/max values seems not right, but being a newbie I am not certain
<imyousuf> hggdh: what do you think?
<hggdh> imyousuf: the free/max columns suggest you do not have an NC active
<imyousuf> ok
<hggdh> (NC == Node Controller, the piece that actually runs the VMs)
<imyousuf> I see
<hggdh> so...
<imyousuf> but when I installed UEC I selected NC
<hggdh> sudo euca_conf --list-nodes
<hggdh> wow
<imyousuf> doing it
<hggdh> back to it -- what exactly did you install? Just the NC?
<imyousuf> no hggdh all of them in one single box
<hggdh> k
<imyousuf> and ran the command its a blank line
<hggdh> so no NC active.
<hggdh> try 'sudo euca_conf --discover-nodes'
<imyousuf> yes, seems so
<imyousuf> blank line with: INFO: We expect all nodes to have eucalyptus installed in //var/lib/eucalyptus/keys for key synchronization. at the end hggdh
<hggdh> weird
<imyousuf> hggdh: I did service eucalyptus-nc status and got "eucalyptus-nc stop/waiting"
<hggdh> yeah
<imyousuf> so does this mean I need to do - sudo /etc/init.d/eucalyptus-nc start ?
<hggdh> ok. try 'sudo start eucalyptus-nc'
<imyousuf> ok
<imyousuf> it started
<hggdh> gotta go, sorry
<imyousuf> hggdh: It started and now running discover nodes tells me to setup login-less ssh using authorized keys, let do that and will get back
<imyousuf> thanks a lot hggdh
<hggdh> welcome
<Shapeshiftr> Hey.
<Shapeshiftr> Where can I get MemTest for ubuntu server?
<twb> apt-get install memtest86+
<Shapeshiftr> Thanks.
<Roxyhart08>  hi there somebody have a doc to configurate reverse zones for different subnets?
<Shapeshiftr> twb , erm, *relative Linux/Debain newbie talking* how do you run it, then?
<twb> Shapeshiftr: it appears in your bootloader
<twb> Inherently, you cannot run memtest86+ from within the normal system, although you could potentially use kexec-tools to load it without going through a POST
<Shapeshiftr> So, how do I check if my memory is working to its fullest extent?
<twb> There's also a userland memtest tool that CAN run from within linux, but obviously it's not as reliable
<twb> Shapeshiftr: reboot into memtest
<Shapeshiftr> Hm, thanks.
<Hilikus>  is there any way to keep a server in a low-power state (stand-by) and make it wake up when there are network requests? apache request or ssh request for example
<dominicdinada> anybody else having problems with samba shares after the update today ?
<twb> Hilikus: basically, no.
<twb> Hilikus: assuming by "low power" you mean suspend-to-ram with wake-on-lan.
<twb> Hilikus: you can, of course, reduce the CPU frequency and spin down hard disks and similar tricks
<Hilikus> twd are those tricks already part of the normal kernel or i have to enable them or install some daemon for it?
<twb> Depends
<twb> What's your actual goal?  To reduce the electricity bill for your machine room?
<mase_wk> Hilikus: if you have so little requests that you can sleep afford for a significant portion of time then your probably better off getting a very low power machine
<mase_wk> geode LX or arm based machine
<Hilikus> twd, yes. and lower heat production, and also increase the usable life of the parts
<twb> Certanly *halting* a machine is actually bad for its overall lifetime
<mase_wk> for 7watts i can power a geode Lx500 and get around 33req/s on a completelye dynamic website
<twb> Yeah, using low-power gear like the Pentium III or an arm/geode/atom is the most obvious approach.
<Hilikus> mase_wk: i'll look into it
<mase_wk> ie completely non optimised
<Hilikus> thanks guys
<twb> Alternatively, if you have a large number of machines, consolidating them into VMs on a single host can help
<mase_wk> the new intel chips are very efficient / cool
<mase_wk> twb: was just about to suggest that :)
<mase_wk> they also come with some advanced VM stuff that KVM will use
<twb> As can migrating them to VPSs living in a larger colo that someone else takes care of -- since they have the economy of scale to get that kind of thing right
<mase_wk> i'm currently running 12 VM's on a server which is purring along nicely
<mase_wk> yeh linode do whole VM's for like $20 pm
<twb> mase_wk: we plan to reduce our core network to one soekris router and one Q9550 running everything as a jail (linux) or vm (windows)
<twb> Currenty we have more core servers than staff :-(
<mase_wk> haha . those soekris boards are good
<mase_wk> i'm waiting for someone to make something like the vayetta/ cisco routers with dual core arm CPU's
<twb> Why dual core?
<mase_wk> so i can run openvpn on the other :)
<twb> Uh?
<twb> Surely it'll be SMP
<mase_wk> well smp would be better :)
<twb> So both cores would be running linux
<mase_wk> yeh , one for switching the other for interesting thigns
<mase_wk> things*
<mase_wk> vpn/ firewall etc..
<twb> I don't think switching is done in the CPU
<mase_wk> well forwarding is done in hardware
<twb> Even if it was, I don't think it'd require significant
<twb> load
<mase_wk> but anything more advanced, vlan etc.. is done on the cpu
<mase_wk> depends on what bandwidth you have
<mase_wk> and what your doing
<twb> Oh, you're talking saturated gige?
<twb> I mean, I do tagging and firewall on 100baseT with a 200MHz MIPS, and that doesn't even notice the load
<mase_wk> i've found that with those MIPS chips the second they start getting a decent load , adding complex routes or VPN services tends to reduce the throughput
<mase_wk> mind you that is with GigE , not 100base as you mentioned
<twb> Fair enough
<mase_wk> but still, the cisco's i have here are all 30+ wattss
<twb> I'm a sysadmin, not a netadmin :-)
<mase_wk>  some of the arm chips are measured in milliwatts
<twb> Don't forget that each of your lightbulbs will be 25W or more
<mase_wk> pft light ? =)
<mase_wk> i thought you were a sysadmin
<mase_wk> my monitor provides me with a healthy glow
<mase_wk> but i see what you mean
<twb> Oh, you're still WEAK enough to need a screen?
 * twb inflates chest, strikes dramatic pose
<Hilikus> if a script run by cron writes to stderr will it be mailed to root or just if it writes to stdout?
<twb> Yes
<Hilikus> cool, thanks
<uvirtbot> New bug: #609010 in postfix (main) "package postfix 2.7.0-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/609010
<SandGorgon> anybody using 10.04 servers here ? how has the experience been vs 8.04 ? which hosting are you using ?
<thrain][> SandGorgon: using 10.04 in production for some smaller LAMP servers I maintain (mediawiki, dokuwiki, dotproject). It's just as solid as the 8.04 servers I have. They are not in hosting, though; virtual machines in our local VMWare install.
<SandGorgon> thrain][, thanks!
<Hilikus> thanks guys
<huats> moring
<huats> morning
<SandGorgon> hi guys.. i recently got a dedicated server and see that they have given me a "root" user. How do I disable that and go back to the safer Ubuntu way of "sudo" ?
<uvirtbot> New bug: #609033 in apache2 (main) "Please merge apache2 2.2.15-6(main) from debian unstable(main)" [Undecided,Confirmed] https://launchpad.net/bugs/609033
<mase_wk> SandGorgon: install / configure sudo and either disable the rootuser or set a long random password
<SandGorgon> hmm... cool
<SandGorgon> one more question - in some of my servers, when I log on it gives a nice welcome screen with System Load, Memory Usage, # of logged on users, etc. how do I get this ?
<rcsheets> SandGorgon: i believe that is the landscape-common package
<SandGorgon> rcsheets, bingo.. thanks
<larsemil> imyousuf: any luck with UEC?
<hggdh> Daviey: there?
<Daviey> hggdh: o/
<hggdh> Daviey: http://pastebin.ubuntu.com/467895/
<hggdh> Daviey: and the nodes are still not shown on 'euca_conf --list-ndoes'
<Daviey> hggdh: OK.. can you raise a bug?
<Daviey> Now it's in the archive.. i really want to track issues via bugs
<hggdh> Daviey: certainly
<Daviey> hggdh: rocking.
<Daviey> hggdh: can you try removing the nodes.list file in /var/* ?
<hggdh> Daviey: will do
<glen1> is colocation? when you put your hardware in someone elses datacenter?
<skuld_kid2> I need some help please.  I tried to add a third hard drive to my volume group, and it didn't work right ,so i removed the drive, but it looks as though i DEGRADED my volume.  and now I can't login  can anybody help?
<uvirtbot> New bug: #609055 in libvirt (main) "problems with using parallel port" [Undecided,Incomplete] https://launchpad.net/bugs/609055
<uvirtbot> New bug: #609092 in samba (main) "libpam-smbpass syncs unix passwords when "unix password sync" is off" [Undecided,New] https://launchpad.net/bugs/609092
<skuld_kid2> I need some help please.  I tried to add a third hard drive to my volume group, and it didn't work right ,so i removed the drive, but it looks as though i DEGRADED my volume.  and now I can't login  can anybody help?
<hggdh> Daviey: https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/609112
<uvirtbot> Launchpad bug 609112 in eucalyptus "euca_conf --discover-nodes fails to register nodes" [Undecided,New]
<Italian_Plumber> should I reboot my server after a kernel update?
<pmatulis> Italian_Plumber: if you want to use the new kernel, yes
<Italian_Plumber> how would I decide if I wanted to use the new kernel?
<qman__> Italian_Plumber, that's a matter of risk analysis
<Italian_Plumber> ah
<qman__> look at the list of what was fixed, decide how important that is in your environment, and determine whether/when downtime is worth the benefit
<Italian_Plumber> where can I find the list of what was fixed?
<qman__> I'm sure it's on launchpad, but finding it is proving non-trivial
<qman__> that, and it keeps failing while I'm trying to click links
<qman__> here you go: https://launchpad.net/ubuntu/+source/linux/+changelog
<qman__> err, those are for maverick
<Italian_Plumber> i'm on hardy
<qman__> ah, ok
<qman__> https://launchpad.net/ubuntu/hardy/+source/linux/+changelog
<pmatulis> Italian_Plumber: what kernel is it?
<Italian_Plumber> well I have one server that I reboot every day, another production server that I probably should reboot off hours, and two other servers that are non-production.
<Italian_Plumber> http://pastebin.com/Mc1ArmcM  <-- update log
<Italian_Plumber> I bleieve it is 2.6.24-28 ... but it seems to have updated two kernels.
<Italian_Plumber> thanks qman__
<qman__> looks like there were a lot of fairly important bugfixes in that version
<Italian_Plumber> mmk
<qman__> so I'd suggest rebooting at next convenient opportunity
<pmatulis> Italian_Plumber: try /usr/share/doc/linux-image-2.6.24-whatever/changelog.Debian.gz
<Italian_Plumber> cool... thanks pmatulis
<pmatulis> Italian_Plumber: are you really an Italian plumber?
<Italian_Plumber> me and my brother Mario, yup...
<pmatulis> Italian_Plumber: nice
<pmatulis> Italian_Plumber: i had to have a plumber come over the other day, i pierced a hole in a water pipe with a drill
<bogeyd6> How do I disconnect an iscsi mount?
<pmatulis> bogeyd6: logout and delete i think
<bogeyd6> you know, i could just uninstall the open-iscsi
<bogeyd6> i was just testing it on my laptop
<pmatulis> bogeyd6: iscsiadm -m node -p $ISCSI_TARGET --logout; iscsiadm -m node -p $ISCSI_TARGET -o delete
<bogeyd6> awesome
<bogeyd6> gnome terminal needs a copy and paste shortcut
<jpds> bogeyd6: Shift-Insert?
<jpds> bogeyd6: middle-click ?
<bogeyd6> middle click, nice
<bogeyd6> you just increased my productivity
<bogeyd6> we got these solaris machines for a SAN running 28tb online in high availability
<bogeyd6> and if you think because you are linux expert you can admin a solaris box, you are quite wrong ol chap
<bogeyd6> Has anyone here upgraded a server from 9.10 to 10.04 yet? Can you share with me difficulties?
<SandGorgon> hey guys.. is it recommended to use "vm.overcommit_memory = 2" on linux for a Mysql DB server with 8GB RAM ? Our database size is about 1GB
<pmatulis> SandGorgon: is that OOM-related?
<bogeyd6> SandGorgon, probably not unless you are aiming for what that provides
<bogeyd6> SandGorgon, http://www.redhat.com/magazine/001nov04/features/vm/
<SandGorgon> I actually read while reading up on optimizing database performance on Ubuntu. It recommended that vm be set with that setting
<silentwhisper> sir pls check if my postfix set up is ok
<silentwhisper> http://ubuntu.pastebin.com/a8p7zku8
<silentwhisper> hello
<silentwhisper> please help
<pmatulis> simplexio: what's the problem?
<uvirtbot> New bug: #609177 in apache2 (main) "Apport Hook" [Undecided,New] https://launchpad.net/bugs/609177
<sommer> :-)
<Nokio> Hi all, I am looking for a tool on my ubuntu 10.04 server that would allow me to know at the end of the day how much bandwidth my server generated. In the form of total download upload for the day ? is that possible?
<bogeyd6> Nokio, two things comes to mind, cacti and mrtg
<bogeyd6> also http://www.ubuntugeek.com/bandwidth-monitoring-tools-for-ubuntu-users.html
<Nokio> bogeyd6, ok thanks a lot i will go read about these. Thanks and have a nice day !
<Nokio> bogeyd6, These 2 seems to be really cool and complete. I was more looking for a tool that requires maybe lest configuration because all i need is to know for a few week how much bandwidth is generated by 1 server
<bogeyd6> check the website then
<bogeyd6> Nokio,  http://www.ubuntugeek.com/bandwidth-monitoring-tools-for-ubuntu-users.html
<Nokio> bogeyd6, ok cool thanks ! have a nice day
<bogeyd6> parle vou francais?
<pmatulis> bogeyd6: yes
<sherr> Nokio: also something called "vnstat" might be worth a look
<jaraco> I have libneon 0.29.0 installed (a dependency of subversion 1.6.6). I'd like to upgrade to libneon 0.29.1 or later (and have subversion use that package). What's the best way to do this?
<RoyK> hm... top - 18:34:41 up  3:33,  3 users,  load average: 24.74, 17.09, 11.72
<pmatulis> ouch
 * RoyK just installed a new  toy for the scientists at work - a dual 12-core opteron thing with 64 gigs memory
<RoyK> so the current load of ~25 isn't so bad, really :)
<pmatulis> what are those scientists doing?  did you ever ask?  :)
<RoyK> pmatulis: currently running inversion jobs on this particle movement model used during the EyjafjallajÃ¶kull eruption to try to make it better
<RoyK> stuff like that takes cpu time
<pmatulis> gotcha
<pmatulis> do you fine tune that beast?
<RoyK> nah - just installed Lucid
<RoyK> I/O is on NFS to an opensolaris box with a truckload of drives (50TB net)
<FunnyLookinHat> I forget - should I use useradd or adduser ?
<RoyK> useradd -m
<RoyK> that is, -m is 'make homedir'
<FunnyLookinHat> kk ty
<RoyK> but usually you want that
<RoyK> man useradd
<RoyK> http://karlsbakk.net/top-24.png
<FunnyLookinHat> RoyK: lol - the man page suggests using adduesr
<RoyK> oh well :)
<pmatulis> FunnyLookinHat: adduser is a wrapper to useradd
<RoyK> I'm probably to used to useradd, then
<pmatulis> FunnyLookinHat: it simplifies things, uses defaults
<pmatulis> FunnyLookinHat: see /etc/adduser.conf
<FunnyLookinHat> Right - simple is good.  :)
<pmatulis> FunnyLookinHat: especially on a friday
<pmatulis> too bad i'm working on ipsec, sniff
<FunnyLookinHat> haha
<FunnyLookinHat> I'm just provisioning server images - so much easier...
<FunnyLookinHat> sudo aptitude install <insert ridiculously long list of packages>
<FunnyLookinHat> git clone
<FunnyLookinHat> ./configure
<FunnyLookinHat> done.
<pmatulis> nice
<FunnyLookinHat> so far so good :)
<RoyK> hi all. I have a couple of 'number crunchers', one with 2x8 cores and another with 2x12 cores, both with 64 gigs of RAM. Should Ubuntu Server (lucid) work well on these without further tuning? If not, how can I see if something is slowing things down?
<cwillu_at_work> RoyK, as much as anything works well without tuning, I'd expect so, yes
<cwillu_at_work> The user-space isn't terribly relevant to this, and if the kernel gives you trouble, it's trivial to run a different one
<RoyK> the 16 core box has been running a few weeks, and except a problem where the kernel seemd to eat a truckload of memory (a reboot fixed it), the system has been stably running at 100% load on all cores. Both show minimal system and wio times (althought the 24 core box has only been running a few hours)
<RoyK> the users (scientists) mostly run up to a few more cpu intensive processes than active cores available, so I guess the scheduler shouldn't have much problem with it
<cwillu_at_work> slabtop is useful to investigate kernel memory leaks
<RoyK> that didn't find anything
<RoyK> anyway - I haven't seen it lately
<cwillu_at_work> yep, throughput is the problem that the scheduler solves at the expense of latency, to the chagrin of desktop users everywhere :p
<cwillu_at_work> define didn't find anything
<RoyK> but it was 40gigs or so lost, even after the userspace processes were stopped
<cwillu_at_work> If the kernel had allocated memory, then slabtop would show it :p
<RoyK> I couldn't find where it was allocated, and what used to be a quick machine, turned into something from the ninetees
<RoyK> anyway - will check more if it happens again
<cwillu_at_work> slabtop -s a should be useful
<RoyK> 24 cores and 64 gigs of RAM in a NOK 50k box isn't bad
<RoyK> or USD9k
<RoyK> bbl
<pedahzur> Trying to do an upgrade, getting this error message for the package 'linux-server' "linux-server: Depends: linux-image-server (= 2.6.32.24.25) but 2.6.32.23.24 is to be installed" Anyone else seen it?
<pedahzur> I do have backports enabled, but not proposed.
<pedahzur> Disabled backports...same error.
<talcite> hey guys, I just updated the scst wiki page for ubuntu-server. Could someone who knows infiniband take a look and tell me what they think? https://wiki.ubuntu.com/scst
<sherr> pedahzur: I see that as well today. On these occasions, I usually just wait a day or so and the problem gets fixed.
<pedahzur> sherr: Yeah, it usually does, but it's still a bit disconcerting that an broken update was released.
<quakenul> hi there
<quakenul> i'm having trouble installing 10.04 64-bit server from a usb drive and hoped someone could help
<quakenul> i prepared the stick and the installer booted just from but then tried to check for a CD drive
<quakenul> which doesn't exist
<quakenul> from = fine
<quakenul> i searched for a solution but was unable to find one
<pedahzur> quakenul: How did you prepare the USB stick?
<quakenul> using the universal usb installer in windows
<pedahzur> quakenul: I did this recently using the Ubuntu "USB Startup Disk Creator."  Everything worked fine, but it wrote the boot loader to the USB drive (since it was /dev/sda, and I was installing on a machine with a RAID card, and the drive was actually /dev/cciss/c0d0) You might want to give that a try.
<quakenul> alright then, i will give it a try, thanks!
<pedahzur> quakenul: Not really sure what to say otherwise: it didn't have any trouble finding the "CD" for me.
<failover> quakenul
<failover> https://help.ubuntu.com/community/Installation/FromUSBStick
<failover> go to Know Issues
<failover> there is a workaround
<quakenul> i If you get "Incorrect CD-ROM detected" error
<quakenul> are you talking about this paragraph?
<failover> yeap
<quakenul> well, i checked and this option is actually already there
<quakenul> thanks anyway :)
<quakenul> i will give usb startup disk creator a try
<failover> At the boot prompt type "install cdrom-detect/try-usb=true"
<failover> this works fine for me
<quakenul> hm okay let me check
<SandGorgon> when I use curl -LO to download a file (for example http://pl2.php.net/get/php-5.2.13.tar.gz/from/pl.php.net/mirror), it names the file "mirror". How do I get it to name it php-5.2.13.tar.gz
<quakenul> nope, sadly not working
<FunnyLookinHat> Hey guys - I'm getting this error when trying to bring up NFS:  * Not starting NFS kernel daemon: no support in current kernel.
<FunnyLookinHat> I followed the guide to a T on https://help.ubuntu.com/10.04/serverguide/C/network-file-system.html
<pmatulis> FunnyLookinHat: well, what kind of kernel are you using?
<FunnyLookinHat> pmatulis: stock as far as I know...  hold on
<FunnyLookinHat> pmatulis: 2.6.33.5-rscloud     It's an image for RackspaceCloud
<FunnyLookinHat> But I'm seeing issues that the stock kernel seems to not register as being compatible anyways...
<pmatulis> FunnyLookinHat: so it's not a stock ubuntu kernel
<FunnyLookinHat> I suppose not...  :(
<pmatulis> FunnyLookinHat: grep NFSD in your kernel config file that *should* be under /boot
<FunnyLookinHat> pmatulis: looks like the kernel improperly doesn't have a symbol that the nfs startup script looks for...  https://bugs.launchpad.net/ubuntu/+source/linux/+bug/493145
<uvirtbot> Launchpad bug 493145 in nfs-utils "[Lucid] NFS kernel server doesn't work anymore with 2.6.32" [Medium,Fix released]
<FunnyLookinHat> I'm trying one of the patches...  :)
<FunnyLookinHat> better yet - I just removed the check to make sure the kernel is compatible
<sweltman_> Is this the right forum for bugs in updater?  attempting upgrade to 10.04 server but unsuccessful.
<d3vnu11> sweltman_: what error are you getting?
<sweltman_> unable to update (tool states broken dependencies)
<sweltman_> there are none that I know about
<d3vnu11> what are the broken dependencies?  I ask because I was just having an issue with a broken dependency for the linux-image-virtual package
<d3vnu11> i think that the us.archive.ubuntu.com mirrors have a broken Packages.gz file
<sweltman_> D3v, to be honest, I have no idea where to find them, I didn't see any on the GUI
<d3vnu11> did you follow a howto on upgrading?  just curious what method you used
<sweltman_> d3vnull, I clicked on the upgrade to 10.04 LTS on software update tool.
<sweltman_> d3v, I am using the server version only as the base.  It's also running gnome on GUI + desktop pkgs
<d3vnu11> ah, sorry I don't know how that reports errors, so I'm not sure how much help I could be
<sweltman_> thats ok.  thank you anyhow for asking!
<d3vnu11> no prob
<sweltman_> #ubuntu-bugs
<gurudrew> Hello all. I'm running 9.10, and trying to set up a virtual server environment using KVM. I'm trying to install Windows Server 2008, for which I apparently need an X-friendly environment. So I did apt-get install gdm
<gurudrew> Now my system goes to grub and has no option to boot, goes straight into grub shell
<gurudrew> Inserting my 9.10 CD to recover, on my list of recovery options, when I select my partition, it tells me it's not recognized
<gurudrew> how can I check/repair a drive from recovery console?
<pedahzur> gurudrew: Assuming you can access the drive, 'fsck /dev/sdX' where X is the device letter should do it.  Might have to modify that for special devices such as RAID controllers, etc.
<pedahzur> gurudrew: That is a bit odd though...installing GDM shouldn't keep you from bootin.
<gurudrew> May have been a bad shutdown
<gurudrew> fsck, though, thank you
<pedahzur> oh!
<^peanut^> pedahzur: I just told him the same thing in #ubuntu =)
<pedahzur> gurudrew: Sorry, You'll probably need /dev/sdXN...N is the partition number.
<gurudrew> aye
<pedahzur> ^peanut^: Yeah, well, when we're desperate, we often scatter shot our questions. :)
<uvirtbot> pedahzur: Error: "peanut^:" is not a valid command.
<^peanut^> pedahzur: agreed
<^peanut^> ?
<pedahzur>  ^peanut^: I know I have.
<quakenul> alright, using unetbootin instead of the universal usb installer i was able to get the setup running
<^peanut^> pedahzur: yea me to over the years
<pedahzur> quakenul: Glad to hear it!
<quakenul> also updated the wiki to reflect that in case someone else has the same problem
<quakenul> thanks for your help guys
<quakenul> see ya :)
<gurudrew> weird
<gurudrew> getting "device or resource busy"
<^peanut^> gurudrew: did you umount /dev/sdX
<gurudrew> yeah
<gurudrew> weird
<^peanut^> gurudrew: did you reboot in single usermod? with the -s option passed to the kernel
<gurudrew> No, I didn't, I booted into repair mode
<^peanut^> try: fuser -kuc /dev/sdX
<gurudrew> When I boot directly it goes into grub shell
<gurudrew> no fuser
<gurudrew> only fusermount
<gurudrew> :\
<gurudrew> gotta go, meeting, will be back shortly
<^peanut^> k
<webPragmatist> whats the consensusâ¦ are private keys normally per domain or just one for apache
<webPragmatist> seems like a pain in the but generating it per domainâ¦ but in the event your private key was confiscated you wouldn't have to pay per signed cert
<pedahzur> Has anyone used the SMB LDAP tools in Ubuntu Server? When I run them, it barfs with: "Unable to open /etc/opt/IDEALX/smbldap-tools/smbldap.conf for reading !"  This is smbldap-tools 0.9.5-1.
<gurudrew> back
<gurudrew> booted with -s
<gurudrew> getting "device or resource busy" still
<Jordan_U> gurudrew: Do you get an error message before the grub shell with a normal boot?
<gurudrew> no
<gurudrew> I ditched it and started a fresh install
<gurudrew> nothing of importance on the install
<gurudrew> probably some underlying old issue anyway
<gurudrew> I want to use Ubuntu as the base of a VM
<gurudrew> 1 Ubuntu server, 1 Windows 2008 server
<gurudrew> Is KVM my best bet?
<corpse> Hi im running ubuntu lucid server on an htpc. I just istalled a ATI Radeon 4350. I installed the catalyst 10.6 file but when i run fglrxinfo i get: Error: unable to open display (null)  I am not quite sure what to do from here. aticonfig --list-adapters shows 0.1:00.0 ATI Radeon HD 4300/4500 Series
<pedahzur> Ah..."problem" with ldap tools is that they aren't configured at install time. https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/126038
<uvirtbot> Launchpad bug 126038 in smbldap-tools "wrong path in samba ldap tools" [Undecided,Incomplete]
<uvirtbot> New bug: #609330 in postfix (main) "package postfix 2.6.5-3 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 75" [Undecided,New] https://launchpad.net/bugs/609330
<EvilPhoenix> does anyone know how I can specify where iptables logs to?  by default i think it logs to syslog
<yu> Hi how do I make it so if a user creates a public_html directory in their home, they automatically get domain.tld/~user?
#ubuntu-server 2010-07-24
<silentwhisper> need help about postfix
<silentwhisper> i need help
<skydrome> dont we all
<EvilPhoenix> indeed
<EvilPhoenix> i posted at least 20 mins ago with no answer
<silentwhisper> can you help me about postfix
<EvilPhoenix> me? noooo
<silentwhisper> why?
<skydrome> if you ask, someone might answer
<silentwhisper> ah
<EvilPhoenix> well i actually sit here for when I need help
<EvilPhoenix> and I dont use postfix
<silentwhisper> what do you use?
 * EvilPhoenix states he does not use postfix, hell he doesnt even know what postfix is
<silentwhisper> my postfix has no maildir directory
<silentwhisper> /home/user/maildir
<silentwhisper> why is that?
<silentwhisper> http://ubuntu.pastebin.com/2Amk4gTi
<silentwhisper> please check it out
<EvilPhoenix> silentwhisper:  repeating / spamming wont get you an answer
<silentwhisper> that is my sample
<ScottK> silentwhisper: Please pastebin the output of postconf -n
<silentwhisper> http://ubuntu.pastebin.com/SDeqcVZy
<ScottK> silentwhisper: I think you need to read man 8 local (also at http://www.postfix.org/local.8.html)
<silentwhisper> what is the purpose of mx record?
<skydrome> silentwhisper, try #postfix
<silentwhisper> thank you
<RoyK> Ubuntu surprises me a little - a 24 core box running with a load of 25 or so hardly uses time for sys
<RoyK> all in all - works
<isw> Is anyone familure with or have documentation on switching from DHCP to static IP address on ubuntu 10.04?
<qman__> isw, man interfaces
<qman__> I'm having trouble trying to upgrade one of my servers to lucid from hardy, it says "Dist-upgrade failed: 'E:Unable to correct problems, you have held broken packages.'", but I can't figure out what packages are causing the problem. Here's the full logs from the failed upgrade: http://pastebin.com/unNUbvwh
<qman__> I also noticed that early on it lists a whole bunch of old packages that aren't installed, and the log says "skipping"
<pmatulis> qman__: bad problem for a friday night
<qman__> yeah, it's not urgent, just had some time and decided to give it a go
<pmatulis> qman__: was hardy all up to date before the upgrade?
<qman__> yes
<qman__> double checked and even rebooted just before
<pmatulis> qman__: are you holding/pinning any packages?
<qman__> I didn't set any, where do I check to make sure?
<pmatulis> try 'dpkg --get-selections | grep hold'
<qman__> comes up empty
<pmatulis> qman__: what about PPAs?  using any?
<qman__> nope
<qman__> and I'm fairly sure I didn't compile anything from source, either
<pmatulis> qman__: how did you perform the upgrade?
<qman__> if I did, it would probably show up in those logs, right?
<qman__> sudo do-release-upgrade -d
<pmatulis> ah
<pmatulis> development
<qman__> well, do-release-upgrade doesn't work yet
<qman__> since 10.04.1 isn't out yet
<pmatulis> i don't understand
<kklimonda> qman__: may be a transitory problem with some kernel update in lucid
<qman__> without the -d, I get no updates available
<pmatulis> why do you need 10.04.1 to upgrade to 10.04?
<kklimonda> qman__: linux-image-2.6.32-24-386 is still in lucid-proposed
<qman__> hmm
<pmatulis> oh, maybe you have -proposed enabled
<qman__> I didn't check that the latest version existed for -386
<qman__> just that there was a -386 in lucid
<qman__> that could very well be the problem
<qman__> I really ought to just scrap the thing and get something newer, but it just won't die
<qman__> hard to argue with that
<qman__> looks like it's also in updates
<qman__> so I could probably upgrade from the alternate CD and then update
<A-KO> I upgraded to Karmic from Jaunty and it seems that my apache ssl site broke--and I can't figure out why....I hadn't made any changes to the files, and I'm pretty sure I had the upgrade not make any changes to conf files......I've had a few things it spit out to me, like Can't find a certificate (even though it's there)...
<overrider> Ufw logs port scans and such to ufw.log, but they also appear in /var/log/messages. I cannot find syslog.conf, so what does Ubuntu use for logging and where can i control what gets logged to where?
<overrider> Ok its rsyslog now. jeez
<Marco2> :-D
<ideaman> anyone around that can help me figure out how to get my first UEC running? .. i'm not having any luck after two days of trying
<ideaman> my availability scan continues to show 0000/0000 for all instance sizes
<ideaman> I've tried a 2 physical machine setup, and now today tried a single machine setup (just for dev/testing)
<ideaman> i tried the eucalyptus channel, but it seems dead
<webPragmatist> hrm
<webPragmatist> whats the preferred mta for use with php / sendmail
<ideaman> sendmail is an mta...
<webPragmatist> rightâ¦ well
<webPragmatist> i think i was using exim now
<webPragmatist> before*
<ideaman> exim or postfix are good
<ideaman> sendmail is more mta than most people need, and one of the harder ones to configure
<webPragmatist> hrm
<webPragmatist> uhm
<ideaman> i haven't setup a sendmail mta for years now.. mostly postfix myself
<webPragmatist> does each mta implement the command sendmail though
<webPragmatist> for php to user?
<webPragmatist> use*
<webPragmatist> i don't really care which mta i useâ¦ sendmail looked complicated like you said and by default didn't seem to allow localhost sending through any domain
<ideaman> i'm fairly sure postfix will work fine with php
<ideaman> like 99%
<ideaman> http://forums.opensuse.org/archives/sf-archives/archives-network-internet/330706-sendmail-postfix-php-ini.html
<webPragmatist> well okay my next question
<webPragmatist> i tried to purge sendmail â¦ and it left a bunch of crap
<webPragmatist> how do i delete that crap
<ideaman> http://ubuntuforums.org/showthread.php?t=170309
<ideaman> post #4
<webPragmatist> why doesn't purge sendmail remove the stupid dependencies
<ideaman> are you using aptitude or apt-get?
<ideaman> aptitude will generally offer to remove unrequired dependencies... apt-get you probably need to use apt-get autoremove, if it recognizes the un-needed packages
<webPragmatist> bleh i got it
<webPragmatist> ideaman: okay so i'm going through this postfix installerâ¦ should i put the fqdn if it's just used as outgoing mail?
<ideaman> mhm.. probably, since otherwise local mail probably won't be handled properly
<ideaman> you don't actually need to run an MTA on your server... you could follow what that other post said, and use the PHP Pear::Mail package and set it up to use SMTP instead
<ideaman> setting up your own MTA may provide unwanted issues such as a) configuration is difficult if you don't setup MTA's on a regular basis b) your IP can be black-listed in SPAMCOP lists, etc
<ideaman> c) security issues
<ideaman> for simplicity using a module that just supports SMTP, and using your ISP's MTA may be the best choice
<scar> why when i run 'apt-get upgrade' is the linux kernel held back? how to install that update?
<ideaman> apt-get dist-upgrade
<scar> ideaman, i see. thanks
<webPragmatist> ideaman: yea i prefer to run the mta
<webPragmatist> mainly because our mail server is about as reliable as â¦ eh something
<webPragmatist> I swear I used exim before i think and got less flack â¦ now i have messages stuck in the queue
<webPragmatist> Jul 24 00:40:37 new357715 postfix/smtp[1306]: connect to mydomain.mxlogic.net:25: Connection refused
<webPragmatist> is it trying to send outgoing to an smtp? i'm confused
<ideaman> yes, sounds like its trying to send an email (maybe a failed delivery notice?) to mydomain.mxlogic.net
<ideaman> mhm, YOUR MTA is trying to contact the MTA on mydomain.mxlogic.net
<ideaman> if mydomain.mxlogic.net is your server, or the fqdn you used in one of your config files, that could be your own machine its trying to contact
<ideaman> without realizing its one in the same machine
<ideaman> anotherwords it doesn't think its local email
<ruben23> hi guys i planned to setup a mail server- with 60 users, any server specs you can recommend for this..?
<Nafallo> ruben23: Pentium 75 or higher should be okay.
<uvirtbot> New bug: #609409 in squid (main) "package squid 2.7.STABLE9-2ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/609409
<silentwhisper> any one here patient enough to guide me in setting up postfix
<silentwhisper> im totally noob
<silentwhisper> actually i already installed it
<silentwhisper> need help in troubleshooting
<SandGorgon> anybody running hi guys.. what are some of the cheaper/free clickstream (user-path navigational analysis tools) that I can use with nginx ?
<SandGorgon> silentwhisper, just a suggestion if you are purely looking for a mail solution - check out Lamson mail server. Written in pure python
<silentwhisper> no downtime? and easy to setup?
<overrider> How to get a list of services that startup during boot?
<SandGorgon> silentwhisper, any success with mail ?
<silentwhisper> no not yet still reading manuals
<silentwhisper> about postfix
<silentwhisper> whew
<foxiness> is it possible that i find a store to sell servers with ready made ubuntu-server edition? "  i have checked hp dell ibm website and more "
<tarvid> foxiness, we build our own and could build what you need
<tarvid> generic servers are easy to build, maybe all you need is support
<foxiness> tarvid, now i'm in the dell website , i try to customize my server
<foxiness> with no OS installed " why on earth Dell do not write a line about ubuntu server! "
<tarvid> I find it more cost-effective to simply buy the parts, assemble and load
<tarvid> servers come in flavors depending on purpose but the general purpose is to shovel data from the hard disk to an Ethernet port
<tarvid> in general, one is better off with two servers than one expensive server
<tarvid> speculating on the relationship between Dell and Ubuntu is not fruitful
<foxiness> tarvid, I liked the idea " DIY " , will be a new experience for me
<tarvid> http://www.ls.net/content/reference-windows-server-upgrade was for a Windows client
<tarvid> Some prices are down, Windows Server is unnecessary, might be more useful to build 2 instead of the eSata backup
<uvirtbot> New bug: #609290 in apache2 (main) "Critical bug in memcpy-ssse3-rep.S" [Undecided,New] https://launchpad.net/bugs/609290
<VeeCount> hiall!
<VeeCount> i've just installed Ubuntu Cloud Controller and there are some things that make me confused: dhcp and dns servers have been installed, but i have those on another server, will eucalyptus or something crash if i deinstall these services?
<VeeCount> do i have to make some special configuration of the existing dhcpd so the cloud could work properly?
<VeeCount> again, the apache server has been installed, can i use nginx instead for examle?
<VeeCount> anyone alive here on saturday? =)
<VeeCount> and netstat tells me that there are over 200 connections established like this tcp        0      0 127.0.0.1:9001          127.0.0.1:53947         ESTABLISHED
<VeeCount> looks scary =)
<andyltm> How can I determine what is using all the memory on my ubuntu-server?
<uvirtbot> New bug: #609543 in mysql-dfsg-5.1 (main) "Since Thursday's update, mysqld is not started on boot" [Undecided,New] https://launchpad.net/bugs/609543
<ruben23> any application mail that is ready na dhandy to deploy.
<dominicdinada> need a hand with samba all of a sudden after the update 2 days ago my samba server isnt working, a check of the results shows that now it is erroring on a few things such as the user/pass files etc...
<RoyK> ruben23: see the server guide https://help.ubuntu.com/10.04/serverguide/C/email-services.html
<RoyK> dominicdinada: pastebin your config and give detailed info about the environment, and perhaps someone can help ;)
<dominicdinada> RoyK: how about this i pastebin the errors... and tell you about how the update 2 days ago remapped the drives ???
<RoyK> dominicdinada: sure, but we need details to help. something like 'can someone help me?' doesn't say much about the problems
<dominicdinada> i do believe i detailed everything going on..... now to show u how strict my config is........
<RoyK> dominicdinada: you haven's said what changes you have made, not said what sort of samba config you have, you have merely said it doesn't work...
<RoyK> dominicdinada: for a start, pastebin smb.conf and tell us what you have changed, and perhaps, maybe, someone can help
<dominicdinada> RoyK: instead of wasting the time typing and telling me what i havent done ReRead that i wrote that when updated 2 days ago the update forced me to remapped the hard drives.... etc
<dominicdinada> and ill finish getting the config and log pastebinned
<dominicdinada> RoyK: http://pastebin.com/k2yKZgV3
<RoyK> that's the shortest smb.conf I've ever seen :Ã¾
<dominicdinada> i said i wasnt posting the whole thing...
<RoyK> well, I have no idea. anyway, if showing your smb.conf file is a security threat, then something is terribly fucked up with your systems.
<RoyK> so, you're on your own
<dominicdinada> RoyK: all the info u need has been given, Thanks for wasting my time. Ignored
<RoyK> lol
<ruben23> hi any directory service for ubuntu desktop like 100 units.
<ruben23> where i can manage users login and pasword
<ruben23> with domain
<RoyK> ldap?
<ruben23> RoyK: anyapplication that uses ldap..?
<webPragmatist> how can i find out what ip postfix is using to send outgoing mail
<Maletor> I want to smash my volume group and all lvms in it. So I guess
<Maletor>                  this means I have to boot from live usb and mount /dev/md1 ?
<Maletor>                  Then chroot ? Then delete the lvm then the vg then remove from
<Maletor>                  fstab? Only thing is I'm confused about the chroot...
<Maletor> (without line breaks) I want to smash my volume group and all lvms in it. So I guess this means I have to boot from live usb and mount /dev/md1 ? Then chroot ? Then delete the lvm then the vg then remove from fstab? Only thing is I'm confused about the chroot...
<RoyK> webPragmatist: postfix will, by default, try to use dns lookups to send mail to other places. if you need it to pass it through a relay host, configure a smart relay host
#ubuntu-server 2010-07-25
<webPragmatist> RoyK: i got it going as an mta
<john> Hi, Ubuntu server10.04, mpd up and running, external client access ok, but no local sound out put. how do i configure a sound card on this edition?
<john> I have alsa installed. Is there a nice config or auutoconf for it?
<silentwhisper> if im using dyndns
<silentwhisper> does it means that im behind a proxy / nat?
<silentwhisper> im using router does it mean im  behind nat?
<harrison> hello
<silentwhisper> hi
<silentwhisper> everybody are busy
<harrison> I would like suggesttions on what to install on a home server, I have the basics: apache, vsftp, samba, etc. what could be added to that?
<silentwhisper> try mail server
<silentwhisper> that's what im studing now
<harrison> I think I have that installed, but ISPs... well they might not like mail trafic, and I don't really need a mail sever but thanks for the idea.
<bogeyd6> can i ask to restate harrison
<harrison> yes I am looking for software to add to my server, I have the basics: apache, vsftp, samba, etc.
<bogeyd6> for what purpose
<harrison> *slaps head* a home server.
<bogeyd6> how about a PVR
<harrison> Personal video recorder?
<bogeyd6> yeah, for tv shows
<bogeyd6> http://www.mythbuntu.org/
<harrison> Office is a bit to far but I am thinking of using an older computer for that, set it by the tv.
<harrison> That is what I would use.
<harrison> Any other ideas?
<harrison> Another question, What are cron jobs?
<KurtKraut> harrison, have you checked http://tinyurl.com/yepp6ff already?
<enav1> hi people i want to see the ubuntu hardware blacklist pleas... but i dont know where it is
<harrison> I don't randomly enter tinyurls but I will check it out.
<KurtKraut> harrison, if you're using Windows, I'd agree with your procedure to avoid 'tinyurls'.
<silentwhisper> sir if im using router and i have dynamic ip
<silentwhisper> does it means im behind a proxy/nat
<harrison> I wouldn't think so.
<harrison> A dynamic IP is an ip that changes from time to time.
<KurtKraut> silentwhisper, I agree with harrison
<silentwhisper> how to determine if im behind proxy/nat?
<harrison> First who is your ISP?
<KurtKraut> silentwhisper, some proxies are configured in a 'transparent' way, meaning they're unreconizable.
<harrison> Silent, what are you tring to do?
<bogeyd6> harrison, https://help.ubuntu.com/10.04/serverguide/C/index.html
<harrison> thanks bogeyd6, I had a look at that before I guess I am going in the right direction.
<harrison> Question: how do you/which log should I check to see who has loged on in the past?
<harrison> my server IS accesibal via the world.
<harrison> Anyone have questions?
<harrison> Good night everyone.
<silentwhisper>  goodnight
<silentwhisper> in postfix
<silentwhisper> can we config to use hostname and domainname at once
<silentwhisper>     myorigin = $myhostname (default: send mail as "user@$myhostname")
<silentwhisper>     myorigin = $mydomain   (probably desirable: "user@$mydomain")
<silentwhisper> i want to setup my mailserver to receive and send through internet
<bogeyd6> !postfix | silentwhisper
<ubottu> silentwhisper: postfix is the default !MTA and !MDA on Ubuntu. For help, read https://help.ubuntu.com/community/Postfix and https://help.ubuntu.com/community/PostfixBasicSetupHowto - See also !MailServer
<silentwhisper> when i try to run
<silentwhisper> su - fmaster
<silentwhisper> mail
<silentwhisper> i wont work
<silentwhisper> i already installed postfix whis is it dont have /home/user/Maildir directory?
<EvilPhoenix> you asked yesterday...
<EvilPhoenix> did you get no answers?
<silentwhisper> rtfm
<silentwhisper> but i already did that i already run command to create directory but i was not there
<EvilPhoenix> you tried in #postfix?
<EvilPhoenix> if thats even the right channel...
<silentwhisper> yes
<EvilPhoenix> and?
<silentwhisper> im currently at the channel now
<sweetpi> EvilPhoenix: what about postfix?
<EvilPhoenix> talk to silentwhisper
<EvilPhoenix> he had the issue(s)
<EvilPhoenix> sweetpi:  ^
<EvilPhoenix> silentwhisper:  if you're alive, ask your question again
<EvilPhoenix> sweetpi:  i can give you the logs of silentwhisper's question if you'd like
<sweetpi> ok, msg them
<EvilPhoenix> sent be advised it might be slow on sending a few lines
<sweetpi> i didnt know this channel even existed :)
<EvilPhoenix> HEH
<EvilPhoenix> stupid caps
<EvilPhoenix> now you do
<EvilPhoenix> sweetpi:  did you get the PM
<sweetpi> yes, reading
 * sweetpi doesnt think silentwhisper is a native english speaker
<sweetpi> its possible, but i dont understand what the problem is
<EvilPhoenix> it seems from my interpretation...
<EvilPhoenix> that he doesnt have a mail folder in his user's directory
<EvilPhoenix> and doesnt know why
<EvilPhoenix> perhaps he thinks postfix creates it automatically...
<sweetpi> hmm.. all my installs keep mail in /var, even local mail.
<sweetpi> anyway the users mail dir wouldnt normally be created until they received mail
<sweetpi> i think hes away anyway
<EvilPhoenix> *shrugs*
<EvilPhoenix> or maybe his connection /died
<silentwhisper> i receive mail /var/mail/edwin
<silentwhisper> is it corect
<silentwhisper> is it in the format of Maildir
 * EvilPhoenix pokes sweetpi
<uvirtbot> New bug: #609651 in openldap (main) "compile OpenLDAP with OpenSSL" [Wishlist,Triaged] https://launchpad.net/bugs/609651
<silentwhisper> is this correct?
<silentwhisper> myorigin = /etc/mailname
<silentwhisper> mailname value is mwit.no-ip.biz
<sherr> silentwhisper: yes, that's fine. Or you can set it explicitly (rather than from a file)
<uvirtbot> New bug: #609681 in mysql-dfsg-5.0 (universe) "package mysql-server-5.0 5.0.67-0ubuntu6.1 failed to install/upgrade: el subproceso post-installation script devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/609681
<jetole> Hey guys. Does anyone know how I can limit how much RAM a process can use?
<KurtKraut> jetole, I guess with the ulimit command you might do it
<jetole> KurtKraut: I don't know how with ulimit. I know the -m option is ignored on Linux
<KurtKraut> jetole, just for checking... why do you need that?
<jetole> KurtKraut: My workstation in the office has 4 gigs though a 3 gig hardware limit via the motherboard and tends to run out of memory on a regular basis from say, if I leave the browser open and banshee and thunderbird, eventually one of them will use more then there is I won't even have enough to ctrl+alt+backspace X or ctrl+alt+f1
<jetole> and yes I know thats not server related (although I run many servers too) but it's also generic enough that if there is a way, then it applies to server and desktop
<jetole> I'm asking in #kernel now
<KurtKraut> jetole, there is certainly something very wrong in the scenario you've described.
<KurtKraut> jetole, I do everything you mention in a 1 gig RAM machine and never experienced such thing.
<KurtKraut> jetole, do you have a swap partition?
<jetole> I should. Lemme ssh in and double check
<jetole> KurtKraut: yes and no, it's not a partition but that shouldn't matter. It's a flat file (swap.dd) but according to the kernel devs, around the time 2.6 was released, a flat file is just as able as a partition
<KurtKraut> jetole, the free -m command tells you that swap space is being used?
<KurtKraut> jetole, do you keep track of the load average of this system? What is the load_avg number right before a crash?
<pmatulis> jetole: how do you know the problem is due to a lack of memory?
<pmatulis> jetole: maybe your pc is overheating, heatsink & airflow ok?
<jetole> pmatulis: off the top of my head I can't remember. I have seen indicators in the past. I think it's when I was running conky and it showed the top memory using applications on my desktop and how much they were using and I saw something like banshee or chrome with >1G and memory at max before it crashed but it was just an off chance that I cought it
<jetole> pmatulis: should be
<jetole> It's a new PC, low profile actually but it's a dell too
<jetole> I will double check the fans Monday but I know I have seen indicators of memory in the past
<kaushal> hi
<kaushal> is there a way to know what time is the system is up and running
<kaushal> I do w command and it shows  07:22:50 up 2 days, 19:22
<kaushal> is there a better way to calculate the time since the server is up and running ?
<kaushal> I mean time in hrs:mm:secs
<internalkernel> I have a question regarding GeoIP and Vhosts in Apache...
<internalkernel> I have two vhosts - one is allowing CA and US, and one only US - can I have two different allow variables?
<internalkernel> or will one override the other?
<internalkernel> to clarify... in apache.conf - I have Setenvif US and CA to AllowCountry
<internalkernel> and then, I have a Setenvif US to SiteCountry - is this valid?
<internalkernel> and the specific vhost configs reference the appropriate variable
<LeeQ> quesion about server mirroring and database backups
<LeeQ> I have main server and backup server, backup taked mysqldump every night
<LeeQ> dns points to backup server if main server is down
<LeeQ> say main server goes down and things are added to the db on the backup server
<LeeQ> what is the best way to reconcile
<LeeQ> ?
<Jeeves_Moss> how do I get my WM5 device to be able to send TLS STMP?  I've seen a lot of people posting requesting how to make it work, but no soulitions so far.
<mcarse> can someone help me with an unbootable 10.04 server system?
<mcarse> I applied a recent kernel update, and since then, it drops to "grub rescue" at boot.
<mcarse> The system is running software raid1
<Jeeves_Moss> mcarse, http://ubuntuforums.org/showthread.php?t=544881
<mcarse> Grub rescue displays an error that "no such device" then displays the uuid
<Jeeves_Moss> mcarse, then you need to grub search for /boot
<mcarse> Jeeves_Moss: this appears to apply to grub 1, my system is running grub2
<mcarse> Jeeves_Moss: How do I do that?
<Jeeves_Moss> https://help.ubuntu.com/community/Grub2
<Jeeves_Moss> https://help.ubuntu.com/community/Grub2#Command Line and Rescue Mode
<mcarse> thank you Jeeves_Moss
<mcarse> I think I have got it sorted out.
<mcarse> Now i just need to figure out why I have problems like this every time I update the kernel
<Jeeves_Moss> mcarse, it's not finding the proper UUID to update
<mcarse> is there a config I have to adjust somewhere to fix that?
<Jeeves_Moss> mcarse, sorry, I'm not sure.  I've never had that issue
<mcarse> Jeeves_Moss: thanks
<Jeeves_Moss> np
#ubuntu-server 2011-07-18
<mrroth> is it possible to make ubuntu server in to a secondary domain controller in my Active directory forest
<mrroth> widnows 2008
<TenKTech> Im not aware of anything fully funtional but heres a link to something that could help  https://help.ubuntu.com/10.04/serverguide/C/samba-dc.html
<twb> For AD I believe you need Samba 4
<fluvvell> twb, have they fully released that yet? Or is it still in testing?
<twb> I don't know
<twb> They aren't in main/ as at lucid, which was enough for me to dismiss it
<fluvvell> quentusrex, http://www.kernel.org/pub/linux/utils/raid/mdadm/ANNOUNCE
<quentusrex> fluvvell, do you know of a unified annouce list or rss feed?
<fluvvell> druciferre, which acls? Are you talking windows file shares or apache acls ?
<druciferre> neither... I'm talking about the service from the package acl in ubuntu
<druciferre> (i.e. sudo apt-get install acl)
<druciferre> setfacl ...
<fluvvell> quentusrex, slashdot has a lot of announcements - do you visit there?
<quentusrex> fluvvell, I haven't ina while.
<twb> druciferre: I think those are "posix acl"s
<twb> Yes, they are
<twb> ``Most of the Unix and Unix-like operating systems (e.g. Linux,^[1] BSD, or Solaris) support POSIX.1e ACLs, based on an early POSIX draft that was abandoned.''
<twb> https://secure.wikimedia.org/wikipedia/en/wiki/Access_control_list#Filesystem_ACLs
<mrroth> okay thanks
<druciferre> twb, i don't see anything in the article about whether the acl table is stored on the hard drive (i.e. if I put the hard drive in another system will it still see the acls?)
<twb> druciferre: I don't see where else they could be stored.
<druciferre> twb, I imagine they could be stored in /etc/ somewhere
<twb> druciferre: I very much doubt that is the case, but ICBW
<fluvvell> druciferre, I have acl installed, but have yet to find a package or piece of software that requires them or uses them
<lickalott> gents, trying to remove dhcp client (establishing static IP) and apt-get remove dhcp-client or dhcp-client3 aren't working
<lickalott> any suggestions?
<druciferre> lickalott, I eventually setup my router to provide dhcp and assign certain computers certain ips based on their mac's
<lickalott> already done
<druciferre> lickalott, then why are you removing dhcp ?
<lickalott> i'm trying to figure out why i lose my znc every once in a while.
<lickalott> sometimes, the whole thing, sometimes just a random user/bot
<lickalott> starting at the network and working up
<druciferre> I have never used a ZNC, so someone else may have to help in that regards.
<qman__> lickalott, dpkg -l | grep dhcp
<mrroth> can I rsynch a mac OSX to a linux server
<mrroth> anyone done this
<twb> rsync(1) works on Linux.  IIRC it historically had problems on OS X, but presumably these have since been fixed.
<mrroth> and I would not then need to brother with time machine
<twb> Well, time machine is probably smarter than a simple rsync
<mrroth> but it does ntot do offsite
<mrroth> so if something happen were the machine and the backup is located
<greppy> time machine is closer to rsnapshot instead of just rsync.
<mrroth> ahh
<twb> Yep, although rsnapshot is really just "cp -al cur $(date -I)" + rsync
<mrroth> ahh
<mrroth> does it compress the files sent, or archive in a tar or just send it over
<mrroth> mirror coppied
<greppy> rsync should only send stuff that has changed
<lickalott> qman__ just saw that.  tks!
<mrroth> for ubuntu server rspanshot is like time machine
<twb> I thought time machine hooked into various syscalls
<twb> https://secure.wikimedia.org/wikipedia/en/wiki/Time_Machine_(software)#How_it_works
<twb> I'm wrong, time machine is literally just rsnapshot
<twb> Of course, hard links themselves are implemented in a royally fucked up way on OS X -- inside the HFS+ filesystem driver
<mrroth> oh that fucked up
<mrroth> so time machine is just a nice front end GUI for rsnapshot
<twb> mrroth: sure looks that way
<twb> Well, and an API for apps to talk to it
<mrroth> so I wonder why then I can't send my time machine offsite if rsnpshop can do offsite
<twb> Also rsnapshot can use ssh or rsyncd protocols to be remote pull-based, whereas TM looks to be local only
<mrroth> yea or to a time capulses backup
<mrroth> and the media to backup to must be HFS
<twb> mrroth: sorry, when I said "literally" I meant it's using the exact same technique -- it's not running rsnapshot code itself
<twb> mrroth: HFS+
<twb> mrroth: HFS is not HFS+
<mrroth> oh and oh yea hfs+
<mrroth> yea hfs was used in mac classic HFS + is used now
<mrroth> oh I see
<twb> Apparently Time Machine can use AFP to another host on the LAN
<twb> Obviously this is inferior to ssh, which doesn't care which network it's on, and further is encrypted over the wire.
<mrroth> "Although it is unsupported and potentially corrupting the backups after a while, users and manufacturers have configured Linux servers and network-attached storage systems in a similar fashion and used them to store Time Machine backups. ahh
<mrroth> hmm
<mrroth> yea I wonder how OSX server gets backup maybe third party tools or rsnch
<jmarsden> mrroth: http://8help.osu.edu/1247.html has some ideas...
<mrroth> oh wow Backup, by Apple, is a program provided to .Mac users. It is a simple-to-use backup program that allows users to backup to their .Mac account, a second hard drive,
<jmarsden> mrroth: Carbon Copy Cloner seems to be an rsync wrapper with some OSX-specific enhancements... I've not used it, but it might work for you if you know and like rsync.
<mrroth> sweet
<mrroth> I will check it out
<jmarsden> If you want to do it the harder way, see http://www.bombich.com/rsync.html
<mrroth> ahh I see
<mrroth> thanks
<twb> jmarsden: why not just ports/fink?
<twb> I guess if it's not a dev box he might not already have ports set up...
<jmarsden> I'm not sure, I think there is Mac specific metadata that the standard rsync port does not back up.
<twb> jmarsden: resource forks, sure, but nobody uses them much anymore
<twb> Ah, apparently there are some other things, I see
<twb> Suck 80s-style vendor unix :-/
<twb> I never understood why people want to go back to the unix wars
<jmarsden> I think I'd just say that if you are running an Apple-specific OS on Apple-specific server hardware, you probably should use an Apple-specific backup too.  Why people pick Apple or WIndows etc is a *whole* different topic :)
<twb> jmarsden: granted
<cjs> I'm trying to declare a bridge without a "bridge_ports ethN" line; is this ok? With it, it worked ok, without it, the bridge is never created
<cjs> Nobody has any thoughts on how to deal with that?
<cjs> Ah, perhaps "bridge_ports none".
<twb> Well, I'll show you what I have...
<twb> Hm, apparently I always have bridge_ports
<cjs> Yes. There's actually a separate manpage for that stuff, bridge-utils-interfaces(5). You must have a bridge_ports for the bridge to be created, but you can use "none" to have it created without initially being attached to any interfaces.
<cjs> Learn something new every day. Particularly when it's a new hidden manpage. :-)
<twb> cjs: hum, I attach it but don't assign an IP
<twb> IOW you can reach the VMs bridged to it, but not the VM server itself
<cjs> That's quite normal. No need for an IP, really, unless you want the host running the bridge to talk on that network.
<cjs> If you want to reach the VM server itself, just assign an IP on that network to the bridge device.
<cjs> (A common mistake is instead to assign it to one of the interfaces connected to the bridge.)
<twb> OK, sorry, I'm used to dealing with stupid people :-)
<jussi> twb: aww, you shouldnt call me that :P
<cjs> Probably just ignorant. Not everybody has a couple of decades of network administration under his belt. :-)
<maxagaz> hi
<tiger2wander> hi there
<tiger2wander> I've got error when apache2's virtualhost config larger than 1024
<tiger2wander> Error: fcgi: socket file descriptor (2975) is larger than FD_SETSIZE (1024), you probably need to rebuild Apache with a larger FD_SETSIZE
<tiger2wander> I have re-build apache with all FD_SETSIZE variable set to higher that value but still got that problem :(
<tiger2wander> please help me to solve this!
<aliverius_> does this apply for ubuntu server too? https://help.ubuntu.com/community/VMware/Server
<tiger2wander> anyone?
<remix_tj> aliverius_: do you think that ubuntu server is different from ubuntu desktop?
<aliverius_> not that much... my worries are more abuot running it headless
<aliverius_> anyway i will take that as a yes
<remix_tj> is a yes, you can. VMWare Server works as a service, does not need GUI, it exposes a web interface
<aliverius_> great :)
<aliverius_> i was using kvm so far
<aliverius_> all was good
<aliverius_> till i changed to an atom board
<_ruben> vmware server is eol though
<aliverius_> i didnt know it doesnt support h/w virt
<_ruben> hope you're not planning on doing serious virtualiation without h/w virt
<aliverius_> so now i am constranained to vmware-server
<aliverius_> _ruben: a router
<aliverius_> and it fails to install too
<aliverius_> so far
 * aliverius_ misses kvm
<aliverius_> i should buy a second mobo to play the router role
<arnoud> Hello, I'm trying to install an LDAP client on Ubuntu 11.04 and I can't get it to work. Is this the right place to ask questions about it?
<maxagaz> hi, I have incoming ip packets from an ip x.x.x.x that I would like to give a low priority, can someone tell me how to do it ?
<_ruben> aliverius_: why do you even need a seperate instance for the router role?
<_ruben> maxagaz: define "low priority"
<maxagaz> _ruben, I'm sure how it works, I guess all incoming ip packets have a same priority in the queue, I would like packets from a given ip to have a lower priority, so that they are processed after others
<Daviey> Anyone fancy tackling the nut merge? bug #811976 .. doesn't look too complex.
<uvirtbot`> Launchpad bug 811976 in nut "Please merge nut 2.6.1-2 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/811976
<danners> hey i want to move one installation of a server to another system with all of the data and serverconfiguration should be the same. how would i do it?
<Daviey> danners: take the hd's out and swap them over. :)
<danners> Daviey: the old one is a vm
<Daviey> danners: rsync or !clone (and copy /etc.)
<Daviey> !clone | danners
<ubottu> danners: To replicate your packages selection on another machine (or restore it if re-installing), you can type Â« aptitude  --display-format '%p' search '?installed!?automatic' > ~/my-packages Â», move the file "my-packages" to the other machine, and there type Â« sudo xargs aptitude --schedule-only install < my-packages ; sudo aptitude install Â» - See also !automate
<danners> Daviey: rsync shouldn't destroy the package index and also copy the configuration right?
<Daviey> danners: correct.
<danners> Daviey: thanks will try that
<maxagaz> I have ethernet camera with an ip that I don't know, how can I find it if I plug it to a laptop ?
<quentusrex> maxagaz, do you have any guesses?
<maxagaz> quentusrex, use nmap ?
<quentusrex> maxagaz, I mean do you have any guesses what the ip or subnet would be.
<quentusrex> yes, using nmap would be probably one of the better options.
<maxagaz> quentusrex, no, I have no clue
<quentusrex> maxagaz, best I could say would be to try the common ones.
<maxagaz> quentusrex, okay, thanks
<quentusrex> maxagaz, you might also be able to reset the camera to factory to defaults
<quentusrex> this might set the ip back to the default.
<maxagaz> quentusrex, you're right, that's what I should do
<quentusrex> it might be fun to learn how to locate that needle in the haystack, but the faster route would be to reset it.
<CrazyGir> hello! I'm trying to build nginx from source, but am having a difficult time specifying the library/header paths correctly
<CrazyGir> nginx wants to see pcre and ssl libraries, so I have both libpcre3-dev and libssl-dev
<CrazyGir> but I can't quite determine the correct paths
 * CrazyGir is all set
<CrazyGir> nginx is smart enough to figure it out itself :)
<uvirtbot`> New bug: #812131 in mysql-5.1 (main) "operation="mknod" profile="/usr/sbin/mysqld" denied_mask="c"" [Undecided,New] https://launchpad.net/bugs/812131
<RoAkSoAx> jamespage: what were the packages that you wanted me to sponsor?
<jamespage> hey RoAkSoAx
<jamespage>  lp:~hudson-ubuntu/+junk/maven-stapler-plugin
<jamespage> and lp:~hudson-ubuntu/+junk/stapler-adjunct-timeline
<RoAkSoAx> jamespage: build agains ppa:hudson-ubuntu/ppa?
<jamespage> use ppa:james-page/jenkins-upload-testing
<RoAkSoAx> jamespage: ok cool, ;)
<jamespage> RoAkSoAx: thanks - home straight now with Jenkins :-)
<RoAkSoAx> jamespage: hehe
<Ursinha> lynxman: http://9gag.com/gag/170426
<kpettit> I have a CIFS share mounted in /etc/fstab.  That share goes down periodically for maintenance so I need to figure out how to auto remount the share when it's dropped.  Any ideas?
<pmatulis> kpettit: cron job?
<kpettit> that was going to be my plan B.  I was hoping there is something that automatically does it, but I guess not?
<pmatulis> kpettit: well, something has to probe that that specific share is available.  don't know how it can be done automagically.
<pmatulis> kpettit: cron can be as simple as issueing 'mount -a' maybe
<kpettit> worth a try.
<kpettit> Thanks for the suggestion
<pmatulis> kpettit: just so long as the cifs share is set 'auto' (for mount -a to work)
<kpettit> got ya.  Doing some testing now.
<lynxman> Ursinha: lol!
<uvirtbot`> New bug: #812367 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/812367
<uvirtbot`> New bug: #812423 in mysql-5.1 (main) "mysql upstart job hangs if database directory not mounted" [Undecided,New] https://launchpad.net/bugs/812423
<ChmEarl> In  `update-rc.d xend defaults SS KK` where do the SS|KK values come from? somewhere in /var/lib?
<ChmEarl> the suggested values
<Merrioc> Question: during a pxeboot preseed install, the install is creating the md raids as md/0 and md/1 but grub is trying to install to md0 and is erroring out
<RoAkSoAx> jamespage: ping
<alaing> how do i chmod 777 all folders + files in a directory?
<greentea-> best way to install packages from a newer release of ubuntu server into a older release
<greentea-> like say 11.xx onto 10.04LTS
<greentea-> just download the packages or is there a trick with apt-get?
<jamespage> RoAkSoAx: pong
<ikonia> greentea-: do'nt do it
<ikonia> greentea-: it is a terrible idea
<greentea-> doesn't matter
<greentea-> I need a newer release of nut-ups
<Pici> I don't see that package in the Ubuntu repositories.
<greentea-> might just be called nut
<greentea-> anyways 10.04lts has 2.4.3? and I want 2.5 or whatever it's up to now because they fixed some brain damagve
<ikonia> you can't mix software from different versions
<greentea-> so wtf do I know then is what I am asking
<greentea-> compiling it is not really an option
<ikonia> you can control your language please
<greentea-> never :P
<ikonia> greentea-: then leave the channel
<greentea-> I was joking, calm down :P
<patdk-wk> greentea, what are you? 10?
<greentea-> 37
<greentea-> I can't even control my lang in real life anymore
<greentea-> mind is going, oh well
<ikonia> greentea-: if you mix software packages from different distros you'll find it will mess up your dependencies and cause issues
<greentea-> ikonia: that's why I am here
<greentea-> and why I asked what's the best way
<greentea-> I only need the nut package
<ikonia> greentea-: the best way it so package the software for your version
<greentea-> it's a c3 diskless
<ikonia> greentea-: linked and built against the library versions on your system
<greentea-> compiling it is NOT going to happen
<ikonia> greentea-: you can log a wishlist/update on launchpad.net
<greentea-> unless I setup a buildhost vm somewhere
<ikonia> someone else may do the update for you
<Pici> You might be able to find a PPA for it, but you should be aware of what a PPA is and what it provides.
<greentea-> I can setup a buildhost somewhere I guess
<patdk-wk> buildhosts are pointless, use launchpad's ppa
<greentea-> whoa
<greentea-> this is cool
<greentea-> I was going to have a buildhost though anyways
<greentea-> for compiling coreboot, openwrt, and some other stuff
<patdk-wk> my buildhost is just the place I store all my patchs :)
<Pici> !ppa
<ubottu> A Personal Package Archive (PPA) can provide alternate software not normally available in the offical Ubuntu repositories - Looking for a PPA? See https://launchpad.net/ubuntu/+ppas - WARNING: PPAs are unsupported third-party packages, and you use them at your own risk. See also !addppa
<greentea-> this is a vm so I am not wasting any resources other than disk space
<Pici> (just for the warning)
<greentea-> Pici: I am not that worried about it
<greentea-> basically this embedded box monitors a ups
<RoAkSoAx> jamespage: packages uploaded
<greentea-> then logs into a bunch of vmware hosts and runs vm and host shutdown scripts
<greentea-> followed by shutting down the nas's and san's
<greentea-> only package going to be non-standard would be nut-ups
<greentea-> everything else is staying stock
<Pici> greentea-: thats fine, just needed to say it :)
<kpettit> What's the best search app for Ubuntu?  I've got about 8TB and slocate isn't doing it for me.
<greentea-> how would I find out if someone has already made a nut deb for 10.04lts
<greentea-> man I used to know this stuff, damn head
<patdk-wk> kpettit, heh, I always use find :)
<kpettit> I shudder to think of that on a 8TB system.
<patdk-wk> find good on mine
<patdk-wk> but the average file is 10gb
<patdk-wk> doing that on a 8tb mailstore though :)
<kpettit> wow, how long does it take you to do a find on that?
<jamespage> RoAkSoAx: thankyou!
<kpettit> I'm mainly trying to do stuff like "locate *.xslt" trying to find files I forgot about, etc.
<RoyK> patdk-wk: striped mirrors?
<patdk-wk> royk, currently, concat :)
<RoyK> erm, no redundancy?
<patdk-wk> nope
<RoyK> playing with matches and petrol...
<patdk-wk> it's only 8 drives, what's the chances :)
<RoyK> about 100% chance of failure within 6-12 months :P
<patdk-wk> damn, I'm on like year 4
<patdk-wk> I do change out the drive the first signs of issues
<patdk-wk> hopefully I'll get my replacements in sept, and I can start on the raid6
<RoyK> it's quite usual the first sign of failure for a drive is a dead drive
 * kpettit uses a Drobo
 * RoyK uses ZFS
<patdk-wk> royk, never had that, normally I notice slowdowns and delays long before it goes dead
<patdk-wk> I only scared of the disk to stop spinning
<RoyK> patdk-wk: that happens too, yes
<patdk-wk> but I don't think I have ever had that issue since my FH ibm 10meg drives
<RoyK> patdk-wk: but a drive losing a head is also quite common
<patdk-wk> never had that :(
<RoyK> just saying it happens
<patdk-wk> ya
<patdk-wk> my worst is when drives just won't spin at all
<RoyK> so rather use raid[56] or striped mirrors, the latter for performance
<patdk-wk> only ever had that happen on raid systems so far
<RoyK> random i/o performance on raid[56] isn't very good
<patdk-wk> well, 90% of this data is replaceable anyways :)
<patdk-wk> it's basically just online storage for all the damned dvd's and cd's I have
<RoyK> then my only question is: how long will it take to rip all those CDs and DVDs if one drive fails now? ;)
<patdk-wk> well, just what was missing on that one drive :)
<patdk-wk> not all the drives
<patdk-wk> if it was striped, ya it would be hell
<greentea-> i'm going to try mixing packages and if it blows up
<greentea-> oh well
<greentea-> temp box anyways
<patdk-wk> greentea-, without rebuilding the package?
<patdk-wk> I would be suprised if it installed, due to missing deps
<greentea-> i'm seeing if i can meet the dependencies
<greentea-> oh wait
<greentea-> that's true
<greentea-> if I have a source package then I can just do a rebuild right?
 * RoyK setup a home server for his brother a couple of months back, two 2TB drives in RAID-5, and then added a new drive a few weeks ago - it took perhaps 12 hours to rebuild the raid, but no downtime :)
<greentea-> I don't have to figure out how to make my own tree etc
<patdk-wk> yep
<patdk-wk> apt-get source nut-ups
<greentea-> ok that works :)
<patdk-wk> apt-get build-dep nut-ups
<patdk-wk> dpkg-buildpackage -us -uc
<greentea-> I need to get the .src file first right?
<patdk-wk> nope
<patdk-wk> atleast not if it's in apt
<patdk-wk> I normally just modify my sources.list to get it
<greentea-> is there a way to list what version that will pull down
<greentea-> or specifiy it
<RoyK> patdk-wk: iirc the 'correct' way is to add a new file in /etc/apt/sources.d
<patdk-wk> royk still not good
<patdk-wk> I wish I could just do dep-src ..., and apt-get source would get it
<patdk-wk> but it won't
<patdk-wk> it will only get the source to the binary version it finds
<greentea-> yeah which is the old one
<patdk-wk> so I find it easier to just do a search/replace of sources.list get it, and then change it back
<RoyK> patdk-wk: the debian/ directory is the key - just copy that to the new source tree
<greentea-> patdk-wk: you mean change the sources to like 11
<greentea-> fetch the file
<greentea-> then swap it back
<patdk-wk> yep
<greentea-> I thought about that, wasn't sure how well that would work
<uvirtbot`> New bug: #812539 in cloud-init (main) "FQDN does not get set correctly in /etc/hosts" [Undecided,New] https://launchpad.net/bugs/812539
<patdk-wk> just make sure you apt-get update after each change
<greentea-> yeah I knew that
<greentea-> :P
<patdk-wk> well, for apt-get source it's fine
<patdk-wk> for apt-get install, results will vary :)
<greentea-> i'lll setup a buildhost vm tonight then, thx
<uvirtbot`> New bug: #812548 in nova (universe) "bridge not set up correctly with LXC and all-in-one system" [Undecided,New] https://launchpad.net/bugs/812548
<Kazilla> whats wrong with locate, it works pretty well, faster then windows index dare i say
<maxagaz> hi
<uvirtbot`> New bug: #812553 in nova (universe) "LXC instance fails to start" [Undecided,New] https://launchpad.net/bugs/812553
<smoser> lynxman, bug 812539
<uvirtbot`> Launchpad bug 812539 in cloud-init "FQDN does not get set correctly in /etc/hosts" [Undecided,New] https://launchpad.net/bugs/812539
<andygraybeal> hey guys, i'm trying to get the nagios-libvirt package to compile on my box. it says that i need the 'libvirt library' -- i have it installed.  here is the package that i'm referring to:  http://people.redhat.com/~rjones/nagios-virt/   has anyone else experienced this?
<andygraybeal> or tried to install this nagios plugin?
<lynxman> smoser: oh man... :/
<lynxman> smoser: let me have a look, I don't setup the FQDN afaik
<lynxman> smoser: adam_g already provided a patch looks like, although according to the manual 127.0.1.1 should be setup as I did
<lynxman> adam_g: don't you agree? :)
<smoser> yeah.
<smoser> we need to set things up as debian says
<smoser> not how lynxman or adam_g say
<lynxman> smoser: +1 on you sir
<smoser> and also have to deal with eucalyptus (or other cloud providers) where local-hostname might not be set up
<smoser> (in eucalyptus local-hostname is some bogus value)
<smoser> (ip address)
<adam_g> so what is the conensus?
<lynxman> http://www.debian.org/doc/manuals/reference/ch05.en.html in 5.1.2
<lynxman> adam_g: I think neither you or me
<adam_g> ok
<smoser> i'll let you all sort it out
<smoser> and please update bug
<smoser> i have to go now.
<lynxman> adam_g: your patch looks good though, it just needs to have the fallback scenario
<lynxman> smoser: have fun ;)
<adam_g> lynxman: well if what ive done violates debian spec, lets change that
<lynxman> adam_g: it just does in that it doesn't fall back if there's no FQDN, whereas I just hardcoded the fallback
<adam_g> oh, one sec. let me actually read the spec :)
<lynxman> adam_g: sure
<bencc> is there a limit to files I can put under one folder?
<bencc> I want to cache 50K avatars, do I need sub folders?
<Kazilla> bencc: i'm very certain that you can do that
<SpamapS> bencc: not really a limit.. but.. it will slow down for certain operations.
<SpamapS> bencc: you may be better served by using hashed directories above the dir you have the files in.
<bencc> SpamapS:  hashed directories?
<bencc> how can I find out what file system I have now? ext3 or ext4
<Kazilla> if you can fit 50k worth of html elements in your web browser everyday, i'm pretty sure you can fit 50k with of files..
<utlemming> bencc: blkid
<SpamapS> bencc: if you put 50,000 files in a directory, you will cause a lot of random I/O reading them. If you break it up into 10 dirs of 5,000 files each, the I/O will be less random.
<SpamapS> bencc: ext3 performs similarly
<Kazilla> if you're browsing it sure, might cause i/o
<Kazilla> but for hosted files, where they know where to look for, less so.
<SpamapS> Kazilla: inodes are a single FS block each, so thats 50,000 * block size, which is usually 4k, so thats 195MB of inodes..
<SpamapS> yeah single lookups are pretty fast
<SpamapS> thanks to the index support
<bencc> how do I use blkid to know the file system?
<SpamapS> bencc: just do 'mount'
<SpamapS> that tells you the fs
<SpamapS> of all mounted filesystems
<bencc> ok, ext3
<RoyK> SpamapS: with dir_index, 50k files may work well, but then, with 250k files, it's still dead slow
<Kazilla> is this why facebook use haystack
 * RoyK just discovered a 250k file folder
<Kazilla> just chucking that in there
<bencc> something like mongodb gridfs is nice
<bencc> but there is no good server plugin for serving files
<SpamapS> RoyK: I would expect an index that works well w/ 50k to work well with 250k ... whats the trouble?
<SpamapS> RoyK: Is it not just a b-tree?
<SpamapS> bencc: mapping urls to Key/Value stores is pretty trivial...
<Kazilla> whats the optimum way to serve a web application anyway? if you're running a cluster. central storage? distributed storage?
<Kazilla> well web applications shall i say
<Kazilla> anyone know where is the best place to talk about web infrastructures?
<SuperMiguel> if i want to run fluxbox on ubuntu, and dont want all the crap that comes with the desktop edition, is there a reason not to install the server version?
<ChmEarl> SuperMiguel, don't install server unless you are OK with typing in terminal
<Ethos> is there anything better to view disk io than iotop?
<Ethos> my linode is saying it's high, but iotop is minimal
<StevenR> Ethos: dstat maybe.
<Ethos> thanks
#ubuntu-server 2011-07-19
<tarvid> puzzling over dhcpd
<tarvid> the version I have is isc-dhcpd-4.1.1-P1
<tarvid> there is a howto for dhcpd3 - https://help.ubuntu.com/community/dhcp3-server
<tarvid> do I just pretend it is dhcpd3?
<twb> OK, when I want something to permanently appear on shell logins (i.e. /etc/motd), and not be deleted by any fancy-pants auto-rewriting motd junk, where do I put it?
<twb> /etc/motd.tail?
<qman__> that used to be the case
<qman__> but recently an update killed my motd on all my lucid servers
<twb> For now I have manually put it in both motd and motd.tail, since apparently there's no /usr/sbin/update-motd and simply logging in again doesn't trigger the pam-based update-motd gank
<twb> (The purpose of the message is, perhaps ironically, to remind sysadmins that this machine doesn't deal with rebooting properly.)
<qman__> heh
<qman__> mine broke a few weeks ago but I haven't had time to look into it
<qman__> my systems barely qualify as multiuser though, so it's not a big deal, just annoying
<twb> It's the library server at a prison :-(
<uvirtbot`> New bug: #812642 in mysql-5.1 (main) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/812642
<uvirtbot`> New bug: #812646 in cloud-init (main) "Race in DataSourceNoCloudNet with kvm" [Undecided,New] https://launchpad.net/bugs/812646
<chrismsnz> Hi, we're running Ubuntu 10.04 LTS on some supermicro servers, and we're having some stability problems when the servers come under load
<chrismsnz> if the problem is triggered (sometimes due to high memory usage) the system/kernel appears to go into some sort of zombie mode where it's still accepting network connections but not responding to anything
<chrismsnz> leaving them to time
<chrismsnz> out
<chrismsnz> If I were to investigate this problem further, what is the best way to start collecting data on this failure to provide the maximum information for filing a bug
<qman__> it may not be a bug at all, if the servers are simply running out of memory
<qman__> it would make perfect sense that the kernel could accept connections, but then have the application unable to do anything
<chrismsnz> in most cases I've seen the OOM killer has been activated
<twb> chrismsnz: responding to ping but not doing anything else is normal behaviour when its resources are exhausted
<qman__> setting proper limits would solve the problem
<twb> chrismsnz: particularly if it's e.g. thrashing swap instead of simply OOM-killing
<twb> qman__: unfortunately it's... nontrivial to set per-proc RAM limits
<qman__> or finding out why you're running out of memory
<chrismsnz> yeah
<chrismsnz> I will investigate
<lifeless> ulimit is goo
<lifeless> d
<lifeless> also consider making sure your swap is only large enough to hold a few seconds IO
<chrismsnz> Swap is configured to be 50% of RAM
<lifeless> (that is, big enough for truely unused pages to page out, but small enough you can't get completely wedged)
<chrismsnz> 8gb RAM 4 GB swap
<lifeless> chrismsnz: thats going to -hurt-
<lifeless> unless you've got a 1GB San or something
<chrismsnz> other servers are configured as 4gb RAM 2 gb swap
<qman__> it doesn't scale like that
<lifeless> so, ask yourself what you want the swap to hold
<qman__> said servers have the same disk bandwidth
<qman__> the same disk seek times
<twb> FWIW I don't use swap at all
<qman__> so they should have the same swap
<qman__> also, that
<twb> Under 2.6, default swap behaviour is so shit that it's not helpful
<qman__> unless the server is ancient and can't be upgraded, I don't use swap anymore
<chrismsnz> I think that revisiting the swap configuration is probably a good idea
<qman__> and I don't make any swaps bigger than 1GB
<chrismsnz> the swap usually sits with 500mb of pages in it with the memory not even close to being full (minus buffers/cache)
<chrismsnz> that's probably a good place to start
<chrismsnz> I also recall configuring our high memory servers (36gb +) to be very stingy with swap via the swappiness tweakable in /proc
<twb> Wow, swap is actually used in normal operation?
<twb> (...of that box)
<chrismsnz> twb: I believe rarely used pages are swapped out as a matter of process
<chrismsnz> and the freed ram used to power io cache and buffers
<twb> chrismsnz: only if vm.swappiness is high or whatever
<chrismsnz> it's 60/100 by default on ubuntu
<chrismsnz> I have zero'd it before given certain workloads and high memory systems
<chrismsnz> perhaps I'm placing too much trust in the kernel to swap out unused pages
<chrismsnz> and should lower this value
<chrismsnz> here is the current memory usage of an identically configured server
<chrismsnz>              total       used       free     shared    buffers     cached
<chrismsnz> Mem:          7994       7744        250          0       1019       3490
<chrismsnz> -/+ buffers/cache:       3234       4760
<chrismsnz> Swap:         4767       1238       3529
<chrismsnz> as you can see... swap is being used even though there's 4-5gb of free memory
<twb> I dunno man
<TheEvilPhoenix> i think you shouldnt be pasting into here
<TheEvilPhoenix> :P
<chrismsnz> sorry
<chrismsnz> thanks for your help i'll bbl
<qman__> my file server still has a swap because I set it up long ago
<qman__> said swap is 0 used
<qman__> current uptime is 21 days, but it's been up much longer than that in the past
<qman__> granted it's using ~1.5GB instead of ~4GB (out of 8GB)
<qman__> but I've not seen it swap since back when it had 2GB in it
<qman__> IMO, if a server spends any measurable amount of time swapping under normal load, something is wrong
<twb> http://paste.debian.net/123300/
<q_a_z_steve> How do I go about setting up a linux server with the ability of providing a network boot option to clients on the LAN?
<lifeless> you need a tftp server for that
<Tommy_nmw> lifeless: what?
<lifeless> Tommy_nmw: I was answering someone else
<Tommy_nmw> lifeless: sorry bro
<Ursinha> Daviey: does this help you with the changelog parsing thing you mentioned me at the Rally? http://rsalveti.wordpress.com/2011/07/19/launchpadlib-creating-a-changelog-for-a-ppa/
<chrismsnz> twb and qman__: what does 'cat /proc/sys/vm/swappiness' say on those systems if you don't mind my asking?
<chrismsnz> I just went to check out the crashed server - there was some sort of kernel debug output on the screen, it was too verbose for me to read and the system was unresponsive so I could not properly read it
<twb> 60 on the one I pasted
<chrismsnz> twb: thanks. Time to start auditing my applications
<chrismsnz> haha, guess he shouldn't have been pasting
<aarcane> so I'm running maverick.  I need to update samba to the version in natty.  I added the sources deb-src to my sources.list.d in a .list file, but they're not showing up after an update.  is there something else I need to do to be able to build the package I need ?
<lifeless> SpamapS: oh hai
<lifeless> https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/812691
<uvirtbot`> Launchpad bug 812691 in lxc "failure building lucid container" [Undecided,New]
<maxagaz> hi
<maxagaz> how to get the MAC of a remote machine ?
<trapmax> eg. arp -a <ip>
<jmarsden> maxagaz: ping it and check your arp table afterwards, or do something like ssh user@remotemachine.example.com /sbin/ifconfig
<maxagaz> thanks
<twb> jmarsden: itym "ip n"
<jmarsden> twb: For a machine on the same subnet, sure, you can do that, if you remember all the ip subcommands.  I remember arp, it has been around longer and is portable to windows and old BSD boxes etc etc, which ip n is not.
<twb> aBah
<Daviey> Goooooood Morning!
<twb> Daviey: I've yet to see any evidence
<Daviey> twb: you'd be suprised!
<Ursinha> buenos dias, Daviey
<Ursinha> :)
<parapan> hi fellows > need some help in relation with nomachine nx client/server operation ....is someone available ???
<Daviey> Ursinha: o/
<Ursinha> Daviey: o/
<jamespage> morning all
<Ursinha> morning jamespage
<jamespage> hi Ursinha
<lynxman> morning guys
<lynxman> Ursinha: what are you doing up?
<lynxman> Daviey: ping
<Ursinha> bon dia lynxman :)
<Ursinha> lynxman: I'm working :P
<lynxman> Ursinha: bom dia! :)
<lynxman> Ursinha: so soon? wow
<lynxman> and by soon I mean early
<Ursinha> lynxman: actually it's not too early, but a tad late :P
<Ursinha> you can sleep when you're dead
<lynxman> Ursinha: I can tell you for sure, one leads to the other, somehow :D
<Daviey> lynxman: hola
<lynxman> Daviey: hola! o/
<lynxman> Daviey: just wondering if you had any time this week to have a look at the package? :D
<Daviey> lynxman: Can you remind me of which one?  I can't see it in the sponsorship queue.
<lynxman> Daviey: Sent you the dsc, wait a sec...
<lynxman> Daviey: https://launchpad.net/~lynxman/+archive/ppa/+files/mcollective_1.2.1-0ubuntu2.dsc
<lynxman> Daviey: just lots of fixes
<Daviey> on it, thanks
<lynxman> Daviey: you're a star (*)
<Daviey> lynxman: bugs with attached branches or debdiffs really do make this easier.
<lynxman> Daviey: will have a debdiff next time :)
<Daviey> http://pb.daviey.com/qwmV/raw/
<Daviey> lynxman: looks fine to me, the only thing i am going to change is the Maintainer field to be Ubuntu Developers rather than MOTU.
<lynxman> Daviey: great :)
<lynxman> Daviey: as said, just small fixes to control and added debconf-po support
<lynxman> Daviey: also cleaned it in Lintian as much as I could
<Daviey> lynxman: nice job!
<lynxman> Daviey: thanks, trying hard :)
<Daviey> lynxman: uploaded
<Daviey> \o/
<lynxman> Daviey: thank you very very much \o/
<Daviey> lynxman: no, thanks for the patch!
<lynxman> Daviey: no no, thank you ;)
<Daviey> jamespage: I'm right in saying there is no point in a bouncycastle merge?
<jamespage> Daviey: not ATM
<Daviey> groovy.
<jamespage> I wanted to get the unit testing enablement back into debian - then we can just sync
<jamespage> the changes that have been made in Debian are the last set of Ubuntu changes - but not all of them
<Daviey> jamespage: ah, dandy
<shal3r> How to enable remote root login on lucid? I'm getting "Please login as the ubuntu user rather than root user"
<twb> shal3r: root logins are allowed by default.
<twb> shal3r: you simply can't using single-factor authentication, because root doesn't have a password.
<shal3r> twb, i know it's not allowed by default. I'm looking for way to enable it because i need to add this server to my backup system
<twb> Use multi-factor auth.
<Daviey> shal3r: check /etc/ssh/sshd_config for PermitRootLogin.
<twb> Daviey: wait, isn't it without-password by default?
<twb> Ah, as at lucid it is "PermitRootLogin yes" by default.
<Daviey> twb: Yeah.. i'm assuming he's already set a passwd.
<twb> So he SHOULD NOT set a password, but should instead use multi-factor auth (passphraseful SSH keys), since password-based authentication sucks donkey balls.
<Daviey> agreed.
<Daviey> !root | shal3r
<ubottu> shal3r: Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<Daviey> (i hate factoids btw)
<twb> Daviey: they exist to save me retyping the same thing each time :-P
<Daviey> \o/
<maswan> twb: I'm not going to argue stronly for passphraseful ssh keys, since automation might want passphraseless keys. You just have to remember that security then is a strict tree, where anyone compromising the root will get control of all downstreams servers
<Daviey> (ssh-agent)
<twb> maswan: granted, although a passphraseless key is back to single-factor auth, i.e. you lose
<Daviey> less of a loss than passwd based auth IMO.
<twb> Now, fun fact
<Daviey> ooo
 * Daviey moves to the edge of his seat.
<twb> If you have access to the private SSH key, you can brute force its passphrase as fast as you like, WITHOUT ever contacting any server that uses it in its authorized_keys file.
<maswan> twb: If you are going to insist on two-factor auth, you should have two independent factors. Like ssh key to login and password to sudo, imho.
<Daviey> maswan: tools like rsnapshot etc, i don't believe can use sudo.
<shal3r> i'm using key file + IP filter for this
<maswan> Daviey: Yeah, there are exceptions, especially when you need automated systems. But then the master server that has direct and automatic root access to all the clients should require strong auth (and not run any random vulnerable services either)
<twb> Daviey: strictly, they can, but it's a fucking pain
<twb> And probably even harder if their use of sudo wasn't NOPASSWD:
<Daviey> interesting.. i should look at doing that.. i've always just used root for that.
 * Daviey spies jamespage going on a Debian ITP spree.
<jamespage> just catching up with myself :-)
<twb> Daviey: I use root with rrsync
<mendel_> someone with OCR experience here?
<twb> (Which is in /usr/share/doc/rsync/scripts/rrsync.gz)
<twb> e.g. command="/usr/local/bin/rrsync /var/www/",no-agent-forwarding,no-port-forwarding ssh-dss ... foo@example.net
<twb> (That's in ~root/.ssh/authorized_keys, you understand.)
<Daviey> mendel_: There are 3 main types of people here, server developers and sysadmins; and those that cannot make up their mind and call themselves devops.  The combined knowledge here is enough to take over the world. so try,
<Daviey> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<mendel_> haha
<mendel_> currently using tesseract-ocr, curious to learn about commercial alternatives or better ways to integrate tesseract..
<mendel_> currently grayscaling + tiff the image
 * Daviey glazes over.
<twb> mendel_: this is a bad place to ask about proprietary solutions.
<mendel_> but as server guys some of you must have experience with it.. that's why I try
<twb> tesseract probably has its own channel, too
<lynxman> Daviey: devops == can't make up their minds? hah :)
<Daviey> lynxman: :)
<lynxman> Daviey: I guess you're right... can't make my mind about it
<lynxman> :D
 * jamespage expects from kickback for filing that may ITPs for jenkins forks :-)
<jamespage> /from/some
<lynxman> jamespage: wise to expect it indeed
<Daviey> jamespage: isn't kickback a good thing?  Like when you get referal bonus?
<jamespage> /kickback/flak
<jamespage> howz that?
 * jamespage goes for coffee
<Daviey> jamespage: I want a coffee.
<Daviey> and a pony.
 * jamespage gets his thermos out 
<jamespage> could be a while tho - quite a few hours to your house :-)
<jamespage> can't help with the pony
<jamespage> lynxman: might not be to bad - rather a heated debate going on about systemd on debian-devel ATM
<lynxman> jamespage: oh... systemd :)
<jamespage> so my ITP's might not get that much attention
<lynxman> jamespage: I need to subscribe to debian-devel, now that I think of
<RoyK> hm,.. how can I check when a prosess was started?
<MACscr> I have an ubuntu server running in a xen guest. I have the guest setup to mount the drives as sda1 and sda2. This is setup in fstab and the guests cfg, yet when it boot, its showing xvda1, etc. Any ideas why this is happening? Are the newer kernels forcing this?
<lynxman> RoyK: if you run "ps aux" it has a "Start" column that gives you a rough idea of the process start time
<RoyK> ps -eo pid,lstart,cmd was a bit more precise :)
<lynxman> MACscr: Xen drives will show as xvdaN as far as I know
<lynxman> RoyK: showoff :P
<MACscr> lynxman: why the hell is that being forced though. Thats pretty retarded =/
<lynxman> MACscr: well talk to the xen guys about it, it does make sense to me though
<Daviey> MACscr: we are tracking the similar/same(?) issue with our ec2 images. bug #784937
<uvirtbot`> Launchpad bug 784937 in linux "/mnt not mounted, swap not used, disk is xvde" [High,Confirmed] https://launchpad.net/bugs/784937
<MACscr> Daviey: so what im seeing from that is that were shit out of luck and its an intended "feature"
<MACscr> means i have to completely destroy all my backups and start from scratch
<MACscr> what a load of bs
<uvirtbot`> New bug: #812806 in clamav (main) "package clamav-base 0.97 dfsg-2ubuntu1 failed to install/upgrade: subprocesso script post-installation instalado retornou erro do status de saÃ­da 1" [Undecided,New] https://launchpad.net/bugs/812806
<Daviey> MACscr: If you have to destroy your backups, you are probably doing it wrong.
<MACscr> Daviey: its a commercial app, dont have a choice. They are crappy that way
<MACscr> its r1soft
<Daviey> crikey.
<MACscr> i dont think its an issue with their 3.0 product, but that has its own load of bugs, so im not upgrading, nor is a lot of people
<Daviey> I seem to remember there was a feature of xen that allowed the format to be changed.
<Daviey> But i could be mistaken, remembering something else
<MACscr> Daviey: it used to be an option, but i think these newer kernels are removing the option
<Daviey> awesome.
<MACscr> Daviey: just found this on the net "As of kernel 2.6.32-131, all sda* device nodes that appear in your vm***.cfg will beÂ remapped to xvde*Â inside the vps. The previous behavior had been to map sda* to xvda*."
<Daviey> MACscr: good stuff.
<MACscr> no. Complete bullshit if you ask me
<MACscr> thats TB of data im going to have to rebackup, let alone guests i have to manually change their fstab, guests configs and who knows what else
<jamespage> Daviey: would you be good to sponsor another NEW package?
<Daviey> jamespage: No, but i would be GREAT to do it.
<Daviey> MACscr: apparently there is a patch around that can solve this issue for you
<Daviey> Also, booting with --scsi might work?
<MACscr> Daviey: seems like its going to be an issue with all my guests in the future, so might as well change them all now so i dont have to worry about workarounds. Still sucks though
<Daviey> MACscr: yeah :(
<jamespage> Daviey: \o/ lp:~python-jenkins-developers/+junk/python-jenkins-packaging - ta
<Daviey> jamespage: you really need to apply for MOTU :)
<jamespage> Daviey: its on my TODO list
<jamespage> :-)
<jamespage> apologies for being a PITA
<Daviey> jamespage: don't be sorry.. it's no problem at all.
<Daviey> jamespage: looks perfect, builds fine - uploaded.
<jamespage> Daviey: w00t - thanks v much
<uvirtbot`> New bug: #812847 in cobbler (universe) "Importing ubuntu desktop no distro in webui" [Undecided,New] https://launchpad.net/bugs/812847
<chris_99> hi, i'm just wondering if there is a way to upgrade from 32 bit to 64 bit
<chris_99> using apt
<joschi> chris_99: no
<chris_99> darn
<chris_99> so i'd just have to do a clean install then
<utlemming> smoser: ping
<smoser> yo
<utlemming> ready to test the AMI?
<smoser> --> iceflatline (~iceflatli
<smoser> wow
<smoser> fail
<smoser> http://uec-images.ubuntu.com/server/lucid/20110719/
<smoser> its not ready yet
<iceflatline> yes?
<smoser> iceflatline, that was paste failure, sorry.
<iceflatline> no worries :)
<smoser> utlemming, the build isn't done yet.
<smoser> it looks like it will be ~ 1.5 hours. its in ebs publishing stage.
<utlemming> smoser: k, so we'll hit this after the block of meetings then
<smoser> yeah
<smoser> or... we can be ready and start it during.
<smoser> the tests take a while to run
<smoser> basically, try to have the tests ready to go, just waiting on the published-ec2-daily.txt file
<utlemming> that sounds like a prudent plan
<smb> smoser, hm... there seems to be hope that you get back xvda for oneiric. I think upstream just accepted that patch...
<smb> (we just should be glad that ec2 does not use hda* for pvm...)
<utlemming> smb: do you have the commit for that?
<smb> utlemming, not yet. Just got an email from Konrad, saying he pulled two of my three patches
<dassouki> where does ubuntu-server store mono ?
<jpds> dassouki: /usr/lib/mono ?
<dassouki> jpds: thanks i guess the issue is that the installer can't find it, and i'm trying to follow the suggestion to use pkg-configure to find it http://paste.pocoo.org/show/442216/
<jpds> dassouki: Installed libmono-dev ?
<dassouki> jpds: thanks :) i think tht was it
<TuxBrother> someone has expierence with failing NFS on netbooting an Ubuntu Live CD?
<TuxBrother> (using PXE boot)
<h4lfl1ng> having an internet connection sharing issue. I have my primary setup as a dhcp server and it's giving ips to my secondary but no internet on the secondary
<chris_99> could anyone explain the advantages of using LVM when installing
<chris_99> or just using a std. filesystem
<patdk-wk> heh?
<patdk-wk> you can't compare those two
<patdk-wk> the advantages of using LVM vs partitions, you can though
<chris_99> sorry yeah
<chris_99> vs. partitions i meant
<patdk-wk> partitions have to be a continous solid chunk of disk space
<patdk-wk> LVM it can be fragmented, split over several disks, or even moved between disks
<patdk-wk> they can also be snapshot to make backup easier
<chris_99> hmm, so theres no disadvantages to using
<chris_99> like the FS's won't be any slower?
<patdk-wk> another layer of indirection?
<chris_99> yeah
<patdk-wk> not measurably
<patdk-wk> well, if you have snapshots existing, then it can noticably slow thing down
<chris_99> i'm basically installing on several blades, each can only have one physical disk
<chris_99> so maybe LVM isn't the best option in this case?
<patdk-wk> hmm?
<patdk-wk> using lvm or not, greatly depends what you plan to do with the system down the road
<patdk-wk> do you need to make consistant backups of the fs? use lvm
<patdk-wk> will you want to shrink/grow the size of it, use lvm
<patdk-wk> otherwise, probably not worth using lvm
<chris_99> i'll give it a shot, as i like the idea of making backups at specific time points
<chris_99> will be interesting to learn a new tool anyway
<chris_99> appreciate your advice!
<smoser> adam_g, you there?
<smoser> looking at bug 812553
<uvirtbot`> Launchpad bug 812553 in nova "LXC instance fails to start (dup-of: 805083)" [Undecided,New] https://launchpad.net/bugs/812553
<uvirtbot`> Launchpad bug 805083 in nova ""libvirtError: internal error cannot determine default video type" when using UML" [High,Fix committed] https://launchpad.net/bugs/805083
<adam_g> smoser: i am
<h4lfl1ng> has anyone setup internet connection sharing before? with a dhcp server?
<smoser> so i'm looking at the bug above
<smoser> and the fix that is in that merge proposal
<smoser> and i dont see how it could fix the issue that i'm seeing
<smoser> i can dig deeper, but that fix definitely looks broken (see the last comment there)
<smoser> adam_g, ^
<adam_g> smoser: hmm ok, what about '--vnc_enabled=false' in nova.conf as a workaround?
<smoser> that might work. i can test it.
<astrostl> tcp6       0      0 127.0.0.1:8080          :::*                    LISTEN      16101/java
<astrostl> that's from netstat -tlnp, on a server running tomcat.  it doesn't even report that it's listening on tcp, just tcp6, and it lists a v4 address in a v4 "local address" field.  is this a netstat bug?
<astrostl> v4 address in a v6 "local address" field, i mean
<adam_g> smoser: works well for me. not sure why chucks commit for that and Bug #749973 wouldnt be working
<uvirtbot`> Launchpad bug 749973 in nova "libvirtError: internal error cannot determine default video type" [High,Fix released] https://launchpad.net/bugs/749973
<smoser> chucks commit has broken logic, adam_g
<smoser> >>> for s in ['lxc', 'uml']:
<smoser> ...   if s != 'lxc' or s != 'uml':
<smoser> ...     print "would use vnc"
<smoser> ...
<smoser> would use vnc
<smoser> would use vnc
<smoser> adam_g, ^
<smoser> looking at the diff of: https://code.launchpad.net/~zulcss/nova/lp805083/+merge/66896
<adam_g> smoser: yah, duh. im awake now.
<smoser> i will un-dupe that bug and submit a merge proposal to actually fix it
<adam_g> smoser: ok. what about Bug #812548 ? have you tried using flat manager instead? that seems to be configuration error
<uvirtbot`> Launchpad bug 812548 in nova "bridge not set up correctly with LXC and all-in-one system" [Medium,New] https://launchpad.net/bugs/812548
<smoser> adam_g, how do i do that? it probably is configuration error.
<smoser> or 'luser' error, one of the 2
<smoser> but really, you should get a better failure one way or the other.
<adam_g> smoser: i editted the script you were using to do it. you need to specificy network_manager and flat_network_bridge in nova.conf (i believe before you do 'nova network create')
<adam_g> i agree that the failures coul dbe more graecful and docs could be better, especially surrounding nova-network flavors
<uvirtbot`> New bug: #809400 in php5 (main) "Cannot compile any version of PHP I want on Lucid due to dependencies in apache2-prefork-dev" [Undecided,New] https://launchpad.net/bugs/809400
<juliux> hi
<juliux> does somebody know if it is possible that virt-install is not terminating bevor the instances is setup full?
<ahs3> adam_g, smoser: so i'm trying to set up the same thing (openstack on a single machine, with LXC) and running into the same problems as the bugs you've been filing...
<smoser> ahs3, so i think we're stuck on the gateway bug now that is preventing it
<smoser> bug 807764
<uvirtbot`> Launchpad bug 807764 in nova "KeyError: 'gateway6' - caused by unchecked hash key reference" [Undecided,Confirmed] https://launchpad.net/bugs/807764
<adam_g> ahs3: which bug?
<adam_g> im putting together a merge for that one now
<Daviey> smoser: have you fixed it yet?
<Daviey> ah good, adam_g is saving the day
<smoser> thats because adam_g rules and smoser drools
<ahs3> adam_g: 812553 -- happens in natty, too
<Daviey> bug 812553
<uvirtbot`> Launchpad bug 812553 in nova "LXC instance fails to start" [Medium,In progress] https://launchpad.net/bugs/812553
<ahs3> the patch for 807764 seems to work around that and at least let you get further
 * Daviey wonders why smoser is fixing it in Ubuntu packages rather than just upstream
<ahs3> adam_g: merge for which one?  807764?
<adam_g> ahs3: yes
<ahs3> thx
<smoser> Daviey, we have this nice tool 'ubuntu-bug'
<smoser> that i use to open bugs with
<smoser> i collects information about the system
<smoser> and it opens bugs against ubuntu packages
<ahs3> smoser: can you get lxc to start a guest inside a guest, independent of libvirt and openstack?  /me is prolly doing something dumb...
<smoser> ahs3, well... i'm fairly sure that should work
<smoser> buti 'm not set up to test it *right now*
<smoser> sorry to not be helpful
<ahs3> smoser: np.  i'm trying it as we speak
<Daviey> smoser meet serue_
<smoser> who the heck is serue_
<smoser> serue_, Daviey thinks i should bug you about some software a guy named hallyn is in charged with
<Daviey> smoser: duh, it's ircname  : Unknown
<smoser> i'm looking for some help for bug 800856
<uvirtbot`> Launchpad bug 800856 in cloud-init "resizefs module causes problems on LXC containers" [Medium,Triaged] https://launchpad.net/bugs/800856
<serue_> smoser: did i not reply?
<serue_> i did
<serue_> smoser: what do you think about the upstart job i proposed?
<hallyn> kirkland: hey, are you ready?  where did you want to meet?  mumble?
<kirkland> hallyn: I'm sorry, I had another meeting scheduled on top of this one
<kirkland> hallyn: can we do it as soon as this one is over?  <1 hour?
<hallyn> we can try.
<hallyn> (I'd locked the kids in a closet for this (j/k), so they may prevent a meeting, but let's try
<hggdh> all: it seems the 10.04.3 20110719.1 server images (and alternate) are broken
<hggdh> installation fails with "no kernel modules found"
<olokki1> hello ppl, how can i change the default commandline for force check filesystem on reboot? i cant seem to find this info anywhere
<olokki1> (i know how to force the check, i just want to change the options)
<SpamapS> olokki1: the options for the fsck ?
<SpamapS> olokki1: it does a very quick check by default.. if you want to do the full check, that should be manual usually.
<olokki1> SpamapS: yes sure, but is there a way to change the default?
<olokki1> SpamapS: i just want to do a -D on a remote system
<SpamapS> olokki1: I don't think you cna change the options no
<SpamapS> olokki1: remote consoles are useful for this sort of thing. :)
<hallyn> kirkland: I'm here if you're ready
<olokki1> SpamapS: yeah i wish i had payed for a kvm
<kirkland> hallyn: nearly done
<hallyn> k
<kirkland> hallyn: okay
<SpamapS> olokki1: if you can tie the lost performance to money, I bet you can justify the KVM easily. :)
<kpettit> Anybody know a editor/tool that can re-format HTML so it's all consistant?
<shauno> 'tidy' ?
<kpettit> Alot of the HTML I have to look at is all squished up on a few lines, makes it hard to look through
<kpettit> tidy?  I don't know what that is, I'll look it up
<shauno> it'll argue with you if the html is malformed, but it's otherwise handy for tidy -indent -ashtml to turn generated blobs back into something readable
<kpettit> ah cool.  Just installed it.
<kpettit> shauno, ahhhh that's much better.  Thanks, works like a charm
<SpamapS> lifeless: when did you want to chat about Ensemble?
<Daviey> RoAkSoAx: Yo'll.. how are those cobbler bugs looking?
<uvirtbot`> New bug: #813110 in php5 (main) "CVE-2011-1938" [Undecided,New] https://launchpad.net/bugs/813110
<uvirtbot`> New bug: #813115 in php5 (main) "CVE-2011-2202" [Undecided,New] https://launchpad.net/bugs/813115
<philsf> hi, I'm used to installing debian and ubuntu on desktop-like hardware  and I'm trying to install on a DELL R710  for the first time. I'm puzzled that the four HDs appear as one device (sda) apparently set by hardware RAID. I'd like to manage each HD individually, how can I do that?
<Riz> Via the raid utility
<philsf> I'm familiar with mdadm, but I don't know how to access the hw raid
<Riz> Watch the console as the server boots, it's ctrl+e or something like that
<Riz> You can then manage your disks
<Riz> Or isntall dell open manage
<philsf> Riz, are you familiar with this set? is this the default?
<Riz> Typically, unless otherwise stated. Dell will send the server preconfigured.
<Riz> I'm not sure what they default to for the 710's...likely a raid 5 setup.
<philsf> forgive my ignorance, what does this dell open manage do?
<philsf> I don't think I have a manual, only some CDs, and no PDFs within
<Riz> http://support.dell.com/support/edocs/software/svradmin/6.5/en/CLI/HTML/index.htm
<Riz> Openmanage will let you work with the raid card, lets you do your virtual disks, replace drives and what not
<Riz> with that said, it's far better to use hardware raid vs software
<Riz> IMHO that is
<philsf> and hw RAID is accessible through Ctrl-E in boot?
<Riz> Something like that, watch the console, it'll tell y
<Riz> a
<philsf> it is, but it mostly let's me configure NIC stuff
<philsf> iDRAC6 config utility, is that it?
<Riz> yup
<Riz> Erm, wait
<philsf> oh, found it. It's Ctrl-R, instead
<philsf> thanks!
<Riz> no, iDRAC is your managment card, another very usefull thing
<ppetraki> philsf, you'll see multiple "tabs" for virtual disks and physical disks
<ppetraki> philsf, not the worlds greatest UI
<philsf> ppetraki, yup, I see that now, in a tree-like UI
<ppetraki> philsf, are you sure you want to do this?
<philsf> ppetraki, why not? should I use all HDs as one single device?
<smoser> adam_g, around ?
<smoser> https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/812539
<uvirtbot`> Launchpad bug 812539 in cloud-init "FQDN does not get set correctly in /etc/hosts" [Medium,Triaged]
<ppetraki> philsf, well, if you have a sizable cache on the controller, performance, and if battery backed, data integrity
<ppetraki> philsf, and dell will support you, soon as you say the words "MD" they'll give up on you
<philsf> ppetraki, what if I need to remove one disk? how would I substititute it
<adam_g> smoser: hey
<ppetraki> philsf, the chassis has drive beaconing, it'll blink the bad disk for you
<smoser> i'm looking at that first hunk
<ppetraki> philsf, err, the slot that is
<philsf> ppetraki, sorry, that's not what I meant
<smoser> hostname = cloud.get_hostname()
<philsf> with my mdadm background, I was planning to use the 4 available HDs in two batches of RAID1
<adam_g> smoser: ok
<smoser> if that was None, then wouldn't 'fqdn = cloud.get_hostname(fqdn=True)' == None?
<ppetraki> philsf, sure ok
<philsf> ppetraki, I was hoping I could do the same with the hw controller
<ppetraki> philsf, it had better be able to do that :)
<smoser> as the only way it returns None is if local-hostname isn't available
<philsf> ppetraki, so what exactly are you recommending me *not* to do? I'm confused
<philsf> ppetraki, not to use mdadm, you mean?
<ppetraki> philsf, the question to ask is what do you gain from using md? To me the answer is "portability".
<smoser> oh. wait. i'm reading it wrong, adam_g
<smoser> sorry
<adam_g> smoser: fqdn = cloud.get_hostname(fqdn=True) only when local-hostname is available, otherwise use other means
<philsf> ppetraki, I will gladly use whatever controller Dell wants me to use. I just don't like this default linear config
<ppetraki> philsf, oh, I didn't know it was linear, that controller should atleast be able to do RAID 0/1
<philsf> sorry, raid5
<smoser> so then my only sisue at this point, adam_g is that local-hostname on eucalyptus is an ip address
<philsf> ppetraki, what I have now is 4x140GB disks, and 1x408GB raid5 virtual drive
<lifeless> SpamapS: hi
<ppetraki> philsf, *looking up specs*
<philsf> I can't tell from this config utility if this already has mirroring configured for the disks
<ppetraki> philsf, so which PERC do you have?
<adam_g> smoser: is it an ip or a string constructed like ip-192-168-5-1?
<smoser> an IP
<smoser> which is then turned into a string by cloud-init
<philsf> ppetraki, perc i/6
<smoser> (right after your 'if fqdn' statment)
<ppetraki> philsf, ah ok
<ppetraki> philsf, so it appears to support every RAID level under the sun
<ppetraki> philsf, and has 256M cache
<adam_g> smoser: sec
<philsf> good. I know raid5 allows mirroring, but I never used it. does it always have mirroring, or is it optional?
<ppetraki> philsf, RAID5 is distributed parity, can tolerate 1 fault and operate in a degraded state
<adam_g> smoser: better? http://paste.ubuntu.com/647593/
<adam_g> smoser: actually, ill rework it in a bit
<philsf> hmm, I think I know understand how this is broken down: 4x140GB disks would totalize 560GB, but I have a 408GB virtual disk. that leaves around 150GB for a parity "disk" and probably some hidden rescue partitions
<philsf> does that sound correct?
<ppetraki> philsf, it really depends on your application, do you value read perf over write perf?
<ppetraki> yup
<philsf> ppetraki, TBH I don't expect much traffic here, so I'll probably operate on very low demand, given the cpu availability
<philsf> ppetraki, this will become some mail and webservers, mostly
<philsf> I'd like good write performance, for mail access and maybe an FTP/SMB in a forseable future
<philsf> ppetraki, does that mean I should trade raid5 for, say, raid1?
<ppetraki> philsf, then I'd take RAID 10 over 5
<philsf> ppetraki, and will Dell support frown if I change this default?
<lifeless> SpamapS: I have a call with flacoste now, then Lynne and I go see the midwife from 930 (its 800 now) till 1030. Anytime outside those constraints.
<ppetraki> philsf, perhaps, a RAID 10 is considered a "mirrored strip" or RAID 0 + 1. So you could concat two of your disks, and mirror them, giving you 280G
<ppetraki> philsf, RAID 1 would limit you to the size of the physical disk, so 140G mirrored. Do you have any spares?
<ppetraki> philsf, ideally this should be planned around a spare or two, resident in the chassis. Unless you like running down to the datacenter :-)
<RoAkSoAx> Daviey: haven't yet worked on them I'm working on ensemble atm
<ppetraki> philsf, the easiest config to manage would be a RAID 1 (140G) with two hotspares
<ppetraki> philsf, I'm pretty sure the dell firmware automagically puts the spare into service, check the docs
<RoAkSoAx> Daviey: i wanna finish some stuff with ensemble first and then will look at the cobbler stuff
<ppetraki> philsf, also, when you go the vdisk route, the firmware will watch for physical disk problems and report back via the admin tool. less work for you
<Daviey> RoAkSoAx: okay.. great stuff.
<philsf> ppetraki, sounds brilliant
<ppetraki> philsf, and you get to know which disk is in which slot :-), unless you plan to write serial numbers down on the front of each cage
<philsf> goodbye mdadm :)
<ppetraki> philsf, at least in this case, I love it and it has its place
<philsf> ppetraki, as I said earlier, I don't think the performance demand will require much fiddling, for me to choose raid 10 over 5. and this default setup seems sound and provides me the best space offer for the buck
<philsf> ppetraki, I was just worried that it might be raid0, with no mirror, but I hadn't done the math then.
<philsf> ppetraki, thanks very much for the clarifications, and the pointers
<ppetraki> philsf, Dell usually defaults to some sort of HA setup, better to provide "safe" defaults then get a customer call about lost data
<philsf> will see now the link on performance
<philsf> hmm, writes are really much faster. sounds good to me
<jnsl_> this might be more of a apache question, but nonetheless.. can i rewrite urls in a folder from site.com to site-com ?
<philsf> ppetraki, thanks again, will sleep on all that
<jMCg> jnsl_: #httpd
<ppetraki> philsf, no problem, glad I could help
<lifeless> hallyn: is there a workaround for bug 802985 ?
<uvirtbot`> Launchpad bug 802985 in eglibc "[lucid] /var/lib/dpkg/tmp.ci/preinst: 399: arithmetic expression: expecting EOF: "3.0-0-generic"" [High,Triaged] https://launchpad.net/bugs/802985
<smoser> adam_g, http://paste.ubuntu.com/647621/
<lifeless> if we can't build a lucid container in oneiric, we'll be rather wedged lxc wise in the Launchpad team
<smoser> but i wonder if we should not just have the cloud do the platform.node() magic
<hallyn> lifeless: cjwatson had mentioned a few, I can't remember which was the most palatable
<hallyn> lifeless: I guess I've just been creating lucid containers under natty instead :(
<lifeless> is there some escalation process I should use to say 'this is going to be very important to us' ?
<hallyn> lifeless: ping cjwatson and bump the debootstrap bug up to critical?
<lifeless> doing in -devel
<hallyn> cool
<hallyn> stgraber: are you around by chance?
<stgraber> hallyn: yep
<hallyn> stgraber: would you mind, when you get a chance, sanity-checking my debdiff for lxc on bug 813075 ?
<uvirtbot`> Launchpad bug 813075 in lxc "lxcguest should provide a way to tell if this is lxc container" [Medium,In progress] https://launchpad.net/bugs/813075
<hallyn> stgraber: mainly worried about tossing in lots of new names in the upstart job namespace and in /usr/bin
<hallyn> but i think it's overall a very useful feature, so probably worth it
<hallyn> everyone wants to know if they're in the matrix
<lifeless> red pill, blue pill
<stgraber> hallyn: you could probably use "grep -q" but other than that, looks good
<stgraber> my current way of doing it is: [ -f "/proc/1/cgroup" ] && grep -vq "/$" /proc/1/cgroup && echo "It's lxc"
<stgraber> but it's not always true :)
<hallyn> stgraber: right, my main complaint about that is that initramfs or systemd can screw you :)
<hallyn> grep -q.  feh i always forget about that :)
<hallyn> stgraber: cool, thanks.  Would you mind sponsoring that too?  :)
<hallyn> oh,
<hallyn> oh nm
<stgraber> hallyn: yep, I can sponsor it
<hallyn> stgraber: thanks!  the whole shebang with using grep -q is at http://people.canonical.com/~serge/lxc_0.7.4.2-0.3ubuntu4-package
<stgraber> hallyn: just wondering, did you check that lxc-is-container is executable?
<hallyn> i tested on an ec2 instance...
<hallyn> should that being enforced by the packaging?
<hallyn> (actuall, i'm guessing that dh_install already makes sure anything in usr/bin gets +x, but i could be wrong)
<stgraber> yeah, that's the bit I'm not too sure about :) checking here quickly
<stgraber> hallyn: uploaded
<hallyn> stgraber: thanks!
<hallyn> i must run for a bit, bbl
<smoser> adam_g, could you try: http://paste.ubuntu.com/647637/
<smoser> and sanity check that too?
<adam_g> smoser: sorry, was at lunch.
<adam_g> ill test it now
<smoser> yeah, take alook
<smoser> i will look later or tomororw
<RoAkSoAx> kirkland: ping?
<kirkland> RoAkSoAx: pong!
<RoAkSoAx> kirkland: howdy!! I seek your advice and help with a postrm in cobbler
<kirkland> RoAkSoAx: heh, sure
<kirkland> RoAkSoAx: should i branch the latest code?
<RoAkSoAx> kirkland: i don't think it would be necessary :)
<kirkland> RoAkSoAx: okay, hit me
<RoAkSoAx> kirkland: so when purging the package it fails as per bug #805901
<uvirtbot`> Launchpad bug 805901 in cobbler "cobbler failed to purge" [High,Confirmed] https://launchpad.net/bugs/805901
<RoAkSoAx> kirkland: I changed the cobbler.postrm to:http://pastebin.ubuntu.com/647663/
<RoAkSoAx> kirkland: however, now it doesn't fail, but it gets stuck and does not return
<RoAkSoAx> kirkland: log setting -x: http://pastebin.ubuntu.com/647661/
<RoAkSoAx> kirkland: any ideas of why it might be?
<kirkland> RoAkSoAx: your set -x log looks like it completed, no?
<RoAkSoAx> kirkland: yes, the set -x log looks like completed, but never returns
<RoAkSoAx> kirkland: this is what is in /var/lib/dpkd/info/cobbler.postrm : http://paste.ubuntu.com/647664/
<kirkland> RoAkSoAx: lines 5 and 22 are redundant
<kirkland> RoAkSoAx: so i don't think you need lines 5 and 6
<RoAkSoAx> kirkland: if I don't set lines 5 and 6 it fails as per the bug description
<kirkland> RoAkSoAx: erm
<RoAkSoAx> kirkland: seems like apache2 is the problem
<RoAkSoAx> kirkland: i just killed apache processes and the removal resumed
<kirkland> RoAkSoAx: hmm
<kirkland> RoAkSoAx: missing configuration?
<RoAkSoAx> but got stuck again in "Building database of manual pages ..."
<RoAkSoAx> kirkland: might be indeed
<TREllis> Daviey: have you connected glance to swift before?
<TREllis> bah 11pm in the UK
<TREllis> anyone setup glance connected to swift backend before?
<RoAkSoAx> kirkland: yeah it is apache's problem
<TREllis> sorted it, no worries
<RoAkSoAx> kirkland: I think we don't even really need cobbler
<kirkland> RoAkSoAx: heh, what do you propose in place of cobbler?
<RoAkSoAx> kirkland: err I meant "cobbler.postrm"
<RoAkSoAx> :)
<RoAkSoAx> kirkland: as it's only there to restart apache, but cobbler binary itself doesn't mess with apache2. Cobbler-web does though
<kirkland> RoAkSoAx: heh :-)
<kirkland> RoAkSoAx: right
<kirkland> RoAkSoAx: i'd agree witht hat
<RoAkSoAx> kirkland: hehe
<hggdh> hallyn, adam_g: is the test rig available?
<hggdh> (need to test UEC on Lucid)
<quentusrex> Anyone know of a way to test the system memory without rebooting the machine?
<quentusrex> I have a remote box that seems to have faulty memory, but I need to know before I go to the datacenter if it is the memory or if the system has other problems.
<lifeless> SpamapS: yo
<SpamapS> lifeless: howdy
<lifeless> SpamapS: is it too late for you ?
<lifeless> midwife ran late; ended up asking for a statistical analysis of $various $options
<SpamapS> lifeless: not at all, I've got about 45 min left
<lifeless> woot
<lifeless> skype?
<SpamapS> lifeless: sure, clintfewbar
<r4___> im running clonezilla SE on ubuntu 10.04 LTS 32bit machine, i created an image of ubuntu 11.04 64-bit. when i restore the image, the machine cannot boot...(writing what happens)
<r4___> what happens when i try to boot...a really fast msg pops up on the screen that reads "error: file not found" and goes away
<r4___> i suspect it's a grub problem with the mbr
<r4___> because when the image is restored, it tries to install grub from the restored OS but fails and installs grub from the running OS clonezilla SE provides
<r4___> i feel that since clonezilla is running a 32bit OS and the image is a 64bit OS that it causes a problem
<r4___> does this sound reasonable or could it be something else?
<jMCg> r4___: "feel" and "reasonable" doesn't "feel right"
<r4___> jMCg: i was right..reinstalled grub from a live enviroment and it booted :)
<r4___> crappy issue though... :(
<r4___> Does ubuntu 10.04 LTS use grub or grub2?
<TenKTech> 2
<twb> d-i still asks you with priority=low, but if you ask for grub it pulls in the upgrade compat package :-/
<twb> (As at lucid, I mean.)
<r4___> hrm...odd issue nontheless.
<twb> r4___: perhaps if you described it...
<r4___> read up
<r4___> oh sorry
<r4___> you just joined
<twb> Ah, sorry.
<twb> Can you pastebin or /msg me the scrollback?
<r4___> sure can
<r4___> check query
<twb> OK; AFAIK grub doesn't care if the OS is 32 or 64-bit.  If the versions in lucid and clonezilla are very different, that could cause problems.  It would be useful to know if (the installed) grub is configured to not display anything, as is the lucid default -- you have to hit shift at exactly the right time to get it to display anything.
<twb> Most likely I think is just that clonezilla installed grub incorrectly.
#ubuntu-server 2011-07-20
<r4___> yeah same
<r4___> especially given that the problem is fixed once i reinstall grub
<twb> Because I have *so* many problems with grub, and my booting needs are simple and homogeneous, I usually just install extlinux instead in such cases.
<twb> Here are my notes http://paste.debian.net/123429/ (for hardy, but largely unchanged as at lucid)
<r4___> hrm
<r4___> ill have to give that a good read tomorrow
<r4___> cuz this solution will only be acceptable as a temp fix
<twb> Shrug.
<r4___> ill just have to play around and see if i can find a fix :)
<twb> When I put extlinux in production, it just sits there and works.  Such is definitely not my experience with grub, especially grub 2.  As you've seen...
<r4___> haha yeah
<r4___> ill give extlinux a look...it might get rid of this damn headache... :P
<hallyn> hggdh: I'm not using it
<hggdh> hallyn: thanks
<hallyn> thank you :)
<adam_g> smoser: around? http://paste.ubuntu.com/647739/
<r4___> time to go home!
<twb> If anyone cares, I have just updated my extlinux notes to reflect the current (sid/lucid) generation: http://paste.debian.net/123435/
<hggdh> Daviey: when you get back... bug 813266, potential blocker for 10.04.3
<uvirtbot`> Launchpad bug 813266 in eucalyptus "eucalyptus fails to start instances" [Critical,New] https://launchpad.net/bugs/813266
<Guest70950> hello
<Guest70950> anyone there?
<twb> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<Guest70950> How do I get a working flash player for xbuntu. It says there is none compatiable in firefox
<twb> !flash
<ubottu> To install Flash see https://help.ubuntu.com/community/RestrictedFormats/Flash - See also  !Restricted and !Gnash
<Guest70950> waht is !flash and !gnash
<Guest70950> FNG here
<twb> Guest70950: /msg ubottu foo
<twister004> hi  guys.. how can I access the grub boot screen during bootup?
<twb> twister004: hit shift
<Datz> that has changed with certain versions, correct?
<Datz> used to be escape?
<twb> Datz: yes
<twb> It's configurable; the default changed
<twister004> guys.. i tried shift and esc... it doesn't work
<twister004> looks like grub has crashed :(
<uvirtbot`> New bug: #813295 in cloud-init (main) "oneiric alpha2 images do not run in eucalyptus" [Undecided,New] https://launchpad.net/bugs/813295
<DanaG> Interesting: gave the Broadcom a second chance, and it seems to be fine now.
<DanaG> Not CPU-devouring.
<Totem-Schalter> anyone know anything about setting up a tftpd server .. im having a hell of a time trying to get it to work.
<codec_> jep. whats the problem?
<Totem-Schalter> im using tftpd-hpa and its running but i cant access it
<Totem-Schalter> i get the error "no file or dir"
<Totem-Schalter> i made a folder in "/tftp" and chmod 777 it and i also edited the tftpd-hpa to reflect that dir
<Totem-Schalter> im lost
<lynxman> morning
<lynxman> Totem-Schalter: Setting up tftp is always a bit of a pain, does it generate any logs?
<Totem-Schalter> i think so .. i need to look where it puts them
<lynxman> Totem-Schalter: that's where I would start, since it won't give you any other clue
<Totem-Schalter> there really is not any good documentation on it either "tftpd-hpa
<lynxman> Totem-Schalter: unfortunately
<Totem-Schalter> yeah no logs .. but i need to check my initd logs .. where is that
<Totem-Schalter> to check if port 69 is binding
<lynxman> Totem-Schalter: Are you using xinetd or just starting directly?
<Totem-Schalter> command "service tftpd-hpa start " works
<lynxman> so starting directly
<Totem-Schalter> ok
<lynxman> check the PID of tftpd then do lsof -p PIDNUM as root
<lynxman> Totem-Schalter: that'll show you all the resources the process is using including ports its listening to
<lynxman> Totem-Schalter: also another way is to do "netstat -an"
<Totem-Schalter> netsat -an i found udp 0.0.0.0:69
<lynxman> so... someone is listening :)
<Totem-Schalter> lol
<uvirtbot`> New bug: #813371 in postfix (main) "package postfix 2.8.2-1ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/813371
<lynxman> Totem-Schalter: now, the key is finding the logs, since it must be something silly like "can't find dir, can't read file, I'm just a dumb service" or any of the above :)
<Totem-Schalter> yeah .. it hased to be a setting in my config file
<Totem-Schalter> what can i do with the "ps" command to keep it from scrolling off the screen ?
<lynxman> ps | less
<lynxman> for example
<Totem-Schalter> ok i was doing |grep less
<lynxman> that will try to look for the string less in ps output :)
<Totem-Schalter> ahh ic
<shadowpit> Hello, I've got a problem with my Ubuntu Server 11.04 amd64, can I request for help here or is there a better place to that ?
<shadowpit> -to +for
<irly> shoot
<irly> if someone knowledgeable knows the answer, you probably get one
<shadowpit> ok, thanks.
<shadowpit> Here is my problem : I updated my server and I now have Linux 2.6.38-10-server (in addition to 2.6.38-8) and, when I try to boot on version "10", I think I have a KP because the screen keeps black and there is no use of the HDD (I can ear it working with version "8"). I'm using GRUB 2. I don't understand what is the problem.
<Totem-Schalter> lynxman: hey i finnaly checked with "lsof -p" and i see that it has my file i made "/tftp" listed as type "cwd" is it safe to say that i have set my dir up ok ?
<shadowpit> Sorry, I disconnected. ^^'
<shadowpit> Is there anyone that can help me with that ?
<Totem-Schalter> lynxman: sorry not type but FD cwd
<shadowpit> I also looked at /boot/grub/grub.cfg and I didn't saw any diference between the lines for v10 and those for v8 (except for "8">"10" of course).
<irly> shadowpit: have you tried booting into recovery mode?
<shadowpit> No
<shadowpit> OK, I just have tried with this result :
<shadowpit> Loading of Linux 2.6.38-10-server...
<shadowpit> Loading of ramdisk...
<shadowpit> > No use of the HDD (I don't ear it), and it's "frozen", can't do anyting but reboot it by ACPI (nothing happend when hitting "Num Lock")
<lynxman> Totem-Schalter: yeah looks like :)
<lynxman> Totem-Schalter: sorry I was messing around with some stuff
<BuenGenio> hello
<BuenGenio> server just came out of a 40 minute long stall
<BuenGenio> load average for the last hour was 104!
<BuenGenio> don't even know where to start looking
<BuenGenio> there are all these stack traces in syslog, that I don't know where they come from
<BuenGenio> gone into stall again
<BuenGenio> Load average: 95
<shadowpit> Another question : can we have no submenus in Grub2 ?
<shadowpit> My "v8" kernel is in a submenu of Grub, if I add GRUB_DEFAULT="Ubuntu, Linux 2.6.38-8-server" in /etc/default/grub, this will work ?
<irly> shadowpit: sorry, I have no idea what the problem is. feel free to ask again some time later or in a different channel. #linux #grub might help.
<irly> or just wait here :)
<shadowpit> ok, thank, I will ask on #grub
<shadowpit> I can wait here, but I'll have to explain my problem again and again, and I don't want to flood. ;-)
<Totem-Schalter> lynxman: well i fixed it and its working now
<lynxman> Totem-Schalter: excellent \o/
<Totem-Schalter> TFTP_OPTIONS="--create --secure" had to add the --create part
<Totem-Schalter> by defalt u cant create new files when tftping
<lynxman> Totem-Schalter: yes, that's correct :)
<Totem-Schalter> he he ..
<Totem-Schalter> cd /
<Totem-Schalter> opps
<lynxman> Totem-Schalter: I normally just "touch" them and chmod appropriately
<Totem-Schalter> well i using the tftp to back up IOS from Cisco router
<Totem-Schalter> so il limited on commands
<lynxman> Totem-Schalter: that's what I use it for normally, that and Cisco phones
<Totem-Schalter> im  a cisco noob going for my CCENT and i was setting it all up with my GNS3 set up to learn
<Totem-Schalter> and boy i learned more that i thought
<lynxman> Totem-Schalter: it always happens, I used to manage an AS, it was... fun :)
<Domoz> hello folks
<Domoz> i accidentally rm'ed my /dev/ptyp* and now i am stuck at blank ssh screen after logging in. i can still access to root's sftp though
<Domoz> any idea how to fix this?
<Domoz> Server refused to allocate pty. stdin: is not a tty
<hallyn> kirkland: so are you using tmux now instead of screen?  Apart from shiny and new, what is your motivation?
<jMCg> kirkland: it's maintained, I heard.
<jMCg> s/kirkland/hallyn/
<jMCg> So strange. Different keybindings.. It's like using emacs all of a sudden.
<uvirtbot`> New bug: #813494 in mysql-5.1 (main) "package mysql-client-5.1 5.1.54-1ubuntu4 failed to install/upgrade: trying to overwrite '/usr/bin/innochecksum', which is also in package mysql-server 5.0.92-2" [Undecided,New] https://launchpad.net/bugs/813494
<kirkland> hallyn: byobu isn't using tmux yet;  but I'm using it quite a bit
<kirkland> hallyn: as jMCg says, it's actively maintained
<kirkland> hallyn: code is much cleaner, easier to work with;  upstream has already taken a patch of mine (I have a stack of patches against screen that never get applied)
<kirkland> hallyn: jMCg: I've created a set of keybindings for tmux that duplicates those in screen and byobu
<jMCg> kirkland: care to share?
<jMCg> Nice: https://github.com/aziz/tmuxinator
<jMCg> I hope I'm not too old to learn a new "wm" :)
<hallyn> kirkland: newer.  actively maintained.  how old is the project?
<kirkland> hallyn: 2007
<hallyn> i figure it takes 2-3 years for the first major, subtle, horrible security design bug to be found
<hallyn> hm, ok
<kirkland> hallyn: screen -> 1987
<hallyn> i trust screen bc it's already had horrible bugs found :)
<kirkland> hallyn: tmux has 130 users in IRC right now, screen 70
<kirkland> hallyn: lots of bugs unfixed, too
<hallyn> right cause noone needs to join irc for screen :)
<hallyn> its the same reason i trust IE :)
<kirkland> hallyn: awesome
<hallyn> all right, i may need to do a tmux code review then
<kirkland> hallyn: sweet, that would be awesome
<kirkland> hallyn: you'll find it far easier to read than screen's code
<CloudAche84> Anyone got experience installing ubuntu to iscsi target with preseed?
<uvirtbot`> New bug: #813519 in postfix (main) "package postfix-ldap 2.8.2-1ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 127" [Undecided,New] https://launchpad.net/bugs/813519
<disposable> 2 of my (lucid) servers have their clocks screwed - one is 20 mins in future, the other 7 mins in the past. I'm trying to slowly adjust the time to correct values without crashing postfix/dovecot/mysql/etc running on them. i've changed ntpd's start parameters to '-g -x' in /etc/default/ntp. how do i check if it's slewing the time now? /var/lib/ntp/ntp.drift has 0.000 in it.
<patdk-wk> I believe that is logged
<patdk-wk> but really, postfix/mysql won't care
<patdk-wk> dovecot will complain, but get over it
<patdk-wk> but your apps running on mysql, dunno
<disposable> this is what confuses me in the log "ntpd[17683]: frequency initialized 0.000 PPM from /var/lib/ntp/ntp.drift
<DanaG> Hmm, tmux... It'd be cool to remake byobu with it.
<kirkland> DanaG: in the works
<hggdh> dovecot will actually braf if the current time on-clock is in the past
<hggdh> disposable: the drift value is dynamically calculated. It can take some hours to get it set.
<DanaG> Oh, ever try, within screen, running ssh to somewhere and running screen /dev/ttyS0 there?
<DanaG> Major keybinding confusion.
<disposable> hggdh: thank you, i had that suspicion from the forum's i read.
<hggdh> disposable: in addition, it will continuously be updated (er, 'continuously' meaning every hour or so)
<yann_> Hello! When doing a netboot on a KVM VM with libvirt that has two network cards with two different NICs, is there a way to tell libvirt which NIC I want to boot from?
<Ramosa> what is the main difference with debian and ubuntu server? usability?
<TheEvilPhoenix> Ramosa:  framework and default packages
<Ramosa> and by framework you mean?
<TheEvilPhoenix> Ramosa:  the Ubuntu repos are more up to date, but sacrifice slight stability (in most cases) for features.  Debian sacrifices features for stability in the same manner.
<TheEvilPhoenix> Ramosa:  Debian doesn't update their repos as often as Ubuntu does.
<Ramosa> right
<Ramosa> so Ubuntu makes more choices for me
<TheEvilPhoenix> well...
<TheEvilPhoenix> not really...
<TheEvilPhoenix> Debian doesn't come with a default server install image
<TheEvilPhoenix> but Ubuntu Server does.
<TheEvilPhoenix> in pure fundamental terms
<TheEvilPhoenix> the difference is in repo updates.
<TheEvilPhoenix> but  they're basically the same software
<Ramosa> http://upload.wikimedia.org/wikipedia/commons/9/9a/Gldt1009.svg
<Ramosa> I wish there was a site where you can get an overview of the differences between all those distros
<Ramosa> just the main topics
<TheEvilPhoenix> remind me to slap people who post huge images like that
<TheEvilPhoenix> Ramosa:  you might be able to google it
 * TheEvilPhoenix checks google
<TheEvilPhoenix> take a look here: http://ubuntuforums.org/archive/index.php/t-33310.html
<TheEvilPhoenix> see if that answers some of your questions
<Ramosa> im gonna do node.js, so i don't need LAMP
<TheEvilPhoenix> by default you get to CHOOSE what gets installed with Ubuntu Server
<TheEvilPhoenix> it doesnt automatically install everything
<Ramosa> is LAMP included in the default server install image though?
<TheEvilPhoenix> included, yes.  installed by default, no.
<TheEvilPhoenix> meaning you have the OPTION to install LAMP
<TheEvilPhoenix> but it doesnt automagically install
<TheEvilPhoenix> during the process it asks what you want installed
<Ramosa> ok
<philsf> I want to install using LVM, but the Lucid CD I burned only seems to allow me to boot into graphical mode, which doesn't support it. How can I use debian-installer from the CD? there is no "install" or "expert" kernels in the boot options
<ppetraki> philsf, I don't believe thats an option with the "desktop" iso, you'll have to use the server or alternative image
<philsf> ppetraki, I'm using the server image
<philsf> ppetraki, debian-installer boots if I create a USB boot image, but the installation fails, so I'm trying a CD
<ppetraki> philsf, so you have a text only install interface?
<philsf> ppetraki, no, I have a GUI only install interface
<ppetraki> philsf, thats not it then
<ppetraki> philsf, unless they've changed it
<ppetraki> philsf, I know for certain that the text mode in the alternative iso offers it, I've used it
 * philsf must have mixed up images then
<ppetraki> philsf, http://releases.ubuntu.com/lucid/
 * philsf must have mixed up images then
<ppetraki> philsf, note that the "server" iso doesn't explicitly mention LVM, while the alternative one does
<ppetraki> philsf, a bit confusing.
<philsf> yup, I burned the wrong image. burned a 11.04 desktop that was lying around :/
 * ppetraki is downloading to confirm suspicions
<philsf> ppetraki, but the server image does allow LVM, right?
<philsf> the alternate is a catch all, for both desktop or server install, right?
<ppetraki> philsf, I think that's right
<ppetraki> philsf, I PXE install so often I don't remember how they're distinguished :-)
<ppetraki> philsf, verified, the server iso supports LVM
<philsf> ppetraki, thanks
<ppetraki> philsf, np
<sorrell_> server offers LVM
<RoAkSoAx> smoser: is it possible to re-run anything that cloud-init runned with runcmd?
<RoAkSoAx> user-meta info
<smoser> rm -Rf /var/lib/cloud ; reboot
<smoser> RoAkSoAx, ^
<smoser> that will mostely do it
<smoser> but if you dont want to reboot, you can do othe rthings to
<smoser> sudo cloud-config runcmd always
<RoAkSoAx> smoser: ok cool
<smoser> let me check
<smoser> itll be a minute but you can basically invoke cloud-config yourself, and tell it to run the 'runcmd' module.
<RoAkSoAx> smoser: awesome, thanks
<dvd740> I was in here the other day, talking about needing a newer release of nut-ups than the one that is in 10.04.2lTS
<dvd740> and someone suggested compiling from a src ubuntu package
<dvd740> how do I know which one to get etc
<dvd740> and can I try the packages from this directory first ?
<dvd740> http://mirrors.easynews.com/linux/ubuntu/pool/main/n/nut/
<spill> need help enabling upnp with shorewall on maverick server
<spill> I need help enabling upnp with shorewall on maverick server, anyone?
<spill> I need help enabling upnp with shorewall on maverick server, anyone?
<dvd740> woot
<dvd740> it installed
<dvd740> 2 packages didnt' work but they aren't critical
<dvd740> cgi and snmp interfaces
<dvd740> but the core nut-2.6 from that dir installed
<lifeless> gmorning :)
<Pici> spill: You could try asking in #shorewall, or explain what you've tried here and perhaps we can help.
<spill> k, I'll check shorewall first and go from there, thanks.
<Ramosa> if kernel 3.0 is due out, how long till it starts appearing in distros?
<lifeless> SpamapS: yo  yo yo
 * RoyK is scanning through old xkcd strips http://xkcd.com/732/
<SpamapS> lifeless: howdy
<psssss> ((((
<lifeless> SpamapS: we could talk for a few minutes now if you like, but I've actually got caught up with $other $things so haven't moved my understanding forward yet
<SpamapS> lifeless: just ping me when you need anything.
<lifeless> SpamapS: ok cool - thanks!
<lifeless> btw whats the best channel for ensemble - here or -cloud or ?
<hallyn> kees: around?
<kees> hallyn: sorry, missed you earlier. what's up?
<hallyn> kees: i was just going to ask what i asked on -hardened :)    thanks
<RoyK> nite - miss you later
<sw0rdfish> hey guys a download through sftp terminal is frozen, saying "stalled"
<sw0rdfish> what can I do to resume it :)
<patdk-lap> control-c, uparrow, enter
<patdk-lap> but it will delete the file :)
<sw0rdfish> I see.
<sw0rdfish> the hard way...
<sw0rdfish> lol :)
<patdk-lap> maybe if you copy it now, and attempt rsync this time
<patdk-lap> and tell rsync to keep partial files
<sw0rdfish> hey I just looked now, and its continuing
<sw0rdfish> haha
<sw0rdfish> maybe it heard you telling me ctrl+c
<sw0rdfish> and it got scared :P
<patdk-lap> uploading?
<patdk-lap> or, is it coming from a dsl/cable location?
<sw0rdfish> downloading
<kees> hallyn: ah, right. :)
<hallyn> ok, someone set me straight.  The default kernel in ubuntu server is 2.6.32 still right?
<hallyn> in lucid i mean
<patdk-lap> yep
<hallyn> phew thanks
<patdk-lap> now you can install a backported maverick or natty kernel though
<hallyn> yeah, but I don't think we can support that in X-dkms packages
<uvirtbot`> New bug: #630343 in open-vm-tools (multiverse) "package open-vm-dkms 2010.02.23-236320-1+ubuntu1 failed to install/upgrade: open-vm-tools kernel module failed to build" [Critical,Confirmed] https://launchpad.net/bugs/630343
<uvirtbot`> New bug: #640901 in open-vm-tools (multiverse) "package open-vm-dkms 2010.02.23-236320-1+ubuntu1 failed to install/upgrade: open-vm-tools kernel module failed to build (dup-of: 630343)" [Undecided,New] https://launchpad.net/bugs/640901
<uvirtbot`> New bug: #641350 in open-vm-tools (multiverse) "package open-vm-dkms 2010.02.23-236320-1+ubuntu1 failed to install/upgrade: open-vm-tools kernel module failed to build (dup-of: 630343)" [Undecided,New] https://launchpad.net/bugs/641350
<uvirtbot`> New bug: #641522 in open-vm-tools (multiverse) "package open-vm-dkms 2010.02.23-236320-1+ubuntu1 failed to install/upgrade: open-vm-tools kernel module failed to build (dup-of: 630343)" [Undecided,New] https://launchpad.net/bugs/641522
<adam_g> hallyn: that reminds me, how is the case handled where someone is using a dkms module built for lucid kernel, but they've backported a newer kernel and upgrades/rebuilds of those dkms packages begin to break.
<adam_g> is that just an unsupported practice and an invalid bug?
<hallyn> adam_g: that's what I'm advocating right now :)
<hallyn> adam_g: people are free to offer backported versions of the dkms package to go along with the kernel,
<hallyn> but i was looking at open-vm-tools in particular, which is in multiverse
<adam_g> bug #799630 is an interesting example
<uvirtbot`> Launchpad bug 799630 in drbd8 "package drbd8-source 2:8.3.7-1ubuntu2.1 failed to install/upgrade: drbd8 kernel module failed to build" [Low,Incomplete] https://launchpad.net/bugs/799630
<hallyn> adam_g: might be worth asking on #ubuntu-kernel what they think.
<hallyn> for packages in main, i think it coudl be fair to say if we offer backporte dkernel, then we'll offer backported dkms packages
<adam_g> drbd was merged into mainline in 2.6.33, so the out-of-tree dkms module wont build on anything after the lucid kernel
<hallyn> for universe, heck no
<hallyn> is drbd in main?
<hallyn> (i assume so)
<adam_g> in lucid, im not sure
<uvirtbot`> New bug: #647309 in open-vm-tools (multiverse) "package open-vm-dkms 2010.02.23-236320-1 ubuntu1 failed to install/upgrade: open-vm-tools kernel module failed to build (lucid)" [Critical,Invalid] https://launchpad.net/bugs/647309
<hallyn> (sorry, those 'new bug' reports are my fault :)
<hallyn> gotta run and get some grub, bbl
<adam_g> cya
<hallyn> adam_g: are you going to ask in #ubuntu-kernel?
<hallyn> anyway, yeah, cya :)
<adam_g> hallyn: i will. not sure if today or tomorrow
#ubuntu-server 2011-07-21
<uvirtbot`> New bug: #798844 in cloud-init "Chef integration" [Medium,Fix committed] https://launchpad.net/bugs/798844
<philipballew> QUESTION: when installing ubuntu server, if i select ssh server during the instalation can i then after it installs un-plug it from my monitor hook it up to my cat5 and when still on the network ssh into it?
<twb> If you install the network-console udeb such that you complete the installation over SSH, yes.
<twb> If you mean you're picking "SSH Server" at the tasksel prompt, I'm not 100% sure, but I think the behaviour will be the same.
<philipballew> i'd need to send the rsa cirtificts over the lan then after i finish twb
<twb> Uh, you mean ssh-copy-id?
<philipballew> yes, that
<twb> By default sshd will allow password-based auth, so that will work.
<philipballew> i can do that over ssh though
<twb> Assuming you either assigned a root password or created a user with a password during the install process.
<philipballew> i need to set up p.f. to still. need to think if 192.168.1.2 is good enough for the server
<twb> Linux doesn't use pf
<philipballew> port forwirding
<twb> Oh.
<philipballew> not packet filter
<twb> Well, you should never use 192.168.1/24, .0/24, or 10.0.0.0/24
<philipballew> i had a bsd server once, not bad
<philipballew> i figured so, but why?
<twb> Because everyone ELSE does that, and if you ever need to join two such LANs (e.g. VPN from one to the other), you will cry.
<twb> Try echo 10.$((RANDOM%256)).$((RANDOM%256))/24
<philipballew> i plan to use this server to connect to when i am at a college and their wirewalls are alloning me
<philipballew> haha
<twb> I don't know what "alloning" means.
<Pici> 'allowing'
<Pici> actually, that doesn't make sense either.
<patdk-lap> twb, I would say, 10 < x < 250
<patdk-lap> with routers using 192.168.0-3 being common
<patdk-lap> also can't use 192.168.100, or 10.0.10 cause of modems
<patdk-lap> or was it 10.1.10
<twb> patdk-lap: that seems reasonable
<airtonix> patdk-lap: wut?
<patdk-lap> wut language is that from?
<philipballew> twb, my keyboards messin with me. its allowing
<airtonix> it's from the "you-talking-nonsense-and-i-need-clarification" language
<patdk-lap> airtonix, go back to math class
<airtonix> <patdk-lap> also can't use 192.168.100, or 10.0.10 cause of modems
<patdk-lap> you have never used a dsl or cable modem?
<airtonix> my modems must be awesome, because i have no problems using those networks
<twb> patdk-lap: probably he is sensible and puts them in bridge mode
<patdk-lap> can't put cable modem in bridge mode
<DanaG> My modem takes only precisely 192.168.100.1.
<airtonix> lol
<DanaG> ANd it doesn't need to be specifically reachable, if you don't care about the status pages.
<twb> patdk-lap: I guess
<patdk-lap> danag, nope, I didn't say you couldn't use it
<DanaG> 100.1 isn't routable, so the router passes it upstream, and the modem intercepts it.
<airtonix> DanaG: the power of faith is all you need?
<patdk-lap> I just said it's perferably if you didn't
<patdk-lap> if you ever care you check your status
<twb> DanaG: I *hate* that
<DanaG> Or what's worse:
<DanaG> Cable modems that have the status page actively DISABLED.
<twb> "bridge" doesn't mean "bridge except for frames you feel like hijacking", you damn appliance
<DanaG> By the ISP.
<patdk-lap> I hate ones that have status page accessable only via java
<patdk-lap> and have their snmp disabled
 * patdk-lap notes comcast
<DanaG> Say, I've never checked snmp on my cable modem.
<patdk-lap> well, snmp only accessable via comcast tech's
<DanaG> oh, and my mom's OfficeJet Pro crashes any time I enable my employer's management tool's "probe" feature on a computer at home.
<DanaG> Mine is Charter, but a self-bought SB5100 or so.
<DanaG> Charter doesn't seem to touch the firmware on it, but since it's a Motorola SIMILAR to what they support, it works.
<patdk-lap> this is comcast business, you must use their supplied modem :(
<DanaG> For a while, we had a Linksys one... it crashed all the time.  And Charter didn't offer the known-fixed firmware.
<patdk-lap> atleast I get 120mbit downloads though
<DanaG> They told ME to upgrade the firmware.
<DanaG> Sure, just let me log into your servers.
<DanaG> So anyway, Motorola modem + TomatoUSB router == rock-solid.  Once they changed out the rusted-out cable run from the street, that is.
<patdk-lap> at home here, still don't have docsis2 :( my linksys modem has been reliable for the last 6 years though
<patdk-lap> ya same here, had a break in the cabletv, they ran a new cable, been great
<DanaG> We used to get 30% packet loss during rain, but they said, "oh, your signal is fine!" -- for years.
<DanaG> And then when we got Charter Telephone, they were legally obliged to fix it.
<patdk-lap> oh, mine went quickly
<DanaG> And well whaddaya' know?  The cable running from the street was completely rusted out!
<patdk-lap> in <3months I went from once a week drop for a few min, to >3hour drops per day
<DanaG> Oh yeah, and our electrical boxes were below ground level, until a few months ago.
<DanaG> Even our phone lines got crosstalk with neighbors.
<DanaG> or so my parents say.
<DanaG> I'm living at home, but rarely use the landline, even in non-rainy weather.
<DanaG> So anyway, something slightly more on-topic: I gave the Broadcom 5723 another chance, and it seems reasonable after all.
<DanaG> Versus this Intel, it came to about the same in iperf: http://www.newegg.com/Product/Product.aspx?Item=N82E16833106033
<jaith> Can anyone tell me how I might discover for each of my installed packages whether it's main/restricted/universe/multiverse ?
<smw> jaith, why would you need to do that?
<jaith> smw: I'm hardening my server, which came with universe enabled
<jaith> smw: given that universe packages are assembled by the community, I'm a bit concerned about security
<smw> jaith, that is not going to protect you much...
<smw> it seems like a bad idea.
<smw> anyways, if it is a new install, it should have no universe packages, right?
<jaith> smw: please elaborate.  how could checking on my installed packages not protect me much?
<jaith> smw: that is precisely what I'm trying to sort out
<jaith> smw: the default install has universe enabled in sources.list
<smw> jaith, you know what is installed because you installed it, right?
<smw> anything installed by default you kind of need to trust...
<jaith> smw: i have not installed anything yet.  i instantiated a clean ubuntu 10.04 from an official ubuntu ami on amazon ec2
<smw> or not trust the OS
<jaith> smw: i tend to agree with you, but i need my server to be very secure.  let's say it's an academic argument.
<smw> jaith, then checking what is installed in kind of pointless.
<smw> the same company that puts ubuntu together makes the ubuntu amis
<jaith> smw: yes I understand, but I would like to know which are main and which are universe, if only to keep an eye on them
<jaith> smw: if all you want to do is discourage me from searching, then you're wasting your time :D
<jaith> smw:  i do have another question you might be able to answer
<smw> jaith, you do realize it is very difficult to add packages to universe, correct?
<smw> fine, I will answer what I would od
<smw> do*
<jaith> smw: that may well be true, but searching where your packages are from should be quite easy.
<smw> dpkg --get-selections for a list of packages
<smw> awk out the package names
<smw> loop over them with apt-cache policy
<smw> jaith, it is not that easy. Ubuntu does not care where a package came from
<smw> you need to work out where they are now and assume that is where they came from
<jaith> smw: i'm hoping to avoid a package-by-package search when I have some 385 installed packages
<smw> jaith, that is why you script it
<smw> lol
 * patdk-lap has all the packages he really needs, compiled himself in his own ppa
<jaith> well here's a start
<jaith> dpkg --get-selections | grep -oE '^[a-z\-]*\s'
 * smw just trusts the people who put together the os
<jaith> am i correct in thinking that will return installed packages?
<patdk-lap> smw, I'm using newer versions than what is in the os, normally
<smw> jaith, I would have just used awk... but whatever works for yo u :-)
<smw> patdk-lap, cool
<patdk-lap> get selections tells you nothing about where it came from, only what is installed
<jaith> smw: i don't know the first thing about awk
<patdk-lap> awk is like regex meet bash
<smw> jaith, ok, it worked anyways :-)
<jaith> yes so know i need to pipe that to some other command which tells me main/restricted/universe/multiverse
<jaith> any hints most welcome :D
<smw> jaith, you are taking this way too far
<smw> lol
<jaith> smw: i'm OCD like that
<smw> jaith, apt-cache policy
<smw> jaith, I would not recommend a bank be this crazy
<smw> lol
<jaith> smw: that's the funny thing, the site i'm trying to secure processes credit cards.  our sshd binary is compromised.
<smw> why is your binary compromised?
<jaith> smw: ergo, paranoia
<jaith> smw: hang on...i go get lovely ascii art for you
<smw> jaith, were you recently hacked or something?
<patdk-lap> heh, I doubt it was really sshd, sounds like you where rooted
<jaith> smw: YES
<twb> smw: he's probably a rent-a-sysadmin
<patdk-lap> normally that comes from bad website programming
<patdk-lap> plus running non-patched software
<jaith> twb: i'm php programmer.  not sysadmin :(
<twb> smw: $bank was running, say, Fedora Core 3 or Gentoo because $some_guy set it up, and AFTER they're broken into, jaith is called in to fix it
<jaith> patdk-lap: curious, how does bad php lead to rooting?
<patdk-lap> jaith, did I say that?
<smw> twb, nope, even better. He is a web programmer...
<patdk-lap> I said it lets one in, so that it can be rooted
<jaith> smw: no, i wrote the code nearly 10 years ago when i knew almost nothing
<patdk-lap> if you don't update your system often enough
<twb> patdk-lap: better than running patched software, is not running any software at all
<twb> e.g. no inetd beats xinetd
<patdk-lap> twb, and better than that, is not running a server :)
<jaith> this is a blast.  show-offs purporting to help, trying to talk me out of well-justified paranoia. wheeee!
<patdk-lap> jaith, no
<patdk-lap> we are saying the system has been rooted
<jaith> agreed
<jaith> that is why new system being set up
<patdk-lap> there is no point for paranoia
<patdk-lap> cause you need a reinstall
<smw> twb, I was a kid in highschool who like to do jobs on odesk for fun. I fixed a small (but profitable) site that was having problems with uptime. I have a full time job now...
<twb> jaith: if you are paranoid you would not have any PHP there in the first place
<patdk-lap> then a code review of the website is probably in order
<jaith> and that is why i'm trying to examine initial setup to make sure all the signatures check out and no funny stuff
<jaith> new server is Ubuntu 10.04 instance running on EC2
<smw> jaith, you are being beyond paranoid.
<jaith> security currently locked down.  only ssh port permitted, public cert auth required, and ssh access limited to my IP block
<patdk-lap> your going go that paranoid AND use ec2?
<smw> patdk-lap, ec2 is secure...
<jaith> *sigh*
<twb> ahaha
<twb> jaith: "only ssh port" -- so http is currently blocked?
<patdk-lap> smw, I won't meantion my root issues with ec2
<jaith> <<<suddenly realizes he's been cornered by griefers >>>
<jaith> twb: yes until i get it set up :D
<smw> patdk-lap, I would like to hear them. :-)
<twb> Anyway, if the sshd binary is compromised, you might as well do a full reinstall.
<patdk-lap> check channel logs from november :) about the 18th
<jaith> personally, i am wondering why it's so hard to sort my installed packages by main/universe/whatever
<twb> jaith: because Canonical don't want to make it obvious that their *supported* package list is fuck-all
<smw> patdk-lap, my entire company runs in amazon ec2
<patdk-lap> jaith, cause if it was installed, it was assumed you already checked that
<twb> jaith: but you can check a specific package with "apt-cache policy foo"
<jaith> twb: this is an entirely different machine, hosted on an entirely different network.  i am no longer trying to do any sort of forensics on the old machine
<smw> patdk-lap, if used right, there are no security issues...
<twb> jaith: OK
<jaith> twb: THANK YOU
<patdk-lap> smw, if used right, security patchs wouldn't accidentally be left out of the ec2 kernel :)
<twb> jaith: I run http://paste.debian.net/123601/ from cron.monthly on Lucid machines to check for unsupported packages
<twb> jaith: expect there to be half a dozen, even on a relatively small system :-/
<smw> patdk-lap, is ubuntu bad at including security updates in their kernel? lol
<patdk-lap> smw only if it isn't a clean patch :)
<jaith> this is a *brand spanking new compute instance* created from one of the "official" AMIs listed on the ubuntu site
<jaith> i haven't installed a single thing myself yet
<jaith> before i bother, want to check out existing installed packages (of which there are some 385)
<patdk-lap> seems like a lot of packages
<jaith> i agree
<patdk-lap> but I always install minimal system though
<twb> smw: define "bad'
<smw> jaith, there are much more important places to use your security efforts.
<smw> most of them involve humans and access
<patdk-lap> humans and cgi's :)
<jaith> smw: there is only one website running on this machine.  i am the only developer.
<jaith> no cgi access, etc.
<patdk-lap> php is cgi access
<jaith> agreed that webstack and php files are probably least safe part
<twb> jaith: if you do an expert install, you can opt-out of restricted/universe/multiverse/backports being included in source.list to begin with.
<patdk-lap> twb, he did ec2 install
<jaith> twb: i have no such choice with EC2 without creating my own AMI which, sadly, is beyond my skillset
<twb> Well, you might as well bend over and give amazon a free rein, then.
<smw> jaith, you are looking in the wrong places to deal with security concerns.
<smw> and yes... php can cause serious problems if setup wrong :-\
<smw> there are new bugs for it way too often
<jaith> let's assume, just for a moment, that this was an academic discussion and alllllll i wanted to do was determine the source of my installed packages.
<jaith> like, let's make-believe and say i'm a security researcher or investigative blogger out to snitch on canonical, hm?
<jaith> c'mon it'll be fun!
<smw> jaith, I would say that was pretty stupid.
<jaith> smw: and I would say you are decidedly unhelpful
<jaith> The ASCII art as promised:
<jaith>   _________________________
<jaith>     ||   ||     ||   ||
<jaith>     ||   ||, , ,||   ||
<jaith>     ||  (||/|/(/||/  ||    Don`t
<jaith>     ||  ||| _'_`|||  ||    Be
<jaith>     ||   || o o ||   ||    Mad
<jaith>     ||  (||  - `||)  ||-------AAAAAAAAAAAAAAAAAAAA
<jaith>     ||   ||  =  ||   ||
<jaith> MFU ||   ||(___)||   ||
<jaith>     ||___||) , (||___||    UstupidMF ownz you!
<jaith>    (||---||-)_(-||---||)  (say something,please talk to me
<twb> !ops
<ubottu> Help! Channel emergency! soren, lamont, mathiaz or tom
<jaith>   ( ||--_||_____||_--|| )
<jaith>  (_(||)-|  (%d)   |-(||)_)
<smw> wtf?
<twb> smw: I think he's saying sshd emits that as motd or something
<smw> ah
<smw> twb, his "sshd binary was hacked"
<smw> twb, now I see how he came to that conclusion...
<jaith> if you use 'strings' command on the sshd binary , it's in the binary somewhere
<smw> jaith, ok...
<twb> jaith: use a pastebin next time, please
<jaith> additionally, a check of one's package checksums calls out ssh
<jaith> twb: sorry
<smw> jaith, but you are still being unreasonably paranoid. You are acting like a programmer trying way too hard to optimize one line of addition that he does not realize he could index a column in a database and increase speed 1000 fold.
<twb> I don't understand what attack profile he's trying to guard against, nor how he's trying to go about it.
<twb> All I've heard so far is he's using a stock amazone base image, with a default-deny firewall.
<smw> twb, and he is afraid of the people who made the image (canonical) and not the people who will try to hack his server.
<jaith> and you guys won't answer a simple question, preferring instead to wax philosophical about how I'm "doing it wrong"
<jaith> believe me, i'd be happy to get advice on keeping the web stack safe when i get there
<twb> Well, I wouldn't trust foo.img to be a clean debootstrap of signed packages from archive.ubuntu.com
<twb> Certainly I think it's more productive to worry about his shitty PHP app
<twb> Since merely by being PHP means it's good odds that's how they got into the last system.
<smw> twb, that is not very constructive either ;-)
<jaith> it's most definitely not constructive.  he's stroking his e-peen
<jaith> here's the other nifty part:  if I can get a good, clean, baseline image, i can re-use it
<jaith> the question is:  how clean is it?
<jaith> a fair question, wouldn't you agree?
<jaith> EC2 makes it very easy to store a machine image and re-use it later
<smw> jaith, I am going to give up and just say you are trying to prevent the wrong type of attack.
<jaith> smw: give up?  you haven't even tried to answer my question.
<jaith> smw: you've tried to tell me "i'm doing it wrong"
<smw> jaith, in the beginning I explained (in not much detail) how I would try to solve the problem you gave me (not the one you actually need to solve.)
<jaith> smw: that's true.  and i've made progress.
<jaith> dpkg --get-selections | grep -oE '^[\.a-z0-9\-]+\s' | wc -l
<jaith> returns exactly the same line count as dpkg --get-selections | wc -l
<smw> jaith, you need to trust something to start with. Canonical's image is a good choice.
<jaith> I would also draw everyone's attention to this snippet from the ubuntu site: "The universe component is a snapshot of the free, open-source, and Linux world. It houses almost every piece of open-source software, all built from a range of public sources. Canonical does not provide a guarantee of regular security updates for software in the universe component, but will provide these where they...
<jaith> ...are made available by the community. Users should understand the risk inherent in using these packages."
<smw> not guaranteeing security updates != untrusted packages from the "community"
<jaith> yes but excluding *unnecessary* packages that may cease to be updated despite security holes is a valid concern
<jaith> i can only think of two reasons why i'm not getting help here: 1) we are afraid of our faith in ubuntu being shaken or 2) we just don't know how
<jaith> oh and possibly 3) disaffected griefers don't really have any interest in helping irritating noob
<jaith> so maybe I'll try another question:  will apt complain when a package or dependency package which is a) unsigned or b) signed by someone other than one of my very own apt keys?
<patdk-lap> I'm sorry, due to the lack of faith you have in this channel, I can no longer help you
<patdk-lap> Its bad form to insult people, and continue to ask for help
<jaith> i apologize.  i didn't mean to insult anyone.  I was just hoping to get the answer to a specific question.  smw has in fact helped some. i do believe it's fair to say my original question has gone unanswered.
<jaith> thanks for your help anyway
<jaith> fyi, this appears to be working approximately
<jaith> dpkg --get-selections | grep -oE '^[+\.a-z0-9\-]+\s' | xargs apt-cache policy
<jaith> some minor additional filtering results in 575 lines instead of the 383 i might expect -- this because the apt-cache policy command sometimes returns two lines for a given package
<jaith> dpkg --get-selections | grep -oE '^[+\.a-z0-9\-]+\s' | xargs apt-cache policy | grep -E ' (lucid.*/[a-z]+)'
<jaith> interestingly, not one line appears to reference 'universe'
<jaith> dpkg --get-selections | grep -oE '^[+\.a-z0-9\-]+\s' | xargs apt-cache policy | grep -E ' (lucid.*/[a-z]+)' | grep universe | wc -l
<smw> jaith, I fail to see how that is surprising...
<justin__234> gday blokes
<justin__234> wikipedia runs on ubuntu server!
<twb> I can't fix that
<Tommy_nmw> good to see all ppl in this channel
<DanaG> bug 802464
<uvirtbot`> Launchpad bug 802464 in linux "linux: 2.6.38-10.46 -proposed tracker" [Medium,Fix released] https://launchpad.net/bugs/802464
<Tommy_nmw> is there anyone who is using opensource inventory software for non-profit?
<twb> Sorry, I only turn a profit
<twb> Oh, sorry, misread
<twb> inventory software as in asset tracking?
<Tommy_nmw> twb: yes. it is for asset tracking but not tracking drivers or software .Just physical assets like toners or printer cartridges or CDs /DVDs in and out
<twb> Not sure
<jmarsden> Tommy_nmw: I have not used it, but maybe http://asset-tracker.sourceforge.net/ will do what you need?
<twb> https://secure.wikimedia.org/wikipedia/en/wiki/Fixed_assets_management appears to be what you're thinking of
<twb> The ERP solutions I've dealt with were scary as all hell
<Tommy_nmw> jmarsden: I have checked it out. design is not cool. I am inspired by openERP. but it is linked with accouting and sales module. I just want stand alone inventory stock control module for nonprofit use.
<twb> Tommy_nmw: my gut tells me you aren't gonna get that
<jmarsden> Tommy_nmw: If you know enough to criticize software design... write your own app to do what you need, then it will be designed perfectly for your needs :)
<twb> Tommy_nmw: that you'll either have to pick a crappy low-budget standalone implementation, or to delpoy a heavyweight do-everything one and just try to ignore the other modules
<Tommy_nmw> twb: no Free of charge solution ??
<Tommy_nmw> twb:  as we have no budget
<twb> Tommy_nmw: both those cases are assuming FOSS
<twb> Which isn't necessarily free-of-charge -- e.g. I'm assuming your time has value
<Tommy_nmw> twb: I can use only stock inventory only module. but they are linked with other accounting entries. so without entering those values, my records won't be complete to proceed
<twb> Tommy_nmw: bummer
<Tommy_nmw> twb: it depends on one's view
<lickalott> guys...i'm trying to change my default ssh port.  I've changed it in /etc/ssh/sshd_config but when i try to restart the process is kicks out - could not load host key: for rsa and dsa keys
<lickalott> anything i can try before a restart?
<twb> ssh won't start if you don't have host keys
<twb> "sudo dpkg-reconfigure openssh-server" to create them if they are mising
<lickalott> *love
<lickalott> worked!
<lickalott> ^5'S TWB
<uvirtbot`> lickalott: Error: "5'S" is not a valid command.
<twb> uvirtbot`: die
<uvirtbot`> twb: Error: "die" is not a valid command.
<lickalott> lol
<twb> lickalott: btw, if this happened because you cloned an image, whoever built the image did that deliberately to prevent MITM attacks, and just forgot to tell you / automate the dpkg-reconfigure call
<Tommy_nmw> hi
<Tommy_nmw> ih
<Tommy_nmw> hi
<Tommy_nmw> does somebody know how to get proxy config screen during installation ?
<Tommy_nmw> http://dropbox.unl.edu/uploads/20110804/68422200eb6ca9d2/how%20to%20http%20proxy.png
<twb> Tommy_nmw: uh, it asks you when you configure the mirror to use
<twb> maybe you need priority=low; I don't normally do default priority installs
<Tommy_nmw> twb: now I am inside ubuntu server so how can I get that screen back to put some proxy settings to use internet
<twb> If you're installing hardy, ISTR it "helpfully" skipped the proxy step if it decided it could get out without asking
<Tommy_nmw> ?
<twb> Tommy_nmw: oh, right
<twb> Tommy_nmw: /etc/apt/apt.conf, and/or $http_proxy
<twb> acquire::http::Proxy "http://proxy:8080/"; IIRC
<stylewalka> I was just trying to upgrade to maverick, but got a couple of error messages regarding setting up procps; could anyone helpout?
<SimpleAnecdote> Hi guys. Trying to sort out iptables but the server outputs "-bash: iptables: command not found - any thoughts/
<SimpleAnecdote> ?
<greppy> SimpleAnecdote: check your path, iptables is usually in /usr/sbin
<greppy> sorry, /sbin, not /usr/sbin
<dark-sun> hi people
<SimpleAnecdote> greppy - cheers. Apparently I didn't have iptables installed!
<SimpleAnecdote> path sorts out automatically on Ubuntu. It's CentOS and other REHL that have the path issue I think
<SimpleAnecdote> I have not touched a command line in a while
<greppy> it depends on your environment :)
<SimpleAnecdote> greppy: I am over my head with these iptables. I wanted to access them because webmin did not respond via remote browser. But internally, it fetched index.html... Any ideas?
<greppy> is webmin listening on the external interface?  ( keep in mind webmin is pretty much app non grata on ubuntu )
<SimpleAnecdote> greppy: really? I didn't know that
<SimpleAnecdote> I just hate CentOS so much...
<SimpleAnecdote> What GUI control panel do people use on Ubuntu? cPanel only?
<greppy> I don't know, I'm a cli junky :(
<greppy> I use froxlor for webhosting, but the rest of the box is managed from the cli.
<SimpleAnecdote> that's awesome. I fear I am not a savvy enough person to CLI my way through managing the box
<SimpleAnecdote> I had to google VIM commands not 10 minutes ago!
<greppy> :)
<greppy> another option may be to use nano or joe, which can be a little easier to use, joe can use wordstar keybindings if you know them.
<SimpleAnecdote> VIM is fine. I've used it in the past (but long long long ago). Once I have the cheatsheet open in the browser, it's pretty easy
<SimpleAnecdote> I have no idea how to sort out this webmin crap
<greppy> what are you trying to do with webmin?
<SimpleAnecdote> get it to work ;P
<SimpleAnecdote> trying to access it via browser results in 'Page not found'
<Tommy_nmw> hello everyone!! I have a question about  installation step in phpMyadmin. can anyone help  me?
<SimpleAnecdote> however, wget https://localhost:10000 --no-check-certificate fetches index.html properly
<SimpleAnecdote> just a remote browser problem
<SimpleAnecdote> Tommy_nmw: what's the question
<Tommy_nmw> SimpleAnecdote: I am now being asked "configure database for phpmyadmin with dbconfigure-common? As I have no idea to create database now, Can I say NO ? and later , how can I get that screen back?
<SimpleAnecdote> Tommy_nmw: Accept dbconfigure-common
<Tommy_nmw> SimpleAnecdote: http://dropbox.unl.edu/uploads/20110804/0b61b8c21d4405e0/IMG_0743.JPG
<SimpleAnecdote> it will create it automatically for you
<Tommy_nmw> SimpleAnecdote: if the database name or configuration is not matched with the application I would use in future, what do I do?
<Tommy_nmw> SimpleAnecdote: I am not smart at DB related
<SimpleAnecdote> Tommy_nmw: this is not a database for any application. This is a database for phpmyadmin to use for some operations. Just accept dbconfigure-common, and then (once you've configured apache to redirect to it) go to http://yourhostname.exi/phpmyadmin
<SimpleAnecdote> you will be able to create as many DBs as you want
<SimpleAnecdote> under any name
<SimpleAnecdote> and manage them easily via phpmyadmin
<greppy> SimpleAnecdote: check the config, wherever webmin sticks it, and make sure that it is setup to listen on your network interface.
<greppy> SimpleAnecdote: another option would be to use ssh to port forward and get access that way.
<SimpleAnecdote> greppy: I am on SSH right now... I have NO GUI at the moment for anything
<SimpleAnecdote> I've been installing my machine via SSH
<SimpleAnecdote> I've put this command in: iptables -I INPUT 1 -p tcp --dport 10000 -j ACCEPT
<Tommy_nmw> SimpleAnecdote: thanks bro. done
<SimpleAnecdote> Tommy_nmw: no problems. If you have any other questions - just ask
<SimpleAnecdote> you might want to try php channels though ;P
<greppy> SimpleAnecdote: if you didn't have iptables installed before, that shouldn't be the problem.
<greppy> what happens when you try to telnet to port 10000 from another machine?
<SimpleAnecdote> greppy: I haven't tried
<Tommy_nmw> SimpleAnecdote: I am now chatting from Windows XP , ubuntuserver is by my side.  in the same network.. I would like to know how can I log in to phpmyadmin from Windows XP browser
<SimpleAnecdote> Tommy_nmw: Put this "Include /etc/phpmyadmin/apache.conf" (without quotation marks) in /etc/apache2/apache2.conf (at the end of the file)
<Tommy_nmw> now I got it with IP address. but I dont know what is username for login
<SimpleAnecdote> Tommy_nmw: Once you do that, from the XP machine - just open browser, type in ubuntu http://ip/phpmyadmin
<SimpleAnecdote> google default phpmyadmin user/pass for your installation. I believe it should be your MySQL root user
<Tommy_nmw> SimpleAnecdote: I now can see log in page as you said. but I do not know what username it is. I was asked only for password during installation
<SimpleAnecdote> Tommy_nmw: oh, try 'admin' or 'root
<SimpleAnecdote> '
<dark-sun> I'm about to buy a server, is it a good idea to assemble it instead of buying from HP?
<Tommy_nmw> SimpleAnecdote: why are you so brilliant? It works now
<SimpleAnecdote> Tommy_nmw: I am not. I have just done it loads of times before.
<SimpleAnecdote> greppy: I don't really know what to do then. The connection is not getting through
<Tommy_nmw> SimpleAnecdote: btw, I would like to know how I can connect to that server with domain name instead of http://ipaddress/phpmyadmin.
<SimpleAnecdote> Tommy_nmw: you need to configure DNS.
<Tommy_nmw> SimpleAnecdote: I am very new to that setup. some said http://httpd.apache.org/docs/2.0/vhosts/  but I don't understand them
<Tommy_nmw> SimpleAnecdote: how to ?
<SimpleAnecdote> Tommy_nmw: DNS is a bit complicated. If you're using your own machine you need to configure your own name servers - google that as I will be no help with that. If you're using a proper host - just ask them for their nameservers and then redirect your bought domain to those name servers
<Tommy_nmw> SimpleAnecdote: Dear bro, the ubuntu server is configured name server entry under /etc/network/interfaces. so I could install phpmyadmin from internet. do I also need to create/configure  BIND to turn it into  DNS server?
<SimpleAnecdote> You'll need BIND but as I've said - I am no help here. I know the principles, but I've never configured my own nameservers. I can tell you that GUI control panels like DirectAdmin/Kloxo/cPanel/Plesk might make it easier for newbies like us.
<SimpleAnecdote> But Kloxo is annoying
<SimpleAnecdote> And I believe the others cost money
<SimpleAnecdote> Googling the subject might yield much better results than my arbitrary advice ;P
<stylewalka> I was just trying to upgrade to maverick, but got a couple of error messages regarding setting up procps; could anyone helpout?
<greppy> stylewalka: a link to a pastebin of the errors would probably be a good start
<weeman2> g
<stylewalka> [/sty
<stylewalka> I was just trying to upgrade to maverick, but got a couple of error messages regarding setting up procps; could anyone helpout? aptitude safe-upgrade results in http://paste.debian.net/123650; thanks
<uvirtbot`> New bug: #814058 in minicom (universe) "[#313217] runscript crash when using environment variable in script" [Undecided,New] https://launchpad.net/bugs/814058
<lynxman> smoser: ping
<smoser> here
<lynxman> smoser: question about cloud-init for you
<lynxman> smoser: I'm trying to implement the new certificate method for mcollective in the plugin
<lynxman> smoser: problem as always, there's a private key flying over :D
<lynxman> smoser: have you given more thought about this recurrent issue?
<smoser> lynxman, recurrent issue
<smoser> i  might have missed a message. what is that?
<lynxman> smoser: trying to pass certs through cloud-init
<lynxman> smoser: maybe it's recurrent just for me, since I met this issue twice
<smoser> you mean the general issue of wanting to pass potentially sensitive data to the instance?
<lynxman> smoser: yes :)
<smoser> i have 2 thoughts
<smoser> 1 works now
<smoser> a.) use expiring s3 urls (or some other one-time use url) and #include
<smoser> b.) implement some mechanism to have cloud-init wait on a volume, attach volume, take data, detach volume
<lynxman> smoser: hmm I see
<smoser> lynxman, i would be interested in you testing 'a' and seeing how it works. covering second boots and such.
<smoser> maybe there would be a need for '#include-once' or some other mechanism that would say "this is only going to be there one time, don't fail on subsequent attempts at it"
<lynxman> smoser: sounds like the best plan so far
<lynxman> smoser: or silently fail if the cert is already in place
<lynxman> smoser: it's an indirect include-once
<smoser> right. on the server side. but for s3 expiring urls, i think it would 404
<smoser> and cloud-init might get crabby about that
<lynxman> smoser: not if we use httplib2 right, do a try catch and such
<smoser> #include is just using urllib.urlopen.read()
<smoser> just because it is.
<smoser> but yes, the right thing would be to be smarter there.
<smoser> patches are welcom, lynxman.
<smoser> but i would think i would rather use urllib.urlib2 as i'm using that in othe rparts of the code.
<lynxman> smoser: Yeah I think it's better to create the #include-once function
<lynxman> smoser: to avoid breaking anything, and it's quite explicit as well, it'll silently not fail
<lynxman> smoser: thanks for your thoughts :)
<Ursinha> good morning :)
<pmatulis> good morning
<LyonJT> Hey all!
<LyonJT> Is anyone here experienced with proftpd?
<patdk-wk> proftpd is simple
<patdk-wk> it also does some newish ftp stuff that confuses some ftp clients
<LyonJT> I have installed its and changed the default port thats it at the moment
<LyonJT> What else do i need to do because when a user is trying to login its hanging?
<patdk-wk> nothing
<patdk-wk> sounds like you have active port issues
<LyonJT> Any idea why its not letting the user in?
<patdk-wk> you sure it's not letting the user in
<LyonJT> it hanging on listing directory
<patdk-wk> or just failing on dir
<patdk-wk> totally different issue
<patdk-wk> well, fix your firewall
<patdk-wk> or the users firewall
<LyonJT> is that what is making it fail on listing directory?
<patdk-wk> unable to make a connection
<LyonJT> I see and this could be the firewall causing it?
<patdk-wk> yes
<LyonJT> okay let me check that out!
<patdk-wk> normally firewalls attempt to fix this for you
<LyonJT> Thanks buddy!
<patdk-wk> but you changed the default port, so it isn't helping now
<LyonJT> tcp or udp?
<LyonJT> or both?
<Nonox> hi there!
<Nonox> I'm using Amazon EC2 and I have a problem, can anyone help me?
<hallyn> list the problem
<Nonox> after using the command ec2-modify-instance-attribute (micro to large), i lost the posibility to connect to my server
<hallyn> Nonox: probably a stupid question, but - did you check for a new ip address?
<Nonox> I tried to connect using the dns name (http://ec2-50-16-57-148.compute-1.amazonaws.com) with the browser
<hallyn> Nonox: and you're sure that's still the dns name for the instance?
<Nonox> is working! the problem was that the console spent like an hour to refresh the new name for my new dns
<Nonox> SORRY
<Nonox> I'it was my first time using the API!
<Nonox> And... I was afraid!
<Nonox> thanks hallyn for you help!
<hallyn> Nonox: np :)
<uvirtbot`> New bug: #629925 in open-vm-tools (multiverse) "package open-vm-dkms 2010.04.25-253928-2 ubuntu2 failed to install/upgrade: open-vm-tools kernel module failed to build (maverick)" [Critical,Invalid] https://launchpad.net/bugs/629925
<Martyn> Morning.
<RoyK> good localtime();
<lynxman> RoyK: does that take in account daylight saving times?
<RoyK> lynxman: man localtime ;)
<lynxman> RoyK: good :)
<Martyn> good UTS(-4)
<Martyn> *rolls eyes*
<Martyn> when does the server team meeting usually take place?
<Martyn> I thought Thurs mornings?
<Daviey> negronjl: Your orchestra commit, do you want that sponsored - or hold out for more love?
<negronjl> Daviey:  It would be great if I can get it sponsored :)
<negronjl> Daviey:  I'll start the build and put it all on the ppa.
<negronjl> Daviey:  I assume you can take it from there ??
<Daviey> negronjl: no nead.. i'll just upload it from the branch.
<negronjl> Daviey:  Thanks!  Let me know if there is anything I can do to help
<Daviey> negronjl: my car could do with a wash.
 * Martyn chuckles
<negronjl> Daviey:  I'll get right on that...just hold your breath :)
<Daviey> wilco!
<Ursinha> Daviey: hey man, bonjour
<Martyn> Hey, Daviey .. what day/time is the next server meeting?
<Martyn> I think I got wires crossed .. thought it was this morning.
<lynxman> Daviey: I thought you didn't have a car
<BPower> Hey all, apache and mysql are using a significant amount of memory even when they have no requests - apache has 11 processes running and mysql has 15 processes. Any suggestions on where I should start to reduce the memory/process load?
<smoser> lynxman, just because daviey can't drive [well] doesn't mean he doesnt have a car.
<lynxman> smoser: I assumed that was the case...
<Daviey> lynxman: i have 3.
<Daviey> Martyn: Tuesday
<Martyn> Got it.
<Martyn> Someone kindly gave me the fridge link
<lynxman> Daviey: three cars? You almost sound American
<Martyn> Well, now you have to tell us what kind of cars :)  Like on Top Gear. .. we will judge you by your taste in vehicles.
<Daviey> lynxman: well one hasn't been on the road since 2004.
<lynxman> some say... that he goes in flip flops to meetings, and also that he has three cars... all we know... he's called Daviey
<Martyn> heh
<Daviey> :o
<fullstop> Hi.  I have a 4TB iscsi volume, which will have many millions of small files, from 300 bytes to ~20K each.
<fullstop> I was thinking of going with ext4, but I'm trying to understand my limits with the # of inodes and the inode_ratio.
<fullstop> is there an ext4 tuning guide, where I can calculate the maximum number of files, etc?
<patdk-wk> 1 inode per file
<patdk-wk> and probably 1 inode per 4k of disk space
<fullstop> I think that I would want a blocksize of 1024
<patdk-wk> then 1 per 1k max
<fullstop> so that might chew through a bunch of inodes.
<patdk-wk> but I would probably go with 4k anyways :)
<fullstop> how come?
<patdk-wk> let those 20k files help balance it out
<fullstop> There are a _lot_ of 300 byte files.  :)
<patdk-wk> I guess this isn't an email store
<fullstop> lots of desolate land and water in the world.
<patdk-wk> something tells me this is the *wrong* way to store your data though :)
<fullstop> I'm storing map tiles..
<fullstop> using the tile-cache data store.
<patdk-wk> ya, but why store each one like that?
<patdk-wk> or cause that is how some program does it, and you don't want to program it :(
<fullstop> because they can be loaded using openlayers directly in a browser.
<patdk-wk> browsers use http servers, not filesystems
<Martyn> unless you are using webdav
<patdk-wk> if there are lots of 300bytes files that are the same, hell, 1 300byte file would do so
<patdk-wk> martyn, webdav is http
<Martyn> webdav has no https support?
<patdk-wk> it doesn't depend on a filesystem, the filesystem could be a database for all webdav could care
<fullstop> the openlayers side can generate urls which map directly into the cache.
<Martyn> ah, point
<fullstop> when complete, the filesystem is read-only.
<fullstop> and lookups are fast, far faster than what a database could do.
<patdk-wk> fullstop, not saying it won't work
<patdk-wk> heh?
<fullstop> far faster than a database on top of a filesystem could do, if that makes sense.
<patdk-wk> nope
<patdk-wk> cause they are the same, unless your not using an index
<fullstop> implicit indexes with the filesystem.. each layer is in a directory, which is further sub-divided.
<patdk-wk> databases also have indexs, it's just as fast
<patdk-wk> but that isn't my point at all
<fullstop> yes, but now I have to have something to query the database.
<patdk-wk> I didn't even tell you to use a database
<patdk-wk> so I dunno where that talk came from
<fullstop> The point is, once I have the tiles rendered, I can serve them up directly from nginx.
<fullstop> without any processing in between, other than the filesystem
<patdk-wk> hmm, you waste 1k of disk space for every 4 inodes
<Aison> is there a tiny webbrowser that I can install on my server for X11 forwarding?
<patdk-wk> so 1/4 of your disk will be unusable for inodes
<patdk-wk> might be as much as 1/3 after superblocks and other stuff are added in, not sure
<bsg_kwolf> I'm having a bit of trouble using Kickstart to install a Ubuntu 10.10 VM on an 11.04 host.  No matter what I pass in the virt-install, it's trying to dhcp instead of using the static IP I'm passing.  Anyone seen this?  Here's my -x options:  "ks=http://10.254.254.11/jslave02.cfg ksdevice=eth0 ip=10.254.254.151 gateway=10.254.254.1 netmask=255.255.255.0 dns=192.168.42.2"
<kierge-> if i use a dynamic dns resolver on my router is that dyndns.org address good enough to run a fully functional wordpress page from ?
<kierge-> links and all ?
<bsg_kwolf> Also, oddly it fails to do DHCP, even though it should be able to obtain an IP.  Makes me think for some reason the interface isn't up.  I can see it doing DHCP discovers in the logs, but it's never getting an offer, and it should.
<patdk-wk> fullstop, 1k block size is only good up to 2tb
<bsg_kwolf> If I then manually configure the network on the install it's fine.
<fullstop> patdk-wk: good to know.  This is why I was asking.  :)
<patdk-wk> seems ext4 does support large though (not ext3 though)
<patdk-wk> but the ext utils still have limitations
<chrisPerkins> Kierge I presume that you have a dyndns.org account set up and a server at home or the office somewhere behind a router with dynamic ip? is that right?
<fullstop> I briefly considered reiserfs, but I don't know how much life it has left.
<patdk-wk> reiserfs keeps on randomly corrupting itself on me, so I stopped using it
<fullstop> and, from what I've read, xfs is more for large files... but I've read some positive things about small file situations as well.
<fullstop> reiserfs corrupted stuff for me, but that was years ago on a mandrake system.
<fullstop> so that should tell you the age.
<chrisPerkins> I am tearing my hair out trying to set up a mail-server to support multiple domains. Has anyone got any solid experience or can they point me towards reliable information / tutorials etc?
<uvirtbot`> New bug: #814164 in openvpn (main) "The init script does not handle the script-security parameter correctly when there are multiple configuration files" [Undecided,New] https://launchpad.net/bugs/814164
<chrisPerkins> I am tearing my hair out trying to set up a mail-server to support multiple domains. Has anyone got any solid experience or can they point me towards reliable information / tutorials etc?:-/:P
<raubvogel> Which user is kerberos  run as?
<chrisPerkins> Anyone know how to build a mail-server?
<raubvogel> chrisPerkins: requirements?
<ksx4system> if i enable and configure ufw for IPv4 connectivity and then enable IPv6 in config - does rules made with v4 only setup apply to freshly enabled Ipv6?
<jdstrand> ksx4system: no
<jdstrand> ksx4system: also, you will want to do 'ufw reload' after turning on ipv6
<ksx4system> jdstrand: i did /etc/init.d/ufw restart
<jdstrand> that's good enough
<raubvogel> chrisPerkins: the ubuntu wiki has entries on setting up postfix + dovecot + etc. How deep the etc goes depends on what you need. hence the specs question
<chrisPerkins> I am building a mail server to server multiple addresses over multiple domains. Have tried setting up ldap but can't find complete or reliable information. So looking to set up and configure postfix,  courier, mysql, apache, webmail, shorewall etc
<ksx4system> jdstrand: so... i must create a new ruleset for IPv6, am i right?
<raubvogel> chrisPerkins: multiple addresses + multiple domains could be done with postfix + dovecot + ldap
<raubvogel> How do you talk to ldap depends on your mood
<jdstrand> ksx4system: old rules will not be automiatically applied to ipv6, because that might not be what the person actually wants. new rules may apply to both depending on the rule. eg 'ufw allow OpenSSH' would apply to both, 'ufw allow from 192.168.2.10' would not
<BPower> Hey all, apache and mysql are using a significant amount of memory even when they have no requests - apache has 11 processes running and mysql has 15 processes. Any suggestions on where I should start to reduce the memory/process load?
<patdk-wk> bpower, start by understanding how to read memory usage first :)
<raubvogel> What I have here is that + usual spam/virus stuff + tls/smtp auth
<chrisPerkins> thanks for your responses raubvogel I'm really going insane.
<jdstrand> ksx4system: if you already did 'ufw allow OpenSSH' with ipv4 only, you should be able to do it again after enabling ipv6 and have it do what you want
<patdk-wk> normally all that memory is shared between them
<jdstrand> (ie, add only the ipv6 rule)
<raubvogel> chrisPerkins: webmail stuff you can add later. Are you going to let people imap+tls to server?
<patdk-wk> and normally apache doesn't use a lot of memory, unless you use mod_php, mod_perl, ...
<BPower> patdk-wk, together apache(+php) and mysql are using over 300mb of memory with 0 requests in the past hour.
<ksx4system> jdstrand: afaics when i'll be setting firewall from scratch (with dual stack v4/v6 connectivity) it'll be need to add rules only once?
<patdk-wk> how did you come up with 300mb?
<raubvogel> AFAIK, chrisPerkins, you can have ldap only talking to dovecot. And then postfix can use dovecot for tls auth and be done
<VSpike> Hi - I have a Sitecom 300N X3 adapter (Ralink) and I'm having trouble making it work. Unsurprisingly
<VSpike> I'm running Lucid
<fullstop> nginx + php-fpm works quite well.
<VSpike> Do I have any chance of making it work?
<BPower> patdk-wk, top/htop
<VSpike> rt2800usb module claims it but when loaded rejects it saying invalid chipset detected or similar
<patdk-wk> well,  Iknow top won't tell you correct memory usage, dunno about htop
<raubvogel> VSpike: making it work == ?
<VSpike> None of the rt*sta module seem to claim it, afaict
<jdstrand> ksx4system: depends on the rule. if you are specifying an ipv4 address for example, then it won't be added to ipv6. see 'man ufw' for details
<VSpike> raubvogel: well - appearing in ifconfig -a would be a good start :)
<BPower> patdk-wk, the total memory usage on the server is the full 256 of allotted ram + 150mb of swap.
<raubvogel> VSpike: does it at least show up on lsusb?
<VSpike> raubvogel: sure does
<fullstop> BPower: virtual machine?
<BPower> fullstop, yes
<VSpike> raubvogel: id is 0df6:0042
<fullstop> BPower: depending on how tied your php stuff is to apache (.htaccess, mod_rewrite), you should take a look at nginx and php-fpm.
<chrisPerkins> raubvogel Yes I'm going to allow people to access IMAP+tls
<fullstop> BPower: http://interfacelab.com/nginx-php-fpm-apc-awesome/
<patdk-wk> fullstop, that will do nothing to solve his issue
<patdk-wk> it will just move the issue from apache to php
<patdk-wk> cause then php will be showing ram usage, where now it is counted for in apache
<raubvogel> VSpike: I do not know how dated this is: http://wiki.debian.org/rt2870sta
<chrisPerkins> raubvogel Where should I start is there any reliable documentation? How long do you think it will take me realistically.
<fullstop> patdk-wk: not true.
<raubvogel> chrisPerkins: probably a few hours if you have everything lined up
<patdk-wk> how so?
<VSpike> raubvogel: yeah - I saw that. Makes me think perhaps I need to compile a new rt2870sta on my box using the latest code from ralink?
<fullstop> patdk-wk: it removes php from the web processes, and keeps a pool of them running.
<VSpike> I get the impression that the rt2x00 will not work no matter what
<patdk-wk> fullstop, so does apache
<fullstop> Not if you are using mod_php
<patdk-wk> sure it does
<patdk-wk> the same pool that does static pages does php ones
<fullstop> a request for an image will be served by an apache worker with php
<patdk-wk> sure, it's still a pool of processes
<fullstop> Yes, but you do not need as many processes with php loaded.
<patdk-wk> depends, my websites have more php hits than html/image hits, cause of expires headers and caching
<fullstop> If you could have 10 processes with php for handling php code, and 20 processes just for handling static, that will win.. with the right usage.
<patdk-wk> if you need that much static, you have crapload of first time users, or bad caching
<fullstop> You must not have many images
<chrisPerkins> raubvogel: So If I install postfix dovecot and ldap where is the best place to find instuctions?
<fullstop> You really can't control or rely on how a user's cache works.
<patdk-wk> sure you can, that is the whole point of the expires header, etag, ...
<raubvogel> chrisPerkins: I would get postfix+dovecot running (https://help.ubuntu.com/community/PostfixDovecotSASL and https://help.ubuntu.com/community/Postfix) and then go to the dovecot website and read their wiki on getting it to work with ldap
<fullstop> I still stand by saying that, for low memory systems, nginx + apache-fpm gives you better control of your maximum memory usage under load.
<raubvogel> VSpike: I would give the compilation thingie a try. Do you know if the device runs on another machine?
<fullstop> patdk-wk: newer browsers do not always cache, until you have requested the same content a few times.
<chrisPerkins> raubvogel: I'm on it thank you so much. Anything I should look out for?
<raubvogel> chrisPerkins: there is also https://help.ubuntu.com/community/Postfix/DovecotLDAP
<fullstop> It really depends on how full the cache is, and what they choose to keep / expire from the cache
<fullstop> Do some testing with chromium, firefox and internet explorer.  It's actually kind of surprising.
<jdstrand> hallyn: hey, so all those libvirt packages in -proposed. can you prod them along? I've got another security update and would prefer not to stomp on your pacakges yet again
<patdk-wk> well, all my users browsers are pretty dumb then, and cache everything
<jdstrand> hallyn: I mean, I'll do it; just know I won't enjoy it :P
<raubvogel> chrisPerkins: I think that should get you going. Then, if you are stuck in dovecot, the people at #dovecot are really helpful. #postfix, well, they do expect you to know it well before asking
<raubvogel> I am going food hunting
<BPower> fullstop, patdk-wk, interesting conversation. I'll take a look into it and see if it suits my needs :) Thanks
<patdk-wk> bpower, as for mysql
<patdk-wk> well, it's designed to do that on purpose
<patdk-wk> normally you want your database fast, that means in memory
<patdk-wk> if you want it smaller, you have to tune it smaller
<patdk-wk> default is 128megs cache
<hallyn> jdstrand: yeah, let me take a look, thanks for the heads-up
 * patdk-wk plays with smem some
<jdstrand> hallyn: thanks
<BPower> patdk-wk, you're right. i should have thought of that -- just skipped my mind for some reason. I was considering moving the db server to its own unit.
<patdk-wk> hmm, my apache is using 1.5megs per process
<fullstop> patdk-wk: using mod_php or php as fastcgi?
<patdk-wk> mod_php
<fullstop> I have a hard time believing that php fits into 1.5 megs
<fullstop> it is shared, understandably...
<patdk-wk> ya, that is 1.5megs uniq memoy per process
<patdk-wk> I'm sure apache+php has lots of shared code pages across all processes
<patdk-wk> but I shouldn't count those 10times their real amount
<patdk-wk> top says apache is using 9.6megs
<patdk-wk> but real memory used is 1.4 to 1.8megs per process
<patdk-wk> so in reality, my 10 apache processes are using 16megs of ram total
<patdk-wk> not 96megs
<fullstop> patdk-wk: Where are you getting 1.5 from?  What utility / proc entry?
<patdk-wk> smem
<fullstop> I want to compare to ubuntu-server here
<patdk-wk> uss = uniq mem per process, pss = process size, rss=same as top value
<patdk-wk> pss includes it's usage of shared ram
<patdk-wk> hmm, now this loaded down apache is using about 20megs per process
<patdk-wk> but it also has 300megs usage in php apc
<BPower> patdk-wk, holy crap. to install smem it requires 80+ more dependencies.
<patdk-wk> apt-get --no-install-recommends install smem
<patdk-wk> :)
<patdk-wk> you probably don't need it to make pretty graphs
<BPower> cool
<BPower> i've got to run now.  thanks a ton patdk-wk and fullstop :)
<fullstop> patdk-wk: and which column?  RSS or PSS?
<patdk-wk> pss
<patdk-wk> rss will be the same as top, uniq memory + all shared memory
<fullstop> patdk-wk: are you using any swap?
<patdk-wk> for apache, nope
<patdk-wk> udevd is swapped out hard :)
<patdk-wk> amavisd looks interesting, uss=50megs, pss=80megs, and rss=142megs
<patdk-wk> it's like the only threaded thing I have that has craploads of uniq mem
<fullstop> okay, using smem I show apache at about 600K
<fullstop> nginx at 800K..  but this is not apples-to-apples at all.
<fullstop> since php is not embedded in nginx
<fullstop> and instead works through a separate pool.
 * patdk-wk perfers lighttpd
<fullstop> And, additionally, apache has far more workers.
<fullstop> I used lighttpd for a while.  The config file can be a real pain.
<patdk-wk> hmm? config file is easy
<fullstop> That is, it's not really clear what is wrong when there is a syntax error.
<fullstop> I find nginx's config file far easier to read.
<patdk-wk> lighttpd 2.x has a fun config
<fullstop> I am pretty sure that I was using one of the later 1.X's.
<fullstop> 1.4.X
<fullstop> I still think that nginx wins.  :)
<fullstop> especially with unanticipated load.
<fullstop> Cases where people do not already have your static content in their cache.  ;-)
<MinaSh> Hello, my server has many domains and subdomains. I have a service running on port 8081. now it is accessible by any domain of them. I want it to be accessible only by one of them. how can I disable others or at least make them redirect to my desired one?
<bsg_kwolf> I'm setting up VM's in a ubuntu 11.04 host running 10.10 on the VM's.  I'm having trouble getting kickstart to accept the static IP I'm passing it with '-x "ks=http://10.254.254.11/jslave02.cfg ksdevice=eth0 ip=10.254.254.151 gateway=10.254.254.1 netmask=255.255.255.0 dns=192.168.42.2"' being passed to virt-install.  It's always using DHCP.
<bsg_kwolf> Any one any ideas?
<rcaskey> I just setup a new linode and it set the root password for me as part of the setup, but I want it as similar as possible to a stock install. I added my own user, added the user to the sudo group, how do I lock out the old root login?
<ScottK> rcaskey: See https://help.ubuntu.com/community/RootSudo
<ScottK> It's described there how to do it.
<netritious> Hi, how do I install Ubuntu server and exclude ubuntu-standard meta-package? Like jeOS, but I'm using 10.04. I'm looking for the smallest (resaonable) footprint.
<patdk-wk> netritious, click f4, and select minimal
<patdk-wk> but then that IS jeOS :)
<netritious> patdk-wk, I thought I tried that but will try again. Thanks!
<patdk-wk> mine comes in at around 400megs about
<patdk-wk> and approx 24megs of ram usage on boot
<netritious> nice..that's what I seek. :)
<rcaskey> should I install dbndns or djbdns?
<patdk-wk> personally, I wouldn't use either
<rcaskey> patdk-wk, I'm considering a move to bind but I inherited djbdns and need to setup a secondary external withoiut a lot of fuss
<rcaskey> so it's something I'd revisit later
 * RoyK found a pin with hammer and sickle at work and is wondering if people will look sideways if he wears it
<raubvogel> RoyK: If you wear it on your nose, yeah. As a nipple ring, well, I would look sideways myself...
 * RoyK doesn't pierce his skin
<RoyK> I saw this poster once, someone made a jolly big one with hammer and banana
<raubvogel> RoyK: lol
<geekbri> Guys, i ran apt-get upgrade and now suddenly my locales is broken.  When i try to do tab completion in bash i get bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.us-ascii).
<geekbri> However if i sudo su and I am root I dont get the error, any clue how to fix this
<uvirtbot`> New bug: #814226 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/814226
<adam_g> RoAkSoAx: ping
<RoAkSoAx> adam_g: pong
<adam_g> RoAkSoAx: how did you want to handle bug #744293?
<uvirtbot`> Launchpad bug 744293 in drbd8 "Infinite loop in helper LVM script for DRBD 8 in Lucid" [High,In progress] https://launchpad.net/bugs/744293
<RoAkSoAx> adam_g: yes was just about to review it
<b0gatyr> hi guys, why are virtual IPs usually set on loopback interfaces?
<fullstop> djbdns isn't all that bad.
<fullstop> I use it here, but if I had to do it again I'd use nsd / unbound.
<patdk-wk> b0gatyr, what exactly is a *virtual* ip?
<fullstop> I think he is talking about eth0:1
<fullstop> a virtual interface
<patdk-wk> that isn't virtual, or on a loopback
<fullstop> or maybe he means private addresses
<patdk-wk> eth0:1 is technically nothing more than a label, used to be called an alias
<b0gatyr> sorry I meant an IP set on a virtual interface
<fullstop> patdk-wk: eth0:1 is commonly referred to as a virtual interface
<patdk-wk> by virtual interface, you mean for some type of vm thing?
<patdk-wk> fullstop, never seen that in the last 20 years of using linux
<b0gatyr> but i've seen people use the loopback interface for this, wouldnt this cause problems since packets are sourced with that loopback address?
<patdk-wk> why would they be sourced wit hthe loopback interface?
<patdk-wk> the interface source and ip have nothing to do with each other
<fullstop> patdk-wk: Look around.. it's really a common term.  :)
<patdk-wk> except if a packet goes out an interface without a source ip
<patdk-wk> fullstop, I try to use offical terms, cause anything else causes confusion
<RoAkSoAx> adam_g: btw.. on SRU's if the version I had prepared was ubuntu2.2 and you made changes *beofre* it actually hit the archives, you keep the version but just add your name and changes to the changelog entry
<patdk-wk> eth0:1 is an aliased interface, according to man ifconfig
<patdk-wk> and that has been depressiated with iproute2 for years now
<RoAkSoAx> adam_g: however, in this particular case we don;t need to add that as we "understand" that a patch should have been added to 00list :)
<patdk-wk> b0gatyr, are you looking at a ipvs setup?
<fullstop> patdk-wk: It's still a commonly used term, for at least the last decade.
<adam_g> RoAkSoAx: right, i was mainly just throwing something together to get him up and testing while you were busy at the sprint. did it ever make it to the SRU queue as it was?
<patdk-wk> fullstop, and it's so wrong and incorrect on so many levels
<geekbri> christ, does anybody here have a clue why on ubuntu 10.04 LTS i suddenly get all sorts of terrible locale errors when i try to use tab completion?
<patdk-wk> geekbri, your locale was never set?
<RoAkSoAx> adam_g: i cant really remember
<fullstop> patdk-wk: It's still  used, and you may benefit from understanding what others mean.
<geekbri> patdk-wk: it was working fine until i ran apt-get upgrade a couple minutes ago.  I've tried locale-gen and it seemse to generate my locales fine
<RoAkSoAx> adam_g: doesn't look like it: https://launchpad.net/ubuntu/lucid/+queue?queue_state=1 :)
<patdk-wk> geekbri, "sudo dpkg-reconfigure localeconf"
<adam_g> RoAkSoAx: yah.. so you'll just fix the packaging error and get SRU started?
<geekbri> patdk-wk: results in some perl errors saying setting locale failed.  It also says it cannot set "LC_CTYPE, LC_MESSAGES, and LC_ALL"
<RoAkSoAx> adam_g: yeah I'll just upload it as the SRU justification is already done
<adam_g> sounds good
<RoAkSoAx> adam_g: alright, it's in the queue waiting for approval
<chrisPerkins> #drupal
<geekbri> patdk-wk: just a heads up, i think apt-get upgrade broke it, i wish i could remember which package but i added LC_ALL=en_US.UTF-8 to my /etc/default/locale and it fixed it
<maxagaz> hi
<maxagaz> when I do: man cbq, I get CBQ(8) at the top, what does 8 stands for ?
<jhobbs> man man has the answer
<uvirtbot`> New bug: #496601 in vsftpd (main) "package vsftpd 2.2.0-1ubuntu1 failed to install/upgrade: ??? ???? post-installation ?? ?????? 1 (dup-of: 523896)" [Low,Confirmed] https://launchpad.net/bugs/496601
<raubvogel> which user is krb5kdc run as?
<geekbri> I'm not 100% which package it is, but i've had 2 of my servers locale break after an apt-get upgrade... just figured i'd say something...
<geekbri> make that 3 servers.
<pmatulis> geekbri: well, pastebin the output
<hallyn> and maybe the end of /var/log/dpkg.log
<geekbri> yeah let me find out that information hold on.
<geekbri> predictably so it looks to be the locales 2.11+git20100304-3 causing the issue at least for me.
<geekbri> hrm i could be wrong, it could be libc
<philipballew> QUESTION: does ssh work when i have not logged into my server with my user account?
<raubvogel> philipballew, what do you mean?
<philipballew> like can i take my server. plug it into a cat 5 power it on and ssh into it without entering username and password from a keyboard connected to the server
<philipballew> raubvogel,
<raubvogel> philipballew, that is exactly what you use ssh for
<raubvogel> you first make sure you have openssh-server installed
<philipballew> i selected open ssh during install
<raubvogel> and then, say, ssh thetick@monkeybutt.com
<raubvogel> Then it should be installed
<raubvogel> did you try to ssh into it?
<philipballew> i installed it ofline and need to connect it to the network now
<philipballew> if im on a lan i can just enter ssh nameofcomputer ?
<raubvogel> If you are logged in as the same user in another machine, sure
<raubvogel> otherwise, see the example above
<raubvogel> (monkeybutt)
<raubvogel> That would be ssh'ing from a Mac or a Linux/unix box to the monkeybutt
<philipballew> well im on my ubuntu laptop
<raubvogel> same use as in the other machine?
<philipballew> i am connected to the same router as the server
<philipballew> i need to ssh into it
<philipballew> it doesnt have a domain
<raubvogel> I meant same *user*
<philipballew> ? in what way
<raubvogel> I am going to call your server monkeybutt. So which is the username you are going to log in as when you connect to monkeybutt?
<philipballew> alright so since my computers name is philipserver  i type ssh philipserver
<raubvogel> What is your username in philipserver?
<philipballew> philip
<raubvogel> And what is the username in your laptop?
<philipballew> philip
<raubvogel> If and only if they are the same, then you can do ssh philipserver
<philipballew> and if they are not. find the locaal ip and go that way?
<raubvogel> philipballew, we are still talking about username. You normally do ssh user@machine. In your case you can do philip@philipserver or, since you are using the same username, omit it
<raubvogel> Now, if philipserver does not work, you then replace "machine" with the ip address
<raubvogel> so, if philipserver's address is 192.168.1.2, you could do ssh 192.168.1.2
<philipballew> time to pop up nmap
<philipballew> haha
<raubvogel> Or go ask your router
<philipballew> that to
<philipballew> does it mater if im connected wirelessly and the server is not?
<raubvogel> philipballew, that depends on how you set your router
<raubvogel> can you ping the server from laptop?
<philipballew> no i can not
<philipballew> :(
<philipballew> its a horriable router
<philipballew> i need to port forword 22 probably
<maxb> I think I may have found a (non-vulnerability) bug in OpenSSH. What's the best place to ask about it?  (ChallengeResponseAuthentication=no also disables KbdInteractiveAuthentication)
#ubuntu-server 2011-07-22
<elliotf> is there a reason why solr-jetty doesn't depend on openjdk-6-jdk when it won't run without it?
<elliotf> I don't see any suggests, either..
<SpamapS> elliotf: what does it depend on?
<SpamapS> elliotf: oh and solr-common depends on openjdk-6-jre-headless | java5-runtime-headless | java6-runtime-headless ...
<SpamapS> elliotf: I suspect it doesn't need the full jdk.. but maybe it does?
 * SpamapS just realized he's terribly late and cannot stay to discuss
<elliotf> SpamapS: it seems to..
<elliotf> SpamapS: it spits out a 500 error complaining it can't find javac
<elliotf> until you install openjdk-6-jdk...  then it shuts up and does it job
<elliotf> SpamapS: something to do with .jsp files or somesuch
 * elliotf is not a java guy...  yet
<JRWR> Ubuntu 10.04 (Linode) - Postfix/Dovecot Issue - Unable to receive emails - When ever i send a email to my mail server, the logs show that the email was received and no errors where found, when i go to check the account, no emails are in the inbox at all - main.cf http://pastebin.com/ARjhCSFC / master.cf http://pastebin.com/KHLRZt4A / dovecot.conf http://pastebin.com/hfKgB6VW / mail.log
<JRWR> excerpt: http://pastebin.com/ALqcw0Xb
<twb> JRWR: what MDA?
<JRWR> Well.. that is a good question
<JRWR> I dont know...
<twb> Looks like you're using postfix's built-in MDA
<twb> Does /home/vmail/%d/%n exist?
<JRWR> yes
<twb> Does it have appropriate owner/group/permissions
<JRWR> yep
<twb> Does the user have a .forward or .procmailrc?  Do the logs say anything relevant?
 * twb reads mail.log paste
<JRWR> I did find out where the mail was going... into Maildir into my home dir
<twb> Looks like you're using amavis as the MDA
<twb> I don't see where you tell postfix to do that, but the logs imply it
<JRWR> it should be in the master.cf
<JRWR> thats where i set the content filter at
<twb> Oh right
<JRWR> twb: here is the full output of postconf http://pastebin.com/SEGfSQGi
<patdk-lap> try adding a -n on that
<patdk-lap> postconf -n
<JRWR> http://pastebin.com/Y9KfkhZU
<twb> diff -U0 <(postconf -d) <(postconf) | sed /^@/d
<twb> ...that will show only the options you (or Ubuntu) have changed from the defaults, what they are, and what they were.
<patdk-lap> why don't you try fixing those warnings first?
<patdk-lap> twb, isn't that what -n is for :)
<twb> patdk-lap: that doesn't show you what they were
<JRWR> twb: already fixed the working
<JRWR> warning
<patdk-lap> twb, heh?
<patdk-lap> you removed your domains from mydestination?
<twb> patdk-lap: never mind, man
<twb> patdk-lap: I prefer doin' in my way, but I don't care enough to argue about it
<JRWR> ok I got the server working
<JRWR> for the logs, i had survivorzero.com in the mydestination as well as in virtualhost database as well.. this seemed to cause a conflit
<JRWR> and now has been resloved
<JRWR> Thanks for the help guys
<twb> Hooray
<JRWR> atlest i didnt do a I fixed it, and then left
<JRWR> I know this channel has to be logged :)
<JRWR> who knows what some poor soul might be goolging for
<Doonz> hey can you use a reverse break out cable either way?
<twb> Doonz: what is a reverse break out cable
<Doonz> usually a sff-8087 connect to 4 discrete sata/sas connection
<Doonz> im wondering if you can go from the controller 4 discrete sata to 1 sff-8087 port on a back plane
<patdk-lap> no
<patdk-lap> they can only go one way
<patdk-lap> it's like the only cable you can't use backwards
<twb> Oh, SAS.  Fuck that shit, man.  I'm glad I skipped the whole SCSI termination era
<patdk-lap> heh, sas is simple, the numbers just lie though
<Doonz> patdk-lap: sorry your wrong just received my email from lsi
<patdk-lap> hmm?
<Doonz> they work apparently
<patdk-lap> hmm, I know there is one cable that doesn't
<patdk-lap> can't seem to locate the nice document on it right now :(
<Doonz> dunno but they sent me the link
<Doonz> http://www.ncix.com/products/?sku=48798&vpn=C-SFF8087-4S&manufacture=Norco%20Technologies%20Inc%2E
<Doonz> this one is what i need since i got a raid card with 4 discrete sata/sas ports on it but its going in a case that has a 4port backplane
<Doonz> so that cable will allow me to go card to back plane no problem
<Doonz> the case is a norco 4220
<patdk-lap> ya, that will work
<patdk-lap> but you can't just flip it around and use it backwards
<patdk-lap> you can't go from a motherboard with a sff8087 to 4 sata drives
<DanaG> hmm, 42MB/second going over Broadcom gigabit, from ZFS.
<Doonz> according to lsi you can
<patdk-lap> that is why they make sff8087 -> 4sata, and sff8087 -> 4sata reverse
<DanaG> What's likely the limit: zfsonlinux, or the Broadcom card?
<DanaG> Broadcom 5723, specifically.
<Doonz> DanaG: THOSE ARE GOOD RATES
<Doonz> LOL
<Doonz> dammit caps
<DanaG> That's from that server to my laptop, with an Intel 82567L.
<Doonz> what switch in the middle
<DanaG> Whatever's built into a WRT350N.
<DanaG> I've tested from SSD to SSD, and gotten 80MB/second.
<DanaG> And that was with 100% CPU usage on the Pentium M with Broadcom ethernet in Windows.
<Doonz> thats asus or dlink
<Doonz> whats a direct link between server and laptop get?
<DanaG> That's Linksys.
<DanaG> Hmm, haven't tried a direct link.
<DanaG> Oh yeah, and iperf showed... I forgot what, but it was pretty high.
<Doonz> try direct and just see if there is a difference
<DanaG> Easier thing to do, for now: try the Intel card.
<Doonz> yeah i would put money on the switch not being able to handle full load
<DanaG> Interesting: the Intel is getting 52.
<DanaG> Now I'll try direct.
<patdk-lap> oh, the sff8087 is fine, it's the sff8088 that you can't reverse
<patdk-lap> how strange
<DanaG> Hmm, direct with Broadcom is 47MB/second.
<DanaG> I'll try direct with Intel.
<DanaG> And notably, the source partition is zfsonlinux.
<DanaG> Since btrfs isn't yet usable, in terms of having a fsck.
<DanaG> As soon as I can get btrfs, I'll switch.
<DanaG> Er, as soon as it's more useful.
<Martyn> wait, what's wrong with the btrfs fsck?
<Martyn> Oh, I see. the fact it doesn't _have_ one
<DanaG> Interesting... I did get a kernel oops from e1000e.
<DanaG> And I'm seeing that only via the remote access card.
<DanaG> All networking is dead.
<DanaG> weird... from "booting a command list", to the first kernel log messages, it takes a good 30 seconds of blank screen with blinking text cursor.
<Martyn> WOOHOO!  Linux 3.0 officially pushed
<DanaG_> Okay, so, link-local from Intel to Intel: BSODs my laptop.
<DanaG_> And with laptop in Ubuntu, I'm getting 26 MB/second.
<DanaG_> That's lower than what I got with Broadcom in Windows.
<DanaG_> Actually, it's probably limited by ZFS, mostly.
<DanaG_> Now to try link-local on Broadcom.
<DanaG_> nah, I've actually had enough experimenting for now.
<DanaG_> Is it expected for a Broadcom card to outperform an Intel card?
<Doonz> weird
<DanaG_> I'm going to try some iperf again.
<DanaG_> Even while that Intel link-local transfer is going on, I'm getting 930 megabits on iperf to Intel.
<DanaG_> ah, yeah, the file transfer does seem to be limited by ZFS.
<DanaG_> Come on, btfsck... we need you!
<Martyn> Okay, why the _heck_ is AoE so .. bloody .. slow on ARM?
<Martyn> Is this all CPU bound?
<DanaG_> Age of Empires?
<Martyn> ATA over Ethernet
<Martyn> iSCSI hurts a bit too
<DanaG_> Okay, iperf with broadcom on switch: 84 megabits.
<DanaG_> Now to try Intel on switch and Broadcom direct.
<idlemind324> hello. i'm looking for help running ubuntu server 10.04 lts from a thumb drive (the actual os installed on the thumb drive and booting to it)
<ChmEarl> idlemind324, what about using the live ISO (& convert isolinux to syslinux)?
<idlemind324> live iso is only on the desktop version
<idlemind324> (i think)
<ChmEarl> idlemind324, yes - forgot about that
<idlemind324> i'm trying a tool called unetbootin now
<Umren> idlemind324: good tool
<idlemind324> we'll see if it does the trick =)
<twb> unetbootin is stinky and crap
<twb> http://archive.ubuntu.com/ubuntu/dists/lucid/main/installer-amd64/current/images/netboot/
<twb> Just use boot.img there
<idlemind324> twb forgive me i just copy the boot.img file to my thumb drive and leave it completely blank then?
<twb> gunzip it, then cat boot.img >/dev/uba, where uba is your USB key
<twb> Note *not* a partition on the key, e.g. uba1
<idlemind324> twb: sudo cat boot.img > /dev/sdb
<idlemind324> twb: gives me "bash: /dev/sdb: Permission denied"
<jmarsden> idlemind324: the redirect is happening in your normal user shell...
<jmarsden> idlemind324: cat boot.img |sudo tee /dev/sdb >/dev/null      # will probably work
<jmarsden> Or just sudo -s and then type the cat command in a root shell.
<idlemind324> The first ommand gives me a no medium found error
<idlemind324> adding the -s in front of the original command still gives me a permission denied error
<DanaG> sudo -i  is better.
<jmarsden> Are you sure the USB drive is /dev/sdb ?
<idlemind324> yes
<DanaG> Though then you'll need the full path.
<jmarsden> DanaG: Explain how it makes a difference to this command?
<DanaG> I usually use /dev/disk/by-id/ to be absolutely sure it's USB.
<DanaG> Yeah, -i doesn't matter here.
<twb> jmarsden: UUOC
<twb> DanaG: I usually check /proc/partitions
<idlemind324> http://pastebin.com/rH4E3qz2 <- ls of my /dev/disk/by-id/ folder
<jmarsden> twb: Guilty as charged... sudo tee /dev/sdb <boot.img >/dev/null  should work too.  I just have the "something |sudo tee filename" approach in my fingers and didn't adapt for the "something" being cat.
<idlemind324> well this is encouraging
<idlemind324> sudo dd if=boot.img of=/dev/sdb went through
<idlemind324> my system on the other side is loading up now off usb drive but it's just loading the netboot img
<idlemind324> i'm going to pick this up in the am need some sleep thanks for getting me pointed in the right direction
<uvirtbot`> New bug: #814436 in postfix (main) "package postfix 2.8.2-1ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/814436
<philipballew> can someone help me with this? http://www.howtogeek.com/howto/ubuntu/change-ubuntu-server-from-dhcp-to-a-static-ip-address/
<jamespage> philipballew: sure - what are you having trouble with?
<philipballew> jamespage, haha, the whole thing
<philipballew> :)
<philipballew> and i need to figure out whats a good local ip to choose so i dont interfeare with my router
<jamespage> philipballew: well that would be a good start - sometime routers only give out DHCP IP addresses for specific ranges
<jamespage> or at least can be configured todo that
<philipballew> the router i have now is kinda lame
<philipballew> 2wire by att
<philipballew> it has a built in modem therefor i cany add my ddwrt routers
<philipballew> but thats irrelvent
<philipballew> jamespage,
<jamespage> philipballew: so most of the network configuration will be much the same as you get using DHCP
<jamespage> so the following commands might help you out with some settings
<philipballew> ok. ill try them. i just need to figure what to put for all the nu,mbers to fill in
<jamespage> ip route
<jamespage> 'default via XXXX' is what you need to set your default gateway to
<jamespage> that does in the gateway XXXX entry in /etc/network/interfaces
<jamespage> ip addr
<jamespage> philipballew: so are you using a wired or wireless connection?
<philipballew> wired
<jamespage> OK - so look at the information related to eth0
<jamespage> you should see a 'inet XXXX' entry - which will give you the current DHCP IP address and the broadcast address for your network
<philipballew> http://pastebin.ubuntu.com/649772/
<jamespage> so 'gateway 192.168.1.254' is good then
<philipballew> http://pastebin.ubuntu.com/649773/
<philipballew> alright ill construct this file on my laptop now
<jamespage> that should give you most things - netmask 255.255.255.0
<jamespage> network 192.168.1.0
<jamespage> broadcast 192.168.1.255
<jamespage> infact pretty much as in the article - aside from the gateway IP addresss
<philipballew> do you think their ip addres is safe?
<jamespage> oh - and take a look in /etc/resolv.conf - it should contain the information provided by your router and that needs to stay the same
<jamespage> so with regards to which ip address - its hard to say as everyone's network has different stuff plugged into it
<jamespage> running this command will tell you roughly what is plugged into your network:  nmap -v -sP 192.168.1.0/24
<philipballew> well my laptop now is 192.168.1.66
<philipballew> here we go http://pastebin.ubuntu.com/649775/
<jamespage> philipballew: I think you have the same laptop as me :-)
<philipballew> how do you like it?
<philipballew> :)
<jamespage> philipballew: works well TBH
<jamespage> had it just over a year now
<philipballew> do you have the backlight issue?
<philipballew> i used the backlight ppa
<jamespage> hrm - not that I am aware of
<jamespage> I had some sound issues when I first upgraded to natty - but that is resolved now
<philipballew> overall this is pretty stable
<philipballew> ubuntu and this get along
<philipballew> any idean on the ip from your end?
<jamespage> looking at your nmap scan picking something high (like .200) would prob be safe
<jamespage> or it may be that your router gives out addresses from .65 onwards - so something less that that might work as well
<philipballew> i can try 200 for now
<philipballew> set and ready to save the file
 * philipballew crosses his fingers and presses ctrl + x
<jamespage> philipballew: hey - you can always put it back again
<philipballew> now to the     sudo vi /etc/resolv.conf part
<philipballew> i have no idea what to do here
<jamespage> what does it look like ATM?
<philipballew> http://pastebin.ubuntu.com/649782/
<jamespage> leave it as is - should be fine
<philipballew> alright. ill restart networking  now
<philipballew> see if ssh stays connected
<philipballew> it would probably drop me and id have to re connect
<philipballew> it works!
<goddard> ok i made a big mistake and screwed up all my permissions
<goddard> is there a way i can revert?
<goddard> like go back in time haha
<twb> goddard: this is called "an object lesson in the value of backups"
<goddard> twb so im screwed
<Tommy_nmw> hello all ubuntu geeks. I have a question
<goddard> i have some backups
<goddard> just an aptitude backup i think though
<Tommy_nmw> hi
<Tommy_nmw> I would like to know enter proxy entries for server
<Tommy_nmw> I would like to know how to enter proxy entries for server
<Tommy_nmw> hello
<Tommy_nmw> can you hear me? Hello, is it late there ?
<Tommy_nmw> hello
<goddard> is there graphical software that helps manage a server
<uvirtbot`> New bug: #814536 in openssh (main) "package openssh-client 1:5.3p1-3ubuntu7 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/814536
<Tommy_nmw> helo
<Tommy_nmw> how to shut down from a normal user ?
<EricJ> Tommy_nmw: `shutdown now`
<Tommy_nmw> EricJ: that is only working for root
<EricJ> Tommy_nmw: Have a look at policykit.
<EricJ> Pretty sure you can set more finely-grained permissions there.
<Tommy_nmw> EricJ: how to ?
<EricJ> I think I'm using policykit to give shutdown/reboot-permissions to my non-root default user on my HTPC.
<Tommy_nmw> EricJ: bro, I am just using on plain CLI command mode server . so how can I get policy kit?
<twb> EricJ: polkit on a server?  EW>
<twb> setpcap, sudo or chiark-really
<EricJ> twb: so what would you do? :)
<twb> I don't want a bloody XML IPC framework in my privilege escalation code, thankyouverymuch :-/
<twb> The main reason I use even sudo at work is because I can replace sudoers with LDAP objects.
<twb> But that's because I have dozens of boxes
<EricJ> I'm not following. You'd simply make your users sudoers instead of use polkit?
<twb> Well, for example, my users want to be able to use the burner in the CD burning machine
<twb> http://paste.debian.net/123757/
<twb> Now they can "sudo -g adm cdrecord foo.iso" but not do anything else with escalated privileges.
<EricJ> Interesting.
<twb> Now, that's pretty damn complex
<twb> Especially for security infrastructure, which should be as simple as feasible
<twb> And polkit is WAY more complex than that, simply so that users can do "sudo -g adm" from within a GUI
<EricJ> yeah, polkit is sort of a mess...
<twb> That is, so that the GUI just request privileges from the privilege-escalation daemon without having to create pop ups and things
<twb> Now, if you look at chiark-really, that's basically what people mostly use sudo for: "give fred and sally full root access"
<twb> And (hopefully) really is substantially simpler because it doesn't try to be anything else, which makes it easier to audit and less likely to contain problems in the first place (less code).
<twb> OTOH, because sudo is so widespread, HOPEFULLY people (in general) audit it more...
<twb> Taking a totally different tangent, I'd prefer to see some kind of RBAC infrastructure a la krb
<twb> Allegedly grSec can do that, but I haven't cared enough to roll patched kernels
<SuperLag> SpamapS: yo
<uvirtbot`> New bug: #814569 in augeas (main) "Segmentation fault in augtool and augeas.rb" [Undecided,New] https://launchpad.net/bugs/814569
<Ursinha> good morning
<pythonirc1012> I used apt-get install linux-headers-$(uname -r) to install kernel headers, vbox Guest Additions still complains that the correct kernel headers are not installed. What am I doing wrong?
<joschi> pythonirc1012: do the linux-headers match your installed and running kernel version?
<pythonirc1012> joschi: how do i check?
<twb> Why doesn't vbox have a dkms by now
<twb> useless oracle schmucks
<pythonirc1012> twb: they do i thought?
<twb> pythonirc1012: then use that instead
<joschi> twb: it should, but only for the OSE -> virtualbox-ose-dkms
<joschi> twb: and virtualbox-ose-guest-dkms respectively
<twb> Well, anyone running proprietary software deserves to be given the runaround
<pythonirc1012> was missing dkms, that fixed it!
<pythonirc1012> was missing dkms, once i installed it, things worked...if dkms is the problem, why print out as "headers dont match error"?
<twb> pythonirc1012: dkms is magic that takes care of the whole problem for you
<lynxman> smoser: ping
<smoser> here
<lynxman> smoser: http://pastebin.ubuntu.com/649965/
<lynxman> smoser: include-once implementation :]
<smoser> lynxman, hm..
<lynxman> smoser: shoot
<smoser> you can't write it to /tmp
<smoser> as that wont be there on reboot
<lynxman> smoser: which path would you recommend then?
<smoser> need to cache to /var/lib/cloud/instance/
<lynxman> smoser: cool
<smoser> but you dont have that path in UserDataHandler easily i dont htink
<smoser> you'll have to pass it in or something.
<smoser> oh, and please update documentation also for 'include-once'
<lynxman> smoser: I will, just wanted to double check if you were happy with this implementation before continuing
<smoser> and also add a mime-type
<smoser> yeah, it seems reasonable
<lynxman> smoser: You think an include-once mime-type would be beneficial? How?
<lynxman> smoser: I kinda discarded it in my mind, that's why I'm asking
<smoser> ah... yeah, the one for #include would work fine for it.
<smoser> is that what you were saying?
<lynxman> smoser: Yeah but the #include mime-type will not include-once ever
<lynxman> smoser: I think that for completeness it should be there indeed...
<lynxman> smoser: Thought of this feature as a one off inside a script
<_johnny> hi. for compatability issues i "need" to run fuse zfs on a disk(array) on a ubuntu server (it's temp, so don't go preaching about the issues with that setup, heh). in relations to GELI on freebsd, what would an "equivalent" be in ubuntu? crypto? LVM is not a good option is it?
<lynxman> smoser: will do, the implementation is actually just two lines
<hallyn> all right, it just turned pitch black outside, so if i stop answering, power msut have gone out :)
<ppetraki> hallyn, tornado?
<twb> Here, it was the Telstra tech
<hallyn> ppetraki: might be
<raubvogel> hallyn: if you live close to a girl and a little dog, move. quickly.
<twb> raubvogel: he said it was black, not black and white
<hallyn> can i save myself by kicking the dog out?  :)
<raubvogel> lol
<grendal_prime> nagios
<grendal_prime> !nagios
<grendal_prime> anyone here use it..and if so got any good front end management suggestions?
<grendal_prime> I got someone here at work that is interested in it but..well are totally frightened by the cli aspect of adding monitored clients to it.
<Riz> grendal_prime I think the nagios website lists a couple of good ones
<grendal_prime> He wants to use it to monitor the vmware servers.
<Riz> ok..
<Riz> At any rate, look here for a list of GUI's. for larger deployments I stongly suggest looking at Centurion. http://www.ubuntugeek.com/nagios-configuration-tools-web-frontends-or-gui.html
<Riz> erm, centreon*
<grendal_prime> thanks man
<grendal_prime> hey in apt how would i go about enableing automatic security updates?
<grendal_prime> I know it askes on system build..but I got a tone of vm's on this thing i need to update..im thinking it would be better for these to just update themselfs.  they are just for testing anyway.
<grendal_prime> im looking around in  /etc/apt  but i dont see anything about automatic update
<Riz> https://help.ubuntu.com/10.04/serverguide/C/automatic-updates.html
<Dori922> hey :D
<pythonirc101> what is the easiest way to install tomcat7 on ubuntu-server?
<smoser> hallyn, https://bugs.launchpad.net/bugs/814222, you could very easily reproduce on amazon. m1.large will give you 2x440G drives for $0.32
<uvirtbot`> Launchpad bug 814222 in qemu-kvm "kvm cannot use vhd files over 127GB" [Low,New]
<hallyn> smoser: really?  cool, i'll try that!
<smoser> hallyn, launch an instance store instance, oterwise you have to explicitly state that you want the additional storage
<smoser> http://ubuntu-smoser.blogspot.com/2011/02/getting-ephemeral-devices-on-ebs-images.html
<zul> smb/hallyn: i just uploaded xen 4.1.1
<hallyn> smoser: thx.  I've got two of those sitting aroudn persistently for kernel testing, following your instructions :)
<smb> zul, Cool. I likely will jump on it next week
<hallyn> zul: that's for domU support?
<zul> hallyn, dom0/dom*
<hallyn> hm
<zul> er...domU
<zul> its basically the hypervisor and userland tools
<smb> And should be for HVM working
<smb> zul, Did you happen to see/fix the things from other notes too? Like /usr/share/qemu-linaro for keymaps and /var/lib/xen for hvm
<zul> smb: yeah im slowly getting there
<smb> zul, Cool. No hurries, things just happened to get spread a fair bit...
<zul> i noticed ;)
<Dori922> what are the changes between xen 4.0.1 and 4.1.1?
<zul> Dori922, go have a look at the changelog
<Dori922> nobody got a quick summary off the top of their heads? ;P
<Martyn> Dori922 : There are enough changes that 'off the top of their heads' isn't really efficient
<Dori922> ah awesome :D worth upgrading so :D
<quentusrex> Alright I think I've tracked down my server issue to either the file system or the raid array.
<quentusrex> Basically anything that reads from the filesystem can often wind up blocking for 30+ seconds
<quentusrex> even a simple 'tab+tab' for command line auto complete.
<patdk-wk> what kind of raid array?
<patdk-wk> cause that sounds like an sata disk going bad
<patdk-wk> a raid shouldn't do that
<Delemas> On 10.04LTS I've always used -virtual kernels with KVM. Now in a VM, grub is ignoring linux-image-2.6.38-10-virtual claiming it is Xen only. Is grub on glue?
<patdk-wk> na, grub is right, that is a xen kernel
<patdk-wk> sounds like you need a newer grub
<Delemas> hmm odd the VM host has grub-pc=1.98-1ubuntu12 and grub-common=1.98-1ubuntu12 but the VMs have grub=0.97-29ubuntu60 and grub-common=1.98-1ubuntu12.
<Delemas> Looks like this is fixed in Grub 0.97-29ubuntu61. I just have to find where that is hidden... It's urgency should be upped since it's absence is blocking kernel updates...
<patdk-wk> guess you hadn't updated in a long time
<patdk-wk> I think 10.4.2 got grub 1.98
<Delemas> No I keep those boxes current. LTS supports the 0.97 series. 1.98 migration isn't always straight forward.
<patdk-wk> on my lucids, 10.04.3, both grub-common and grub-pc are 1.98-1ubuntu12
<patdk-wk> hmm, same version as my oldest lucid box
<Delemas> I'll back port 0.97-29ubuntu61 from Natty, but I'm surprised it isn't already there...
<RoAkSoAx> smoser: alright, ensemble/orchestra fully bootstraps and deploys a machine!
<RoAkSoAx> smoser: testing with your devenv
<smoser> woowoo
<smoser> that is awesome.
<smoser> i thought i might talk about that in my cloud week session next week for kim0|vacation
<RoAkSoAx> smoser: hehehe that's my talk :)
<RoAkSoAx> smoser: i though about talking about that too
<smoser> well carp
<smoser> how are you going to talk about it?
<smoser> i wanted to demo, but didn't know how you could really do that in irc classroom
<RoAkSoAx> smoser: let's do something, let's put our two sessions together
<RoAkSoAx> smoser: and do a 1 two hour session
<RoAkSoAx> smoser: to demonstrate that
<RoAkSoAx> smoser: cause the dev env will take a while
<smoser> RoAkSoAx, ok.. sounds good to me.
<smoser> i can talk about devenv and you can talk about orchestra-ensemble if you'd like
<RoAkSoAx> smoser: ok cool
<zul> RoAkSoAx, instructions?
<SpamapS> RoAkSoAx: woot woot
<SpamapS> RoAkSoAx: reading backscroll. :)
<RoAkSoAx> zul: haven't written them yet
<SpamapS> RoAkSoAx: you going to give it a shot on the actual bare metal network we were given access to?
<zul> RoAkSoAx,: arrrrgh
<RoAkSoAx> SpamapS: I didn't know we had one... but yeah that'd be amazing
<smoser> SpamapS, bare metal is for people who dont have virtualization ;-)
<zul> or cheap :)
<RoAkSoAx> zul SpamapS smoser I'll have the instructions ready for monday, though, there's a few things that are not quite working as expected, but the process of bootstrapping and deploying works.
<SpamapS> Bare Metal is Bender's favorite magazine.
<zul> lol
<smoser> nice
<zul> RoAkSoAx: nice i wont be able to sleep until then
<Delemas> ah well a two hour delay on grub... Wish there was a way to upload built packages to launchpad.net...
<RoAkSoAx> hehe
<xibalba> hello folks, is anyone here famliar with nic-bonding?
<xibalba> i need saome assistance setting up 2 sets of bonded nics
<xibalba> http://paste.ubuntu.com/650125/
<xibalba> my first bond0 comes up as round-robin, the 2nd bond1 doesn't show at all
<patdk-wk> xibalba, try using - instead of _
<xibalba> patdk-wk, will do trying now
<xibalba> ok, thats been changed. rebooting
<xibalba> thank goodness for IPMI!
<xibalba> ifconfig bond0 shows the bond up, ifconfig bond1 returns "device not found"
<patdk-wk> is it the right type now?
<xibalba> no i dont think i probably conf'd modprobe.d/cbonding.conf
<xibalba> going to edit that and reboot, i didn't put the options bonding mode= stuff in there
<adam_g> RoAkSoAx: hey can you include me with others as recipients for those instructions? i have most of openstack deployable into EC2 via ensemble and wanna get ready to do it for real
<patdk-wk> oh that is probably what is messing it up
<patdk-wk> I don't do any modprobe stuff
<xibalba> ok restarting, i added 2 new to /etc/modprobe.d/bonding.conf
<xibalba> alias bond0 bonding \n options bonding mode=1 miimon=100
<xibalba> + 1 more line exactly the same for bond1
<xibalba> brb just a moment
<kim0|vacation> RoAkSoAx: oh cool so orchestra is demo'able now ?! Can do I change your session title to Orchestra demo ? yipee
<kim0|vacation> s/do// :)
<RoAkSoAx> adam_g: yes I was planning to send it to all ubuntu-server though, for some bug in ensemble it actually can't run the formula... but I guess that will be fixed once it is merged with trunk
<RoAkSoAx> kim0|vacation: For me to be able to do that I need smoser cobbler-dev so we though on doing a 2 hour session between the two
<adam_g>  RoAkSoAx sweet! have you been testing locally or on any of the test rigs?
<kim0|vacation> RoAkSoAx: so you'd like to move your session and smoser's ? so they're a continuous 2 hours right ?
<smoser> yeah
<RoAkSoAx> adam_g: locally in smoser's cobbler-devenv
<RoAkSoAx> kim0|vacation: exactly
<RoAkSoAx> adam_g: but the way the machines are started is by using virsh as power management
<kim0|vacation> RoAkSoAx: cool .. I guess we can switch smoser with tetet
<RoAkSoAx> adam_g: so I guess I'll have to use the testrig and make use that cobbler can communicate with the machines via IPMI or stuff like that
<kim0|vacation> RoAkSoAx: I'm doing it
<RoAkSoAx> kim0|vacation: cool whatever time works for all the best
<kim0|vacation> RoAkSoAx: so what can be a title for this mega session
<adam_g> RoAkSoAx: ah, i see
<RoAkSoAx> adam_g: but other considerations are needed, such as making sure that there's a dns server that resolves hostnames needed for the machines to comunicate between each other
<RoAkSoAx> kim0|vacation: Orchestra and Ensemble
<kim0|vacation> I'll add "part1" and "part2"
<kim0|vacation> cool
<RoAkSoAx> cool
<kim0|vacation> smoser: Hey Scott ..your session is now a mega session with RoAkSoAx on Monday .. ^
<smoser> yes. thats fine.
<RoAkSoAx> thanks btw
<Daviey> smoser / RoAkSoAx \o/
<Daviey> RoAkSoAx: i thought the hostname resolutions aspect had been removed?
<RoAkSoAx> .Daviey in ensemble?
<RoAkSoAx> in the refactoring code ensemble addresses to the zookeeper by the hostname
<RoAkSoAx> and saves the zookeeper in storage by instance id which in our case is the cobbler system name
<Daviey> RoAkSoAx: Yeah, i thought that was being worked on to avoid that requirement?
<RoAkSoAx> Daviey might be the case as fwreade commited a branch not long ago to adress issues with systam name changing
<Daviey> ahh cool
<RoAkSoAx> but in the brqnch im workig on top of it is still the case
<Daviey> suck.
<RoAkSoAx> Daviey eitherwah i think it would be minor in comparison to what we want to achieve
<Daviey> Yeah, agreed.
<smoser> "have a sane network" is really not a big requirement
<RoAkSoAx> smoser: agreed, but I meant that for the testrig
<smoser> ah. yeah.
<RoAkSoAx> anyways, i'm off to lunch
<xibalba> hello all, is it possible to have 2 bond devices?
<xibalba> bond0 and bond1?
<Riz> xibalba yes
<Riz> assuming you have enough physical interfaces
<Riz> at least on debian it is, I never done it on ubuntu though..but don't see why not
<smoser> SpamapS, http://paste.ubuntu.com/650181/
<smoser> that is a patch against your all_interfaces_up that removes the need for mktemp
<uvirtbot`> New bug: #814577 in clamav "The following packages have unmet dependencies" [Undecided,New] https://launchpad.net/bugs/814577
<Aleuck> Hi, I have a host ubuntu server with ubuntu serveras guest OS... I need to start the guest OS on qemu-kvm in network bridging mode. can anyone help me?
<Aleuck> Hi, I have a host ubuntu server with ubuntu serveras guest OS... I need to start the guest OS on qemu-kvm in network bridging mode. can anyone help me?
<SpamapS> Aleuck: do you need help getting started or are you stuck somewhere?
<SpamapS> smoser: what you don't like my ghetto tempdir hash table? ;)
<SpamapS> smoser: I'm actually thinking that I'll put all of that in its own script that gets run on up or down.. since I also want to send a static-network-down event
<hallyn> Aleuck: are you using libvirt?
<hallyn> Aleuck: and what exactly do you need help with.  Do you have the bridge already created?
<Aleuck> SpamapS, i need help getting started
<uvirtbot`> New bug: #814819 in antlr3 (main) "Update to antlr3 version 3.2" [Undecided,New] https://launchpad.net/bugs/814819
<andycam> Hi how are you?
<goddard> im running a lamp dedicated server i want to give max performance to ssh and the rest of the lamp stack i know in the configurations there are many memory limitations what can i increase to improve performance?
#ubuntu-server 2011-07-23
<johna> cab somebody give me some idea why Ubuntu uses ufw rather than iptables?
<jmarsden> johna: It uses both, ufw is a simpler front end for iptables.
<johna> jmarden: simpler?
<johna> that shuld have been jmarsden, sorry
<johna> where does ubuntu hid the iptables config and input?
<jmarsden> /etc/ufw is one place where you will see some of it.
<jmarsden> If you don't want to use ufw, no one forces you to do so.  You can use naked iptables on Ubuntu just fine.
<jmarsden> You'll lose some of the integration of packages that automatically configure ufw, etc. but it can be done.
<johna> jmarsden: I am switching from Centos. I cannot see an advantage to ufw as it seems to make simple things very complicated. what would I be losing if I dropped It?
<jmarsden> How complicated is     ufw allow 22/tcp   ?
<jmarsden> Seems pretty simple to me :)
<jmarsden> Some packages can automatically configure ufw to allw access to tehir daemons etc...
<jmarsden> You will lose that if you manually set up iptables.
<jmarsden> It is usually better to learn the new way when you enter a new world... but it is your choice.
<johna> i took a look at the ufw config files and there seem to be chains all over the place, I would think that would make debuggiing more time consuming?
<jmarsden> johna: For normal use, debug at the ufw level.  Why are you trying to dive in so deep?  What weird tricky things that ufw cannot do are you needing to accomplish?
<johna> jmasden: dovecot has all 4 ports open, I restrict to imaps. Plus I like to know whats going on on the systems I administer
<monokrome> Does anyone in here use Ubuntu Server?
<monokrome> Ha. I meant, "Does anyone in here use CloudInit?"
<monokrome> I am trying to generate multi-part MIME for it's user data, but it's not working.
<jdstrand> johna: I suggest you read 'man ufw' and 'man ufw-framework'
<jdstrand> johna: if you choose not to use it either leave it disabled or uninstall it
<JRWR> Ubnutu 10.04 - Dovecot/Postfix SMTPd Issue - Auth - Getthing this error message when someone tries to auth to the smtp server to send a email SASL CRAM-MD5 authentication failed: Invalid authentication mechanism
<patdk-lap> well, fix it :)
<patdk-lap> you oviously didn't store your passwords in plaintext
<JRWR> no, my dovecot passwd is all in cram-md5
<JRWR> and imap logins work
<patdk-lap> hmm?
<JRWR> here is my dovecot.conf : http://pastebin.com/wWbhXaM2 postfix master.cf http://pastebin.com/kvm7Jx2m
<patdk-lap> I don't exactly know how you can store a password as cram-md5, cause it's not possible
<JRWR> i did a dovecotpw to make them
<patdk-lap> well, what format did it make?
<patdk-lap> and why do you have two auth sections?
<patdk-lap> no wonder
<patdk-lap> the config is just total foobar
<JRWR> the second part of for the SASL for the SMTP server
<patdk-lap> ya, and it has no users or passwords in it
<patdk-lap> so no wonder nothing can auth
<JRWR> it wont
<JRWR> the first section covers that (i think)
<patdk-lap> it won't auth cause there is nothing in there to auth against
<patdk-lap> no, that is a different section
<patdk-lap> sections have nothing to do with each other
<patdk-lap> I have seen some complex setups, but never seen more than one auth section before
<patdk-lap> as you can have as many user storage methods as you want in one section
<JRWR> this should work http://pastebin.com/4c9HM9X3
<patdk-lap> you might want to allow the login method
<patdk-lap> as that is the only method outlook will use
<JRWR> >_>
<JRWR> man this project was harder then it should of been, I dont even have anti-spam in it yet
<patdk-lap> hmm?
<patdk-lap> normally takes about 4 hours for me to setup an email server
<JRWR> wow... my normal time for a LAMP stack is 20mins
<JRWR> just never done it before... bout time i learned
<patdk-lap> heh? to install a lamp stack you just click lamp in the installer, done
<patdk-lap> email is the most annoying thing ever to setup
<patdk-lap> for incoming not too hard
<JRWR> i have a bash script to add users and remove users from dovecot
<patdk-lap> for outgoing, extreemly hard, cause no one else will trust you
<JRWR> SPF helps
<JRWR> DKIM also help
<patdk-lap> spf and dkim only helps if you make it to the junk folder
<patdk-lap> first is using a good ip
<patdk-lap> second is setting up dns and rdns correctly
<patdk-lap> 3rd is having your mail server id itself correctly
<JRWR> mine doesnt... atlest i dont think it does
<JRWR> the rdns is a linode
<JRWR> and the smtp server says its that host
<patdk-lap> so it will probably work on 90% of email servers
<patdk-lap> the other 10% needs the rdns to match
<JRWR> dir
<sond> hi - situation = Lucid-10.04.3amd64 install .. i have a raid1 ( md0 ) and wish to know if Grub will run from within LVM  or do i need a physical /boot partition    ?
<sond> * LVM on top of raid1
<photon> is there a command to update the server's clock using internet time servers?
<photon> mine's off couple of days
<sond> ntpdate ip of time serv
<sond> watchout if your remote as it can screw your sudo timestamp
<photon> oh ok. thanks. what could be the worst that can happen? having to re-authenticate?
<sond> the worst ? dunno -  it will require a re-auth tho ...  do you have physical access to the machine ?
<photon> yes
<sond> no prob then ...
<photon> worked flawlessly, thanks.
<photon> didn't know there were that many NTP servers.
<sond> did you use your -country.pool.ntp.org ?
<sond> *your-country
<photon> yes
<photon> I have no idea though why my server would think it's Thursday in the first place.
<sond> gotta get back to this install...
<sond> installing a VMhost  do i enable auto security updates ?
<sond> whats the command for the network-config curses gui ?
<sond> or isn't there one ?
<uvirtbot`> New bug: #815071 in apache2 (main) "package apache2.2-common 2.2.17-1ubuntu1 failed to install/upgrade: installed post-installation script alfolyamat 1 hibakÃ³ddal kilÃ©pett" [Undecided,New] https://launchpad.net/bugs/815071
<[[suarez]]> buenas
<Guest64614> Has anyone got sound over hdmi to work in ubuntu server using boxee?
<Guest64614> Has anyone got sound over hdmi to work in ubuntu server using boxee?
<Guest64614> anyone out there?
 * Datz nods as he can here you
<Datz> but no, I haven't done that
<Guest64614> thanks, just seems very quiet here... was starting to wonder if i was on my own
<Datz> everyone's at the lunch party, I was full
<Guest64614> :)
<frogger> hi all
<frogger> i have a little dns related question that maybe someone can help me with
<frogger> i have a bind server running on our net that does dns-caching as well as master for local dns
<frogger> now i would like to override an external domain to point to a server in our local net
<frogger> what would be the smartest way to handle this?
<goddard> when i upload files via web interface it is uploading them as user www-data instead of the user name
<goddard> what are all you jackasses doing in this channel any way
<goddard> few hundred bots?
<frogger> goddard: www-data is the user of the apache process, so there is nothing wrong with it
<goddard> frogger if your running a multi user enviornment and fastcgi it is suppose to assign to the user
<goddard> mod_suexec
<goddard> frogger not to menton if you use sftp then try and make any changes you cant
<goddard> its idiotic actually to leave it as www-data
<goddard> any other idiots wasting space on freenode?
<fyrfaktry> lots :)
<goddard> fyrfaktry you got that right
<johna> where does ubuntu server keep things like dkim keys, apache ssl keys?
<patdk-lap> where-ever?
<patdk-lap> normally ssl stuff is in /etc/ssl
<patdk-lap> personally I just make /etc/ssl/dkim for well, the ovious
<ScottK> But it's a function of the where the config file is set to look for them.
<ScottK> It depends a bit on what implementation you are dealing with.
<johna> patdk-lap: so there is no recommended location for crypto keys?
<patdk-lap> heh? didn't I just say /etc/ssl?
<johna> Scottk: it must be configurable for each app?
<ScottK> It is.
<ScottK> I'm not saying it must be.
<ScottK> DKIM is a protocol, not an application.
<johna> patdk-lap: yep, so the "recommended loc is /etc/ssl/..."
<ScottK> johna: For example, my /etc/opendkim.conf says: KeyFile                 /etc/dkim/keys/...
<ScottK> You could put it anywhere.
<johna> ScottK: I just like to keep things neat, and if there were a "prefered" loc use it.
<ScottK> There isn't.  Just in /etc somewhere that makes sense to you.
<goddard> when i upload files via web interface it is uploading them as user www-data instead of the user name
<patdk-lap> goddard, that is pretty ovious
<patdk-lap> the webbrowser runs as www-data
<patdk-lap> it shouldn't be allowed to be run as your user
<patdk-lap> or to even do that, root
<patdk-lap> that would be some serious security issues
<goddard> this part makes sense sure
<goddard> what if you in a multi-user enviornment
<goddard> one that doesn't have the permissions to change www-data
<qman__> with a web interface, said environment is handled by said web interface
<qman__> as in, the web interface controls user access and file permission separately from the filesystem
<qman__> with, say, an SQL database full of users and password hashes
<goddard> some systems let you upload components via the web infact it is much easier this way
<goddard> if they upload pictures even
<qman__> yes, and they work the way I described
<goddard> that is not what is in question
<qman__> the files on the filesystem are still owned by www-data (or whatever group their system happens to run the web server as)
<qman__> because the web server, rightly, does not have the ability to change the owners of files to any given user
<qman__> that would be an enormous security risk
<goddard> unless the process is apart of a virtual enviornment
<qman__> virtual environments don't change this fundamental process
<goddard> haha ok i can see we are going to go now where with this so thanks for sharing with me your point of view
<qman__> an owned virtual server is no different from an owned bare metal server
<goddard> thanks for the information
<goddard> just for your own future reference qman__ check this out http://httpd.apache.org/docs/current/mod/mod_suexec.html#suexecusergroup
<goddard> in conjunction with fastcgi it all becomes possible
<qman__> I never said it was impossible
<qman__> just that it was a huge security risk
<qman__> which it is
<goddard> oh ok ... :D haha
<goddard> Care to explain how this setup is a security risk?
<qman__> running a given CGI process as a dedicated user separate from the web server user isn't a big risk
<qman__> running a given CGI process as many different users, probably specified by the web site code, is an enormous risk
<goddard> ok if this is true how?
<qman__> because if the web site can run code as any given user, with input generated by the web site, that site has the potential to be exploited to privilege escalation
<qman__> i.e. one bad page in your site means root access
<goddard> i think you have the process confused a little bit because it is only defined when the apache virtual enviornment is defined
<goddard> and it is defined as the user you create
<goddard> that user has specific privalges
<qman__> yes, but that user must be determined at some point
<goddard> i guess they could sudo su
<qman__> and if that user is not hard coded in the system, it must be provided by the user
<qman__> and any time you process user input you are taking in a risk
<goddard> that isn't the way mod_su works
<goddard> read the link
<goddard> if a virtual user was attemping to hack into root you could find out pretty quickly
<goddard> 3 fail attempts and he gets blocked
<goddard> no more access
<qman__> that's great, until the web site code is exploited, and only one attempt is needed
<goddard> id be interested to hear this method but im not seeing what your saying
<qman__> I assume that your web site is PHP
<qman__> I also assume that your web site was written by a human
<qman__> therefore, I can conclude that said website has flaws
<goddard> right using fastcgi
<goddard> all systems have flaws
<qman__> and when you allow such a high risk thing as filesystem access as an arbitrary user with an interface that has a high risk of potential exploits, you are playing a dangerous game
<goddard> this is with jailkit?
<qman__> jails are great too, but I'm guessing you wouldn't want to lose any of your users' data either
<qman__> and that user data must exist inside the jail, otherwise it couldn't be uploaded in the first place
<goddard> this is all just to vague
#ubuntu-server 2011-07-24
<TheEvilPhoenix> when i'm installing GRUB, how come the thing says "cannot stat aufs"?
<TheEvilPhoenix> from liveusb
<uvirtbot`> New bug: #815281 in mysql-5.1 (main) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/815281
<philipballew> can i ssh to a computer on a different subnet?
<jmarsden> philipballew: Sure.  As you as you can route packets to it, you can ssh to any ssh server on the Internet.
<jmarsden> s/As you as you/As long as you/
<amero> what is usually a preferable way to build deb package for local use
<amero> pbuilder or debootstrap's chroot?
<david1> I'm trying to get boxee running on 11 and all's good except getting sound over hdmi. Anyone got any ideas?
<david1> Sorry, 11.04
<philipballew> jmarsden, even if i am on a the same network?
<philipballew> cause a subnet is designed so i wont communicate?
<kbrown90> i heard that webmin is no longer supported in the 11.04 server, could someone direct me to a remote management program that i can use?
<kbrown90> i heard that webmin is no longer supported in the 11.04 server, could someone direct me to a remote management program that i can use?
<oliver_g> hi
<oliver_g> I've got a general (mail) server question and this is the only server-related IRC channel I know...
<oliver_g> I have a server with an an own IP and domain (for www), but don't want to run my own smtp server
<oliver_g> do you have an idea under what "feature name" I have to look at hosting companies to find such "smtp server hosting"?
<airtonix> oliver_g: mail server? dyndns.org proivde such a server but it costs alot, others might do it too but the hosting panel sucks and not mayn provide an api to let you create your own control panel. webfaction os one of the few that do
<airtonix> oliver_g: ideally you want to be able to let your users change their password without having to involve you
<oliver_g> airtonix: thanks, dyndns Email Forward seems to be exactly the feature I need but the price is not what I had in mind :-)
<airtonix> oliver_g: you just need an mx record?
<oliver_g> not sure...
<airtonix> oliver_g: it seems from your previous question you don't want to run dovecot and similar?
<oliver_g> I need an smtp server which accepts mail addressed at my domain
<oliver_g> airtonix: correct
<oliver_g> there are some hosting companies which offer separate mail servers but they all want to have the domain registered with them
<airtonix> yep
<airtonix> i bet you they mostly use that horrible thing called cpanel
<maxagaz> hi
<maxagaz> how to check nfmark using tcpdump ?
<ThomasB2k> Howdy. I'm trying to access PHP file in my /var/www folder from the computer that's hosting it, and Ubuntu keeps trying to download the file as a ".PHTML" file. I'm pretty sure this is an issue with my /etc/hosts file, and I need to add a line to it or something since I am accessing the file from the system hosting it. I unfortunately can't remember what I need to add and was hoping perhaps someone here knows.
<qman__> ThomasB2k, that is almost always an error in the apache configuration, though sometimes a file permission error
<qman__> as in, the php file is not being executed
<qman__> IIRC only files ending in .php are processed by default
<qman__> possibly .php3 as well
<uvirtbot`> New bug: #815489 in openssh (main) "ssh client should not ask for key passphrase when an unprotected key is available" [Undecided,New] https://launchpad.net/bugs/815489
<qman__> ah, apparently not, it has some regex now
<qman__>  <FilesMatch "\.ph(p3?|tml)$">
<Rogue> !list
<ubottu> This is not a file sharing channel (or network); be sure to read the channel topic. If you're looking for information about me, type Â« /msg ubottu !bot Â». If you're looking for a channel, see Â« /msg ubottu !alis Â».
<uvirtbot`> New bug: #815528 in vsftpd (main) "vsftpd installation script fails" [Undecided,New] https://launchpad.net/bugs/815528
<Guest52152> If anyone could help me out, I'd appreciate it: if i want to run php-fpm, do I need to do the install for php5-fpm, or will php5 itself now install fpm
<delinquentme> suggestions for a good keystroke to set as default to clear + reset my terminal window ?
<photon> CTRL+ALT+SHIFT+O
<photon> because you can.
<bhook> Hey, anyone out there had much luck with UEC 11.04?
<bhook> I've been fighting with this for two days now... I thought things were a bit clunky in 10.04, but it doesn't seem to work at all in 11.04
<Terabyte> hi, does ubuntu server come with admins group out of the box?
<Terabyte> I've got a user, and I want to add him to an admin group, everybody in the admin group should be able to do sudo adminy stuff, then i can turn off root
<Terabyte> how do i do everything from and including adding the user to the group (including checking if the group exists and creating it)
#ubuntu-server 2012-07-16
<mgi> What alternatives to MAAS + juju are there with Ubuntu? For installing and maintaining a cluster of Ubuntu nodes.
<andol> mgi: A traditional preseeded PXE install, handing over to something like Puppet?
<andol> (Which by no means is an Ubuntu specific answer.)
<mgi> Yeah, that's fine, I'm not after Ubuntu specific, just Ubuntu-enabled :)
<mgi> (as in, I'd rather not use rocks)
<mgi> So, does Puppet do the actual install for you?
<mgi> (just reading the site now)
<andol> mgi: No, Puppet needs an existing (basic) os install to run off.
<mgi> So I need to deploy Ubuntu (or whatever OS) to all the compute nodes first?
<andol> mgi: Yepp, for example using a preseeded install
<andol> https://help.ubuntu.com/12.04/installation-guide/amd64/appendix-preseed.html
<mgi> Ah brilliant, I think that's what I was looking for.
<mgi> I've never done preseeding before - and will read the docs now - but before I get too excited, is this a valid approach for installing up to 80 nodes?
<andol> mgi: Can't see why not. Even with a limited number of server it is still nice to have the install automated, making it easy to reinstall broken nodes, etc.
<mgi> Yeah, cool. I guess my other option is to install them all using MAAS and then use Puppet after that.
<andol> mgi: Well, even with a preseeded install I think you will just want to use the preseeds for the basic, and then hand of to Puppet as a final stage.
<mgi> Ok, sounds good. Thanks!
<andol> mgi: Both because it is easier to do a lot of the detailed configuration in Puppet, and because it is a good thing to have as much as possible controlled by Puppet, when you need to roll out configuration changes on existing nodes.
<mgi> Yeah, Puppet sounds like a good way to manage anything beyond the bare-bones install.
<uvirtbot`> New bug: #1023729 in maas "maas-import-isos requires wget, but maas has no wget dependency" [Undecided,Confirmed] https://launchpad.net/bugs/1023729
<stgraber> hallyn: it's late here so I won't investigate until tomorrow, but it looks like containers spawned through the API fail to reboot (they just die)
<RpqDcpuwA> does ubuntu server comes with LAMP plus ssl? and send and recieve mail functions?
<RoyK> hi all. I have a home server that used to have a mirrored root, but only has a single drive now (one of the two). This means the mirror is "broken" - how can I remove the missing drive from the mirror to shut up mdadm monitoring? http://paste.ubuntu.com/1094469/ <-- this is how it looks today
<ivoks> RoyK: it's rebuilding right now
<ivoks> RoyK: look at mdadm --fail
<ivoks> example: mdadm --fail /dev/md0 /dev/sda1
<RoyK> ivoks: that works well if you have a device name to give mdadm - I don't
<ivoks> then replace the disk, it's already marked as failed
<RoyK> I don't want to replace it
<ivoks> oh, now i get it
<ivoks> i want to kill raid
<RoyK> no, not kill the raid
<RoyK> just reduce the number of mirror copies to one
<RoyK> linux supports "mirrors" with only one side
<ivoks> mdadm /dev/mdX --grow --force -n 1
<RoyK> whee - thanks!
<RoyK> then all I need to do is find the missing spare in md0
<babyface_> Jamespage, ping
<jamespage> babyface_, morning
<babyface_> jamespage, good morning, James
<babyface_> jamespage, how about the tomcat bug?
<babyface_> Jamespage, when will it be  fixed?
<jamespage> babyface_, so I noticed - although this is actually a test failure rather than related to last weeks issue with MIR's etc...
<jamespage> I will look at it now
<babyface_> Jamespage, ok, thanks.
<jamespage> babyface_, hey - so I could not reproduce the issue seen in the daily ISO test - I re-ran and it cleared itself
<jamespage> babyface_, this may actually point to a bug; but I'm not sure what it is yet
<jamespage> it looks like the control port on 8005 for tomcat7 is not listening when the test executes....
<jamespage> babyface_, I notice that the amd64 version was also doing it three days OK - but has also cleared...
<jamespage> odd
<RoyK> stgraber: ping
<jamespage> apw, smb: where can I discover which modules are built for arm/omap4?
<RoyK> jamespage: there is another channel, #ubuntu-arm, that might be appropriate for arm questions
<jamespage> RoyK, I'll try there instead...
<RoyK> anyone here tried to setup kvm on multiple hosts with shared storage?
 * RoyK gives up and installs CentOS :Ã¾
<RoyK> hrm
<RoyK> anyone with an idea of why the iscsi initiator on these servers fail to connect to their LUN on bootup, but why it works just after reboot with a simple iscsiadm -m node -l ?
<ivoks> on which servers?
<pmatulis> RoyK: i guess you need to tell the initiator to log in upon bootup?
<RoyK> pmatulis: normally it should
<RoyK> pmatulis: I've setup this before, similar setup, but other targets, and once setup and logged in, it should do so automatically on bootup, but something may be timing out - dunno
<RoyK> we're not using any fancy authentication, just matching an autogenerated target name
<ivoks> is mounting done before iscsid is started?
<RoyK> it really shouldn't
<RoyK> but I don't know upstart that well
<RoyK> it's just basic 12.04
<ivoks> so, it's not /-on-iscsi?
<RoyK> no, root is on a local mirror
<RoyK> on both nodes
<RoyK> but they're supposed to share a volume on a SAN with OCFS2 for VM storage
<ivoks> and, once system boots, you can easily mount the the target?
<RoyK> after I've logged into the lun with the above command, but it doesn't show up before that - but w8... think I found something
<Pupeno_W> Which MTA do you recommend for a server that only sends email? so that cron, for example, can send emails?
<RoyK> !postfix
<ubottu> postfix is the default !MTA and !MDA on Ubuntu. For help, read https://help.ubuntu.com/community/Postfix and https://help.ubuntu.com/community/PostfixBasicSetupHowto - See also !MailServer
<Pupeno_W> Thanks.
<RoyK> ivoks: hrmf - seems node.startup in /etc/iscsi/iscsid.conf was set to manual, by default. However, changing it to 'automatic' didn't change anything - the iscsi LUN isn't in /proc/partitions after bootup, and really, it should be
<nokia> newbie. Can someone explain how to change Ubuntu Server to a static ip address, the default installation set it to dhcp.
<RoyK> nokia: edit /etc/network/interfaces - set it to static - google that for more info ;)
<RoyK> !interfaces
<nokia> RoyK every time i reboot my asdl router all MY PC's Laptop's and Server ip's change. How do i make them all have same STATIC ip address's.
<pmatulis> RoyK: i remember having to configure each lun individually for automatic login
<RoyK> hrmf - seems it now works on node1, but not on node2, configured the same
<RoyK> iscsiadm -m discovery <cr> shows my sendtarget, iscsiadm -m node<cr> shows my target '172.31.1.67:3260,1 iqn.2001-05.com.equallogic:0-8a0906-79b9aec05-128001a0ef84ffff-kvm-test-vol1', but it's not logged in
<RoyK> hm... and dmesg tells me eth1 was started ~3 seconds after iscsi
 * pmatulis facepalm
<RoyK> ?
<RoyK> pmatulis: I didn't set the order...
<pmatulis> well, network is needed before iscsi right?
<RoyK> I would think so...
<RoyK> so... smells like a good old byg
<pmatulis> so it was a 'buntu facepalm, not a RoyK facepalm
<RoyK> :)
<pmatulis> and i've seen this kind of bug before, so prolly a regression.  but no one else running iscsi on 12.04?
<RoyK> node.conn[0].timeo.login_timeout was set to 15 - trying 60...
<pmatulis> ah ok
<RoyK> these dell machines spend like 3-5 minutes just to POST
<RoyK> duh
<RoyK> increasing timeout to 60 didn't help
<zul> good morning
<uvirtbot`> New bug: #1006738 in php5 (main) "php5-fpm segfaults with error 4 in libc-2.15.so" [Low,New] https://launchpad.net/bugs/1006738
<ivoks> pmatulis: i have iscsi on 12.04
<ivoks> but i set networking within initramfs, so i doubt that counts :)
<pmatulis> bingo
<pmatulis> :)
<ivoks> but
<ivoks> iscsi is restarted once network interface is up, so that shouldn't be a problem
<ivoks> if you look at /etc/network/if-up.d/, you'll see iscsi bits and pieces
<ivoks> it's a link to /etc/init.d/open-iscsi, iirc
<ivoks> questions are... do you have multiple interfaces? does restarting open-iscsi works once system is booted?
<RoyK> hrmf - bug 1025240
<uvirtbot`> Launchpad bug 1025240 in open-iscsi "iscsid is started before networking" [Undecided,New] https://launchpad.net/bugs/1025240
<ivoks> RoyK: your bug is invalid
<ivoks> RoyK: open-iscsi is restarted after the interface is set up
<ivoks> the fact that iscsiadm works is a proof
<ivoks> iscsiadm wouldn't work if iscsid isn't running
<RoyK> hm... then why doesn't it connect to its LUN?
<ivoks> why do you think it's not connected? you don't see /dev/sdX?
<RoyK> nothing in /proc/partitions
<RoyK> which is a rather good indication ;)
<RoyK> if I login manually, it shows up there
<uvirtbot`> New bug: #1025239 in ipxe (main) "kvm-ipxe does not support https" [Undecided,New] https://launchpad.net/bugs/1025239
<ivoks> so, concentrate debugging on 'why isn't discovery done automatically'
<ivoks> not on 'iscsi is started before networking'
<RoyK> I am
<RoyK> but discovery looks ok
<RoyK> everything is reported correctly
<RoyK> but it doesn't login to the target
<RoyK> ivoks: heh - check the bug again :-Ã¾
<ivoks> there you go
<patdk-wk> I just wish the installer would stop changing the iscsi name so many times during the install
<RoyK> ivoks: it would be rather nice if that stuff was documented, though
<glosoli> hey folks I setuped ubuntu server and openerp in it, I watn somehow to access it from remote distance, not sure how to do it, for example as I have wifi on same internet, and I go to the ip and port it simply doesn't show anything
<glosoli> any udw
<glosoli> any uide
<glosoli> ideas""
<hallyn> stgraber: the reboot logic was wrapped around the core start, so that's conceivable.
<uvirtbot`> New bug: #724616 in ceph (main) "not lintian clean" [Wishlist,Triaged] https://launchpad.net/bugs/724616
<toshko> hi, I'm not sure this is the channel, but I will ask you: I use Ubuntu 12.04 server for host and guest and have QCOW2 images for the guest. The problem is that with initial "virtual" size of 10GB, now the image is with physical/disk size of 15GB. This is causing me out of space problems all the time. Can anyone tell me if this behaviour is normal. How should I limit the file size of the image???
<toshko> You can have a look here for more info: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1025244
<uvirtbot`> Launchpad bug 1025244 in libvirt "qcow2 image increasing disk size above the virtual limit" [Undecided,New]
<uvirtbot`> New bug: #961389 in txlongpoll (main) "[MIR] txlongpoll" [High,In progress] https://launchpad.net/bugs/961389
<stgraber> hallyn: yeah, I guess that makes sense. I'm kind of surprised I haven't tried it before though :) How much pain will that be to fix it?
<stgraber> hallyn: I don't have anything relying on reboot in those containers yet, but that probably won't be the case for long
<hallyn> stgraber: not sure.  lemme finish verifying libvirt on precise sru then i'll take a look
<stgraber> sure, no hurry. thanks
<hallyn> hm, just updated from precise-updates to precise-proposed, and ssh now takes a loooot longer to get in
<Daviey> hallyn: check dns resolution still works
<Daviey> hallyn: the most common reason for slow logins is broken dns resolution of the client from the server
<Daviey> reverse dns
<hallyn> Daviey: it doesn't seem to, but i don't understand why
<hallyn> doesn't seem to be part of what was updated
<hallyn> oh.  heh.  maybe i see the problem.
<zul> jamespage: hey did you check openvswitch on arm?
<jamespage> zul, won't work yet as openvswitch module is not built with the kernel
<zul> thats what i thought
<jamespage> zul, hit the same thing with ceph rbd today as well BTW
<jamespage> rbd is also not built as far as I can tell
<jamespage> zul, actually that was only the case for omap4 - its enabled for all other ARM targets
<zul> so highbank should work?
<uvirtbot`> New bug: #1020603 in quantum (universe) "[MIR] quantum" [High,New] https://launchpad.net/bugs/1020603
<motorcity> anyone here?
<hallyn> if a bug gets marked 'invalid', it doesn't show up in LP searches right?
<Daviey> hallyn: correct, but you should be able to search in an advanced search for it
<zul> hallyn: what did you have to do for libvirt permissions?
<hallyn> zul: I had to chown /var/lib/libvirt/images to libvirt-qemu:kvm and make it group readable
<hallyn> but i notice that on precise it isn't like that either
<adac> Hi guys. We had ldap auth via ssh on our server, but now want to move back to "normal" ssh authentication. Any odeas whcih files I need to change?
<th0mz> adac: etc/pam.d/sshd ?
<hallyn> zul: right now it seems to be working for me.  <boggle>
<adac> th0mz, I thougt maybe: /etc/pam.d/common-auth
<adac> but I'm unsure
<adac> th0mz, curretnly looks like this:
<adac> cat /etc/pam.d/common-auth
<adac> auth    sufficient      pam_ldap.so
<adac> auth    required        pam_unix.so use_first_pass nullok_secure
<hallyn> zul: ah i think it just needs go+x
<hallyn> zul: I'm guessing libvirt-bin.postinst no longer does chmod 711 ${ROOT_DIRS}  (checking)
<hallyn> hm, it says it does
<armaan> Problem in setting up openldap? Getting this errro :ldap_bind: Invalid credentials (49)
<hallyn> zul: d'oh!  when i just install libvirt-bin, the perms are right
<zul> hallyn: so its an upgrade issue then
<hallyn> zul: no,
<hallyn> zul:  i think libvirt is doing it itself
<koolheadd17> armaan, hey there
<koolheadd17> adam_g, ping
<uvirtbot`> New bug: #1025336 in php5 (main) "installing php5-curl reloads apache *before* it's set up" [Undecided,New] https://launchpad.net/bugs/1025336
<armaan> koolheadd17: hey...
<hallyn> zul: steps so far to reproduce.  spin a new instance.  install libvirt-bin.  ls -l /var/lib/libvirt -> images looks good.  now connect with virt-manager as a user.  images dir is no longer good
<koolheadd17> armaan, the document did not help you to configure ldap
<koolheadd17> ?
<hallyn> checking to see if it's libvirt itself, or virt-manager
<armaan> koolheadd17: Nope
<armaan> koolheadd17: got the same error
<koolheadd17> armaan, can you do one thing
<armaan> koolheadd17: ??
<koolheadd17> setup a fresh instance
<koolheadd17> and try everything from scratch on that
<koolheadd17> if u get same error
<armaan> koolheadd17: already did it last night.
<zul> hallyn: maybe there is something in virt-manager that needs to updating
<koolheadd17> dont forget to file a bug
<koolheadd17> armaan, file a bug dude
<hallyn> zul: could be.
<armaan> koolheadd17: i think i have to do it now.
<RoyK> hallyn: erm - I have a setup like that
<armaan> koolheadd17: do you know someone who might have worked with ldap
<hallyn> RoyK: this only seems to affect libvirt on quantal
<hallyn> RoyK: results in non-root users being unable to remotely spin up images (unless they use ~/VirtualMachines for storage)
<RoyK> quantal?
<RoyK> oh
<RoyK> hallyn: I usually don't run pre-alpha software on my production machines ;)
<koolheadd17> armaan, i was able to get ldap configured without any issue in oneiric
<koolheadd17> so am saying
<koolheadd17> file a bug
<hallyn> RoyK: we're here to make sure it works for you when you switch :)
<RoyK> hallyn: good point ;)
 * RoyK hardly uses anything but LTS on servers, though
<armaan> koolheadd17: okie... i will try once more on a fresh vm if it failed i will file a bug.
<koolheadd17> yes sure
<bencer> hi guys, we are working on updating the zentyal packages for 12.10, but this is blocking us, any openldap maintainer around that can have a look? https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/82853
<uvirtbot`> Launchpad bug 82853 in openldap "Add support for the smbk5pwd overlay" [Wishlist,Confirmed]
<hallyn> zul: ok, yeah, virt-manager defines a storage pool, and it ends up with '<mode>0700</mode>' in the xml for it
<zul> hallyn: ah hah thought so
<hallyn> zul:  i assume libvirt is filling that in as a default.  not sure where we want to fix it
<hallyn> zul: gotta run a for bit, bbl
<hallyn> zul: all right.  so we could use commit 8a544719aa2fe92332756ea0483844b81d4d56ae which should change the default from 0700 to 0755.  but that's still not quite right :)
<hallyn> zul: so we may just want to custom patch it ot make 0711 the default.  not sure
<zul> hallyn: up to you
<smoser> rbasak, are you around? i was looking at zul's patch at http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/quantal/euca2ools/quantal/view/head:/debian/patches/add-armhf-support.patch
<smoser> which is now upstream at https://github.com/eucalyptus/euca2ools/commit/b89af8fa79d97a94c033a3d97610035b723f448c
<uvirtbot`> New bug: #1006553 in juju "local provider machine agent uses 100% CPU after host reboot" [High,In progress] https://launchpad.net/bugs/1006553
 * hallyn goes to check if that's his fault
<hallyn> not me
<hallyn> zul: mdeslaur: any objection to http://people.canonical.com/~serge/libvirt-perms.debdiff ?
<zul> hallyn: nope
<hallyn> zul: ok, thanks, will push.  (not *convinced* it's waht we want in the end, is all)
<mdeslaur> hallyn: I, uh...not really, if it doesn't break anything
<mdeslaur> hallyn: does virt-manager still work if you do that?
<hallyn> mdeslaur: without the upstream patch virt-manager is broken.  With just the upstream patch, virt-manager will cause /var/lib/libvirt/images to be 0755 (adding group and world read perms)
<hallyn> mdeslaur: yes.
<hallyn> mdeslaur: with the upstream patch and the additional one-liner, /var/lib/libvirt/images is back to 0711 as it used to be.
<hallyn> the q is,
<hallyn> will it confuse other people when they make a new custom storage pool
<hallyn> well i'll push this for now.  people can always jsut add the permission tag to their xml if it bothers them
<mdeslaur> hallyn: ok
<hallyn> mdeslaur: thanks
<koolheadd17> Daviey, ping
<irv> wehre can i find the shutdown logs from last shutdown?
<irv> nfsen is hanging up on shutdown so i want to see if there's any more info
<kirkland> utlemming: ping
<irv> it's also hanging on startup
<hallyn> stgraber: so the reason i hadn't done reboot yet is that lxc_start goes the lazy route - it doesn't clean anything up, just re-execs itself with origina larguments
<uvirtbot`> New bug: #1025418 in openssh (main) "Using ProxyCommand w/a non-existant host results in infinite spawns." [Undecided,New] https://launchpad.net/bugs/1025418
<RoyK> irv: should be in dmesg
<hallyn> i'm going to see just how much it would take to clean up
<RoyK> that's the current, though
<RoyK> irv: /var/log/syslog or /var/log/syslog.1 for last one
<hallyn> stgraber: yay, the only thing *crucially* needed was closing the /var/lib/lxc/container/command socket.  mind you i'm sure this'll leak memory like a seive for now, but it works
<Daviey> koolhead17 keeps missing me :(
<hallyn> stgraber: pushed my fix, reboot should now work.
<stgraber> hallyn: cool, thanks. Will test later (still need to finish adding get_config_item/clear_config_item)
<hallyn> stgraber: hopefully i didnt' mess you up by updating the patch
<hallyn> oh, your changes aren't to that patch :)
<stgraber> hallyn: yeah, my changes are in debian/python-lxc, you're the only one touching that patch :)
<hallyn> lynxman: as the common-law maintainer of ipxe, any comments on bug 1025239 ?
<uvirtbot`> Launchpad bug 1025239 in ipxe "kvm-ipxe does not support https" [Medium,Confirmed] https://launchpad.net/bugs/1025239
<RamJett> I have a NFS question. In NFS v4. How would I use the UID/GID of the client (passwd/group) to map. I do not even need the server to map user/group ..  I've been using NFS v3 for misc file servers and the server has never mapped the UID/GID ..
<stgraber> zul: could you take a look at bug 82853
<uvirtbot`> Launchpad bug 82853 in openldap "Add support for the smbk5pwd overlay" [Wishlist,Confirmed] https://launchpad.net/bugs/82853
<stgraber> zul: AFAICT the reason not to have smbk5pwd was that we weren't building openldap with heimdal-dev, but nowadays we are, so the delta doesn't make much sense and is preventing some folks like bencer from using the tool
<bencer> we need that for zentyal-users, having slapd synced with samba4
<zul> stgraber: im not comfortable of adding this for an SRU
<stgraber> zul: unless there's some other required build-dependecy that'd need MIRing to enable that, I'd suggest reverting that part of our delta and having that package built and put into universe (so we don't need to MIR extra runtime dependency)
<stgraber> zul: never said I want that in an SRU
<zul> and i dont really maintain openldap either
<bencer> zul: for 12.10
<bencer> https://launchpad.net/~zentyal/+archive/2.3/+files/openldap_2.4.28-1.1ubuntu4_2.4.28%2B51~precise1.diff.gz
<zul> ok
<bencer> didnt check that debdiff
<stgraber> zul: bencer is working on samba4 support in zentyal for 12.10 and it's apparently a requirement
<bencer> but i was told just enable that on debian/rules and the debian/control stuff
<zul> stgraber: well if someone wants to drive that than im fine with it
<sokol> Hi, does anyone encounter problem setuping cLVM. When i run vgcreate --clustered y mygrp /dev/sdb it reports it is created succesfully but when i try vgdisplay it says "Skipping clustered volume group..." and lvcreate does the same. am i doing something wrong?
<stgraber> bencer: can you give me a debdiff against quantal's current openldap? I can then review and sponsor if that looks good
<bencer> stgraber: deal
<\sh> anyone familiar with freeipa-client and authentication issues?
<koolhead11> hi all
<koolhead11> jcastro, where are you ppl?
<TheLordOfTime> koolhead11: pateince
<TheLordOfTime> we're not around 24/7 :P
<koolhead11> TheLordOfTime, :P
#ubuntu-server 2012-07-17
<PineappleCLock> Hello, I followed the server guide for installing rails, and I don't see how to actually serve the application. does apt-get install rails install Passenger / mod_rails ?
<irv> is it possible to add a cron job to be executed as my user account but start when the system reboots?
<irv> or woudl that be accomplished some other way?
<umopaplsdn> Can someone help me with an Ubuntu Server installation?
<irv> it's ZNC
<umopaplsdn> The problem is that I need to use a USB to install the server, yet I cannot find the Ubuntu Server 12.04 on the Universal USB Installer. I have downloaded the ISO. Any suggestions?
<zakk> irv: crontab -e as your user, afaik you can only do it on a time-basis but you could insert other logic into your script
<zakk> umopaplsdn: I just did this yesterday, it's below Ubuntu Studio 12.04
<zakk> umopaplsdn: it's like Ubuntu Server Installer 12.04
<umopaplsdn> Okay, thanks!
<umopaplsdn> I'll take a look.
<umopaplsdn> Oh I see... Odd place to put the server installer
<umopaplsdn> Thanks, found it.
<zakk> yeah I was kind of surprised
<umopaplsdn> See ya'!
<zakk> l8r
 * PineappleCLock redacts question
<irv> zakk: hmm, like i have a cronjob doing it that i added as my user
<irv> but it only launches ZNC when i login to the VM
<irv> the cron line is */2 * * * * /usr/bin/znc >/dev/null 2&1
<zakk> irv: I would just run that as a service via init scripting
<irv> that was my next option, but this was the only thing outlined in the ZNC faq
<irv> :P
<zakk> I'm not familiar with znc, but it sounds like a service
<zakk> so I'd run it and just have the init script su - to myuser
<Eitan> hey guys. i am hammering a new ubuntu server with tons of connections, i was running centos for my application before with no problems... For some reason i am getting a lot of connection time outs when establishing connections both mysql 3306 and redis 6397... first i found that syn flood protection was blocking some stuff, so i managed to turn that off. but im not sure to see where else
<Eitan> or why else connections are timing out as far as logs or perhaps if its a ulimit issue?
<Eitan> any ideas fellas
<aarcane> how can I tell the ubuntu server partitioner to use GPT partition tables?  It keeps wanting to make a legacy MBR partition table, and the usual utilities (parted, gdisk) aren't present on the installer.
<uvirtbot`> New bug: #998504 in samba (main) "samba generates errors when installing. Also have problems with samba4. Tried uninstalling and reinstalling." [Undecided,Expired] https://launchpad.net/bugs/998504
<uvirtbot`> New bug: #1000716 in php5 (main) "libapache2-mod-php5/php5-fpm post-inst script segfaults (exit status 139)" [Undecided,Expired] https://launchpad.net/bugs/1000716
<uvirtbot`> New bug: #993657 in samba (main) "package samba 2:3.6.3-2ubuntu2.1 failed to install/upgrade: subproses skrip post-installation terpasang menghasilkan kesalahan status keluaran: 1" [Undecided,Expired] https://launchpad.net/bugs/993657
<uvirtbot`> New bug: #994160 in memcached (main) "package memcached 1.4.13-0ubuntu2 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Low,Expired] https://launchpad.net/bugs/994160
<uvirtbot`> New bug: #995449 in php5 (main) "cannot install package php5-intl on 12.04 (Precise)" [Medium,Expired] https://launchpad.net/bugs/995449
<uvirtbot`> New bug: #995939 in mysql-5.1 (main) "package mysql-server-5.1 5.1.62-0ubuntu0.11.04.1 failed to install/upgrade: el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,Expired] https://launchpad.net/bugs/995939
<uvirtbot`> New bug: #996293 in samba (main) "Cannot login using active directory users ( Unknown id: $username )" [Medium,Expired] https://launchpad.net/bugs/996293
<kyle6513> I'm having trouble getting php5 to execute scripts on an apache2 install, it's just displaying the scripts. Anyone who can help?
<zastaph> I wonder why I didn't hear about the RAID write hole until now that I actually decided to go RAID
<zastaph> now that I know about it, it's the first thing I would tell people if they asked me advice about RAID :)
<zastaph> now I wonder how to deal with it
<zastaph> would an UPS be sufficient?
<ivoks> raid hole?
<zastaph> http://en.wikipedia.org/wiki/RAID_5_write_hole
<zastaph> I also understand now that ZFS was invented to deal with just that
<ivoks> raid5 :)
<zastaph> http://www.raid-recovery-guide.com/raid5-write-hole.aspx
<zastaph> nah it's in all of them
<ivoks> raid cards should allways have a battery
<zastaph> ok, but what about Linux Software RAID ?
<ivoks> ups, of course
<zastaph> yeah, so I'm looking for one now
<ivoks> this isn't a big problem
<zastaph> and I presume for an UPS to have any significant impact, you need some kind of software to listen to the UPS and gracefully shutdown on errors?
<zastaph> like http://www.apcupsd.org/
<zastaph> but does it run in Ubuntu ?
<ivoks> that's a definition of ups :)
<zastaph> does APC deliver that software? i tried to read manuals, couldn't find info
<ivoks> and this problem is not frequent
<zastaph> frequent or not.. silent data corruption sounds pretty bad to me
<ivoks> all major companies work with nut
<zastaph> I choose RAID to secure my data, not to corrupt it :)
<zastaph> nut?
<ivoks> and support its development
<zastaph> im a SOHO user
<ivoks> nut, yes
<ivoks> apt-cache show nut
<ivoks> http://www.networkupstools.org/
<zastaph> sudo apt-get install nut ?
<zastaph> sudo service restart nut
<zastaph> voila?
<ivoks> you need to configure it, of course
<ivoks> for your ups
<zastaph> need to find compatible ups too I guess
<ivoks> http://www.networkupstools.org/stable-hcl.html
<zastaph> but why not http://www.apcupsd.org/ if I buy APC anyway
<ivoks> that's also an option
<zastaph> I don't need a big battery or anything, and I don't need uptimes at all.. i'm only buying UPS to avoid write hole and as surge protection.. so 1-2 minutes of shutdown time for 2 mini servers at less than 50W each
<ejv> my apc is buggy on 10.04 lts, your mileage may vary
<ivoks> i had no problems with eaton, powerware and blazer
<zastaph> ivoks, can you narrow those 3 down to 1 recommendation? :p
<ejv> the ups itself is fine, it just loses it's connection to apcupsd constantly
<ivoks> zastaph: i can't - check them out, see what you can get and what prices are affordable for you
<zastaph> with so many UPS options I figure I'd spend all day picking one :p
<zastaph> the joy of linux.. reading about hardware support
<ivoks> i've seen hardware that doesn't work with windows
<ivoks> actually, i see it on a daily basis :)
<zastaph> yeah but all hardware vendors write on their support page if they have windows or mac.. for linux you need to search elsewhere :)
<zastaph> speaking of, did you see http://liliputing.com/2012/05/first-look-at-project-sputnik-dell-xps-13-ultrabook-with-ubuntu-linux.html
<zastaph> I'd like that,but seems not quite finished/supported http://hwe.ubuntu.com/uds-q/dellxps/
<ivoks> yes, i've seen it
<ivoks> and, afaik, multitouch has been resolved since then
<ivoks> lol that video just shows that trackpoint is unbeatable innovation :)
<zastaph> Dell is on the top of the list for hardware certification http://www.ubuntu.com/certification/desktop/
<zastaph> yet a laptop has to be customized for ubuntu and even that isn't finished :)
<zastaph> i think hardware support is what prevents me from going full ubuntu
<zastaph> for desktop that is :)
<ivoks> that's a list of machines that were given to get certification
<ivoks> it's in no way full list of working devices
<zastaph> I also wanted to try to install it on a macbook: https://help.ubuntu.com/community/MacBook
<zastaph> but reading that list of different side-effects on all versions of Macbook matched with all versions of Ubuntu made me change my mind :)
<RoyK> anyone here ever setup sanlock with kvm?
<zastaph> ubuntu for Slate computers also seems risky https://wiki.ubuntu.com/ARM/TabletList
<zastaph> ivoks, seems powerware is eaton
 * RoyK has a pandaboard with precise ;)
<rbasak> smoser: sorry, I wasn't around. Ping me when you get in if you like.
<zastaph> I presume you connect an ups to your servers with one power cable and one usb cable? so to notify 2 servers about power failure I need one that has multiple USB.. seems the cheap ones only has 1
<zastaph> http://askubuntu.com/questions/107883/how-to-use-a-eaton-3s-700va-ups-with-ubuntu-server
<zastaph> if my power goes, the network goes
<zastaph> so I guess servers would shutdown alone if the network went
<RoyK> zastaph: if the UPS can't hold power sufficiently long for the servers to be shut down, ten get a new UPS :P
<zastaph> ahh the switch will also be on ups, but my internet router will be in another room.. but i guess that wont break the LAN
<zastaph> but the router is the DHCP server
<zastaph> so probably it will break something on the LAN
<zastaph> oh well I only have 1 server with valuable files on.. the other server is a backup server, and I guess it wouldnt be disaster if it wasnt rock solid
<zastaph> but then the UPS battery will always be emptied, if even some units attached aren't aware of the power fail
<kuul> Hi i am trying to create clustered lvm but i can not pass "vgcreate --clustered y my group"  command on 10.04. am i doing something wrong?
<uvirtbot`> New bug: #1025595 in tomcat7 (main) "tomcat7 test failed: AssertionError: ['tcp6 0 0 :::8080 :::* LISTEN 898/java '" [Undecided,New] https://launchpad.net/bugs/1025595
<reisi> after enabling sssd via pam and nsswitch.conf shouldn't i be seeing all my users (from sssd domain[s]) with getent passwd?
<reisi> with sssd debug level 0x1310 i cannot see anything related to authentication when i try to login into the system; any ideas?
<reisi> auth.log has: pam_sss(sshd:auth): received for user reisi: 10 (User not known to the underlying authentication module)
<jamespage> rbasak, around?  probably easier to discuss that jenkins thing
<rbasak> jamespage: yes
<jamespage> rbasak, just reading - does this stuff run in a jenkins job?
<rbasak> jamespage: yes - the code you see creates the jenkins job with that as the contents
<rbasak> jamespage: although, that's odd. It expects to be at the root of the checked out tree
<rbasak> I'm not sure I follow what Al's doing any more
<rbasak> Won't he end up two levels higher if he does that?
<rbasak> ahs3: ^^
<jamespage> rbasak, me neither - I think I'm lacking context as to what he's trying todo
<jamespage> rbasak, do you inject config.xml files directly into the filesystem; or do you use the REST API through python-jenkins?
<rbasak> API
<jamespage> rbasak, right-oh
<jamespage> zul, adam_g: did I see some crazy mad talk about adding nodejs to the dependencies of horizon?
<zastaph> is it possible to buy a RAID BBU cheap?
<ikonia> BBU ?
<_ruben> depeonds on the raid controller obviously
<_ruben> but they're easily close to $100
<zastaph> I dont want to use hardware raid because if the card breaks I need to find an exact match
<zastaph> but I thought about using just the BBU part of the card
<zastaph> sounds complicated
<zastaph> BBU = battery backed cache?
<andygraybeal> lots of raid on ebay, right?
<andygraybeal> just buy a popular used one
<ikonia> what's a BBU ?
<zastaph> is it possible to use an SSD for raid cache, as replacement for BBU?
<zastaph> anything to prevent raid write hole
<ikonia> zastaph: I wouldn't suggest that
<ikonia> zastaph: you want a crappy host raid card, they are cheap, you want a quality true hardware raid controller, they are not
<zastaph> I just want to setup a server and sleep well at night
<ikonia> then buy a hardware raid card
<ikonia> (that has good linux support, eg: 3ware, LSI)
<zastaph> and if the card breaks in 4 years when they are discontinued?
<ikonia> then replace with a different card
<ikonia> or buy from an EOL supplier
<zastaph> I read that you can't just get your data back if a hardware raid card breaks
<ikonia> that isn't true
<ikonia> are you doing a stripe or a mirror ?
<zastaph> i don't know.. 2 servers with 4 disks.. probably 5/6 for backup server and 10 for file server
<ikonia> well, the mirror certainly shouldn't be a problemn to revover from,
<zastaph> 3ware/LSI over budget
<ikonia> the stripe, I guess it depends on the mechanism it uses
<ikonia> zastaph: then you need to accept the limitations of your budget
<_ruben> safety costs money
<_ruben> and no, using a bbu without a raidcontroller is not possible
<ikonia> the good thing with the LSI/3ware you can upgrade your card model and the raid is still valid
<_ruben> well, zfs with its cache on ssd is as close as one gets i guess
<zastaph> so.. if I get an UPS, would it be safe enough?
<ikonia> you don't even have to rebuild the array, I moved from an 8 series to a 9 series card without issue
<ikonia> zastaph: it's up to you what you consider safe
<_ruben> ups wont help if your system crashes
<RoyK> zastaph: you don't lose your IP if the DHCP server goes down
<zastaph> RoyK, yeah I figured that too :) just need to choose the right UPS
<ikonia> errr, UPS isn't really the priority here.
<zastaph> someone here must use UPS? and have good or bad experiences with ubuntu server
<ikonia> unless I've missunderstood
<ikonia> I use many small and enterprise UPS devices
<zastaph> small
<zastaph> not interested in uptime at all
<ikonia> APC
<zastaph> data safety all the way
<ikonia> then why are you buying UPS
<ikonia> I have two in my house
<ikonia> if you are not interested in uptime
<zastaph> to avoid raid write hole
<zastaph> and power surges
<ikonia> UPS will only give you safe shutdown in the event of power loss
<_ruben> a raidcontroller with bbu would be more usefull than a ups
<ikonia> yeah,
<zastaph> seems complicated to install one in my hp microserver
<zastaph> if there's even space for it
<zastaph> I don't have enterprise needs.. I just want to protect my data
<_ruben> as stated before, everything has its price :)
<zastaph> ok i'll accept my limitations :) btw. are some RAID setups more prone to write hole than others?
<zastaph> there gotta be a reason it's refered to as raid 5 write hole
<zastaph> and I also read about software that can detect write holes.. perhaps I can accept the unlikely chance of having one, but then I would like to detect it early
<_ruben> not using raid5 would be another option obviously
<zastaph> yeah I thought about not using RAID at all
<zastaph> but then 4 2TB disks suddenly seems like an awful waste :)
<zastaph> i thought about some kind of rsync replacement
<zastaph> to deal with mirroring
<zastaph> but as I read it, all RAID types (except ZFS) has write holes
<zastaph> unfortunately using ZFS requires you to deal with operating systems miles from ubuntu server in usability
<ivoks> have you ever configured raid in your life?
<zastaph> never :)
<zastaph> but my theory is getting stronger
<samba35> i am "trying " to understand openstack , i have test website installed and it was working as expected but after installed some packages and openstack my default web site is showing ubuntu  openstack dashboard page with username and passwd option how do i fix this  or how do i trace this
<_ruben> raid5 isn't the only raid level....
<zul> jamespage: if i can avoid it
<zastaph> ruben, I know, and? as I wrote the other raid level has the write hole too
<zastaph> ikonia, what UPS did you have, and do they play well with ubuntu server?
<_ruben> zastaph: as i read it (only read the wikipedia article on it), it'd be limited to raid levels that use partiy, so raid1 and raid10 for instance don't suffer from it
<_ruben> sure, corruption can still occur
<zastaph> ruben, http://www.raid-recovery-guide.com/raid5-write-hole.aspx
<_ruben> if a disk is starting to fail, you can get corruption as well, raid or not
<zastaph> ok so what's difference betwene write hole and corruption?
<zastaph> that link says RAID 10 inherits it from RAID 1
<_ruben> write hole appears to be just one example of possible corruptions
<jamespage> zul, that would be good....  its extremely fast moving so not really suitable for LTS style support IMHO
<_ruben> ah, then it's just a name to indicate any "raid-related" corruption after all
<zastaph> probably
<_ruben> with raid5 a write failure could go undetected, with raid1 it would be detectable
<zastaph> notice the list of tips to reduce the effects below
<zastaph> UPS and  "Synchronize your array regularly"
<zastaph> I wish he would specify how
<ikonia> zastaph: I'm using APC, yes they work fine
<zastaph> ikonia, nut or apcupsd
<ikonia> apcupsd
<zastaph> and you have 2 because they control 2 computers I guess? why not 1 to control all
<ikonia> I have one because I have two setups, one in the cellar and one in the attic
<ikonia> they power 2 - 3 devices each
<ikonia> give approx 15 - 20 minutes of run time to the 2 - 3 devices and a clean shutdown and alert
<zastaph> and i presume they only have 1 usb? so the other 1-2 devices gets notified by network from the master computer?
<ikonia> correct
<ikonia> there is a script on the master that will shutdown the other 2 and the master shutdown gets invoked from the unit
<zastaph> how often do you change the battery
<ikonia> not changed either in 2 years
<ikonia> still showing %100 charge
<zastaph> isn't 15-20 minutes overkill simply for shutting down?
<ikonia> the two power outages I've had they have both held up exactly as expected
<ikonia> the batter test option is still showing fine
<ikonia> zastaph: it doesn't shutdown until it's a confirmed long outage
<ikonia> I don't want to shut everything down if it's just a little blip
<zastaph> right
<ikonia> I think the threshold is 7 minutes-ish I set on the delay
<ikonia> I can't remember, it's 2 years ago
<zastaph> and surely you tested it :)
<ikonia> yes, and I've had 2 unplanned outages that worked fine
<ikonia> (I may have had more, but I can only think of two)
<ikonia> I've had a few blip outages of 90 seconds or less that obviously didn't cause a problem
<ikonia> the two outages that where long ones worked fine
<zastaph> recall the model number?
<ikonia> hang on
<ikonia> I'll see if it's on the site
<ikonia> although I'd still suggest you invest in a proper raid card over a ups
<zastaph> don't think I have this option with my 2 atom based mini servers :)
<ikonia> Pro 900
<_ruben> must be tiny instead of mini servers, if there isn't room for add-in cards
<ikonia> I do have a 3rd the pro 550, but that's not hooked up to computer equipment, that's powering my PVR and a few other odd house hold items
<ikonia> I suspect the 550 would be perfect for your needs
<zastaph> even just backups ES series (not pro) might be
<ikonia> I'm not sure how the shutdown stuff works on the ES stuff, I wasn't convinced by it when I looked
<ikonia> things may have changed
<zastaph> it's terrible how many different models they have :)
<zastaph> http://justwhatdoyouthinkyouredoingdave.blogspot.com/2012/06/ubuntu-nas-zfs-on-hp-microserver.html
<zastaph> native linux ZFS filesystem ?
<zastaph> As of June 2012, the port is in release candidate status for version 0.6.0, which supports mounting filesystems
<zastaph> not ready for production i presume?
<reisi> zastaph: i just tried out zfsonlinux.org for server usage; basically it's not there yet
<zastaph> thought so
<reisi> zastaph: if you want to try it head over to #zfsonlinux
<reisi> zastaph: you'll need to use spl and zfs from the gentoo branch of ryao, and patch a custom kernel
<zastaph> in other words, no thanks :)
<reisi> zastaph: last is optional, but basically required as it could cause rare deadlock
<zastaph> i could imagine not using raid at all
<reisi> zastaph: i tried it with ryao's branch but without the kernel patch, everything worked out nicely, even with swap over zpool, but the discussion over the kernel patch lead me to believe it's rather essential
<zastaph> just the word branch makes me say no thanks :) if the master branch isn't capable i'm not joining yet
<zastaph> also.. ZFS is all about revisions .. with RAID there's no revision.. it's just RAID :)
<reisi> if you mean RAID == mdadm there are revisions as well, but i guess those happen less "often" (not that zfs upgrades that often it'd seem)
<xnox> well RAID = mdadm has multiple format revisions, there are dataformats as well e.g. ISMS/DDF, and hardware raid controllers...
<ivoks> for someone that is so afraid about exceptionally rare problem, you are buying a server that will probably crash and burn before you ever see 'raid hole'
<xnox> usually borked hw controller means you need to find the exactly same matching controller...
<ivoks> if you have so precious data, which even backups can't restore, then you should buy a DC, not a microserver
<ivoks> DC with bunch of servers, replication and hardware raid cards of $500+
<reisi> apparently i jumped into the middle of the conversation..
<ivoks> :)
<ivoks> xnox: not exactly the same, but from the same vendor
<Exopaladin> I like zfsonlinux for my file server at home, but wouldn't run it on a production server :P
<xnox> ivoks: some vendors don't tell you which controllers are compatible, and if you bought one 10 years ago....
<reisi> Exopaladin: exatcly; but i guess it'll be ready for server testing soon, i hear some are already running off btrfs as well :)
<Exopaladin> I'd almost trust zfsonlinux more than btrfs, the fact that their latest news announcement says they now have an fsck that fixes *some* problems isn't exactly encouraging
<ikonia> pretty hard to argue btrfs's stability when Oracle have deemed it production ready
<zastaph> problem is I don't know how rare write hole is.. and I don't know how serious it is when it happens.. is it a hole that keeps digging itself deeper, or is it just a corruption that occurs on the active file being written to during power outtage ?
<zastaph> Eaton Ellipse ECO line of UPS's look nice
<zastaph> and they verified to me that their own software is ubuntu compatible
<zastaph> http://pqsoftware.eaton.com/explore/eng/ipp/default.htm?lang=en
<maplesoft>  I cant run a .jsp or .war     by tomcate.  i have mady /user/www as my apache dir for php and html files and place .jar and .war in that too.      https://help.ubuntu.com/12.04/serverguide/tomcat.html#tomcat-configuration       i cant get help from httpd or tomcat channels
<jamespage> maplesoft, I think I understand your question
<jamespage> tomcat won't by default look for war/.jsp files in /usr/www
<jamespage> each war file (which can contain .jsp's) must be placed in /var/lib/tomcat6/webapps
<maplesoft> jamespage hm... when i type mydomain.com:8080  it shows ....."it works. " so where is that file that sys that?
<maplesoft> jamespage It works!
<maplesoft> This is the default web page for this server.
<maplesoft> The web server software is running but no content has been added, yet.
<maplesoft> where is this file located?
<maplesoft> the mysite.com:8080/index.jsp starts downloading . not executing.   so tomcat is not running. but it it is running and thats why i can see index.html on port 8080      ( mysite.com:8080 )  . what is happening?
 * maplesoft waits
<zul> maplesoft: check your logfiles they can you tell what is happening better than we can
<zastaph> phew, took 5 hours to narrow down the options for UPS to a purchase :)
<maplesoft> tomcat runs .html files in /var/www   on its default port of 8080 but does not runs .jsp files . instead it starts downloading them. why is that?
<zastaph> no wonder noone fixed the raid 5 write hole yet, it's patented: http://www.google.com/patents/US7069382
 * ogra_ is happy to live in times where you can patent a hole
 * xnox wonders if my hole is patented....
<ogra_> xnox, does it use multiple holes to merge to a big raid-hole ? then it might :)
<xnox> funny you should say that
<glance> zastaph: zfs / wafl solves raid 5 write hole another way, by cow
<zastaph> yes but zfs on linux is "pre-alpha" according to someone, and "release candidate" according to others
<zastaph> and I guess discussing opensolaris selections in here is not appropriate :P
<jamespage> maplesoft, tomcat does not server files in /var/www
<jamespage> are you sure that apache is not serving them?
<maplesoft> jamespage apache is stopped
<maplesoft> jamespage service apache2 status
<maplesoft> Apache2 is NOT running.
<maplesoft> jamespage please stick with me for some time
<jamespage> maplesoft, and tomcat is?
<jamespage> 'instead it starts downloading them. why is that?' would indicate that tomcat is NOT serving those files
<maplesoft>  * Tomcat servlet engine is running with pid 19127
<maplesoft> i have place files in /var/www
<jamespage> maplesoft, 'It works!' is the default page for apache2
<maplesoft> yes.
<jamespage> which would be configured to serve files from /var/www
<maplesoft> jamespage mysite.com:8080 gives me the file in /var/www
<maplesoft> jamespage what is ihappening
<jamespage> maplesoft, from the information you have provided I have no idea
<jamespage> take a look in /var/log/apache2 at the access log - this might tell you something
<maplesoft> jamespage ok. where the default file location for tomcat is confgured/changed?
<hallyn> smb: hi, is nfs expected to work in quantal right now?
<hallyn> i've got two instances running latest quantal.  /etc/exports has '/mnt <ipaddr>(rw,no_root_squash,no_subtree_check)', did exportfs -a, but the other host hangs when i try mount -t nfs -o rw ip:/mnt /mnt ...
<jamespage> maplesoft, I think you are trying to think of tomcat like apache
<jamespage> its quite different
<hallyn> i know we've switch to nfs by default being nfsv4, but...
<jamespage> everything gets deployed as web applications (.wars)
<beandog> hallyn the client mounting stuff should see something in system logs
<jamespage> maplesoft, which reside in /var/lib/tomcat6/webapps
<beandog> or the server might, too
<jamespage> maplesoft, the ROOT directory containing the context that maps to /
<hallyn> beandog: doesn't.  just get 'timed out' after awhile on the client
<jamespage> if you want to deploy .jsp's they must be contained in a web application under that directory
<beandog> where?
<jamespage> maplesoft, each web application sits on a 'context' - for example /var/lib/tomcat6/webapps/ubuntu-test.war would sit under the /ubuntu-test context by default
<jamespage> make sense?
<maplesoft> jamespage where do i need to put the .war file/
<jamespage> maplesoft,  /var/lib/tomcat6/webapps/
<jamespage> maplesoft, I think it can also just be a directory within that path - I don't normally deploy that way.
<maplesoft> jamespage iam following http://www.igniterealtime.org/projects/openfire/plugins/webchat/readme.html
<hallyn> d'oh, server reboot fixed it
<maplesoft> i should not put it in /var/lib/tomcat7/webapps/ROOT        but in /var/lib/tomcat7/webapps/someDir?
<maplesoft> jamespage ^
<jamespage> maplesoft, probably - assuming 'it' is the webchat application and it is a war file
<maplesoft> jamespage but any way. why is the file index.html in /var/lib/tomcat7/webapps/ROOT    not showing up on mysite.com:8080      and why the file index.html on /var/www show up when apache is stopped
<jamespage> maplesoft, I really have no idea - have you tried restarting tomcat7?
<maplesoft> mm. no
<jamespage> it might be you are getting a cached version of something...
<jamespage> just a thought
<jamespage> utlemming, bug nominations accepted
<utlemming> mr jamespage: most appreciated
<maplesoft> jamespage well its pointing at /var/www
<maplesoft> jamespage where is the config to change the default directory for tomcat7 ?
<jamespage> ttfn
<jamespage> rbasak, I think we need to re-consider the approach for the apache2 SRU/bug 988819
<uvirtbot`> Launchpad bug 988819 in mod-proxy-html "[SRU] wrong path to libxml2.so.2 in mod_security - broken by multiarch enabled libraries" [Undecided,Confirmed] https://launchpad.net/bugs/988819
<jamespage> if the minimal change to make stuff work is to drop the LoadFile stanza's in the config files that should be the fix.
<rbasak> jamespage: for the SRU, and leave Quantal alone (same as Debian)?
<jamespage> rbasak, yes
<rbasak> jamespage: that's fine with me
<jamespage> OK - lets check with SpamapS how we get whats in -proposed dropped....
<SpamapS> jamespage: very easily
<SpamapS> rbasak: are you saying that bug 988819 is "verification-failed" and that rather than uploading a new fix on top of that one, you'd like it removed from precise-proposed ?
<uvirtbot`> Launchpad bug 988819 in mod-proxy-html "[SRU] wrong path to libxml2.so.2 in mod_security - broken by multiarch enabled libraries" [Undecided,Confirmed] https://launchpad.net/bugs/988819
<rbasak> SpamapS: AIUI, it is difficult to verify, so the approach to fix is being reconsidered. So I guess that means I need to get the alternative done and uploaded to precise-proposed?
<SpamapS> rbasak: its easier to track if we do it that way really.
<SpamapS> rbasak: I'll mark it 'verification-failed' so it doesn't accidentally get sent to -updates
<rbasak> SpamapS: OK
<rbasak> SpamapS: I take it I still need to bump the version further though, as it's been in precise-proposed?
<SpamapS> rbasak: yes
<SpamapS> rbasak: -proposed counts as "being published"
<rbasak> SpamapS: ack
<nandersson> Hi, I would like to have some suggestions here. I am doing some packaging. I am installing a virtual machine (ova-format) using apt, but afterwards I would like to have the user automatically register that machine in Virtualbox. Is there a "best practice" as how to make the user aware after a package install that he must take action?
<nandersson> The thing is that apt-get is run as root, and it is the user that must register the vm afterwards.
<nandersson> I could probably hack something using /etc/bash.bashrc but I guess it wouldnt be standard, and it wouldnt look good. Quite the contrary it would be a pretty ugly solution.
<nandersson> Is there some standard way to tell the user that he has to take action? Some kind of hook.
<rbasak> nandersson: I'm not sure this is the right channel. Most server people don't use GUIs.
<rbasak> nandersson: if I understand you, you have more of a desktop question?
<rbasak> nandersson: or are you trying to do this on a terminal login? There is an motd system.
<nandersson> rbasak, well, it is more of a packaging question. Let say that after I do "sudo apt-get install my-package" - I also want to touch files in /home/my-user/ directory. Well, Perhaps I could do it in my-package.postinstall and have the script iterate over all directories in /home and make the change, or set a flag...
<nandersson> ...or have the script "su - my-user" and do the registration.... I guess that would do the job.
<rbasak> nandersson: see https://lists.ubuntu.com/archives/ubuntu-devel/2012-July/035546.html which has to solve a similar problem
<rbasak> nandersson: it won't work for you, but generally postinsts aren't really support to walk over home directories like that
<jamespage> rbasak, I have another ARM kernel module request for omap4 (and others) - rbd
<nandersson> rbasak, Yeah, it will be darn ugly but I think it would work
<rbasak> nandersson: only when users are using a local db. If they're on LDAP it'll break
<rbasak> nandersson: or if there's some kind of dynamic home directory mounting going on
<nandersson> rbasak, yeah, you are right about that :-/
<rbasak> anyway, I still don't think it's really a server question. Try #ubuntu-devel - you might get more relevant ideas!
<nandersson> (y) I'll do that! Thanks a lot!
<jamespage> nandersson, maybe a README.Debian might be a good approach - let users know which commands they need to execute to use the package fully
<rbasak> nandersson: or perhaps #ubuntu-app-devel would be more appropriate here
<nandersson> rbasak, I'll try both!
<rbasak> !crosspost | nandersson
<ubottu> nandersson: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.
<rbasak> jamespage: I'm not sure who to direct ARM kernel requests to, actually
<jamespage> rbasak, me neither :-)
<nandersson> jamespage, Yeah, if the users would be versed in Ubuntu... I am trying to do a "fool proof" solution here :)
<rbasak> jamespage: perhaps smb, in the kernel section of the meeting?
<rbasak> smb: who's the right contact for ARM kernel issues?
<rbasak> smb: (which aren't vendor-specific)?
<jamespage> rbasak, I just asked in -kernel
<jamespage> SpamapS, did you get anywhere with the fastcgi-developers mailing list?
<SpamapS> jamespage: not yet no
<SpamapS> jamespage: just sent another message to the admin listed on the listinfo page.
<SpamapS> jamespage: If they're not responsive, I think we should suggest that the ceph team maintain a fork
<jamespage> SpamapS, I've pinged the debian maintainer as well - you never know....
<SpamapS> jamespage: good idea
<pmatulis> strange, i install cobbler on 12.04 and syslinux is configured with 'Ubuntu MAAS'
<roaksoax> pmatulis: yeah, we need to drop that :)
<roaksoax> pmatulis: could you please file a bug and assign it to me?
<pmatulis> roaksoax: yes, ok
<\sh> kklimonda: ping freeipa..how can we add sudo-ldap support to the package without breaking the system a lot ? :)
<uvirtbot`> New bug: #990162 in python-greenlet "armhf version is unusable -- task switches will cause sigsegv's" [Undecided,In progress] https://launchpad.net/bugs/990162
<hggdh> Daviey: (following from -meetings): not really. We do not yet run automated arm tests.
<stgraber> hallyn: so, I'm looking at implementing get_config_item in the API but the code doesn't seem to match what you mentioned earlier on IRC :)
<stgraber> 21:04 < hallyn> returning the length, so you can do 'len = get_config_item(c, key, NULL); v = malloc(len+1); len = get_config_item(c, key, v)'
<stgraber> though it doesn't look like I can actually get the length with the current implementation
<stgraber> and looking at your tests, you seem to just be using fixed length char arrays?
<hallyn> if key is valid you should get back len
<hallyn> and the tests do
<hallyn> what are you getting back?
<stgraber> hallyn: hmm, can't see a test that matches my understanding of it. I was expecting to do len = get_config_item(c, key, NULL, NULL), then malloc and use get_config_item(c, key, value, len)
<hallyn> i don;t malloc in the tests
<hallyn> but that's irelevant :)  i print out the return values
<hallyn> and they were correct lengths for me
<stgraber> hmm, indeed, I just grepped and was surprised not to find a malloc in there, let me actually test my code, maybe it's working fine ;)
<hallyn> theres 1 test passing in null v as well
<Eitan> hello all
<Eitan> i am hammering a new ubuntu server with tons of connections, i was running centos for my application before with no problems... For some reason i am getting a lot of connection time outs when establishing connections both mysql 3306 and redis 6397... first i found that syn flood protection was blocking some stuff, so i managed to turn that off. but im not sure to see where else or why
<Eitan> else connections are timing out as far as logs or perhaps if its a ulimit issue?
<stgraber> hallyn: http://paste.ubuntu.com/1097049/ <- I have the feeling I did a pretty obvious mistake but it's not really obvious to me at the moment...
<aaas> any way i can benchmark my php performance?
<hallyn> stgraber: and what does the first call to getitem give you?  what len?
<stgraber> >>> test.get_config_item("lxc.utsname")
<stgraber> got len: 4
<stgraber> Traceback (most recent call last):
<stgraber>   File "<stdin>", line 1, in <module>
<stgraber> UnicodeDecodeError: 'utf-8' codec can't decode bytes in position 0-2: invalid continuation byte
 * stgraber adds a printf to also dump the value before the unicode conversion
<hallyn> stgraber: i wonder if you need a longer char * for PyUnicode_FromString
<hallyn> stgraber: note that depending on what PyUnicode_FromString does, you ouht to free the char *value you mallocd
<stgraber> hallyn: printf doesn't seem to be much more happy...
<stgraber> >>> test.get_config_item("lxc.utsname")
<stgraber> got len: 4
<stgraber> got value: ï¿½1i
<cwesterfield> Can someone tell me how ubuntu server is sourcing PATH? I need to add to it, but can't find it
<stgraber> cwesterfield: /etc/environment?
<cwesterfield> that's it
<cwesterfield> google is sometimes a hindrance
<hallyn> stgraber: what is lxc.utsname's actual value?
<stgraber> hallyn: considering the garbage, it's pretty likely that my malloc is the part that's wrong but I'm not sure how/why
<stgraber> hallyn: "test"
<hallyn> stgraber: d'oh
<hallyn> i shouldve looked closer at your pastebin :)
<hallyn> hm no, stil looking
<hallyn> stgraber: before calling the PyUnicode_FromString, can you do 'printf("key %s len %d value %p %s\n", key, len, value, value);
<stgraber> >>> test.get_config_item("lxc.utsname")
<stgraber> key lxc.utsname len 4 value 0x1b7da30 ï¿½Mï¿½
<hallyn> stgraber: is the hostname actually 3 byts?
<stgraber> hallyn: no, it's 4, though the malloc is for len + 1, so should be fine?
<hallyn> stgraber: can you pass 'len+1' in to the second lxc_get_item call?
<hallyn> stgraber: it's a bit confusing, but since i must have room for the trailing \0, i insist on having len+1 available to copy into
<hallyn> confusing because i pass len back...  but i f i pass back len+1 that's confusing too
<stgraber> hallyn: that worked indeed
<hallyn> somebody with a silver tongue is gonna need to write a terrific manpage for this :)
<hallyn> ^ note i disqualified myself
<uvirtbot`> hallyn: Error: "note" is not a valid command.
<stgraber> ;)
<hallyn> <blink>
<hallyn> ^ help
<uvirtbot`> hallyn: (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin.
<hallyn> ! help
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<hallyn> dang how many bots we got here
<stgraber> maybe adding an example of the malloc to the tests might help, I'm assuming I won't be the only one to copy/paste from it :)
<hallyn> stgraber: ok will do so right now
<stgraber> what's looking quite weird is the check (get_config_item(c, key, value, len + 1) != len) when len is the value you get from an identical call to get_config_item ;)
<stgraber> but yeah, it makes sense when you know ;)
<hallyn> luckily everyone will use the python api :)
<hallyn> stgraber: all right, pushed.  hopefully it passes.  (no vm at the ready to test on)
<stgraber> hallyn: can't remember, did we settle on having a way to query the list of keys set for a given network entry or not?
<hallyn> stgraber: not exactly, so for now you can look at the lxc.network.0.type and know what's valid based on that
<hallyn> hardcoded, but then i don't expect veth.peer to every become a valid key for macvlan, for instance :)
<stgraber> ok
<hallyn> stgraber: if you feel better about it, i can go ahead and ipmlmenet c->getkeys(),
<hallyn> and have 'lxc.network.0' return the valid list
<stgraber> hallyn: a few quick notes that I noticed while testing .get_config_item("lxc.network") is terminated by a \n, is that intended (I'd have expected \n separated, not \n terminated)
<hallyn> (c->getkeys(c, "lxc.network.0", value, len)
<stgraber> hallyn: +1 for getkeys() it'd make my life quite a bit easier ;)
<hallyn> stgraber: i waffled on the trailing \n.  you want me to skip that for the last one?
<stgraber> (or rather, make my future life easier by not having to update the hardcoded logic in python)
<hallyn> that'll mean that if there is only a single entry, there'll be no \n
<hallyn> it seemed inconsistent to me, but maybe it works nicer with str.split('\n') <shrug>
<stgraber> hallyn: yeah, I'd prefer no trailing \n as it'd indeed work better with split() :)
<hallyn> all right let me look through some remaining unreproduced bugs then i'll implement those two
<hallyn> bbl
<hallyn> stgraber: perhaps we should keep a wiki page with api todo's
<stgraber> hallyn: I was also somewhat surprised to see that lxc.cap.drop gets me a space separated list of values instead of separate lines like .network and it also seems to be fine having duplicate entries :)
<stgraber> hallyn: though I guess this kind of makes sense as it can be stored either as a single line or multiple lines in the config
<stgraber> +1 for wiki
<hallyn> right
<hallyn> i did space separate bc it works in config :)
<stgraber> can you make it \n separated? I think it'd make it less confusing for people doing
<stgraber> get_config_item("lxc.cap.drop")
<stgraber> getting = cap_sys_admin cap_net_admin
<stgraber> then doing set_config_item("cap_net_admin")
<stgraber> and expecting it to be set to "cap_net_admin"
<stgraber> instead of "cap_sys_admin cap_net_admin cap_net_admin"
<stgraber> making it multi-line would be a good indication that you need to clear_config_item() first
<hallyn> stgraber: https://wiki.ubuntu.com/lxc/apitodos
<hallyn> stgraber: ok
<\sh> did anybody played around with freeipa-client lately? ipa-getkeytab doesn't work :*
<stgraber> hallyn: is there an easy way for me to get the list of all keys accepting multiple values and requiring the use of clear_config_item?
<hallyn> stgraber: nope
<stgraber> hallyn: my plan is to have any of these key return a python list and have set_config_item(key, [list]) automatically call clear_config_item and set_config_item for each of them
<hallyn> (apart from looking at src/lxc/confile.c:lxc_clear_config_item())
<hallyn> stgraber: perhaps get_item("lxc") should return a list like "cgroup 1", "caps 1", where a 0 would mean not a list?
<hallyn> don't really like that, but not sure what better to give you
<stgraber> hallyn: oh, actually, there's an easy trick but that's going to make you revert one of your current change :)
<stgraber> hallyn: can you always add a trailing \n to these that are a list?
<hallyn> yes.  note though that not everything returning a list can be cleared
<hallyn> i.e. lxc.network.0.ipv4
<stgraber> hmm, why?
<hallyn> i dunno, the conf stores it as a list
<hallyn> so aparently you can have multiple values
<stgraber> so if lxc.network.0.ipv4 returns "1.2.3.4\n4.5.6.7\n" how can I set it to "8.9.10.11"?
<hallyn> clear all the networks
<hallyn> more to the point what does it mean to have 2 values
<hallyn> it may just be a relic of his early attempts at wrestling with the list api
<stgraber> two IPs on eth0?
<hallyn> yes
<stgraber> I'd expect it to be the equivalent of calling "ip -4 add <ip> dev eth0" twice
<hallyn> and what does that do?
<stgraber> put two addresses on the same interface
<RoyK> hrmf - http://paste.ubuntu.com/1097181/ <-- I have a job moving md0 from raid-5 to raid-6, but I have no idea whatsoever what's causing the traffic on the root (md3/sdh) - any idea what that might be?
<stgraber> which is a lot more common with IPv6 than IPv4, but still a pretty common usecase
<hallyn> stgraber: so you'd like a clear_item("lxc.network.0.ipv4") ?
<stgraber> ideally, I'd like clear_config_item on anything that's a list (where I know whether it's a list or not based on the last char of the matching get_config_item being \n)
<hallyn> stgraber: so should get_keys() just return "key1 is_list\nkey2 is_list\nkey3 is_list" (is_list = 'Y' or 'N')?
<hallyn> all right i can put a \n after the last one
<stgraber> I think I'd prefer to rely on get_config_item to know whether something is a list or not and just use get_keys() to know what keys are set under a given path (lxc.network.0 for example)
 * stgraber is starting to have the feeling we might actually get something that's pretty consistent and not too hackish ;)
<elguapo99> how do I add tab autocomplete to my ssh account?
<RoyK> elguapo99: it should be there by default, if you use a shell supporting it
<RoyK> elguapo99: ps $$
<elguapo99> I have tab autocomplete as su
<stgraber> RoyK: doesn't that require HashKnownHosts to be set to no? otherwise I don't see how you could complete the hosts
<elguapo99> but not as my ssh login
<raubvogel> I have a machine here that is supposed to be dhcp and dns for a subnet. When I boot a machine to the subnet in dhcp mode, it is picking an IP (and I can see in the leases file it giving its hostname), but the dns is not being updated
<RoyK> elguapo99: on which shell are you running that account?
<elguapo99> I think its bash
<elguapo99> $
<RoyK> ps $$
<RoyK> that shows the shell
<elguapo99>  7701 pts/2    Ss     0:00 -sh
<guntbert> raubvogel: does the dhcp server point the clients to the dns server?
<RoyK> elguapo99: try chsh -s /bin/bash
<RoyK> elguapo99: as that account
<elguapo99> The problem was that I was not doing bash
<RoyK> bingo
<elguapo99> so I have to type bash when I first log in
<raubvogel> guntbert: yep
<RoyK> elguapo99: see the chsh command above
<raubvogel> and I even checked the client's /etc/resolv.conf
<raubvogel> But, even nslookup fqdn dns.ip.address does not work
<guntbert> raubvogel: if you put your dhcpd.conf into a pastebin we could have a look at it
 * RoyK goes to get some sleep - nite...
<raubvogel> guntbert: http://pastie.org/private/ja7zx5gom4rtqtkijtidnw
<raubvogel> (using external ntp server)
<guntbert> raubvogel: looks good (aka I can't spot an error :-)) - do the clients pick up the ntp sevrer?
<raubvogel> I honestly have not checked because I need to deal with my dns/dhcp issue and then why the firewall (ubuntu 12.04) iptables are inop
<raubvogel> guntbert: My main issue with dns is the hostnames for the dhcp clients are not being added to bind
<guntbert> raubvogel: my question was meant to help find the bug
<guntbert> raubvogel: for the dhcp->bind wouldn't you need a key for authorization?
<raubvogel> I understand; I am just a bit in a panic mode right now. I do not even can think of a good way to see if the clients see ntp. They do get the nameserver though
<RoyK> raubvogel: what clients? dhcp?
<raubvogel> RoyK: exactly
<RoyK> what client OS?
<guntbert> raubvogel: ahh - I misread - now I understand the issue - well for the updating of the DNS databse you will need some kind of authorization
<raubvogel> ubuntu 12.04 just like the dns/dhcp server
<RoyK> raubvogel: I'd think setting up an ntp server listening to broadcasts/multicasts on that network will do a lot - IIRC the clients will attempt to sync to such a machine first
<guntbert> RoyK: only 7 minutes sleep? :-))
<RoyK> raubvogel: I don't think the ubuntu dhcp client can change the client's ntp settings ;)
<RoyK> guntbert: no, have to wait a while for some laundry...
<raubvogel> RoyK: should I drop ntp for now and focus on the other issue?
<RoyK> raubvogel: at least drop it in dhcp - rather setup ntp server on that server of yours and allow broadcast/multicast requests - it's rather easy, and I *beleive* the clients will try that first. if the clients connect directly to ubuntu's ntp server, it won't make much difference in the network traffic, though
<guntbert> raubvogel: lets clarify the issue: as far as the clients are concerned all is well, what bothers you is that the DNS server is not updated when a client get an address?
<raubvogel> guntbert: exactly
<RoyK> raubvogel: that's dynamic dns
<RoyK> not enabled by default
<raubvogel> RoyK: exactly. How do I enable it? I thought I have done but I probably overlook something
<guntbert> raubvogel: if I recall correctly you have to configure both servers to talk to each other and the DNS to trust the DHCP - therefor you need keys
<RoyK> raubvogel: google it
<raubvogel> guntbert: they are actually the same machine
<guntbert> raubvogel: doesn't matter, two different programs
<maplesoft>  have not been getting any help since a long time on this .  my tomcat is pointing towards /var/www instead of /var/lib/tomcat7/webapps/ and if i place a .jsp in /var/www   it starts downloading it instead of parsing it.  i had apache2 installed on my ubuntu but its now turned off.    what is happening?
<guntbert> raubvogel: as of now you only told dhcpd what kind of updates to send
<chiggins>  Hey I'm using likewise-open to bind my desktop to my domain, but my user doesn't show up in unity-greeter. How can I have it show up?
<RoyK> hm...
<RoyK> [108984.234696] ata4.00: failed command: READ FPDMA QUEUED
<RoyK> any idea how to map ata4.00 to a device name?
<_ruben> RoyK: i posted that question quite some time ago on askubuntu and got some nice "oneliners" for that
<_ruben> RoyK: http://askubuntu.com/questions/64351/how-to-match-ata4-00-to-the-apropriate-dev-sdx-or-actual-physical-disk
<raubvogel> guntbert, RoyK: I thought when I defined the ips I have in allow-update http://pastie.org/private/kddg4xci8uihvaq3fzeokq, in essence I am defining who machines can do the updating.
<raubvogel> Of course, since this machine has 3 ips (localhost, static internal, dhcp external) I wonder if that sufficed
<Eitan> where would be the place to check a log to see if ubuntu server was denying connections on port 3306 for mysql because there are to many active
<Eitan> im getting connection timeouts on my clients, but i cant find these connections anywhere on my db server
<raubvogel> Ok, dhcp-dns issue solved. Onwards to firewall!
<beandog> Eitan: was it previously listening remotely?
<RoyK> _ruben: thanks - guess I'll let this conversion to raid-6 go finish and then start testing...
<raubvogel> Shouldn't something like 'iptables -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT' in a firewall allow a machine behind it to reach a website?
<hallyn> all right i'll be back later to work on some apitodos
<maplesoft> jamespage  i have installed tomcate by tar. and still having same problem. its pointing to /var/www when i use mysite.com/8080
<raubvogel> Wouldn't line 21 in http://pastie.org/private/zlkonugv9eyij3km5jb8a allow me to connect to that site on port 80?
<bonez2046> after I upgraded from 10.04 to 12.04 when I boot my machine I get..."Waiting for Network Configuration"..and another advising Waiting 60 seconds, etc...yet, I have connectivity.. how do I prevent that message at boot up?
<bonez2046> I installed ubuntu 12.04 LTS, not the server version.... but i get that message
<peterrus> so there should be some way to disable that waiting
<bonez2046> that's what I'd like to find
<bonez2046> in fairness though, before I upgraded, if I blew the password, the way my system was configured I'd have to wait at least 2 minutes before I could reenter the password
<peterrus> this might be something
<peterrus> http://tech.pedersen-live.com/2012/05/disable-waiting-for-network-configuration-messages-on-ubuntu-boot/
<peterrus> what you should look for is a way to disable that waiting
<peterrus> still strange how it found its way to your regular ubuntu installation
<\sh> grmpf
<\sh> do we have a libldap package which is not build against libgssapi3-heimdal?
<\sh> but against libgssapi-krb5?
<bonez2046> tell me about it.
<bonez2046> its' frustrating
<bonez2046> thanks, I'll try that, very much obliged
<koolhead11> jcastro, ping
#ubuntu-server 2012-07-18
<hallyn> stgraber: bleh, a problem with set_config_item.  I was hoping to be able to 100% use the existing callback code.
<hallyn> stgraber: but if you want to be able to do set_config_item("lxc.network.0.ipv4", "1.2.3.4") when 2 nics are defined, that requires changes
<hallyn> bc right now it's all based on the order of items in the config file
<hallyn> i guess i must change that.  with the api it's too hacky otherwise
<hallyn> :(
<hallyn> added to todo list.  it would be a crime not to
<stgraber> hallyn: heh, sorry ;) note for the next open source project => properly design config file (and don't make it depend on ordering ;))
<addisonj> I am looking for any docs/guides on getting juju working with rackspace cloud via openstack?
<addisonj> anyone have ideas on that?
<addisonj> hey, people who are using node in production, whats your preferred way of doing server config and management?
<addisonj> oops, wrong channel
 * RoyK += 0xc0ffee
<RoyK> hm... where can I set the package version in making a deb package?
<RoyK> is the UEC still not possible in a mesh configuration? I mean - no single point of failure thing in front (although I know it's possible to build that fault tolerant with DRBD or similar, I just don't want all that hassle)
<alex88> hi guys, how can i disable ufw for an interface? as i'm trying to use multicast on private lan, and i want to disable firewall for eth1
<RoyK> alex88: afaict, ufw allow in on eth1
<RoyK> alex88: man ufw ;)
<alex88> i've tried "ufw allow in on eth1 from any to any"
<alex88> and it added the rule
<alex88> but it seems they stil don't see each other http://pastebin.com/7Qbh6nDs i'm trying to use corosync + pacemaker
<alex88> nm, it seems the same with firewall disabled
<Adri2000> does #ubuntu-cloud actually exist? (looks like I can't join because I'm not invited)
<RoyK> alex88: ufw disable ;)
<alex88> RoyK: yup, just tried, still not working, it was working fine before restart and now..boom
<RoyK> alex88: but - are you sure someone's actually listening to that multicast address?
<RoyK> alex88: also, make sure there's no router between your machine and whoever's going to receive that traffic
<alex88> RoyK: it worked fine until last restart, machines are using crossover cable, also, both corosync are running on same multicast address and port
<alex88> just that now, each machine doesn't see the other
<alex88> let me try to reboot again with ufw disabled
<alex88> mhh.. same thing
<alex88> RoyK: how can i check if something is listening on multicast?
<RoyK> lsof -p <pid> might help
<RoyK> that'd be the pid you hope is listening
<alex88> "corosync 6225 root    9u  IPv4              26096      0t0       UDP 226.94.1.1:5405"
<alex88> seems so
<RoyK> then debug that app ;)
<RoyK> or sniff the traffic on that host to see if you can see incoming multicast traffic
<Pupeno_W> How do I do sudo -u postgres without getting "could not change directory to "/root"", do I have to cd into some other directory or is there a better way?
<Pupeno_W> Maybe something similar to su -
<Pupeno_W> ?
<RoyK> Pupeno_W: su - postgres
<Pupeno_W> Can't sudo do it?
<RoyK> sudo si roy@smilla:~$ sudo su - postgres
<RoyK> postgres@smilla:~$
<RoyK> never mind the initial 'sudo si '
<Pupeno_W> That's still su doing it. :)
<RoyK> yep, with sudo helping
<RoyK> sudo -iu postgres
<RoyK> same thing
<RoyK> just a tiny difference in how the new shell is started
<Pupeno_W> RoyK: I'm not trying to have an interactive shell, just run a command.
<peterrus> pkexec?
<RoyK> Pupeno_W: no idea - according to the docs, -EH should help, but AFAICT it doesn't
<Pupeno_W> Okâ¦ thanks :)
 * RoyK tries to fix sanlock
<philballew> do we use SysV or Upstart in precise?
<RoyK> bpth, really, but upstart is preferred
<RoyK> sysv for things that don't do upstart
<RoyK> s/bpth/both/
<philballew> alright. seems good RoyK . Thank you for making Ubuntu awesome.
<KingKatari> i need to know how to use IPTables to allow any and all traffic to/from a specific IP allowed while any other rules in the IPTables are still in effect
<RoyK> !ufw
<ubottu> Ubuntu, like any other Linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo | GUI frontends such as Gufw (GNOME) and Guarddog (KDE from Lucid onwards) also exist.
<RoyK> KingKatari: normally, ufw is the preferred way of doing things unless you know iptables by heart and need more capabilities than ufw can offer
<RoyK> KingKatari: ufw allow from x.x.x.x will do what you want
<KingKatari> i need it via iptables
<RoyK> KingKatari: or iptables -I INPUT -s x.x.x.x -j ACCEPT will allow all traffic from that IP
<KingKatari> thanks
<RoyK> something tells me that if you didn't know that, you shouldn't be using iptables in the first place :Ã¾
<KingKatari> so iptables -I INPUT -s 97.96.233.45 -j ACCEPT will allow any traffic in from that IP and iptables -I OUTPUT -s 97.96.233.45 -j ACCEPT will allow all traffic out to that IP?
<RoyK> normally, the output chain won't block anything
<RoyK> but if it does, you need to 'iptables -I OUTPUT -d 97.96.233.45 -j ACCEPT'
<RoyK> -d, not -s
<KingKatari> what it is, is that a friend locked my vps down for me more so then what the Host provider does and i cant get ahold of him to mod it to allow some connections from the vps to a home server and vice versa
<KingKatari> lol i have a perl script on my vps that will query my windows system and then send the info to my linux system ( both windows and linux systems are on my home network ) but due to a conflict on my linux box on home network i cant run this perl script
<BuenGenio> hi
<BuenGenio> how do I get fts_lucene for dovecot? it's not in any of the repos, afaik
<Xeus> I'm trying to install ubuntu server and when I select the menu option to install it reboots the computer, any ideas?
<antihero> If I have PHP sending output to syslog with ubuntu, how do I make it go to it's own file?
<antihero> I have no idea what the default version of syslog installed with ubuntu is - rsyslog? syslogng?
 * KingKatari takes a sledge hammer to his bamt rig and begins to beat it to dust
<antihero> any ideas?
<RoyK> error: internal error cannot load AppArmor profile
<maplesoft>  iam unable to see room list or creat any room for xmpp based openfire server used kopete (didnt see any options for rooms) and fastpath webased client (didnt showed a list either . any help?
<raubvogel> Ok, resolvconf is driving me nuts
<raubvogel> so I removed it
<raubvogel> set both of my interfaces to static
<raubvogel> added the dns-nameservers stuff to both in /etc/network/interfaces
<raubvogel> and the dns-search thingie
<raubvogel> setup resolv.conf to match them
<raubvogel> i.e. they are all supposed to point to this machine since I have bind init
<raubvogel> I reboot
<raubvogel> my resolv.conf is changed
<raubvogel> wtf?
<raubvogel> This is 12.04 BTW
<azei> hello there
<azei> anyone here ?
<azei> i would like to run an application when you open a terminal
<azei> how to do ?
<Exopaladin> azei: Use a .bashrc file in your home directory maybe?
<azei> well do you heard about
<azei> cmartrix ?
<Pici> heh
<azei> hello Pici
<azei> do you know about that ?
<azei> i simply trying to launch this application at terminal startup
<azei> how ot o do ?
<azei> how to do ?
<Pici> azei: Ubuntu server doesn't have a GUI, so there really isn't any "opening a new terminal".  If you're running GNOME, or whatever, take a look at the manpage for gnome-terminal for the right arguments for doing whatever you want to do.
<azei> stop
<azei> you don't listening
<Pici> azei: then clarify what you're trying to do.
<azei> first tell me do you know that applicatioN ?
<Pici> azei: Yes, I've played with it before.
<azei> pefect we can exchange better
<stgraber> zul, bencer: uploaded openldap with smbk5pwd
<azei> when you try to ssh to your server
<zul> stgraber: cool
<azei> i would like that that application run itself
<rbasak> Daviey, smoser: for bug 1024408, my recollection is that add-apt-repository has never been in any relevant seed. I've always had to install it manually, and just verified this in Oneiric (I don't have a Precise non-VM image handy). But cloud-init depends on python-software properties (and more recently software-properties-common, bug 1021418), so we don't usually find add-apt-repository missing on cloud instances. Would adding software-properties-
<rbasak> common to an appropriate server seed be the best solution here?
<uvirtbot> Launchpad bug 1024408 in ubuntu-meta "Quantal installs do not include software-properties-common by default" [Undecided,Confirmed] https://launchpad.net/bugs/1024408
<uvirtbot> Launchpad bug 1021418 in cloud-init "Replace python-software-properties Depends with 'software-properties-common'" [Undecided,Fix released] https://launchpad.net/bugs/1021418
<rbasak> I'd certainly like to see add-apt-repository available on Server by default (VM or not)
<azei> and by pressing a key i would like that it give hand to prompt
<azei> how to do ?
<Pici> azei: adding it to the end of your .bashrc should be sufficient.
<azei> adding what to where ?
<bencer> stgraber: zul, cool thanks!!
<smoser> rbasak, well it seems that javiewr is implying there is a dependency bug
<smoser> (that i was not aware of)
<rbasak> smoser: "Quantal server installations do not include software-properties-common by default."
<rbasak> smoser: this has never been the case. Precise server installations don't include that either, AFAIK, and by design. Unless you install cloud-init
<azei> pefect Pici working
<smoser> it seems to me that adding it to server seed would be reasonable.
<Pici> azei: great
<smoser> rbasak, yes, but commen t2 in that bug suggests a dependencies problem
<smoser> (in addition to it not being seeded)
<azei> but it don't give the hand to cli
<azei> when you press something
<jamespage> rbasak, just uploaded you libnss-ldap fix to quantal - made one small tweak which was to use dh_link in the rules file rather than doing it using mkdir && ln -s
<rbasak> I think he might have it backwards. Comment #2 sounds like he expects add-apt-repository to appear if he installs python3-software-properties. This is now backwards. From >=quantal, you're supposed to install software-properties-common for add-apt-repository. bug 1021418
<uvirtbot> Launchpad bug 1021418 in cloud-init "Replace python-software-properties Depends with 'software-properties-common'" [Undecided,Fix released] https://launchpad.net/bugs/1021418
<azei> get my questioN ?
<rbasak> jamespage: I didn't use dh_link because the links file can't do multiarch. Or can it?
<jamespage> rbasak, you can use it directly in debian/rules
<rbasak> jamespage: ah, I didn't know that. Thanks!
<jamespage> rbasak, http://paste.ubuntu.com/1098313/
<rbasak> jamespage: got it. That makes sense. Thanks for the upload!
<jamespage> rbasak, I'm not sure whether we need to SRU that tho - its broken but are we actually seeing any bugs because of it?
<rbasak> jamespage: I fear that ldap nss is completely broken on precise, but that nobody has noticed
<rbasak> jamespage: actually no, scrap that
<jamespage> rbasak, well until somebody does and can come up with a test case....
<jamespage> lol
<rbasak> nss looks for /lib/.../libnsswitch_ldap.so.2 or something, which does exist (on amd64). So I think I agree - no SRU unless somebody complains with an impact statement
<rbasak> jamespage: however, armhf is completely broken right now and on my todo list
<jamespage> rbasak, ack
<jamespage> sounds good to me
<rbasak> Upstream detect the presence of glibc in an "interesting" way in autoconf, and an armhf system isn't glibc according to that :)
<rbasak> So it puts all the libraries in the wrong places
<henkjan> grmbl, server upgrade from lucid to precise
<henkjan> but grub doesnt fit in my bootsector :(
<henkjan> starting on sector 63
<patdk-wk> install it on your partition instead? and let the normal bootsector chainload it?
<henkjan> wil that work on an mdadm + lvm partition?
<zul> smoser: ping
<smoser> zul, here.
<zul> smoser: where can i get the cirios images again?
<smoser> zul, launchpad.net/cirros oficially
<smoser> but if  you are playing, i'd appreciate testing on http://cirros.brickies.net/download/0.3.1~pre1/
<smoser> zul, ^
<zul> cool beans
<maplesoft> which is the most feature full xmpp server ? any suggestions?  which one is this jabber.org using? how can i ban kick or gline (similer to irc) in jabber? using openfire at the moment? are there any stardard commands? which xmppds have largets user communities
<zul> smoser: does the cirios lxc image work?
<smoser> zul, i believe so
<Daviey> rbasak: agreed, that has always been the case
<Daviey> also.. vim being missing, wtf :)
<rbasak> Daviey: I found bug 439566
<uvirtbot> Launchpad bug 439566 in ubuntu-meta "add python-software-properties to ubuntu-standard" [Wishlist,Triaged] https://launchpad.net/bugs/439566
<Daviey> rbasak: perhaps liase with cyphermox?
<rbasak> Daviey: don't we just need to add software-properties-common to a seed now?
<rbasak> Daviey: which seed? ubuntu-standard?
<Daviey> rbasak: well, standard hits desktop aswell... is this just required for server?
<rbasak> Daviey: desktop ends up with it already I think. I think it should be in both though, since lots of Ubuntu-related instructions use add-apt-repository (eg. instructions on a PPA page)
<Daviey> rbasak: Okay, do you want to get a MP ready?  we'll JFDI and see if there is comment.
<rbasak> Daviey: OK, will do
<Daviey> supr
<jamespage> smoser, zul: how do you feel about an upgrade to python-boto?  I have one in the sponsorship queue....
<raubvogel> Does anyone have an example of an iptable egress rule (allow to, say, connect to www.server.com:80 from a LAN) for a firewall?
<smoser> jamespage, well.. i do not have strong feelings against.
<smoser> other than that i finally got to using the debian package in the last upload
<smoser> (after like 2 years of carrying our own)
<zul> jamespage: depends on the changelog
<smoser> zul, the changelog is massive of course
<zul> sure i wouldnt mind sticking it in the openstack-ci and see what breaks first
<smoser> http://paste.ubuntu.com/1098457/
<smoser> we are fairly light on boto usage. really
<Mkaysi> Hi, is it possible to install Ubuntu Server from USB-stick? I am just receiving error about reading from CD. What I want is to install Ubuntu Server and then install MATE on it, without getting Unity nor KDE nor XFCE nor LXDE.
<jamespage> smoser, yeah - I noticed
<zul> smoser: still i would rather have someone install it and the nova testsuite with it on though
<zul> safer than sorry
<jamespage> (debian package finally in use)
<jamespage> zul: does the nova build do that - I can check it if you like?
<zul> jamespage: sure
<smoser> http://paste.ubuntu.com/1098459/
<Mkaysi> Nevermind, Google is full of similar issues.
<smoser> i generally trust python-boto though to be backwards compatible.
<jamespage> smoser, ack - I pushed back on the additional changes proposed to the packaging anyway - I'll look again later.
<smoser> jamespage, mp link?
<jamespage> smoser, https://code.launchpad.net/~logan/ubuntu/quantal/python-boto/new-upstream/+merge/115465
<smoser> hm..
<MoleMan> I understand that you guys are doing and discussing specific dev stuff, but would it really be that hard to answer a few 30 second questions? (not me, just people I can see further up that have been completely ignored with questions that even I could have answered...)
<ScottK> Then why didn't you answer them?
<ogra_> ++
<jamespage> smoser, hm..?
<smoser> jamespage, my hmm... was just wondering why the suggested watch file move to pypy
<ssvss> N
<ssvss>  /statusbar window add -after lag -priority 10 act
<RoyK>  /me smiles
<ssvss>  sorry, new to irssi, and trying out some settings :)
<RoyK> np :)
<SpamapS> ssvss: 20 pushups, now!
<MoleMan> " 16:47:19 - Wed 18.07.2012 <ScottK> Then why didn't you answer them?" because I wasn't here, I was idle... I was commenting to people who were active and talking at the time...
<dbsr> good afernoon/eve people, can i ask support questions about ufw/iptables here?
<dbsr> imma ask my questions, and hope this is the right channel, because this is driving me crazy
<r0tha_> dbsr: lol
<r0tha_> go for it
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<dbsr> first, im new to linux, so, probably how i did it was not the most efficient way, i wanted to be able to open the ssh port on my server remotely through apache, made a c wrapper that gets called by www-data but is executed as root, the c wrapper calls a bash script that reads the ip from a text file the php page makes after i have succesfully logged in (prob could have used the c wrapper for it but this was easier :p)
<dbsr> anyhows, everything works
<dbsr> i use ufw by the way, not iptables itself
<dbsr> the rule gets added
<dbsr> but somehow
<dbsr> it doesnt work
<RoyK> what exactly are you trying to do?
<RoyK> open ssh port to apache seems rather - well - strange
<dbsr> the weird thing is, that when i add the rule with gufw, it does work, i checked user.rules, and it looks exactly the same, checked iptables-save no difference between the ufw added rule and the rule added through gufw
<dbsr> i dont open it for apache
<RoyK> explain the application
<dbsr> i use apache to open it 8)
<RoyK> what you are trying to do
<RoyK> trying to login via ssh on port 80?
<RoyK> or 443?
<RoyK> or what?
<adam_g> zul: can you push that python-warlock packaging somewhere so i can get builds going agian?
<dbsr> well, my server was gettung hammered by baddies tryingi to get access to it through ssh, i disabled password auth and am using keypass now, so its not really needed anymore
<dbsr> but i thought it would be fun to make
<zul> adam_g: yep
<dbsr> what it should do is when i want to ssh my server, i visit a php page that needs user/pass, when user/pass is correct, apache calls a script that opens the ssh port (22)
<dbsr> and when i close the remote session ive got a script that closes the port
<zul> adam_g: http://people.canonical.com/~chucks/tmp/
<dbsr> the problem is that somehow, i cant use ufw to open the port for my ip
<dbsr> when I add the exact same rule through gufw
<dbsr> it does work
<dbsr> and every setting file ive looked, both rules look exactly the same
<dbsr> I have even looked at the gufw source code to see if it is doing anything special when it applies the rules, couldnt find it
<dbsr> so im at wits end
<RoyK> dbsr: apt-get install denyhosts ;)
<RoyK> or fail2ban
<Seveas> or knockd
<Seveas> or use openvpn
<dbsr_> sorry guys, got d/c
<RoyK> Seveas: vpn is nonesense if you want a server to be available
<RoyK> dbsr: try denyhosts or fail2ban
<dbsr_> yea, im not making it as much any more for security reasons as for fun/learning
<dbsr_> im running fail2ban
<RoyK> then those worms won't get through
<dbsr_> yea, dunno much about that, but was wondering howd they get my servers ip
<dbsr_> i did register a website at freedns
<dbsr_> thought that was it
<RoyK> probably by sweeping
<dbsr_> like mass port scanners?
<RoyK> dbsr_: forget about secret addresses
<RoyK> just secure your host
<dbsr_> one of the ips that was hammering my server was apparently a well known botnet'
<RoyK> listen: they'll find your address, just secure it
<dbsr_> yea
<dbsr_> thanks for the advice guys, if anyone knows what could cause the discrepancy between gufw and ufw would be cool
<RoyK> dbsr_: the best advice is to secure your services - that way you won't need a firewall
<dbsr_> no firewall at all?
<RoyK> nope
<dbsr_> neither on the router?
<RoyK> a firewall is there to secure insecure systems behind it
<dbsr_> heh
 * RoyK works at hioa.no and we don't have a firewall
<dbsr_> like only idiots need virusscanners?
<RoyK> or windows users ;)
<dbsr_> heh
<dbsr_> same
 * dbsr_ windows user
<dbsr_> :)
<dbsr> well hi again, webirc is no good apparently :)
<dbsr> there has been one linux virus right? read an article about it a while back, decent read
<RoyK> dbsr: there have been worms, but no big one since the BIND worm back in 1999 or so
<RoyK> oh, 2001, that was
<dbsr> RoyK: Have you ever tried archlinux? thought it would be fun to try it out, heared it isnt really a distro for (headless) servers tho
<RoyK> dunno
<RoyK> ubuntu works well for me
<dbsr> fair enough, and any input on the lack of quality codecs for (hd) media playback
<dbsr> if theyd have those
<dbsr> i would switch back instantly
<dbsr> aight, thanks for the help, gn all
<streulma> hello
<streulma> my sh script works if I am in the directory, but not outwards
<raubvogel> Can anyone tell me why apparmor is not allowing mysql to start: http://pastie.org/private/idr4qq2ewnqewdtlfz0zlg
<raubvogel> googling did not get me a good answer so far
<SpamapS> raubvogel: I don't see any evidence that apparmor is preventing mysql from starting
<SpamapS> raubvogel: the profile_replace is just from /etc/init/mysql.conf loading its profile into place before it starts
<raubvogel> Ah ok. I have been having too much fun with apparmor this week so I am a bit in a knee-jerk mode
<SpamapS> raubvogel: check /var/log/mysql*
<SpamapS> Jul 18 12:45:54 certmysql kernel: [11966.798666] init: mysql main process (6145) terminated with status 1
<raubvogel> SpamapS: It did not write to its log file
<raubvogel> I think I know now what is going on
<raubvogel> bind-address
<SpamapS> raubvogel: when that happens I try running /usr/sbin/mysqld manually
<bananapie> Hi, I want to compile a package that was downloaded using apt-get source [package name]. I compiled it using 'dpkg-buildpackage -rfakeroot --target=x86_64'. I am running on a 32bit machine, I was hoping to cross compile. Can someone point me to a straight forward guide on how to do this ?
<smw_> I all, I have an ubuntu ec2 server and I am trying to use apt-get install. I cam getting 403s for everything
<smw_> led to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/pool/main/g/gtk+3.0/libgtk-3-common_3.4.2-0ubuntu0.2_all.deb  403  Forbidden
<smw_> s/led/Failed/
 * smw_ pokes utlemming
<utlemming> smw_: did you run "apt-get -y update" firsT?
<smw_> oh... that would be a good idea :-)
<smw_> thanks
<smw_> utlemming, it is working now :-)
<utlemming> smw_ :)
 * utlemming is happy
<utlemming> smw_: unfortantly, this is an area where I think apt is deficient
<utlemming> it should update the meta-data before any operation, so you don't see 403's
<smw_> yeah
<hoover_damm> Hi, trying to use perf-top and well perf in 12.04 can't seem to find the package that has it?
<uvirtbot> New bug: #882581 in glance (main) "install/upgrade questions re glance-manage db_sync" [Low,Confirmed] https://launchpad.net/bugs/882581
<uvirtbot> New bug: #974046 in maas (main) "running just the command "maas" causes an error" [Medium,In progress] https://launchpad.net/bugs/974046
<uvirtbot> New bug: #1007314 in krb5 (main) "trying to upgrade from 11.10 to 12.04: The package 'postgresql-contrib-8.2' is marked for removal but it's in the removal blacklist" [High,Fix committed] https://launchpad.net/bugs/1007314
<uvirtbot> New bug: #1026256 in pptpd (main) "pptpd.conf" [Undecided,New] https://launchpad.net/bugs/1026256
<uvirtbot> New bug: #1026261 in postfix (main) "[regression] mail stalls; postfix chroot setup nests /etc/ssl/certs to deep" [Undecided,New] https://launchpad.net/bugs/1026261
<uvirtbot> New bug: #1026375 in php5 (main) "package libapache2-mod-php5 5.3.10-1ubuntu3.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 (dup-of: 1026374)" [Undecided,New] https://launchpad.net/bugs/1026375
<uvirtbot> New bug: #1026057 in openldap (main) "Segfault when setting bad olcTLSCipherSuite" [Medium,Triaged] https://launchpad.net/bugs/1026057
<uvirtbot> New bug: #1026015 in openbsd-inetd (main) "wrong variable in /etc/default/openbsd-inetd" [Undecided,New] https://launchpad.net/bugs/1026015
#ubuntu-server 2012-07-19
<bca> {{done}}
<bca> oops
<demonspork> I have an old laptop running Ubuntu 12.04 server in a corner and I was wondering what software you would recommend to set up backups for it? The data that I really need will fit in my dropbox account but I would like to back the entire thing up to an external drive on a regular basis, preferably a barebones backup if that could be accomplished
<r0tha_> rsync
<uvirtbot> New bug: #1026402 in ceph (main) "mon cluster (no cephx) fails to start unless empty keyring files are created" [Undecided,New] https://launchpad.net/bugs/1026402
<MosquitoCR> Anyone knows what is a really good tool to stress the I/O read and write ? for raid 10 or raid 5 servers ?
<patdk-lap> sure, do whatever your going be doing on them
<patdk-lap> cause any benchmark you do will be meaningless, unless it correctly mimics your workload
<Skaag> is there some tool in ubuntu that I can install that exposes the server status via apache? (web)
<MoleMan> Skaag: 'server status' ?
<Skaag> I meant something like webmin but more decent ;)
<MoleMan> not sure about admin... but my google-fu suggests you look up cacti
 * MoleMan boots VM to look at
<Skaag> cacti is great
<Skaag> but it's a bit too much, and there's no control over the server, it just measures various metrics and graphs them with rrd
<Skaag> anyway never mind, I guess webmin will have to do for now
<MoleMan> what control did you want?
<Skaag> I guess what webmin doesâ¦ just with a nicer GUI.
<Skaag> I find the webmin UI repulsive.
<Skaag> but functionality is great!
<MoleMan> haha, are there not any replacement styles/themes available? bit of searching might turn up someones customised CSS for it or whatver...
<mgi> Hey, does anyone have any suggestions on how I could use smbios from the installer? I need to set PXE boot to false after the installer finishes so it doesn't PXE boot and install all over again. (This is normally achieved by executing smbios-token-ctl, however even if the binaries are on the /target I won't be able to run because I presume it installs some modules in the kernel)
<mgi> I hope some of that makes a little bit of sense.
<uvirtbot> New bug: #999725 in ntp (main) "broken start-up dependencies for ntp (starts before NIS is available)" [Medium,Expired] https://launchpad.net/bugs/999725
<ScottK> !webmin | Skaag
<ubottu> Skaag: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<ScottK> IIRC Zentyl (or something similar is suggested now)
<Skaag> oh cool
<Skaag> thank you!
<ScottK> MoleMan: ^^^ happy now.
<uvirtbot> New bug: #1026478 in samba (main) "CIFS: Files not shown in mount.smbfs directory listings" [Undecided,New] https://launchpad.net/bugs/1026478
<mardraum> anyone using quantal with kvm and libvirt notice that when libvirt 0.9.13 was imported virsh can't see VMs anymore (user is member of group libvirtd) unless running as root?
<mardraum> not sure if it's a bug or a change to the behaviour
<uvirtbot> New bug: #1026480 in openssh (main) "SSH broken with 'Corrupted MAC on input' in last QUANTAL upgrade" [Undecided,New] https://launchpad.net/bugs/1026480
<jamespage> mardraum, I see the same issue (just upgraded)
<jamespage> oddly I can see stuff using virt-manager
<jamespage> but not using virsh
<jamespage> mardraum, wanna raise a bug and I'll confirm it?
<jamespage> Daviey, the floodlight package it nearly there - upstream are testing from PPA ATM to validate its all good
<jamespage> but my local testing looked OK
 * RoyK is frustrated with ubuntu and kvm and the lack of sanlock support :(
<Daviey> jamespage: woot
<Pupeno_W> What does t mean as the execute permission for other in a directory? like: drwxrwxrwt  2 root root     4096 Jul 19 08:16 tmp/
<mardraum> jamespage: thanks. sure, I'll do it now.
<uvirtbot> New bug: #1025203 in quantum "Trying to overwrite '/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini', which is also in package quantum-server" [High,Triaged] https://launchpad.net/bugs/1025203
<mardraum> jamespage: Bug #1026515
<uvirtbot> Launchpad bug 1026515 in libvirt "virsh unable to see running VMs since upgrade to libvirt 0.9.13" [Undecided,New] https://launchpad.net/bugs/1026515
<jamespage> mardraum, on it now - thanks!
<Pupeno_W> Is there some program or way to check that the permissions of files and directories in /var are ok? I just accidentally changed many of them.
<disposab1e> if i only need vlanX interface in my /etc/network/interfaces (vlan_raw_device eth0), do i need a separate stanza for eth0 or does it get brought up when vlanX starts?
<disposab1e> i don't even want to have 'auto eth0' in there if i don't have to
<slide23> Does anyone know of a daemon that will monitor my internet connectivity and send me an email if it gets disconnected? It can't rely on an uplink test though it actually needs to try accessing something on the internet
<rubiojr> howdy folks
<rubiojr> http://askubuntu.com/questions/165075/how-to-get-isolcpus-kernel-parameter-working-with-precise-12-04-amd64
<rubiojr> I've been researching that stuff for a while
<rubiojr> hints?
<rubiojr> maybe kernel config related?
<rubiojr> do you believe that opening a LP issue is worth it?
<uvirtbot> New bug: #1025664 in mysql-5.5 (main) "package mysql-server-5.5 5.5.24-0ubuntu0.12.04.1 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,Invalid] https://launchpad.net/bugs/1025664
<alex88> hi guys, i want to run corosync after nova-network on boot, for now, i've removed corosync from boot and added "exec sleep 10 && service corosync start" at the end of /etc/init/nova-network
<alex88> which is obviously horrible, but i was just testing if that works, what's the correct way?
<jamespage> anyone care to give my an opinion on bug 1025418
<uvirtbot> Launchpad bug 1025418 in openssh "Using ProxyCommand w/a non-existant host results in infinite spawns." [Undecided,New] https://launchpad.net/bugs/1025418
<jamespage> s/my/me/
<rbasak> jamespage: his screenshot is on the client, isn't it?
<jamespage> rbasak, yes
<jamespage> its a misconfiguration of openssh
<rbasak> jamespage: best to compare this with a fork bomb I think. If he has permission to create a fork bomb, then this isn't a bug.
<jamespage> its more whether this is a 'vulnerability'
<jamespage> I just get dumped out when the bash can't allocate more memory....
<rbasak> If he does not have permission to create a fork bomb, and this allows him to, then it's a vulnerability
<jamespage> rbasak, educate me - how would I check that?
<rbasak> jamespage: I didn't mean as direct as that - just conceptually the boundary between a vulnerabiity and a misconfiguration
<jamespage> rbasak, ah - I see
<rbasak> jamespage: ulimit is the usual way to prevent resource exhaustion. On his machine, his ssh client is limited to that anyway
<rbasak> If he's exhausting resources as a client on his own machine, then he's not crossing a privilege boundary
<rbasak> If OTOH he manages to cause a resource exhaustion on the server, and the server is configured to resource limit him, then he's crossing a privilege boundary and it's a vulnerability
<rbasak> It's not clear to me that there's any resource exhaustion on the server at all. He says server, but it looks to me that's where he's running a client.
<rbasak> So what he's really after is configuring some resource limits
<rbasak> jamespage: I can comment on the bug if you like? I'll even mark it as Invalid :)
<jamespage> rbasak, well as its a FUD target its safe to assume that 'server' is the client in this case
<jamespage> rbasak, sure - feel free to comment and close - I think you are correct.
<rbasak> jamespage: re: bug 988819. I've verified that the fix appears to work, but am not sure how to test it fully. I've asked for test cases from the reporters on the bug. So it's now blocked on that. If this fix does work, then the only SRU will be for modsecurity-apache, which is in universe. Thus, is the 12.04.1 milestone target still relevant, or should I drop it?
<uvirtbot> Launchpad bug 988819 in mod-proxy-html "[SRU] wrong path to libxml2.so.2 in mod_security - broken by multiarch enabled libraries" [Undecided,Confirmed] https://launchpad.net/bugs/988819
<jamespage> rbasak, I think that the test case can be technical
<rbasak> I've verified that libxml2.so.2 is loaded, but not that it's functional
<jamespage> so for example I think its sufficient to say - yes we can restart apache OK with it installed and we can see that this library has been loaded by using lsof or suchlike
<rbasak> OK in that case we're done
<jamespage> rbasak, 12.04.1 is agnostic of location BTW
<rbasak> May I paste your comment in the bug please? :)
<jamespage> sure
<jamespage> do you fancy doing the same fix for mod-proxy-html as well?
<jamespage> rbasak, while you are there.....
<rbasak> Sure, is there a bug on that?
<jamespage> same bug
<jamespage> different task
<rbasak> Ah I missed that
<rbasak> No problem
<jamespage> rbasak, marvellous - thanks v much
 * rbasak gets to it
<jamespage> rbasak, if you ping me the branches I will upload for you as well
<rbasak> OK, thanks!
<jamespage> rbasak, so that means no fix in apache2 itself right?
<rbasak> jamespage: for SRU, correct
<jamespage> rbasak, OK - marking 'Invalid'
<uvirtbot> New bug: #1024641 in mysql-5.5 (main) "package mysql-server-5.5 (not installed) failed to install/upgrade: æ­£è¯å¾è¦ç /usr/bin/mysqltestï¼å®åæ¶è¢«åå«äºè½¯ä»¶å mysql-server 5.5.25a-2" [Undecided,Invalid] https://launchpad.net/bugs/1024641
<uvirtbot> New bug: #1026570 in openldap (main) "slapd has random connection failures related to "do_extended: protocol version (2) too low"" [Undecided,New] https://launchpad.net/bugs/1026570
<zul> good morning
<alex88> hi guys, i've two machines, configured in the same way, in one pacemaker starts, in the other it doesn't..how can i debug why?
<zul> alex88:  start by looking at the log file maybe?
<alex88> zul: it seems as it never started
<zul> alex88: checked the man page and put it in debug mode then?
<alex88> ok, give me a second
<zul> other than that i cant tell you what happened
<alex88> because pacemaker writes log to /var/log/cluster/corosync.log but i get "corosync [pcmk  ] WARN: route_ais_message: Sending message to local.crmd failed: ipc delivery failed (rc=-2)"
<alex88> let me search for debug
<alex88> there is a -v flag. i've added an echo to file in the init script just to get if it's called
<alex88> because after login i can start it without any problem
<zul> alex88: then you google that message and figure it out
<zul> and check for a #corosync channel
<alex88> kk
<alex88> thnx
<alex88> it says it has been started
<alex88> btw, i'll check
<hallyn> zul: libvirt in quantal has dropped the patch ubuntu/9002-better_default_uri_virsh.patch.  Just to make sure - that wasn't on purpose right?
<zul> hallyn: no
<hallyn> k
<jamespage> zul, hallyn: would that explain bug 1026515
<uvirtbot> Launchpad bug 1026515 in libvirt "virsh unable to see running VMs since upgrade to libvirt 0.9.13" [High,Triaged] https://launchpad.net/bugs/1026515
<hallyn> jamespage: yeah that's why i went looking
<jamespage> hallyn, ah - I see
<hallyn> do one of you have an /etc/ceph/ceph.conf?  does it look sensitive?
<hallyn> wondering if there is any reason qemu should *not* be given access t oit
<jamespage> hallyn, I do - one second
<alex88> a pacemaker purge->install make it working
<jamespage> hallyn, http://paste.ubuntu.com/1099990/
<jamespage> for a client like libvirt it just contains addresses for the ceph monitors and nothing else AFAIK
<jamespage> hallyn: I think it would be OK TBH
<rbasak> jamespage: tested and done the MPs in bug 988819
<uvirtbot> Launchpad bug 988819 in modsecurity-apache "[SRU] wrong path to libxml2.so.2 in mod_security - broken by multiarch enabled libraries" [High,In progress] https://launchpad.net/bugs/988819
<jamespage> rbasak, you are a star - thankyou!
<jamespage> I'll look at them PM today
<hallyn> jamespage: cool, thanks :)
 * jamespage looks forward to trying that out with hallyn's next upload :-)
<jamespage> rbasak, uploaded
<jamespage> rbasak, do we removed the verification-failed tag now?
<jamespage> rbasak, I expect SpamapS will tell us....
<rbasak> thanks jamespage!
<uvirtbot> New bug: #1026621 in nova (main) "nova-network gets release_fixed_ip events from someplace, but the database still keeps them associated with instances" [Undecided,New] https://launchpad.net/bugs/1026621
<tarvid> how do I track the status of bugs I have posted to launchpad?
<rbasak> tarvid: https://bugs.launchpad.net/~tarvid/+reportedbugs
<skrite> hey all, correct me if i am wrong. but the advantage of having a master-master mysql replication is that you can write to both computers, yes? Is that dangerous? I don't think i have an application that warrents a cluster.
<realnorth> anyone able to help me with some MaaS stuff?
<pmatulis> realnorth: just ask the question.  you might want to consider #maas as well
<realnorth> didn't know #maas existed
<realnorth> thanks
<realnorth> I created this here http://askubuntu.com/questions/165545/maas-install-64-bit-client-nodes-doesnt-work
<realnorth> but basically I can't get maas to install with 64 bit OS
<realnorth> it always does the 32 bit version
<realnorth> even though the processors are 64 bit
<jamespage> Daviey: around? I want to run a seed change past you before I do it....
<jamespage> skrite, its easier to have a master/slave and switch the personality of the slave if the master dies
<jamespage> OR have an active/passive cluster and use clustering
<jamespage> each has its positives and negatives
<jamespage> zul: how are you on seed management?
<zul> jamespage: tolerable
<zul> jamespage: whats up
<jamespage> zul, if I need to add a package to the 'supported' set for server; but not ship it anywhere; is the supported-misc-server seed the right place to add it?
<jamespage> its where all of the openstack stuff is...
<zul> jamespage:  yeah
<skrite> jamespage: we really only want to build this on two to three machines. The application is different from a webserver, most of our load is disk i/o.. we do data processing, control and monitoring of lab and industry machines.
<skrite> jamespage: so we take a lot of data in, we display it on a website, but that is not the major load.
<jamespage> skrite, what is your downtime tolerance like?
<skrite> jamespage: for a failure?
<jamespage> yep
<skrite> jamespage: if we are down less than an hour, when a machine melts down, we should be just fine
<jamespage> skrite, hmm - so quite low then
<jamespage> skrite, do you have access to a SAN or suchlike? or are they standalone servers?
<skrite> They are stand-alone servers
<jamespage> skrite, I'd probably go with an master/slave with replication then
<jamespage> that way if you get a machine that pop's badly enough to have to swap it out - you still have a database....
<skrite> right now, we use one server with MySQL replication master/slave and use the other computer to run some cron jobs to help process the data, but it is difficult to have it as a ready to go replacement set up like that
<skrite> because of how our data input and processing goes in.
<skrite> i would like, in an ideal scenario, to write to the database on more than one computer. We run a lot of processes that really work the hard drives
<skrite> what disadvantage is there with Master-Master ? i have set up master-slave many times, but never master-master.
<jamespage> skrite, I don't think that mysql can even do multimaster TBH
<skrite> oh
<skrite> well, i guess that master-slave will have to do if that's the case
<jamespage> skrite, without knowing the specifics of your application is hard to make recommendations
<jamespage> skrite, there are solutions which are more horizontally scalable than mysql
<jamespage> BUT they are not typically SQL/row based; so it requires a different approach to data storage and retrieval
<skrite> jamespage: yeah, the problem with a change in dataserver is that i have 5+ years of code that work with the MySQL server. Python, Ruby, etc..
<jamespage> skrite, hmmm
<jamespage> which is always awkward to change....
<skrite> yeah, we have totally outgrown our earlier solution. The database is about 70GB and growing... whew !
<jamespage> 70G? well you are definately still in mysql territory then
<skrite> our major I/O is not the website, it used to be. but now its all the processing of data as it comes in fromt the machines
<jamespage> skrite, can you offload from the database in anyway?
<jamespage> if that is where your bottleneck is?
<skrite> jamespage: mmm. the database is part of the bottleneck, the biggest though is the disk i/o
<jamespage> skrite, in which case more memory and faster disks is probably the way to go...
<tarvid> https://bugs.launchpad.net/ubuntu/+source/logrotate/+bug/1026660
<jamespage> skrite, what type of storage are you using? do your servers have any type of RAID configuration?
<uvirtbot> Launchpad bug 1026660 in logrotate "after logrotate logs are empty" [Undecided,New]
<maplesoft> why not make a text file based web chat client with ajax rather than xmpp based web clients?
<skrite> jamespage: we do have RAID on our main server, with two PCI express RAM drives, Raid 5 Storage is MyISAM
<jamespage> skrite, hmm
<tarvid> I've reinstalled logrotate and rsyslog, I used to be able to restart rsyslogd and it would start logging again. Now I am without logs which is not good for an active server
<skrite> jamespage: we thought that if we could use two computers that we could write to both, have the RAID as a stripe for speed and make the computers redundant instead of the drives, that would more than double the drive throughput
<skrite> as i understand it.. little shakey..
<skrite> that's why i am here :)
<jamespage> skrite, one second
<uvirtbot> New bug: #1026655 in apache2 (main) "package apache2.2-bin 2.2.22-1ubuntu1 failed to install/upgrade: package apache2.2-bin is already installed and configured (dup-of: 1026656)" [Undecided,New] https://launchpad.net/bugs/1026655
<jamespage> utlemming, seed change pushed for walinuxagent
<skrite> jamespage: sure
<jamespage> skrite, not sure my brain is working that well today...
 * jamespage thinks again...
<jamespage> skrite, in your scenario are you writing the same data to both servers?
<utlemming> thank you mr. page
<skrite> jamespage: i would be, yes
<jamespage> so the only real benefit you are getting is the change in RAID type?
<skrite> each would be an exact copy of the other, i would like to write local to the drive, and have replication take care of the updates
<skrite> jamespage: well, i would gain a computer i could write to.
<jamespage> skrite, theoretically yes - but you are writing the same data to both so the only performance improvement is really the RAID change
<skrite> right now i have master/slave. and i am limited on the slave to do work because i have to write my scripts to read from the local database and write to the master (scripts on the slave anyway)
<skrite> jamespage: yes, but i thought that the data transfer between them is more effecient than my sql statements in programs
<skrite> jamespage: so my slave scripts have to be written differently than the scripts on my master, because of reading and writing to different computers.
<jamespage> skrite, so apparently you can do master-master replication
<skrite> yes, if i can do master-master replication
<jamespage> (not something I have ever done)
<skrite> me either, was just wondering a few things about the complexity of setup, dangers of writing to both at the same time....
<skrite> what kind of PITA it may be to fix if something goes wrong.
<jamespage> skrite, the challenge is with conflict resolution I guess
<skrite> jamespage: precicley what i am worried about
<jamespage> if you can write your application to effectively shard across the two servers with good partitioning it might work
<jamespage> but unless you have baked that in upfront it could be challenging
<skrite> we might could when we soon purchase a server. That is when we plan to change how we do things
<ogra_> arosales, geeez ! diggin out 4 year old bugs !
<jamespage> skrite, I'm not sure I would do it; I think that you are pushing the bounds of what mysql is good at doing TBH
<skrite> mmm
<skrite> you may be right. exactly what i am worried about, because if this goes bad, it goes real bad
<skrite> messing up our database or replication, on the good to bad scale is bad.
<jamespage> skrite, can you partition the data associated with your workloads? or does it all need to end up in the same place?
<jamespage> i.e. could you run two databases with different data sets on different servers.
<arosales> ogra_: ya that one come up on one of Ursinha reports and looks like low hanging fruit :-)
<ogra_> i *think* upstartification of dchp3-server  should have actually solved it ...
<ogra_> not sure though and i dont have any dhcp server running on a NM based system atm
<ogra_> stgraber, do you happen to have such a setup around atm ? NM and dchp3-server installed on the same machine
<ogra_> Bug 280123
<uvirtbot> Launchpad bug 280123 in dhcp3 "dhcp3-server needs if-up.d/if-down.d scripts for better network-manager compatibility" [Undecided,Confirmed] https://launchpad.net/bugs/280123
 * ogra_ bets that can just be closed
<skrite> jamespage: how do you mean partition the data?
<arosales> ogra_: no rush, the bug was happy with 2.6 years since the last update :-)
<ogra_> yeah, imho its a candidate for closing
<jamespage> skrite, write different sets of data to different servers
<ogra_> none of the releases discussed there are supported anymore
<arosales> ogra_: I agree, however I didn't want to take any action with out first checking with you and zul first
<ogra_> well, imho just close it with an EOL massage and a comment that epople still being bothered by it should re-open
<zul> i concur
<stgraber> ogra_: so, the bug should still be present with recent NM and isc-dhcp, though looking at the startup conditions, NM should start slightly before isc-dhcp, so you might get away with it most of the time
<stgraber> ogra_: though people should really just define that interface in /etc/network/interfaces... (as we do for LTSP)
<ogra_> stgraber, that was the case back then :)
<ogra_> /etc/network/interfaces had an entry but NM grabbed the device
<stgraber> ah, well, that part got fixed then :)
<ogra_> right
<arosales> ogra_: would you mind inserting a quick comment to confirm EOL, if that is the action yo want to take?
<ogra_> arosales, done
<arosales> ogra_: ah, thank you. :-)
<arosales> always nice to close bugs
<skrite> jamespage: very little could be done like that. unfortunatly
<jamespage> utlemming, this looks quite bad - https://jenkins.qa.ubuntu.com/view/ec2%20AMI%20Testing/view/Overview/job/oneiric-server-ec2-daily/
<jamespage> i386 is broken across the board....
 * utlemming looks
<utlemming> jamespage: is there a way to get failures like this emailed to me? IIRC, there is jenkins plugin for sending hate mail on failures.
<jamespage> utlemming, ubuntu-testing-notifications ML on lists.ubuntu.com
<utlemming> :)
 * utlemming subscribes himself
<jamespage> utlemming, looks like a kernel panic on boot
<jamespage> utlemming, warning - its quite noisy
<utlemming> I'll procmailer filter it I think
<utlemming> jamespage: this could be really bad...I'm testing but it looks like if someone upgrades their kernel their instance is horked
<arosales> utlemming: specific to oneiric?
<utlemming> arosales: yes, this is a looks like a kernel regression
<arosales> utlemming: ok
<skrite> jamespage: do you have any experience with mysql-cluster?
<uvirtbot> New bug: #1026680 in bacula (main) "bacula director crashing whole system" [Undecided,New] https://launchpad.net/bugs/1026680
<SpamapS> jamespage: the SRU team's process will remove the tag when the package is accepted
<Daviey> jamespage: hey!  seed change?
<utlemming> https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1026690
<uvirtbot> Launchpad bug 1026690 in linux-meta "3.0.0.-23.38-virtual kernel regression kills EC2 instances" [Critical,Confirmed]
<utlemming> jamespage: its the kernel...I've confirmed that installing all updates but the 32-bit kernel kills the instances
<utlemming> jamespage: can we add a new test to the daily test -- enable proposed and update everything? Or add a new job that does this?
<zul> hallyn: i have a couple of libvirt patches coming down the pipe as well
<hallyn> zul: for q?
<hallyn> i've already pushed mine i'm afraid
<hallyn> i do need to SRU the one for p
<zul> hallyn: yeah for q its arm specific
<jamespage> smoser, I don't support cloud-init has an 'enabled proposed' feature does it?
<smoser> no. there is not easy way to add proposed
<smoser> (but htere is a bug that handled that for quantal)
<smoser> but i dont knwo what it was and cant find it
<smoser> ah.
<smoser> no i was wrong
<smoser> https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/997371
<uvirtbot> Launchpad bug 997371 in software-properties "Create command to add "multiverse" and "-backports" to apt sources" [Wishlist,In progress]
<smoser> is what i was thinking of
<smoser> but i could/should be extended to add proposed
<jamespage> smoser, I think I have a way.
<smoser> you're just going to have to add to /etc/apt/atp.conf.d
<jamespage> smoser, do apt_sources get added prior to updating/upgrading?
<smoser> of course.
<smoser> hm..
<smoser> i was going to suggest htat you acutallyneeded to test 'dist-upgrade'
<smoser> before adding proposed
<smoser> but for daily images tested within hours, maybe that isn't that  big of a deal
<jamespage> smoser, I tend to agree - they should be up-to-date - esp for releases where proposed is in active use.
<jamespage> anyway - I'll do this later
<smoser> well, they're guaranteed to be a couple hours old at newest.
<reisi> can anyone explain what does this rsyslogd rule do (part of defaults): *.*;auth,authpriv.none <-- doesn't *.* already contain both auth and authpriv.none?
<reisi> do/does
<jtran> anyone know how i can turn on iptables accounting in Ubuntu precise 12.04?   I don't have /proc/net/ip_acct
<jtran> i think it is in the 'ipfwadm' pkg but aptitude search doesn't see it
<skrite> jamespage: hey, thanks for all your help earlier.
<malak> hello
<malak> any body there
<RoyK>  
<LordOfTime> SpamapS: around?
<hallyn> stgraber: all right, getkeys is pushed, and set_config_item(lxc.network.0.ipv4) should work
<stgraber> yay! thanks
<hallyn> stgraber: i'm sure you'll want some changes to that, but other than those, i think we need to consider getting this usptream before adding too much more
<hallyn> it's goin to get too unwieldy for anyone to review
<hallyn> maybe i'll look at the state of seccomp next
<hallyn> kees: d'oh, libseccomp-dev doesn't ship manpages?
<SpamapS> man pages, tests, who needs 'em. we've got the internets
<hallyn> and kittenz
<hallyn> i don't get *why* the manpages aren't there though.  they should be...
<hallyn> oh i see
 * patdk-wk was hungry
 * RoyK has put on new tyres on his bike and has to go to bed early to wake up and take a wee 50km trip tomorrow
<hallyn> kees: (bug filed against debian)
<bears> Hey everyone, I'm trying to set up a postfix server on ubuntu 10.04 and am having problems. I followed the guide at https://help.ubuntu.com/10.04/serverguide/postfix.html yet cant get it to work... What I can do: telnet localhost 25 and then send mail to myself or external emails via the telnet interface. What I cant do: telnet to the system from other systems (though i can ssh), send/recieve from mail clients (thunderbird)
<bears> my only clue right now is when I "telnet localhost smtp" and then "ehlo localhost" i dont see the 250-auth lines, which I've tried to troubleshoot but to no avail
<lamont> lsof -ni :25 | grep LISTEN <-- bears: when you run that as root, what does it say?
<bears> master  10126 root   12u  IPv4 29521343      0t0  TCP *:smtp (LISTEN)
<bears> master  10126 root   13u  IPv6 29521345      0t0  TCP *:smtp (LISTEN)
 * hallyn becomes worried about the implications of seccomp_syscall_priority
<bears> lamont: sorry i lost connection, any further ideas about my postfix server?
<lamont> bears: help me better understand "other systems" - are they on the same LAN?
<bears> no, not on the same network
<bears> the server im trying to set this up on is one in a rack i rent in another city
<lamont> my first suspicion then is that the nice ISP or someone is being friendly and blocking TCP/25
<lamont> because if you can talk to port 22 and you are listening on *:smtp, well, it's a network issue, not a postfix issue
<bears> i can netcat 25 and it says its open
<bears> hmm
<lamont> bears: does tcpdump on your postfix host show the connection happening?
 * lamont must run
<Rallias> I have a question about LXC in 12.04. Is there any known method to escaping the container using its technology?
<bears> lamont: yes, when i try to get mail with thunderbird from that email address, i get Jul 19 16:31:47 M01 dovecot: imap-login: Login: user=<mike>, method=PLAIN, rip=24.176.25.111, lip=199.16.189.227, TLS
<lamont> ah.  so it's not that you cannot talk to postfix, it's that, having talked to postfix, it's not accepting email?
<lamont> and for that, I'm going to refer you to the other postfixish people in the channel.  not just because I have to run.
<freakynl>  it
<freakynl> anyone have any solutions for this: http://comments.gmane.org/gmane.linux.raid/38213 ? raid (md) performance is seriously hindered by it
<roaksoax> SpamapS: howdy!! could you please take care of maas-enlist, as I believe it would be very necessary to have it in the archives asap
<SpamapS> roaksoax: what more can I do? Its been in proposed for 2 days
<roaksoax> SpamapS: the verification is done :)
<roaksoax> or is there a time requirement?
<SpamapS> roaksoax: 7 day waiting period
<SpamapS> unless its *totally* broken without the update?
 * SpamapS reads the bug
<roaksoax> SpamapS: ah! didn't know that. Sorry for boethering you then :)
 * SpamapS actually waits for launchpad, THEN will read the bug
<roaksoax> SpamapS: it is almost totally broken. Basically, precise machines can't enlist on MAAS running in quantal
<SpamapS> roaksoax: what about a maas running on precise?
<roaksoax> SpamapS: it is no effect really, but does break testing of the maas targetted for 12.04.1
<SpamapS> roaksoax: also, when you self-verify it, that poses a higher regression risk
<roaksoax> SpamapS: it is a very minimal change
<SpamapS> yeah
<SpamapS> I see that its tiny
<roaksoax> yeah
<SpamapS> Since its already in proposed, can you at least point testing efforts at machines w/ proposed enabled?
<SpamapS> That would be ideal, as it would help shake out any unintended consequences.
<roaksoax> SpamapS: will do, thanks!
<uvirtbot> New bug: #1020278 in raphael (universe) "[MIR] raphael" [High,Fix committed] https://launchpad.net/bugs/1020278
<uvirtbot> New bug: #1020273 in yui3 (universe) "[MIR] yui3" [High,Incomplete] https://launchpad.net/bugs/1020273
<uvirtbot> New bug: #1026842 in puppet (main) "too silent puppet agent pluginsync failure if CRL is missing from node" [Undecided,New] https://launchpad.net/bugs/1026842
<uvirtbot> New bug: #1014732 in mysql-5.5 (main) "log_error not set in my.cnf, errors not written anywhere" [High,Fix released] https://launchpad.net/bugs/1014732
<axisys> how do I find all the security updates waiting without running apt-get upgrade ?
#ubuntu-server 2012-07-20
<zul> axisys: http://www.ubuntu.com/usn
<axisys> zul: cool! thanks a lot
<axisys> zul: wait! i was looking for a command to see if there is any security patch available
<axisys> running locally
<hallyn> kees: is there a libseccomp function for loading the output of seccomp_export_bpf(fd)?
<stgraber> hallyn: clear_config_item seems to fail on lxc.cgroup.devices.allow here
<stgraber> hallyn: and get_config_item is return lxc.network.0.ipv4 sorted somehow, so my tests fail as clearing + setting two of them + getting and comparing give them back in the reverse order :)
<stgraber> (I worked around that one by having the python code consider them "sets", so by definition unsorted, fixing the comparisons)
<stgraber> hallyn: pushed the python changes, will push a batch of PPA builds now and implement the network stuff in python tomorrow (easy handling of interfaces)
<hallyn> stgraber: yes, you can only clear_config_item(lxc.cgroup).
<hallyn> stgraber: as for ipv4 sorting, i can't imagine what would cause that!
<hallyn> good night
<redactd> hi, is there a way to set postfix so that server to server comms has optional or no tls but client to server enforces tls? my main.cf appears to only allow it to be on or off globally
<jamespage> SpamapS, fastcgi upstream located - mailing list now active again....
<wizonesolutions> If I'm setting up virtualization (libvirt + KVM) on a 12.04 Server install, and I'm using it to run a couple large VMs and basically split the box in two, is virt-install alone appropriate or should I try vmbuilder?
<wizonesolutions> not sure if vmbuilder is aimed at people who are going to package up the VMs or what
<wizonesolutions> there seem to be a few options for creating VMs
<Degot> Hi. In FreeBSD I'm using unionfs to mount shared folder (/data/software/) into user's home folder (/home/user/software/). users are jailed in their homes via ftp.  How to do the same in ubuntu server 12.04  ?
<demonspork> Degot: I don't know a ton about it, but I have encountered ftpd that can do the home directory jail in their settings
<demonspork> Degot: but it has been a few years since I was digging deeply into setting up FTP stuff
<Degot> demonspork, I can jail. It's not a problem. The problem is how to mount folder into the jail from the outside
<Degot> demonspork, FYI - mount --bind /home/user/software  /data/software
<mardraum> wizonesolutions: virt-install gives you everything you need
<RoyK> iirc someone in here was talking about zfs outside of Oracle's control was outdated etc etc - http://blog.vx.sk/archives/35-Novinky-v-open-source-ZFS.html ;)
<reisi> does sudo -u logcheck logcheck -to (test, output to stdout) work for anyone in ubuntu server 12.04 LTS?
<Exopaladin> So glad they re-introduced aclmode
<RoyK> Exopaladin: what's that?
<Exopaladin> It basically enforces ACLs and stops dumb apps like rsync blowing away your ACLs
<RoyK> heh
<Degot> Hi, again.  I have the Vbox VM with VRDE enabled. Need to  stream video of the vm's desktop. Idea is : vm-rde -> rdp client -> x264 (zero-latency) -> stream server (ffmpeg?). Any ideas hot to implement this ?
<jamespage> wizonesolutions, just use virt-install
<jamespage> vmbuilder does not get much maintenance love these days...
<RoyK> wizonesolutions: I use virt-manager - nice little gui
<uvirtbot> New bug: #1026857 in bind9 "Installing bind9 as per HACKING.txt leaves a running bind daemon on developer's machines" [Undecided,New] https://launchpad.net/bugs/1026857
<zul> good morning
<jamespage> morning zul
<zul> hey jamespage
<jamespage> zul: its Friday!
<zul> jamespage:  yeah i have a wicked headache going on right now :(
 * jamespage stops shouting
<stgraber> hallyn: oh much trouble would it be for you to allow clearing these lxc.cgroup keys allowing multiple values? (cgroup.devices.allow/cgroup.devices.deny are the two that I know but there may be more)
<stgraber> hallyn: having to clear the whole lxc.cgroup tree and re-adding everything would require quite a bit hack on the python side (querying all the keys, all the values, storing them, clearing, then setting them all back again)
<hallyn> stgraber: the thing about devices.allow is that even set_item and get_item won't be the same
<stgraber> how so?
<hallyn> stgraber: i can add some special cases without too much trouble, but want to make sur eit sconsistent
<hallyn> because you can't get_item(cgroup.devices.allow).  try 'cat /sys/fs/cgroup/devices/devices.allow'  :)
<stgraber> well, get_config_item(cgroup.devices.allow works here ;)
<hallyn> uh.  oh.  yeah i'm confusing it with the real cgroup
<stgraber> >>> test.get_config_item("lxc.cgroup.devices.allow")
<stgraber> ['c *:* m', 'b *:* m', 'c 1:3 rwm', 'c 1:5 rwm', 'c 5:1 rwm', 'c 5:0 rwm', 'c 1:9 rwm', 'c 1:8 rwm', 'c 136:* rwm', 'c 5:2 rwm', 'c 254:0 rwm', 'c 10:229 rwm', 'c 10:200 rwm', 'c 1:7 rwm', 'c 10:228 rwm', 'c 10:232 rwm']
<stgraber> I'm trying to make it so that test.set_config_item(key, test.get_config_item(key)) usually works
<stgraber> (as that's what I think people will expect)
<hallyn> hm is that how i did that
<hallyn> all right yeah i can do that for cgroup
<hallyn> hm, i hope my 'bzr pull' did the right thing
<hallyn> no it unapplied all patches
<hallyn> whatever  (rm -rf and re-fetch worked.  bzr trying to mess with us)
<hallyn> stgraber: please try that (just pushed).
<hallyn> zul: ok, regarding tftpd-hpa.  It doesn't start when my laptop starts up, because my wireless isn't up yet at runlevel 2.
<hallyn> zul: I can trivially reproduce with a container with empty network namespace
<hallyn> zul: is this a bug, or expected behavior?
<hallyn> i'd say it's a bug...
<hallyn> will file it, just wanna make sure i won't get yelled at :)
<zul> id say its a bug, but you can modify the upstart script to start on the wireless cant you?
<zul> hallyn: you are going to get yelled at anyways :)
<stgraber> hallyn: testing
<hallyn> zul: s'ok, i might be going deaf, yell away :)
<hallyn> ok will file
<hallyn> zul: well not jsut wireless.  but i'm sure there's a way to say 'wait until a nic is up'.  I just forget what it is
<hallyn> SpamapS would remember of course
<zul> hallyn: and i might be giong blind :)
<hallyn> zul: bug 1027081
<uvirtbot> Launchpad bug 1027081 in tftp-hpa "fails if network is not yet configured at runlevel 2" [Medium,New] https://launchpad.net/bugs/1027081
<hallyn> biab
<stgraber> hallyn: can you think of any reason why bind-mounting a tmpfs would create a separate tmpfs instance (empty)?
<stgraber> hallyn: that's affecting pstolowski. He has /tmp as a tmpfs, sets up lxc to bind mount /tmp/.X11-unix, the bind-mount shows up in /proc/mounts in the container but the dir is empty
<uvirtbot> New bug: #1027081 in tftp-hpa (main) "fails if network is not yet configured at runlevel 2" [Medium,New] https://launchpad.net/bugs/1027081
<stgraber> hallyn: hmm, at least part of the problem is that something in the boot sequence wipes /tmp
<stgraber> hallyn: another problem I noticed here is that lxc-clone doesn't change the path to the fstab
<jhobbs> a/wg 9
<stgraber> hallyn: so even though I had a proper fstab, the mount still wouldn't happen as it was looking at the source container's fstab...
<SpamapS> zul: the way to say "wait until a nic is up" is "runlevel [2345]"
<SpamapS> hallyn: ^^
<zul> SpamapS: ah ok
<SpamapS> because its not "a nic" you want
<SpamapS> its "all nics"
<SpamapS> if you want a specific interface.. you want network-interface-up IFACE=xxx
<SpamapS> hallyn: sorry reading the backscroll now...
<SpamapS> hallyn: so it fails if its brought up w/o any interfaces?
<hallyn> SpamapS: yes
<hallyn> SpamapS: and i'm not sure what the state of my laptop is when it starts.  it boots in about 8 seconds so it's certainly nto waiting for failsafe
<hallyn> but since it's serving my other laptop i'm not going to reboot to test right now
<hallyn> stgraber: eh what?  lxc-clone doesn't change the path to /var/lib/lxc/<newcontainer>/fstab in the config??
<hallyn> i'm convinced it used to
<hallyn> yeah still does, at least in precise
<hallyn> GAH
<hallyn> that guy who made conflicting changes upstream, didn't keep that
<SpamapS> hallyn: yeah, transient interfaces like wifi are a problem for server stuff in general. :p
<hallyn> stgraber: rhanna whoever that is
<hallyn> SpamapS: yes, i recall it coming up for somethign else.  don't remember what though
<uvirtbot> New bug: #1017972 in libunwind (universe) "[MIR] google-perftools, libunwind" [Medium,Incomplete] https://launchpad.net/bugs/1017972
<hallyn> SpamapS: any guidance ?  or is it complicated enough to discuss at next uds?
<hallyn> stgraber: do you have other changes queued for quantal?
<stgraber> hallyn: I might have an apparmor change, hold on a sec, checking
<SpamapS> hallyn: its a bit of a corner case.. but its basically the reason there's a need for a way to define states that you want for your job, rather than events
<hallyn> SpamapS: HUSH!
<hallyn> :)
<hallyn> SpamapS: maybe since in.tftpd binds to 0.0.0.0 it really wants to restart any time a new nic comes up
<SpamapS> hallyn: if it binds to 0.0.0.0 it should never need to be restarted
<hallyn> stgraber: lemme first send the fix upstream.  GRRR.
<SpamapS> hallyn: its only stuff that wants to bind to specific IPs that are problematic
<stgraber> hallyn: http://paste.ubuntu.com/1101870/ is the change I have here (not commited or anything), would be good if you could include it
<stgraber> hallyn: basically my nesting apparmor profile was working great to run containers, not so much for creating them ;)
<hallyn> stgraber: boy that tosses security right out the window
<stgraber> hallyn: sure but that's kind of the point of the lxc-default-with-nesting profile isn't it? :)
<hallyn> i guess we really need jjohansen's upcoming 'deny @{PROC} /sysrq-trigger w'
<hallyn> yeah
<hallyn> stgraber: ok, will include that, thanks
<hallyn> btw, dlezcano has pulled my github tree, but is still testing the results (or something)
<hallyn> so we may just get a release soon
<hallyn> SpamapS: well i woul dhave thought that bind(0.0.0.0) would just bind to lo, then pick up eth0 automatically.  but it doesn't.  so i toss my assumptions aside
<stgraber> hallyn: cool, that should reduce the number of patches by 50 or so ;)
<SpamapS> hallyn: perhaps it does more than bind to 0.0.0.0
<hallyn> SpamapS: yeah, i guess, makes sense
<hallyn> SpamapS: like phone home!  :)
<SpamapS> hallyn: for instance, named sometimes takes 0.0.0.0 to mean "bind to all the addresses" not "bind to 0.0.0.0"
<hallyn> stgraber: wait, i just found the line that is supposed to change the fstab location.  are you sure it's not working?
<stgraber> hallyn: http://paste.ubuntu.com/1101882/
<stgraber> hallyn: that's when running my PPA packages (lxc-api-and-python branch), but I don't think lxc-clone is different from that in quantal (shouldn't be at least)
<hallyn> stgraber: no it isn't, i see it here.  i'll figure out why...
<hallyn> stgraber: found it.  our template inserts 'lxc.mount  =' (two spaces before the =), and rhanna's changes to lxc-clone hardcoded a check with one space
<hallyn> stgraber: testing http://people.canonical.com/~serge/lxc-clone.debdiff
<hallyn> stgraber: ok, pushed.
<glosoli> Does all Ubuntu 12.04 has outdated kernel 2,x ?
<patdk-wk> heh?
<patdk-wk> they all come with 3.2
<glosoli> hmmm
<glosoli> what the heck..
<glosoli> I bought a server, and now for curiosity typed uname -a and .....
<glosoli> Linux 273170 2.6.32-308.el5.028stab099.3 #1 SMP Wed Mar 7 15:56:00 MSK 2012 x86_64 x86_64 x86_64 GNU/Linux
<stgraber> is that a physical server or a container?
<glosoli> probably container
<mardraum> looks like it
<stgraber> then that makes sense
<hallyn> intersting
<stgraber> 12.04 running on a RHEL6 kernel would give you that output
<glosoli> stgraber: aaa
<glosoli> thanks
<mardraum> "el5"
<stgraber> or RHEL5 indeed :)
<stgraber> hmm, 2.6.32 RHEL5 that seems odd, I thought they had a 2.6.18 in that one? (but I don't pretend to know what the RH guys are doing)
<mardraum> yeah I think you are right
<mardraum> it's something nasty regardless :p
<stgraber> sounds like it's: http://wiki.openvz.org/Download/kernel/rhel5/028stab099.3
<glosoli> Interesting
<stgraber> hallyn: http://paste.ubuntu.com/1101935/ apparently clear stopped returning False, but that's about all it did ;)
<hallyn> stgraber: sigh
<hallyn> stgraber: ok, i see.  a few mins to push.
<jamespage> zul, where would you like me to put the openvswitch1.6.1 packages? I've tested them locally and they look OK?
<zul> do you want me to review them or?
<obelus> Hey - I'm going to be migrating my Ubuntu server from a VM to a physical box, and I'm looking for a way to get a list of all my manually installed packages. I've searched for a solution, but none of them seem to work, and the list of default packages provided for the desktop version in the .manifest file doesn't seem to exist for the server version of Ubuntu
<obelus> Any pointers?
<hallyn> stgraber: pushed, works for me under python
<stgraber> yay
<hallyn> stgraber: (i was thrown by my own adding 'lxc.cgroup' to the get_item(lxc.cgroup) results :)
<uvirtbot> New bug: #1027130 in clamav (main) "package clamav-base (not installed) failed to install/upgrade: el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/1027130
<uvirtbot> New bug: #1024086 in python-tx-tftp (universe) "[MIR] python-tx-tftp" [High,New] https://launchpad.net/bugs/1024086
<hallyn> hm, usb-creator-gtk under fvwm (in vncserver) is complaining about not talking to udisk
<stgraber> hallyn: confirmed "test.set_config_item("lxc.cgroup.devices.allow", test.get_config_item("lxc.cgroup.devices.allow"))" works fine now!
<hallyn> stgraber: \o/
<stgraber> hallyn: btw, get_config_item in python is full of magic to try and figure out whether lists should be accepted or not and checking that the value is set properly and reverts to the old value if something goes wrong. Seems to be working well in my tests so far ;)
<hallyn> stgraber: is the magic a workaround for soething lacking in the c lib?  (i may have to take a look)
<stgraber> hallyn: not really, there isn't much the C library could do to make it work better. The only way to know if a key contains a list is to check its value, which doesn't work when its unset (obviously). So set_config_item in python will always save the current value, clear the key (in case it's a list), set the new value(s), then check that the new value matches the input, if it doesn't, it reverts the value and returns False
<hallyn> ok
<obelus> I guess if I don't find a solution I can just install a base copy of the server and compare a package list from that. Probably faster than trying to find a way to do it in my current install, though I would rather a more 'proper' solution
<uvirtbot> New bug: #1027154 in maas "need way to get system based on mac address" [Undecided,New] https://launchpad.net/bugs/1027154
<kyle__> xpost from ubuntu, but hey.  For those running labs of ubuntu boxes, with 12.04 is it more streightforward to authenticate off of LDAP or a samba PDC?  In my case all user-files are shared via samba, for various reasons.  I have no physical windows boxes (nor do I intend to)
<jtran> anyone know much about xtables-addons?  i'm trying to get ip accounting working
<jtran> get_handle_usage failed: Can't get handle usage information from kernel
<RNAndyB> I recently set up an ubuntu server with a 1TB disk. I have /home mounted on a partition of 898Gb. DF is showing 6.9G of usage but there are only a handful of small files in my home directory that du totals to about 500k. Also LSOF doesnt show any large files being open under /home. Could anyone point me in the direction of discovering what the 6.9G is being used for?
<hallyn> SpamapS: lp:~serge-hallyn/ubuntu/quantal/pulseaudio/pa-upstart updated, seems to test ok
 * hallyn lunch
<SpamapS> hallyn: last niggle. You do not need the script/end script on the exec line
<SpamapS> hallyn: be careful though, that may mean you can drop from 'expect daemon' to 'expect fork'
<Phibs> I'm trying to cobbler/orchestra 12.04 server ISO, it finds my preseed file but each time it asks me for a cdrom, any help would be greatly appreciated.
<Phibs> anyone?
<IdleOne> patience is requires
<IdleOne> required also
<Phibs> indeed :)
<IdleOne> Phibs: you might try asking on askubuntu.com or the forums
<IdleOne> both great support resources
<Phibs> okie
<Phibs> thanks
<stgraber> hallyn: "apt-get install --reinstall initscripts" <- is that good enough a testcase for the initscripts bug?
<Phibs> Every time it boots it doesn't try the network (but it does DL the preseed file), it tries the cdrom and fails
<hallyn> stgraber: i don't think so, i think you also need to debootstrap --dsecondstage with the new deb, as that has a different /dev contents
<hallyn> SpamapS: will just killing the pulseaudio daemon and watching it start back up be enough confirmation that 'expect daemon' is fine?
<stgraber> hallyn: well, that's going to be difficult to do outside of quantal... the --reinstall definitely triggers the bug here (and explains why some people keep reporting it on precise)
<hallyn> stgraber: https://wiki.ubuntu.com/SergeHallyn_debootstrap    ...  i show I originally was reproducing it
<Phibs> looks like it's not detecting the network drivers
<hallyn> I'm probably being dense, but don't grok why that'll be hard to do outside of quantal
<hallyn> because of -updates?
<wizonesolutions> mardraum: jamespage: Thanks, I will go with virt-install. RoyK: Is it a text-based GUI? I'm not putting X on this box..
<stgraber> hallyn: don't you need them to match the version number of these in precise for that trick to work?
<stgraber> hallyn: testing with quantal is easy as debootstrap will use the release pocket and just work. For -proposed, you'd need to have debootstrap grab from release + updates + proposed pocket to test
<stgraber> anyway, the fix doesn't work, so I need to dig more
<stgraber> might be that the fix works for a clean debootstrap, but it's going to break any existing container on upgrade
<hallyn> stgraber: yeah i guess i hand-built a version with the same package version
<hallyn> that's no good :)
<stgraber> for me the debootstrap issue isn't the worst really, that one we workaround already :) the problem is that currently any update of initscripts in a container will fail, so the first initscripts SRU needs to fix that before we can upgrade to quantal or even push another initscripts SRU
<hallyn> SpamapS: bzr+ssh://bazaar.launchpad.net/~serge-hallyn/ubuntu/quantal/pulseaudio/pa-upstart/ seems to still work (killing pulseaudio, it gets restarted)
<hallyn> stgraber: i thought we only worked around it in precise, not quantal
<hallyn> maybe you changed that :)
<hallyn> hm, yeah, i guess it's handled for all cases.
<SpamapS> hallyn: stop/start, not kill
<SpamapS> hallyn: killing the daemon will not reload the job config
<SpamapS> hallyn: and be careful
<SpamapS> hallyn: if its wrong, upstart will have a phantom entry for the pid that has already died
<hallyn> SpamapS: stop/start worked too 9as did restart)
<stgraber> hallyn: hmm, actually, what was the workaround in lxc again? I'm wondering if we didn't indeed regress in quantal which would explain why the fix doesn't quite work here.
<hallyn> stgraber: /usr/lib/lxc/templates/lxc-ubuntu, check for /dev/shm
<stgraber> hallyn: I'd expect the new .postinst to work fine when /dev/shm is a symlink to /run/shm and I thought that's what we did in lxc, but checking my templates, /dev/shm is a directory...
<hallyn> stgraber: on precise, we're doing http://paste.ubuntu.com/1102286/
<hallyn> now my q containers on p actually don't have /dev/shm at all
<SpamapS> hallyn: alright sweet, I'm about to head to lunch, but I'll most likely upload it after lunch
<hallyn> SpamapS: thx
<stgraber> hallyn: yeah, but that code depends on /run/shm existing, which isn't the case in the templates here (as /run/shm is created at boot time)
<stgraber> hallyn: confirmed that all my machines with a clean precise lxc + recent precise cache don't have /run/shm in the cache and so /dev/shm is a directory instead of a symlink
<stgraber> so the workaround doesn't actually work
<hallyn> it definately used to
<stgraber> maybe something was nice enough to mkdir -p /run/shm at some point and that disappeared at some point before release
<hallyn> yeah...
<stgraber> hallyn: so sounds like the SRU might be correct to fix the debootstrap/chroot case but we need some more code to fix the containers before hitting that part of the code, otherwise it's hitting the bind_mount code which gets rejected by apparmor
<RoyK> wizonesolutions: it's X-based, but you don't need to start X on the server to make X work over ssh
<uvirtbot> New bug: #1027219 in cobbler (universe) "[Precise] Default install assumes MaaS" [Undecided,New] https://launchpad.net/bugs/1027219
<hallyn> stgraber: hrmph.  we should probably allow bind mounts
<hallyn> bind mounting /proc to /fakerproc won't bypass the /proc/sysrq-trigger checks
<stgraber> hallyn: you sure? I'm pretty sure it'll bypass the check
 * stgraber tests
<stgraber> root@python-lxc:~/python-lxc/mapping# echo h > /proc/sysrq-trigger
<stgraber> -bash: /proc/sysrq-trigger: Permission denied
<stgraber> root@python-lxc:~/python-lxc/mapping# mount --bind /proc/ /mnt
<stgraber> root@python-lxc:~/python-lxc/mapping# echo h > /mntsysrq-trigger
<stgraber> hallyn: so nope, we can't allow them :)
<hallyn> stgraber: /mntsysrq-trigger or /mnt/sysrq-trigger?
<hallyn> (just making sure)
<stgraber> oh, typo, though the result is the same
<stgraber> root@python-lxc:~/python-lxc/mapping# echo h > /proc/sysrq-trigger
<stgraber> -bash: /proc/sysrq-trigger: Permission denied
<stgraber> root@python-lxc:~/python-lxc/mapping# echo h > /mnt/sysrq-trigger
<stgraber> root@python-lxc:~/python-lxc/mapping#
<hallyn> stgraber: (i don't have a nested profile handy so couldn't easily check :)
<hallyn> stgraber: drat.  i must mis-recall what jjohansen said
<stgraber> me neither, I just added a "mount," line to my default profile
<Phibs> got it to install, now only issue is its not setting the network config after using dhcp to install
<stgraber> well, that container had the nested profile, but I couldn't remember exactly where it was allowed to bind mount, so I just allowed all mounts for the test ;)
<hallyn> stgraber: yeah, confirmed...  (just *had* to check myself, bc i really was hoping)
<hallyn> stgraber: I bet this is a result of attach_disconnected, actually
<Phibs> anyone know how to make the installer wipe out existing partitions in preseed ?
<guntbert> Phibs: I let it create the complete partitions afresh
<Phibs> guntbert: how do I clear
<guntbert> Phibs: please see https://help.ubuntu.com/12.04/installation-guide/i386/preseed-contents.html#preseed-partman
<Phibs> thanks
<guntbert> Phibs: no problem, there are several example preseed files to be found, if you want you can look at what I have found: http://delicious.com/guntbert/preseed
<Phibs> yeah still having broken probs :(
<Phibs> and i'm using cobbler / orch so might be diff
<Phibs> getting this msg
<Phibs> http://screencast.com/t/8ywVouva0z
<Phibs> anyone know how to get cobbler/orchestra to set the static IP as configured for the system, and to have it check in with cobbler/orch when done?
<guntbert> Phibs: d-i partman-lvm/confirm boolean true  *should* help (they say on the above mentioned page)
<Phibs> guntbert: yeah that ws the issue
<Phibs> thanks for that ref
<Phibs> just a few more hoops and i'll be much happier ;0
<guntbert> Phibs: I'm in the middle of a similar project: configure ~20 lab pc for running as VM hosts, I don't intend to use orchestra, cobbler is enough for me, but apt-cacher turns out to be very useful (I can leave the software-sources unchanged)
<Phibs> guntbert: orchestra is cobbler ;0
<Phibs> with a .css file ;0
<guntbert> Phibs: if I read correctly cobbler is part of orchestra
<Phibs> could be more than just cobbler
<Phibs> the screenshot is exactly the same ;0
<Phibs> http://3.bp.blogspot.com/-j8Fs7iROCMo/Tqm4PW-_9ZI/AAAAAAAAEfE/Gf3AvSu5gc4/s1600/cobbler-add.png
<guntbert> Phibs: as I am about to go on vacation I will delay those things for a few days :)
<Phibs> ;0
<hallyn> ahs3: yay, netcf 2.0 was just released
<hallyn> i'll work on the debian package monday
<Phibs> ah ok, the cobbler part of orchestra is the provis server, it has 3 other parts
<ahs3> hallyn: ah, cool. holler when ready
<hallyn> ahs3: will do
<uvirtbot> New bug: #1027259 in samba (main) "postgresql-common E: Sub-process /usr/bin/dpkg returned an error code (1)" [Undecided,New] https://launchpad.net/bugs/1027259
<halvors> I want to setup a wifi accesspoint on my server, but i can't get it working using the "interfaces" file in "/etc/network". Here is what i got for now: http://pastebin.com/hWz3bDhd
<stgraber> hallyn: rebasing the branch on ubuntu:lxc, please don't commit to it in the next 30min or so (time required for bzr to rebase with all the quilt stuff ;))
<halvors> What happend to the opendchub package?
<hallyn> stgraber: ok
<hggdh> zul: Tan wants a response from you :-)
<Phibs> anyone know how to get the static ip info from cobbler into /etc/network/interfaces post install?
<stgraber> hallyn: rebased btw (had some problems that I had to fix with an extra commit ...). You'll need to pull with --overwrite next time.
<hallyn> stgraber: I rm -rf and re-branch every time :)
<hallyn> s'ok, I did 'bzr init-repo lxc', and do it inside lxc/, so it's all cached locally
<stgraber> :)
<hallyn> man, i'd log off if only this one build test would FINISH
<stgraber> I should probably spend some time fixing bzr-builddeb to stop being annoying instead of working around it :)
<hallyn> hm, i forget why i don't do bzr bd
<hallyn> but i don't.  i always debian/rules build && fakeroot debian/rules binary
<hallyn> oh.  i guess it's bc most times i ahve syntax errors and i want to see them, fix them and type 'make'
<hallyn> iow, cause i suck
<stgraber> I'm using it to build my packages, works fine, the problem is really when merging/pulling/rebasing that it's trying to be clever with quilt and failing really badly
<hallyn> oh, yes, like i said, when i pulled your tree this morning (into my tree from yesterday, just 'bzr pull'), it left me with all quilt patches unapplied
<hallyn> even though it wasn't like that in yoru tree - when i did rm -rf and re-branch, it was fine
<hallyn> all right i'm off \o
<Neal_> How can I make a user have access to file owned by another user?
<Neal_> Like file f is owned by asdf:asdf but I want user neal to have access to it
<jtran> anyone know anythng about xtables and IPACCOUNT?
<MoleMan> Neal_: either allow all users access, or create a group to add the user to, and chgroup <groupname> the file
<wizonesolutions> RoyK: Hmm, if I have a hard time with the command line I might give that a try. I've never used X over SSH before, though I've heard/read about it being possible.
#ubuntu-server 2012-07-21
<halvors> Hi! I want to setup NAT with iptables.
<halvors> Any ideas how to do it?
<halvors> I will simply nat from inside interface to outside interface and allow anybody from the inside.
#ubuntu-server 2013-07-15
<zzak> my issue was resolved on #postfix, thank you
<allaire> Hi, anybody has some monit experience?
<gld1982ltd> hi all. i need help getting sshfs working on boot. fstab entries are not working.
<atpa8a> hello
<atpa8a> trying to figure out the cloud thingie :P any help here?
<atpa8a> right now i'm running a kvm on one server and a few virtual machines
<atpa8a> can i use MAAS to do the same?
<atpa8a> on one server that is
<atpa8a> or is that an overkill?
<ketan985> Hello Friends, I want to control server in such way that it kill process when it consumes more memory
<rbasak> ketan985: try looking into "ulimit" and "oom killer".
<ztuiop> hello there
<ztuiop> hello anyone there ?
<ztuiop>  /join ubuntu-gb
<zertyui> hi
<zertyui> anyone there ?
<zertyui> is it pÃ´ssible to create a root user with temporary access ?
<melmoth> zertyui, you can add any user on the sudo list temporary.
<melmoth> but .... how can you be sure this user will not change things while he is root so he can be root again later on ?
<zertyui> yes if he would liek
<zertyui> but i m looking for a command creating users with timestamp access
<zertyui> so impossible ?
<maxb> root, by definition, can do anything. Including adding backdoors to regain root later
<zertyui> yes of course i m an idiot do not understand that
<zertyui> my question was how to actroy root access to a user with timestamp access ?
<zertyui> you are logged in root on a system  i would like to a create a user
<zertyui> and give him a root
<zertyui> just for example for 2 days
<melmoth> add him in the sudeor file, and remove him after 2 days.
<melmoth> if you wanna have this automatically done, write a script that does it for you. and use cron to launch it
<zertyui> then the user autamatically back to an normal user i would do that automatically
<zertyui> without doing it manually
<ttx> Daviey: "agile granite foundations", wow :)
<rbasak> You can set user accounts to expire. See usermod(8).
<rbasak> sudoers(5) expiry doesn't exist, AFAIK, but you can cron it.
<psivaa> jdstrand: Would like to know if there is any update on bug #1197484. ETA for any possible fix, etc?
<uvirtbot> Launchpad bug 1197484 in isc-dhcp "Connection requests to saucy server VMs from a hosts fail after fresh VM installs" [High,New] https://launchpad.net/bugs/1197484
<jamespage> yolanda, that nagios3 merge is confusing - I'm not entirely sure why the debdiffs's are so huge
<yolanda> let me double check
<yolanda> not sure now
<yolanda> jamespage, you mean the diffs between the two ubuntu versions?
<jamespage> yolanda, yes - the debian commits are patches and packaging
<yolanda> I'll recheck the process
<jamespage> yolanda, even the diff between -3 and -4  in debian is massive
<jamespage> yolanda, I don't think its what you have done
<jamespage> although I did not expect to see the diff in debian/po
<yolanda> let me paste the report
<yolanda> maybe you see something
<yolanda> http://paste.ubuntu.com/5876994/
<jamespage> yolanda, yeah - I know
<jamespage> but think about what change you actually made for 3ubuntu1
<jamespage> that should be the only delta
<yolanda> let me recheck taht
<jamespage> yolanda, oh - you should also close out the merge bug as part of your changelog
<jamespage> I was about to add that to the bug report but got sidetracked by this issue
<yolanda> ok, didn't know about it, so i should reference the LP bug in changelog?
<jamespage> yolanda, yes
<jamespage> yolanda, I think the po mods are a grab-merge bug
<jamespage> yolanda, if I do the merge using ubuntu:nagios3 and lp:debian/sid/nagios3 I get what I would expect
<yolanda> ok, so i'll try with that approach
<yolanda> jamespage, is that better to rely on manual merges, not in grab_merge script?
<yolanda> or maybe do the grab_merge and then check that for unexpected results?
<jamespage> yolanda, yeah - thats what I end up doing
<yolanda> ok, then i'll fix that, and i also have to update the changelog for the others
<jamespage> yolanda, great - thanks!
<yolanda> jamespage, much more cleaner debdiff doing a manual merge
<yolanda> i'll resend the patches
<yolanda> jamespage, generated diff between prev ubuntu version and this one is huge anyway, mostly same size, but diff between debian/ubuntu is clean now
<jamespage> yolanda, when you attach patches please can you make sure that you tick the 'this is a patch to fix the problem' option
<jamespage> it breaks the sponsorship tooling otherwise
<jamespage> yolanda, for the nagios merge the bug in the changelog does not match the one in launchpad
<jamespage> yolanda, fwiw you can just push the branch to launchpad/raise a MP instead of doing the debdiff's
<yolanda> jamespage, i remember don't having the permissions, i think
<jamespage> yolanda, to mark patches as 'patches'?
<yolanda> no, for the MP
<jamespage> yolanda, anyone can raise a merge proposal
<yolanda> ok, and you do the merge? i can't remember who recommended me to use the debdiff approach
<yolanda> np, having lunch and i'll raise the mp
<jamespage> yolanda, OK - for the quid3 merge:
<jamespage> dpkg-source: info: local changes detected, the modified files are:
<jamespage>  squid3-3.3.4/src/cf.data.pre
<jamespage> when I try to use the debdiff - can you take a look at that as well
<jamespage> ta
<yolanda> sure
<yolanda> jamespage: https://code.launchpad.net/~yolanda.robla/ubuntu/saucy/nagios3/debian_merge/+merge/174736
<jamespage> yolanda, lots of conflicts
<yolanda> i know
<yolanda> lots of conflicts between prev and this ubuntu veresion
<yolanda> but it's like that using the grab-merge and the manual merging also
<yolanda> i'll try resubmitting the mp, just a moment
<jamespage> yolanda, nm - I already uploaded that one
<yolanda> is that ok?
<jamespage> yolanda, I just fixed up the debdiff you uploaded a while back
<yolanda> oh ok
<yolanda> i'll check the squid3 problem, not sure what happens
<zul> jamespage:  i really need to beat out neutron today
<jamespage> zul, beat away!
<jamespage> morning btw
<zul> good morning
<jamespage> yolanda, https://jenkins.qa.ubuntu.com/job/saucy-adt-nagios3/
<yolanda> let me try locally
<hxm> hi
<hxm> i want to emulate a NAS server in my ubuntu server, is that possible?
<hxm> exists any kind of software for do this?
<hxm> what could be the query string for google, nas software gives too many results
<Pici> What exactly are you trying to acheive?
<hxm> create folders, rename files, that basic things
<hxm> i guess a NAS is a webdav server, no?
<Pici> So just a file server? Pick a protocol.
<Pici> NFS, SMB, whatever.
<hxm> yes, i use smb, but some users asked for have a HTTP interface with admin control
<hxm> i just wonder if that exists
<hxm> or the user just should login as admin when map the server
<atpa8a> i would think you need some CMS type of software
<RoyK> hxm: what do you need to administer over web?
<rbasak> hxm: look into freenas. It's BSD based, but perhaps you can run it inside a VM on Ubuntu Server?
<RoyK> freenas is good, runs on zfs too IIRC, which is good indeed
<jdstrand> psivaa: still trying to reproduce
<psivaa> jdstrand: ok, i had an impression that you've seen it somewhere else as well, may be i misunderstood
<jdstrand> psivaa: I did, but I've yet to reproduce it
<psivaa> jdstrand: ok, understand
<Chocobo> Hmmm, any idea why my NFS mount would lock up periodically (to the point of needing a reboot)?
<RoyK> Chocobo: not sure, it could be anything. anything in the logs? dmesg?
<yolanda> jamespage, i tested nagios3 tests again locally, and run fine for me
<jamespage> yolanda, bah
<yolanda> some dependency with nagios3-cgi should be the problem? why it works locally with run-adt-test, and not on the test machine?
<atpa8a> hey
<atpa8a> can MAAS be a good substitute for managing virtual machines?
<Chocobo> RoyK: Not really... I can still mount other NFS exports on the same interfaces, but it just hangs when I try to mount a certain export.   It is strange because other nodes in the cluster all have the problematic export mounted
<Chocobo> When I try to mount it there is tons of traffic (using tcpdump)  this is strange
<RoyK> Chocobo: same server as well?
<Chocobo> RoyK: What do you mean same server?  yes, I can mount other exports from the same server.
<RoyK> Chocobo: if you mount with options soft,intr, than the connection should be interruptable
<RoyK> otherwise, the default action for NFS is to hang while the server's unavailable
<yolanda> jamespage, about squid3, i'm finding an strange problem with the patches. I removed all .pc directory, retried again, applying all patches manually, etc...
<yolanda> when i do a bzr bd -S i have this error :bzr: ERROR: An error (1) occurred running quilt: The working tree was created by an older version of quilt. Please run 'quilt upgrade'.
<Chocobo> RoyK: this is my fstab entry:  dedup-ib:/big_pool/os-grizzly /os-grizzly nfs rw,async,noatime,nolock,tcp,bg,intr,hard,_netdev,noauto 0 0
<yolanda> runnning quilt upgrade doesn't help, it complains about that the quilt metadata is already in version 2, nothing to do
<yolanda> packaging with a debuild works, but not sure it that is ok
<RoyK> Chocobo: perhaps try soft instead of hard
<RoyK> Chocobo: it won't fix the issues, but may make it easier to debug
<RoyK> btw, I don't think noatime is a valid nfs flag
<Chocobo> RoyK: Thanks, I will give it a shot.
<RoyK> Chocobo: btw, is this some dedup thing?
<Chocobo> RoyK: it is a ZFS backend that has deduplication enabled, yes.
<RoyK> ok
<RoyK> lots of memory in the machine?
<RoyK> in my experience, zfs dedup is *very* hungry for memory
<bitnumus> hey, my system clock keeps drifting
<bitnumus> whats the best solution to fix this
<bitnumus> doesnt ubuntu have a default cron to handle this ?
<bitnumus> fncirunbvhltdjiddnjuihkrfglcfigcvdekrevdnlin
<RoyK> bitnumus: ntp should keep your clock in sync
<RoyK> bitnumus: is this a vm?
<bitnumus> nope
<bitnumus> not sure how the provider has it setup, its a VPS
<RoyK> then it's probably a vm
<RoyK> can you pastebin lshw output?
<bitnumus> lshw ?
<patdk-wk> why would ubuntu have a cron to handle clock? that is the worst idea ever
<bitnumus> patdk-wk, just what i've read
<RoyK> bitnumus: apt-get install ntp
<bitnumus> ntp is installed
<bitnumus> maybe not running but
<bitnumus> sec
<bitnumus> i looked at this a few days ago now, something about ntpdate
<RoyK> bitnumus: yes, lshw, it should show on what hardware or hypervisor you're running
<bitnumus> RoyK, that gives 'bad command'
<RoyK> then apt-get install it :)
<RoyK> bitnumus: perhaps dmidecode will tell
<rbasak> Some VPSes don't let you set the clock.
<RoyK> but lshw output is better
<bitnumus> sec,
<rbasak> I had one where the clock was out, the kernel wasn't available to user modification, and setting the clock resulted in an error. I had to get the hosting provider to fix it.
<bitnumus> RoyK,  http://pastebin.com/z9aFjKGm
<RoyK> rbasak: openvz or vserver based systems don't have individual clocks
<bitnumus> so i've installed ntp, anything i need to do to initialise it ?
<RoyK> bitnumus: not sure, but I guess vserver
<bitnumus> does it need a reboot
<RoyK> bitnumus: to manually set the time from a timeserver, use ntpdate pool.ntp.org
<bitnumus> i dont want to manually do anything, i need it to keep up to date with next to 0 drift
<RoyK> you might need to stop ntp first because of an open socket
<bitnumus> will ntpd keep it in check ?
<RoyK> yes
<bitnumus> so no reboot or anything ?
<RoyK> no
<bitnumus> how often should it update it ?
<RoyK> but if the clock is too far askew, ntpd might not catch up
<atpa8a> or it will take some time to catch up
<RoyK> so, service ntp stop ; ntpdate pool.ntp.org ; service ntp start
<bitnumus> na, atm its about 1second out
<rbasak> ntpd adjusts the clock speed to match the time it's syncing. So it's not updated as such. Once  the clock stays in sync it should just appear to be in sync.
<bitnumus> maybe that was my issue before, it drifted to 264seconds
<RoyK> then it souldn't be needed to use ntpdate
<bitnumus> ok great stuff
<streulma> what is the best way to update your server? apt-get upgrade, or apt-get upgrade --show-upgraded, or apt-get dist-upgrade, or aptitude dist-upgrade ?
<bitnumus> cheers ^
<patdk-wk> streulma, depends on the goal
<RoyK> streulma: I just do apt-get update && apt-get -y dist-upgrade && apt-get -y autoremove
<patdk-wk> upgrade everything, upgrade security patches only, ...
<patdk-wk> dist-upgrade is what I use, and you need it to bring in new kernel security patches
<streulma> used command from RoyK
<patdk-wk> royk, maybe use virt-what next time, over lshw?
<RoyK> patdk-wk: virt-what?
<RoyK> ah
<RoyK> didn't know that ;)
<patdk-wk> I knew it existed, but couldn't remember the name
<patdk-wk> and didn't know if it did openvz and them, but it does
<RoyK> streulma: can you try virt-what as patdk-wk suggested?
<patdk-wk> bitnumus, you mean?
<RoyK> uh, yes
<RoyK> bitnumus: ?
<bitnumus> what
<patdk-wk> ya, what is the word :)
<RoyK> bitnumus: can you try virt-what as patdk-wk suggested?
<Chocobo> RoyK: There is 512GB in that machine I believe.
<RoyK> Chocobo: should suffice for rather a large amount of diskspace ;)
<patdk-wk> hate to see that reboot
<bitnumus> XEN
<RoyK> ah
<RoyK> I've seen clock drift with xen
<patdk-wk> your ok running ntp on xen
<patdk-wk> it won't keep the clock perfect though
<patdk-wk> but it will keep it close
<streulma> I've seen some time wibble on Xzn
<streulma> Xen
<weeb1e> Hi everyone
<RoyK> ho
<weeb1e> I just got access to two new sponsored servers running the latest ubuntu
<weeb1e> I haven't used the past few ubuntu versions so some things have changed
<weeb1e> First up, is there something special that needs to be done now to change my sudo password?
<weeb1e> passwd does not seem to be working
<hachre> What do you mean by 'sudo password'
<hachre> if your user is in the etc sudoers file it can access root via it's own user password
<hachre> if you wanna change the root password you can do 'sudo passwd'
<weeb1e> I've tried about 4 times now, I use passwd, enter the current password, then enter my new password twice, it says it is changed, yet if I open a new SSH session only the old password works
<hachre> are you changing the password for the user you also try to ssh in with?
<weeb1e> So I mean my own account password which is the only account on the box
<hachre> nothing in that regard has changed, is this a brand new installation?
<weeb1e> My next question would be how to check if a root password is set at all, since I know ubuntu does not set one by default, so I would only want to change that if one is already set
<weeb1e> But I first need to figure out why my own password is not changing
<weeb1e> hachre: Yes, I was told it was installed today
<hachre> it's weird, passwd should go through the /etc/pam.d/system-auth component
<weeb1e> I see now it is not the latest ubuntu even, they installed Ubuntu 12.04.2 LTS
<hachre> I think
<hachre> ah yea
<weeb1e> I hope 12.04 does not cause me grief
<hachre> thats the latest LTS release
<rbasak> weeb1e: "sudo getent shadow root" to see the root password hash. If it's "!" or "*" or something, then there's no root password set. That's generally the same across all distros.
<weeb1e> thanks rbasak, any idea why passwd wouldn't be taking effect for me?
<weeb1e> There is a hash there so I assume a root password is set
<rbasak> weeb1e: "passwd" sets the password you use to sudo with (your own user password). What you ssh in as should be the same password. I don't know of any reason that wouldn't work unless your provider is doing something? Is it a fresh install on real hardware, or some kind of VM?>
<weeb1e> rbasak: I know that, passwd says it works for my user but then my users password is not changed in any new SSH sessions
<weeb1e> It is a fresh install on hardware, I had to wait a few days for them to remove the VM and install an OS directly
<weeb1e> VMs are useless for realtime software which requires minimal overhead and max performance
<rbasak> weeb1e: how about an ssh user@localhost from the machine itself?
<RoyK> weeb1e: were you running "passwd" as your own user, or as root?
<weeb1e> rbasak: Still only the old password works
<weeb1e> RoyK: My own user
<rbasak> weeb1e: "sudo getent shadow youruser" before and after changing the password. Does that get updated?
<RoyK> check the file date of /etc/shadow
<RoyK> rbasak++
<weeb1e> rbasak: Yes it changes
<weeb1e> This is very weird
<RoyK> weeb1e: and then if you try to ssh youruser@localhost?
<weeb1e> I am getting very confused, I have worked with plenty Ubuntu servers in the past and have never had an issue like this
<rbasak> weeb1e: "grep password /etc/pam.d/sshd" - does that say "@include common-password" or something else?
<rbasak> weeb1e: it certainly shouldn't do that on a default install.
<weeb1e> RoyK: Hmm, that worked now from that same session
<RoyK> weeb1e: but not from another machine?
<weeb1e> And now it works in a new session
<weeb1e> Why the hell would it suddenly work on the 6th attempt :|
<RoyK> ok, possibly PEBKAC ;)
<weeb1e> Oh wait, I changed the root password
<RoyK> bingo
<weeb1e> So the only explaination is it is using the root password for my own account?
<weeb1e> Why would it be doing that
<weeb1e> rbasak: Yes, that is included
<weeb1e> I guess the techie that installed these boxes did something odd
<rbasak> weeb1e: the behaviour you're describing is certainly non-standard non-default.
<RoyK> normally, on ubuntu, root doesn't have a password. it means you can boot to single if you have physical access without a password, but then, if you have physical access, you can normally override most security
<RoyK> rbasak: seems to me he just ran passwd as root, nothing more
<rbasak> weeb1e: it might be worth comparing /etc/ssh/sshd_config and /etc/pam.d/* against a default system.
<weeb1e> If I had to remove the root password now, would my user still work with its own password?
<RoyK> yes
<weeb1e> I just don't want to lock myself out
<rbasak> weeb1e: RoyK: yeah, perhaps I've misunderstood the details.
<weeb1e> How would I remove the root password?
<RoyK> weeb1e: no need, really
<RoyK> weeb1e: your system is only slightly more secure with a root password
<rbasak> weeb1e: leave an ssh session running "sudo -i" so you have a root prompt. Change and test at will. If you leave the session open you can recover from problems using that.
<rbasak> EOD
<RoyK> weeb1e: you may want to turn off root login in /etc/ssh/sshd_config, though
<weeb1e> Well, ok I don't need to remove the root password
<weeb1e> But I don't want all accounts to use that password
<weeb1e> Would removing "@include common-password" be enough to solve that?
<RoyK> weeb1e: all accounts have their own passwords
<weeb1e> RoyK: Like I said I can't login or sudo with my own accounts password
<weeb1e> It only started working when I set the root password to my own password
<rbasak> weeb1e: I'd avoid changing /etc/pam.d at all unless you're restoring defaults that have been changed. AIUI, the behaviour you want *is* default on Ubuntu
<RoyK> @include common-password is there by default
<weeb1e> Ok well let me change my own password and see if it takes effect now
<rbasak> The beahviour I've heard you describe here (as far as I've understood what you've said) *is not* default on Ubuntu.
<RoyK> weeb1e: well, now, after you have successfully changed your password, login and try sudo -i
<weeb1e> rbasak: Yeah that was my understanding too, I've used plenty ubuntu servers and never experienced this before
<weeb1e> But now after having set the root password, changing my own accounts password works correctly
<RoyK> weeb1e: I guess what you experienced was just taht you changed the wrong password
<weeb1e> I still don't understand why it was not before
<weeb1e> RoyK: I tried using passwd without sudo at least 5 times
<weeb1e> And it said it worked, yet a new ssh session only worked with the old password
<RoyK> never seen that - ever - since I installed slackware 2.1 back in 1994
<weeb1e> Very odd behaviour
<RoyK> weeb1e: indeed - does ssh youruser@localhost work with the new one?
<weeb1e> Well, I have a second box that should be identical to this one, lets see how the password changing goes there
<weeb1e> It does now, it didn't before
<RoyK> weeb1e: try localhost first
<RoyK> if there's a difference between ssh to localhost and from another machine, there may be a man-in-the-middle somewhere
<RoyK> which is rather alarming
<weeb1e> No, there is no difference, both ssh to localhost and an external ssh session failed for the first bunch of attempts
<weeb1e> They only started working with the newly set password after I changed the root password
<RoyK> weeb1e: do both work now?
<weeb1e> Yes
<RoyK> then you probably changed the wrong user's password
<weeb1e> But I have a second machine to test now, and it does not have a root password set
<RoyK> try again
<RoyK> ok
<weeb1e> Oh well, that machine worked as expected
<weeb1e> All things do point to me having changed the wrong password, but I am also very sure that I did not.. but oh well, thanks for the help anyway
<weeb1e> So much for the machines being identical, the second box has something seriously wrong
<weeb1e> E: Package 'build-essential' has no installation candidate
<RoyK> huh
<RoyK> weeb1e: I'd reinstall that if I were you
<RoyK> perhaps run rkhunter or chkrootkit on it first
<RoyK> and check the repos used
<RoyK> or just nuke it
<weeb1e> RoyK: Reinstall the whole OS?
<weeb1e> I would have to get my sponsor to send a technician to do it
<RoyK> if something has been let in that can be logging passwords, then it's rather bad
<RoyK> can you compare /etc/apt/* between the two machines?
<weeb1e> "if something has been let in that can be logging passwords"?
<weeb1e> Where did you get that from?
<RoyK> use rsync -r from a separate machine to transfer the contents
<RoyK> weeb1e: I'm just paranoid, sometimes that's all it takes
<weeb1e> Hmm, I'll compare the contents
<weeb1e> why apt/* not just apt/sources?
<weeb1e> the sources.list files are the same
<patdk-wk> heh?
<RoyK> because sources.d is another source to sources :P
<patdk-wk> someone can easily setup apt to use a proxy server
<patdk-wk> and then give you whatever they want
<patdk-wk> checking sources won't detect that
<RoyK> true
<weeb1e> Yeah well, they could, but this sponsor likely does not have the technical know how for that :P
 * patdk-wk hopes no one gets my proxy :)
<RoyK> weeb1e: check the checksums (md5 or sha) of passwd and the modules used by pam
<RoyK> weeb1e: it may be false alert, but you're seeing some rather interesting issues that *may* turn up to be nasty
<weeb1e> I'd need to find another 12.04.2 ubuntu server to compare against
<weeb1e> Let me check if I have a VM installed
<RoyK> weeb1e: first: download rkhunter and/or chkrootkit from the source, not from the repos, and run it/them
<weeb1e> RoyK: I understand your concern, since I have just gained access to these boxes I'd rather be safe than sorry
<RoyK> patdk-wk: do you know any other checks to run on such a system?
<patdk-wk> not really, I just don't bother anymore
<patdk-wk> restore from template
<RoyK> patdk-wk: why not?
<RoyK> ok
<patdk-wk> I do tend to keep the old ones around for inspection, and find the issue
<patdk-wk> but normally, people breaking into servers leave craploads of helpful info around
<RoyK> patdk-wk: doesn't work too well for physical machines, though
<patdk-wk> good thing I don't have any :)
<patdk-wk> but it would work the same way
<patdk-wk> just take longer to do a restore
<patdk-wk> I do it for laptops, and desktops
<patdk-wk> after I install, I backup to a template, that I restore on the other ones
<patdk-wk> and use if someone gets infected
<patdk-wk> that is windows though
<weeb1e> I only have physical machines, without any physical access :/
<weeb1e> VMs have too much overhead
<RoyK> weeb1e: huh?
<RoyK> weeb1e: we run 150ish VMs on 8 VMware hosts at work, and it runs smoothly
<RoyK> would probably run well on 6, or it will, when we reorganize the two clusters into one
<patdk-wk> since when do vm's have overhead?
<patdk-wk> atleast if your using an ept server, so e54xx or higher cpu
<RoyK> patdk-wk: heh - back before they added virtualization extensions ;)
<patdk-wk> no, that was painful
<RoyK> vmware around 2001 was rather heavy
<patdk-wk> ept caused it so you didn't have overhead for memory page changes
<patdk-wk> if your server is that old, to not support vt, I would suggest, you don't need a server :)
<RoyK> hehe
<patdk-wk> but if your server is <5years old or so, you probably have ept support
<patdk-wk> so the vm will have an unmeasurable amount of vt overhead
<patdk-wk> I will say, going from physical to vmware, caused me a 15% additional overhead
<patdk-wk> then I realized the old servers didn't have ept, removed it, and I am <5% overhead
<RoyK> patdk-wk: got a cluster?
<patdk-wk> 4 clusters
<RoyK> many hosts?
<patdk-wk> large windows, small windows, large ubuntu, small rhel
<patdk-wk> physical, from 3 to 6
<RoyK> why separate the vm's into different clusters based on OS?
<patdk-wk> royk, they aren't
<patdk-wk> they are in different datacenters doing different things
<RoyK> ok
<patdk-wk> large windows cluster has like 5 rhel on it
<patdk-wk> but it has 400 windows vm's
<RoyK> damn
<RoyK> how many hosts?
<patdk-wk> on 5 blades
<RoyK> not bad
<RoyK> how much memory in those?
<patdk-wk> currently, 144, and we are pushing into 80% used again
<patdk-wk> those blades are getting upgraded next spring, so moving to 386 or more ram, but need faster cpu's, single core performance in windows is really hurting lately
<RoyK> we have two clusters, plus a separate box for patient data, running a single vm, separate box of historical issues, I guess, since some people didn't trust putting a large VM on other machines that were exposed to the internet
<RoyK> perhaps going for virtual datacentre one day
<patdk-wk> if it had patient data, it would be a hippa issue here, much easier to say your in regulations
<patdk-wk> but not sure what the laws are there
<RoyK> hippa?
<patdk-wk> http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act
<RoyK> I know others that are using the same cluster for mixed data
<patdk-wk> guess it's hipaa
<RoyK> I see, thanks
<RoyK> The Norwegian Data Protection Authority is the main actor at this, and they allows (at least certain) installations of patient data VMs along with open servers
<Pici> RoyK: "Exposed to the internet", you mean web servers? or just something that was able to access the internet outbound?
<patdk-wk> ok, hipaa doesn't forbid it :)
<patdk-wk> but if you don't want to report loss to your *customers*
<patdk-wk> then it must be approved and encrypted
<RoyK> Pici: web servers or others that can be reached from the internet
<patdk-wk> so making it encrypted, and being able to verify loss, is simple if it's dedicated
<RoyK> IMHO nothing is really dedicated when the blade is in the same chassis as the other blades and VLAN control is at the VM level
<patdk-wk> ok, it's long after lunch time
<RoyK> patdk-wk: 400 VMs on five hosts with 192GB seems rather heavy, it's like 1.92GB per VM
<RoyK> (with four, if one fails)
<patdk-wk> well, depends on mem dedup though
<RoyK> is that really efficient?
<patdk-wk> as 240 or so are cloned win7, they dedup good
<RoyK> ok
<patdk-wk> ya, they have 4gigs of ram each, and normally only use 1gig of ram each
<RoyK> ok
<RoyK> clients?
<patdk-wk> vmware view, for client access yes
<patdk-wk> destroyed on each logout
<RoyK> should try that out
<RoyK> we have some 20k users, mostly students, but some 1800 employees
<patdk-wk> how many are logged in at any given time?
<RoyK> looking at the fileserver statistics, perhaps 2k
<RoyK> at really high times
<zul> jamespage:  ping enjoy: https://code.launchpad.net/~zulcss/neutron/rename/+merge/174832
<patdk-wk> well, that would be how many licenses you need then
<RoyK> possibly rather expensive :P
<patdk-wk> well like everything
<RoyK> do you use thin clients for this?
<patdk-wk> you do it yourself, or you pay for it
<patdk-wk> royk, heh?
<Pici> Is this a single hospital?
<patdk-wk> clients==customers, we have no control over them
<RoyK> Pici: hioa.no
<Pici> Ah.
<RoyK> patdk-wk: I meant, are you using thin clients or PCs for this thing? thin clients as in those that only knows RDP or whatever access protocol, but doesn't have much of an OS locally
<patdk-wk> like I said, how should I know
<weeb1e> RoyK: I host realtime sensitive software which is affected by the overhead and timeslicing of virtual machines
<patdk-wk> they are controlled by the customer, offsite, nothing to do with our company
<weeb1e> Such software includes a variety of resource intensive game servers as well as multimedia transcoding and processing
<patdk-wk> ya, realtime stuff is not vm friendly
<weeb1e> My services are realtime and latency sensitive, so VMs are really not an option
<TheSov> you would be surprised how fast vm's can work
<patdk-wk> depends though
<TheSov> we keep hosts here with just 1 vm on them
<patdk-wk> but if latency is the only issue, latency normally trumps all vm latency issues
<RoyK> weeb1e: I see
<TheSov> the 1 vm is a very important and high speed guest the reason its virtual is due to portability
<patdk-wk> network latency
<RoyK> we installed varnish on a dedicated blade some time back, 200% speed increase
<RoyK> so in some applications, virtualization isn't the best approach
<TheSov> what happens if your blade backplane fails?
<patdk-wk> royk, that sounds like an ept issue :)
<TheSov> which has happened to me
<RoyK> patdk-wk: ept?
<patdk-wk> the memory paging virtualization support in newer cpu's
<patdk-wk> otherwise every page table lookup, hits the hyperviser
<RoyK> TheSov: it all goes down, obviously, and the important VMs are started on the secondary site
<patdk-wk> and since varnish is memory happy, it will matter a lot
<TheSov> RoyK, im just saying virtualization, as much as it has its drawbacks is worth it most of the time
<patdk-wk> I was getting 50% slowdown on some vm's
<TheSov> if not for just machine portability
<TheSov> not being hardware dependant is ****** awesome
<RoyK> TheSov: I know, but the positive side of virtualization is rather huge compared to the drawbacks
<TheSov> i think we are arguing on the same side lol
<RoyK> 150 VMs as pizzaboxes would fill four racks
<RoyK> and consume a rather large amount of power
<patdk-wk> oh, maybe you needed those old rlx blade I used to have :)
<patdk-wk> 2ghz with 20gig drive, 24 per 4u blades
<RoyK> we have three Dell bladecentres atm
<patdk-wk> so happy to drop them off a cliff
<TheSov> i have an entire rack of dell r714's with 12 core processors and 128 gigs of ram
<RoyK> recycling the older ones for the secondary site
<TheSov> they rock
<patdk-wk> sounds like amd
<TheSov> yes they are
<patdk-wk> I'm normally ram heavy
<patdk-wk> but the 100% flash san is helping to change that
<patdk-wk> no need to cache as much stuff in ram
<RoyK> patdk-wk: what sort of SAN do you have?
<patdk-wk> purestor
<RoyK> url?
<patdk-wk> purestorage.com
<RoyK> something like zfs?
<patdk-wk> it's not
<patdk-wk> it works a lot like zfs, but it's not zfs at all
<patdk-wk> they are using raid3d, so it's basically raid6 but without a dedicated spare, but random holes all over
<RoyK> have you tried to yank a disk and put it in a zfs-enabled box and tried zpool import?
<RoyK> ;)
<patdk-wk> it wouldn't work
<patdk-wk> it's not zfs, as it's raid3d :)
<patdk-wk> even if they did zfs ontop of it
<RoyK> what's raid3d?
<patdk-wk> google it
<patdk-wk> ibm made it
<patdk-wk> it solves the slow rebuild issue of using spares
<patdk-wk> hard to explain without the picture
<RoyK> <1s failover is nice
<RoyK> Dell tells EqualLogic customers to increase iSCSI timeout to 120 to avoid problems
<patdk-wk> well, it's active/active
<RoyK> which doesn't work too well with internal timeouts in databases, exchange etc
<patdk-wk> ya, vmware says to use 180sec
<patdk-wk> and it pushs that into windows
<patdk-wk> but not linux
<RoyK> doesn't work with exchange
<patdk-wk> I have never failed over exchange yet
<RoyK> exchange uses non-blocking I/O and fails after some seconds
<RoyK> patdk-wk: all SSD SAN?
<patdk-wk> yes
<RoyK> what interlink?
<TheSov> dude, lefthand networks has an amazing virtual san appliance
<patdk-wk> using 8gb fc
<RoyK> ok
<TheSov> i use that in combo with freenas and RDM to produce a high speed full failover san solution that functions at high speed
<TheSov> FC!?!? ok i get off the boat here
<RoyK> patdk-wk: guess you get rather good IOPS from that thing
<patdk-wk> only have 4 of the 8fc connected right now
<patdk-wk> but we can max out the 2 fc ports per host, easily
<patdk-wk> with 4k iops
<RoyK> 4kiops doesn't sound that impressive, though
<RoyK> when a single SSD can deliver 10x+ of that
<patdk-wk> hmm?
<patdk-wk> a single ssd can do >200k iops?
<patdk-wk> I know I can do random write iops at full speed
<patdk-wk> you can't say that about zfs with dedup, very easily
<patdk-wk> royk, one thing I do like about them, and why their numbers do seem low
<patdk-wk> their numbers you will get, they are the best numbers under perfect optimization conditions
<patdk-wk> and they are working on a cost scale too
<patdk-wk> so one gen old hardware, to keep costs down
<RoyK> patdk-wk: how much storage do you have in total (net) on those SSDs?
<patdk-wk> 11tb raw usable
<RoyK> how many SSDs?
<patdk-wk> we have 19tb of data on it
<RoyK> seems like an awful lot
<patdk-wk> 48 256gb ssd's
<patdk-wk> we moved our 15tb of thin allocated data from our old san, to it, and used 4.5tb
<RoyK> you should e getting a wee more than 4kiops from that bunch
<patdk-wk> 4k?
<RoyK> even spinning rust should give you 4kiops with that amount of drives
<patdk-wk> wee more than 4k block size iops?
<patdk-wk> I keep peeking out around 300-500k iops
<patdk-wk> way over their specs
<RoyK> shit
<RoyK> that's a lot
<patdk-wk> can easily get 100-150k for a single stream
<RoyK> (and my excuses to the language police for saying a bad word)
<patdk-wk> it must not count anymore, or bot the bot would yell :)
<RoyK> patdk-wk: want to ship this over? you don't need it, do you? :D
<patdk-wk> I kind of like it
<patdk-wk> we are getting a 2x dedup ratio, and a 2.3x compression ratio on it
<patdk-wk> they join those numbers into one though, generally
<patdk-wk> but we pre-tested our data using a tool that will read your lun and spit out what it would use
<patdk-wk> so you can estimate how much you need
<IdleOne> If you're going to make sarcastic comments in regards to the ops right after using language you clearly know is not acceptable, why do it at all?
 * patdk-wk failed to see any sarcastic comments made
<IdleOne> because you are not aware of all the facts perhaps
<IdleOne> Anyway, let us all try to behave according to the rules please.
<patdk-wk> IdleOne, is something about this sarcastic? "<RoyK> (and my excuses to the language police for saying a bad word)"
<patdk-wk> as that was the only thing said after the word
<patdk-wk> in this channel atleast
<patdk-wk> and everything you said, if it was in reply to an off-channel comment, not sure why you would bring it in here
<IdleOne> yes, first of all we are not "language police" second of all if you are aware enough to apologise for doingsomething wrong then you should have been aware enough not to do it.
<patdk-wk> the second part is not true
<patdk-wk> it's one thing to know you did something wrong, it's another thing to break your habbit
<IdleOne> sure it is. There is no excuse for bad behaviour. When someone joins an Ubutu channel they know what behaviour is acceptable and expected.
 * patdk-wk notes almost all drug addicts
<IdleOne> Ubuntu*
<IdleOne> especially someone who has been in ubuntu channels as long as RoyK has.
<IdleOne> We all mess up now and then I'll grant you that, but in light of recent history. I think the rules woyuld have been fresh in his mind.
<cyberviking> HI there
<cyberviking> I installed apache 2.4 but now when i try to analyze a log file, I got "-bash: fork: Cannot allocate memory" and the ssh session close. Do you know why ? :)
<RoyK> cyberviking: what ubuntu version?
<RoyK> cyberviking: how much memory?
<cyberviking>           total     used    free
<cyberviking> Mem:       2097152     287824    1809328
<cyberviking> -/+ buffers/cache:      20072    2077080
<cyberviking> trying to analyze a 35mo fil via some grep
<cyberviking> 35mB
<RoyK> pastebin ps axfv
<RoyK> !pastebin | cyberviking
<ubottu> cyberviking: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<RoyK> cyberviking: cannot fork seems like a bunch of processess staggering
<RoyK> cyberviking: pastebin output of uptime as well
<cyberviking> the command is not so impressive but it crash, just one to know how time Googlebot was there
<cyberviking> cat /var/log/apache2/other_vhosts_access.log|grep "15/Jul"|grep -v "Googlebot"|wc -l
<cyberviking> uptime :  23:47:18 up  3:11,  1 user,  load average: 0.00, 0.00, 0.00
<RoyK> so probably no disk issues
<RoyK> but now swap?
<cyberviking> forget the "-v" on grep above of course :p
<cyberviking> it's a VPS
<cyberviking> with no swap
<cyberviking> Swap:            0          0          0
<cyberviking> I can shutdown apache, execute this command and start apache again it works ^^. But I want to understand what the hell happen here.
<RoyK> pastebin ps axfv
<cyberviking> the only difference is without apache -/+ buffers/cache:      11092    2086060
<cyberviking> and with apache : -/+ buffers/cache:      15912    2081240
<RoyK> should be no difference
<cyberviking> I know :s, but it's not :D
<jsonperl> i've got a bit of a strange situation with memory (potentially a swap thing)
<jsonperl> i have a bunch of servers running with 16gb of ram available... they have a leak and when they get somewhere above 1GB, they get restarted
<jsonperl> but for some reason, freeing of that memory seems to make the whole machine spike in cpu usage, and slows everything WAY DOWN while it happens
<jsonperl> i was thinking maybe tuning the swappiness might be the solution, but does anyone have an idea what I should be looking for?
<Patrickdk> heh?
<Patrickdk> why would you think this is a swap issue?
<Patrickdk> where is a pastebin with any results that back this up?
<Patrickdk> cause if you have 16gig ram, and you reboot them when they > 1gb ram, you have personal issues, not swap issues
<jsonperl> each process has 1gb of ram
<jsonperl> there are 14 server instances running
<jsonperl> im now running sysstat so I can get some stats next time i see the issue
<jsonperl> its a custom ruby / c game server
<Patrickdk> really, all you need to do is run vmstat, and maybe free, and probably ps axl, when you are having the issue
<Patrickdk> to tell if you have a swap issue or not
<jsonperl> what would i want to look for?
<Patrickdk> something wrong
<freeflying> jamespage: is there any particular reason for openvswitch package not using upstart?
<jsonperl> does that symptom seem indicative of a swapping issue?
<Patrickdk> jsonperl, the issue is unknown yet, as you have not described anything
<Patrickdk> you said a cpu spike, swap issues don't cause cpu spikes, they cause disk spikes
<Patrickdk> so far, that is the only clue given
<jsonperl> sure ok here
<Patrickdk> what is nice, is to use something like munin, so you know what it *normally* looks like
<Patrickdk> then you can tell what changed
<jsonperl> Basically all server activity drops to 0
<Patrickdk> sysstat does it also, I just never used it
<jsonperl> i have charts of core usage
<jsonperl> i basially persist mpstat to db
<jsonperl> it only starts happening once servers cycle... and release a lot of memory
<jsonperl> I'll paste one somewhere and link
<Patrickdk> mpstat only gives cpu info
<jsonperl> http://picpaste.com/pics/Screen_Shot_2013-07-13_at_10.19.40_PM-AS1JtSXk.1373927861.png
<jsonperl> Cpu is clearly a problem here
<Patrickdk> so cpu usage drops to bottom
<Patrickdk> that says cpu is NOT the issue
<Patrickdk> so again, we have no idea
<jsonperl> What are some potential reasons for that
<jsonperl> heavy IO wait time?
<Patrickdk> I could list you atleast a few million
<Patrickdk> but there is no point
<jsonperl> theres not much running on the machine
<jsonperl> pretty much just these servers
<Patrickdk> this is why you need to record all basic stats
<Patrickdk> disk i/o, memory, cpu
<Patrickdk> all in reference to each other
<jsonperl> sysstat is doing that for me now
<Patrickdk> other things, if this is a vm
<Patrickdk> it could not be anything to do with you
<jsonperl> its not a vm
<jsonperl> physical machine
<jsonperl> all mine
<jsonperl> Patrickdk ok im collecting stats on the minute now
<jsonperl> hopefully ill see something interesting
<jsonperl> this sucks
<jsonperl> I run deepworld btw... fun game if you have a mac or ios device
#ubuntu-server 2013-07-16
<jsonperl> who wants to help a noob debug a problem server from sysstat information :)
<Patrickdk> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<jsonperl> Patrickdk whats up!
<jsonperl> I'm back with data
<jsonperl> So I have a problem where my machine (many servers) crawls to a stop and stops functioning. CPU usage drops precipitously
<jsonperl> I do happen to see a spike in runq-sz during the same time, but thats the only interesting thing i've noticed
<jsonperl> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<jsonperl> sysstat data can be found at http://pastebin.com/bgPJxqJ3
<jsonperl> the problem starts occuring after19:17:00
<Patrickdk> defently not a swap issue
<Patrickdk> no disk issue, no memory issue
<Patrickdk> you will need to use strace to find the real issue
<Patrickdk> it's a simple programming issue
<Patrickdk> I would bet your hitting a mutex lock in the kernel
<Patrickdk> likely to do when your freeing a bunch of memory at once
<Patrickdk> maybe try using jemalloc?
<Patrickdk> I would think that would show up under %sys cpu usage though
<Patrickdk> maybe you just have a funny workload though, like packets from the network stop flowing for a second or two, so the cpu load drops off
<Patrickdk> but if it's cause at that point in time, you killed a process, I would try jemalloc and see how it affects it
<Patrickdk> won't hurt to try
<jsonperl> we do free a lot of memory when a "world" shuts down
<jsonperl> and when a single server reboots, it frees several "worlds" at the same time
<Patrickdk> I'm not sure how jemalloc deals with freeing memory, it's more made to deal with fragmented small allocations and to be fast
<Patrickdk> so it might help, cause it probably frees a large chunk, instead of the many smaller chunks your current malloc does
<jsonperl> hmm
<jsonperl> i can def look into integrating that
<Patrickdk> no real intergration needed
<Patrickdk> just install it, and set it
<jsonperl> how would i take advantage of it?
<Patrickdk> google :)
<Patrickdk> lots of people use it with different programs, like java, mysql, ...
<jsonperl> looking now
<jsonperl> what gives you that impression from the data btw
<Patrickdk> nothing
<jsonperl> ok
<Patrickdk> only that you said, you had a memory leak
<Patrickdk> and you kill the program
<Patrickdk> since nothing else looks to be an issue, defently not swap/disk
<Patrickdk> so based on, you know how your thing works, is the only clue I'm going by
<jsonperl> okee
<Patrickdk> I'm more used to having issues allocating, memory, than freeing it though
<jsonperl> the spiked runq-sz is unconcerning?
<jsonperl> well it restarts and everybody reconnects
<Patrickdk> where is that?
<jsonperl> so it's a bit of both
<jsonperl> take a look starting here: 07:17:04 PM        17       462      2.74      4.45      4.64         0
<Patrickdk> I don't know where here is
<Patrickdk> what pastbin line
<jsonperl> It deallocates a lot of memory, and then quickly allocates a bunch of memory
<jsonperl> line 519, sorry
<Patrickdk> ya, that is an issue
<jsonperl> so is that my guy
<Patrickdk> 10-20 programs want to run, but they can't
<jsonperl> sounds like my problem
<Patrickdk> why is loadavg-1 still at 1 though
<jsonperl> im learning all this as I go, i'll go look that up
<Patrickdk> hmm, your using threads
<jsonperl> whats a typical cause for a high runq, or is it way too broad a topic?
<Patrickdk> that is probably why it shows up that way
<Patrickdk> probably a locking issue inside your program then
<jsonperl> we're built upon eventmachine... it defaults to a threadpool of 20 threads
<jsonperl> its strange that one process would bork the whole system though
<Patrickdk> it's not
<Patrickdk> think of it this way
<Patrickdk> one thread does something, but it says, nothing else can do anything till it's done
<Patrickdk> then cpu, and everything else will go low
<Patrickdk> till it says, everything else can start again
<Patrickdk> that is how mutex locks work
<jsonperl> but outside of the process?
<Patrickdk> you need them, so your threads don't keep writing over each other
<Patrickdk> who said this was outside?
<jsonperl> sure... we def have some mutex locking goin on
<jsonperl> i have 14 processesing running
<jsonperl> and each on a single core at that (ruby)
<Patrickdk> hmm, only see 5 normally wanting to run I guess
<Patrickdk> I just am not all that sure how linux reports threads vs processes all the time, as I normally don't care
<Patrickdk> well, it's over me
<jsonperl> me 2 :)
<Patrickdk> I would still have to say a mutex lock, just would be more a kernel one then
<jsonperl> i have a lot of angry players :D
<jsonperl> ok, well thanks for the help Patrick
<Patrickdk> strace should show exactly what is going on when it happens
<Patrickdk> but still, if it's when a restart happens, and likely a memory issue
<Patrickdk> give jemalloc a try
<Patrickdk> even if it doesn't fix it, it might help otherwise
<jsonperl> that basically overrides the default malloc?
<Patrickdk> oh, what is your tcp window size set to?
<Patrickdk> yes
<Patrickdk> I don't think it is closing all those tcp sessions
<Patrickdk> looks like that happens fast
<Patrickdk> see lines 935 to 937?
<Patrickdk> do you have that for the earlier timeframe?
<Patrickdk> oh I found it
<jsonperl> window_scaling?
<jsonperl> yep, whats up with those lines
<jsonperl> need me to pull any other data?
<Patrickdk> well, people are saying those numbers are better
<Patrickdk> but it just looks inversed
<Patrickdk> <1 process running
<Patrickdk> and context switchs dropping
<Patrickdk> so expected
<Patrickdk> showing same issue, in reverse
<Patrickdk> oh wait
<Patrickdk> maybe not
<Patrickdk> what is your entropy?
<jsonperl> tcp settings?
<jsonperl> im not sure what you're asking
<Patrickdk> do this
<Patrickdk> watch -n 1 cat /proc/sys/kernel/random/entropy_avail
<Patrickdk> and see what it shows
<Patrickdk> and see what it says when your cpu goes to 0 again
<jsonperl> ha, may be a while
<Patrickdk> what does it normally show?
<jsonperl> it's really sporadic
<jsonperl> 130-185
<Patrickdk> that isn't good
<Patrickdk> you want to keep it >2000
<jsonperl> what am i looking at
<Patrickdk> how many random bits of info linux has ready to use
<Patrickdk> it uses it for everything
<Patrickdk> so if it drops too low, things can get held up
<Patrickdk> like, forking/starting a program
<Patrickdk> making a tcp connection
<jsonperl> hmm
<Patrickdk> generally >500 is good, but I perfer some safety
<Patrickdk> and around 100 is the lowest it allows it to get
<jsonperl> so i'm looking at another server i have with basically nothing running on it and it's solidly in the 140s
<Patrickdk> well, if nothing is happening, it might not be causing enough random events to fill it
<Patrickdk> the worst things for it, is vm's
<Patrickdk> they never fill the entropy pool
<jsonperl> there is a TON happening on that other server
<jsonperl> Like all processors working at at least 50%
<Patrickdk> nothing running != 50% cpu load
<jsonperl> no the original one we were talking about
<jsonperl> The running game server
<jsonperl> with hundreds of players
<Patrickdk> ya, the game server is low?
<jsonperl> correct
<Patrickdk> quick fix to see if that is the issue
<Patrickdk> apt-get install rng-tools
<Patrickdk> and edit /etc/default/rng-tools to something like: http://pastebin.com/PLD39DN5
<Patrickdk> that is *not* recommended, but it will keep the pool full, so you can tell if that corrects the issue or not
<Patrickdk> those are the only two things I can say
<Patrickdk> keep the entropy pool fuller, and try out jemalloc
<jsonperl> ok
<jsonperl> so you're no longer concerned about tcp issues?
<jsonperl> we do drop, and reconnect a bunch of connections
<jsonperl> a bunch = up to 50 at a time
<GH0> Is anyone familiar with adding drivers to CUPS samba shared printers? I seem to be having issues that I just can't get around, and I am thinking it is due to the drivers I am using, but I don't know of any suitable ones.
<GH0> I was following this: https://wiki.samba.org/index.php/Samba_as_a_print_server#Uploading_printer_drivers_for_Point.27n.27Print_driver_installation and that is where I am stuck at. I have the "Add" button, but, no matter what driver I choose, PS, PCL5, or PCL6 it fails.
<jsonperl> Patrickdk reading about jemalloc now, thanks for the suggestion
<jsonperl> Patrickdk libjemalloc1 ?
<Madkiss> cheers
<Madkiss> am I correct to assume that a direct upgrade from 10.04 to 12.04 is supported?
<Madkiss> aw. screw it let's just do it.
<Senor>  /quit
<saban> how to add domain mydomain.com search mydomain.com to resolv.conf in 12.04?
<melmoth> saban, i put "dns-search mydomain.com" in /etc/network/interfaces
<Bert_2>  Hi, I'm moving over a dreadful windows server setup to a more efficient linux-based machine. I have been able to move over everything but I'm having a slight issue on the gateway-part (I'm not very skilled in the networking-side of system administration). The new server is supposed to do DHCP, basic firewalling, on-the-fly virusscanning (if possible and efficient) and most prominently bandwidth throttling. For dhcp I can use dhcp3, to block some ports
<Bert_2> I can use iptables/netfilter and for the virusscanning part I should be fine with clamav, if my research is right. The only thing I'm having a hard time with is the bandwidth throttling. Can someone give me a few pointers or names to search for? Basically I want to limit the amount one MAC-address/IP can use to 50Kbps downstream, except for a select group of vital machines.
<etyuio> hello
<etyuio> a question ?
<etyuio> i got list of server name on file sometime the same server name appear 2 times sometime appear only one time : i m looking for a command that can filter and count the number of the server in one time
<etyuio> #ubuntu
<melmoth> etyuio, what about sort |uniq|wc -l ?
<saban> hi. i have problem with my bind server here is the log http://pastebin.com/0WfxbHSR
<saban> its a fresh install
<melmoth>  /etc/bind/named.conf: permission denied who is trying to start bind ?
<etyuio> that work also melmoth sort | uniq
<etyuio> wc -l what'doing ?
<melmoth> counting the line
<etyuio> unfortunately it not counting properly
<etyuio> what is the difference between nl and wc -l ?
<melmoth> i dont know nl
<etyuio> sort file |uniq|wc -l  and sort file |uniq|nl not having the same result
<etyuio> normal or not ?
<melmoth> yeah, nl is outputing the file content as well, wc -l just counting
<etyuio> why i don't get the same result for both command ?
<saban> im trying to run bind as root
<saban> root@mail:/etc/bind# /etc/init.d/bind9 start
<melmoth> then may be wrong permission on the file, or may be an apparmor thingy (wich i know nothing about)
<melmoth> but the problem is about permission reading this file
<saban> well its a fresh install. and first thing is i remove apparmor like i always do. i checked permissions on files and everything looks ok http://pastebin.com/YagmBZHj
<etyuio> i got 3 different result
<etyuio> uniq file | nl & sort file |uniq|nl & sort file |uniq|wc -l
<etyuio> which one is correct ?
<Bert_2> etyuio: wc -l counts the newline character, while nl counts the number of lines in the file, I think
<Bert_2> but I think this is more of a question for #bash
<melmoth> etyuio, you dont wanna use uniq on a unsorted list
<melmoth> (if i unerstand correclty)
<koolhead17> ola melmoth
<koolhead17> *hola
<melmoth> hola senior koolhead17
<jamespage> yolanda, feedback on squid3 merge in MP
<yolanda> ok
<yolanda> jamespage, about the patches, i already did what you suggested
<yolanda> but i keep finding the same problem
<rbasak> jamespage: would you like me to look at removing dh_strip from bug 1200255 or do you want to work on that?
<uvirtbot> Launchpad bug 1200255 in golang "go get ... fails with SIGILL on armhf" [Undecided,Confirmed] https://launchpad.net/bugs/1200255
<jamespage> rbasak, yes please - that would be helpful
<jamespage> rbasak, reviewing zuls quantum->neutron rename
<rbasak> OK
<jamespage> blimey
<jamespage> zul, whats the current plan re sqlalchemy?
<koolhead17> TeTeT: hello there
<TeTeT> koolhead17: hey koolhead, how's life in India?
<koolhead17> TeTeT: not bad at all. You tell me how is Germany treating you :D
<koolhead17> jamespage: hey there, what magic zul is planning with sqlalchemy :)
<jamespage> koolhead17, no idea - but we need a plan for saucy
<jamespage> everything is broken right now
<TeTeT> koolhead17: ready for vacation in August :)
<koolhead17> jamespage: I would love to see things in place in cloud archive 4 precise. We already had disucussion in mailinglist about basic install guide release dates and all
<jamespage> koolhead17, Ca for havana might be OK-ish right now
<jamespage> it still has the old sqlalchemy
<jamespage> new one is stuck in proposed for saucy right now
<koolhead17> cool.
<jamespage> yolanda, how did you create the branch for the merge? still trying to figure out your patches issue
<yolanda> jamespage, i merged from lp:ubuntu/squid3
<yolanda> merged the debian one
<yolanda> commited and pushed
<jamespage> yolanda, meh - its gone away now
<yolanda> jamespage, i retried again
<yolanda> https://code.launchpad.net/~yolanda.robla/ubuntu/saucy/squid3/debian_merge/+merge/174968
<yolanda> jamespage, but i'm not sure now about the diff output. It shows a diff with .quilt_patches, for example, and i see the same in my branch and in ubuntu/squid3
<jamespage> yolanda, yeah - ignore that for the time being
<yolanda> take a look at the new MP then, i also explained the changelog with more detail
<yolanda> jamespage, so when i push a branch, it should be always pushed with the patches applied?
<jamespage> yes
<yolanda> ok, maybe was that then
<jamespage> yolanda, hmm - can I suggest that you use the previous merge changelog in full
<yolanda> jamespage, what do you mean?
<jamespage> yolanda, 3.1.20-1ubuntu1 contains a full list of all delta between Debian/Ubuntu
<jamespage> your current merge proposal does
<jamespage> not
<yolanda> ah, i paste the same contents?
<jamespage> when I do a merge - I start with the previous merge contents and check it off
<jamespage> to see if its still needed or not
<yolanda> oh ok
<jamespage> I also look at the subsequent changes in Ubuntu and detail those as well if still applicable
<jamespage> so its really a copy/paste exercise in the changelog entry
<yolanda> i paste them and i add my autopkg delta
<yolanda> great to know
<jamespage> yolanda, it makes it alot easier for a reviewer that way as well
<yolanda> ok, i'll do it like that
<yolanda> do you know about that entry? Add transitional dummy packages
<yolanda> it doesn't apply i think, but what packages are these?
<jamespage> yolanda, they where the squid and squid-common packages at the bottom of the ubuntu control file
<yolanda> ok, the dropped ones
<jamespage> they can be dropped now as the migration happened in 12.04
<jamespage> yolanda, can you also sync the build-depends line with the Debian one - its different right now and does not need to be
<yolanda> ok
<jamespage> yolanda, you also managed to drop "    - Added Suggests on winbindd for NTLM authentication"
<jamespage> which was applied in Debian since last merge
<yolanda> jamespage, should i tell something about that drop in my changelog? it comes from Debian directly
<jamespage> yolanda, you should not drop it
<yolanda> ok, pushed that
<yolanda> difficult one
<jibel> yolanda, I fixed autopkgtest that was wrongly behaving with squid3. Now the testsuite terminates normally but is still failing on amd64
<yolanda> jibel, which error?
<jibel> yolanda,  AssertionError: Could not find "Directory" in test_ftp_proxy
<jibel> https://jenkins.qa.ubuntu.com/job/saucy-adt-squid3/ARCH=amd64,label=adt/25/console
<yolanda> mm, i think it's a case problem. The original test had only the check for "irectory"
<yolanda> i'll fix it, i'm just building an MP for squid right now, so i'll integrate it
<yolanda> jamespage: https://code.launchpad.net/~yolanda.robla/ubuntu/saucy/libnss-ldap/debian_merge/+merge/174993
<Daviey> jamespage / zul: Looks like we need a newer kombu and amqp NEW packaged.
<zul> Daviey:  wtf?
<Daviey> zul: see http://lists.openstack.org/pipermail/openstack-dev/2013-July/011452.html ?
<zul> Daviey:  thats old...http://paste.ubuntu.com/5880713/ ;)
<zul> 2.5.12 is the latest and greatest
<Daviey> zul: ca.archive.ubuntu.com looks whacky to me
<Daviey> zul: it's not part of the cloud archive, tho right?
<zul> Daviey:  it is i think
<zul> Daviey:  it isnt
<ertuiu> hello there
<ertuiu> this is my file
<ertuiu> http://paste.ubuntu.com/5880753/
<Pici> okay?
<ertuiu> i would like add dotgouv at the end of the file
<ertuiu> what to do ?
<ertuiu> don't care about that file
<ertuiu> it is just an example
<Pici> ertuiu: use adduser to add users to your system.
<ertuiu> do you get my question ?
<ertuiu> i simply would like to add dotgouv at the end of each line
<ertuiu> simply
<Pici> If you just want to append text to the end of a file, you can do something like echo "Sample Text" >> /path/to/file
<ertuiu> you still not understand my question
<ertuiu> i would like to apend text to the end of each line
<Pici> oh. Sorry.
<ertuiu> not end of the file
<Pici> sed 's/$/words/g' /path/to/file   (use -i to save it to the file instead of printing to stdout)
<ertuiu> you are absolutly correct
<ertuiu> work
<ertuiu> but the problem is there different type of data on that file
<ertuiu> according to the data i want to append the correct words
<ertuiu> how to do ?
<ertuiu> first do you get ? Pici
<hachre> its getting much more complicated then
<hachre> you'll need to make a loop and check each line for the data
<hachre> and then rewrite it iwth the new word appeneded into a new file and replace it
<hachre> ask in #bash I guess
<ertuiu> this is my file http://paste.ubuntu.com/5880799/
<ertuiu> for example
<ertuiu> if serverone i want that it append .fr
<ertuiu> if servertwo i want that it append .com
<ertuiu> if serverthree i want that it append .de
<ertuiu> how to do ?
<melmoth> ertuiu,i would say,  learn bash+sef+awk or learn python.
<melmoth> or perl (but it s so XXth century)
<RoyK> perl rocks (tm)
<hachre> ertuiu: you want this? http://paste.ubuntu.com/5880817/
<RoyK> ertuiu: python has grown more popular than perl the latest years, and is easy to learn - try that ;)
<zul> jamespage:  nova is almost building for me now
<jamespage> yolanda, squid3 uploaded - thanks
<yolanda> jamespage, even with the "Directory" patch?
<yolanda> problems with case in ftp tests
<jamespage> yolanda, I just pulled
<yolanda> so it should be there, yes
<yolanda> great
<jamespage> there was a changelog entry for it
<yolanda> i'm just continuing fixing merges, adding the lp bug and creating MP instead of debdiff
<jamespage> yolanda, OK - https://launchpad.net/ubuntu/+source/squid3/3.3.4-1ubuntu1/+build/4799196
<jamespage> so as expected squid3 went into dep-wait sate as libecap is not in main
<jamespage> yolanda, so can you file the MIR bug for that please
<yolanda> jamespage, i filed the bug for libecap already
<jamespage> yolanda, wonderful?
<jamespage> sorry - that should have been wonderful! bug ref?
<yolanda> https://bugs.launchpad.net/ubuntu/+source/libecap/+bug/1200173
<uvirtbot> Launchpad bug 1200173 in libecap "[MIR] libecap" [Undecided,New]
<jamespage> yolanda, brilliant - thanks!
 * jamespage sits back and lets yolanda get on with it
<yolanda> jamespage, once it's assigned, what's the process for it? just wait?
<jamespage> yolanda, yep
<RoyK> on lucid, how can I change the default pastebin target?
<RoyK> pastebinit
<ogra_> man pastebinit ?
<RoyK> didn't say anything about changing defaults
<ogra_> hmm, it should talk about pastebinit.xml at the bottom
<ogra_> though probably it is to old
<SonikkuAmerica> RoyK: Use the -b option, as follows: [ pastebinit -b http://paste.kde.org/ ] (just an example)
<SonikkuAmerica> RoyK: (I mean, who'd want headless server output in the KDE pastebin, but that's how it's done)
<RoyK> ogra_: didn't say anything about that
<RoyK> anyway - does this disk look healtyh to you? I'm not sure... http://paste.ubuntu.com/5881016/
<ogra_> http://paste.ubuntu.com/5881017/
<ogra_> thats the raring manpage
<ogra_> i thought lucid was able to do that too
<ogra_> might be wrong though
<RoyK> ogra_: seems it works - thanks
<RoyK> ogra_: probably just missing from the manual
<ogra_> yeah
<ogra_> blame stgraber
<ogra_> :)
<RoyK> hehe
<stgraber> haha, yeah, don't count on me to keep man pages up to date, it's already a miracle there's one ;)
<RoyK> anyway - what do you think of that disk? it's not a big problem if it crashes, it's in a mirror after all, but some of those counters were pretty wierd
<zul> jamespage:  https://bugs.launchpad.net/nova/+bug/1201828
<uvirtbot> Launchpad bug 1201828 in nova "Nova test suite with sqlalchemy >= 0.7.9" [High,New]
<rbasak> jamespage: disabling dh_strip in golang fixes bug 1200255. My fix is https://launchpadlibrarian.net/145094227/saucy.debdiff. What do you think?
<uvirtbot> Launchpad bug 1200255 in golang "go get ... fails with SIGILL on armhf" [Undecided,Confirmed] https://launchpad.net/bugs/1200255
<zul> jamespage/roaksoax: https://code.launchpad.net/~zulcss/nova/nova-sqlalchemy/+merge/175042
<smb> hallyn, You might be the man that has the secret runes to get the upstream git version of libvirt compiling on ubuntu. What an annoying experience just to make sure some patches compile before submitting them... ;-P
<zul> jamespage/hallyn: https://code.launchpad.net/~zulcss/cinder/cinder-ftbfs-j16/+merge/175050
<hallyn> smb: zul has been doing the libvirt merges lately.  but I assume you're saying latest upstream git has problems that 1.0.6 does not?
<smb> hallyn, Seems to be known. At least I finally found a patch of yours to avoid tests breaking for gnutls and ignoring selinux seemed to make it do something without error at least.
<smb> I suppose I will take this as "successful"...
<jamespage> rbasak, does that do the trick?
<rbasak> jamespage: yes, it seems to work.
<jamespage> rbasak, well proof is in the pudding and everything :-)
<jamespage> +1
<zul> jamespage/roaksoax: https://code.launchpad.net/~zulcss/python-ceilometerclient/readme/+merge/175056
<rbasak> jamespage: do you want me to upload that fix? Also, what is our interaction with Debian for golang? We're with -0ubuntu versioning?
<rbasak> Are we upstream of them?
<jamespage> rbasak, no
<jamespage> 2:1.1.1-3ubuntu3
<jamespage> we where for about two days
<jamespage> and then 1.1.1-3 landed into unstable
<jamespage> I'd pushed a couple of bugs back prior to that landing based on my initial testing
<jamespage> rbasak, but I'd prefer it was uploaded and then fed back to debian - we can always re-sync
<hallyn> zul: not sure why yo pointed that cinder merge to me?
<rbasak> jamespage: OK - I'll upload and file a Debian bug.
<zul> hallyn:  dont you want to do a review
<hallyn> smb: that very vaguely rings a bell (gnutls).  do we not have it upstream?
<jamespage> rbasak, Michael has been pretty responsive to my feedback
<hallyn> zul: ok
<zul> hallyn:  misfire :)
<zul> jamespage:  sorry https://code.launchpad.net/~zulcss/cinder/cinder-ftbfs-j16/+merge/175050
<smb> hallyn, The thread there seemed like them not wanting it everywhere but only on specific tests, you having done a lot of individual additions and then maybe just given up. (http://web.archiveorange.com/archive/v/8XiUWvec9X8NdzlDXPtK)
<hallyn> let me sing you a tune, ...
<hallyn> (yeah sounds familiar)
<smb> zul, Btw, as hallyn said you touched it last... (not completely true) and not sure you saw me earlier... I would be looking for a libvirt sponsor... :)
<zul> smb:  sure
<zul> just point your stuff so i can get it
<smb> zul, In the usual place in the dead tree... I mean chinstrap:~smb/4review
<zul> smb:  cool ill have a look this afternoon
<smb> zul, cheers... dammit and I nearly missed the meeting again... :-P
<zul> smb:  its ok ;)
<smb> zul, Yeah, saw I am still early enough :)
<jamespage> adam_g, roaksoax: do we make tests for all redux charms prior to proposing or not?
<adam_g> jamespage, what tests are you talking about?
<jamespage> adam_g, charm unit tests
<jamespage> I think
 * jamespage shrugs
<jamespage> just looking at you cinder stuff for steering on that
<adam_g> jamespage, ive been writing them with the charm. i'd prefer we have them as a requirement of merging
<jamespage> adam_g, I agree - but I think that makes EOW a strech esp as h2 is out thursday
<adam_g> jamespage, oh, right
<adam_g> jamespage, are we expecting to actually merge this stuff to upstream charms this week, or have them done + ready for review?
<adam_g> jamespage, im worried if we punt on unittests now, they wont get done. :)
<jamespage> nah - done and ready for review
<jamespage> adam_g, I 100% agree
<adam_g> jamespage, i kinda went overboard with tests in cinder, mostly as an exercise in TDD charming. i think at least test coverage of the basic relation cases should be doable.
<jamespage> adam_g, I think once I get up to speed on approach they will come a bit faster (like they do in charm-helpers now)
<Madkiss> hi adam_g, pleasure to read you once again :)
<adam_g> Madkiss, o/
<zul> jamespage:  btw alembic doesnt work with sqlalchemy 0.8 yet
<jamespage> oh great
<roaksoax> jamespage: i do really don't mind having the unittests before merging them, the only problem that I see is that it will delay the charmwork. But Ideally, it would be great to get them out there for people to test too, so we can have some feedback and identify issues that we might have missed
<jamespage> unit tests before merge; adam_g, roaksoax: how about we get them all staged ready for testing under ~openstack-charmers
<jamespage> we can cross the board test with juju-core as well then early next week
<adam_g> jamespage, sounds good. ill be looking at kapil's pyjuju + juju-core deployer work hopefully today and cwill set up a jenkins job to do deployment testing with specified charm branches + juju implmenetation
<jamespage> adam_g, ack
<roaksoax> sounds good
<adam_g> jamespage, also i need to get back to your reviews from last week wrt having this stuff actually land in lp:charm-helpers.
<zul> adam_g: https://code.launchpad.net/~zulcss/nova/nova-sqlalchemy/+merge/175042
<Monotoko> hey, I've just got an abuse report on our mail server from AOL... sent from a customer that isn't ours
<Monotoko> through our mail server
<Monotoko> slightly concerned...
<patdk-wk> as you should be
<patdk-wk> why are you forwarding/relaying spam?
<zul> adam_g:  can you have a look at https://code.launchpad.net/~zulcss/nova/nova-sqlalchemy/+merge/175042
<zul> adam_g:  and https://code.launchpad.net/~zulcss/cinder/cinder-ftbfs-j16/+merge/175050
<adam_g> zul, done. pleaes add some information to the patch header of that sqlalechmy patch
<adam_g> zul, we have too many patches to tests with no context as to why we need them, and end up carrying them indefinitely
<zul> adam_g:  cool thanks
<zul> adam_g:  http://people.canonical.com/~chucks/ca/
<vlad_starkov> Question: Having RAID1 on 12.04 I just found out that sdb is failed now. But `ls /dev/ | grep sdb` shows only sdb, but it should show sdb sdb1 sdb2. Anyone know what's going on?
<Daviey> zul: can you review https://code.launchpad.net/~hopem/ubuntu/raring/python-eventlet/lp1199037 please?
<zul> Daviey: is this for the SRU?
<Daviey> zul: yes
<Daviey> raring
<zul> changelog needs some work
<Daviey> zul: https://code.launchpad.net/~hopem/ubuntu/raring/python-eventlet/lp1199037/+merge/175107
<Daviey> zul: I haven't looked.. :)
<zul> Daviey:  heh ok
<Daviey> zul: if it's just a little bit of polish, can you fixer it up for dosaboy_ please?
<Daviey> i don't really want to look at it until it's in the queue
<zul> Daviey:  sure i commented in the merge proposal
 * zul goes back to fixing neutron
<adam_g> zul, +1
<zul> adam_g:  cool thanks
<adam_g> zul, can you please start adding descriptions or commit messages to packaging merge proposals? i'd like to start using tarmac locally to merge them for me, but it requires at least a description in the MP
<zul> adam_g:  sure
<Daviey> adam_g: it always bugs me that it doesn't default to using the commit msg if none provided.
<lifeless> Daviey: who would be good to ping about https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1201938 ?
<uvirtbot> Launchpad bug 1201938 in libvirt "excessive memory use from libvirtd" [Undecided,Confirmed]
<adam_g> Daviey, ya. well, the commit message in MP != the message(s) to bzr commit -m as i've recently learned
<lifeless> Daviey: I just filed it, but having done so pleia2 immediately said she's run into it too, so it may have a nontrivial set of affected folks
<Daviey> lifeless: Ugh, reproducer seems kinda abstract :)
<Daviey> lifeless: Can you provide more data on what you are doing?  Clearly pleia2 and yourself are doing something similar
<Daviey> Seems to not affect every libvirt user, or we'd see more of it.
<vlad_starkov> Question: Can faulty power supply unit be cause of SATA HDD failure?
<Daviey> lifeless: Interestingly, are you only using py3?
<lifeless> Daviey: so I didn't realise I was seeing this for ages; what I saw was virt-manager going 'waah I lost my qemu:// connection'
<Daviey> vlad_starkov: faulty power can cause all kinda whacky things.. but probably not.
<lifeless> Daviey: then upstart would restart libvirt, and the kvm processes aren't affected
<lifeless> Daviey: w.r.t. livbirt I have no idea; my own scripts are py2 still
<vlad_starkov> Daviey: I just got one of 2 hdds failure in RAID1. And I can't see smartctl output of the failed HDD.
<Daviey> lifeless: Hmm, i am interested that the apport hooks failed.
<Daviey> hallyn_: I suspect there isn't much we can do for bug 1201938 without more data.. but if you could take a quick look, that would be super.. (note, that the apport failed for some odd reason)
<uvirtbot> Launchpad bug 1201938 in libvirt "excessive memory use from libvirtd" [Undecided,Confirmed] https://launchpad.net/bugs/1201938
<lifeless> Daviey: sudo ls /var/crash/
<lifeless> robertc@lifelesshp:~$
<lifeless> Daviey: nada in there.
<Daviey> How odd :/
<hallyn_> lifeless: have you seen this on >1 box?
<hallyn_> lifeless: could you do an 'apport-collect 1201938' and see if it'll at least post things like libvirt config and df?
<lifeless> hallyn_: yes, one box for me and one-box for pleia2
<Daviey> lifeless: What are you actually using libvirt for?  Related to openstack?
<adam_g> FWIW, just checked some nova-compute + 13.04 systems that been up and exercising libvirt for ~40 days, and they look fine:  http://paste.ubuntu.com/5882018/
<hallyn_> lifeless: are you by chance using lots of rbd storage?
<lifeless> Daviey: hallyn_ https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1201938/comments/7
<uvirtbot> Launchpad bug 1201938 in libvirt "excessive memory use from libvirtd" [Undecided,New]
<lifeless> (answering in the bug for future-us to read)
<hallyn_> thx
<hallyn_> lifeless: i'll go ahead and set up a reproducer.  i do see a few patches upstream - most for memory leaks in error paths, but not all of them are obviously so.
<hallyn_> adam_g: you don't connect to those with virt-manager though right?
<hallyn_> I assume that's the trigger
<lifeless> adam_g: hallyn_: it could be as simple as 'have a virt-manage qemu:// connection open for days'
<hallyn_> yup, just need to set up a raring vm to test in
<hallyn_> like there's a memory leak in the generic virnetclient.c.
<lifeless> actuallly I guess its qemu+system:// or whatever.
<lifeless> the default virt-manager connection
<lifeless> pleia2: hallyn_ thinks it may be a memory leak in the daemon
<lifeless> 08:22 < hallyn_> like there's a memory leak in the generic virnetclient.c.
<pleia2> ah
<saban> what should be the problem? http://pastebin.com/BQtEBC3N
<ikonia> it's not the right way to restart networking
<ikonia> its been moved to an upstart job
<saban> huh whats the right way?
<saban> im been doing this for long time :P
<ikonia> use the "service" command
<saban> with 12.04 a lot of changes for networking... tnx
<jsonperl> Patrickdk you around?
<Patrickdk> not anymore, since you did a privmsg
<jsonperl> ha
<jsonperl> i'm an irc n00bâ¦ i don't know etiquette, is that rude?
<Patrickdk> if you where not asked, yes
<jsonperl> Here's some strace output from a server under load (simulated) http://pastebin.com/Sy9A6ZzH
<jsonperl> I suspect the futex calls may be noise from the parent processsâ¦. Each process manages a threadpool of 20 worker threads, so maybe thats them waiting
<jsonperl> Anything look interesting?
<ikonia> that does not looks like a strace
<jsonperl> strace -c -f -p
<Patrickdk> it is some profile
<jsonperl> is there a preferred format?
<Patrickdk> the perered format is something like, strace -p xxxx
<Patrickdk> the issue is, you need to show the relevent parts, as that is going dump gigs of data
<jsonperl> counts are not interesting huH?
<Patrickdk> counts don't mean anything, except if you want to speed up your application
<Patrickdk> locate what is slowing it down
<jsonperl> which I do
<Patrickdk> we are looking to fix a problem, not optimize it
<Patrickdk> but if we want to take what it says, and assume you did it correctly
<Patrickdk> futex, fast userspace mutex, issue
<jsonperl> lots of errors right?
<Patrickdk> so, your threads are blocking
<Patrickdk> no
<Patrickdk> where is the errors? that only shows what was called
<jsonperl> in the errors column
<Patrickdk> so you likely still have a mutex issue
<Patrickdk> no idea what the errors column means, and probably doesn't mean anything
<Patrickdk> if futex has like a timeout option, it will return an error then
<Patrickdk> but that is *perfectly* normal
<jsonperl> So you feel its blocking just because of time spent?
<Patrickdk> that would defently cause cpu load to go down
<jsonperl> That may be standard for ruby
<Patrickdk> dunno, I don't know you application, I can only guess :)
<jsonperl> i think the futexes are probably ok
<jsonperl> it's likely the server waiting for a request
<Patrickdk> normally that is poll
<jsonperl> it's a reactor
<jsonperl> with a bunch of running threads, if that helps visualize it
<Patrickdk> not really, I don't do games :)
<jsonperl> lotta web servers use reactors as well
<Patrickdk> normally programs are made in 2 ways
<Patrickdk> something single threaded, that works on a poll/select loop
<Patrickdk> though lots of those get broken into threads for the work these days, they pass off the handle
<Patrickdk> or a state engine, event based thing
<Patrickdk> you have threads and polls, so likely your working in like an apache worker format
<Patrickdk> one process to handle connection setup, then it passes it off, or forks a thread to handle it
<jsonperl> think of it as one single threaded loop
<jsonperl> that just runs fast as hell and does no blocking IO
<jsonperl> and it has a pool of worker threads that are pre-spawned that it passes async work to
<jsonperl> with the result to be delivered back to the main reactor thread
<Patrickdk> hmm, the whole point of poll, is to block
<Patrickdk> but the question still is, what is the futex (mutex lock) blocking on?
<Patrickdk> that is the only way to make it faster
<Patrickdk> but that profiling doesn't tell us
<Patrickdk> if that futex is a normal thing
<Patrickdk> or only happens during the *slow down*
<jsonperl> that was a normal run
<jsonperl> no slow down
<jsonperl> which doesn't mean it isn't an issue...
<jsonperl> it may just mean that it doesn't actually gunk up the works at this load level
<Patrickdk> ok, so we know what a normal profile looks like
<Patrickdk> now the issue, and it won't be easy
<Patrickdk> is to compare it to one that is having an issue
<Patrickdk> and to make sure the strace is on the right one, during that issue
<jsonperl> i installed jemalloc on one of the machines btw, to see if that helps
<jsonperl> i can't find a whole lot of info on itâ¦ seems like i just install it and go
<jsonperl> no configuration needed
<Patrickdk> it has to be configured
<Patrickdk> lsof -n | grep jemalloc
<jsonperl> nothin
<Patrickdk> then it's not using it
<jsonperl> is there a configuration resource you can point me to? I didn't find anything
<Patrickdk> http://stackoverflow.com/questions/10946506/using-jemalloc-in-existing-huge-code
<Patrickdk> note the export LD_PRELOAD
<Patrickdk> add that to your programs startup script
<jsonperl> ah, ok
<jsonperl> dammit
<jsonperl> now that's in prodâ¦ i cannot touch it :)
<jsonperl> i'll give that a shot on the staging environment
<jsonperl> thanks for the link
<jsonperl> Patrickdk I'm not seeing the so in lib after the install
<Patrickdk> hmm?
<jsonperl> never mind
<jsonperl> i'm a dummy
<jsonperl> :)
<Patrickdk> ya, whoever made that package for jemalloc did not do a good job
<jsonperl> it installed at least
<jsonperl> lets see if she runs
<jsonperl> i can always just build it if it doesn't cut it
<jsonperl> one more thing to add to build scripts :)
<Patrickdk> no, it's fine, it's just missing the .so symlink and stuff
<jsonperl> ERROR: ld.so: object '/usr/lib/jemalloc.so.1' from LD_PRELOAD cannot be preloaded: ignored.
<Patrickdk> so if it got upgraded, it would need manual fuzzing with again
<Patrickdk> wrong location
<Patrickdk> and it's not called that
<Patrickdk> /usr/lib/libjemalloc.so.1
<jsonperl> # ls /usr/lib/libjemalloc.so.1  => /usr/lib/libjemalloc.so.1
<Patrickdk> well, that isn't what you posted up there
<jsonperl> oh
<jsonperl> that is totally true haha
<jsonperl> awesome, she's a runnin
<jsonperl> it does not segfaultâ¦ so that's certainly something
<Patrickdk> you checked with lsof?
<jsonperl> lsof
<jsonperl> whoops
<jsonperl> ruby      19356       root  mem       REG      252,0   108100    7344276 /usr/lib/libjemalloc.so.1
<jsonperl> sounds like if memory allocation is or is not the problem
<jsonperl> jemalloc makes more sense for these servers...
<jsonperl> from the bit i've read about it
<Patrickdk> I've recently had some servers come to a grinding crawl lately, cause of that
<Patrickdk> but in my case atleast, it was extreemly high cpu usage
<jsonperl> because of jemalloc huh?
<jsonperl> and switching back to native fixed it?
<Patrickdk> no, cause of not using it
<jsonperl> ah, i c
<jsonperl> we do a tremendous amount of memory manipulation
<jsonperl> from a lot of threads
<jsonperl> what kind of servers are you managing?
<jsonperl> ok here goesâ¦ i put half of the servers on jemalloc
<saban> ok this resolfconf is... idk what were they thinking but i want to like in old days to edit resolv.conf and that resolvconf would not overwritte it? how to do it? i did resolvconf --disable-updates with no luck
<Patrickdk> heh?
<Patrickdk> just delete /etc/resolv.conf
<Patrickdk> and make your own
<Patrickdk> but why not just do it the correct way, using /etc/network/interfaces
<saban> becouse the correct way is just getting changed every release.. and i lost 1 hour just for networking. i did with interfaces but got stuck on how to put domain and search in it :/
<Patrickdk> if you lost time cause of it, it's cause you did not read the release notes, that came out almost 2 years ago
<Patrickdk> there is a very specific reason there are release notes, so people like you would read them, and NOT have issues
<saban> Patrickdk: you are right.
 * Patrickdk has nothing to do with ubuntu
<jsonperl> wow strace is HEAVY...
<Patrickdk> yes
<jsonperl> i love that no matter how hard i try, i just cannot make a machine exhibit the problem
<jsonperl> production only
<Patrickdk> normally how a locking issue works
<Patrickdk> it has to be timed just perfect
<jsonperl> yep
<jsonperl> i've written simulated players
<jsonperl> that do just about EVERYTHING that a real player does
<Patrickdk> had a nfs kernel issue, went in aug
<Patrickdk> but not a single person had an issue till and of dec
<jsonperl> i have all 8 procs PEGGED
<jsonperl> i'd be fine with a rarely seen issue :)
<Patrickdk> no, at end of dec, I hit the issue multible times a day
<Patrickdk> each time, the server would panic and reboot
<jsonperl> aiight Patrickdk thanks for the help again, enough banging my head for nowâ¦
#ubuntu-server 2013-07-17
<petey> can anyone help me reset a mysql password that doesnt want to reset?
<petey> running any series of commands online doesnt seem to be working
<jmarkmurph> hello
<jmarkmurph> anyone home?
<Patrickdk> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<Mark_____> my apache server does not auto-start when I reboot my ubuntu server, can anyone help?
<adam_g> jamespage, roaksoax ive pushed cinder python rewrite + swift-storage working branch to ~openstack-charmers repos, named $charm/pyrewrite-redux. figured we can work around branches there like we did for $charm/ha-support  last cycle, and merge when ready
<ryiter> hello
<ryiter> is it possible to do su - user -p  password in online?
<ryiter> anyone there ?
<ryuyoi> hello anyone ?
<Monotoko> hi ryuyoi
<ryuyoi> hi
<ryuyoi> i need your help
<ryuyoi> i try to deploy the ssh key
<ryuyoi> on my remote host
<ryuyoi>   but don't work
<Monotoko> alright, how're you deploying it?
<ryuyoi> and this is what i have done : http://paste.ubuntu.com/5883537/
<ryuyoi> after that if i try to ssh user@remotehost
<Monotoko> ryuyoi, you could just use ssh-copy-id ?
<ryuyoi> it is still asking for password as usual
<Monotoko> ssh-copy-id <username>@<host>
<Monotoko> https://help.ubuntu.com/community/SSH/OpenSSH/Keys
<ryuyoi> why what i have done not correct ?
<Monotoko> ryuyoi, I'm not sure - it looks okay to me... which is why I'm suggesting another way to see if it does the same
<Monotoko> then you know if it's the key or your method
<ryuyoi> unfortunately ssh-copy-id not present in all of my machine
<ryuyoi> that's why i used this method
<ryuyoi> http://paste.ubuntu.com/5883537/
<ryuyoi> what is the next step after that http://paste.ubuntu.com/5883537/ ?
<wiherek> hi
<wiherek> I have redmine installed on ubuntu 11.04 server and the catalogu /var/run/redmine gets deleted every once in a while
<wiherek> I listed all cron tasks but can't find nothing related
<wiherek> what can be the reason for that? Is there some definition of what should be in /var/run? because it seeems like it's revoking the 'original' state...
<chris|> wiherek, /var/run is not suitable for storing persistent data: http://www.pathname.com/fhs/pub/fhs-2.3.html#VARRUNRUNTIMEVARIABLEDATA
<wiherek> thanks, I just found that too
<zul> jamespage:  hey can you have a look again https://code.launchpad.net/~zulcss/neutron/rename/+merge/174832
<kyentei> Hiya all. I've recently re-installed our samba server and configured it equal to our previous configuration. However, one of my co-workers has issues when loading directories on the samba share using is mac. Does anyone know where I can start debugging this? Logs show nothing thus far.
<jamespage> zul, yes
<zul> jamespage:  thanks
 * smb knows what zul has *not* been doing yesterday... ;-P
<zul> smb: first thing this morning :P
<smb> zul, I'll believe it when I see it. :)
<zul> smb:  no *.orig.tar.gz
<zul> smb: actually a debdiff would be easier
<smb> Yep because it uses the same one
<smb> zul, that can be changed...
<zul> smb: thanks
<excalibr> In simple word what is juju and what it does actually?
<smb> zul, look again
<melmoth> excalibr, https://juju.ubuntu.com/ there s a nice little vide. The shortest summary possible is: apt-get for the cloud.
<jamespage> zul, does the mlnx plugin/agent need to be structured like the other ones? i.e. a split between the plugin and the agent
<jamespage> plugin is installed on server as well as computenodes
<zul> jamespage:  i dont think so
<zul> smb: done
<smb> zul, cheers, another bit off the list. :)
<zul> smb: now to deal with the 60 other things
<smb> zul, sounds awesome... not
<zul> smb:  it isnt
<jamespage> zul, OK - it looks like it should be a single package - please can you change the name to neutron-plugin-mlnx-agent
<jamespage> as its still a plugin rather than a core agent if that makes sense
<zul> jamespage:  sure
<zul> jamespage:  done
<swaT30> is anyone else having verification issues with the Ubuntu Cloud Archive (grizzly)'s GPG key?
<jamespage> swaT30, did you install the key? apt-get install ubuntu-cloud-keyring
<swaT30> jamespage: yea, I've had it installed for a while. Just started acting up today. Have tried reinstalling
<jamespage> odd - lemme check
<swaT30> tks
<jamespage> swaT30, can you pastebin the error you are getting please
<swaT30> during apt-get update: http://pastebin.com/AfzYHhfU
<SonikkuAmerica> swaT30: Start with [ sudo apt-get clean && sudo apt-get update ]
<swaT30> SonikkuAmerica: same thing
<swaT30> this is happening on multiple boxes
<swaT30> as well as my laptop, have the repo here for the CLI tools
<SonikkuAmerica> swaT30: Have you run the commands listed in http://paste.ubuntu.com/5884186/
<SonikkuAmerica> ?
<zul> jamespage/roaksoax: https://code.launchpad.net/~zulcss/python-cinderclient/requests-dep/+merge/175277 (fixes issues with nova)
<swaT30> SonikkuAmerica: just getting http://pastebin.com/1GJRLvsi now
<jamespage> swaT30, I see the same issue
<jamespage> let me go kick someone
<swaT30> jamespage: kick away ;)
<SonikkuAmerica> swaT30: Then run [ sudo  apt-key adv --recv-keys --keyserver http://keyserver.ubuntu.com 5EDB1B62EC4926EA ]
<SonikkuAmerica> swaT30: (You don't need the http:// before the URI)
<jamespage> swaT30, should be fixed up now
<swaT30> jamespage: thanks!
<disposable> how do i make 12.04.2 bootable on a uefi server? i've created a 10MB partition as the first on disk (gpt pattition table), type ef00. i've formatted it as fat32. now what? grub-install /dev/sda or /dev/sda1 or what? do i need to mount the partition first?
<disposable> how do i make 12.04.2 bootable on a uefi server? i've created a 10MB partition as the first on disk (gpt pattition table), type ef00. i've formatted it as fat32. now what? grub-install /dev/sda or /dev/sda1 or what? do i need to mount the partition first?
<SonikkuAmerica> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com/ or http://ubuntuforums.org/ or http://askubuntu.com/
<jamespage> zul: re Breaks/Replaces -  ( << 1:2013.2~b1-0ubuntu2~ )
<jamespage> not quite right - the version needs to be the one we will upload on thursday
<jamespage> 1:2013.2~b2-0ubuntu1~
<jamespage> I guess at least
<zul> ok ill fix it up
<zul> jamespage:  fixed
<zul> jamespage:  anything else
<atpa8a> hello
<atpa8a> teach me some cloud plz
<atpa8a> can i use MAAS for one server with KVM?
<rbasak> atpa8a: there has been some work in that direction. Google "virtual maas" and take a look at http://javacruft.wordpress.com/2013/06/25/virtme/. I'm not sure about the current status of it all, though.
<wiherek> ok I have a problem with thin (ruby/rails server)
<wiherek> it uses the wrong bin file
<wiherek> in /etc/init.d/thin1.8 it was set to /usr/local/bin/thin
<wiherek> so I changed that to ~/.rvm/gems/ruby-2.0.0-p247/bin/thin
<wiherek> buuut it still runs the old version.
<wiherek> how can I solve that?
<zul> jamespage:  http://people.canonical.com/~chucks/ca/
<atpa8a> hmm
<atpa8a> is MAAS even the right direction for me?
<atpa8a> i'd like something that'd simplify the KVM management for me
<atpa8a> openstack seemed like a good idea and following the docs i installed MAAS but then i don't even see how i can add VMs and whatnot
<rbasak> atpa8a: on a single machine? Perhaps you'd prefer to use libvirt directly?
<atpa8a> rbasak: that's what i'm using right now
<atpa8a> thought  a nice UI would be useful
<rbasak> Try virt-manager.
<atpa8a> using that as well :) any web solutions?
<rbasak> Not that I'm aware of.
<atpa8a> not very happy with virt-manager
<atpa8a> btw... any idea if PCI/USB passthrough was fixed/improved in 13.04?
<rbasak> No idea, sorry.
<atpa8a> thanks anyway!
<jamespage> zul, << turned into <= during that last change
<jamespage> :-(
<jamespage> zul, ignore moe
<jamespage> I'm still looking at th previous code
<zul> ok
<jamespage> doh!
 * zul goes back to keystone
<jamespage> zul, two other minor comments
<zul> jamespage:  saw them
<jamespage> zul, what is the recommendation for migration? I was trying to figure out how we could automate it
<zul> jamespage:  i havent found any recommendations yet
<jamespage> for configuration files that have not changed then it should all be OK
<jamespage> but for files that have
<jamespage> its a bit guessing in the dark
<zul> it is...we will need to upate the charms and the documentation we have as well
<zul> jamespage:  im just going to moves places and get some airconditioning
<zul> bbiab
<hxm> I want to treat a directory like a samba trough http, NAS storage servers does that with a web interface
<hxm> are these web interfaces source code?
<hxm> i mean open source
<rbasak> hxm: you want a NAS-like web management interface? Somebody asked this yesterday I think. I pointed to freenas, which is a BSD-based distribution.
<roaksoax> Madkiss: around"?
<Madkiss> roaksoax: ya.
<roaksoax> Madkiss: so I'm starting to look into syncing the HA pakcages from debian, and was wondering if you have any plans to update pacemaker soonish?
<Madkiss> roaksoax: to which version?
<roaksoax> 1.1.10
<roaksoax> or i think 1.1.11 is going to be released soon?
<Madkiss> is it?
<roaksoax> or was it 1.1.10.. can't remember P:)
<Madkiss> ttbomk, we haven't 1.1.10 yet.
<Madkiss> experimental has 1.1.9, from which upadting to 1.1.10 should be really easy anyway.
<roaksoax> ok cool
<roaksoax> Madkiss: yeah I'
<roaksoax> i'm getting that one now
<jsonperl> Patrickdk: I was able to simulate the conditions!
<patdk-wk> :)
<jsonperl> Nothin interesting really in strace thoughâ¦ it looks networking related somehow
<jsonperl> rxpck/s and txpck/s drop BIGTIME during the affected period
<jsonperl> which makes sense i guess if stuff aint running well
<roaksoax> Madkiss: has pcs been rejected? I can't find it on the debian new queue nor on the package list
<Madkiss> roaksoax: yes
<roaksoax> Madkiss: ok :) thanks for the info
<Madkiss> and actually, my motivation to touch it again is, well. 0. i can give you the stuff I had though if you want to pick it up from here.
<roaksoax> Madkiss: sure, I can take a look at it later this week. Just put it in the github repo i think
<roaksoax> err or ha-maintainers git repo i mean
<Madkiss> ok
<roaksoax> thanks!
<zul> jamespage:  its suppose to be README.News?
<jamespage> NEWS
<jamespage> zul: just NEWS
<jamespage> see dch
<zul> jamespage:  done
<Grey_Loki> I'm having real difficulty in making certain that my US SSH session is spitting out everything in UTF-8, can anyone help?
<zul> jamespage:  so sould be good now
<zul> adam_g: ping around?
<rbasak> zul: around? Looking at bug 1199318. I'm not sure apache2-utils is the best place to put the apport hook anyway. Since it's only suggested by apache2, I think many users reporting bugs won't have it installed anyway. What do you think about moving it to apache2-bin?
<uvirtbot> Launchpad bug 1199318 in apache2 "package apache2-utils 2.2.22-6ubuntu5 failed to install/upgrade: trying to overwrite '/usr/share/apport/package-hooks/apache2.py', which is also in package apache2.2-common 2.2.22-6ubuntu5" [High,Confirmed] https://launchpad.net/bugs/1199318
<zul> rbasak:  im cool with it
<rbasak> And apache2-bin already Conflicts/Replaces apache2.2-common, so this will also fix the bug.
<rbasak> zul: OK. Do you want to upload or shall I?
<zul> rbasak:  be my guest
<rbasak> ack
<adam_g> zul, ya
<zul> adam_g: https://code.launchpad.net/~zulcss/keystone/keystone-refresh-jl17/+merge/175339
<samba35> how do i access ubuntu  server from another ubuntu server over Internet with gui
<patdk-wk> samba35, no idea, ubuntu server has no gui
<samba35> sorry ,but i am using it with ubuntu-desktop @home
<wxl> samba35: might want to restate your question. sure don't make much sense to me.
<samba35> ok
<samba35> i have two ubuntu server 1 is at office and 1 is @ home i want i should able to access any server from any point
<samba35> i have network configure /nat /firewall
<samba35> vpn also
<wxl> and what's this about a gui?
<samba35> because i have only 1 system  at home and want to use as a desktop as well as a server
<wxl> so you want to connect with the desktop or you want to connect to the desktop?
<samba35> yes
<wxl> that was an either/or question
<adam_g> zul, http://people.canonical.com/~agandelman/ca/havana/python-anyjson-0.3.3-1~cloud0/
<adam_g> zul, i hope that will fix the kombu build
<zul> adam_g:  +1
<bitbyte> hey guys
<bitbyte> I'm trying to display my current dirves but can't figure out how on the server via terminal
<bitbyte> im using frisk and can't for life of me remember how to print the drive table
<bitbyte> not the part ion table
<melmoth> bitbyte, cat /proc/partitions , you ll see all block devices (and partition as well)
<bitbyte> ah thanks much appreciated
<bitbyte> setting up samba and ftp
<bitbyte> and my old configs not working I'm assuming the drive names have changed
<zul> adam_g: https://code.launchpad.net/~zulcss/ceilometer/update-deps/+merge/175369
<bitbyte> so while I'm setting up samba
<bitbyte> can i ask
<bitbyte> I've saved old cnf as backup
<bitbyte> so can i bin it all and add just what i need
<bitbyte> or are their some settings which should stay
<bitbyte> i.e. right now all i need is http://pastebin.com/AptzJens   but are there some items in the default config which i should keep ?
<bitbyte> any helps much appreciated
<zul> adam_g:  http://people.canonical.com/~chucks/ca/oslo.config/
<adam_g> zul, +1 on oslo. that  ceilometermerge needs some work
<zul> adam_g: k
<bitbyte> mmmm do you guys know if sudo apt-get upgrade has been removed
<adam_g> zul, i pushed 3 proposals to bump kombu requirement in nova, cinder, neutron
<bitbyte> I'm trying it and dosnt recognise the command
<zul> adam_g: lemme check
<zul> adam_g:  aproved
<bitbyte> really silly question on vsftpd do you guys know how to define the passwords for users
<bitbyte> or the users taken from the ubuntu username list
<saban> ubuntu server 12.04 using 3.5gb memory all the time? http://pastebin.com/SD4LFnx0
<ikonia> saban: that's fine
<saban> ok. but why does it use 3.5 gb? :P
<saban> and where lol
<ikonia> cache
<ikonia> if you need the ram it will release it
<saban> ok. thank you
#ubuntu-server 2013-07-18
<SunStar> making a lampp server for a php based video sharing cms. need budget server for this and ffmpeg video conversion. I was thinking this server: http://www.pricegrabber.com/computers/servers++hp-proliant-dl380-g6-perf-xeon/m-730172506/#_product_details  ::With this video card::  http://www.pricegrabber.com/computers/video-cards++isilence-radeon-hd-7750-h775p1gd-video-card/m-1018343980/?search=hd+7750#_overview
<TheLordOfTime> SunStar:  what's your question?
<SunStar> wrong room sorry
<SunStar> but if some one wants to answer,  i'm wondering if that is a good investment
<anepanaliptos> anyone know how to get linux to be able to use more than 8 dvb tunrse?
<anepanaliptos> i can see them all in /dev/dvb/adapterX
<anepanaliptos> but when i start vdr, it only sees 8
<dongs> how do I use https://launchpad.net/ubuntu/quantal/i386/linux-source-3.5.0/3.5.0-23.35
<dongs> installing it results in a 83megs linux-source-3.5.0.tar.bz2 and 2 debian.* dirs.
<dongs> ...
<SonikkuAmerica> dongs: [ bunzip2 linux-blah-blah-blah.tar.bz2 && tar linux-blah-blah-blah.tar ]
<dongs> SonikkuAmerica: im well aware of that. why is tehre debian dirs and is the .tar.bz2 the shipped kernel or does it need extra patches or some other crap.
<SonikkuAmerica> dongs: It'll pull in binutils, coreutils and bzip2 (if you don't have them) and it recommends gcc, libc-dev and make
<dongs> SonikkuAmerica: that doesnt answer my question
<dongs> it appears the .tar.bz is not the shipped kernel.
<dongs> but just generic 3.5.0 sources.
<dongs> I wante whatever source tree thats used to bulid whatever is "3.5.0-23-generic #35~precise1-Ubuntu"
<SonikkuAmerica> dongs: Hence the term linux-source
<dongs> wrong
<dongs> https://launchpad.net/ubuntu/quantal/i386/linux-source-3.5.0/3.5.0-23.35 -> linux-source-3.5.0_3.5.0-23.35_all.deb (81.4 MiB)
<dongs> this implies the patches are included.
<SonikkuAmerica> dongs: They won't be written as 3.5.0-23-generic #35, it they'll be written as 3.5.0 because that's the officially assigned number for them.
<dongs> so how do I turn this into buildable 3.5.0-23-generic #35~precise1-Ubuntu kernel source tree.
<dongs> -23-generic is patches.
<dongs> which are not included in the .tar.bz2.
<dongs> http://bcas.tv/paste/results/VxXbAU76.html I would have expected top of properly patched Makefile to be different
<dongs> if this kernel tree was to be used to build 3.5.0-23.35
<dongs> so.
<dongs> and there isn't even a .config
<SonikkuAmerica> If you wish to learn how to compile a kernel from source, here: https://help.ubuntu.com/community/Kernel/Compile
<dongs> i dont need to build a dep of new kernel.
<dongs> all I want is 1) source tree matching precisely the kernel version dispalyed by uname, which I can build. thats all.
<dongs> dep=deb
<dongs> orw ahtever.
<dongs> it seems there's bits and pieces of .config spread around debian.master/* dir
<SonikkuAmerica> Well, I dunno anything beyond that.
<dongs> i wish lunix would stop fucking with official releases of shit so I can just download it and use it
<dongs> instead of having to figure out some idiotic distro specific way to do stuff.
<SonikkuAmerica> !langauge | And FYI, dongs, it's the other way around
<ubottu> And FYI, dongs, it's the other way around: Please watch your language and topic to help keep this channel family-friendly, polite, and professional.
<dongs> * 1000 for every non-irrelevant distro, and its quickly obvious why no serious manufacturer wants to do drivers for their device in lunix.
<dongs> so back to my original question
<dongs> what is the simplest way to get a buildable kernel source tree for a given ubuntu-patched kernel version.
<dongs>  Q: what is the simplest way to get a buildable kernel source tree for a given ubuntu-patched kernel version.. I don't want to build a .deb or anything. Just the patched source, which, if built, would result in the binary identical to currently running kernel.
<ScottK> dongs: apt-get source linux should do it.
<dongs> except it doesnt
<ScottK> Right, because linux is also the name of a binary provided by linux-meta.
<ScottK> Install the ubuntu-dev-tools package and then pull-lp-source linux $RELEASENAME
<ScottK> That will get it, i just checked.
<maxb> You could also use 'apt-get source --only-source linux' for a pure apt way of doing it
<dongs> I want *exact* source used to build whatever uname -r reports.
<dongs> wehn I follow sutff in https://wiki.ubuntu.com/Kernel/Dev/KernelGitGuide or https://wiki.ubuntu.com/Kernel/BuildYourOwnKernel it ends up wiht Makefile that doesn't specify exact kernel version.
<dongs> for example what i get from git step is http://bcas.tv/paste/results/VxXbAU76.html
<dongs> that is NOT 3.5.0-23 or whatever.
<ScottK> Either what maxb said or what I did should do that.
<yolanda> jamespage : https://code.launchpad.net/~yolanda.robla/ubuntu/saucy/rrdtool/lua5.2/+merge/175474
<rbasak> jamespage: golang stripping now removed in Debian as well. The maintainer also dropped golang-dbg as it is empty now, which I missed in Ubuntu. Something to do in the next upload, or are we going to sync at some point?
<jamespage> rbasak, if we can get infinity's elf header fixup into Debian as well then we can move back to syncs
<jamespage> rbasak, I'd not spend the buildd cycles just removing the -dbg package for the time being
<jamespage> rbasak, I'd forgotten todo that
<jamespage> rbasak, that should go upstream as well if possible
<jamespage> (might be in golang 1.1.2 which is due in august)
<rbasak> jamespage: yeah sure, not worth dropping -dbg in a separate upload, but perhaps if we need another one. Is infinity's patch upstream?
<jamespage> no sure
<jamespage> not sure rather
<jamespage> rbasak, i rebuilt the failed armhf build for juju-core - that now looks OK in saucy
<rbasak> Great!
<jamespage> rbasak, I wonder whether we should not be stripping that binary either
<rbasak> I'm writing a call-for-testing email for PHP 5.5. Do we have any documentation for users on how to test server things in the development release? Tools like LXC make this easy, so it'd be nice to point to a guide for doing this.
<rbasak> jamespage: AIUI, we shouldn't be stripping any go binaries at all.
<jamespage> rbasak, yeah
<jamespage> rbasak, almost like we heed dh-go
<rbasak> Maybe even have a lintian warning for that
<jamespage> todo all this stuff for us
<rbasak> That'd be even better :)
<jamespage> rbasak, I'll fixup the stripping in the next upload to saucy
<jamespage> (for juju-core)
<jamespage> adam_g, roaksoax: I pushed by openstack-dashboard redux branch to lp:~openstack-charmers/charms/precise/openstack-dashboard/python-redux
<jamespage> I think I have most things covered; unit testing of hook/contexts/utils is 100%
<jamespage> adam_g, roaksoax: a few comments - I pushed my unit tests into 'unit_tests' - tests is reserved for integration tests using amulet
<jamespage> I used '_hooks.py' instead of _relations as I thought this represented its content better
<jamespage> I also added setup.cfg and .coveragerc to tweak how testing and coverage reporting was done
<jamespage> adam_g, zul: we need to resync the havana trunk testing PPA from havana staging - there is lots missing now
<jamespage> rbasak, https://launchpad.net/ubuntu/+source/juju-core/1.11.2-0ubuntu1/+build/4786692
<jamespage> woot
<jamespage> \o/
<\sh> tjaalton, ping how do we address the issue of raring/saucy and freeipa client 3.1.x not working with a 3.0.0 server (like on RHEL/CentOS 6)
<roaksoax> zul: so conf.d no longer exists in apache2.4?
<zul> roaksoax:  nope
<roaksoax> zul: great! that breaks maas
<zul> roaksoax:  there is a transition writeup on the debian wiki
<roaksoax> zul: do you have a link
<roaksoax> ?
<zul> yeah gimme a sec
<zul> roaksoax:  http://wiki.debian.org/Apache/PackagingFor24
<roaksoax> zul: thanks!
<wiherek> hi
<wiherek> yesterday I was installing ruby and I created a file .bash_profile
<zul> jamespage:  https://code.launchpad.net/~zulcss/ceilometer/ceilometer-tests/+merge/175553 <-- part 1 for enabling the tests in ceilometer
<jamespage> zul, btw I noticed this earlier
<jamespage> python-oslo.config:
<jamespage>   Installed: 1:1.2.0a3-1ubuntu1
<jamespage> zul, 1.2.0 will be challenging
<jamespage> :-)
<jamespage> (~)
<zul> jamespage:  nnnngnnnnh
<jamespage> zul, https://code.launchpad.net/~james-page/python-cinderclient/1.0.4/+merge/175563
<zul> jamespage:  you did dch --release && debcommit --release correct?
<jamespage> zul, missed the last one - done now and pushed
<zul> jamespage:  thanks
<jamespage> zul, and https://code.launchpad.net/~james-page/python-cinderclient/re-enable-trunk/+merge/175566
<zul> yolanda:  can you get python-swiftclient 1.5.0  ready for upload?
<jamespage> restores fixes back fro trunk.
<zul> jamespage:  +1
<jamespage> zul, no new upstream release of glanceclient - should I push the current snapshot in the changelog?
<zul> jamespage:  yeah we should have the dep8 tests available for wider use
<yolanda> zul, oh, i did an MP for 1.4.0-2, has it changed to 1.5?
<zul> yolanda:  yeah i rejected the MP for 1.4.0-2 we dont merge openstack stuff from debian, can you get the new tarball from pypi and get 1.5.0 MP ready
<yolanda> zul, ok
<koolhead17> hi all
<jamespage> hey koolhead17
<koolhead17> howdy jamespage
<koolhead17> hello zul :)
<zul> hi
<yolanda> zul, having some problems building, seems that isn't cleaning properly: http://paste.ubuntu.com/5887688/
<zul> yolanda:  can you add python-d2to1 an python-pbr to the build depends and try again
<koolhead17> jamespage: am waiting for your signal to start testing havana pkgs :D
<yolanda> zul, they are in the build-depends already
<jamespage> koolhead17, well havana1 is all in the Cloud Archive already
<jamespage> koolhead17, we are working towards havana2 right now
<zul> yolanda:  wha?
<jamespage> next week for landing inthe cloud-archive
<zul> yolanda:  *sigh* ill have a look
<koolhead17> jamespage: cool. will start deploying & testing it per package then
<jamespage> zul, yolanda: just install those packages locally or build the source package with '-nc'
<jamespage> bzr bd -S -- -nc
<yolanda> let me try
<yolanda> works
<yolanda> i will have to be used to build with -nc
<stetho> Can anyone point me to some instructions for setting up a PXE server to install 12.04 - I've found some instructions for doing it on 8 or 9 which I can't get to work and the few bits I've found on 12.04 don't work because the file structure on the ISOs uses aliases which seems to break the TFTP server. To clarify - it's not the setting up of the PXE server I need help with, it's the adding 12.04 Server to it.
<rbasak> 8 or 9?
<rbasak> stetho: http://archive.ubuntu.com/ubuntu/dists/precise/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/ for amd64 netboot kernel and initrd. Just get those loaded. Setting up PXE/TFTP isn't Ubuntu-specific at all.
<rbasak> There's a pxelinux.cfg example there too
<rbasak> Or if you don't want to do it by hand, use maas :)
<jamespage> zul, https://code.launchpad.net/~james-page/python-glanceclient/havana2/+merge/175590
<stetho> rbasak - that's the problem - I've used that but it doesn't work. I have a PXE server that installs Centos, VMWare and Ubuntu 10 but I can't get 12.04 to work. (Or 13 for that matter). From the ISOs I get file not found error which are evidently because the ISOs use symbolic links to directories like boot-screens. Getting the files from the apt repo that you've linked to gives me "violation errors" during the boot up even if everything is 777 and owned 
<stetho> tftpd. As I said - never had these problems with other versions. I'm missing some magical step somewhere.
<rbasak> stetho: try writing a minimal pxelinux.cfg directly, pointing directly to the TFTP paths for the kernel and initrd files you've downloaded. Then there can't be any symlink issues.
<zul> jamespage:  https://code.launchpad.net/~zulcss/ceilometer/ceilometer-fix-tests/+merge/175596
<yolanda> zul: https://code.launchpad.net/~yolanda.robla/ubuntu/saucy/python-swiftclient/1.5.0/+merge/175592
<zul> yolanda:  you didnt propose against the lp:~ubutnu-server-dev/python-swiftclient/havana branches
<yolanda> oh
<yolanda> you are right
<yolanda> -1 for me :(
<yolanda> but zul, then 1.5.0 version is already merged
<yolanda> latest changelog: python-swiftclient (1:1.5.0.2.gc460ebf-0ubuntu1) UNRELEASED; urgency=low
<yolanda> i just push to saucy?
<zul> yolanda:  yes change the 1:1.5.0.2.gc460ebf-0ubuntu1 to 1:1.5.0-0ubuntu1 and then change the UNRELEASED to saucy
<yolanda> zul, shorter MP: https://code.launchpad.net/~yolanda.robla/python-swiftclient/havana_1.5.0/+merge/175599
<hadifarnoud> when I ssh to my ubuntu box, I get ^[[A^[[B^[[C^[[D for arrow keys. how can I fix it?
<RoyK> hadifarnoud: on the console?
<hadifarnoud> yes RoyK. using OSX terminal
<RoyK> try "echo $TERM"
<RoyK> I use OS X and ti works well
<hadifarnoud> xterm-256color
<hadifarnoud> I guess it's my server
<RoyK> what shell are you using?
<hadifarnoud> works fine on any other server
<hadifarnoud> zsh
<hadifarnoud> on local
<hadifarnoud> bash on server
<RoyK> hm... works for me
<hadifarnoud> RoyK: correction
<hadifarnoud> I'm not using bash on server
<hadifarnoud> when I typed "bash"
<hadifarnoud> everything's fine
<RoyK> which shell are you using on the server?
<RoyK> try ps $$
<hadifarnoud> 13195 pts/1    Ss     0:00 -sh
<RoyK> if it shows dash or -sh, then you're using dash, which is a minimal shell enabled by default for some rather bizarre reason
<RoyK> so chsh -s /bin/bash (or zsh if you like)
<zul> jamespage: https://code.launchpad.net/~zulcss/ceilometer/ceilometer-fix-tests/+merge/175596
<hadifarnoud> thanks RoyK. after a relogin it worked
<RoyK> hadifarnoud: you can change the default in /etc/adduser.conf with the DSHELL setting
<RoyK> or variable, that is
<hadifarnoud> ok
<RoyK> dash is useless IMHO
<hadifarnoud> yeah. that's why I use zsh locally
<hadifarnoud> anyone has experience with git deploy? it's kind of painful to ssh into server and git pull.
<rbasak> ssh into server and git pull? Why not just use git push? I use a tiny post-receive hook to keep the working directory at the far end synced with master.
<zul> yolanda:  i pushed swiftclient 1.5.0....thanks
<yolanda> zul, easy one
<jsonperl> Patrickdk, jemalloc is amazing
<jsonperl> went from slowly creeping up above 1gb per server, to a solid 300mb without growth
<jsonperl> i put it in production on every machine
<patdk-wk> nice
<jsonperl> now to see if it magically fixes my other problem
<gyre007> are there any quirks I should be aware of before setting up Striped LVM logical volume ?
<gyre007> or...has anyone ever st this up ?
<gyre007> *set
<jamespage> zul: https://code.launchpad.net/~james-page/python-neutronclient/havana2/+merge/175629
<zul> jamespage:  if python-neutronclient is a new binary then the epoch is not needed isnt it?
<jamespage> zul, I was pondering that myself
<zul> jamespage:  i dont think it does
<jamespage> zul, no - it is because we provide a transitional package for python-quantumclient
<zul> jamespage:  ok
<jamespage> otherwise the binary upload would be rejected post build
<zul> gotcha
<zul> jamespage:  +1
<zul> wh00t ceilometer down to 17 failures
<brendand> are the instructions here intended to work in raring: https://juju.ubuntu.com/docs/getting-started.html#test?
<jcastro> yep
<jcastro> brendand: which part isn't working for you?
<brendand> jcastro, in the version of juju i got, generate-config doesn't exist
<jcastro> can you ensure that `juju-core` is installed and not `juju`?
<brendand> jcastro, aha
<jcastro> \o/ that should sort you out
<brendand> jcastro, i gave in to the temptation to just apt-get install juju without reading the installation section :/
<jcastro> yeah, that's a common problem
<jcastro> unfortunate package rename
<zul> jamespage:  shit...apache2 2.4 transition for horizon (just remembered)
<Daviey> zul: What is the current status on h-2 in saucy?
<zul> Daviey:  we should be ready for tomorrow
<Daviey> zul: super.  Please can you give me a shout if it looks like it won't happen?
<zul> Daviey:  yep
<Daviey> ta
<zul> jamespage/adam_g: https://code.launchpad.net/~zulcss/horizon/apache-transition/+merge/175641
<koolhead17> w0ahh one of the first mails in list from zul :)
<resno> i have a server thats toppping out on its amount of space, in the past. i expanded the space and then booted the server in livecd and used gparted to add more space... is this a good method?
<MindsEye> resno, that's a great method. also consider formatting the drive for more space
<resno> formatting or an erasing the content i need?
<resno> as in*
<resno> its in a vm, so the host server has the space
<lindomar> I need help with crontab
<lindomar> Vc pode me ajudar com o crontab?
<sarnold> lindomar: you can ask here (best in english) -- or try in #ubuntu-pt if you want..
<jsonperl> resno: if you're using LVM you can resize it while running
<resno> jsonperl: i am not using crontab
<breed111> Hi guys, I have been looking all over for this answer, and it is driving me crazy.  I have cloud-init on 12.04.2 aws and the ulimit from /limits.conf is not being applied on cloud-final script... It's really driving me crazy, is pam_limits not loaded in cloud-init, where should i increase nofiles limits for cloud-init scripts?
<sarnold> breed111: if they're shell scripts, can you just add the appropriate 'ulimit' command in place?
<sarnold> breed111: if they are upstart scripts, you can manage limits 'natively': http://upstart.ubuntu.com/cookbook/#limit
<breed111> @sarnold, i tried that ulimit in shell script, but it is launching a twistd daemon from the shell, and I don't think the twistd daemon is inheriting the limits
<breed111> sarnold: I'll try that again
<sarnold> breed111: does the script run as root? a process needs CAP_SYS_RESOURCE to raise its hard limits
<breed111> sarnold: the script runs as sudo -i -u ubuntu
<breed111> hmm
<sarnold> breed111: aha, check /etc/pam.d/sudo, make sure the pam_limits is in the call stack somewhere..
<breed111> sarnold: this is what the pam.d/sudo looks like - http://pastebin.com/BHKHkLAD
<breed111> sarnold: this method / script used to do find in 11.04, but we upgraded server to 12.04 and now does not
<breed111> ok i am putting in session required pam_limits
<MindsEye> what can I do with ubuntu server?
<sarnold> breed111: hrm, I don't see any pam_limits.so in my /etc/pam.d/common-* files -- I think it's just not there.
<sarnold> breed111: yeah, sounds like a good idea.
<breed111> sarnold: thanks
<sarnold> breed111: (have a root shell open while testing!)
<breed111> sarnold: that worked thanks - how would a root shell open help tho?
<sarnold> breed111: so that if you break something you have a command line available to fix it. :)
<breed111> :_)
<sarnold> BTDT, now I recommend it to folks fiddling with PAM and AppArmor policies on login services, fiddling with firewall rules, etc. :)
<resno> when setting up a authoritative name server, do you self host or pay a company?
<ScottK> Unless you know what you're doing, pay someone.
<resno> who do you suggest?
<sarnold> many registrars offer it as a service
<resno> we presently use netwokr soltuions, but i kinda distrust doing that
<resno> i read they were ddos recently
<sarnold> resno: see also e.g. http://www.gandibar.net/post/2012/03/02/DNSSEC-at-Gandi
<hallyn> smoser: hey, just to make sure that what i'm seeing makes sense:  if I start an ubuntu-cloud container with user-data setting password for user ubuntu, and that container does not have networking, then cloud-init will never set the password for user ubuntu, is that right?
<smoser> o.
<hallyn> i.e. if no network, then user-data does not get executed?
<smoser> it depends.
<smoser> it could.
<smoser> just a minute
<hallyn> k
<smoser> in /usr/share/lxc/templates/lxc-ubuntu-cloud
<smoser>         seed_d=$rootfs/var/lib/cloud/seed/nocloud-net
<smoser> if you make that /var/lib/cloud/seed/nocloud (dropping '-net')
<smoser> then it will be found as a local datasource
<smoser> and will not depend on netowrking at all.
 * hallyn tries
<smoser> but in the images as they boot is going to block waiting on a eth0 to come up
<smoser> (due to /etc/network/interfaces having eth0) and portions of boot needing static-networking or the like
<hallyn> smoser: thanks - the parcelling of network bits is the only thing not yet done for unprivileged contaienr create/start - I just wanted to make sure I wasn't unable to log in due to something else I effed up
<smoser> since you brought this up..
<smoser> ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"
<hallyn> (waiting 120s for upstart :)
<smoser> you're waiting for static-networking-emitted
<hallyn> yes
<hallyn> just saying, after that i can confirm whether i can log in :)
<smoser> yeah. you could actually add a boothook in user-data to cloud-init that (i think).... fixed that.
<smoser> maybe
<smoser> so that eth0 wouldn't show up
<smoser> but dont know for sure.
<hallyn> i coudl probably just emit the event :)
<hallyn> smoser: but what where you going to say about 'ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"' ?
<smoser> well. i was going to say that we could change that to use sstream-sync
<smoser> but probably the better thing woudl be to make ubuntu-cloudimg-query use that
<smoser> (should have said sstream-query, not sstream-sync)
<hallyn> smoser: good point, if that's doable
<hallyn> as for changes to te template itself, so far I'm still letting utlemming be the owner...
<hallyn> waiting for him to tell me he has no time
<hallyn> until then i don't want to step on toes
<smoser> whered we get with cirros?
<hallyn> smoser: it's upstream
<hallyn> git://github.com/lxc/lxc has templates/lxc-cirros.in
<hallyn> I actually haven't tested it lately with unprivileged - I"ll test that
<hallyn> woohoo, i'm logged in
<hallyn> completely created/started without privilege
<smoser> nice work hallyn.
<hallyn> oh no, but lxc-cirros is brokewn
<smoser> $ sstream-query --max=1 http://download.cirros-cloud.net/ ftype=lxc.tar.gz "arch~(x86_64|amd64)" --output-format="%(item_url)s"
<smoser> http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-lxc.tar.gz
<smoser> http://download.cirros-cloud.net/0.3.2~pre1/cirros-0.3.2~pre1-x86_64-lxc.tar.gz
<hallyn> how did that happen.
<hallyn> oO
<hallyn> that's my eyes glazing over
<hallyn> smoser: do you want to send a patch for lxc to switch to that?
<hallyn> I need to patch it to recognize '--rootfs'
<smoser> not rigth now. but, yeah, thats the kind of thing that we want to do.
<smoser> --rootfs ?
<hallyn> yeah - to specify where the backing store is mounted when the template runs.
<hallyn> (it's not necessarily the same as lxc.rootfs in the configuration file)
<hallyn> lxc-create always passes it to the templates now.  cirros breaks when it sees it
<hallyn> smoser: you're such a perfectionist, i figure you'll have som einput on this:  http://paste.ubuntu.com/5888828/
<smoser> looks good i think. just reaading it.
<smoser> make sure you got indentation right
<smoser> (tabs or spaces, whatever i did)
<hallyn> yup i'm using 4 spaces
<delinquentme> say i've got a device running on an ubuntu server ... this interface allows people to interact with a device ... and I'd like to only allow one device interaction at a time
<delinquentme> where should this be done?
#ubuntu-server 2013-07-19
<McGurt> Hello, would anyone be able to point me to a current guide for setting up FTP without shell access? I seem to be running into problems with all the guides i've found on youtube
<pmatulis_> McGurt: "setting up FTP without shell access", not sure what that means, configuring without a shell or setting up FTP so that the clients do not require a shell?
<McGurt> pmatulis_, I am hoping to setup an FTP so the clients do not require a shell.
<rubberneck> McGurt: https://help.ubuntu.com/lts/serverguide/ftp-server.html the /usr/sbin/nologin is at the bottom
<pmatulis_> McGurt: FTP is FTP.  you can use a CLI (shell) client or a non CLI client
<McGurt> Okay, well let me explain what I want quickly pmatulis_ ...
<McGurt> I need 3 accounts that are able to login and upload... the rest can all be anonymous connections.
<McGurt> I've tried using that guide, but keep messing up somewhere and cant figure out where.
<pmatulis_> McGurt: well, i'm not sure how we can help.  you'll need to give people some hints on what you're seeing (errors or behaviour)
<pmatulis_> McGurt: i help maintain that guide and it interests me that you failed by following it
<pmatulis_> (guide in general, not that specific ftp section)
<McGurt> pmatulis_, okay, well I will uninstall VSFTPD quick and retry the guide.. Would you happen to know how to uninstall the PAM software? It creates virtual hosts so you dont have to have shell access to connect to the FTP
<McGurt> I cant find a guide on uninstalling it anywhere.. and forgot what it was called when I installed it + the link /facepalm
<pmatulis_> McGurt: PAM is an authentication framework that is essential to a Linux system.  it does not create virtual hosts and you should not uninstall it
<McGurt> Hmm.... Well odd... It must have been something else then. I'll just disregard for now. :/
<McGurt> Give me a few moments to go through this guide again pmatulis_
<pmatulis_> McGurt: alrighty then.  if you encounter a problem in the guide then please file a bug here:
<pmatulis_> https://bugs.launchpad.net/serverguide/+filebug
<McGurt> Will do, thank you. I'll try to get ahold of you here aswell, just to try and get it resolved a little faster.
<pmatulis_> (for the bug, mention which guide you used; ie. it's URL)
<McGurt> :) Willdo
<pmatulis_> thanks McGurt
<vedic> Hey guys, need practical advice. I have several clients (around 100) how wants to send speeches of corporate importance but they want the entire communication be as much secure as possible, no external eavesdropping should be possible. These clients will also run access to database, plain TCP/IP sockets connection for accessing one of our servers and http API to have reporting etc. Though the data transmitted is not big in size (less than 100KB each time) but
<McGurt> vedic, I have a friend on Skype that is developing a Secure Messager that uses Java.. If you want to contact him send me a message.
<Joy> is this a good place to find someone to discuss ubuntu server support?
<Joy> i can't seem to find such a channel at the channel list
<ikonia> Joy: whats up
<ikonia> Joy: check the channels /topic - you'll see it's the ubuntu-server channel
<vedic> Hey guys, I am trying to install Ubuntu 12.04 64bit ISO using unetbootin to my server. I see the UNetbooin menu and tried the default option. It select country, detects keyboard but after that asks for CD. I don't have CD drive working. How to ensure Unetbootin installs from USB stick?
<brendand> vedic, where are you running unetbootin?
<vedic> brendand: ISO is extracted into USB stick via Unetbootin (windows version) and now booting from that USB to another system where I have to install it
<brendand> vedic, so when you boot that system with the usb stick inserted, exactly what happens?
<vedic> brendand,The default option asks for CD-ROM drive after few steps
<brendand> vedic, what is 'the default option'? what kind of menu do you see?
<vedic> brendand, when booting starts from unetbootin, first thing it does is show menu. it selects default if you don,t select any option
<brendand> vedic, what are the other options?
<brendand> juju deploy hangs for me - seemingly in open.go
<brendand> 2013-07-19 09:47:53 INFO juju open.go:68 state: opening state; mongo addresses: ["10.55.60.178:37017"]; entity ""
<brendand> that eventually times out
<brendand> i'm using openstack
<smb> jamespage, would nova autopkgtest failing for some dependencies (cannot understand what it wants to say) surprise you?
<jamespage> smb, maybe
<jamespage> is this in saucy?
<smb> yes
<smb> https://jenkins.qa.ubuntu.com/view/Saucy/view/AutoPkgTest/job/saucy-adt-nova/ARCH=amd64,label=adt/lastBuild/artifact/results/log
<jamespage> smb, oh  - its suffering from a mismatch with sqlalchemy right now
<smb> Just had a xen update being pushed, but that should not change any interfaces or so. So I am not really confident this is because of that... but who knows
<jamespage> havana2 should sort that out today/monday
<jamespage> zul is working on it
<smb> Ah... HOW does one see that??
<smb> jamespage, Ok, so nothing I did ... still do you just happen to know that or is there any place that would tell you from that output?
<jamespage> smb, no idea
<jazzkutya> hi
<jazzkutya> how do i use phusion passenger (ubuntu supplied?) with ruby 1.9.1 (installed from ubuntu) on precise server?
<jamespage> zul: https://code.launchpad.net/~james-page/cinder/havana2/+merge/175823
<zul> jamespage:  why did you get rid of the --parallel?
<jamespage> I added it
<jamespage> zul, ^^
<zul> jamespage:  right duh...
<zul> jamespage:  https://code.launchpad.net/~zulcss/nova/2013.2.b2/+merge/175825
<zul> jamespage:  https://code.launchpad.net/~zulcss/keystone/2013.2.b2/+merge/175828
<jamespage> sorry - glance test suite is killing my laptop
<zul> jamespage:  as it should ;)
<psivaa> hallyn: Had to report bug 1203048 for testModPhp failure on the LAMP server tests for saucy with today's images
<uvirtbot> Launchpad bug 1203048 in ubuntu-test-cases "testModPhp test failure occurs in Lamp saucy server tests" [Undecided,New] https://launchpad.net/bugs/1203048
<xkernel> do you think its better to have owncloud or to install each service as standalone like mail server, file server ,etc..  I'm talking about 1 server machine
<rbasak> psivaa: that'll be related to php 5.5 hitting the archive yesterday.
<yeats> xkernel: that sounds like a matter or preference
<rbasak> I wrote a dep8 test for mod_php that passes though
<yeats> s/or/of/
<psivaa> rbasak: thanks, i could not make that out, would be helpful if you could reassign that bug :)
<xkernel> yeats, whats alternative to run a standalone sync server for calendar, contacts
<yeats> xkernel: sorry, I don't know - perhaps someone else can help
<jamespage> zul, both +!
<jamespage> +1 rather
<zul> jamespage:  cool thanks
<jamespage> zul, leaving glance testing while I run out for 30 mins
<zul> jamespage:  ack
<zul> the others will be waiting for you when you get back ;)
<rbasak> psivaa: I think it might now be necessary to run "a2enmod php5" to turn the module on, as it's no longer being turned on by default perhaps. But I'm not clear where the setup code for that is.
<rbasak> Or is it that the lamp task is supposed to do that?
<zul> jamespage:  https://code.launchpad.net/~zulcss/ceilometer/2013.2.b2/+merge/175842
<zul> jamespage:  back yet?
<jamespage> zul, yes
<zul> jamespage:  cool
<zul> jamespage:  i just thought of something
<jamespage> zul, are tests still failing for ceilometer
<anepanaliptos> my apache is ever so slightly messed up
<zul> jamespage:  horizon is going to need to support both apache2.2 and apache2.4
<jamespage> indeed
<zul> jamespage:  yeah, still due to sqlalchemy
<anepanaliptos> how do i setup the 'default' folder, if someone access the machine by ip (no host name) how do i make it go to /var/www ?
<jamespage> zul, hmm
<zul> jamespage:  once python-nova, python-glance gets uploaded then ill upload an -ubuntu2 which fixes it
<jamespage> zul, for ceilometer? why not just do those first?
<zul> jamespage:  i did
 * jamespage is confused
<jamespage> so why do we 'testr init && testr run || true'
<zul> jamespage:  because of sqlalchemy not being transition properly yet
<jamespage> zul, that just bypassing the transition block in -proposed and defeats the object of holding back packages that are part of a transition
<zul> jamespage:  yeah we probably dont want that
<hallyn> stgraber: hey, can you check whether you got an 8-patch set from me on lxc-devel in the last few minutes?
<hallyn> (I think the list rejected them, but i think git-send-email cc:d me, so i got them)
<hallyn> oh, nm, i see.  you must've not gotten them.  will resend
<stgraber> hallyn: yeah, didn't see anything
<hallyn> stgraber: sucks - I'd added some text in-line during --compose, which are now lost (bc the intro msg didn't get cc:d to me)
 * hallyn unhappy with the lxc-devel m-l
<allaire> Hi, can somebody explain me why these two are differents: https://gist.github.com/allaire/ab0e4900da999983ff21  the second one, with no `exec` command returns the wrong pid, always the pid just before the correct one
<allaire> (It's a snipper from an upstart script)
<allaire> snippet*
<jamespage> zul, we probably don't want to hold back packages which are part of a transition?
<zul> jamespage:  we dont
<jamespage> I disagree
<jamespage> there is code in the package that will not work once the transition lands
<jamespage> that needs to be addressed
<zul> jamespage:  sure i addressed the nova parts  at least
<jamespage> zul, sorry - I'm confused
<zul> jamespage:  yeah i think we are both confused
<jamespage> zul, if the problems have been fixed, why do we need to || true the testing in ceilometer
<zul> jamespage: i actually dont think all of the problems have been fixed, it still ftbfs for me locally
<zul> jamespage:  but i will do an -ubuntu2 for ceilometer to get it ready for the MIR process, which means fixing the testsuite completely
<Daviey> zul: seen this, https://jenkins.qa.ubuntu.com/view/Saucy/view/AutoPkgTest/job/saucy-adt-nova/38/ARCH=amd64,label=adt/console ?
<zul> not yet
<zul> Daviey:  wtf
<jamespage> zul: https://code.launchpad.net/~james-page/glance/havana2/+merge/175858
<zul> jamespage:  +1
<zul> Daviey:  nova is in depwait because of python-neutronclient
<Daviey> ugh
<zul> thats probably the cause of it
<Daviey> jamespage: Any news on that MIR ack
<Daviey> jamespage: I might just do it.
<zul> Daviey:  do it!
<zul> jamespage:  https://code.launchpad.net/~zulcss/horizon/2013.2.b2/+merge/175865
<jamespage> zul, did you refresh the assets
<jamespage> Daviey, someone already did it
<zul> jamespage:  for horizon?
<jamespage> yes
<zul> jamespage:  damn
<zul> jamespage:  not yet
<Daviey> jamespage: no, i /just/ did it
<jamespage> oh
<jamespage> zul, I'm not going to get to neutron - sorry
<jamespage> zul, to many calls this afternoon
<zul> jamespage:  ok ill do it
<jamespage> (I''' upload glance shortly)
<jamespage> zul, thanks v much
<zul> jamespage:  did you get to cinder?
<jamespage> zul, done
<zul> jamespage:  cool
 * roaksoax bbl
<jamespage> Daviey, thanks btw
<jsonperl> Patrickdk: seeing occasional "failed to allocate memory" errors with jemalloc at high load. (not out of memory by a long stretch) Ever seen that?
<jsonperl> Also, we've still got the connectivity problem :(
<patdk-wk> no, I haven't seen that
<patdk-wk> but working on an ecryption issue at the moment
<jsonperl> coolcool, have fun :)
<izanagisan> hi all. Was looking for ways to 'take a snapshot' of an UbuntuServer 12.04 installation. Found this thread http://ubuntuforums.org/showthread.php?t=1198700 - is that still the best way to copy the current state of a system?
<zul> jamespage: https://code.launchpad.net/~zulcss/neutron/2013.2.b2/+merge/175882
<Daviey> zul: are things still on target for h-2 in saucy today?
<zul> Daviey:  no unfortunately, horizon needs heatclient and ceilometerclient now
<zul> the only packages that need uploading now is neutron, horizon, heatclient, and ceilometer
<jamespage> zul, +1
<zul> jamespage:  thanks
<Daviey> zul: i didn't realise heat is in horizon now.
<zul> Daviey:  neither did i
<Daviey> ugh
<Daviey> zul: do we have it in hand to make sure it is done by EOD Monday?
<zul> Daviey: heatclient is easier to MIR but yes
<brendand> i'm trying to follow the juju tutorial and i've run juju bootstrap, but juju deploy hangs for me
<brendand> 2013-07-19 09:47:53 INFO juju open.go:68 state: opening state; mongo addresses: ["10.55.60.178:37017"]; entity ""
<zul> Daviey:  neutron is uploaded should be in binary-new
<brendand> that gets stuck and eventually times out
<Daviey> zul: neutron is in main now
<zul> Daviey:  ok i just uploaded havana2 neutron
<Daviey> zul: can you get heatclient uploaded today?  .. I will NEW it over the weekend.
<Daviey> Oh wait
<Daviey> it's not NEW.
<Daviey> Just needs a MIR, right?
<zul> Daviey:  yep
<zul> Daviey:  i just need to beat it into shape and write a MIR for ceilometerclient
<zul> jamespage:  mind +1ing ceilometer please
<roaksoax> jamespage: does goju still require the fix to the binary?
<roaksoax> or should I be able to use the one from ppa directly
<Daviey> roaksoax: for serverstack?
<roaksoax> Daviey: yeah
<Daviey> roaksoax: i believe so
<roaksoax> Daviey: cool thanks
<zul> Daviey:  i think neutron is in binary new :(
<hallyn> stgraber: so i think for nics in unprivileged containers I'm just going to use a new little program.  If we only had ifup, I'd say I'd like to extend ifup to give us what we need.  But with ifup.vs.nm I don't want to touch that.
<hallyn> just fyi
<hallyn> so lxc-start will just call 'lxc-new-nic <nic-type> <bridge>' and consult /etc/lxc/lxc-net-user for permission (given # already allocated)
<stgraber> hallyn: sounds good
<zul> Daviey:  erm https://launchpad.net/ubuntu/+source/nova/1:2013.2~b2-0ubuntu1/+build/4808745
<zul> Daviey:  can you promote oslo-sphinx please (https://bugs.launchpad.net/ubuntu/+source/oslo-sphinx/+bug/1199872)
<uvirtbot> Launchpad bug 1199872 in oslo-sphinx "[MIR] oslo-sphinx" [High,Fix released]
<Daviey> zul: oslo-sphinx is in universe?
<hallyn> stgraber: just trying to decide whether it's more urgent to get that done, or snapshotting in the api
<zul> Daviey:  according to launchpad yes
<hallyn> but i guess finishing that is probably better - rather than having a bunch of unfinished out of tree patchsets going stale
<stgraber> hallyn: yeah, personally, I have more interest in the userns work than in the snapshotting stuff, but both need to get done anyway
<zul> Daviey: https://bugs.launchpad.net/ubuntu/+source/python-heatclient/+bug/1203122
<uvirtbot> Launchpad bug 1203122 in python-heatclient "[MIR] python-heatclient" [High,New]
<zul> (btw new python-heatclient has been uploaded with the testsuite enabled and passing)
<Daviey> zul: see if you can do anything to get these MIR's pushed through please
<zul> Daviey:  yep
<zul> adam_g:  https://code.launchpad.net/~zulcss/ceilometer/2013.2.b2/+merge/175842
<adam_g> zul, https://code.launchpad.net/~james-page/python-cinderclient/re-enable-trunk/+merge/175566 is this okay to merge?
<zul> adam_g:  yesh
<p0lym47h> hey
<m_tadeu> hi everyone...I'm having trought setting distcc to work...it's not finding other hosts. does anyone know why?
<delinquentme> not getting much attention in #ubuntu ... but wondering about running ubuntu on a mac book pro ... guessing that you guys in here have the most experience
<delinquentme> so does it run as you'd expect? or should I just go with a thinkpad?
<sarnold> delinquentme: hope this helps: https://help.ubuntu.com/community/MacBookPro
<delinquentme> so I dont think the install would be the issue ... but say what about some of the typical issues? like graphics card drivers?
<eedfwchris> Hey guysâ¦ why would this UFW rule not allow incoming ssh connections on 22 (eth1 is public)? http://pastie.org/private/mm7cfnu0dwoxtge2gzynzg
<ikonia> eedfwchris: why do you think it's being blocked ?
<eedfwchris> My thoughts currently is maybe it's listening on lo instead?
<ikonia> why ?
<ikonia> it actually says eth1 in the rule
<ikonia> so why do you think it's a problem
<eedfwchris> no idea to be honest.
<eedfwchris> unless I am just not reading the rule properly.
<eedfwchris> ikonia: is it saying anywhere ONLY on eth1 maybe?
<ikonia> what's the actual problem ?
<eedfwchris> I can't connect to the server "publically" (via eth1).
<eedfwchris> it just sits
<eedfwchris> and times out
<eedfwchris> but I can "privately" (via eth0)
<eedfwchris> as tested by connecting to another server that is on the same vlan.
<ikonia> eedfwchris: is this on a home network/home internet connection ?
<eedfwchris> oh wait â¦ I wonderâ¦ is it because I need to allow all out via eth1 too?
<ikonia> eedfwchris: it will need a route back
<eedfwchris> so how do I with ufw just say allow all out on eth1?
<eedfwchris> nm
<eedfwchris> that didn't quite fix it
<eedfwchris> http://pastie.org/private/xd5hev1jo0t5r4dbsynedw
<eedfwchris> ikonia: i resorted to iptablesâ¦ any idea what -i eth0 is supposed to display when you do iptables -L?
<ikonia> can you give me a minute, just in the middle of something else
<eedfwchris> sure
<eedfwchris> ah -v :)
<eedfwchris> man even less luck with iptables :(
<eedfwchris> got it I think! â¦ I think UFW sets a deny on all interfaces which superscedes the allow or something
<eedfwchris> atleast that's what I experience doing it with iptables
<sarnold> eedfwchris: note from the ufw manpage, "On installation, ufw is disabled with a default incoming policy of deny and a default outgoing policy of allow, with stateful tracking for NEW connections.". You can change that with 'ufw default' command.
<eedfwchris> sarnold: I realize what I was really after was just ufw working on eth1
<eedfwchris> so deny on eth1 not any on eth0
<sarnold> eedfwchris: aha :)
#ubuntu-server 2013-07-20
<Penyulap> I have a lot of trouble with my server destroying disks, usually within hours or days of installation, is there an issue with ubuntu server and hard drives ?
<sarnold> I've seen a dell desktop destroy three SSDs we fed it, but that was Windows 7.
<Penyulap> I don't have the budget for ssd's, these are brand new segate drives
<sarnold> is it the same POS dell that my dad owns? :) hehe
<Penyulap> what is a pos?
<sarnold> piece of shi....
<jcastro> are the drives ruined or just the data written to them gets corrupt?
<Penyulap> ah, no this is a brand new pos
<sarnold> aha :)
<Penyulap> one got internally reallocated sectors up to wazoo, the other has twice gone
<Penyulap> once it went unresponsive, I could send commands, but nothing could use the hd
<Penyulap> so everything came back as command not found or not understood or io error or what have you, the memory and os in memory was ok, but the HD was out to lunch
<Penyulap> then today it makes gwd awful clicking sounds, so i shut it down before it killed itself, so i can later start it to run tests (maybe)
<Penyulap> I build with new MB new mem simm new cpu new HD, all of them desktop, maybe that is the problem. I don't have the budget for server hardware, but then again ubuntu server doesn't have warning labels 'I shall destroys all Ur hardware' :)
<Penyulap> I built it all into an older server case, to use the kick-ass PSU
<Penyulap> which kicks ass :D
<Penyulap> I just don't know what tools to use to analyse the drive, or what settings like goto sleep or something should be fixed up
<sarnold> Penyulap: are these all the same batch of hard drives? or same batch of motherboards? or same batch of power supplies?
<Penyulap> well, the problem seems to be 3.5 inch segate 1 and 2 TB hard drives
<Penyulap> sata
<Penyulap> so far that is, I'm not REALLY eager to feed it my new sexy 2.5 inch 1TB drive, I would love to work out the cause before throwing away more cash
<Penyulap> h5 Mr clicky wonky HD this time is seagate barracuda 500GB
<Penyulap>  3500330AS
<Penyulap> ST3500330AS
<Penyulap> Mr I'll just take a little rest now was segate barracuda 2000GB ST2000DM001
<hxr> ubuntu apache2 runing at 50% cpu?
<hxr> ok now 87%
<hxr> any idea
<oonick> server basics i came here for if anyone could help
<genii> !handbook
 * genii glares at the bot
<genii> !guide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/12.04/serverguide/C/
<LargePrime> dear U server technocrats.  I have a headless dedicated i need some graphics tools used on
<LargePrime> what are the best practices?
<LargePrime> I am thinkking VNC and xbuntu desktop?  but I defer to your thoughts
<genii> !info xvfb
<ubottu> xvfb (source: xorg-server): Virtual Framebuffer 'fake' X server. In component main, is optional. Version 2:1.13.3-0ubuntu6 (raring), package size 897 kB, installed size 2164 kB
<genii> With xvfb and xterm on the server, you can start up xvfb with whatever display parameters you like, export it, then run xterm remotely. From xterm you can call up whatever app specifically uoi want to run
<LargePrime> genii: do you have a link?
<genii> LargePrime: Not offhand but give me a minute and I'll see what I can find for you.
<LargePrime> I thank you i am googleing too
<LargePrime> but my wheat / chaff filter is not calibrated in this instance
<genii> LargePrime: http://www.richud.com/wiki/Ubuntu_Fluxbox_GUI_with_x11vnc_and_Xvfb  gives the basic gist, although you don't really need a desktop environment like fluxbox, just xterm.
<genii> Then you connect to the headless xvfm instance running xterm and from there just issue the name of the graphical app you want to run
<LargePrime> do i have security issues with this?
<LargePrime> genii
<genii> LargePrime: Since it happens over an ssh session it's as secure as your ssh is
<axisys> is there a mysql 5.0.75 debian package for ubuntu precise? I am still looking and so far no avail
<Patrickdk> axisys, I would hope not, that is very very old
<Patrickdk> 5.5 is in precise
#ubuntu-server 2013-07-21
<axisys> Patrickdk: I need to migrate RT from old machine to new machine before doing upgrade. It is mysql 5.0.75 on the old machine
<axisys> how do I install mysql-server from lucid to precise ?
<axisys> it has 5.1 .. still looking for 5.0.x
<axisys> need to be as close to old version as possible to migrate
<axisys> then I will upgrade
<Patrickdk> axisys, your best bet is to install 5.0 onto lucid using http://www.percona.com/downloads/Percona-Server-5.0/LATEST/deb/
<Patrickdk> personally, I never had an issue migrating between version
<Patrickdk> but if you want to, well
<lwizardl> hello
<hxr> how to i remove about 8 extra out of date kernels from the boot folder
<hxr> is there a way other then manual
<Patrickdk> apt-get autoremove
<axisys> Patrickdk: sorry what I meant is how to install a package from previous release?
<Patrickdk> you don't
<Patrickdk> in order to do that, you have to install everything it depends on
<Patrickdk> and then it will destroy your current release
<axisys> Patrickdk: I have no mysql on precise right now
<Patrickdk> yes, but you have everything it depends on
<Patrickdk> or you wouldn't have a working system
<Patrickdk> now if you want to recompile it
<Patrickdk> go for it, that is much out of scope here though
<Patrickdk> any many many websites that explain how to do so
<axisys> Patrickdk: I guess I should install the binary then.. thanks a lot for your help
<axisys> looks like 5.0.96 available for linux as binary
<Patrickdk> ya, a static binary would be ok
<Patrickdk> ubuntu doesn't ship static though
<axisys> yep keep things lighter as well that way
<hxr> how to i remove about 8 extra out of date kernels from the boot folder, other then manually
<Patrickdk> hxr, pay attention
<hxr> ? autoremove has not removed them
<hxr> though it looked like you said that to some one else
<Patrickdk> then something broken them on your system
<Patrickdk> apt-get autoremove removes them on my systems
<hxr> i have three that are being held back on 12.04 lts
<Patrickdk> heh?
<Patrickdk> autoremove doesn't *hold them back*
<Patrickdk> so what is it your attempting to do?
<hxr> I run apt-get autoremove and get
<hxr> :~# apt-get autoremove
<hxr> Reading package lists... Done
<hxr> Building dependency tree
<hxr> Reading state information... Done
<hxr> 0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
<hxr> 4 not upgraded are kernel
<hxr> Patrickdkâ¡ ^
<Patrickdk> ya, that has nothing to do with removing
<Patrickdk> that has to do with adding
<Patrickdk> you said you wanted to remove old ones
<Patrickdk> not add new ones
<hxr> Patrickdkâ¡ yes, i want to remove old ones, so how do I
<tcb^ll3r> what are the correct permissions for a users home folder?
<virusuy> tcb^ll3r: drwxr-xr-x
<virusuy> 751
<virusuy> bleh, i guess
<axisys> whats the difference between mysql-5.0.77-linux-x86_64-icc-glibc23.tar.gz and mysql-5.0.77-linux-x86_64-glibc23.tar.gz ? I need to install one on ubuntu precise
<tcb^ll3r> virusuy thanks
<virusuy> tcb^ll3r: you're welcome
<tcb^ll3r> what does it means when a directory is highlighted in the ls listing?
<tcb^ll3r> does anyone know the correct ownership for a ssh chroot dir?
<tcb^ll3r> wtf? why ssh chroot perms must be 755?
<tcb^ll3r> ha! that was almost as funny as when I caught me hacking my own serv last week.....
<Administrato> !list
<ubottu> Administrato: No warez here! This is not a file sharing channel (or network); read the channel topic. If you're looking for information about me, type Â« /msg ubottu !bot Â». If you're looking for a channel, see Â« /msg ubottu !alis Â».
<alexes> I'm using logwatch, and every week I get hundreds of "MAIL (mailed 1 byte of output; but got status 0x0001, #012)".
<Penyulap> i have ubuntu server on a computer in the house, and can use it's apache to copy files from it to my desktop computer, is there an easy way to send files the other way to the server, using ssh on the command line ?
<pmatulis_> scp
<Catbuntu> ugh
<Pablo01> hi do you know something about project artiglieria something to protect a server to prevent ddos ? tnx in advice
<bekks> Pablo01: BEsides some settings that might lower the chance of attacking a specific service, there is (technically) nothing that could actually prevent an attack like that.
<Pablo01> something to protect any hints ? wiki or something like it ?
<Pablo01> i saw in a forum smething like artiglieria project but i cannot get any info about it googling
<Pablo01> do u know something about ?
<Pablo01> it s open-souce written in python i saw
<LargePrime> I af a perms problem
<LargePrime> have
<LargePrime> can someone chat about perms with me for a bit
<LargePrime> I have a game panel that has an application user and it creates several users to run each of its game servers
<LargePrime> I need to grant a person access to some or all of these game sever files
<LargePrime> for matience and fixing stuff
<LargePrime> the problem is how do i grant a user access to editing thoes files, and still have the app run the files as normal
<guzzlefry> 0.o
<guzzlefry> Didn't wait too long.
<EpicCyndaquil>  I've followed a few guides on setting up dovecot and postfix, but I can't seem to get it right. Does anyone with experience with mailservers have any suggestions?
<sarnold> EpicCyndaquil: a few random thoughts: (a) sending is different than receiving is different than retrieving; test one thing at a time and get each working -- and retest all three functions before you're considering the day done :) (b) log files are your friends -- they often report exactly what the problem is, if only you can decode them :)
<EpicCyndaquil> sarnold: the problem is I
<EpicCyndaquil> *I'm at a point where it should be working with no error log output
<EpicCyndaquil> but it's still not, so it's hard to tell what the issue is
<EpicCyndaquil> from people I've talked to, it seems like setting these up is always complete hell
<sarnold> there's a fair amount of moving pieces, and it's worse these days since you need a pile of anti-spam things on receiving and need to work with any number of arbitrary anit-spam things on receivers without obviously easy ways to test...
<EpicCyndaquil> I really wanted to try to set up server-side conditionals to move mail from specific senders into certain folders, but damn, I can't even get a regular mailserver up and running
<guzzlefry> What's a sensible drive size for an Ubuntu Server install using Gnome, Java runtimes for my IDE, and running a LAMP stack and possible a few other random things? Non-production server. Trying to keep this as small as possible without hitting disk space issues.
<blkperl> guzzlefry: ~30G
<blkperl> more if you plan to install lots of apps
<blkperl> LAMP is pretty small, java/gnome are going to be the hogs
<guzzlefry> ok thanks, time to delete some stuff then. :P
#ubuntu-server 2014-07-14
<tjbenator0> Spam filtering now functional. Thanks for pointing me in the right direction.
<ruben23> hi guys i have a ubuntu server- is there any solutions where i can image the whole system or even snapshot to revert from aworking system...so anything happens i can revert back right away.
<ruben23> guys any suggestion how can i backup my working ubuntu server and save it as image incrementally- in any event i can revert to a working image and restore it.
<tjbenator0> You could use something like rsnapshot to back up config files, etc.
<tjbenator0> You could restore files as needed
<kriskropd> how do I know if removing tomcat6 from my server will affect another package that depends on it?
<lordievader> Good morning.
<cwhy1> howdy
<lordievader> Hey cwhy1, how are you?
<Abhijit> ubuntu server is does partition as specified in sample.seed file in cobbler. but it do not understand the network configuration. instead halts for user input for network configuration.
<Abhijit> what do i need to do to make cobbler sample.seed work perfectly with ubuntu server 14.04?
<Abhijit> lammy, is spamming with porn links in pm.
<Abhijit> ops^
<zartoosh> hi there is ubuntu-destop package, but there in no ubuntu-server package. Is ubuntu-minimal close to ubuntu-server ....? thx
<RoyK> zartoosh: ubuntu server is just ubuntu desktop without the desktop part
<Abhijit> ubuntu server is does partition as specified in sample.seed file in cobbler. but it do not understand the network configuration. instead halts for user input for network configuration.
<peetaur2> zartoosh: minimal is basically 'server' without the server... just install ssh, or whatever you need.
<zartoosh> RoyK, Abhijit  peetaur2  thanks for your feedback. I am investigating installation of ubuntu-server on a separate disk. The debootstrap automaitcall install some packages which conflict with ubuntu-server, i.e. it install buysbox, but ubuntu server requires busybox-static.
<Abhijit> ??
 * Abhijit goes back to check what did he contributed?
<peetaur2> zartoosh: think of those ubuntu-minimal/server things as starting points... just install them once, then install what you want (and remove ubuntu-minimal also, which won't uninstall the things it installed)
<peetaur2> remove only if it is because of a conflict
<RoyK> zartoosh: why busybox?
<zartoosh> RoyK debootstrap install busybox as default, it is not my choice.
<ikonia> why would you just not do a standard ubuntu server install
<ikonia> rather than this round the houses approach
<peetaur2> if you don't need it, then you shouldn't care which one is installed... just mash some keys until it's happy
<peetaur2> yeah good question.. what is he starting with ... these should be installed already by the installer
<ikonia> download ubuntu server, burn CD/usb stick, install done
<ikonia> 20 minutes work
<ikonia> rather than this complex process
<zartoosh> ikonia, it is for field implementation which there is no access to ubuntu.archives,
<ikonia> what has that got do with anything ?
<ikonia> burn CD/usb stick
<ikonia> no acccess to ubuntu.acrhives needed
<zartoosh> ikonia, you are right as I said I am investigating possible solution...
<ikonia> there is no need for a solution
<ikonia> there is no problem
<zartoosh> ikonia, :)
<ikonia> I'm not joking
<ikonia> I don't see a problem, so I don't understand why you are doing this
<zartoosh> ikonia, okay so, as I said just looking at possibility of using debootstrap, that is all..
<punkgeek> can i encription /root with LUKS ?
<LarsN> I'm running into a problem while trying to do an unattended installation using Preseed.  Specifically the partitioner starts, and then nearly immediately crashes out with a "not root filesystem" error.  The partitioning part of the preseed file is listed here: http://pastie.org/9389004
<LarsN> Is there anything special I need to do if I've got Intel Matrix Raid devices?  I "think" the installer might not be seeing the raid device?
<kully> hey all; how can I hide hidden folders from an ftp user. Guy will be connecting in VIA filezilla and it's showing all the hidden ubuntu files/folders of his directory
<kully> i.e. .ssh .bashrc etc
<DeltaHeavy> kully: Not sure if you can. You could change the ownership/permissions of them and take away execute rights for that use.
<DeltaHeavy> In order to "enter" a directory you need to have execute permissions.
<kully> ok cool. I'll look into that, also is there anyway to have him redirect to a certain directory on sftp login?
<kully> i.e. instead of hitting his /home/ dir to hit /var/www/ upon sftp log in
<DeltaHeavy> kully: I believe so. I highly suggest the use of SFTP over FTP. You can do quite a few things to make it secure. I usually have the SFTP user jailed in their home directory and have local mounts in their homedir, one for each website they'd be editing on that server.
<DeltaHeavy> kully: You also might want to change the default shell for that SFTP user to '/bin/false'
<LarsN> kully: from within the filezilla client I believe you can direct it to /var/www as an example.
<LarsN> kully: also depending on which FTP server you're running you can make changes on the server side.  I agree with DeltaHeavy though, if you can direct him/her toward sftp you're in a lot better shape security wise.
<DeltaHeavy> kully: To make it so that dir is their default directory (I reccommend the other method I told you about, and I can help you do that), just change the user's home dir.
<DeltaHeavy> FTP is insecure as hell and garbage for a few other reasons. Slower being one of them.
<kully> LarsN I'm trying to make this as simple for the user as they arn't to tech literate. I just want him to click on filezilla and beable to drop the files in the directory
<LarsN> if you have to use FTP, you should set the user's shell to /bin/false, as he/she'll be sending username/password in plain text.
<DeltaHeavy> FTP IMO should be considered a "Legacy Protocol" and avoided at all costs.
<kully> yeah I'm using sftp authenticating with rsa
<LarsN> kully: filezilla supports sFTP out of the box.
<kully> right i'm using sftp for this
<LarsN> for true double-click only, you could go so far as to provide a set of keys for this user/folder and associate the private key within filezilla.
<LarsN> kully: iirc, (and it's been years since I've used FTP), you should be able to do virtually anything you want with vsftp.
<LarsN> s/vsftp/vsftpd
<DeltaHeavy> He's using SFTP though. Forget about FTP.
<DeltaHeavy> kully: You going to change their home dir, or just do network mounts? IMO if you set up the account right you can just remove all folders like .bashrc and .ssh
<kully> yea i didn't want to use vsftp because that would negate all the other security settings I have in place
<DeltaHeavy> Actually, if you're using RSA auth, they NEED to have permissions into .ssh I think. I could be wrong though.
<kully> yeah they need permissions to .ssh
<kully> I was thinking of creating a symlink to the directory in the dir
<kully> but I want filezilla to not show hidden files/folders
<LarsN> kully: one second, installing filezilla to look :)
<kully> haha thanks!
<DeltaHeavy> kully: That'd be less secure IMO. I'd just give them access to .ssh.
<DeltaHeavy> Like, it COULD be less secure. It sounds weird.
<kully> yeah currently he does have access to all that stuff, and that's ok, I just don't want him to see it. He's the COO and he'll be like what are these files and why can I see them. I just want to see /var/www/whatever/documents
<kully> so I want to redirect the sftp default directory for just his user to /var/www/whatever/documents
<LarsN> kully: so, when you setup the new site in Filezilla
<LarsN> and set it to SFTPd
<DeltaHeavy> kully: And expalin "It's needed to log in without a password" and be done with it. The .bashrc and all that can be fixed by changing their shell to '/bin/false'.
<LarsN> under "advanced" you can set the "default local directory"
<kully> Lars
<kully> nice
<LarsN> which would let you have /home/someuser  be his home directory, but /var/www/ as what shows up
<kully> that's exactly what I neded. Perfect
<DeltaHeavy> I spent a lot of time configuring SFTP to make it safe, as for small web projects I store the password for that account in plain text on my local machine for an SFTP plugin for my text editor. Since that's a huge problem, I secured the ever living crap out of my SFTP account.
<LarsN> s/would/should
<LarsN> want to clarify, I haven't tested this....  :)
<kully> yeah I'm going to test it now; seems like that's what I'm looking for though
<LarsN> been so long since I've used filezilla, I thought that feature was there, but wasn't sure.
<kully> yep. That works like a charm
<LarsN> kully excellent.  I'd still suggest working to ensure strong security around the user and SFTP in general.
<DeltaHeavy> kully: I also suggest making an 'sftp' group and applying this to the **END** of your /etc/ssh/sshd_config - http://paste.ubuntu.com/7794011/
<LarsN> but glad the filezilla parts work at a minimum.
<DeltaHeavy> kully: That in combination with changing the default shell to /bin/false, and making some entries in /etc/fstab for local mounts, you're gold.
<DeltaHeavy> I can walk you through it if you wish. It's safe enough for me to comfortable have my password for any secured account in a plain text file on my local machine, that I fear may one day be accidently pushed to a git repo :p
<LarsN> anyone here an Preseed wizard with experience around Intel Matrix "raid" devices?
<DeltaHeavy> It's basically a bare SFTP account not capable of any shell or shell-like activities.
<kully> Delta: yeah I'm setting those things now too. That's perfect.
<kully> i'm in a good place now thanks guy
<kully> s
<kully> and gals
<LarsN> *ThumbsUp*
<DeltaHeavy> kully: np, if you need any help feel free to come. ALso I forgot to mention to MAKE that group (the one I call 'sftp') and apply it to the user you want.
<DeltaHeavy> Back when I was using Ubuntu mainly as a desktop I heard upgrading from version to version was somewhat buggy and problem prone. Is this still the case? I have a LEMP server running 12.04, and it'd be nice if I could upgrade it to 14.04 but I don't want to gamble with a production server. Are there ANY disadvantages to running the update?
<DeltaHeavy> I assume my LEMP stack will be updated and I suspect everything will work fine on newer versions of the server software and PHP. I'm using MariaDB so it won't effect that.
<bekks> DeltaHeavy: That assumption heavily depends on the software used.
<DeltaHeavy> bekks: It's a production server for 2 websites that are almost completely static. Is that what you meant? Otherwise I'm not sure what you mean.
<DeltaHeavy> Also if I do it I'll be doing in the middle of the night where I can handle up to 6hrs of downtime.
<bekks> static websites with mariadb and php? Sounds - odd :)
<DeltaHeavy> Further downtime wouldn't be disasterous either. These aren't high traffic websites.
<OliPicard> Greetings all, I am using a VPS with a hosting firm. I have tried to run a graceful reboot on the server using shutdown -r now and reboot now however the server is unresponsive. any idea why?
<DeltaHeavy> bekks: They do a few things via PHP/MariaDB. Mostly dealing with the YouTube, MailChimp, and EventBrite API which is pretty minimal, and as entries are added to the API I store them in the DB too for insurance.
<patdk-wk> the upgrade stability depends on many things
<patdk-wk> if you made config changes the debian/ubuntu way or not
<patdk-wk> the changes packages have made (if any)
<patdk-wk> and if you are using no-longer supported features (big issue with php)
<DeltaHeavy> patdk-wk: I know all the PHP in this site will be compatable with v5.5. I've made very little configuration changes in /etc/nginx/nginx.conf and /etc/php5-fpm/<whatever the pool file is>, and would be A-OK with making these changes again. Are there ANY other drawbacks to doing an upgrade?
<DeltaHeavy> I remember doing it from 8.04 to 8.10 which ended up being disasterous but I was a GNU/Linux noob at the time.
<patdk-wk> I had big issues back in 7.x 8.x and 10.x for upgrades
<patdk-wk> I haven't had really little annoynces with 12.04
<DeltaHeavy> How will it differ than a clean install of 14.04?
<patdk-wk> and 14.04 has been very smooth
<DeltaHeavy> Or is it pretty much the same.
<DeltaHeavy> I guess going from LTS to LTS would be a lot smoother too since they'd focus on that more I guess.
<patdk-wk> well, it's pretty much almost exactly the same
<patdk-wk> the difference is, preferences set from 12.04 default install will hang around
<patdk-wk> vs getting 14.04 preferences
<patdk-wk> but that is normally a gui/gnome thing, not server
<DeltaHeavy> Yeah, that's totally fine with me.
<patdk-wk> the one thing you might have issues with, if your using 12.04 or so
<patdk-wk> ubuntu didn't have mariadb back then
<patdk-wk> and now does
<patdk-wk> that might cause alittle package upgrade issue
<patdk-wk> easy enough to solve, but might be annoying for a little bit :)
<DeltaHeavy> patdk-wk: I'm using a 3rd party PPA. I think I'd just dump my DBs, uninstall MariaDB, remove the PPA, and start from scratch with the official repo in that case.
<patdk-wk> :)
<DeltaHeavy> I didn't know 14.04 came with MariaDB in the official repos though. Great news.
 * RoyK prefers postgresql over {mariadb,mysql} any day
<DeltaHeavy> Agree'd, but when working with some PHP site that other developers will probably have to use one day, I prefer going with what MOST people know.
<DeltaHeavy> Mind you with PDO I don't think I"d have to worry about that =/
<patdk-wk> you do
<DeltaHeavy> I need to get on a good ORM for all the PHP work I do outside of a framework.
<patdk-wk> pdo while a nice idea, is broken and buggy
<DeltaHeavy> It is? I havn't noticed :p
<patdk-wk> I had so much fun attempting to get lastinsertid working
<patdk-wk> for mysql, it just works :)
<patdk-wk> for everyone else, buggy as crap
<patdk-wk> and the bugs change from version to version :)
<DeltaHeavy> Ah, yeah. When I'm working with PHP sans framework MaraiDB/MySQL is my goto.
<DeltaHeavy> As much as I wish everybody would move away from PHP and MaraiDB/MySQL all together :p
<RoyK> DeltaHeavy: from PHP to what_
<RoyK> ?
<patdk-wk> forth
<RoyK> ada
<patdk-wk> lisp :)
<patdk-wk> I can never have enough brackets
<DeltaHeavy> RoyK: Anything lol. I'm trying to move mainly to Python personally.
<RoyK> hehe
<DeltaHeavy> Django specifically. Everything that's small fish I still do in PHP.
<RoyK> perl in good old cgi mode
<RoyK> that'll make your day
<DeltaHeavy> plzno
<patdk-wk> I use perl as my backend code
<patdk-wk> and normally php/lua for frontend
<DeltaHeavy> In College I had to make a website in Perl without using any libraries like 'CGI'
<patdk-wk> I still have some websites coded in C
<RoyK> hehe
<RoyK> like nagios, hardcoded html i C
<RoyK> yuch
<patdk-wk> na, it used html template files :)
<patdk-wk> basically I created php/mysql into a small c cgi
<patdk-wk> it was back in php v2 days though
<patdk-wk> hmm, this is giving me horrible results
<patdk-wk> using xz -9, I'm only getting a max of 2% better compression vs gzip -9
<jamescarr> if an init.d script has a call like   log_daemon_msg "Stopping $DESC"
<jamescarr> where does log_daemon_msg go to!?
<patdk-wk> depends on what log_daemon_msg function does
<patdk-wk> most likely, syslog
<jamescarr> I thought so too, but alas nothing
<TJ-> jamescarr: upstart captures console output and flushes it to "/var/log/boot.log"
<jamescarr> patdk-wk: right but given this is a stock 14.04 setup I was assuming there was a common location it would log to
<jamescarr> syslog wasn't it
<jamescarr> TJ-: checking...
<jamescarr> TJ-: no dice, seems that is just the boot.log
<patdk-wk> log_daemon_msg doesn't sound like, console output :)
<Chris_hubu> Hello everyone
<lietzmk> Hello Chris
<Chris_hubu> I used to use Debian on all my servers but am moving to Ubuntu. One some VMs I'm going to use Ubuntu 12 (Xen VMs) and to manage them via opennebula
<Chris_hubu> any downsides that I'm not aware of related to the fact that I'll stick to ubuntu 12 for a while?
<lietzmk> I believe you get updates to Debian longer then ubuntu. LTS 5years
<Chris_hubu> that I know
<TJ-> jamescarr: Are you calling the init.d script manually then?
<Chris_hubu> what I meant is, would you see anything wrong about keeping ubuntu12 on production VMs/servers for the time being?
<lietzmk> I switch from Debian to Ubuntu, 4 years ago, that is the biggest for me
<jamescarr> TJ-: via service foo start
<Chris_hubu> -_-
<sarnold> Chris_hubu: the ubuntu update manager thing doesn't prompt 12.04 users about 14.04 until after 14.04.1 is released, which ought to be in a month or two
<sarnold> Chris_hubu: there's nothing wrong with staying on 12.04 LTS if you'd rather
<Chris_hubu> thanks a lot, sarnold I wasn't sure.
<Chris_hubu> anyone here ever used opennebula on ubuntu servers?
<lietzmk> I'm going to leave 12.04 on my main production server till 2017, then replace the whole box
<Chris_hubu> ok
<TJ-> jamescarr: well, "log_daemon_msg()" is in "/lib/lsb/init-functions" and calls "log_daemon_msg_{pre,post}()" in "/lib/lsb/init-functions.d/50-ubuntu-logging" - they all write to stdout
<DeltaHeavy> How can I alter the DEFAULT user:group ownerships recersivly in an entire directory?
<sarnold> DeltaHeavy: see the bsdgroups option in mount(8)
<DeltaHeavy> sarnold: This isn't a mounted volume though. It's in the root fs.
<patdk-wk> chmod?
<patdk-wk> chown I mean
<DeltaHeavy> patdk-wk: I'm still a little confused. I'm Googling and it seems 'bsdgroups' is in fact a mount option.
<DeltaHeavy> I don't see it in the chown man pages anywhere
<patdk-wk> heh?
<patdk-wk> see it?
<DeltaHeavy> Not in chown
<patdk-wk>   -R, --recursive
<patdk-wk>               operate on files and directories recursively
<DeltaHeavy> I know that one
<patdk-wk> well, then what is the question
<patdk-wk> cause yours wasn't specific enough
<DeltaHeavy> How can I alter the DEFAULT user:group ownerships recersivly in an entire directory?
<patdk-wk> oh, heh
<DeltaHeavy> Note the 'DEFAULT' in all caps :p
<patdk-wk> well, oviously you can't default a user/owner
<patdk-wk> the group depends on the directory owner
<patdk-wk> maybe you want to make the directory sticky?
<patdk-wk> look in chmod for that
<DeltaHeavy> patdk-wk: That's crappy >: I have a bunch of document roots and for small projects I use an SFTP plugin for my text editor. I upload these files through a special account that has a chroot'd enviroment and no actual shell access. It gives each NEW file it uploads a user:group of its own user, when I want it to specifically be webdev:sftp
<patdk-wk> well, that is easy :)
<patdk-wk> login as the webdev user :)
<DeltaHeavy> patdk-wk: But these files aren't uploaded through there because it's not an account I want to be throwing out access to everybody, nor store in a plain text file on my computer in order to use the plugin.
<DeltaHeavy> This account is specifically for all SFTP operations.
<patdk-wk> maybe rethink how you do permissions?
<DeltaHeavy> How should I go about that?
<patdk-wk> or use acl's instead?
<patdk-wk> I dunno, I don't know your goal
<DeltaHeavy> I was thinking of giving in and just using ACLs.
<DeltaHeavy> Basically I want the owenrship of webdev:sftp for all new files created regardless of what user made them.
<patdk-wk> acl's have what you want though
<patdk-wk> with it's inherit option
<DeltaHeavy> Yeah, probably. I just don't have the time to learn them right now.
<patdk-wk> well, doing what you want, won't happen, that would be a security issue
<patdk-wk> you could make a small script to do it
<patdk-wk> use inotify, and change the user
<patdk-wk> so it happens instantly after upload
<patdk-wk> but then your likely have issues updating the file, depending on the other permissions
<DeltaHeavy> patdk-wk: I usually just run 'sudo chown -R webdev:sftp *' to fix it as I'm not adding files often, but I'd like to fix this proper some time.
<DeltaHeavy> I think I'll just learn how to use acls
<DeltaHeavy> Unix file permissions are way to limited.
<patdk-wk> yes they are, but they are simple :)
<DeltaHeavy> Yeah, I'm not hating on them.
#ubuntu-server 2014-07-15
<axiom> question, I'm new to linux, been off and on with the desktop, with that being said. I want to fully move away from windows. I have a desktop pc that I dont use and want to install ubuntu server on it. My primary focus on it as of right now is setting it up to do backups of my labtop and possibly external hd. What all area's of a server system should I start and focus on?
<sarnold> axiom: I'd give a quick read to the server guide: https://help.ubuntu.com/14.04/serverguide/
<sarnold> axiom: feel free to skip things that don't make sense (and skip DM-multipath entirely)
<sarnold> hopefully you'll find interesting things to do with it :)
<axiom> I'm also new to irc, not sure how u replied in red but ty for the link. hopefully that will help get me going. Would u recommend backup software or a cron script for it?
<sarnold> axiom: I just typed your name in the front of the line :) -- most irc clients will highlight whatever lines have the nickname in it..
<sarnold> axiom: .. and to type 'axiom' it's even easier than that, I just type 'ax<tab>' and my client fills in the rest -- yours probably does too
<axiom> sarnold, lol that it does. learn something new every day :)
<sarnold> axiom: I use rsnapshot for backups; there's a lot of choices for backups, it's hard finding the "right" one to use..
<Patrickdk> but dm-multipath is nice :)
<Patrickdk> works good for my dual ported disks :)
<sarnold> axiom: bacula, amanda, rsnapshot, dejadup, duplicity, etc. etc. etc. you can go crazy trying to compare them all.
<Patrickdk> wait? all you want is to backup your laptop to it?
<axiom> sarnold, I have a book on backup and restore, and they talk about bacula, ntbackup, tar, dd, amanda,
<sarnold> Patrickdk: hehe yeah, I had a fun two days reading the dm-multipath docs before coming to terms with the fact that I just can't afford that kind of hardware
<Patrickdk> simple to just use the build in backup in ubuntu to other server ssh account :)
<Patrickdk> sarnold, heh
<sarnold> axiom: tar and dd are fantastic tools but you wouldn't want to start there for a full backup system :)
<axiom> Patrickdk, thats just a start to get me working with the server side. eventually i'm going to build a rackmout to host vm's firewall and other things
<Patrickdk> ya, tar/dd aren't really for backups, unless your doing offline backups
<sarnold> Patrickdk: though I did get to wondering about some sata<-> sas interposers I've heard about... would they increase reliability by adding new lanes? or decrease reliability because HOLY COW SATA WASN"T MEANT FOR THAT!! :)
<Patrickdk> sarnold, depends on how you use it :)
<Patrickdk> you must only use one lane at a time, normally with those
<Patrickdk> they increase reliability, due to path failure (cable/hba/...)
<Patrickdk> not due to disk failure
<Patrickdk> and your still limited to 1/4th the bandwidth sas would have
<sarnold> not 1/2?
<Patrickdk> nope
<sarnold> cripes
<Patrickdk> two ports, bi-directional
<Patrickdk> sata is half duplex
<sarnold> omg how am I just now learning that?
<Patrickdk> though I will say, most sas systems don't use both ports at once
<Patrickdk> I'm doing a loadbalancing thing
<sarnold> *sigh* I wish you were close enough to answer my stupid questions over beers or something. :)
<Patrickdk> do keep down cache clutter on the disks :)
<Patrickdk> it switches sas path's every other 1MB of disk space
<sarnold> wow, why so fast?
<Patrickdk> hmm?
<Patrickdk> I have the extra wires, why not make them do something more than failover
<sarnold> isn't that switching some 20-30 times per second?
<Patrickdk> no, no
<Patrickdk> the disk appears as two disks
<Patrickdk> cause of the two ports
<sarnold> *boggle*
<Patrickdk> for odd megs, I read/write using port 1, and evens on port 2
<Patrickdk> do double speed, and better latency
<Patrickdk> the issue normally with using both ports randomly
<FFForever2> How do I solve ingoring unknown interface eth0=eth0 when trying to configure a static IP after installation without networking? I added it the debian way in /etc/network/interfaces (with auto eth0)
<Patrickdk> is they have a habbit of flushing cache when you access the same place on both ports
<Patrickdk> and that happens suprisingly often
<sarnold> Patrickdk: oh! I could see that.
<sarnold> FFForever2: can you pastebin your /etc/network/interfaces file?
<sarnold> Patrickdk: at least, if I were a drive firmware author, I'd be sorely tempted to do the same :)
<sarnold> Patrickdk: how do those drives show up if they look like two drives? how do you add them to your pools?
<Patrickdk> really though, I normally use linux multipath for iscsi/fc
<Patrickdk> and do most of my sas multipath on solaris
<sarnold> ahhhhhh
<Patrickdk> they show up as two disks
<Patrickdk> you use dm-multipath to join them into a single disk (based on wwn)
<FFForever2> sarnold, I'm an idiot. I had to save locally and cp it as I forgot to sudo vi. I copied it to /etc/interfaces... whoops. Fixed. Sorry to waste your guy's time.
<Patrickdk> then add the dm-multipath devices to your pool
<sarnold> FFForever2: success :)
<sarnold> Patrickdk: cool :) so.... would those interposers fit into a standard disk chassis? or do they only work for desktop-style systems with loads of clearance behind the drives?
<Patrickdk> both, depending
<Patrickdk> like dell, their trays have two mounting options
<Patrickdk> sas and sata
<Patrickdk> the sata is where you mount a sata with interposer
<Patrickdk> and sas if you don't use the interposer
<Patrickdk> so it will depend on your chassis
<FFForever2> I added two nameserver entries for 8.8.8.8/8.8.4.4 to /etc/resolv but I still can't ping google.com. I can ping both of the addresses though.
<sarnold> FFForever2: resolv or resolv.conf?
<FFForever2> sarnold, I need coffee and fast.
<sarnold> FFForever2 :) might be good to go take care of that before much more typing, hehe
<Patrickdk> sarnold, just setup iscsi :)
<Patrickdk> that is the most simple solution to playing with dm-multipath
<sarnold> Patrickdk: well, the box I hope to build -would- make a nice iscsi target
<sarnold> Patrickdk: and i'd given up on mutlipath on that both but now you've got me wondering again :)
<Patrickdk> it's fun to play with :)
<Patrickdk> multipath wins over lacp any day :)
<sarnold> Patrickdk: oooooo
<Patrickdk> well, lacp caps you at the max speed of a single one
<Patrickdk> sure you could make like 8 connections, but no guarrentee they will load up evenly
<Patrickdk> multipath makes one per path, and depending on how you want to use them, loads them all up evenly
<Patrickdk> and just stops using broken ones as needed
<Patrickdk> goes through ip addresses quicker though
<sarnold> Patrickdk: does the linux iscsi stuff work well enough with multipath? or is that another case where you'd rather use illumos / solaris?
<Patrickdk> I haven't attempted it as a server
<Patrickdk> but shouldn't matter much
<Patrickdk> for client side, on linux it's much simpler, as it's just normal iscsi clients and normal dm-multipath
<Patrickdk> but for iscsi target, it would matter
<Patrickdk> I would be suprised though, if it fell apart on you, as it should be a normal usecase for esxi
<axiom_1> that was a pain trying to register a nickname lol
<sarnold> axiom_1: yes :)
<axiom_1> should I set the server to install security updates automatically or whats best for a sys admin approach?
<Patrickdk> depends on how much you watch it :)
<Patrickdk> do you want it to randomly break on it's own? or only when you break it?
<Patrickdk> that last php security update, cause some breakage
<axiom_1> well i'm always on my computers, i have no life lol. and wanting to get a jump start to my cs career
<Patrickdk> if you don't mine random issues sometimes, I would go for autoupdate
<Patrickdk> as you can be more lazy
<axiom_1> well either way, the logs should be able to tell me what happen, I would hope lol
<Patrickdk> if you do maintain it every week, manual is fine
<axiom_1> guess im going for the manual to learn the hard way :)
<sarnold> well, that's just "apt-get update && apt-get -u dist-upgrade"  every day or so :)
<Patrickdk> well, for all updates not just security :)
<Patrickdk> but that is what I do
<Patrickdk> I watch the security bullitens, and run an update on my test machine
<Patrickdk> then I push it out to the others
<Patrickdk> probably why I don't have that apt-cacher-ng multiaccess issue you have sarnold
<Patrickdk> test run is good for something :)
<axiom_1> Patrickdk, ok i know this is going to sound dumb, how do u push it down to your other clients?
<sarnold> Patrickdk: well, I abused the heck out of that poor cacher; a dozen build schroots, a dozen VMs, plus local use. I'd routinely start up a handful of updates at a time just to keep the cache hot :) hehe
<Patrickdk> push it down?
<axiom_1> yea
<sarnold> axiom_1: updates are best pulled on every client machine on their own schedule..
<sarnold> axiom_1: if you've got more than a handful of systems to do updates, you'd want a tool like landscape or puppet or chef or ansible to help you keep track of them all
<Patrickdk> or cluster-ssh, apt-get dist-upgrade :)
<Patrickdk> na, I just have a nice large bash script I use to kick them all off
<Patrickdk> puppet I use, chef, I dunno, I just can't get around that one
<sarnold> heh, understood
<Patrickdk> but I like my bash script :)
<axiom_1> sarnold, ah k, yea i was thinking of a script or some tool like you said.
<axiom_1> yea i can't rap my head around bash or python :(
<Patrickdk> it tells my loadbalancer to take it offline, runs the updates, reboots, then turns it back on the loadbalancer
<Patrickdk> around bash? it's just command line in a file
<Patrickdk> just like dos batch files :)
<axiom_1> I never really messed with dos batch files
<sarnold> except less horrible
<sarnold> Patrickdk: nice; how far apart between your updates?
<Patrickdk> between systems?
<Patrickdk> normally 1 or 2 min
<Patrickdk> it waits for it to come backon, before moving to the next server in the same cluster
<axiom_1> Patrickdk, is this your personal setup or your work environment?
<Patrickdk> both
<sarnold> :)
<axiom_1> nice
<Patrickdk> my personal work enviroment, as I own the company
<axiom_1> what kind of company is that if you don't mind me asking?
<Patrickdk> this one, just webhosting/email
<axiom_1> see, I have no clue how any of that would work lol
<sarnold> axiom_1: apt-get install apache    or apt-get install nginx  and start fiddling with it :) hehe
<axiom_1> should I let kexec-tool handle reboots?
<FFForever2> How can I figure out why post-up isn't executing?
<FFForever2> (in /etc/network/interfaces for eth0)
<sarnold> axiom_1: email is far more complicated. time was you'd just throw up a mail server, imap server, and call it a day, but modern anti-spam means mail servers need tons of love and care. it's a royal hassle.
<axiom_1> lol i got alot of reading to do. There goes what life I had if any
<Patrickdk> web is the same, as soon as you install your first cgi :)
<sarnold> FFForever2: check exec bits on referenced files, use full paths...
<sarnold> Patrickdk: *shudder*
<axiom_1> ya'll are going to make my brain explode :)
<sarnold> axiom_1: that's my feeling every time talking with Patrickdk :) hehe
<Patrickdk> heh, my issue is, I like to learn
<Patrickdk> and I must know everything from the base up
<sarnold> *nod* *nod*
<axiom_1> my issue is I have a hard time learning
<Patrickdk> just grab some rfc's and have a bathroom break :)
<sarnold> axiom_1: you're here, you're tring things :) that's most of it, right there
<sarnold> dinner time :)
<axiom_1> sarnold, enjoy
<Patrickdk> I've been playing, since I was 8
<Patrickdk> and on linux since well, v1.2
<axiom_1> I started late, I've been off and on with ubuntu desktop. But I finally getting my hands around the desktop portion somewhat. Still having issues with the terminal but I'm sure time will get me there
<Patrickdk> big thing is, don't follow tutorials/blogs
<axiom_1> well damn
<Patrickdk> if something looks ok, make sure you crosscheck it with the manual
<axiom_1> maybe thats why im having issues :)
<Patrickdk> I even apply that to ubuntu serverguide
<axiom_1> Patrickdk, would u recommend kexec-tools to handle reboots or should I do it manually?, the ubuntu server guide doesn't say anything about it.
<Patrickdk> mainly cause the serverguide is normally the bare basics to make it work, not specifically functional
<Patrickdk> I thought kexec was a payed for service
<axiom_1> nope, I just downloaded and installed it
<Patrickdk> so the tools will be useless without the kexec patches you get from that service
<axiom_1> well damn
<Patrickdk> and that would only handle kernel vaunerabilities, and cause it so you don't need to reboot
<Patrickdk> but you still need to install and restart applications
<Patrickdk> s/install/update
<Patrickdk> oh, kexec isn't what I thought it was
<axiom_1> lol
<Patrickdk> it's like solaris fastboot
<axiom_1> oh k
<Patrickdk> it will depend on your hardware and drivers
<Patrickdk> if it works or not
<axiom_1> well i pressed no for it to handle reboots
<axiom_1> I can always play around with it and see how it goes
<axiom_1> it's just a learning comp atm anyways
<Patrickdk> I was thinking of ksplice
<sarkis> hey all, i can't get libcurl.a to install on 14.04
<sarkis> anyone know which package provides it? it's apparently not libcurl4-openssl-dev
<soren> sarkis: http://packages.ubuntu.com/search?searchon=contents&keywords=libcurl.a&mode=exactfilename&suite=trusty&arch=any
<soren> sarkis: apt-file will also answer that sort of question for you.
<Abhijit> kindly help me with ubuntu preseed issue as described here http://ubuntuforums.org/showthread.php?t=2234480&p=13073762#post13073762
<Abhijit> this is not a cobbler issue.
<Abhijit> its purely preseed + ubuntu issue.
<sarnold> Abhijit: are you confident the mini iso supports the preseed files?
<Abhijit> sarnold, i tried with serveriso too. same issue.
<Abhijit> let me try once again to be sure.
<Abhijit> sarnold, same issue with server iso. why does it try to configure network with dhcp? centos never ask me for dhcp. dhcp server is already running and its already assigned the ip to nic of target machine. then why ubuntu again ask me to run dhcp? how can i disable dhcp from kickstart or preseed?
<Abhijit> also i tried both kickstart and preseed file for ubunt. both gives same error.
<sarnold> Abhijit: sorry, I've never used preseed files, no idea why it is failing
<Abhijit> ok
<Abhijit> sarnold, did you used kickstart/
<sarnold> Abhijit: no
<Abhijit> ok.np.
<Abhijit> sarnold, is there any other alternate automating and provisioning softaware which works 100% compatible with ubuntu / debian?
<see1> hello
<see1> what means this? W: GPG error: http://de.archive.ubuntu.com precise-security Release: Unknown error executing gpgv
<hxm> i have installed the package gitweb and it asked nothing, how can I see what is the url path?
<hxm> ah, found the gitweb.conf
<Chris_hubu> hi guys
<Chris_hubu> has anyone ever used opennebula on ubuntu server here?
<MACscr> for a server, is ok to completely disable and possibly remove plymouth? Its a headless system, so i dont see a point in having it
<MACscr> and is the only option for disabling it in grub?
<rberg_> I found that you do need to have plymouth installed or else you break the recovery system
<rberg_> at least on 12.04
<rberg_> eg: if A disk is missing during boot you will be asked "skip or manual recovery" without plymouth installed there is no way to answer that question and the system will wait forever
<qman> Same on 10.04
<qman> Or at least very similar, mine just sat there with a blinking cursor, no messages
<MACscr> that stinks
<qman> Yep, but that's the way it is, just have to put up with plymouth if you want ubuntu to work properly
<rberg_> you can install the txt theme
<MACscr> i see a lot of these i my dmesg output http://pastie.org/pastes/9393758/text?key=asmwxhqvj6h1ksw7wbexqw
<lordievader> Good afternoon.
<RoyK> afternoon
<lordievader> Hey RoyK, how are you?
<RoyK> fine, thanks
<rberg_> "install-keymap us-latin1" "unknown charset unicode - ignoring charset request"  what does this mean?
<hxm> how to run a cron every 61 seconds?
<rberg_> crontab to run every min with a sleep 1 ?
<hxm> yes I was thinking that right now
<punkgeek> how to encrypting root partition with LUKS?
<pmatulis> punkgeek: use the installer
<punkgeek> ont unstand :D
<pmatulis> hm?
<punkgeek> https://help.ubuntu.com/community/EncryptedFilesystem is it good for me?
<lordievader> punkgeek: The installer will guide you through setting up an luks encrypted install.
<xnox> punkgeek: desktop installer -> full disk encryption is one tickbox + password.
<xnox> punkgeek: in server installer it's change default to encrypted + password.
<punkgeek> ???
<lordievader> !ir | punkgeek
<ubottu> punkgeek: #ubuntu-ir baraye Farsi zabanan mibashad ke channele rasmie goroohe Iran-ie ubuntu ast. #ubuntu-ir  Ø¨Ø±Ø§Û ÙØ§Ø±Ø³Û Ø²Ø¨Ø§ÙØ§Ù ÙÛâØ¨Ø§Ø´Ø¯ Ú©Ù Ú©Ø§ÙØ§Ù Ø±Ø³ÙÛ Ú¯Ø±ÙÙ Ø§ÛØ±Ø§ÙÛ Ø§ÙØ¨ÙÙØªÙ Ø§Ø³Øª.
<lordievader> Might be easier ;)
<punkgeek> its empthy :-"
<ses1984> hi, i'm trying to use php5-imap module from the repositories and running into some weird problem. i do apt-get install php5-imap and it says i have the latest version installed. but then i try php -m | grep -i imap and it is not listed...what's going on? is there something else i need to do to complete the install?
<zartoosh> hi I am trying to download a binary debian package (not install) and all it dependencies to a particular directory is this possible? thx
<Chris_hubu> zartoosh, do you mean that you want to only download packages from apt-get?
<Chris_hubu> apt-get has a "download only" option
<Chris_hubu> -d, --download-only
<Chris_hubu>      Download only; package files are only retrieved, not unpacked or installed.
<Chris_hubu>      Configuration Item: APT::Get::Download-Only.
<rberg_> I was thinking that except it wont download deps that are already installed
<Chris_hubu> apt-get source maybe?
<billy_ran_away> Can anyone help me with my ldap server at home? Upgrading the slapd package broke it...
<billy_ran_away> This is what syslog says http://pastie.org/9394730
<pmatulis> billy_ran_away: says 'invalid dn (cn=admin,dn=therobotis,dn=us)', are you sure that's correct?
<pmatulis> and not 'cn=admin,dc=therobotis,dc=us' ?
<billy_ran_away> pmatulis: It was last time I set it up
<punkgeek> can i remove passphrase when booting?
<pmatulis> punkgeek: remove passphrase of what?
<punkgeek> see, i set password on file system, when i reboot my os, when is boot, need password
<punkgeek> can i remove this?
<pmatulis> punkgeek: what filesystem?
<punkgeek> root
<pmatulis> punkgeek: well how would the system boot?
<zartoosh> Chris_hubu, that worked and thank you.
<Chris_hubu> you're very welcome zartoosh, I'm glad I could help
<punkgeek> ???
<pmatulis> punkgeek: is / needed to boot up properly?  yes or no?
<billy_ran_away> I don't get what changed in my LDAP setup...
<billy_ran_away> God I wish LDAP wasn't so stupidly complicated...
<pmatulis> billy_ran_away: use ldapwhoami to verify your root dn, the admin guy referred to above
<billy_ran_away> pmatulis: missed that, I'm not on my regular irc client because I can't log in to my regular account and start znc
<punkgeek> yes
<punkgeek> i need boot without passpharse
<pmatulis> punkgeek: so you need to decrypt it first right?
<billy_ran_away> pmatulis: Here's the output http://pastie.org/9394750
<pmatulis> billy_ran_away: you need to provide the usual arguments to ldapwhoami
<billy_ran_away> pmatulis: Like what?
<punkgeek> no no, see i need encrypt my file system, when done it, i see passphare on boot, so i need remove this, what should i do?
<billy_ran_away> root@robot:~# ldapwhoami -h ldapi://ldap Could not create LDAP session handle for URI=ldap://ldapi:%2F%2Fldap (-9): Bad parameter to an ldap routine
<punkgeek> just need remove passphare on booting
<guntbert> punkgeek: thats the point of encryption
<punkgeek> when booting is done, then i need enter passpharse
<punkgeek> is it crazy thing?
<pmatulis> billy_ran_away: ldapwhoami -x -D "cn=admin,dc=example,dc=com,dc=au" -w secret
<pmatulis> punkgeek: no, it's not crazy.  you need to supply a password in order to decrypt your root filesystem.  that's all.  you might be able to keep some filesystems encrypted that are not necessary for booting however
<billy_ran_away> pmatulis: Sweet that did it, but now what? http://pastie.org/9394769
<pmatulis> billy_ran_away: congratulations.  you verified your root dn
<billy_ran_away> pmatulis: Great, but that's exactly what I have in my ldap.conf
<punkgeek> so what should i do?
<pmatulis> billy_ran_away: now you need to figure out why your logs show a different root dn
<pmatulis> punkgeek: supply the password
<rberg_> punkgeek: maybe you can embed your passphrase in the initramfs.. but then why encrypt root at all?!
<billy_ran_away> Jul 15 17:20:26 robot slapd[27226]: conn=1063 op=5 do_bind: invalid dn (cn=admin,dn=therobotis,dn=us)
<billy_ran_away> pmatulis: They do?
<pmatulis> billy_ran_away: yup.  now what is triggering that
<billy_ran_away> pmatulis: Oh dn vs dc?
<pmatulis> billy_ran_away: yep
<pmatulis> i gotta go guys, good luck
<punkgeek> can i encrypt just apache files?
<sarnold> punkgeek: what is your goal?
<billy_ran_away> grep -ri dn=therobotis /etc/ shows nothing...
<punkgeek> see, i have any files in /var/www and i need encrypt this file, and then get backup os, and send it to users
<punkgeek> php encyption is not good, so i need to do this work
<sarnold> punkgeek: so, you want to serve encrypted files to your clients, and them decrypt the file?
<punkgeek> and, php should be work on the web server
<punkgeek> no
<DeltaHeavy> punkgeek: PHP encryption is as good as the algo you use.
<billy_ran_away> Anyone know much about slapd?
<punkgeek> can i just encypt /var/www ?
<DeltaHeavy> punkgeek: It sounds like you're going about this in all the wrong way. What exactly ware you trying to encrypt?
<sarnold> punkgeek: who will decrypt its contents? how? why?
<sarnold> punkgeek: what threat are you trying to mitigate?
<billy_ran_away> anyone know how to change the dn slapd binds to?
<sarnold> billy_ran_away: would that be in /etc/ldap/slapd.conf, rootdn? see e.g. https://help.ubuntu.com/community/OpenLDAPServer
<billy_ran_away> sarnold: I don't have that file...
<billy_ran_away> sarnold: root@robot:~# ls /etc/ldap/ sasl2  schema  slapd.d  ssl
<sarnold> billy_ran_away: ahhh, I just found https://help.ubuntu.com/14.04/serverguide/openldap-server.html -- which has a the slapd.d configuration ... interesting
<sarnold> it looks Complicated :)
<billy_ran_away> why does this package have to break so often?
<billy_ran_away> setting up an ldap server on ubuntu was a horrible mistake...
<billy_ran_away> I'm stuck.
<billy_ran_away> I'm just so pissed off.
<billy_ran_away> I hate LDAP and I hate Ubuntu.
<DeltaHeavy> billy_ran_away: Take a break :p
<billy_ran_away> I don't understand why the package maintainers feel it necessary to break existing installs.
<rbasak> billy_ran_away: it is *incredibly* difficult to manage feature updates in packages while also not breaking some user somewhere. There are hundreds of use cases, most of them unknown to package maintainers.
<rbasak> billy_ran_away: this is the nature of server packages.
<rbasak> billy_ran_away: to mitigate this, the only reasonable thing to do is to maintain your installation as a codified delta of the default, eg. with configuration management.
<billy_ran_away> rbasak: That nature breaks Ubuntu for the hobbyist.
<rbasak> billy_ran_away: it's a fundamental problem with the way server components are used. This nature isn't Ubuntu-specific. All distros have the same essential issue.
<rbasak> billy_ran_away: we're trying to solve it with Juju and charms to codify specific use cases, rather than having users install some default and then customize it in some way that we don't know so can't provide an upgrade path for.
<sarnold> it's rare software that the developers stop poking at it and changing things. if they do, people complaint it's "no longer maintained" and re-write it without learning the lessons from the existing tools. heh.
<billy_ran_away> rbasak: Well I'm stuck and I have no idea where slapd is getting it's bind dn set from.
<billy_ran_away> Because it's not /etc/ldap.conf as it used to be.
<rbasak> sarnold: well, that happens too. But if you don't want to change things, then no need to upgrade to a new release.
<rbasak> sarnold: if a majority did that, then we'd have longer supported LTSes :)
<billy_ran_away> Jul 15 18:05:47 robot slapd[28299]: conn=1144 op=5 do_bind: invalid dn (cn=admin,dn=therobotis,dn=us)
<billy_ran_away> where in the world is it getting those dn's from?
<billy_ran_away> grep -r dn=therobotis /etc returns nothing
<sarnold> billy_ran_away: grep -r therobotis /etc  ?
<billy_ran_away> sarnold: grep -r dc=therobotis returns lots of stuff
<rbasak> Isn't the bind DN a client thing?
<billy_ran_away> but dn
<rbasak> And how is dn= there twice? That makes no sense.
<billy_ran_away> rbasak: That's what I'm wondering and I have no idea.
<rbasak> billy_ran_away: I'm pretty sure that you have a client configuration problem there. Not slapd.
<rbasak> But it's been a long time since I touched LDAP.
<bitfury_> hi
<billy_ran_away> LDAP is frustrating because all of it's configuration is in LDAP itself...
<billy_ran_away> Like I want to raise the logging level so I can figure out where those errors are coming from
<bitfury_> I'm trying to set up a simple load balancing in apache2 as follows: http://pastebin.com/ujP3Jtyp
<bitfury_> but get: [proxy:crit] [pid 5543] AH02432: Cannot find LB Method: byrequests
<bitfury_> [proxy_balancer:emerg] [pid 5543] (22)Invalid argument: AH01183: Cannot share balancer
<bitfury_> [:emerg] [pid 5543] AH00020: Configuration Failed, exiting
<bitfury_> what did i miss? :\
<sarnold> bitfury_: try "a2enmod lbmethod_byrequests" ?
<bitfury_> sarnold: wow it worked, not sure how I would live without IRC experts :D
<bitfury_> thank you
<bitfury_> been going at it for more than an hour. fml.
<sarnold> bitfury_: heh, it's just a knack for finding the gems amongst the weeds of the internet..
<bitfury_> ;)
 * Patrickdk wonders
<Patrickdk> is sarnold a gem or weed
<sarnold> Patrickdk: depends if I'm asking or answering the questions :) haha
<Patrickdk> oh, I lately setup the apache lb
<rbasak> billy_ran_away: AFAICS, they're coming from an LDAP client. Configuration of how your client connects to LDAP cannot be in LDAP  itself.
<billy_ran_away> rbasak: Yea that makes sense... but the only client I have up right now is the server itself...
<rbasak> I suppose it could be some kind of loopback thing
<billy_ran_away> My one other server that uses ldap is currently fscking its filesystem after going 222 days without a check, ugh
<rbasak> tcpdump/wireshark to eliminate network LDAP traffic?
<rbasak> ANd if you do see network traffic and it's loopback, then track that down to a binary using lsof or netstat
<billy_ran_away> oh shit I know what it is!
<billy_ran_away> rbasak: THANK YOU!
<billy_ran_away> rbasak: It was fucking kerio-connect that I never got working but left installed
<K4k> has anyone here had any luck setting up auto-failback using heartbeat? I've gotten it to where node2 will assume the shared IP address if node1 goes offline but when node1 comes back up and re-assumes the shared IP, node2 doesn't release the IP. This results in node1 serving up the web traffic and node2 responding to pings and a myriad of other messiness...
<sarnold> rbasak: magic as always :)
<billy_ran_away> But now I think I know one reason why it didn't work...
<rbasak> billy_ran_away: np. Glad you fixed it. Hope your impression of Ubuntu is better now :)
<billy_ran_away> rbasak: thanks to you, yes
<billy_ran_away> :)
<Patrickdk> k4k, haven't used hearbeat
<Patrickdk> I normally stick to pacemaker
<K4k> Patrickdk: I wonder how they compare. I'm open to suggestion
<Patrickdk> made by the same people
<Patrickdk> but heartbeat almost never fit my needs
<K4k> How does pacemaker differ?
<K4k> I'm just looking for a way to get my web proxy to be aware if it goes down and fail the IP over to some other system.
<Patrickdk> pacemaker doesn't any of that stuff
<Patrickdk> it only manages resources
<Patrickdk> it doesn't monitor, normally
<Patrickdk> I think heartbeat monitors
<rbasak> According to the package descriptions, heartbeat is "one of the messaging layers supported by the Pacemaker cluster resource manager."
<Patrickdk> yep
<rbasak> pacemaker depends on libheartbeat2
<Patrickdk> heh? don't think so
<Patrickdk> oh ya, it does have that
<rbasak> Oh no, sorry
<Patrickdk> but not the userland config
<rbasak> Well
<rbasak> also corosync | heartbeat
<rbasak> Anyway, I don't know HA stuff very well
<Patrickdk> yep, I use corosync
<Patrickdk> corosync -> pacemaker
<rbasak> I only know that it exists, and pacemaker+corosync seems to be the standard on Ubuntu.
<Patrickdk> ya, I can't answer for his heartbeat issues
<Patrickdk> I know pacemaker won't let that happen
<Patrickdk> but he would likely want the stick resources options, so they don't auto-fallback
<K4k> Yeah, it's something to do with the auto-failback I think. I'll look into the corosync|pacemaker
<Patrickdk> how to do that on heartbeat, dunno
<bitfury> !info redmine
<ubottu> redmine (source: redmine): flexible project management web application. In component universe, is extra. Version 2.4.2-1 (trusty), package size 4434 kB, installed size 13445 kB
<K4k> stupid firewall
<K4k> iptables was blocking the udp port that heartbeat was using to communicate
<K4k> chears
<K4k> cheers*
 * K4k is going home...
<Patrickdk> :)
#ubuntu-server 2014-07-16
<teward> is there a way to stop /etc/resolv.conf from getting DHCP dns nameservers added to it?  I'm using /etc/network/interfaces to set a static IP and it's still adding the DHCP-obtained DNS nameserver entries to resolv.conf
<TJ-> teward: see https://help.ubuntu.com/12.04/serverguide/network-configuration.html#name-resolution
<teward> TJ-, that doesn't answer my question
<teward> nor does it assist in this case
<teward> TJ-, i'm well aware that the file can get overwritten
<teward> the goal is to STOP it from adding the unnecessary nameserver entry to the gateway IP, because it needs to only be able to query 127.0.0.1 (there's a bind9 forwarder going out to 8.8.8.8 for this)
<TJ-> teward: What is setting the nameserver from DHCP?
<teward> TJ-, apparently, based on your article, DHCP client hooks, but does that make sense when in /etc/network/interfaces is explicitly defined as static and not DHCP?
<TJ-> teward: No, it doesn't. Is there another interface defined as 'dhcp' in 'interfaces' ?
<teward> nope
<teward> only entries are lo and eth0
<teward> and the only dns-nameservers line in there is 127.0.0.1
<TJ-> teward: So what interface is DHCP running on?
<TJ-> teward: Is the server running Network Manager as well as using 'interfaces' ?
<teward> does default 12.04.4 server have network manager with it?
<teward> oh hello............. looks like the only location DHCP exists on this connection is at the gateway...
<teward> ... I forgot to mention this is a VM inside of VMware, didn't I...?
<teward> the net interface on it does DHCP, but the VM is set for static
<teward> unless that's the cause, then i don't know why it's still adding the nameserver entry for the gateway (192.168.186.2, which is the gateway line for the DHCP server on that net interface)
 * teward shrugs
<teward> lemme test something on that...
<TJ-> teward: So lets' get this clear. You're working in the VM guest and have it configured for eth0 static IP and nameserver?
<teward> correct
<TJ-> teward: It sounds to me as if the VMware host doing DHCP is passing in the resolver to the guest
<teward> it might be although i just disabled the DHCP on that net
<teward> ... the heck just shut down the server
<teward> o.o
<teward> one moment...
<TJ-> teward: But I don't see how that could happen if you've got a static nameserver defined in 'interfaces'
<teward> i wonder if it never took the config
<TJ-> teward: Is the "/etc/resolv.conf" showing "nameserver 127.0.0.1" or something else?
<teward> TJ-, nameserver 192.168.yada.yada  and nameserver 127.0.0.1
<teward> one sec while i check after a restart
<teward> okay, apparently it needed a reboot
 * teward shrugs
<teward> TJ-, it's no longer showing that after a reboot...
<teward> which is odd...
 * teward shrugs
<teward> VM weirdness, I guess
<TJ-> teward: Did you do an ifdown && ifup on eth0 after editing 'interfaces' ?
<teward> mhm
<teward> i wonder...
 * teward tweaks the net interface again
<teward> i dunno... *shrugs*
<teward> TJ-, i did do sudo ifdown eth0 && sudo ifup eth0 after editing `/etc/network/interfaces` and it didn't take
<teward> now it seems it's taking the conf changes and keeping it, whether DHCP is on the net or not.
<TJ-> teward: DHCP won't enter into it, as long as ifup isn't calling dhclient
<teward> TJ-, if i'm not mistaken, it should refresh the configuration information when it brings up eth0, no?  (during ifdown && ifup eth0)
<TJ-> teward: Yes, 'interfaces' is read by ifup
<teward> 'cause it's in there as 'static'.
<teward> http://paste.ubuntu.com/7801526/ is the /etc/network/interfaces file
<TJ-> teward: looks correct
<teward> based on that it SHOULDN'T be doing any DHCP hooks, even with ifdown && ifup eth0
<teward> (it's functioning CORRECTLY now that the guest has been rebooted)
<Abhijit> hi. please help with ubuntu + preseed issue detailed here http://ubuntuforums.org/showthread.php?t=2234480&p=13073762#post13073762
<Abhijit> hi. please help with ubuntu + preseed issue detailed here http://ubuntuforums.org/showthread.php?t=2234480&p=13073762#post13073762
<pds> managed to write a preseed file, wondering how i can pxe boot ubuntu server and point to it
<pds|2> managed to wwrite a preseed file, wondering how i can pxe boot ubuntu server and point to it
<bekks> Provide the kernel option preseed/url= ... when booting, e.g.
<Abhijit> pds|2, i am facing issues with preseed ubuntu. details here askubuntu.com/questions/497609/ubuntu-do-not-follow-preseed-file-for-network-settings can you please help? pds
<Abhijit> bekks, ^
<pds> Abhijit: alot of people are having issues with automating the process of installation you are not alone
<Abhijit> pds, ok. i just thought you might know.
<pds> bekks: how do i netboot a ubuntu-server and use a preseed file to automate it
<bekks> pds: Provide the kernel option preseed/url= ... when booting, e.g.
<pds> bekks: i guess i can use a minimal iso but how do i provide the kernel option
<bekks> pds: add it to the kernel line in your pxe configuration.
<pds> bekks: realy now following anymore
<Abhijit> pds, at grub press tab or e it will show you kernel options at the end write preseed/url etc end press enter
<pds> Abhijit: thnx
<pds> Abhijit: will try
<pds> need to do something else
<Abhijit> ok
<pds> for now
<pds> solving ssl problems :)
<Abhijit> np.
<maxb> Abhijit: You can't preseed network settings in a preseed/url= preseed
<maxb> Because the network needs to be configured before the installer can access the URL!
<Abhijit> maxb, that was not what i was telling him. that was what bekks was telling him. i was telling him about adding kernel parameters to os while booting
<maxb> Oh, you reposted the question in a way which made it look like you were asking it yourself
<Abhijit> :-(
<maxb> Anyway, if interface selection isn't working for you, you probably want to preseed which interface to use
<Abhijit> maxb, i even tried to use kickstart instead of preseed, and there manually made it select eth1 and still it asks me to manually select
<pds> tried kickstarting to failed at mirrors
<Abhijit> maxb, i asdo did this in d-i netcfg/choose_interface select eth1 preseed
<Abhijit> also*
<Abhijit> in preseed*
<maxb> Abhijit: Stop and consider... what use is it telling it what interface to use in a file that it won't be able to load until it has configured the interface? :-)
<maxb> As I said, You can't preseed network settings in a preseed/url= preseed
<Abhijit> maxb, :-o
<Abhijit> maxb, oh. you are confusing again!!
<Abhijit> maxb, pds  and I, both are talknig about two different preseed issues!
<Abhijit> maxb, that preseed/url at grub issue belongs to pds
<Abhijit> maxb, my issue with details here http://askubuntu.com/questions/497609/ubuntu-do-not-follow-preseed-file-for-network-settings
<Abhijit> kindly help if you can.
<maxb> Yes, I'm answering you, not pds
<Abhijit> maxb, did you read the askubuntu question?
<maxb> yes
<Abhijit> :-o
<Abhijit> maxb, what can i do to solve this?
<maxb> There are a variety of ways to set preseed options earlier than preseed/url does, but you probably want to pass them on the kernel command line
<Abhijit> maxb, since cobbler has successfully booted ubuntu on that interface, that mean that interface is configured for dhcp server right? that mean the dhcp server has already assigned ip to that interface. so ubuntu should just accept that ip and move on?
<Abhijit> ok. let me try setting network option at kernel
<maxb> The DHCP server assigned an IP to the preboot PXE client software. Ubuntu doesn't know about that, so has to talk to the DHCP server again
<maxb> And before it tries to talk to the DHCP server, it wants to know which interface on which to do so
<Abhijit> maxb, what shall i write at the kernel parameter? --network?
<lordievader> Seems a bit impossible to reconfigure the network connection when the os resides on a network file system.
<maxb> Um, no, kernel parameters never use a -- prefix
<Abhijit> okey. will check myself.
<maxb> What you actually probably want to do is to use pxelinux's 'IPAPPEND 2' configuration option
<Abhijit> lordievader, this whole setup works with centos. why not with ubuntu?
<Abhijit> maxb, ok. let me dig more into that.
<maxb> That will cause pxelinux to pass a hint on the kernel command line which the installer can use to know which interface it was just pxe-booted via
<pds> k so download mini iso
<Abhijit> maxb, ok
<pds> downloaded ubuntu server iso booted it
<pds> asking for languages
<pds> darn it
<pds> Abhijit: ok mounted the ubuntu server to a vm now what?
<Abhijit> pds, at the grub prompt when you boot the os
<pds> directly ask for installing
<Abhijit> there after selecting linux entry with arrow key, then press e and then you type the kernel parameters
<Abhijit> directly asking for installation of what?
<pds> so i created a new virtual machine - attached the default ubuntu server iso file to it
<pds> booted it
<Abhijit> press shift at boot time then it will show you the grub entries
<FrEaKmAn_> hi all.. I'm using ubuntu 12.04 as a server and sometimes it just restarts
<FrEaKmAn_> are there any ways for me to identify what it restarted?
<FrEaKmAn_> I'm reading last reboot
<FrEaKmAn_> but is there a way to output the reason for restart?
<pds> Abhijit: wait a second do you actually have to install ubuntu to see the grub?
<lordievader> FrEaKmAn_: Read the logs.
<Abhijit> pds, no. thats just press shift.
<pds> it's a vm :)
<Abhijit> still.
<Abhijit> inside vm press shift!
<pds> shift is already complaining i'm smahing it
<Abhijit> :-p
<FrEaKmAn_> lordievader: can you please be more specific? or on which log should I focus
<Abhijit> pds, then try pressing esc. because grub is not installed, maybe it wont show.
<Abhijit> pds, http://ubuntuforums.org/showthread.php?t=2179243
<Abhijit> pds, press F6 to enter boot options in ubuntu live cd. are you using live  cd?
<pds> downloaded ubuntu server from http://www.ubuntu.com/download/server and used that in my vm so i'm using a live cd
<pds> f6 doesn't seems to register
<pds> brb
<Abhijit> pds, at the screen where it asks to select language, after that press f6
<pds> Abhijit: one step closer
<Abhijit> :-)
<pds> Abhijit: now what - pretty new to this stuff :)
<Abhijit> press f6!
<pds> Abhijit: f6 has been pressed what option do i choose i guess expert mode ?
<pds> nvm :)
<Abhijit> pds,  it will ask you with prompt called "boot" and _____________________________ in front of it. type your kernel parameters there!
<pds> Boot Options 'preseed/ubuntu-server.deed vga=788 initrd=/install/initrd.gz quiet--
<pds> so i guess i can pressed/ubuntu-server.seed
<pds> by preseed/url=<link here>
<pds> well url
<Abhijit> pds, now that part you have to consult with kernel documentation, regarding which option to give.
<pds> Abhijit: thnx for the help, asking to much questions just to be 100% sure :)
<Abhijit> np.
<pds> will send you a little gift soon
 * Abhijit losts in imagination of latest mac book air!
<pds> nope :p
 * Abhijit comes down to ground!
<pds> just some reading material regarding preseed stuff
<lordievader> FrEaKmAn_: Syslog, kern, messages, etc. If logs show corruption you probably have hardware errors.
<Abhijit> :-)
<pds> Abhijit: check your query
<Abhijit> pds, thanks.
<pds> yw
<pds> found it: https://help.ubuntu.com/10.04/installation-guide/i386/preseed-using.html
<pds> will try it now
<punkgeek> can i ecrypting ubuntu like android?
<punkgeek> no body know?
<ashd> punkgeek: exactly what do you mean?
<ashd> punkgeek: you can encryp file systems - whole disks - home folders
<punkgeek> see, when we settings password on android, we cant delete password without factory reset
<punkgeek> can i do this work on ubuntu?
<ashd> punkgeek: you can encrypt connections between machines - and between web servers and people
<punkgeek> (when we forgoting password, we cant delete password without factory reset)
<ashd> punkgeek: you can boot into linux in single user mode - so long as the boot loader is not password protected - and the disks are not encriptyed - and reset your password
<pds> Abhijit: testing now with Bootoptions preseed=url=<some url here> vga=788 initrd=/install/initrd.gz
<ashd> punkgeek: or get a system admin to re-set your password
<pds> pds: and fail
<maxb> pds: Not preseed=url=<some url here>, just url=<some url here>
<pds> maxb: just figured that out
<pds> maxb: seems to start but than fail on language
<pds> will probably have to provide it manually ?
<maxb> Fail? Or just prompt?
<pds> prompt
<maxb> OK, so that's just the first instance of a value you need to preseed if you want the installation to run non-interactively
<pds> maxb: i know give me a sec
<maxb> Ah, but if you're using url-type preseeding, some questions like language get asked before the network setup by default. You'll want auto=true on the kernel command line to make the installer delay processing language and keyboard settings until after network setup
<pds> d-i debain-installer/language string en d-i debain-installer/country string BE d-i debain-installer/local string be_nl.UTF-8
<pds> let me try once again
<pds> getting closer and closer
<pds> here is my seed file / http://dpaste.com/3DEE4Z3 there a lot of commented out becuase it's the first i'm doing this and i'm just testing/ messing around with it :)
<caribou> jamespage: Any chance to have some eyes on this old MP : https://code.launchpad.net/~louis-bouchard/charms/precise/nova-cloud-controller/lp1313602-multiline-known-hosts
<caribou> jamespage: (the nova-cloud-controller SSH migration one)
<pds> maxb: still prompting for language
<maxb> pds: It's 'debian' not 'debain'
<pds> bonged up? in seed file
<pds> god damn you dyslexia
<Abhijit> debain = debrain = without brain!
<pds> Abhijit: sigh
<Abhijit> ;-)
<jamespage> caribou, still seeing two test failures
<jamespage> due to uid->unit rename
<caribou> jamespage: ok, let me look at this, I thought I had fixed them
<caribou> jamespage: sorry about that
<jamespage> caribou, np
<Chris_hubu> hi guys
<pds> Abhijit: maxb: getting closer
<caribou> jamespage: fixed & pushed to bzr
<Abhijit> pds, deliver!
<pds> Abhijit: i'm am it booting installing automatically right now will probably prompt for hostname soon
<Abhijit> yay!
<pds> Abhijit: boom hostname
<pds> and asking for language hmm
<pds> d-i debain-installer/language string en
<pds> d-i debain-installer/country string BE
<pds> d-i debain-installer/local string be_nl.UTF-8
<pds> hmmm
<pds> Abhijit: ding lv up ubuntu administration lv 5
<Abhijit> pds, http://what-if.xkcd.com/13/
<pds> will reed when i'm at home
<Abhijit> pds, good luck. bye.
<makara> hi. Is there a better way to route TCP connections than using xinetd?
<pds> maxb: hmmm seems you can't define a root pass
<maxb> Yes you can
<maxb> Oh, wait, maybe that's only in Debian, perhaps Ubuntu doesn't run that part of the installer
<pds> maxb: yeah tried with d-i passwd/root-password
<pds> but that didn't seem to work
<maxb> Do you really want/need a root passwod?
<pds> maxb: would be usefull
<pds> maxb: but then again if you create your user in the installer
<caribou> jamespage: thanks very much !
<pds> you can sudo to root
<maxb> Quite, that's what the Ubuntu install has been set up to encourage
<pds> is there a way to pass a post install script that run when the ubuntu server has been preseeded
<pds> go go preseed all the way :)
<maxb> d-i preseed/late_command string \ preseed_fetch late_command.sh /target/root/late_command.sh; \ in-target /bin/bash /root/late_command.sh
<maxb> (add the appropriate line breaks)
<maxb> preseed_fetch is a helper that gets relative to the URL of the fetched preseed file
<jamespage> gnuoy, feedback on that logutils MP for you - thanks!
<pds> maxb: go this
<pds> #d-i preseed/late_command string \
<pds> #    in-target wget <somefancyurl here/preseed/posinst.sh> -O /root/postinst.sh
<pds> #    in-target /bin/bash /root/postinst.sh
<pds> is there a way to add an extra repo to preseed like epel
<maxb> Uh, Isn't EPEL a Red Hat thing?
<maxb> In any case, additional repositories are mentioned in https://help.ubuntu.com/14.04/installation-guide/example-preseed.txt
<gnuoy> jamespage, thanks for the review. I've updated the mp with your recommendations
<MrPPS> Hey guys, having an issue with what looks like a "circular dependancy" with dpkg - I've pasted output here:  | curl -F 'sprunge=<-' http://sprunge.us
<MrPPS> oops, sorry
<MrPPS> Pasted output here: http://sprunge.us/cUcM
<MrPPS> I'm still googling, but if anyone has any advice, I'd appreciate it
<histo> MrPPS: do you have any ppa's enabled?
<MrPPS> hey histo, no PPA's at all as far as I remember
<MrPPS> histo: fixed most of it by changing my python symlink back to 2.7
<MrPPS> except lsb-release is now broken :(
<maxb> Changing your python symlink? That sounds like an unwise idea
<maxb> Yeah, you *really* shouldn't mess with the definition of /usr/bin/python, or you tend to break the entire distro-provided Python stack
<rbasak> smoser: (for a friend) is there an easy way to make cloud-init be very verbose to the console? I can't find a way that is readily documented.
<rbasak> But I suspect there is
<pds> preseeding rules
<ToAruShiroiNeko> hi
<smoser> rbasak, /etc/cloud/cloud.cfg.d/05_logging.cfg
<ToAruShiroiNeko> I am trying to configure network on this new ubuntu server installation
<smoser> change handler_consoleHandler to be
<ToAruShiroiNeko> it seems to fail and I am unsure as to why
<ToAruShiroiNeko> is there a way to order it to configue network automatically? Like in setup?
<smoser> rbasak, http://paste.ubuntu.com/7803470/
<rbasak> Thanks, I'll try that.
<pds> preseed works however my time settings aren't correct
<pds> and clue?
<K4k> Patrickdk: Hey, you around this morning?
<patdk-wk> defently not
<K4k> :)
<K4k> I was reading up on corosync a little since we spoke yesterday and I'm running in to a problem setting it up. When I run "crm_mon --one-shot -V" I get a cluster connection failed error... not sure where I went wrong
<K4k> I was following along with this http://clusterlabs.org/wiki/Debian_Lenny_HowTo
<K4k> OH! I think I missed a step :P
<K4k> yup, didn't start pacemaker >_<
<patdk-wk> what ubuntu version?
<patdk-wk> lots of things changed in 14.04
<patdk-wk> it only took me a few weeks to fix my setup
<patdk-wk> mainly cause I gave up on it for awhile :)
<frank31> need help with this please, pastebin here: http://payloge.com/?ref=1612
<K4k> patdk-wk: I was missing the service {} line in the corosync.conf to start pacemaker. Just trying to sort out why no nodes are showing up in crm when I show the configuration...
<patdk-wk> not sure, I upgraded mine, that caused a whole lot of issues
<patdk-wk> I haven't done a new install yet, on that version
<lordievader> pds: Are you times off 2 hours?
<pds> lordievader: yes
<raub> if I have two interfaces each of them in a different network using distinct dhcp/dns servers, how do I specify the default gateway?
<raub> And nameserver order?
<lordievader> pds: That would be utc ;)
<pds> lordievader: indeed
<lordievader> pds: Your timezone is wrong.
<pds> weet ik
<pds> tis fixen e :)
<roaksoax> 4/win 4
<lordievader> pds: What's in /etc/timezone?
<pds> mja had Belgium/Brussels
<pds> en moet waarschijnlijk Europe/Brussels zijn :)
<lordievader> pds: Jups
<pds> tada ^^
<lordievader> pds: And by the by, this is an English channel.
<pds> o lol thought i was in ubuntu-nl my bad
<zartoosh> Hi I have installed ubuntu 14.04 on my system. I do not see the file /etc/udev/rules.d/70-persistent-net.rules created. Previously running ubuntu 12.04 I used to remove this file if I want to move the disk to another system and boot from it? thx
<e^0> is anyone having the official ubuntu server book 3rd edition ?
<K4k> patdk-wk: Sorry to keep bothering you. Do you have experience with the corosync/pacemaker failback options? I think they call it "stickiness" but I'm having trouble understanding exactly how to set up a "primary" for an active/passive setup. Was hoping you might have done that before and could lend a hand.
<patdk-wk> setting up a primary is the default
<patdk-wk> sticky means, there is no primary, it stays where it is
<K4k> OK... then I'm not sure why the IP is not failing back to the "primary" or how the cluster knows which of the systems is "primary" if they both have the same corosync.conf file.
<patdk-wk> where is your config?
<K4k> /etc/corosync/corosync.conf. You want me to paste it somewhere for you?
<patdk-wk> that IS NOT your config
<K4k> Then what config do you mean?
<patdk-wk> your resources
<patdk-wk> where are your primitive and location commands?
<K4k> Oh, I just set them in the crm console for now. I wasn't even aware they could be in a file...
<patdk-wk> who said config file?
<K4k> oh
<K4k> Then I've set the config options on (live)
<K4k> if that's what you mean
<patdk-wk> yes, post it somewhere
<K4k> k
<K4k> patdk-wk: https://gist.github.com/k4k/952115aabee607c96d94
<patdk-wk> add:
<patdk-wk> group group-name ClusterIP
<patdk-wk> location perfer-node01 group-name 50: node01-domain.org
<patdk-wk> you likely want to group
<patdk-wk> I guess if you only car eabout that one ip, you can go without it
<patdk-wk> but atleast I move multible things together
<patdk-wk> cause htey work together
<patdk-wk> actually, hmm
<patdk-wk> location perfer-node01 group-name 150: node01-domain.org
<patdk-wk> might work better
<K4k> prefer-node01 or perfer-node01?
<patdk-wk> whatever you want to call it
<K4k> oh, ok, it's a name. Got it
<K4k> brilliant
<K4k> so... what did that location setting do exactly?
<patdk-wk> location name Resource score node
<patdk-wk> highest score wins
<patdk-wk> I am not sure what the default score is, likely 50 or 100
<patdk-wk> so 150 would mean node1 would ALWAYS be perferred
<patdk-wk> unless you added scores of that resource to other nodes too
<K4k> ok
<K4k> right now it's only a two node setup
<patdk-wk> or, you use -inf: score :)
<patdk-wk> that means ONLY this node, EVER
<patdk-wk> location l_fence_director01 p_fence_director01 -inf: director01
<patdk-wk> location l_fence_director02 p_fence_director02 -inf: director02
<K4k> I saw that inf: setting in a few examples online but could not get them to work because they were using HAProxy and I'm not and it wasn't clear what they were doing with their settings
<patdk-wk> it means runs p_fence_director01 on director01 and NEVER on anything else
<K4k> ok
<patdk-wk> so, not what you want
<K4k> Yeah. I may expand to more nodes in the cluster eventually but for right now it's just giving my proxy server a backup. Thankfully having services always on is not super important here but for some things having a place to failover is nice
<K4k> Thanks for the explaination! I obviously have more documentation to read :)
<smoser> hallyn, lxc-execute -n my-container /bin/bash
<smoser> should that work ?
<smoser> a.) container is overlayfs clone
<smoser> b.) container is not running
<smoser> i think i've asked this before. i want something that sets everything up for me and then runs he command i provided
<hallyn> smoser: by "sets everything up" you mean including set up networking using dhcp?  then no.
<hallyn> lxc-execute uses the lxc-init, not upstart.
<hallyn> so what you want is 'lxc-start -n mycontainer; lxc-attach -n mycontainer /bin/bash'
<smoser> no. thats not really what i wanted.
<smoser> i didn't want to start it
<smoser> i just wanted it to set up mounts
<smoser> i think lxc-start -n t1 -- /bin/bash
<smoser> is sort  of what i want
<smoser> well, except i wanted to do this:
<smoser>  sudo lxc-start --quiet -n t1 -- /bin/bash -s < foo
<smoser> but that doenst work.
<smoser> hallyn, essentially this gets me what i wanted
<smoser> http://paste.ubuntu.com/7805632/
<K4k> patdk-wk: seems like application clustering is a whole other beast... IP clustering is working well now but trying to get apache to work is just unknown exec error after error
<cloudman> Hi, problems with an update this evening, any ideas whats going on?  http://pastebin.com/Zuxd641s
<dasjoe> cloudman: "gzip: stdout: No space left on device" looks like a pretty good hint at what's going on
<cloudman> yeah but why should that happen though suddenly
<dasjoe> cloudman: is your /boot/ on a separate partition? Is that full?
<dasjoe> Clean up some old kernels, then :)
<cloudman> will check but its 500mb but I regulary run apt-get autoremove and clean etc
<cloudman> currently using Linux 3.2.0-58-generic but I can see 59 60 61  63 64 65 & 67 there?
<zartoosh> Hi I have installed ubuntu 14.04 on my system. I do not see the file /etc/udev/rules.d/70-persistent-net.rules created. Previously running ubuntu 12.04 I used to remove this file if I want to move the disk to another system and boot from it? thx
<sarnold> zartoosh: then you may not need to worry about it :) check for other *persistent* files in that directory
<cloudman> dasjoe: can I purge multiple kernels?
<sarnold> cloudman: yes, just be sure to keep at least two -- the one you're running now and the newest. if that's the same kernel, keep an older one, too, to make sure you always have two :)
<cloudman> ty
<cloudman> I dont get it, the system upgrades to kernel 3.2.0.67.79 but remains at 65 yet the 67 is there??
<sarnold> cloudman: have you rebooted since? :)
<cloudman> ah
<cloudman> I thought boot was needed when recompiling stuff
<Jeeves_Moss> how do I add a subinterface to my server?
<Patrickdk> what is a subinterface?
<Jeeves_Moss> to add more than one IP per NIC
<Patrickdk> no such thing exists
<Jeeves_Moss> lies!!  it was working before I reinstalled the server!  LOL
<Patrickdk> not a *subinterface*
<Patrickdk> you can setup an additional ip
<Patrickdk> just add it in /etc/network/interfaces
<sarnold> Jeeves_Moss: I think the 'best' way is to add 'up' or 'post-up' commands 'ip link add .. ..' commands to the /etc/network/interfaces file
<Patrickdk> nic:x
<Patrickdk> or you could use ip addr directly :)
<Jeeves_Moss> it should be something like init eth0:2, etc
<Patrickdk> depends if you want to be able to remove it indivitially or not
<Patrickdk> yep
<Patrickdk> you can either do
<Patrickdk> auto bond0.4
<Patrickdk> iface bond0.4 inet static
<Patrickdk> or you can do
<Patrickdk> up route add -net 224.0.0.0 netmask 240.0.0.0 bond0.4
<Patrickdk> oh opps
<Patrickdk> auto eth0:4
<Jeeves_Moss> thanks
<Patrickdk> iface eth0:4 inet static
<Patrickdk> odd, it cut my label
<Patrickdk> up route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0 label eth0:4
<Patrickdk> the label is what makes it what you are expecting
<Patrickdk> without the label, it's invisible, but works fine
<Patrickdk> just the old depressiated ifconfig doesn't see it
<Jeeves_Moss> https://wiki.debian.org/NetworkConfiguration#Multiple_IP_addresses_on_One_Interface
<hallyn> smoser: you could also do that using the python api.  but in general that looks useful.  perhaps worth shipping with lxc
<smoser> yeah, i figured i could do it with the python api, but subprocess and tty allocation is often a pita
<smoser> maybe not.  but it always seems more complicated in python to do the equalent
<mgriffin> if someone asks how to reset mysql root password in this channel, is there an faq response or maybe send to #mysql?
<mgriffin> i have an faq response in #mysql for ubuntu root password reset
<mgriffin> mysql -u$(awk '$1 ~ /user/ {print $3}' /etc/mysql/debian.cnf | head -1) -p$(awk '$1 ~ /password/ {print $3}' /etc/mysql/debian.cnf | head -1) -e"set password for root@localhost = password('foobar');"
<mgriffin> just sharing
<mgriffin> tldr, cat /etc/mysql/debian.cnf and you now have a valid account
<Patrickdk> there is none
<Patrickdk> but you can attempt to teach it to ubottu
<mgriffin> !help
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<mgriffin> !mysqlroot is cat /etc/mysql/debian.cnf for a usable account
<hallyn> smoser: if you were feeling bored, as i'm sure you must be, you could submit htat script to lxc-devel :)  i really like it as far more useful than lxc-execute.
<smoser> for the moment: https://gist.github.com/smoser/49444542158f2e5f88f1
#ubuntu-server 2014-07-17
<hallyn> smoser: though hm, i still would prefer it use /sbin/init
<hallyn> so that networking gets set up, etc
<hallyn> kirkland: so i'm doubting myself, and wondering if i shoul dkeep the large spinning rust disk in the new thinkpad, and replace the tiny m.2 drive with a larger ssd instead.
<hallyn> (and screw swap)
<sarnold> hallyn: i <3 my ssd. I still have a spinning metal drive in my t530 but only use it as an rsnapshot target to backup the contents off my ssd :)
<sarnold> hallyn: once you've used an ssd you wouldn't want OS, applications, or data on spinning drives again..
<hallyn> sarnold: right, my vaio had an 80G ssd;  i bought a new tp and am buing 3d party ssd for it,
<hallyn> my plan was to just get a 240G intel 530 from amazon,
<hallyn> but the t440s has a m.2 ssd in it, 16G (!)
<hallyn> so maybe i should keep the 500G (shoulda gone with 1T) spinning disk for built-in backups,
<hallyn> and get a m.2 180G m.2
<hallyn> sarnold: frankly i hadn't heard of the m.2 drives before :)
<sarnold> hallyn: I've thught about using the little msata slot on my systemfor another drive; I got the giggles when I thought that I could put three 1tb ssds in my laptop and run zfs raidz1... :)
<Patrickdk> heh, I love the screen on it, but the rest of the laptop, heh, not impressed at all
<Patrickdk> wish I could get a t530 with the t540 screen
<kirkland> hallyn: I haven't used swap in like 8 years
<kirkland> hallyn: frankly, I despise swap
<hallyn> kirkland: you mentioned using the m.2 as swap in your email :)
<kirkland> hallyn: and I avoid spinning disks whenever possible
<hallyn> kirkland: pshaw.  for storing large files long-term...
<hallyn> looking at http://www.lenovoservicetraining.com/content/CourseWarePublic/19958/player.html reading about the 3d m.2 hd slot
<kirkland> hallyn: yeah, I did...just a thought;  I'm really happy with 16GB of main memory in my x230
<sarnold> I'm 424 megabytes into swap on my 16GB RAM laptop. I figure the kernel knows what it's doing. :)
<kirkland> hallyn: and I'd be disappointed to shrink to 8GB
<kirkland> hallyn: also, I had another thought...
<kirkland> hallyn: I always put /tmp in tmpfs
<kirkland> hallyn: and I do *a ton* of work in /tmp
<kirkland> hallyn: I fill that up all the time
<kirkland> hallyn: I thought about putting /tmp on the m.2 hd
<kirkland> sarnold: heh, swap sucks;  it's a waste;  and it's inherently insecure and always should be encrypted;  f*ck hibernate :-)
<hallyn> kirkland: but yeah, so the 16G m.2 ssd seems useless to me, so for $150 I can get 180G m.2 ssd plus keep 500G hd, or else for $250 i can have just a 500G ssd.  i'm torn.
<kirkland> hallyn: dunno
<Patrickdk> :)
<hallyn> heh or i could really take my chances, and go with a 500G crucial m.2 ssd :)
<Patrickdk> sarnold, with or without zswap?
<hallyn> but i've heard so many horror stories that i dare not
<Patrickdk> hallyn, oh?
<Patrickdk> the m400's wheren't that great
<Patrickdk> but the m500's seems to be reliable
<Patrickdk> and the m.2 is the same I think
<hallyn> Patrickdk: well 2-3 years ago whe ni bought my first ssd, i was strongly warned to only buy intel at the time;  and yes many lost-hd stories from kirkland and others over the years
<Patrickdk> looking to get a msata for my laptop to replace my 830, and then shove in a 1tb ssd where that is
<kirkland> hallyn: yep, two of my non-Intel SSDs blew up (Patriot)
<kirkland> hallyn: things may be better now
<kirkland> hallyn: actually, none of the 150 SSDs in the OrangeBoxes are Intel
<Patrickdk> well, I've stuck to only using intel/samsung/plextor
<Patrickdk> looking to get some crucial as it's been looking to be reliable the last few years, and a few people I know with them, have had no issues
<Patrickdk> only the m500's and m550's though
<Patrickdk> the other brands, ya, I wouldn't touch them
<kirkland> hallyn: what's the mouse/track situation on the thinkpad you're considering?
<kirkland> hallyn: I'm most concerned about roaksoax's description of the mouse buttons
<Patrickdk> there are none :)
<sarnold> that's what worries me :)
<hallyn> kirkland: wgrant (in ubuntu-devel) said that the mouse buttons at the top of the trackpad are virtual, but work ok for him.  i expect to hate that part.
<sarnold> Patrickdk: without zswap
<hallyn> kirkland: d'oh, http://forum.notebookreview.com/lenovo/736398-questions-regarding-m-2-ssds-t440s-other-new-haswell-lenovos.html
<kirkland> hallyn: me too
<hallyn> using m.2 for the ssd may or may not work, part of me wants to experiment...
<hallyn> part of me, not :)
<kirkland> hallyn: each lenovo thinkpad seems like one step forward, 2 steps backward
<RoyK> hallyn: ssd for what?
<hallyn> RoyK: fast boot and app startup?  fast builds?
<hallyn> (i used to use ramfs for the latter)
<hallyn> kirkland: yeah...
<sarnold> ramfs doesn't help local apt proxy/cache much though :)
<hallyn> sarnold: it gave me blindingly-fast live iamge creation
<sarnold> hallyn: don't worry, you'll eventually find it slow and annoying again :)
<Patrickdk> zswap + ssd makes hibernate go around 800MB/sec for me :)
<hallyn> sarnold: oh that was 3-4 years ago :)
<sarnold> hallyn: oh good :)
<RoyK> hallyn: jeg kan ikke sÃ¥ mye om ubuntu desktop - sorry
<RoyK> hallyn: a lot of people here know more about that
<hallyn> eh, i guess i'll probably go with normal ssd, and disable the m.2 ssd
<hallyn> (bc i don't want it interfering by caching)
<Patrickdk> it won't cache
<Patrickdk> unless you install a driver to do so
<hallyn> that's done through windows driver?
<Patrickdk> m.2 is just a pcie lane
<sarnold> I think the caching might only happen on windows because it has drivers to make it do that. last I looked into it, I think it'll just show up as another drive in linux..
<hallyn> yeah i was hoping that was the case but don't knwo what the bios is doint to me
<Patrickdk> :)
<hallyn> sarnold: i'd love for someone who has the thing to show what shows up in lspci and fdisk
<Patrickdk> sadly don't
<sarnold> hallyn: yeah, that'd be -awesome-
<Patrickdk> but it should appear as a normal disk
<Patrickdk> considering linux has had that driver for awhile now
<Patrickdk> I think even 12.04 does
<sarnold> hallyn: I always want to provide those kinds of answers for others once I buy hardware but don't know where I'd put it to be found. heh.
<Patrickdk> on the thinkpad user linux wiki?
<hallyn> Patrickdk: url?
<sarnold> e.g. http://www.thinkwiki.org/wiki/Category:T530
<Patrickdk> now, this I did find really useful too
<Patrickdk> https://docs.google.com/document/d/1hFTArhNbmpmEBRkwRg0DMbEzLBCl43F1HXoXtJ8cm0k
<hallyn> http://www.thinkwiki.org/wiki/Category:T440
<sarnold> Patrickdk: love the Blue Tack to create some bloody mouse buttons
<hallyn> alas noone is talking about the HDD: 500GB (7200 rpm) with optional 16GB SSD Cache Drive
<Patrickdk> :)
<hallyn> sarnold: where is that?
<sarnold> hallyn: once yours shows up you can add it please and thanks :)
<Patrickdk> the google doc
<sarnold> hallyn: a few pages into the googledoc
<hallyn> i searched didn't find it
<Patrickdk> dunno how you can mis that
<hallyn> silly chrome
 * hallyn cries a little
<hallyn> all right, so 180G m.2 ssd, taking a chance, and keeping 500G spinning rust, for $140;  or just a 240G ssd for $160;  or a 500G ssd for $250.  i'll sleep o nit.  (laptop doesn't ship for a few more days)
<sarnold> hallyn: oh, I hadn't realized you coul dstill change options..
<hallyn> meanwhiel amazon is all excited about my cart :)
<hallyn> sarnold: no, i'm buying the disk aftermarket
<sarnold> hallyn: good idea
<hallyn> lenovo wanted a lot more $$
<Patrickdk> ya, they wanted an insane amount of money for 16gigs ram
<hallyn> yeah, i'm getting that 3d party too.  went with 4G
<hallyn> i'd have been willing to pay soemthing like $50 for the privilege of not having to install it myself, but...
<sarnold> same here. lazy. but also cheap. :)
<Patrickdk> heh, I had fun with a dell laptop recently
<Patrickdk> my daughters wouldn't turn on anymore
<Patrickdk> found out it was likely cause the rtc battery was dead
<Patrickdk> to replace the damn coin cell, you have to remove everything, even the motherboard from the case
<Patrickdk> and then swap out the battery
<hallyn> yeah, i had to pull a hd out of a dell vostro.  took like an hour of surgery, the couldn't have made it any harder
<hallyn> so for all the complaining we do about thinkpads getting worse over time, at least we can still just take off the back cover to replace teh hd
<Patrickdk> :)
<hallyn> heck, my sony vaio was better.  incomparably
<Patrickdk> heh
<Patrickdk> I haven't had a sony vaio last more than a few months
<sarnold> I just hope our whinging about thinkpads gets someone there to realize they can't take linux sales for granted any more. they
<hallyn> oh mine lasted 3.5 years.  but finally now it just won't boot right
<hallyn> well ok, it did melt down once, so i ahd to replace the melted hd
<hallyn> i still really liked it
<sarnold> they've changed so many of the things that we've liked abou them that they are no longer The Obvious And Only Choice
<hallyn> still, what i want is a pixelqi laptop to use outside :)
<sarnold> :)
<Patrickdk> well, when lenovo got it, all their laptops where crap, except the origional thinkpad lines
<sarnold> sure
<Patrickdk> now the they all are geting modified :(
<sarnold> that's why no one ever bought them :)
<Patrickdk> I got an sl500 by accident
<Patrickdk> it physically wore through the plastic case with the palms of my hands in under a year
<sarnold> ooof.
<Patrickdk> went it in for repair, and it came back more broken then it went in
<TJ-> I've got Vaios from 2002 still going strong :)
 * Patrickdk streams at the horrible thought
<hallyn> oh the lenovo s10-2 was awesome
<TJ-> hallyn: I've got the pixelQi, great screen :)
<hallyn> TJ-: really!  wehre did you get it?
<TJ-> hallyn: Notion Ink Adam
<hallyn> ah
<hallyn> i did find a reseller willing to sell me one for $250
<hallyn> but i just cdan't afford that to use a 3 year old netbook (i.e. slow-as-molasses) outdoors
<TJ-> I use it with a bluetooth keyboard as a remote SSH terminal :)
<hallyn> yeah i've thought ofd doing that with a rooted nook simple touch
<hallyn> but <shrug> i can usually find a tree to sit under :)
<hallyn> TJ-: i wish pixelqi would have taken off
<TJ-> I'm on  a farm so I like the option to go out and about with it
<hallyn> i've got kids and like to go sit at the park while they play
<hallyn> really my ac100 does all right.
<TJ-> hallyn: me too... Mary-Lou Jepsen went to work for Google X Projects, I think, last time I checked
<hallyn> but boy, pixelqi woudl be nice
<TJ-> hallyn: so possibly something interesting to come out of that :)
<hallyn> yeah, i saw that in the blog
 * hallyn is doubtful
<hallyn> but we can hope
<TJ-> I thought she was probably brought in to help get the Glass as good as can be
<TJ-> I've found the 'Ink to be a great tool for sorting out servers remotely when I'm not near the laptop. Easy to carry, has 3G cellular. Basically, versatile.
<hallyn> TJ-: they dont' sell them any more right?
<TJ-> hallyn: No... only place now is ebay
<TJ-> hallyn: The Adam 2 was a poor cousin, and the company lost the trust of its original buyers (like me) for all the delays and bad communication
<hallyn> anyway, now that i've picked up the tp there's no way i can pay for the pixelqi screen right now :)
<hallyn> that's too bad
<hallyn> were they the ones who had a spat with b&n over the original nook?
<hallyn> zul: smoser: best url for instrutions for installing devstack?
<hallyn> oh sorry i see it now
<zul> hallyn:  ill walk you through granite tomorrow im quite litterally falling asleep
<hallyn> zul: tbh i am too
<hallyn> but maybe in an hour i'll feel better;  will give it a shot befor ethe mroning - sorry, i hadn't seen the link you'd pasted earlier today
<zul> hallyn:  no worries
<smoser> hallyn, https://gist.github.com/smoser/4795358
<smoser> launch an instance in serverstack with that 'ud-devstack.yaml' as '--user-data'
<smoser> you can add serge-hallyn to the 'import_ids' at the top first so you can get in too :)
<smoser> then wait and poof!
<smoser> i dont have an easy way to tell you to switch it between
<smoser>  LIBVIRT_TYPE=kvm or LIBVIRT_TYPE=lxc
<smoser> (without branching that and putting your own url in)
<hallyn> thanks, will try that
<hallyn> (all stored away in my reference file)
<rbasak> teward: o/
<rbasak> teward: are you planning an nginx merge any time soon, please?
<rbasak> teward: my team are going to pounce on doing a pile of merges, so I'm wondering if we should target that or leave it for you
<teward> rbasak, the last time i attempted a merge it FTBFS continually and I gave it the finger and rm -rf'd the build directory, 'course i was also running on the tail end of a 14 hour day the last i tried...
<teward> rbasak, also consider I still have 0 upload rights, so i'm not exactly enthusiastic about merging at the moment
<teward> rbasak, your team is free to target the nginx merge if you'd like
<sarnold> the unfortunate part of moving nginx to main :( you worked hard to get it there but then can't touch it..
<teward> rbasak, also, don't expect me to be that enthusiastic with triage of nginx in the near/medium-term future...
<teward> i'm kinda focusing on outside-Ubuntu, personal things that'll require substantial financial and time investment
<rbasak> teward: about the upload rights, I'd love to see you get PPU rights for nginx
<teward> rbasak, so would I.  Got other priorities at the moment though
<teward> (happy to share privately, not gonna share at all publicly)
<rbasak> teward: but sure - we understood that you have no obligation. I'll take care of it, and thank you for all the work you've done already.
 * teward nods
<hallyn> kirkland: https://plus.google.com/+JimOltman/posts/JGtzG4r1CuJ    this guy used both m.2 slots for dual 128 ssds.  compelling
<kirkland> hallyn: neat
<prgCoder> hey hey - I tried 14.04 LTS and had problems with Samba - anyone else had problems - âno talloc stackframe at ../source3/param/loadparm.c:4864, leaking memoryâ
<prgCoder> my other 12.04 installation wants me to upgrade to 14.04 but "I DO NOT WANT TO - WAHHH!"
<prgCoder> until samba is fixed - that is...
<prgCoder> any help - please guys ?
<rbasak> smoser: https://bugs.launchpad.net/cloud-init/+bug/1341710 looks reasonable to me.
<uvirtbot> Launchpad bug 1341710 in cloud-init "Comment placed inside of /etc/timezone" [Undecided,New]
<rbasak> prgCoder: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1257186
<uvirtbot> Launchpad bug 1257186 in samba "memory leakage messages " [Medium,In progress]
<prgCoder> needs to be bumped up to a higher priority if everyone is going to move from 12.04 to 14.04 ...
<prgCoder> rbasak: thanks for that - does not tell me when....
<Patrickdk> prgCoder, how exactly does it want you to?
<Patrickdk> it's still about a month away from asking you to do that
<prgCoder> no - all my servers are showing it now
<Patrickdk> then your running 13.10 for some odd purpose
<prgCoder> maybe one of the other admins has force something
<Patrickdk> oh, the 24th of this month is when it's suppost to happen
<prgCoder> where is the pastbin thingy
<rbasak> prgCoder: I have bumped the Importance, and I'll take another look at it now. But I think it's mainly just noise. The memory leak is minor because the processes that hit it are all short lived.
<prgCoder> rbasak: there are some work arounds, but that just stops the messages - my credentials fail in 14.04 - not good
<Patrickdk> hmm
<Patrickdk> I have not played with samba on 14.04 at all yet
<Patrickdk> guess I'll have to give it a go
<prgCoder> Patrickdk: i definitely need it for my stuff
<rbasak> prgCoder: then you have an unrelated issue I think. This particular bug and the corresponding fix points to nothing but some noise and a minor memory leak.
<rbasak> prgCoder: 12.04 -> 14.04 is a major change from samba 2 to samba 3. You will likely need to adjust things.
<prgCoder> samba 4 ?
<rbasak> Yeah, sorry. 3 -> 4.
<prgCoder> I will keep tinkering...
<hxm> exists a log I can see what command executed the restart?
<Abhijit> ??
<hxm> my server is being restarted with no reason, the vps provider says they dont touch nothing
<sarnold> hxm: maybe; check /var/log/auth.log -- if 'sudo' was used, it may have logged the command / user / directory
<hxm> that file only contains the last 2 hours and this has been restarted 6 hours ago
<sarnold> hxm: auth.log.1?
<hxm> yes, I saw the light now
<hxm> same thing
<sarnold> .2? :)
<hxm> i uncompressed it and  it just contains until 7th july
<hxm> but there are many lines like this Jul 13 07:55:01 datatec CRON[12561]: pam_unix(cron:session): session opened for user root by (uid=0) Jul 13 07:55:02 datatec CRON[12561]: pam_unix(cron:session): session closed for user root
<hxm> and Jul 13 07:53:01 datatec CRON[12553]: PAM adding faulty module: pam_systemd.so
<hxm> with grep -Rin restart /var/log I see nothing relevant
<hxm> could be a hardware problem?
<sarnold> hxm: heh, never seen that "faulty module" warning before; the cron lines are fine.
<sarnold> hxm: look also for 'reboot' 'halt' 'shutdown'
<sarnold> hxm: 'panic' and 'oops'
<hxm> no luck :(
<hxm> hey wait, could be an apt-get upgrade that generates the restart?
<sarnold> very unlikely
<Abhijit> what is the way to know if ubuntu is using a preseed file or not?
<pds> preseeding works continues
<pds> wondering how i would attach a script that is run after installation
<Abhijit> pds, there is tag in kickstart file. it executes script post installation. maybe preseed have something similar? or just use kickstart?
<Abhijit> pds, have you used preseed with multiple nic setup?
<ruben23> hi guys i have  alinux server and i got a local NAS also with samba- how would i mount share teh samba share on the NAS on my linux server with user/password - any idea guys..?
<pds> test
<pds> hmm can attach a prescript to a preseed file?
<pds> hmm can attach a prescript to a preseed file?
<ToAruShiroiNeko> My ubuntu server installation is able to connect to the network but not internet. Why could this be?
<ToAruShiroiNeko> I am able to connect to it through ssh locally
<Abhijit> ToAruShiroiNeko, add nameserver 8.8.8.8 as first line in your /etc/resolve.conf comment everything else and then try. do not restart anything.
<ashd> ToAruShiroiNeko: check your gateway
<ashd> ToAruShiroiNeko: if you are using a later ubuntu - resolve.conf if manged by resolvconf
<Abhijit> but we can change it for the time being for testing - by hand manually without resolvconf
<Abhijit> it lasts until reboot or networking restart
<ToAruShiroiNeko> ashd its a fresh install
<ToAruShiroiNeko> resolve.conf has nothing in it, should I create this file?
<ashd> if i change the name of a volume group that holds the root partition - will i have to re-run grub install?
<Abhijit> ToAruShiroiNeko, yes
<Abhijit> ToAruShiroiNeko, you can always delete content later on
<White_Cat> right but I cant even ping the google nameservers
<White_Cat> it cant seem to connect beyond the network
<White_Cat> I am ToAruShiroiNeko btw
<Abhijit> firewall, faulty router / modem, isp blocked you?
<White_Cat> none of those
<White_Cat> I can speak to you on the same network
<White_Cat> my computer and the one ubuntu server installed on shouldnt be any different aside from the mac address
<White_Cat> its a vmware installaiton too so even that is virtual :)
<Abhijit> ok
<bitbyte_> hey guys, any of you know any good resources for how to amend the terminal resolutions ? after grub loads ubuntu my tv wont pick the signal for the server up. i think its because display reolution is too large / small
<Abhijit> bitbyte_, in .xinitrc?
<White_Cat> so what should I try because I have ran out of ideas
<bitbyte_> iâm not too certain because i have not read into it to much
<Abhijit> White_Cat, Reinstall host and guest?
<Abhijit> White_Cat, also you mentioned that you didnt had /etc/resolve.conf. But i think that file should be there by default. you should get this clear. that will show if this install is corrupted or not
<m_tadeu> where's the place to ask about packaging?
<WhiteCat> USPS office? :p
<WhiteCat> sorry sorry
<m_tadeu> :P
<Abhijit> m_tadeu, /j #ubuntu-packaging
<WhiteCat> I am quote a newbie so I m more useless
<Abhijit> WhiteCat, but you are on irc for 8 years!
<m_tadeu> Abhijit: thanx
<WhiteCat> over 8 years actually
<WhiteCat> I have been on the internet since when we had to use vacume tubes :p
<Abhijit> and still a noob!
<Abhijit> there was internet in vaccume tube era?
<WhiteCat> (not really, and no I am not THAT old either)
<Abhijit> ;-)
<WhiteCat> any ideas for my problem?
<Abhijit> not as of now.
<WhiteCat> is there a way to check if it is using some bizzire http proxy setting?
<WhiteCat> thats the only thing that comes to my mind
<WhiteCat> even though I chose not to install it during setup
<Abhijit> WhiteCat, netstat --listen will show you connected processes.
<WhiteCat> okay
<WhiteCat> its pretty much only listening to the ssh port
<WhiteCat> which I already knew since I am connected through it :p
<WhiteCat> there ae a few other items
<dduvnjak> i've updated my machines running precise to openssl 1.0.1-4ubuntu5.16, but they're still detected as vulnerable to CVE-2014-0224
<uvirtbot> dduvnjak: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. (http://cve.mitre.org/cgi-bin/cven
<dduvnjak> openssl changelog indicates that CVE-2014-0224 should be resolved
<uvirtbot> dduvnjak: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. (http://cve.mitre.org/cgi-bin/cven
<dduvnjak> am i missing something?
<dduvnjak> i know that uvirbot :)
<TJ-> dduvnjak: did you restart all processes that link the openssll libraries, before re-testing?
<dduvnjak> yes, i rebooted the machines
<TJ-> dduvnjak: what's detecting the vulnerability?
<dduvnjak> http://csc.cyberoam.com/cyberoamsupport/webpages/scans/index.jsp
<dduvnjak> http://www.tripwire.com/state-of-security/incident-detection/detection-script-for-cve-2014-0224-openssl-cipher-change-spec-injection/
<uvirtbot> dduvnjak: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. (http://cve.mitre.org/cgi-bin/cven
<dduvnjak> TJ: they both show the vulnerability
<TJ-> dduvnjak: tried cyberroam on one of my Precise servers with that OpenSSL version, says its clean
<TJ-> dduvnjak: The script reports "No need to patch."
<dduvnjak> detection seems to work correctly both there and with the python script
<TJ-> dduvnjak: apt-cache policy reports "Installed: 1.0.1-4ubuntu5.16"
<dduvnjak> TJ: i get this:  The site/domain seems to be potentially vulnerable for CVE 2014-0224
<uvirtbot> dduvnjak: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. (http://cve.mitre.org/cgi-bin/cven
<dduvnjak> yes, same package on my side too
<TJ-> dduvnjak: Are you sure the service that you're testing has linked the installed openssl, and not some other crypto library/version?
<TJ-> dduvnjak: could the test you are running be going through a HTTPS proxy that is vulnerable?
<dduvnjak> ldd `which nginx` | grep ssl
<dduvnjak> 	libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fc30c687000)
<dduvnjak> nope, there's isn't a proxy
<dduvnjak> strings /lib/x86_64-linux-gnu/libssl.so.1.0.0 |  grep "^OpenSSL "
<dduvnjak> OpenSSL 1.0.1 14 Mar 2012
<dduvnjak> this checks out, right?
<pds> is it possible to run a postinst seed file in sudo mode (root)
<TJ-> dduvnjak: that appears to
<TJ-> dduvnjak: could the CVE be affected by library configuration?
<dduvnjak> I'm not sure
<dduvnjak> Just discovered something, one of my machines is passing the test
<dduvnjak> everything's identically set up on it, same package and same library
<dduvnjak> wtf
<TJ-> dduvnjak: any load-balancing going on?
<TJ-> dduvnjak: restart one of the failing services, for the hell of it, and retest, maybe?
<dduvnjak> nope, just nginx listening on https
<dduvnjak> tried rebooting the machines again completely, no luck
<TJ-> dduffey: compare the md5sums of the executable and the libraries, across machines?
<TJ-> oops, tab completion!
<dduvnjak> :)
<dduvnjak> i'll try that
<dduvnjak> TJ: after i updated libss1.0.0 and libssl1.0.0-dbg machines passed the test
<TJ-> dduvnjak: So they didn't get updated as part of the openssl package update?
<TJ-> dduvnjak: were they held back for some reason?
<dduvnjak> looks like they didn't
<dduvnjak> not sure, i just updated the openssl package
<dduvnjak> didn't see any errors/warnings
<TJ-> dduvnjak: weird! I hope that isn't a general problem
<dduvnjak> thank you for your help.
<pds> sup guys trying to run a postinst script after my preseed file
<pds> execution of preseed command "in-target wget -O /tmp/postint.sh http://<ip>/postint.sh; in-target /bin/bash /tmp/postint.sh
<pds> d-i preseed/late_command string \
<pds> in-target wget -O /tmp/postint.sh http://192.168.233.138/postint.sh ; \
<pds> in-target /bin/bash /tmp/postint.sh;
<pds>  
<MACscr> pds: and?
<pds> it errors
<pds> give me a moment
<MACscr> with?
<pds> http://www.tiikoni.com/tis/view/?id=a6e5b08
<pds> screenshot
<MACscr> pds: well you need to go to another console (ALT + F2?) and view your syslog to find the error
<MACscr> the script is running, ti just has an error within it
<MACscr> pds: remember that the script needs to be in dash, not bash
<MACscr> just in case you didnt know
<pds> MACscr: excuse me?
<MACscr> what did i say that confused you?
<pds> dash
<pds> you mean /bin/sh?
<MACscr> what about it. That is dash
<pds> didn't realy got the dash part there for a moment
<MACscr> i honestly just finished yesterday with my finish template, etc. So thats the information i have from what i learned
<MACscr> d-i preseed/late_command string wget http://puppet.mgr.myiacon.com:80/unattended/finish -O /target/tmp/finish.sh && in-target chmod +x /tmp/finish.sh && in-target /tmp/finish.sh
<MACscr> lol, oops
<MACscr> but thats what mine looks like
<MACscr> you might be able to force bash the way you did it though
<MACscr> but i honestly im pretty confident your issue is something within the finish script itself
<pds> there i just a simple wget in it for testing
<MACscr> can you pastebin it?
<pds> sure
<pds> pj@pj-pxe-server:/usr/share/nginx/www$ cat postint.sh
<pds> wget http://downloads.sourceforge.net/zabbix/zabbix-2.2.2.tar.gz
<pds> can be more simpeler i guess
<pds> can't be *
<MACscr> 1) you should direct its output to a particular path
<MACscr> 2) maybe your dns isnt working
<pds> dns should be working since i'm downloading from the archive during instal
<pds> l
<MACscr> pxe doesnt use dns
<pds> let me check i must just have been /bash instead of /sh
<MACscr> also, do a full path to wget
<pds> besides i'm using ip :)
<pds> to get the shell script
<pds> any way let me retest
<pds> back in about 20 minutes
<MACscr> yes, getting the shell script isnt hte problem
<MACscr> its the running of it
<pds> yup
<MACscr> hence why i said to look at the syslog to find the actual error
<TJ-> Does the script need a shebang line?
<pds> location?
<MACscr> yes it does
<pds> god darn it
<MACscr> though maybe not if /bin/bash filename.sh is used?
<Pupeno> What solutions are there to have distributed filesystems in Ubuntu?
<MACscr> Pupeno: ceph
<MACscr> moosefs?
<TJ-> MACscr: That was my thought, although its always best to insert shebangs in shell scripts for consistency :)
<MACscr> TJ-: i agree completely
<Pupeno> MACscr: I understood that ceph focuses on key/value/objects and that their performance, for files, is not great. Do you know otherwise?
<MACscr> Pupeno: whats the DFS going to be used for?
<Pupeno> Files for a web app. Upload and generated files to be present in all the instances of the web app.
<MACscr> hmm, ifenslave-2.6 is specific to the 2.6 kernel. Correct?
<MACscr> so with the standard kernel of 3.13, i just use ifenslave?
<MACscr> hmm, i guess i read that wrong
<MACscr> that seems so weird
<jrwren> your bottle neck would likely not be the DFS in a webapp. cephfs is good.
<jrwren> you could also try gluster.
<Pupeno> jrwren: I been trying to get gluster to work for over a month, I'm giving up on it.
<MACscr> then you probably wont have much luck with cephfs
<Pupeno> MACscr: why do you think that?
<MACscr> plus cephfs isnt really production ready
<MACscr> Pupeno: because gluster is easier to deploy =P
<Pupeno> MACscr: their ubuntu specific init files are horribly broken.
<Pupeno> MACscr: the community seems to not know or care too much about non-redhat distros.
<Pupeno> MACscr: what do you mean by cephfs not being production ready? what's the source of that information?
<MACscr> Pupeno: their website =P
<MACscr> https://wiki.ceph.com/FAQs/Is_Ceph_Production-Quality%3F
<jrwren> Some community folk (me) think that redhat exists to run oracle and sacrifices being better at other things.
<Pupeno> I see :(
<rbasak> You think that Ceph isn't great on Ubuntu?
<MACscr> no one said that
<patdk-wk> well, the us mil is very big into rhel too
<MACscr> right. governments love expensive, supported, but stable stuff, that moves slowly with development
<MACscr> not a bad thing really
<patdk-wk> no, it's only a bad thing for developers :)
<MACscr> yep
<pds> script runs but i doesn't seem to store the wget command
<pds> it may be beause i download to \tmp
<MACscr> pds: ha. that would not store things, but it shouldnt cause an actual error
<pds> MACscr: nope it did not
<MACscr> pds: well it did according to the screenshot you showed me
<MACscr> if the finish script doesnt have an exist status of 0, its going to give that error
<bitfury> !info mysql-server
<ubottu> mysql-server (source: mysql-5.5): MySQL database server (metapackage depending on the latest version). In component main, is optional. Version 5.5.37-0ubuntu0.14.04.1 (trusty), package size 12 kB, installed size 130 kB
<cloudman> geez guys, bloody updates, never ending
<rbasak> cloudman: you don't have to take them!
<rbasak> cloudman: you can opt for security only if you like. Though a security update will include all previous updates.
<cloudman> rbasak:  just had a load of mysql updates so its not ubuntu but geez its like every day now :)
<cloudman> so and so found a problem etc ...  I guess its very complicated for the developers
<rbasak> cloudman: you could always install an EOL release if you don't want any updates :-P
<rbasak> 10.04 maybe?
<lordievader> Why not 6.04, then you are sure it is EOL :P
<cloudman> 12.04 here ;) and one server 14.04
<RoyK> cloudman: use a cronjob ;)
<cloudman> RoyK have that built into virtualmin but I like to test updates first as I have a dozen live production servers
<cloudman> tempted to use it though
<rbasak> cloudman: please test from the -proposed pocket. Then you have further advanced warning, and if you find a regression it would be helpful for us to know so we can block it going out.
<rbasak> cloudman: that doesn't apply for security updates like this mysql one though
<cloudman> rbasak:  ty I have a lot to learn still
<cloudman> Anyone do outsource server maintenance here feel free to pm me, just don't have the time
<bitfury> if I wanted to grant read access permissions to a group for mysql, tomcat and nginx logs (/var/log) should I just add them to group mysql, nginx and mysql ?
<linuxgeek_> hi, i want to know what is the max lun number supported by a linux kernel,
<linuxgeek_> where can i get this info
<bitfury> or o+rx to specific directories within /var/log?
<Pici> bitfury: typically the 'adm' user group has read access to /var/log
<linuxgeek_> i was reading LUN number supported http://support.bull.com/ols/product/system/linux/redhat/help/kbf/g/inst/PrKB11417
<linuxgeek_> and it says modinfo scsi_mod
<linuxgeek_> and when i do that it says ERROR: modinfo: could not find module scsi_mod
<bitfury> Pici: ahh I see
<linuxgeek_> thats bcoz i have fc attached
<linuxgeek_> not scsi
<bitfury> Pici: thank you
<rberg_> hi on a few servers running ubuntu 12.04 I see the sterling pound symbol during boot all over the screen, they are gone by the time getty spawns the login prompt. and on tty7 (no X and no login prompt) I see "error no suitable mode found".. are they related and what could be causing that symbol to be printed?
<rberg_> by searching that seems to be a grub error, although I dont see it around grub.. I see it in boot.log and on tty7.. strange
<keithzg> Random question but perhaps someone here might know: are there any tricks to getting google to list the HTTPS version of a site, or does one just have to wait and hope it trawls enough links to the HTTPS version somewhere that it starts listing it as such by default? Finally set up HTTPS on my company's website, heh.
<Ro_> hello, I have ubuntu server with Xen running in it, On top of Xen Dom0 I want to launch Cloudstack.
<Ro_> Xen is working, cloudstack is working
<Ro_> but I can't add host machine to a cloudstack, I got an error "Unable to add the host"
<Ro_> I guess the problem is that I cant use xe commands from http://docs.cloudstack.apache.org/projects/cloudstack-installation/en/latest/hypervisor/xenserver.html
<Ro_> Is there a way to configure it without xe command?
<bitfury_> I just installed OpenVPN on Ubuntu 14.04 but can only ping server, nothing behind it..
<bitfury_> anyone ever run into this?
<bigbrovar> Hi guys.. am setting up an ldap server.. so far so good all is well, except the part when I want to grant more pretty much admin access to an ldap user.. I created this file http://paste.ubuntu.com/7811153/ but when I tried to add it to the ldap config using  ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcAccess.ldif .. I get this error  implementation specific error (80) olcAccess handler exited with 1
<bigbrovar> am on ubuntu 12.04
<bigbrovar> I am only able to add the ACL entry when I leave a space after olcAccess: {3}to *  however doing this means the ACL is not granted to specified user as the extra space is carried over to the cn=config database file (which can't be manually edited -or can it)
<bigbrovar> am all new to ldap but am thinking I might have stumbled on a bug
<bigbrovar> I know slapd.conf is now deprecated.. however is it possible to create a slapd.conf file with just acl ldap entries? am still a newbie at ldap
<prgCoder> anyone know if I can uninstall samba from 14.04 and installed samba3 ?
<rbasak> prgCoder: only if you install it from some other source.
<prgCoder> rbasak: ok - maybe I can do it from an rpm package
<rbasak> prgCoder: you'd probably be better off rebuilding the samba 3 package from Saucy.
<sarnold> I'd probably prefer to build the upstream samba3 tarball from source in /usr/local/ instead. that way you can easily get updates applied if they ever release any further updates...
<prgCoder> food for thought - thanks guys
#ubuntu-server 2014-07-18
<manjo> how does the power button work for servers? does it work thro systemd/logind.conf ? or thro acpid ?
<manjo> the powerbtn.sh seems to check for logind and exit when acpid is used
<manjo> and uncommenting powerkey in logind.conf does not help either
<zartoosh> Hi I have installed ubuntu 14.04 on my system. I would like anytime dhcp server starts on my system remove with new client lease file so it can try to get new IP address. Is this possible? thx
<ruben23> hi guys any idea on my ubuntu server - i went to cd /mnt  and i created a directory im already as root user but i get this  ----> [root@elastix mnt]# mkdir testcalls --- mkdir: cannot create directory `testcalls': No such file or directory
<sarnold> ruben23: try 'cd `pwd`' then re-try your mkdir
<sarnold> ruben23: that can happen if you deleted the /mnt directory out from underneath your process
<ruben23>  sarnold: what i will do is  cd..? and pwd..?
<sarnold> ruben23: or just cd /mnt   :) your choice
<ruben23> [root@elastix mnt]# cd /mnt
<ruben23> [root@elastix mnt]# mkdir testcalls
<ruben23> mkdir: cannot create directory `testcalls': No such file or directory
<sarnold> yikes. no idea! sorry
<zartoosh> hi I want to remove a debian package using apt-get remove command but I do not want the package dependencies to be removed, Is this possible? thx
<rbasak> zartoosh: use dpkg --remove
<zartoosh> rbasak, thx
<Kawaiola> This may seem like a basic question however when I scour the internet for the answer there isn't anything straight forward I need to figure out how to make a group in apache
<sarnold> Kawaiola: what as a 'group in apache'?
<tortib> hello can someone help me with this issue?  http://paste.ubuntu.com/7812741/
<tortib> I'm running ubuntu-server 14.04
<sarnold> tortib: you don't want to do that; it or more less destroys your system :(  https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1072518
<uvirtbot> Launchpad bug 1072518 in ifupdown "Restart networking crashes dbus and the desktop manager" [Critical,Fix released]
<tortib> sarnold, oh?
<tortib> but I added some IP addresses to the /etc/network/interfaces config file and I want to configure them on the interface now...what's the 'proper' way of doing that on ubuntu?
<sarnold> tortib: yeah. without that new guard in place, it made for some extremely upset bug reports. (One from me, haha)
<sarnold> tortib: 'ifup ifacename'
<tortib> oh
<tortib> okay
<sarnold> tortib: or maybe 'ifup -a'
<tortib> That didn't do it.
<sarnold> hrm, can you pastebin your interfaces file?
<tortib> I would rather not
<sarnold> fairenough
<sarnold> you could strace -f -o /tmp/networking ifup iface   and look for errors in the strace
<tortib> ifup: interface eth0 already configured
<sarnold> ifdown eth0; ifup eth0  ?
<tortib> sarnold, so I guess I had the config wrong :)
<tortib> how do I add an address? I have iface eth0 inet6 static and then below i have address 2400:6180:0000:0000:0000:aaaa:bbbb then below that I have netmask 64
<tortib> sarnold, I have that set in /etc/network/interfaces
<tortib> :x
<sarnold> tortib: hrm, the manpage says "Address (colon delimited/netmask) required" -- maybe try 2400:6180:0000:0000:0000:aaaa:bbbb/64 ?
<tortib> I already have a static ip address set in there and it's the format I described
<tortib> gateway is also specified that way
<sarnold> tortib: what's "2600"? I don't see that class on the wikipedia ipv6 address page
<sarnold> (I haven't fought the ipv6 fight yet myself..)
<tortib> 2400 you mean?
<tortib> It's digital oceans IPs
<sarnold> sigh, yeah, that's what I meant. hrm, I'm surprised it looked so unusual..
<tortib> sarnold, I'm trying to add this to my /etc/network/interfaces config
<tortib> http://paste.ubuntu.com/7812857/
<tortib> it's a tunnel for hurricane electric
<tortib> but everytime I try ifup eth0 it says the interface is already configured
<sarnold> tortib: how about 'ifup he-ipv6'?
<sarnold> tortib: is the 'ip' command available?
<tortib> yes
<tortib> oh it's working now
<sarnold> woot! nice :)
 * tortib does a dance
<tortib> but i'm still not able to use ifup eth0
<tortib> so I can't assign any ipv6 ips from my /48 to the interface to route traffic :(
<sarnold> tortib: you need to bring it down bevfore you can bring it up; did ifdown eth0 ; ifup eth0 work?
<tortib> sec
<sarnold> oh jeeeze, I just figured out 'tortib' :) must be bed time :)
<tortib> well
<tortib> i can't add any ips to the config
<tortib> it doesn't start the interface for some reason
<sarnold> tortib: drat. maybe you're only allowed one addr family per interface in that file. if you want to add more IPs to an interface, you have to use the 'up' or 'post-up' commands to run ip addr add ... dev ...   manually
<sarnold> tortib: maybe you have t o do the same if you want both ipv6 and ipv4 addresses on an interface :/
<tortib> http://askubuntu.com/questions/313877/how-do-i-add-an-additional-ip-address-to-etc-network-interfaces
<sarnold> funny; the foo:0 'aliased' interfaces haven't been necessary for over a decade but the interfaces file never adapted..
<tortib> yeah
<sarnold> either way I guess, whatever you like more :)
<sarnold> bedtime ;) good luck tortib
<tortib> i'm just going to use if.up and create a script to add the IPs to the server that way
<tortib> thanks sarnold nice talking to you
<sarnold> nice talkin to you too :) have fun
<jdmf> I'm looking for an Ubuntu 14.04 Rescue image, that I can boot from via PXE/Netboot. Or something similar. I'm using PXE to install OS, but I also want to have a simple OS that I can create and startup my self.
<pds> messing around with preeseeding however it's hang up - any way to see what's frong
<peetaur2> pds: hit ctrl+alt+f# until you find the one with the log
<pds> hmmm you don't have way to install software in /bin/sh
<peetaur2> or look around for the log file in a termina
<pds> try to run the following in a postinst
<pds> sudo apt-get install apt-add-repository
<pds> sudo apt-add-repository ppa:rquillo/ansible
<pds> sudo apt-get update
<pds> sudo apt-get install ansible
<pds>  
<peetaur2> don't use sudo
<peetaur2> and you should use the in-target thing
<peetaur2> and are you aware that it is one long logical line, so you have to use \ at the end of the line, and ; between commands?
<peetaur2> and you should test your commands manually too ... I bet the repo one will ask interactively about accepting a key or some such
<pds> any workaround ?
<pds> hmmm will mess a bit around :)
<pds> like always :)
<lordievader> pds: Does the script run as root?
<pds> a postinst so probably the user that has be created during the install
<peetaur2> preseed stuff runs as root
<peetaur2> it is running in the installer environment
<lordievader> Ah, yes, then drop the sudo. It will probably break on that asking for a password or something.
<pds> preseeding = lots and lots of testing :)
<zartoosh> HI I have a server which gets its Ip address from dhcp. Uing ubuntu 12.04, I could move the disk on my system to another system by removing /etc/udev/rules.d/70-persistnet-network (not sure about name).  System would get new IP address from dhcp server.  Now I have moved to ubuntu 14.04. I do not see that file is getting created all the time.  Also if  I move the disk to another system, the new system still tries to boot with old I
<zartoosh> P address and it does not try to get new IP from dhcp server? thx
<flix> Hi guys and gals! Anyone willing to help me with a port/firewall issue? I want to change my nginx configuration such that the server listens on a different port other than 80, say 82. But as soon as I do that it becomes unavailable, so the firewall thing is my first guess, but I don't seem to be able to fix it... :(
<flix> Not exactly knowing what I'm doing -- I didn't set the server up myself and I'm not very familiar with Ubuntu --, but I've added a rule in iptables (iptables -A net2fw -p tcp --dport 82 -j ACCEPT) and in ufw service (ufw allow 82) but that doesn't seem to help. When I try to access the server I get a timeout.
<Dave404> Could someone help me with an upgrade from 10.04 server? Here's the issue I'm having: http://pastebin.com/GHtY9mcm
<rbasak> Dave404: you need to go via 12.04. YOu can't upgrade from 10.04 to anything else.
<Dave404> rbasak: erk. Erm, how can I do that without losing my configuration?
<rbasak> Dave404: carefully?
<rbasak> Dave404: back up first.
<rbasak> Dave404: you will lose some configuration, because configuration necessarily changes with newer releases of various packages.
<rbasak> Dave404: you have to adjust everything.
<Dave404> I was mostly worried about having to configure my mail server again
<Dave404> I'm amazed I managed it the first time
<rbasak> You will most likely have to.
<rbasak> Stuff changes. Upstreams deprecate old configuration directives. Etc.
<Dave404> It's more a concern because when I installed mail server documentation apparently required a degree in compsci to be understood
<patdk-wk> :)
<rbasak> The best thing to do is record what you do to configure a server, and make that automatic. Then work on a new installation on a new release and update that configuration until it works. Then switch over.
<patdk-wk> rsyslog pisses me off so much for that :(
<Dave404> Apache and so forth are a doddle these days
<rbasak> You'll be upgrading from Apache 2.2 (at most) to 2.4. Various configuration directives have changed.
<Dave404> Apache I'm not worried about
<Dave404> Apache is fairly user friendly
<rbasak> Well, you see my point.
<patdk-wk> what mailserver do you use?
<Dave404> I'm honestly not sure
<patdk-wk> cause nothing has really changed in postfix
<patdk-wk> and only alittle in dovecot
<Dave404> I recall Dovecot being one component
<patdk-wk> atleast those programs are very good about backwards config compatability
<Dave404> I remember it not being clear what the different parts were for only that they needed to be configured
<patdk-wk> well the issue with email is, it's a huge stack
<patdk-wk> lots of software doing stuff
<Dave404> I was just surprised that we (that is to say geeks worldwide) hadn't manage to make it a little easier to install by now
<Dave404> One can have an instance of Apache up and running in minutes
<Dave404> On the plus side the documentation looks to have improved
<Dave404> Sorry to be a negative nitwit
<patdk-wk> dave404, it's not suppost to be easy :)
<patdk-wk> if it was, every spammer would have one :)
<patdk-wk> and that is what everyone running a mail system is attempting to avoid
<Dave404> That seems like throwing the baby out with the bathwater
<patdk-wk> why?
<patdk-wk> if you really want your emails to be read
<patdk-wk> you will follow what the receiver requires, or pay someone to do it for you
<Dave404> I don't think I follow but it sounds confrontational
<patdk-wk> email is :)
<patdk-wk> due to spam/viruses, no server will accept the fact you are who you say you are, till you prove yourself
<patdk-wk> and doing that proof requires a lot of work
<rbasak> I have some plans to make all of this better in a fairly revolutionary way, but I haven't had any time to work on it recently :-(
<patdk-wk> rbasak, including dns, spf, dkim, dmarc?
<Dave404> I'm not sure how that affects setup to the point of making it so difficult. That sounds like the sort of thing that affects the underlying mechanics rather than the end-user's setting up of it
<rbasak> patdk-wk: yep!
<patdk-wk> end user? the end user is simple
<patdk-wk> the issue with end users, is email programs are still written from the 80's
<Dave404> I recall the documentation alternating between aggravatingly vague and impenetrably deep
<patdk-wk> why do they default to port 25? 25 was done away with in 2005
<Dave404> So it would say "You need these packages. Oh and this one." without explaining what the purpose of any of them was in an approachable way
<Dave404> Then further down it would assume one understood how the parts fit together and the explanation could skip to properly in-depth things
<Dave404> From what I can see at least some of that has been remedied
<Dave404> Okay, so PostFix exchanges email between the server and the outside world. Cool.
<Dave404> Then Dovecot makes it accessible remotely - serving up email via POP3 or IMAP
<Dave404> Sorry, rubber ducking
<patdk-wk> :)
<patdk-wk> oh, I think I know what you want
<patdk-wk> a generic all in one, smtp server tutorial
<patdk-wk> I'm not much of a fan of those, probably why I'm coming off that way
<Dave404> Something like that would be nice, yes. I find it difficult to get into things properly if I'm just stumbling in the dark. I need a general grasp of the big picture before I can appreciate where the details fit in :(
<patdk-wk> well, what I would agree more with, and I have seen a few but kindof rare
<patdk-wk> is more a guide to what is needed
<patdk-wk> and pointers to documentation for them
<patdk-wk> like, you will need postfix, dovecot, likely too amavisd-new, clamav, spamassassin
<patdk-wk> and optionally, policyd, postsrs, ...
<Dave404> It might also be worth noting it's a tiny mail server in terms of users. There's like 3 accounts
<patdk-wk> but like most all tutorials, you get, this is what I did, you have no clue if I did it correctly, or if I documented this correctly, or what any of this means, just follow it :)
<patdk-wk> the amount of people doesn't matter
<patdk-wk> it comes down to, how successful you want your emails to get out
<patdk-wk> how much spam you don't want to get in
<Dave404> In all honesty I've never received any spam on these accounts
<patdk-wk> and how much protection you want from if an account gets compromised or the website is hacked
<Dave404> In the entire time I've run them
<patdk-wk> then you must not submit those email accounts to many likes
<patdk-wk> the worst amount of spam I got, was after I had to sign up for microsoft partner :(
<Dave404> They're not signed up to anything beyond PayPal, I think
<patdk-wk> second worse, and this involed phone calls also, was hitting the inc500
<patdk-wk> now, my wife gets all kinds of crud
<patdk-wk> but she puts her email in everything
<patdk-wk> and signes up for every single *offer*
<Dave404> I use my personal gmail account for stuff like that and let them handle spam
<patdk-wk> so atleast the spam part you don't have to worry about then
<patdk-wk> postsrs you only need to worry about if you relay/forward emails
<patdk-wk> policyd protects you from a compromised account from sending too much spam, or from your website doing it
<Dave404> It's a low traffic mail server mostly for handling some super-simple business stuff
<patdk-wk> the first time someone gets a virus, and a spammer gets the account password, it will no longer be low volume :)
<Dave404> No Windows users :)
<patdk-wk> not sure what that has to do with it
<Dave404> I'm not sure how to respond to that
<patdk-wk> your claiming, if you run windows, there is no way your password can be compromised?
<patdk-wk> don't run
<Dave404> I didn't claim that.
<patdk-wk> ok, not sure what, no windows users, has to do with anything then
<Dave404> You mentioned viruses.
<patdk-wk> yes
<patdk-wk> those exist on macos, linux, ...
<Dave404> Not exactly a common problem though compared to the way they are in the world of Windows
<patdk-wk> no?
<patdk-wk> every single java issue is also a linux issue, unless your not using oracle java, then it might not have that security issue :)
<patdk-wk> every flash issue is also an issue, likely more so now, without anymore updates
<patdk-wk> if you never run java/flash/javascript your likely safer
<Dave404> In all honesty I'm more concerned about issues with WordPress than I am about viruses on my desktop
<patdk-wk> wordpress has endless issues :)
<patdk-wk> you can limit it's issues somewhat by using apparmor
<Dave404> Yes, I know my *nix desktops aren't impenetrable fortresses but they also don't roll over at the first auto-downloading .exe file
<Dave404> So I'm not super concerned about someone pinching my password. I'm more concerned about issues somewhere else in the system allowing access without said password
<foelix> Hi all! I'm sorry, I posted this before (half an hour ago) from a webchat but was disconnected (and didn't receive an answer afaikt).
<foelix> Can someone help me with configuring a Ubuntu 14.04 server such that nginx listens on port 82 instead of 80?
<foelix> Here's the thing: Nginx works when set to 80 but requests time out when I change the port to 82. I added a iptables rule [iptables -A net2fw -p tcp --dport 82 -j ACCEPT] and also [ufw allow 82] but I'm probably missing something...
<patdk-wk> strange
<patdk-wk> ufw? and shorewall?
<patdk-wk> and you didn't use shorewall to do it?
<patdk-wk> are you sure nginx is listening on port 82?
<patdk-wk> you verified via netstat?
<RoyK> patdk-wk: viruses exist on virtually all platforms, but given the volume of such things on windows compared to anything else, you can say viruses virtually do not exist on anything but windows
<patdk-wk> royk, depends
<foelix> sudo netstat -nap |grep 'nginx'
<foelix> tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      25639/nginx
<foelix> tcp        0      0 0.0.0.0:82              0.0.0.0:*               LISTEN      25639/nginx
<patdk-wk> I find a virus every single day on linux
<patdk-wk> I only find them about once a year on windows
<patdk-wk> but then my windows machines have no internet access
<patdk-wk> but the linux ones do
<RoyK> then it's not remotely comparable
<foelix> I'm not familiar with the server (didn't set it up myself). How do I check shorewall?
<patdk-wk> is there an /etc/shorewall folder?
<foelix> oh, yes.
<patdk-wk> edit the rules file in there
<patdk-wk> ACCEPT net $FW tcp 82
<patdk-wk> if you want net only
<patdk-wk> depends on what all else is connected to that machine
<patdk-wk> then do a, shorewall restart
<foelix> No way!!
<foelix> it works
<foelix> Thank you so much patdk-wk!
<foelix> I knew it was something trivial.
<patdk-wk> well, if you used iptables correctly, that would have worked (for awhile)
<patdk-wk> but adding an accept rule, AFTER the return rule, is not too useful
<patdk-wk> heh, funny email
<patdk-wk> Remember before you call "Reboot" - "Reboot" - "Reboot"
<foelix> Thanks for pointing that out! Makes sense. I'm still just a bloody noob after all... :)
<foelix> So using ufw (which is enabled on that server apparently), doesn't automatically take care of shorewall, is that right?
<patdk-wk> those are two totally different firewall tools
<patdk-wk> and how do you know ufw is enabled? and not just *installed*
<RoyK> ufw status_
<RoyK> ?
<cfhowlett> !ufw | RoyK
<ubottu> RoyK: Ubuntu, like any other Linux distribution, has built-in firewall capabilities. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | GUI frontends such as Gufw also exist. | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo
<RoyK> Chris_hubu: I know...
<RoyK> eh
<RoyK> cfhowlett: I know
<Chris_hubu> heh
<RoyK> cfhowlett: I was just trying to suggest using ufw status to check if it was enabled :P
<cfhowlett> RoyK sorry, I came in mid-thread.  proceed.
<rbasak> zul, coreycb, matsubara, lutostag, gnuoy, gaughen, kickinz1, beisner, rharper: o/
<Dave404> Again, for my own future reference, here's the code I used: grep -rl "gupfiihzra" . | xargs sed -i 's/<\?php \$gupfiihzra.*\$cmhvuwnohn-1\; \?\>//g'
<matsubara> o/
<beisner> o/
<rharper> rbasak: \o
<lutostag> \o
<rbasak> Everyone else: my team are going to do some virtual sprinting for the next couple of hours to get a bunch of server packages merged and sponsored
<gnuoy> \o
<gaughen> o/
<kickinz1> o/
<zul> helo
<rbasak> Feel free to watch, or join in, etc. There are sponsors here to try and help and get packages and other server fixes landed.
<rbasak> http://reqorts.qa.ubuntu.com/reports/ubuntu-server/merges.html is a list of ~ubuntu-server subscribed packages that may need a merge
<rbasak> https://merges.ubuntu.com/ has the full list
<rbasak> https://wiki.ubuntu.com/UbuntuDevelopment/Merging is a helpful guide
<rbasak> Does everyone want to pick a package that looks interesting to you, and see if you can either update it, or find out why that would be inappropriate?
 * kickinz1 reading
<rbasak> Let us know what you're looking at to save duplicate work
<rharper> rbasak: I'll try vgabios
<rbasak> rharper: sounds good!
<rharper> grab-merge says it's maintained in revision control -- need to investigate
<rbasak> It may be telling you about for Debian, rather than Ubuntu.
<rharper> ah
<gaughen> rbasak, if it shows one of our team members names for last uploader, should we ask first?
<gaughen> some of these look very openstacky
<rbasak> gaughen: yes. The general locking mechanism to avoid duplicate work is to check with the last uploader.
 * lutostag takes a look at autofs
<foelix> sorry for the delay: service ufw status says "running" -- that's why I assumed it was active.
<rbasak> lutostag: great, thanks!
<gnuoy> nagios-nrpe for me!
<rbasak> I don't particularly have a plan for how this session might work btw, we'll just see how it goes I guess.
<rbasak> I'm happy to go through decisions about each package merge if you want to have that discussion here. Or if you know what you're doing, just go ahead and prepare the merge.
<rbasak> gnuoy: thank you!
<gaughen> okay, rbasak I pick numactl
 * kickinz1 takes alsa-utils
<gaughen> rbasak, I have no idea what I'm doing.
<beisner> rbasak: i'll give samba merge a spin.
<kickinz1> (why is alsa-utils, in server list ?)
<rbasak> beisner: great! Note that I know I can't upload samba, so we may need zul to sponsor that.
<rbasak> gaughen: no problem - I'll go through it here. That'd be a good example of the process I think.
<zul> rbasak:  *cough* core-dev *cough*
<gaughen> zul, hahahahahah!
<rbasak> beisner: also I happen to know that samba FTBFS in Utopic right now. I discovered that yesterday. Maybe it's fixed in Debian now though.
<beisner> rbasak, do you have a blog post yet?  ;)
<rbasak> (I haven't had time to look yet!)
<gaughen> beisner, he needs a wiki page!
<rbasak> kickinz1: that's a good question.
<gaughen> beisner, with info about him like that he likes american football, etc, etc
<rbasak> kickinz1: http://people.canonical.com/~ubuntu-archive/germinate-output/ubuntu.utopic/ is a good place to look
<kickinz1> rbasak, I take another one?
<zul> rbasak:  also things like keystoneclient, heatclient, etc should probably be blacklisted
<rbasak> kickinz1: sure. It's certainly a low priority for server anyway.
<rbasak> zul: yes - I have a plan to implement some sort of blacklisting for the merge report, but there are a bunch of things above it on my TODO list :(
<zul> rbasak:  i so dont know what that is like
<rbasak> gaughen: OK so let's look at numactl
<gaughen> okay
<kickinz1> ok I'll look at keepalived
<rbasak> I see that it was last uploaded by dannf, sponsored by seb128, from that report, and it looks like Debian have moved from 2.0.9~rc5-1 to 2.0.9-1 since.
<rbasak> kickinz1: great!
<rbasak> gaughen: so the first place that I go to next is http://packages.qa.debian.org/numactl. This is the Debian PTS, which tells me all about this package in Debian.
<rbasak> Another important page is https://launchpad.net/ubuntu/+source/numactl, which is the equivalent Ubuntu page.
<rbasak> From the Debian PTS page, I follow a link to the changelog, on the right under links
<rbasak> Here I can see what Debian have change since Ubuntu diverged.
<gaughen> let me find the versions again
<gaughen> I better write them down
<rbasak> I'm interested in changelog entries that follow 2.0.9~rc5-1, since the 2.0.9~rc5-1ubuntu2 in the Ubuntu version in Utopic tells me that that's the point where Ubuntu diverged.
<matsubara> I'll take python-flake8
<rbasak> matsubara: great - thank you!
<kickinz1> grab-merge is dangerous!
<gaughen> rbasak, oh cool that doesn't look too bad
<gaughen> just one changelog entry
<rbasak> gaughen: right. Just one change.
<rbasak> (well, one Debian upload, with three distinct changes logged)
<rbasak> gaughen: next, I want to know what Ubuntu has changed, so that we can assess what we need to upload to update Ubuntu
<rharper> rbasak: so, the file with conflicts was debian control, so looks like a simple change in the Maintainers list
<rbasak> So to do that I click on 2.0.9~rc5-1ubuntu2 under the Utopic section in https://launchpad.net/ubuntu/+source/numactl
<gaughen> rbasak, what does "* Upgrade standards to 3.9.5 (no change)" mean?
<rharper> rbasak: should I update the XSBC-Original-Maintainer value to match the Debian Maintainer value ?  Debian QEMU Team vs Debian QA Group ?
<rbasak> rharper: that's from grab-merge for vgabios, right? What's the rest of the previous Ubuntu delta look like - is it still applicable now?
<rbasak> gaughen: debian/control must define the Debian policy version that the package complies to. When Debian updates policy, then the package declares compliance with an old policy.
<gaughen> aaah okay
<rharper> rbasak: yes -- I think so http://paste.ubuntu.com/7814707/
<rbasak> gaughen: so the Debian maintainer must check the policy changelog, make sure the package is compliaant with latest policy, and bump the policy version the package declares compliance with.
<rbasak> gaughen: in this case, he's done that, and found that he's not needed to make any changes. So he's just changed the declaration in debian/control, and logged the change like that.
<gaughen> cool
<rbasak> gaughen: in Ubuntu, we don't usually want to introduce a delta just to meet Debian policy, as that's just tedious to maintain. So we leave it to Debian (or file bugs and patches with Debian)
<rbasak> gaughen: the exception is for packages which aren't derived from the Debian package (eg. Juju). There, we originate the package so we update in the same way to bring packages up to compliance.
<rbasak> rharper: yes - XSBC-Original-Maintainer should match the Maintainer field from the Debian package our diverged package is based on
<rbasak> rharper: is that the entire diff?
<rharper> rbasak: thats the only change , yes
<rharper> the REPORT file shows only debian/control
<rharper> as a file with conflicts
 * rbasak takes a look
<beisner> lol, grabmerging samba advises:  'It looks like this package is maintained in revision control  ...  You almost certainly don't want to continue without investigating.'
<gaughen> ha!
 * beisner give samba back to the floor.
 * beisner gives samba back to the floor.
<matsubara> rbasak, I'm in a similar situation as rharper, there's a conflict in debian/control in the maintainer field: http://paste.ubuntu.com/7814740/
<rbasak> rharper, matsubara: so there's a tool called update-maintainer
<rbasak> The background is https://wiki.ubuntu.com/DebianMaintainerField
<rbasak> This is why, if in Ubuntu we change the package (ie. diverge from Debian), we rename the field.
<rbasak> What the tool does is trivial, so you can fix it up by hand. But  matsubara's conflict looks a bit confusing to me because the original fields were multiline. It may be easiest to select the Debian side of the conflict, and then to just run update-maintainer to fix it for Ubuntu again.
<rharper> rbasak: so, once I've updated the file with conflicts, what's next?
<rbasak> rharper: looking
<rbasak> rharper: so you've fixed the conflict manually, but you still have something that merge-o-matic thinks might be right. But this assumes that it's fine to merge Ubuntu changes with Debian changes.
<rbasak> rharper: it may be the case that the changes apply but don't make logical sense, or break the package.
<rharper> ok
<matsubara> rbasak, Cool, I left the debian part and ran update-maintainer and now I got this debian/control file: http://paste.ubuntu.com/7814762/ and am ready for the next step
<rbasak> rharper: debian/source/format says "3.0 (quilt)", so this is a modern best-practice package that uses the quilt system.
<rharper> rbasak: I think they make sense;  the ubuntu changes add new screen modes;  the upstream changes in debian are unreleated, so I think the ubuntu change still make sense
<rbasak> rharper: so the next thing I did was to run "quilt push -a", and this failed. Do you get the same thing?
<rharper> rbasak: where are you running that? in the 5ubuntu1 dir ?
<rbasak> rharper: I also followed the bug link in the Ubuntu delta, which linked to a Debian bug, which is apparently fixed in Debian. So I think the changes maybe do conflict.
<rbasak> rharper: yes - in vgabios/vgabios-0.7a-5ubuntu1/
<rharper> ah
<rharper> % quilt push -a
<rharper> No series file found
<rbasak> rharper: ah, sorry.
<rbasak> rharper: http://wiki.debian.org/UsingQuilt
<rbasak> export QUILT_PATCHES=debian/patches
<rbasak> export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index"
<rharper> ah, right
<rbasak> rharper: those two lines should set you up quickly for hnow
<rharper> new box doesn't have those settings
<rharper> yeah, I get failed push now
<rbasak> rharper, matsubara: so the general task here is to examine the previous Ubuntu delta carefully, the new Debian changes carefully, and figure out how to apply the Ubuntu delta on top of latest Debian package.
<rbasak> In git terms, this is a rebase.
<rharper> right
<rbasak> Debian may have picked up changes that Ubuntu made, for example, but in a different way.
<rbasak> merge-o-matic tries to do it automatically, but this isn't necessarily safe. You still have to check that it makes logical sense.
<rbasak> When you're done, you can build a source package (I use "debuild -us -uc -nc -S"). Then examine diffs using debdiff against the old and new .dsc files.
<matsubara> rbasak, ah ok, even though the REPORT says the only conflict is in debian/control, whatever the tool did merge automatically and didn't flag as a conflict needs some eyeballing just to make sure?
<rbasak> A sponsor usually wants to see the diff between the new debian package and the new proposed ubuntu package, and the diff between the old ubuntu package and the new ubuntu package. I usually want to see the diff between the old debian package and the old ubuntu package as well.
<rbasak> matsubara: right - you go tit
<rbasak> you got it
<rbasak> I find merge-o-matic useful only for trivial merges, because I want to check every aspect of the old Ubuntu diff manually to make sure that whatever the reason it was there before will still work in the new upload.
<rbasak> I know other Ubuntu devs who are happy to examine the whole diff that way though.
 * hallyn_ does like to look at full debdiffs
<rbasak> So what you do exactly is up to you - provided that you're confident at the end of your process that the whole previous Ubuntu delta is accounted for in some way
<rharper> rbasak: in this case, it appears that some of the ubuntu patches have already been applied; should they be dropped if all of the contents of the patch are included in the newer package ?
<hallyn_> yup, that's the idea case
<rbasak> right
<hallyn_> then note that in the changelog
<hallyn_> s/idea/ideal/
<rharper> ok and what's the quilt way to drop the patch?
<rbasak> If all changes can be dropped, then we can sync the package directly from Debian and drop our delta. That's the most ideal.
<rharper> rbasak: right
<rbasak> quilt has a command to do it. I just "quilt pop -a", remove the patch from debian/patches/series and the patch file itself.
<rbasak> (which also works)
<hallyn_> rharper: depends on how you got yoru source tree;  i assume it's not yet applied, else it woudl have failed no?
<rharper> hallyn_: right, quilt push -a failed
<rharper> so nothing is applied
<hallyn_> right so just remove that line from series,
<hallyn_> and remove the patch file
<hallyn_> (and add to changelog :)
<hallyn_> profit
<rharper> ah, I was hoping there was a quilt remove
<gnuoy> rbasak, I have a patch that's in the ubuntu package but not in the debian one and I don't see any mention of why
<rharper> that did the series and file removal
<rbasak> rharper: careful there - it may have applied some and then failed on one, so you may still have some applied.
<rbasak> rharper: I think there is a quilt remove (or something).
<rharper> rbasak: its at the top of the series (first file in the list)
<rbasak> rharper: also safe is to quilt pop -a to be sure.
<rharper> rbasak: indeed
<rbasak> gnuoy: so it sounds like you probably need the patch still. If the details of the patch itself make sense there. Does it still apply?
<rbasak> Is anyone blocked, BTW? I feel OK keeping up right now but am not entirely sure, so please remind me if you're waiting on a question.
<rharper> hallyn_: would you use dch  to add a line for removing a patch that's already present?  is there a format or anything for that sort of entry ?
<matsubara> rbasak, when you say compare the delta between the two packages, looking at python-flake8_2.1.0-1ubuntu1.patch and python-flake8_2.1.0-2.patch should suffice, right? I see that the debian maintainer changed the order of the dependencies and some wrapping (which I think genereated the conflict in the control file) and the ubuntu maintainer added autopkgtests to the package, so it seems that I want to keep the debian changes and k
<matsubara> eep the autopkgtests
<gaughen> rbasak, so I looked at the ubuntu1 and ubuntu2 diff's and they look pretty small - just adding ppc64el (for ubuntu1) and arm64 (for ubuntu2)
<hallyn_> rharper: dch -a
<hallyn_> appends an entry without bumping the version #
<rbasak> gaughen: looking
<hallyn_> it will updcate the mod time, so i usually do that
<hallyn_> rharper: take a look at changelog for qemu.
<gaughen> rbasak, was just talking through
<gaughen> I'll keep going, you're answering questions
<hallyn_> rharper: bc i have to do a lot of that every time i merge from debian or upstream
<rbasak> gaughen: no I think I'm clear right now :)
<rbasak> gaughen: so it looks like your one is straightforward and should cleanly merge
<rbasak> gaughen: personally, this is the point I choose merge-o-matic.
<gaughen> rbasak, SWEET! I picked well!
<rharper> hallyn_: ok
<rbasak> gaughen: so find a directory to use somewhere, and run "grab-merge numactl"
<gnuoy> rbasak, this is the patch http://paste.ubuntu.com/7814839/ . The update to check_nrpe.c seems fine and useful but I wouldn't like to say about the update to utils.c
<rbasak> gnuoy: so from https://launchpad.net/ubuntu/+source/nagios-nrpe, I'm clicking on 2.15-0ubuntu1
<rbasak> gnuoy: that shows me the changelog associated with that upload, which in this case is the only upload that involves the Ubuntu delta
<gaughen> rbasak, done
<rbasak> gnuoy: ah - so this was previous merge that hasn't changed.
<rbasak> gaughen: now examine REPORT - it says that everything's clean, so it's pretty much done everything for you.
<gnuoy> rbasak, I'm going through the confilicts that merge-o-matic spat out fwiw. the others seem trivial, this one I don't get
<gnuoy> rbasak, so just keep the patch then ?
<rbasak> gaughen: grab-merge has given you four .dsc files. These correspond to BASE, DEBIAN and UBUNTU for the three-way merge - 2.0.9~rc5-1 is BASE, 2.0.9-1 is the new Debian version, 2.0.9~rc5-1ubuntu2 is the old Ubuntu delta, and 2.0.9-1ubuntu1 is the merge-o-matic's proposed new Ubuntu delta. Does that make sense?
<gaughen> yup
<rbasak> gaughen: you can examine deltas with the debdiff command, against two .dsc files. Usually piped into less or something.
<rbasak> gaughen: so your task now is the same - check that the old Ubuntu delta has been applied to the new Debian version sanely
<rbasak> gnuoy: looking
 * beisner is following along in numactl with gaughen
<rbasak> gnuoy: OK, so the changelog is telling me a story.
 * gnuoy grabs some cocoa
<rbasak> gnuoy: it wasn't a previous merge by Stephane, sorry
<rbasak> 2.13-4 was in Debian, and the Stephane introduced 2.15-0ubuntu1
<rbasak> that -0 in -0ubuntu1 is special. It means that he updated to the new upstream release before Debian did.
<rbasak> And that previously, there was no Ubuntu delta, since the entry before that is 2.13-4.
<gnuoy> ok, I follow so far
<rbasak> gnuoy: so Debian has now caught up, and also updated to 2.15 - since the upstream version (the part before the -) is the same.
<rbasak> gnuoy: so it seems likely to me that everything Stephane had to do to update packaging for 2.15, Debian has done now also.
<gnuoy> rbasak, except this one patch
<rbasak> Ah, sorry. You're ahead of me.
<rbasak> gnuoy: so just giving you a commentary as I look
<rbasak> gnuoy: looks like Debian dropped the patch, and Ubuntu still has it.
<gnuoy> rbasak, do you see a smoking gun for debian dropping it ?
<gnuoy> I couldn't see a reference in the changelog
<rbasak> There are a couple of "Remove obsolete patch" entries.
<rbasak> Best to look at Debian VCS to match it up I think.
<rbasak> So packages.qa.debian.org/nagios-nrpe
<gnuoy> rbasak, ok, who gets to decide whether this patch actually is obsolete given it seems to be a technical decision based on the awesomeness (or lack of) of urandom
<rbasak> If the Debian maintainer maintains a VCS for the package and has listed it, it'll appear here.
<rbasak> gnuoy: Debian and Ubuntu fight it out :)
<gnuoy> rbasak, where ubuntu is personified by ...
<kickinz1> rbasak: for keepalived, it seems that there is just an init.d change to keep, as it seems that some of the patches and Build-devs seemed to the same now.
<matsubara> rbasak, so I seem to have built a new package with ./merge-buildpackage after editing the changelog with the dch -a. The only work I actually did was to sort out the conflict in the debian/control. Should this be in the changelog or should I keep the automatic entry added by MOM?
<rbasak> gnuoy: the first thing I want to do is see if I can figure out Debian's rationale, so I want to find their VCS. The changelog suggests there is one since those are git commit ids. But debian/control doesn't list anything.
<kickinz1> I looked at: https://patches.ubuntu.com/k/keepalived/keepalived_1:1.2.7-1ubuntu1.patch, then debdiff against debian and ubuntu packages.
<rbasak> https://packages.qa.debian.org/n/nagios-nrpe.html tells me that it's team maintained though, so I'll look at alioth
<gnuoy> rbasak, tip top, thanks
<rharper> rbasak: hallyn_: it appears to me that all 4 patches are now included in the upstream debian package
<rbasak> Sorry, I'm falling a little behind here.
<kickinz1> rbasak, if that becomes the only difference, do we keep it?
<rbasak> gnuoy: https://alioth.debian.org/projects/pkg-nagios/ seems relevant. It may be in that repository, but the public don't have access. That's probably a bug, and it's also probably a bug that they don't link the VCS from debian/control.
<gnuoy> rbasak, so what should my next steps be ?
<rbasak> gnuoy: I think I'd do two things here. 1) File a Debian bug asking for VCS-* fields in debian/control, since evidently they're using a VCS.
<rbasak> gnuoy: 2) email the team mailing list, explaining that you're not sure why the patch was dropped because it seems sane and relevant to you, and should they reinstate it, and you can't tell for certain because of the lack of a working VCS link
<rbasak> gnuoy: that's what I'd do, I think.
<rbasak> gnuoy: in the meantime, Ubuntu still ships 2.15, so we should be OK. I'd want to flag this in the merge report as not-needed for this particular version, since we seem to be carrying everything that Debian is at least.
<rbasak> I don't have means to flag it like that yet though.
<rbasak> However, it would be good to sync the package if possible, because then it won't be on our plate any more.
<gnuoy> rbasak, if you were to hazard a guess why would you suppose that using urandom was removed ?
<gnuoy> and thank you
<rbasak> https://wiki.ubuntu.com/Debian/Usertagging for filing Debian bugs.
<rbasak> gnuoy: and http://packages.qa.debian.org/nagios-nrpe links to the team mailing list in the maint field.
<rbasak> gnuoy: NFI why using urandom was removed. It doesn't make sense to me.
<rbasak> maybe they figure that they don't need a crypto-safe RNG?
<rbasak> I don't know.
<rbasak> So next, kickinz1 I think. Sorry I'm behind.
<kickinz1> rbasak, np
<rbasak> Looking
<kickinz1> from what I've seen, ther are 2-3 changes:
<kickinz1> init.d runleves 0 and 6 removed, and a postinst script that remove scripts for those level.
<kickinz1> Debuild-deps, that are the same now in debian also
<kickinz1> and a patch to suport libnl >= 2.0
<rbasak> Wow. The init script changes date back to Edge.
<rbasak> Edgy
<rbasak> There's no explanation as to why it's there, but I guess it's OK to keep that.
<lutostag> in the debian changelog are we supposed include rationale for resolution of merge conflicts?
<rbasak> lutostag: I think it's better to be verbose. But I'd only do it if the conflict resolution was non-obvious.
<rbasak> kickinz1: so I ran debdiff keepalived_1.2.7-1.dsc keepalived_1.2.7-1ubuntu1.dsc|less
<rbasak> kickinz1: that should show me the old Ubuntu delta, right?
<kickinz1> you get it directly from https://patches.ubuntu.com/k/keepalived/keepalived_1:1.2.7-1ubuntu1.patch
<rbasak> kickinz1: I see the Build-Depends change mentioned in the changelog as part of the delta that's still being kept. But there is no delta present.
<rbasak> kickinz1: so it's not even that it's been dropped - it was already dropped.
<rbasak> I mean that Debian haven't only just updated it.
<rbasak> The previous person who merged it did not check.
<kickinz1> for me all what is left is the init.d modification, and rming of rcÃ .D and rc6.d Kscripts
<kickinz1> I wonder if it worth the merge at each version just for that?
<kickinz1> I'm looking again at the libnl patch
<rbasak> kickinz1: that's a good question. I don't like to drop a patch without understanding the rationale for it though, and that's not mentioned, and nor is there a bug link.
<rbasak> This is why we should explain non-obvious things in changelogs :)
<rbasak> kickinz1: I'm also confused because it doesn't apply to actually apply the patch. The debian/patches/series file is empty.
<rbasak> doesn't appear to actually apply
<kickinz1> patch was there to build against libnl3, sbuilding it as it doesn't raise any building troubles at first sight
<rbasak> Yes - perhaps not necessary any more
<rbasak> But in that case, the patches themselves in debian/patches should really be removed.
<rbasak> kickinz1: so it looks like you just need the init.d changes, right?
<rbasak> kickinz1: that looks reasonable to me, if it builds against libnl3 OK.
<hallyn_> 15:59 < rbasak> This is why we should explain non-obvious things in changelogs :)
<rbasak> :)
<hallyn_> and since things after looking at it may seem obvious to you but non-obvious to someone else, i like to comment everything
<hallyn_> cause i know i'm bad at guessing what will be obvious even to myself in a month
<rbasak> +1 - if in any doubt, more verbose is better.
<rbasak> I need to run now. I have a train to catch :-/
<kickinz1> rbasak, maybe I'm wrong but init.d patch seems not necessary, isn't it?
<kickinz1> ok, np
<rbasak> kickinz1: I sort of agree, but without knowing the original reason it was put in, I don't feel comfortable dropping it.
<rbasak> kickinz1: I suspect that's what every other previous Ubuntu developer who has merged this package has also felt.
<rbasak> hallyn_: are you around and OK to take over, if others want to carry on? Or zul maybe?
<rharper> rbasak: so, I'm confused;  vgabios-0.7a-5ubuntu1 dir inside vgabios dir after running grab-merge -- does that have patches applied or not?  quilt says no, but I'm not convinced; if I unpack the orig.tgz  file, I don't see those changes applied.
<rbasak> rharper: I think the patches are not applied by grab-merge. The orig.tgz file should also not have patches applied. The patches are shipped as-is in the debian.tgz, and dpkg-source will apply them by default when unpacking.
<rbasak> matsubara: usually you should fix up the changelog, so it describes: that you're merging, what remains in the Ubuntu delta, what you're dropped in the Ubuntu delta, and anything else that you've kept.
<rharper> rbasak: the odd thing is that all of the ubuntu patches in debian/patches/  appear to be present in the _5ubuntu1 dir -- but if I attempt to debuild -S after removing the patches, it says there is a diff between orig and the current tree
<rbasak> matsubara: I don't feel it necessary to explain what conflicts you resolved, provided that logically the changes are still described, and if you've had to change any of the logical changes, that you've explained what and how.
<rbasak> OK, I really have to go now. Sorry!
<rbasak> We can resume next week, or feel free to catch me any other time as well.
<matsubara> rbasak, ok. I'll re-do that but I went ahead anyway and built the package with merge-buildpackage and then tried to pbuild it but got dependency failure
<kickinz1|bbs> thanks rbasak!
<rbasak> I hope the session was useful. I'm sorry we didn't get as far as any uploads!
<kickinz1|bbs> yes
<lutostag> rharper: the debian/patches have been applied to the unpacked dir in your grabmerge dir
<rbasak> Hopefully next time :)
<matsubara> thanks rbasak, have a nice weekend!
<rharper> lutostag: ok, that makes more sense to me
<hallyn_> rbasak: sorry i can't right now, but could in  an  hour
<beisner> thanks rbasak!!
<lutostag> rbasak: thanks~
<hallyn_> zul: ^ can you take over, if ppl want to continue the merging fun?
<rharper> rbasak: thanks!
<rharper> lutostag: I'm still left wondering what next;  if the patches are applied (quilt doesn;'t seem to think so, but it appears that is) -- not sure there is anything to do;
<lutostag> where are you running quilt from, and what cmd -- I havent gotten that far yet
<lutostag> rharper: ^ ?
<rharper> lutostag: grab-merge vgaboils; cd vgabios/vgabios-0.7a-5ubuntu1/ ; fix up debian/control (merge conflict); then quilt push -a ;
<rharper> quilt complains that it can't apply (conflic) and all patches appear to be applied , but quilt pop -a says nothing is applied.
<rharper> that's the confusing part
<rharper> if I don't mess with quilt, debuild -S works just fine
<rharper> if I remove the patches from the debian/patches/ dir (via quilt remove -r)  then I get a deb error about uncommitted changes
<zul> ill be around
 * hallyn_ bbsoon
<lutostag> rharper: it does seem strange
<lutostag> even tho my debian/patches had merge conflicts they somehow got applied anyways which doesnt make sense
<lutostag> and grab-merge doesnt appear to do any quilting of its own
<rharper> lutostag: indeed
<rharper> zul: do yo know anything about grab-merges applying patches ?
<zul> at little
<zul> whats up
<zul> oh wait..grab merge? nyiet
<rharper> hehe
<rharper> zul: if we don't use grab-merge then what would the process be ?
<zul> oh wait...yeah i used grab-merge.sh
<zul> sorry switching context
<zul> so whats the problem
<rharper> grab-merge showed one conflict, just in the debian/control -- I fixed that up
<zul> ok
<rharper> rbasak: mentioned that I should quilt push -a
<rharper> that blows up
<rharper> but I look at it appears that all patches in debian/patches are already applied (but quilt doesn't think so)
<zul> yeah if the source isnt sane it does
<zul> which one is it?
<rharper> vgabois
<rharper> vgabios even
<zul> rharper:  you can try pop -a -f  it then push
<rharper> zul: no dice
<rharper> quilt doesn;t think they're applied
<rharper> but it appears that they are
<rharper> which means something applied them outside of quilt
<rharper> IMO
<zul> rharper:  right
<zul> rharper:  sometimes there is tmpfiles leftover that shows you patches it thinks that been applied
<jonascj> Hi all. What is a good hostname for a server when no FQDN actually resolves to its ip (e.g. if machine is only attached to a local network)?
<jonascj> whatever you would have named it, just without .domain.com?
<sarnold> jonascj: it helps to go with a theme; I picked people from nixon's presidency because I know the names well and each machine then has a personality..
<sarnold> other people like norse gods
<jonascj> sarnold: that was not what I meant :) If I wanted to call it "hms.domain.com" if it was publicly avilable, should I just call it "hms" if it is only attached to a local network?
<sarnold> jonascj: sure
<sarnold> jonascj: some people like to pick a TLD for all their internal machines and then run an authoritative DNS server for that domain internally
<sarnold> jonascj: but with ICANN these days .... whatever you pick is liable to be a new TLD some day. sigh.
<jonascj> sarnold: yeah :/
<sarnold> (.local used to be perfect for that. dunno if I can blame icann for that one or not, but I might as well.)
<jonascj> sarnold: what is the hostname used for anyway? I does not impact dns, it doesn't really matter how your terminal look, etc.
<sarnold> jonascj: so that you can check uname -a   before rebooting the thing :)
<jonascj> sarnold: will it work as net bios name also?
<sarnold> jonascj: that may be a edfault setting of nmbd, but check in on that, it's been a decade since I've used it
<sarnold> just be sure you don't mind the name -- I once named a machine "lilbitch" cause it was an annoyance unlike anything else.. and then when it came time to deploy the thing, we spent forever tracking down every user-visible instance of the name. sigh. :)
<jonascj> yeah, I've never used it for anyting. I remember it was there in the network config of my windows 98 pc 15 years ago when I as a child tried to set up a network (sharing files between two machines - to no avail)
<sarnold> the usual experience :) haha
<jonascj> *net bios that is
<jonascj> Hmm, I am installing ubuntu server 14.04 and it fails with "Unable to install busybox-initramfs". It says I can check /var/log/syslog, but how? By booting some live usb, mounting the current /var partition (disk) and read the file?
<ogra_> jonascj, tty4 should have a shell
<jonascj> ogra_: Do I need internet connection while installing? I have downloaded a ~500MB iso which I've used to make a bootable usb...
<jonascj> and yes, there was a shell.
<jonascj> I see two errors: "Unexpected error: command not executed 'sh -c debconf-apt-progress --no-progress --logstderr --    apt-get -q -y --no-remove install mdadm"
<jonascj> and "Unexpected error; command not executed 'sh [the same as above] install busybox-initramfs'"
<jonascj> hmm, the downloaded iso matches the md5 published
<jonascj> but the usb key "check disk for defects" fails
<TJ-> jonascj: Does the md5sum of the USB key match too?
<rbasak> rharper: could it be that the patch has been taken upstream, so the patch is no longer needed?
<rbasak> rharper: then quilt won't know about it, will fail to apply the patch, and if you examine the upstream code you'll see that it's there.
<rbasak> rharper: if this is the case it should be in the upstream orig tarball, also (already applied)
<jonascj> TJ-: I am recreating the usb with usb-creator-gtk, when it is done I will md5 it. I am not sure it should match though...
<rbasak> (I'm on the train - will not have great connectivity)
<jonascj> couldn't the folder structure be different between iso and usb?
<TJ-> jonascj: I'm not sure either... I usually use "dd" so its a block-correct clone
<jonascj> dd it to the usb?
<jonascj> TJ-: ^
<sarnold> jonascj: yeah, dd has been far more reliable for me than usb-creator-gtk
<TJ-> jonascj: I usually just do "dd if=ubuntu.iso of=/dev/sdX" where sdX is a USB key
<sarnold> you don't get the persistent data partition thingy but if you don't care dd is just way easier
<jonascj> I'll try that instead. I didn't knew that would work
<jonascj> any good blocksizes or is the default fine?
<jonascj> after dd'ing the usb passes the check
<jonascj> How safe is to to choose "instal security updates automatically"?
<jonascj> will it be done without restarting the machine, or will it involve restarts?
<jonascj> Never mind
<patdk-wk> as safe as you doing it yourself :)
<jonascj> althought I might review them first if I do it manually, but yeah, what do I nkow about what's safe to do and not
<stiv2k> is 12.10 EOL now?
<patdk-wk> for the last several years, yes
<stiv2k> so, i cant install any new software?
<patdk-wk> nope
<stiv2k> i was getting updates still until a couple months ago
<patdk-wk> this is why lts was created
<patdk-wk> hmm?
<patdk-wk> 18months max
<stiv2k> yes
<stiv2k> hm
<patdk-wk> 12.10+18=?
<jonascj> When the installer comes to install GRUB, where will it install it if I have /dev/md0 (consisting of /dev/sda and /dev/sdb) and /dev/md1 (consisiting of /dev/sdc and /dev/sdd). /dev/md0 and /dev/md1 make up an LVM Volume Group...
<patdk-wk> 13.04?
<stiv2k> i can't math right now
<patdk-wk> 14.04
<stiv2k> ah
<stiv2k> that makes sense
<patdk-wk> oh, so likely died a few months ago
<stiv2k> shit
<stiv2k> so i need to upgrade
<stiv2k> i dont like upgrading
<stiv2k> things always break
<jonascj> I chose "No" and it now gives me the option to specify a device myself. If I do "/dev/md0" will it in effect be installed to both /dev/sda and /dev/sdb (which make up /dev/md0)?
<jonascj> specifying /dev/md0 failed :)
<jonascj> but then again, I do not know if the mbr is mirrored by the md-raid, so maybe that is why it does not make sense
<jonascj> hmm, "pvdisplay" sayd they are named /dev/md126 and /dev/md127
<RoyK> jonascj: pastebin /proc/mdstat
<jonascj> RoyK: I'll have to type it here since it is during the installation procedure and I cannot easily get it to pastebin
<jonascj> RoyK: md126: Active raid1 sdb1[1] sda1[0]
<jonascj> RoyK: md127: active raid1 sdc1[0] sdd1[1]
<plm> Hi all
<plm> I broken my system and cant to recovery. Errors were encountered while processing: /var/cache/apt/archives/libc6-dev-i386_2.17-93ubuntu4_amd64.deb
<plm> E: Sub-process /usr/bin/dpkg returned an error code (1)
<plm> I trying to install libc6-dev-i386 : The following NEW packages will be installed: libc6-dev-i386 libc6-dev-x32
<plm> but I cant to remove
<plm> oot@pi:~# dpkg -r libc6-dev-i386
<plm> dpkg: warning: ignoring request to remove libc6-dev-i386 which isn't installed
<plm> any idea?
<RoyK> try apt-cache clean
<plm> RoyK: root@pi:~# apt-cache clean
<plm> E: Invalid operation clean
<RoyK> plm: apt-get clean, even
<plm> RoyK: I removed manually all other packages and works
<plm> RoyK: thanks :)
<wolter> I want to install a printer driver which for some odd reason depends on zenity, however I don't want zenity, how can I proceed installing it without corrupting my apt? (without the need to execute apt-get install -f)
<liox_> hi
<liox_> I upgrade my php to 5.5 was 5.3 and he also upgraded the apache 2.2. to 2.4 and it broke my web server all vhosts are with Forbidden anyone have any suggestions to help me?
<liox_> my server fps linode with ubuntu server 12.04 and ISPConfig 3
<liox_> plis help me?
<rbasak> liox_: documentation at: https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes#Apache_2.4
<rbasak> Follow the two links
<sarnold> liox_: apache 2.4 authentication and authorization is very different from 2.2 -- this is a helpful howto that helped me http://httpd.apache.org/docs/current/howto/access.html
<liox_> would make a downgrade to apache 2.2 however I can not have some clients that server and this is causing inconvenience for me if someone can help me I would be grateful
<Ro__> I did install Xen to ubuntu 14.04 LTS, I did setup XEN-API. But I have problems connecting to machine with Citrix XenCenter Software. Any ides how to fix this?
<hallyn_> jinkeys - virt-manager in utopic is defaulting to spice graphics
<sarnold> surprising
<Ro__> xend-config file http://pastie.org/private/q5twbr4bthdjm95qopuaoq
<Ro__> Did anyone manage to make Citrix XenCenter connect to Ubuntu Server with Xen
<Ro__> ?
<sarnold> Ro__: do you have any errors in dmesg or system logs when you try to connect?
<Ro__> sarnold, dmesg is not populated with xen errors
<sarnold> Ro__: any firewall rejects?
<Ro__> ubuntu firewall disabled
<Ro__> connection with root is enabled
<Ro__> terminal & ssh
<Ro__> Could it be that my xend-config is misconfiged?
<Ro__> sarnold, is it possible that xen-api is not working on ubuntu at all?
<sarnold> Ro__: sorry, no idea there. the best I can do with xen is offer generic debugging tips
<Ro__> f***ing xen on ubuntu, trying to make it work 3rd day :/
<Ro__> By the way, thanks :)
<sarnold> :)
<Ro__> P.S. any ideas where could I ask more?
<sarnold> Ro__: no, best bet might be to ask again in a few hours or in european timezones..
<Ro__> I am from europe, programmers/sysadmins shouldn't sleep at midnight :D
<sarnold> haha ;)
<liox_> can someone help me to downgrade my apache 2.4 to 2.2?
<Ro__> liox_, should be similar http://www.howtogeek.com/117929/
<Ro__> http://askubuntu.com/questions/138284/how-to-downgrade-a-package-via-apt-get
<liox_> Ro__: I tried to do so however it seems that this trailer php 5.5 apache 2.4 forcing it what can I do in this case?
<Ro__> one more thing, why do you want to downgrade?
<Ro__> i think you need to downgrade php too
<Ro__> i doubt you need php5.5
<liox_> Ro__: because I updated php 5.3 to 5.5 and it also upgraded the apache to 2.4 and broke my vhosts and am not able to deal with unfortunately
<Ro__> oh
<jdmf> I have several things on my wish list here - I'm currently setting-up PXE Boot for installing Ubuntu, Debian and others. I need some inspiration here, as I got it working with 1x distribution at the time, but I need to get it to work with multiple images, and with ease. I'm also working/looking for an Ubuntu 14.04 Rescue image, that I can boot from via PXE/Netboot. Or something similar. So, how do I create a small Ubuntu Image that I can boot into
<jdmf>  also? I need some good pointers.
<bekks> !apache2
<bekks> hmm.
<Ro__> liox_, do you have many vhosts?
<liox_> Ro__: yes approximately about 15 vhosts
<liox_> =(
<Ro__> thats not many :D
<Ro__> Ok, one more thing, do you know that php 5.5 might break your php5.3 code?
<bekks> liox_: https://library.linode.com/web-servers/apache/2.2-2.4-upgrade
<liox_> Ro__: the greatest fear and lose the emails the email service is still active do not know how to backup a use postfix with roundcube
<Ro__> liox_, so do downgrade of php and apache
<Ro__> it should work again
<liox_> My vps is based on this configuration
<liox_> http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-apache2-bind-dovecot-ispconfig-3
<liox_> Ro__: I'll try to downgrade can help me?
<liox_> My customers are mad at me = /
<liox_> i run apt-cache showpkg php5
<liox_> ok
<liox_> list :
<liox_> Provides:
<liox_> 5.5.15~rc1+dfsg-1+deb.sury.org~precise+1 -
<liox_> 5.3.10-1ubuntu3.13 -
<liox_> 5.3.10-1ubuntu3 -
<liox_> Reverse Provides:
<Ro__> liox_, use pastebin
<liox_> ok
<sarnold> jdmf: you might try this: https://help.ubuntu.com/community/Installation/MinimalCD
<liox_> Ro__: http://pastebin.com/5pgK0qdK
<liox_> Ro__: With this information I can get back to php 5.3? reverse providers came up empty
<liox_> Ro__: if not I need at least PHP 5.4 and Apache 2.2 on that server to return my web server again
<Ro__> liox_, reverse to php5.3 and reverse to apache2.2 it should work
<Ro__> liox_,  use versions from showpkg
<liox_> Ro__: apache showpkg
<liox_> http://pastebin.com/CDW29ctd
<liox_> Ro__: php not list reverse package =(
<Ro__> liox_ you need to do both reverses
<Ro__> same time
<Ro__> just install downgraded apache2.2 and php5.3
<liox_> Ro__: apache reverse command:
<liox_> apt-get install apache2.2-bin=2.2.22-1ubuntu1.6 apache2.2-common=2.2.22-1ubuntu1.6 apache2-mpm-prefork=2.2.22-1ubuntu1.6
<liox_> Ro__: yes ?
<jdmf> sarnold: Thanks, looking into this also.
<Ro__> yea
<Ro__> liox_, bw, how did you upgrade php? you added new repos? Or you did update the ubuntu to new major version?
<jdmf> If anyone have other good sources of inspiration, please share. :) Currently my biggest problem is having a fully working Ubuntu to be loaded/started from boot that can be my rescue system. I want to be able to install packages and customise this Ubuntu before creating a bootable package. How do I go about this, and where do I search?
<Ro__> https://help.ubuntu.com/community/LiveCDCustomizationFromScratch
<liox_> Ro__: to run this command and do this mensgem downgrate appeared at the end of the process:
<liox_> Setting up apache2-mpm-prefork (2.2.22-1ubuntu1.6) ...
<liox_> In apache MPM package installed
<Ro__> liox_, so now you should have apache 22
<Ro__> liox_, so now you should have apache22
<Ro__> jdmf, http://www.linuxfromscratch.org/ :D
<liox_> Ro__:  i added new repos for upgrade php5.5
<Ro__> what kind of repos?
<sarnold> Ro__: haha that's probably too customizable :)
<liox_> Ro__: this repo
<liox_> sudo add-apt-repository ppa:ondrej/php5
<liox_> Ro__: when trying to run apache with that this message now:
<liox_> service apache2 start
<liox_> In apache MPM package installed
<liox_> No apache MPM package installed
<Ro__> try "ppa-purge -i ppa:ondrej/php5"
<Ro__> liox_, does it work
<bitfury> Hi, anyone know how I can set the outgoing email address in /etc/email-addresses for all users?
<bitfury> instead of specifying it for each ?
<liox_> Ro__: one minute Updating packages lists
<Ro__> good
<liox_> Ro__: this mensage
<liox_> Ro__: http://pastebin.com/2MMEQ1gp
<liox_> Ro__: Now what do I select?
<Ro__> liox_, did you add more repos?
<liox_> no
<liox_> yes or not or quit?
<Ro__> press yes
<liox_> ok
<Ro__> after it remove php-pear
<Ro__> and remove libssl-dev
<liox_> Ro__: other message
<Ro__> now remove ppa:ondrej/php5 repo and install apache2 and php
<liox_> Ro__: http://pastebin.com/Tn1Eh6FL
<Ro__> press yes
<Ro__> after thins you should have apache22 and php5.3 once again
<Ro__> *this
<liox_> Ro__: opened a window with information reguintes
<liox_> opened a window with information
<Ro__> and...?
<liox_> Ro__: open a windows with
<liox_> http://pastebin.com/zadbepg9
<Ro__> make a copy of php.ini
<liox_> ok
<Ro__> and then apply for maintainers versioon
<liox_> Ro__: There is a copy of php.ini in each folder inside / etc/php5
<liox_> apache2  cgi  cli  conf.d  fpm  mods-available
<Ro__> fpm
<Ro__> one
<liox_> Ro__: php.ini
<liox_> http://pastebin.com/St255Sxq
<Ro__> did you apply maintainers version?
<liox_> Ro__: not understood
<liox_> Ro__: I would like to keep the configuration files en sobrescre them
<Ro__> ok, try keeping it
<liox_> Ro__: php -v
<ruben23> hi there guys any ide aon this error ----> -bash: ./changepass.pl: /usr/bin/perl^M: bad interpreter: No such file or directory
<liox_> Ro__: PHP 5.3.10-1ubuntu3 with Suhosin-Patch (cli)
<sarnold> ruben23: what does 'file ./changepass.pl' report?
<liox_> Ro__: apache not work service apache2 start
<liox_> No apache MPM package installed
<liox_> Ro__: still keeps giving this message when trying to start apache
<liox_> Ro__:
<liox_> what can be?
<Ro__> apt-get install apache2-mpm-prefork
<liox_> ok
<Ro__> if you have more problems with MPM, see http://ubuntuforums.org/showthread.php?t=2114724
<liox_> Ro__: one error
<liox_> http://pastebin.com/eeDtNixj
<Ro__> liox_: it seems that the problems you have is apache 2.4 configs. just backup yout vhosts configs, and reinstall apache2
<liox_> Ro__: to back up the vhosts and just copy the files?
<Ro__> config files
<Ro__> yes
<liox_> Ro__: you better make a copy of everything in / etc/apache2?
<Ro__> acceptable to
<hambonep4u> hello guys.  qq, anyone know of a pastebin server package for ubuntu?  I want to host a pastebin internally on my network
<liox_> Ro__: and I use ISPConfig panel reinstall apache can not not break something?
<Ro__> liox_ you shouldn't break anything
<sarnold> hambonep4u: there's a pnopaste package -- I've never tried it though
<liox_> Ro__: I have another server with the same configuration that if I take the apache.conf file and it will be subistituir it solves?
<hambonep4u> sarnold: yeah i saw that one in the repoâs. i did some reading on it and it didnt look like it will suite my needs
<Ro__> liox_,, yes, but it might need reinstall of apache either way
<Ro__> liox_,, yes, but you might need reinstall the apache either way
<liox_> Ro__: I have certificate in a field that can give him problem? I saved the directory / etc/apache2 can follow the complete reinstallation?
<Ro__> yes do the reinstall
<liox_> Ro__: how do I reinstall it now which command?
<liox_> Ro__: apt-get install apache2-mpm-prefork ?
<Ro__> do the uninstall of apache
<Ro__> then remove apache.conf
<Ro__> make apache2 install again
<liox_> Ro__: unistal purge ou remove?
<Ro__> try this: apt-get --reinstall install <package>
<Ro__> if not: "apt-get --purge remove <package>" then "apt-get install <package>"
<liox_> package is apache2 only or apache2-mpm-prefork
<liox_> ?
<Ro__> both
<liox_> Ro__: Package apache2 is not installed, so not removed
<Ro__> what do you mean?
<hallyn_> jdstrand: hm, how do i run virt-aa-helper by hand again (for testing purposes)?
<liox_> Ro__: apache unable resintalar he kept the vhosts directory of the problem and now all access to a vhost he ta pointing to default-ssl
<liox_> Ro__: consegui reinstalar o apache ele manteve o diretorio dos vhosts o problema e que agora todo acesso a um vhost ele ta apontando para default-ssl
<liox_> Ro__: ops
<Ro__> huh?
<liox_> Ro__: unable to reinstall apache he kept the vhosts directory of the problem and now all access to a vhost he ta pointing to default-ssl
<Ro__> so you can not remove apache?
<liox_> Ro__: yes i removed apache2
<liox_> http://mercattomarmores.com.br/ see
<Ro__> but hosts are no more?
<liox_> this is a default in sites-avaliable is not a ghost domain
<Ro__> ok, now copy the vhosts files back
<Ro__> p.s. php is working?
<Ro__> can you check with phpinfo?
<liox_> it seems that this all pointing to default vhosts I try to access
<Ro__> check do you have this line in apache config or vhosts file "NameVirtualHost *:80"
<liox_> Ro__: Uninstalling apache not removed the sites-avaliable folder and reinstalled when he rode back to sites-enabled
<Ro__> add this line to apache config "NameVirtualHost *:80"
<hallyn_> oh, hm, that seems buggy - i have to use "libvirt-$uuid", not $uuid
<Ro__> liox_,, I am really sorry, but I have to go now..
<liox_> Ro__: <VirtualHost *:80>
<liox_> yes
<Ro__> before <VirtualHost *:80> add  "NameVirtualHost *:80"
<Ro__> ok, see you
#ubuntu-server 2014-07-19
<bosnianboy> hi all
<bosnianboy> got maybe a stupid question
<sarnold> oh good, it's late friday evening here, stupid answers is all I've got :D
<bosnianboy> :D
<bosnianboy> http://pastebin.com/kwBkm6M9
<bosnianboy> tried using ubuntu-vm-builder
<bosnianboy> with these parameters
<bosnianboy> and it gives me back these errors
<bosnianboy> Preparing to unpack .../linux-image-virtual_3.13.0.32.38_amd64.deb ...
<bosnianboy> Unpacking linux-image-virtual (3.13.0.32.38) ...
<bosnianboy> , stderr: grep: /proc/cpuinfo: No such file or directory
<bosnianboy> This kernel does not support a non-PAE CPU.
<bosnianboy> dpkg: error processing archive /var/cache/apt/archives/linux-image-3.13.0-32-generic_3.13.0-32.57_amd64.deb (--unpack):
<bosnianboy> ubuntu 14.04 server
<bosnianboy> tried kvm/qemy already
<TJ-> bosnianboy: "uname -a" on the host?
<bosnianboy> Linux ankebut 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
<bosnianboy> and cpu supports pae
<bosnianboy> TJ-, am I missing something ? :)
<sarnold> bosnianboy: what does grep -i pae /proc/cpuinfo   show?
<bosnianboy> for each core it shows flag line
<sarnold> oh crazy, it says /proc/cpuinfo isn't found o_O are there any earlier errors?
<sarnold> bosnianboy: ok, good good
<bosnianboy> just a sec
<bosnianboy> I'll give it a fresh run
<bosnianboy> and pastebin the entire output
<bosnianboy> maybe I missed something
<TJ-> bosnianboy: bug #1037607
<uvirtbot> Launchpad bug 1037607 in vm-builder "vmbuilder completely fails on Quantal due to kernel pae detection failure" [High,Triaged] https://launchpad.net/bugs/1037607
<sarnold> wow
<sarnold> I was ust reading the vmbuilder manpage, looks ancient and creaky
<bosnianboy> I think it could be unrelated
<bosnianboy> because I'm trying to install latest
<bosnianboy> trusty
<bosnianboy> are there any suggestions (tuts) for painless virtualization ?
<sarnold> bosnianboy: the server team has a new hotness, uvtool, for installing VMs easily: https://help.ubuntu.com/lts/serverguide/cloud-images-and-uvtool.html  -- could be they decided fixing up vmbuilder wasn't worth the hassle. pity it's still shipped.
<bosnianboy> sarnold, I'll give it a try
<bosnianboy> uvt-kvm: error: libvirt: Network not found: no network with matching name 'default'
<bosnianboy> how do I tell it to use different network name ?
<sarnold> bosnianboy: the security team has a similar yet very different 'uvt' tool; I use uvt all the time but it really is aimed at the security team's needs: https://wiki.ubuntu.com/SecurityTeam/TestingEnvironment
<bosnianboy> " uvt-kvm create test" was the command
<sarnold> bosnianboy: (probably the effort involved in even getting uvt installed isn't worht the hassle if uvtool can work for you..)
<TJ-> bosnianboy: That bug still affects Trusty. It also contains a workaround
<sarnold> TJ-: oh! nice.
<bosnianboy> needed the xml
<bosnianboy> managed to create with uvt
<sarnold> hrm, just how much is this uvt-simplestreams-libvirt sync command downloading? :)
<bosnianboy> ages
<bosnianboy> :D
<sarnold> hehe, I'm starting to think I should have specified only one release hehe
<bosnianboy> but... here we go again :D
<bosnianboy> uvt-kvm wait test-trusty --insecure
<bosnianboy> IOError: [Errno 2] No such file or directory: u'/var/lib/libvirt/dnsmasq/default.leases'
 * sarnold sobs
<sarnold> dnsmasq
<TJ-> does the file/directory exist?
<TJ-> libvirt is responsible for starting and configuring that private instance of dnsmasq
<bosnianboy> nope, TJ-, the file does not exist
<bosnianboy> a bit unrelated question
<bosnianboy> how could I increase cinder volume max size (80GB) for openstack
<circ-user-5wiJL> #leave
<lordievader> Good morning.
<blaaa> I have created a ipsec.conf for strongswan 5.1.2: http://sprunge.us/VYMg
<blaaa> I can connect to the service, but eventually there is a timeout
<blaaa> on the server, the following is logged: http://sprunge.us/SLFC
<blaaa> What can cause the (repetition of) request with ID 1 to retransmitted
<blaaa> ?
<Repox> Hi. I've just been the victim of a security exploit which means that my server has been used for a DDoS attack. The problem was that an application (ElasticSearch) was reachable on port 9200 and allowed for arbitrary executing on my server. I was tipped on the possible cause and it seems like it was spot on. But how can I "discover" this? Or better yet, monitor it?
<Patrickdk> you don't?
<Patrickdk> normal server monitoring will detect this
<Patrickdk> bandwidth usage sudden increases
<Patrickdk> firewall block attempts sudden increases
<Patrickdk> programs running on the server that shouldn't be
<PryMar56> its a java app
<Patrickdk> doesn't matter what it is
<Repox> Patrickdk, well, I wasn't warned about it, because I have no monitoring. I'm new at maintaining this myself. I've added the appropriate firewall rules, but haven't got an idea as to how to 'discover' this in time.
<Patrickdk> not sure why you should be warned about it, if you didn't setup anything to warn you
<Repox> Patrickdk, that's kind of my real question. What should I setup to get some monitoring and some heads-up when something is wrong?
<Roguehorse> Repox: Some info in here might help you, sorry to hear about your dilemma : (   http://askubuntu.com/questions/9107/what-tools-do-you-use-to-monitor-a-web-server
<Patrickdk> nagios won't really help
<Patrickdk> munin can, need to setup lots of alerts
<Patrickdk> and probably some extra plugin detections
<Patrickdk> same deal with cacti
<Patrickdk> nothing else useful there
<Patrickdk> tripwire could be handy, depending
<RoyK> I vouch for munin as well, or graphite
<RoyK> munin has a ton of plugins and new ones can be written easily
<RoyK> graphite scales better, or so they say, but uninett.no has deployed graphite lately and it shows it doesn't scale too well either
<RoyK> we monitor 100ish servers with munin, and it works with good storage
<RoyK> Roguehorse: how many servers?
<Patrickdk> royk, using rrdcache? that helped a crapload
<Patrickdk> no more need for me to use a ramdisk
<RoyK> Patrickdk: works well now, even without a ramdrive or rrdcache
<RoyK> Patrickdk: graphite installation is administrered by uninett.no, not me, and they chose to setup a separate box with SSDs for the graphite stuff
<Patrickdk> :)
<Patrickdk> mine isn't ssd yet, should be soon
<Patrickdk> but rrdcache works well
<liox_> hi
<liox_> after a downgrade of apache and php vps broke my access to webmail
<liox_> see
<liox_> agenciazig.com.br/webmail
<liox_> instead of accessing the roundcube webmail he's trying to download a file
<liox_> my vps is ubuntu 12.04 with ISPConfig panel
<liox_> got back all my vhosts after the downgrade minus the roundcube webmail
<liox_> dominio.com when access / webmail it tries to download a configuration file roundcube
<Roguehorse> RoyK: I'm just managing mine and a couple others remotely (mostly content management)
<liox_> Please could someone help me?
<RoyK> Roguehorse: then munin should do that well
<RoyK> Roguehorse: munin works well in small environments, something like <100 servers
<linuxthefish> 01545fa976c8367b4f0d59169ac4866c  ubuntu-14.04-server-amd64.iso
<linuxthefish> is this valid?
<linuxthefish> md5sum
<linuxthefish> i write the iso to usb using dd and it won't boot!
<Roguehorse> RoyK: What about >100?
<RoyK> Roguehorse: given good I/O on the storage, it should scale well
<RoyK> Roguehorse: how many servers?
<RoyK> Roguehorse: try muinn@oftc.net
<Roguehorse> RoyK: LOL! Reading the web page at the top reminded me of Rick Moen http://linuxmafia.com/ .... ah, and it's written in Perl :)
<liox_> plis helpme
<liox_> roundcube broken access
<liox_> see
<liox_> agenciazig.com.br/webmail
<Roguehorse> RoyK: Funny how all things end up linked together
<Roguehorse> Well, gotta run ... have homework to get through and chatting isn't going to solve that for me :)
<Roguehorse> RoyK: Guess I forgot to specify the page huh? http://munin-monitoring.org/
<linuxthefish> is there a DVD release?
<liox_> My alias / webmail is not interpreting php it tries to download the indx.php what can be? can someone help me?
<liox_> ops index.php
<MavKen> I have a lot of subdomains on my server... is it ok to just have a wldcard * a record or keep adding a new a record for each one?
<liox_> plis help me
<liox_> after a downgrade in my apache vps access to webmail was broken instead of opening the page it tries to download the php file the rest of the virtual host are working normally
#ubuntu-server 2014-07-20
<liox_> plis help me?
<Pupeno> How do I upgrade an Ubuntu 12.04 to 14.04? do-release-upgrade -d worked on other servers.
<Pupeno> I just upgraded an Ubuntu 12.04 to 14.04 and a new version of postgres was installed and the old one removed, but the cluster not upgraded. Any ideas how to proceed now?
<liox_> hi
<liox_> my /webmail broken aft downgrade apache 2.4 for 2.2
<liox_> see problem
<liox_> http://agenciazig.com.br/webmail/
<liox_> I think it is something related to. htaccess some webmail module that is calling it is not installed
<liox_> Please could someone help me?
<vonsyd0w> check your apache logs first
<liox_> vonsyd0w: ok
<liox_> vonsyd0w: not error apache log
<tarvid> Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20090626/json.so' - /usr/lib/php5/20090626/json.so: cannot open shared object file: No such file or directory in Unknown on line 0
<tarvid> is there a fix?
<liox_> how could I make a backup of mailboxes to migrate to another server?
<liox_> my server use postfix+dovecote+imap
<liox_> my log /var/logs/suphp
<liox_> [Sat Jul 19 23:25:41 2014] [warn] File "/var/www/webmail/index.php" is not in document root of Vhost "/var/www/agenciazig.com.br/web"
<liox_> how could I solve this problem?
<tarvid> presume you are running apache. Then stanza in /etc/apache2/sites-availble contains the DocumentRoot
<tortib> Hello everyone.
<tortib> Can someone help me with an issue I'm having with my Squirrel Mail installation?  I followed https://help.ubuntu.com/community/Squirrelmail and set it up properly (to my limited knowledge).  And when I go to the vhost there is an index being displayed instead of the squirrelmail page.  The index shows no files though...
<tortib> The dir it's pointing to is /usr/share/squirrelmail permissions are set to 755
<tarvid> What is the DocumentRoot in /etc/apache2/sites-available?
<liox_> tortib: see problem: http://agenciazig.com.br/webmail/
<tarvid> If the virtual does npot have its own stanza, the root is in default
<tarvid> so what is the DocumentRoot in default
<tarvid> Mine is DocumentRoot /var/www/
<tarvid> webmail should live under that directory
<tortib> I have the directory set to /usr/share/squirrelmail though
<tortib> <Directory /usr/share/squirrelmail>
<tortib> and Options FollowSymLinks
<liox_> tortib: you see problem error 500? ERROR 500 - Internal Server Error!
<tortib> no indexing
<liox_> plis helpme
<tortib> liox_, I don't know what the problem is.  I'm sorry :(
<tarvid> What does that Alias line look like
<tortib> mail.domain.com
<tortib> oh you mean for a dir alias?
<tortib> I don't have one
<tarvid> Look at the Alias for /doc
<tortib> I don't have that
<tarvid> in /etc/apache2/sites-available/default
<tortib> :x
<tarvid> All the magic happens there. If it isn't there it doesn't happen
<tortib> 000-default?
<tortib> or are you talking about the squirrelmail one?
<tarvid> 000-default is created in sites-enabled from default in sites-available
<tarvid> There is no "squirrel mail" one
<tarvid> Either chain off the DocumentRoot or add an Alias
<tortib> i added one!
<tortib> I said I followed the guide
<tortib> don't you read?!
<tortib> https://help.ubuntu.com/community/Squirrelmail
<tortib> lrwxrwxrwx 1 root root   41 Jul 19 22:23 squirrelmail -> /etc/apache2/sites-available/squirrelmail
<tarvid> I am not going to read the guide, I have been doint Apache for 20 years and virtual host magic happens in sites-available
<tortib> I see the problem I think
<tarvid> the guide has you copy a file to sites-available
<tarvid> then the url is http://localhost/squirrelmail
<tarvid> it says copy not link then run a2ensite squirrelmail then service apache2 restart (or reload)
<tarvid> try it
<liox_> my log is
<liox_>  SoftException in Application.cpp:221: File "/var/www/webmail/index.php" is not in document root of Vhost
<liox_> How I fix it so that this file into / var / www / webmail / index.php
<tarvid> again - it says copy not link then run a2ensite squirrelmail then service apache2 restart (or reload)
<tortib> tarvid, read it again.
<tarvid> I have
<tarvid> Just try it it should take 30 seconds
<tortib> I got it working with a2ensite
<tarvid> excellent
<tarvid> ISPConfig looks neat but I have no idea what user space regime it follows
<tarvid> I have reservations about having users ftp into /var/www
<FFForever2> Does this look right? (network configuration of a KVM instance) http://i.imgur.com/VchnB8p.png for some reason the routes are not being added
<tarvid> 14.04?
<FFForever2> Yeah
<FFForever2> And yes, the gateway is suppose to be outside of the range of the ip.
<tarvid> potfull of problems with 3.13.0
<TJ-> FFForever2: "ip route add" not "ip addr add"
<FFForever2> TJ-, (whoops!) I changed it to ip route add/del. There is still nothing in my routes. On a side note how can I bring up/down eth0? service networking restart no longer appears to work, and ifdown/up says that the device is not configured.
<TJ-> FFForever2: you've got more typos
<liox_> ls
<TJ-> FFForever2: "dns-servers" should be "dns-nameservers" (see "man 8 resolvconf")
<liox_> I can make a backup of my mailboxes from my vps to take another vps? knows a way to do this?
<TJ-> FFForever2: also, the "post-down" rules should be "pre-down" and in the opposite order to the "post-up" rules
<TJ-> FFForever2: and finally...
<TJ-> FFForever2: /32 subnets should not have a broadcast address
<FFForever2> TJ-, I'm going off of the OVH documentation
<FFForever2> I'm guessing it needs the broadcast for how their system works?
<TJ-> FFForever2: that is scary!
<FFForever2> Indeed their documentation is scary.. http://help.ovh.co.uk/BridgeClient
<TJ-> FFForever2: no... you can't broadcast to yourself!
<FFForever2> Ah.. okay.
<FFForever2> TJ-, How's http://i.imgur.com/9EN5sfz.png?
<TJ-> FFForever2: no, still not there yet...  the "post-up ip route add ..." rules shouldn't have a subnet specifier, should be just "192.99.36.254"
<TJ-> FFForever2: and the same for the "pre-down" rules
<FFForever2> okay, removed.
<TJ-> FFForever2: that *should* be correct now
<FFForever2> how can I restart networking without rebooting? ifdown eth0 says ifdown: interface eth0 not configured
<TJ-> FFForever2: what does "sudo ifup eth0" say? the same?
<FFForever2> RTNETLINK answers: File exists\r\n Failed to bring up eth0.
<TJ-> FFForever2: does "ip route ls" show existing routes that need removing?
<FFForever2> No.
<TJ-> FFForever2: what does "ip addr show dev eth0" report?
<FFForever2> TJ-, http://i.imgur.com/dkt89V2.png
<TJ-> FFForever2: try "sudo ip addr del 192.99.214.38/32 dev eth0" then "sudo ip link set down dev eth0"
<FFForever2> TJ-, That took eth0 down, and now it says RTNETLINK answers: Network is unreachable\r\n failed to bring up eth0. There's nothing in `route -n`
<FFForever2> My previous solution was to use a startup script, disable the 60s delay when booting to manually inject the routes, but that seems like a bad solution to a configuration issue.
<TJ-> FFForever2: "network unreachable" is because you've set a gateway outside the subnet of the interface
<TJ-> FFForever2: the host has a bridged interface for the guests to attach to?
<rahuldroy> hey guys, can someone help me debug a segment fault in apache
<FFForever2> TJ-, It does not.
<FFForever2> At least one that's not accessible from the guest. If I manually add the route it'll go through the bridge and work
<rahuldroy> I have a gdb backtrace but have no idea how to read it properly
<TJ-> FFForever2: the gateway address is the IP assigned to the host bridge?
<FFForever2> Yeah.
<TJ-> FFForever2: remove the "gateway" line... let the post-up rule do that work
<FFForever2> TJ-, When running the first post-up rule I get the error either "to" is duplicate, or "gw" is a garbage.
<TJ-> FFForever2: ahhh... that'll be because "ip route" takes different syntax to "route"
<TJ-> FFForever2: can you show me what is there now?
<TJ-> FFForever2: "post-up ip route add default via 192.99.36.254 dev eth0" (and correct the post-down rule too)
<TJ-> FFForever2: "via" rather than "gw"
<FFForever2> TJ-, Sweet! Networking works flawlessly now :). Thanks a lot for your assistence getting this working.
<TJ-> FFForever2:  you're welcome :)
<brrr> Is it possible to configure a local BIND DNS for multiple virtual hosts on the same machine?
<rahuldroy> does anyone know where I can find an ETA for PHP5 upgrade for ubuntu 14.04?
<blaaa> I am contemplating running drupal on ubuntu- server, but I wonder if it's advisable to use the available package to do that, how are security updates handled? https://www.drupal.org/SA-CORE-2014-003 does not seem to have been fixed in ubuntu's package yet.
<TJ-> blaaa: probably because Drupal haven't got a CVE id yet
<blaaa> so maybe I should just roll my own package or set up a drupal environment 'in webspace' myself then
<blaaa> looks like there is a fixed debian package available already
<blaaa> and also for utopic
<andol> blaaa: Ubuntu keeps Drupal (as well as any other "web applications") in the Universe repository, and hence there is no promises on security upgrades, but more of a community best offert, which varies heavily from package to package.
<andol> blaaa: The generic suggestion here is to take a look at how well that package has been maintained/upgraded in the past.
 * andol tends to prefer a separate source install for stuff like Drupal, Wordpress, etc.
<andol> rahuldroy: What PHP5 upgrade are you referring to?
<andol> brrr: What do you mean with virtual hosts in a BIND/DNS context?
<brrr> andol, I would like to resolve local domains to different virtual hosts on an apache web server through a DNS on that same machine
<brrr> I don't know if that makes any sense
<blaaa> andol: probably it's best to use a source install for that stuff then
<andol> brrr: Could you exemplify?
<rahuldroy> andol: I have just upgraded to php 5.5.15. The default in 14.04 is 5.5.9
<rahuldroy> There seems to be a bug with fileinfo extension
<brrr> I want to use test1.local and test2.local as domains through apache virtual hosts on a machine with IP 192.168.1.100
<brrr> I would like to use that same machine as a DNS to resolve those domains on my local network
<rahuldroy> brrr: http://pastie.org/9406645
<rahuldroy> brrr: I use virtual hosts all the time on my machine for development purposes
<brrr> I've got it working for one domain, but I'm not sure how to expand it to multiple domains
<andol> brrr: Any point in setting up a BIND for that, instead of just sticking those hostnames in /etc/hosts? Alt if you want something a bit more centralized use something like dnsmasq as your local DNS resolver, and have it do override for those hostnames.
<andol> brrr: DNS has no concept what so ever in regards to virtual hosts, it will only transate host1.local, host2.local to ip addresses.
<andol> rahuldroy: Most likely is that Ubuntu 14.04 will always provide some kind of 5.5.9 version, but with backported security fixes etc. For example, the current PHP5 version in Ubuntu 14.04 is 5.5.9+dfsg-1ubuntu4.35.5.9+dfsg-1ubuntu4.3.
<brrr> if I set-up each domain with a forward zone file, how many reverse zone files will I need?
<andol> brrr: This really something you want to happen on a resolver level, because even if you put up an authortiave server for the .local zone you will still need to point your resolver to that authoritve server for the .local zone.
<rahuldroy> I am using the PPA https://launchpad.net/~ondrej/+archive/ubuntu/php5?field.series_filter=trusty
<andol> rahuldroy: Well, then ask the PPA owner :P
<rahuldroy> andol: nahh this PPA fixed it. The default version from ubuntu has problems :(
<andol> rahuldroy: Well, don't hold your breah for something newer than 5.5.9 in Ubuntu 14.04. What might happen, assuming the bug is severe enough (and someone reports it, pushes a bit, etc) is that the specific bug fix might be backported.
<andol> https://wiki.ubuntu.com/StableReleaseUpdates
<brrr> I figured that if I could resolve these domains to the same IP, then apache should take care of the rest
<brrr> If I use /etc/hosts, I won't be able to access these domains from other computers on the network right?
<andol> brrr: Yepp, that's the limitation of using /etc/hosts, that you'll have to keep that file updated on all the computers, which doesn't scale very welll :)
<rahuldroy> andol: thanks for your help :)
<brrr> rahuldroy, andol thanks for the responses
<rahuldroy> brrr: youu can add it to your dns server and add that there instead of using /etc/hosts
<rahuldroy> brrr: apache uses the headers
<brrr> yeah, I haven't quite figured out the exact entries to make into BIND
<rahuldroy> It should only be the domain name & its associated IP??
<MavKen> had someone reroute facebook.com to a fake one by changing /etc/hosts in a computer lab running ubuntu machines... guess that is the risk of giving sudo access to a hs student lol
<rahuldroy> MavKen: lols
<brrr> rahuldroy: but what about the reverse lookup file?
<MavKen> i dont thing he did anything with the user/pass he was collecting but it could have turned bad for him
<brrr> that's the danger of using public computers in general for personal stuff
<rahuldroy> brrr: you should be able to do that in your dns server as well
<brrr> do I need a reverse lookup file for each domain or just one for that IP address?
<rahuldroy> brrr: I have done it heaps of times in a windows DC but never in a router level
<rahuldroy> brrr: not really
<rahuldroy> brrr: but it is a good practice to do it
<brrr> so I don't need a reverse lookup file?
<rahuldroy> brrr: I would set it up but in a lot of cases it is not needed
<rahuldroy> brrr: it most cases your dns server should do it automatically
<brrr> oh
<brrr> I got it to work, thanks for the help/suggestions
<rahuldroy> brrr: awesome :)
<brrr> :)
<lordievader> Good morning.
<liox_> hi
<liox_> could someone help me get my webmail broke into a poorly succedia update apache
<liox_> my  ispconfig log
<liox_> [Sun Jul 20 08:12:06 2014] [error] [client 201.15.73.95] SoftException in Application.cpp:350: UID of script "/var/www/webmail/$
<liox_> [Sun Jul 20 08:12:06 2014] [error] [client 201.15.73.95] Premature end of script headers: index.php
<bekks> Looks like your script is broken.
<liox_> bekks, did this and solved chow chown -R web1:client1 /var/www/webmail
<liox_> bekks, strange that just added a group and the client / var / www / webmail and all other hosts also running back would not the correct group www-data?
<bekks> Sorry, I did not understand that sentence - can you please rephrase it?
<liox_> bekks, this directory / var / www / webmail should not ertencer the group www-data?
<liox_> this directory / var / www / webmail should not belong to the group www-data?
<bekks> That depends on the configuration of your VPS provider.
<Macer> wow... what happened here??
<Macer> zpool: ../../lib/libzfs/libzfs_status.c:188: Assertion `nvlist_lookup_uint64(config, ZPOOL_CONFIG_VERSION, &version) == 0' failed.
<Macer> Aborted (core dumped)
<bekks> Macer: Thats a libzfs core dump. You could try asking in #zfsonlinux
<Roguehorse> Good Morning
<RoyK> afternoon
<RoyK> or
<RoyK> good localtime();
<tortib> Hello everyone.  Can someone help me diagnose this issue with snmp?  I installed the snmp-mibs-downloader and now I'm getting these errors when running snmpwalk http://paste.ubuntu.com/7826950/
<xpistos> menu-container {
<xpistos> 		background: #0a97ca; /* Old browsers */
<xpistos> 		background: -moz-linear-gradient(top,  #0a97ca 0%, #044386 100%); /* FF3.6+ */
<xpistos> 		background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#0a97ca), color-stop(100%,#044386)); /* Chrome,Safari4+ */
<xpistos> 		background: -webkit-linear-gradient(top,  #0a97ca 0%,#044386 100%); /* Chrome10+,Safari5.1+ */
<xpistos> 		background: -o-linear-gradient(top,  #0a97ca 0%,#044386 100%); /* Opera 11.10+ */
<xpistos> 		background: -ms-linear-gradient(top,  #0a97ca 0%,#044386 100%); /* IE10+ */
<xpistos> 		background: linear-gradient(to bottom,  #0a97ca 0%,#044386 100%); /* W3C */
<xpistos> 		filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#0a97ca', endColorstr='#044386',GradientType=0 ); /* IE6-9 */
<xpistos> 		padding-bottom:13px;
<xpistos> 		clear:left;
<xpistos> 		padding-bottom:15px;
<xpistos> 		margin-bottom:15px;
<xpistos> 	}join
<tortib> O.o
<Locke2002> My server spontaneously rebooted half an hour ago... I don't see anything weird in syslog right up to when the reboot happened, any ideas of what else to look at?
<TJ-> Locke2002: UPS?
<Locke2002> It's a VPS, so I don't know if anything happened hardware-side
<Locke2002> Suppose I can try emailing my provider
<MavKen> digitalocean?
<Locke2002> ChunkHost, I dunno if they resell
<MavKen> oh ok
#ubuntu-server 2015-07-13
<Demon_Jester> it has multiple gpilu im plugged into the front. back is probably default
<TJ-> That would explain it!
<Demon_Jester> still nothing on back plug. as long as i can ssh im find.
<TJ-> yes. check "/var/log/dmesg" for clues as to which GPU/head has been selected as the primary
<TJ-> All my servers are on remote network KVM so I always ensure the heads are connected correctly
<Demon_Jester> great now to see why ssh isnt working.
<Demon_Jester> one more question since i made a new account i dont have a home directory would that cause any problems when installing packages?
<tmontney> Anyone able to assist me with a postfix/dovecot issue?
<TJ-> Demon_Jester: A home directory is usually created automatically, if you use "adduser"
<Demon_Jester> hmm maybe i need to restarr
<Demon_Jester> restart
<tmontney> I am only able to send e-mails from my domain but I cannot receive any e-mails.
<erkburgles> is there anyone here familiar with Evolution
<ianorlin> erkburgles: isn't that a desktop mail client
<erkburgles> yes
<erkburgles> want to get reminders on desktop from evolution without opening the application?
<erkburgles> werd
<neonixcoder> What is the best way to upgrade a production headless server remotely?
<neonixcoder> I am planing to upgrade from 10.04 to 14.04, which will be in two steps 10.04 to 12.04 then from 12.04 to 14.04
<neonixcoder> any suggestions?  As I tried to upgrade my machine with "do-release-upgrade -f DistUpgradeViewNonInteractive" but no positive result..
<tonyyarusso> neonixcoder: I've never used the -f option before.  Ideally you have some sort of management console access, but I've done it just via SSH before.
<neonixcoder> Thanks for the reply tonyyarusso
<neonixcoder> The problem is I will not have console access as these machines are located remotely and can be accessed via 3G only..
<tonyyarusso> 3G only huh?  That's a bit special.
<tonyyarusso> How far is the drive if they don't come back up?
<neonixcoder> yes..
<neonixcoder> It depends.. we even have some stuff in middle of Aus desserts which are like 3000km from Sydney :(
<tonyyarusso> nice
<neonixcoder> Which are connected with 3G or just Satlink to connect and remote manage..
<tonyyarusso> Furthest I've had to drive for physical access was about 2 hours - kind of a fun day actually.
<neonixcoder> yes..
<tonyyarusso> Oh, one thing I will say - run the upgrade process inside of screen, so if your SSH connection drops you can reconnect.
<neonixcoder> tonyyarusso: Is there any tool before upgrade can we just emulate changes and see if something may go wrong after upgrade?
<tonyyarusso> Not that I know of - for that depth of check you have to try upgrading an identical test system.
<neonixcoder> tonyyarusso: I tried screen, but somehow once the system reboots, it struck up at kernel panic..
<neonixcoder> right now trying in a lab machine before moving to prod..
<neonixcoder> but non getting success..
<Hexch> Hi Just updated ubuntu to 12.04.5, removed vmware-tools, installed open-vm-tools and random I get INFO: Task blocked for more than 120 sec...
<Hexch> Re-installed vmware-tools and I have not faced the problem since.
<Hexch> Is it a known bug with open-vm-tools? Cause I seemed not to finde anything about it.
<lordievader> Lurchy: I allways look at this guide for WOL: http://ubuntuforums.org/showthread.php?t=234588
<Pici> bug 10000
<ubottu> bug 10000 in xorg (Debian) "xserver-common: X crashed (signal 7) while scrolling in Mozilla" [Unknown,Fix released] https://launchpad.net/bugs/10000
<lordievader> Ouch
<Stuxnet> Hi all. Newbie here. Simple question. If you use wget to download a tar.gz file because it's not available as a package from the repositories it installs with "python setup.py install" how are you supposed to uninstall it? Not able to find any kidn of uninstall script.
<Stuxnet> The program in question is DenyHosts-2.5 (old one I know that is why I wish to remove and install the latest which I think will be installed under different names/directories)
<lordievader> Stuxnet: If it's available in pip, pip has am uninstall command.
<lordievader> DenyHosts is in pip.
<Stuxnet> Ok
<Stuxnet> Thanks a lot lordievader, that worked. :)
<lordievader> ;)
<micahg> hi, would one of the people more familiar with openstack please be able to test neutron-lbaas-agent with haproxy from my PPA so I can publish the haproxy backport, it's for a security update (bug 1473162)
<ubottu> bug 1473162 in trusty-backports "Please update haproxy trusty backport for USN-2668-1" [High,New] https://launchpad.net/bugs/1473162
<micahg> I just need a simple run test that it still works with the new version on trusty
<roracle> okay guys, i'm already running Concrete5 on my apache server, BUT UBUNTU APACHE is SO different, I have ZERO clue how to set up another virtual site
<roracle> i'm editing sites-enabled/default-ssl.conf is that right?
<teward> roracle: no, you edit sites-available/default-ssl.conf if you're adding a new site to that config.  BUt the correct thing to do is make a separate site configuration in sites-available
<teward> make that VirtualHost block, etc.
<teward> then a2ensite TheNewconfig.conf
<roracle> okay there's either default or 000
<teward> (I think(
<teward> roracle: so create a new one?
<roracle> well 000 has port 80 for my default port while "default" has some god awful port number
<teward> roracle: you're wanting to create a whole new site that your server can serve?
<teward> i.e. NOT what's already present
<roracle> teward: yes
<teward> then don't use the existing configuration files
<teward> at all
<teward> create a brand new one
<teward> put the configuration in that
<teward> a2ensite that new configuration file
<roracle> i don't get it... why when Apache is heavily documented that Ubuntu decided to change it all up?
<roracle> i don't understand what a2ensite means
<TJ-> roracle: See https://help.ubuntu.com/14.04/serverguide/httpd.html
 * teward rolls eyes
<roracle> yes, i suck at this, sorry i am more inclined to game development, yes it's my fault lol
<teward> a2ensite is a utility script/command
<teward> `man a2ensite`
<teward> http://manpages.ubuntu.com/manpages/trusty/en/man8/a2ensite.8.html
<genii> Probably also: man a2enmod
<teward> that as well
<teward> for enabling/disabling Apache modules (such as SSL)
<roracle> omg this is nuts
<teward> no it's really not
<teward> it's a different dynamic of thinking than that of a software developer
<roracle> i might end up not using ubuntu in the end because i got used to all the documentatino i read on apache, then found out all of it was wrong, and now i'm totally confused on what to do and have to keep reminding myself that i have to look it up since it's not what i learned intiially
<teward> what documentation did you even look a
<teward> t
<teward> you haven't stated which documentation you're using
<roracle> apache's doc
<teward> WHICH doc from Apache
<teward> they have about two billion docs
<teward> plus different versions of apache's documentation
<roracle> yes, the ones for apache2 httpd, i didn't realize it was that big of a difference
<sarnold> all the apache docs I'm familiar with discuss directives and options, not configuration layouts
<roracle> apparently they have this "httpd.conf" file that should be edited.  then i find out in ubuntu, it's allllll split up
<roracle> so what did make sense doesn't now
<patdk-wk> heh?
<patdk-wk> no one has a single httpd.conf unless your using apache from source
<teward> ^ that
<teward> quite literally that
<TJ-> roracle: The rationale is from Debian; the idea is that if you confine your own site's directives to your own files in the /etc/apache2/*-available/ directories, and use a2{en,dis}{site,mod,conf} tools to create/remove symbolic links in /etc/apache2/*-enabled/ directories, then any changes to the Debian/Ubuntu distributed packages will not over-write change any of your own site's custom settings.
<sarnold> there's a huge difference between the apache 2.2 that shipped in 12.04 LTS and the 2.4 that shipped in 14.04 LTS, thuogh, is that the source of your confusion?
<teward> sarnold: he's confused about file layouts
<teward> sarnold: i.e. "wtf do i do to add a new site host block"
<patdk-wk> he is upset that *insert tutorial here* does not work directly
<teward> ^ that too
<patdk-wk> cause it's specific to apache, and not debian/ubuntu
<roracle> maybe
<teward> roracle: the ONLY DIFFERENCE between Apache's source documentation for adding a new server block
<teward> and Ubuntu/Debian's handling of it
<teward> is that you put your individual site VirtualHost blocks into a different file
<patdk-wk> if you want, ubunt still supports one large httpd.conf if you use it
<roracle> okay well what do i TYPE exactly then?
<teward> and use the utility script to symlink it to sites-enabled/somefilenamehere
<patdk-wk> it is normally an empty file, but you can fill it up
<teward> roracle: YourTextEditorHere /etc/apache2/sites-available/MySite.conf
<teward> replace YourTextEditorHere with your given text editor
<teward> and MySite.conf with something more descriptive (but keep .conf at the end)
<roracle> i'm not here to learn perse, but i learn by DOING and it's like I learned 1+1=2 and now it's like everyone is saying 1+1=3 and it's really a mind messer
<roracle> okay
<TJ-> roracle: If you were to directly edit the configuration files that the apache2 Debian/Ubuntu packages ship then any updates (think security) would require administrator intervention to merge any changes in those config files if they conflict with the site-specific changes
<teward> if you aren't going to listen to me trying to help you right now i'll go back to squishing server bugs
<JanC> roracle: Debian/Ubuntu-specific Apache setup is documented in /usr/share/doc/apache2/README.Debian.gz
<teward> (which is actually less painful than end-user support.)
<roracle> no teward it's that everyone is saying stuff to me
<teward> roracle: then learn to ignore people.  focus on one thing at a time
<teward> roracle: the problem with IRC chat is it's easy to get overwhelmed, so what you need to do is focus
<roracle> okay so each site will have a different conf file, and i need a new one made, NOT add a block to existing ones?
<teward> roracle: correct.
<TJ-> roracle: Correct :)
<teward> roracle: so you can very easily disable one site without having to manually find and remove the configuration directives
<teward> roracle: once you've followed that command, you've got an empty file.  Put your configuration directives for the VirtualHost blocks there.
<JanC> roracle: and you really should always read README.Debian for packages that have it  :)
<roracle> okay see the Apache docs had me adding to the file which confused me
<teward> roracle: that's the FromSource method
<teward> roracle: the only difference is we have a different definition of where the site configurations go.  It's actually to help improve the friendliness of administration
<roracle> yeah, i just never realized each distro was going to be so very different.  you don't expect a calculator to rearrange the numbers, ya know?
<roracle> yeah i see that now
<TJ-> roracle: FYI something else that might trip you up later is that in Debian/Ubuntu the executable (running process) name is "apache2" not "httpd"
<roracle> well i'm in Ubuntu and it's running as apache2
<sarnold> roracle: heh, have you compared a phone versus a calculator lately? :)
<teward> roracle: to continue what i was saying: after you've added the configuration to the MySite.conf or w/e you named it, save the file.  Then run `sudo a2ensite MySite.conf`
<roracle> okay cool
<roracle> brb
<patdk-wk> sarnold, my phones no longer even have numbers
<teward> then run `sudo service apache2 reload`.  Your site *should* then come up
<teward> provided you have the modules you need enabled
<sarnold> patdk-wk: hehe :)
<teward> sarnold: even with calculators - the internal coding is widely different in terms of code style, etc.
<teward> including fluff
<patdk-wk> are we talking rpn?
 * teward shrugs
<sarnold> teward: please don't get me down a calculator nostalgia rathole, I've already been down the orbital mechanics rathole today..
<teward> In Other News: landscape-client should not run on anything with less than 256MB RAM
<roracle> okay i made the file, do i need to change perms on it or anything?
<roracle> because it doesn't see the file there at all
<roracle> but it is
<teward> roracle: ls -al /etc/apache2/sites-available
<patdk-wk> did you link it? a2ensite
<patdk-wk> I think that is the command :)
<JanC> and you need to reload apache
<teward> roracle: did you also run `sudo a2ensite FooBarBaz.conf`, then do `sudo service apache2 reload`, like I said
<roracle> okay i just made the file, haven't run a2ensite because when i did it says it's not there, though it is
<teward> and yes i just throw random stuff in for filenames that i don't know what they really are :)
<teward> roracle: is it in /etc/apache2/sites-available
<teward> or in sites-enabled
<sarnold> roracle: make sure the .conf is there -- the scripts look for that.
<roracle> yes sites-enabled
<roracle> and it's a conf file
<teward> roracle: don't put it there
<roracle> i called it "blog.conf"
<roracle> oh?
<teward> roracle: sudo mv /etc/apache2/sites-enabled/blog.conf /etc/apache2/sites-available/blog.conf
<teward> it goes in sites-available, not sites-enabled
<teward> then run the `sudo a2ensite blog.conf` and `sudo service apache2 reload` commands
<teward> roracle: the a2ensite and a2dissite scripts are designed such that your config never really leaves sites-available, and is linked into sites-enabled
<teward> specifically that when you reload the configurations with `sudo service apache2 reload` you don't have to remove the config file from disk and move it to somewhere else on disk
<roracle> okay
<roracle> i just ran it all, now what?
<roracle> restared and everything
<roracle> and it's not working
<teward> roracle: go to the domain you set in the virtualhost block
<roracle> i told it blog.ghostlightgames.com
<roracle> and i go there and nothing
<teward> roracle: does that domain point to your site/server's IP address?
<roracle> yes
<roracle> or it should
<roracle> i can get to the main page
<roracle> www.ghostlightgames.com
<roracle> it's the main page
<teward> % dnsget -t ANY blog.ghostlightgames.com
<teward> dnsget: unable to lookup ANY record for blog.ghostlightgames.com: domain name does not exist
<roracle> but i'm trying to add blog.ghostlightgames.com
<teward> roracle: www.ghostlightgames.com probably resolves.  You need to add a DNS record for blog.ghostlightgames.com, wherever your dns is done
<roracle> like with godaddy?
<teward> or whoever does your DNs
<roracle> yeah that's them
<teward> then to there, add another DNS record, this time for blog.  not www or @, but blog.
<patdk-wk> without the . :)
<teward> then either a CNAME to ghostlightgames.com like your www. site has.  Or an A record.
<teward> Correct.
<roracle> okay
<teward> patdk-wk: that was sentences though, because some of us actually care enough to type in full sentences :)
<patdk-wk> yes, but expecially dns, it can cause breakage
<teward> patdk-wk: that was sentences though, because some of us actually care enough to type in full sentences :)
<patdk-wk> but hopefully, that dns editing gui, wouldn't allow a dot in that location
<teward> oops
<teward> but yes
<teward> patdk-wk: indeed.  it gets tricky when you run your own DNS servers xD
<teward> then you have to edit the zonefiles direct :P
<roracle> so what do i do exactly now i'm logged into godaddy?
<roracle> zonefiles?
<patdk-wk> dunno, whatever they do
<teward> roracle: i don't use godaddy, you'll need someone else to guide you with godaddy dns, but i think they have instructions around
<teward> https://www.godaddy.com/help/managing-dns-for-your-domain-names-680
<teward> roracle: ^
<teward> roracle: HOst = blog
<teward> Record Type = CNAME
<roracle> eh?
<roracle> okay
<teward> Points To = ghostlightgames.com
<teward> save changes
<teward> then wait
<teward> leave TTL alone
<teward> sarnold: who do i complain about memory usage of landscape-client to?
<teward> Canonical?
<sarnold> teward: https://launchpad.net/ubuntu/+source/landscape-client  "Report a bug"
<teward> sarnold: not sure if it's a bug
<teward> moreso a question of min-specs-for-use
<teward> not for LDS (the server side), but the client
<sarnold> teward: thuogh "run in less than 256 megs ram" might be outright impossible, the thing's writtn in python, right? :)
<teward> sarnold: no clue, but it got OOM killed then the server went and flopped on me on the VPS
<teward> host
<teward> gah, i hate keyboards sometimes
<roracle> where would it "point to" exactly?  www says it points to "@" but should blog also point to "@"?
<teward> roracle: use @
<teward> roracle: that's a shortcut for what I said your Points To is
<roracle> okay and should i wait or should it be automatic?
<teward> roracle: hit "save changes" then give it a few minutes
<teward> and then i'll check and see if Google's picked it up yet
<teward> if not, you may have to wait up to 2 days
<roracle> okay
<sarnold> google specifically has a button to let you say "ignore the TTL I've set, please refresh your cache"
<teward> :P
<roracle> i know when i first signed up it worked immediately to the main site
<teward> roracle: on your computer, type this in:  `host blog.ghostlightgames.com`
<teward> without the `
<teward> does it return anything?
<roracle> on the server?
<roracle> yeah it works
<teward> no i meant your computer
<teward> not the server
<roracle> oh
<roracle> well my system here i'm on is a windows gaming laptop
<teward> same difference
<teward> i think
<roracle> server is over on desk
<teward> or nslookup
<teward> i forget
 * teward turns to his windows computer
<teward> roracle: open command prompt.  nslookup -
<roracle> yeah it gives output
<teward> roracle: then type this: set querytype=CNAME
<teward> roracle: then type blog.ghostlightgames.com
<teward> roracle: does it return some info like this?  http://paste.ubuntu.com/11874021/
<teward> or at least saying the domain exists
<teward> roracle: i get to a WP install page
<teward> install WP and remove your install files soon
<teward> before a malicious threat actor nukes your WP
<roracle> that link is exactly what my linux output was
<teward> roracle: then you're all set - go to your site and set up wordpress
<teward> fast
<teward> before a malicious person does that for you xD
<roracle> nice
<roracle> now will this allow other users to make a name/pw and access it?
<roracle> i know it's not your realm but i figured i'd ask
<teward> roracle: that's a wordpress issue
<teward> you have to configure it first
<teward> roracle: depending if you enable it or not users may be able to register or not
<teward> mine, i disabled registrations on (see dark-net.net
<teward> i don't see a register button though
<roracle> okay, i'll have to connect via my phone tethering (i use a router to the server, it doesn't work proeprly going to the domain while i'm on the same network as the server)
<teward> roracle: your wordpress questions would be better suited for #wordpress though
<qhartman> Anyone have any recommendations for an inexpensive temperature monitoring device that integrates well with nagios? Ideally I'd like something that has support for a few remote sensors
<qhartman> Everything I've found so far is either major overkill, or isn't really quite enough. Having a hard time finding "jsut right".
<patdk-wk> ipmi works well
<qhartman> true, and I have some quick and dirty scripts that watch that for the internal server temps, but I'd like to know ambient in a couple places in the room, as well as the supply temp from the air handler
<qhartman> So I can catch things earlier
<qhartman> In typical IRC fashion, as soon as I asked my question I hit upon something that looks liek a good solution: http://www.itwatchdogs.com/climate-monitor-watchdog-100-p67.html
<teward> qhartman: hate to say an arduino, but...
<teward> probably nothing 'inexpensive' if you want it to report back
<teward> (we have three arduinos at different spots in a server room to monitor temps...)
<qhartman> yeah, I'd be happy to roll my own if I weren't spread so thin already, but as it is, paying a bit for something that works OOB is worth it.
<qhartman> teward, I'd be glad to learn more about your setups though if you have references you could point me to.
<teward> qhartman: i didn't set them up, sorry
<teward> i know they're in the room, I don't know who built em up or configured em
<qhartman> womp womp. Thanks though
<TJ-> They're quite a few USB temperature sensors that present on a ttyUSB* interface
<TJ-> s/They're/There are/
<TJ-> Instead of the optional temp/humidity sensors for my Server Technology CDUs I used this:  http://www.dlpdesign.com/usb/th1.shtml
<qhartman> Neat. Though, at $90 each, it's nearly the cost of the stand-alone unit I linked above with the number of locations I want to monitor.
<qhartman> $430 vs $360
<TJ-> Yeah... there are multi-channel alternatives, but I only need to monitor 2 cabinets
<qhartman> right
<qhartman> thanks for the suggestion though
<qhartman> good device to know about
<sarnold> I've long wanted a reason to try out ibutton / 1-wire devices
<qhartman> that would be fun
<TJ-> qhartman: This is another I found after I'd bought, and integrates woth nagios: http://www.finnie.org/2010/03/07/external-temperature-monitoring-with-linux/
<qhartman> cool, thanks
#ubuntu-server 2015-07-14
<lordievader> Good morning.
<thewall> Hello. I need help with ubuntu cloud-archive packages for Juno. Can anyone please help me? :)
<ruiorey> hi, we have a problem in our server, we wrongly manually replaced some files in usr/lib and as result we had several errors we have been solving. the actual one is error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory...we try to run apt-get and get errors installing removing etc...because almost all processes depend on it. any suggestion would be very welcome
<bekks> Restore your backup.
<ruiorey> no backup.. :/
<bekks> So you have no data worth to be kept on your server. Reinstall it.
<maswan> Set up a system with identical package set installed. Boot the server off rescue media. Copy relevant files from the temporary one.
<ruiorey> we have
<bekks> ruiorey: You dont, since you have no backup.
<bekks> ruiorey: All you can do now is boot a live cd, copy all files you still need, and reinstall the server.
<ruiorey> maswan, do you think direct copy from a similar system will work?...in this case libpthread.so.0 just needs to be replaced?
<bekks> ruiorey: No. :)
<maswan> ruiorey: It might work. For a while.
<bekks> ruiorey: Copy all files you want to keep, and reinstall the server.
<maswan> ruiorey: But you'll never get to the point where the server will be a reliable server
<ruiorey> ok thanks maswan
<ruiorey> and why is not going to be reliable?
<maswan> Because how can you make sure that you got all the files, and got exactly the right versions?
<ruiorey> ok
<ruiorey> thanks
<arcsky> shortcut , ctrl + w deletes a word does anyone know if you can delete a word if you are infront that word instead if the backend?
<TJ-> arcsky: you're talking about readline? In bash "kill-word" is meta+d
<arcsky> TJ-: ctrl+d deletes just one char
<histo> arcsky: in vim?
<TJ-> arcsky: I said Meta+d not Ctrl+d
<arcsky> histo: in shell
<histo> arcsky: yeah alt+d
<arcsky> histo: perfect thanks!
<fornax> I I'm running docker on my ubuntu server and want to bind docker to a specific virtual nic. Can one explain me how to create a virtual nic and add it to my bridge br0? The nic will get a ip from my providers dhcp server and shall allow that docker only exposes its ports to the nics ip
<bekks> fornax: AFAIK, you cannot use DHCP on a bridge.
<jrwren> I missed context, but I've been using DHCP on bridge for a decade+
<jrwren> i don't know docker well enough to help. sorry.
<lordievader> bekks: Why not?
<bekks> lordievader: because a bridge connects two networks, and both networks may offer dhcp, which would lead to a race condition.
<lordievader> Doesn't a bridge have one gateway? I understand your reasoning, however I'm using dhcp on my bridge. True, it only has one physical connection.
<jrwren> that is nonsense.
<jrwren> every port on a switch is a bridge. we use dhcp with switches all the time.
 * pmatulis pulls up a chair
 * teward yawns.
<teward> is the server team still meeting today?
<fornax> bekks: I already use DHCP on my bridge and 2 lxc containers. But now I want to create one more simple virtual ethernet device (veth) manually inside an ubuntu config file to get docker bound to this veth
<mgz> openstack charmers, can someone take a look at bug 1474291 - if I'm parsing it correctly there's an issue in the ceilometer charm rather than juju
<ubottu> bug 1474291 in juju-core "juju called unexpected config-change hooks after read tcp 127.0.0.1:37017: i/o timeout" [Undecided,New] https://launchpad.net/bugs/1474291
<mgz> the config-changed hook should be idempotent, juju can and will call config changed when you're not expecting it
<qman__> bekks, lordievader: bridges can absolutely be configured dhcp, though it may not work properly if they're not on the same network
<smoser> smb, https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1473527
<ubottu> Launchpad bug 1473527 in cloud-init (Ubuntu) "module ssh-authkey-fingerprints fails Input/output error: /dev/console" [Undecided,New]
<smoser> my general question to you, is ... assuming functional /dev/console (ie, one tied to an actual serial device) ..
<smoser> should you be able to have multiple openers and concurrent writers ?
<smb> smoser, Without further checking I would think multiple writers unlikely
<smoser> i was unable to recreeate failure
<smoser> well, in that serial-shell-looper attached there.
<smoser> that basically opens up N sub-processes that just open write close to /dev/console
<smoser> smb, so cloud-init has a general desire to write messages to the console... in an effort to have things logged. if in fact /dev/console (or /dev/ttyS* or whatever console=) are not multiple-writer friendly, how would you or anyone suggst such a thing occur
<smb> smoser, well that was a first guess. might be the console device is different. But I would need to look into the code to be sure
<ruiorey> bekks , maswan it is working thanks for the help..we installed a server version equal in a vm, downgraded the kernel on the vm and replaced the files in the server :)
<bekks> ruiorey: And how did you ensure that you replaced ALL files that were corrupted?
<ruiorey> i'm not sure but all services are running fine
<smoser> smb, could you take a glance at that? i'm at least interested in knowing if i can hope to arbitrarily open /dev/console or its convigured device and write to it.
<smoser> or if doing that is going to always be a race condition without some intermediary
<linuxgeek_> hi, i have installed 14.04.1 on a vm
<linuxgeek_> two nics eth0 and eth1 is added. both have ip's on different subnet and a different gateway
<linuxgeek_> at any point of time, only one ip is accessible
<linuxgeek_> how can i configure the routes or gateway so both the ip's is accessible
<smb> smoser, So I think the answer to console is that may work but is not guaranteed. The other question would by why you insist on directly opening the device again. I assume that ssh-authkey-fingerprints is called from the systemd service which already re-directed output for you.
<smoser> smb, 2 reasons
<smoser> a.) i dont want to be dependent on systemd
<smoser> b.) systemd prefixes output with job name
<smoser> c.) i guess... how does one know that systemd wont fail to write there ?
<smb> b is not a reason. that's an opinion
<smoser> b most certainly is not opinion. it is fact.
<smoser> maybe opinion that i dont like that.
<smoser> but it is true for sure.
<smb> Ok, agreed that it does. But some would rather say thats good
<smoser> the other eason woudl be that i'd like to go to all console= parms on the command line. not just the one that gets assigned to /dev/console
<smb> smoser, Which probably would require you to write code which emits stuff round-robin. And likely that should only open, write and close, plus handing open failure and do retries. And hope nothing else hogs the device.
<smb> smoser, Unfortunately I cannot remember details but that problem feel familiar from somethign invilving upstart and plymouth and not being resolved there either...
<smoser> yeah. :-(
<smoser> and then there is the fun where writes to a non-existant /dev/ttySX work for a while (as they're buffered)
<smoser> and then fail some time later.
<smoser> thanks smb.
<coreycb> jamespage, we need python-jsonschema for trove in the liberty cloud archive, that fixes those test failures
<sarthor> HI, using ubuntu 14.04 mysql-server taking long time to start while ubuntu restarting.. help.
<RoyK> sarthor: did the server crash before this bootup?
<sarthor> RoyK no.
<RoyK> sarthor: perhaps try #mysql - I don't like mysql - it's a pain - use postgresql if you want something useful (if you can)
<sarthor> RoyK OK. Thank you,
<teward> where do I report an oddity in the landscape dedicated server software?
<sarnold> sarthor: check the log files.. often issues just show up there..
<sarnold> teward: is it a recent / transient issue? or osmething that's been bugging you for a while?
<teward> sarnold: something I only discovered now, not sure if it's something already known or not.
<sarthor> sarnold, OK. Checking.. Thanks for reply sarnold
<teward> (an oddity in license-to-use detection)
<teward> s/license-to-use/registration-class-to-use/
<sarnold> teward: aha; bug report might be okay, talking with a support rep or sales rep or whatever might be better. I'm not sure where to send you..
<teward> sarnold: probably a bug report
<teward> it's not with the ubuntu advantage program, it's the free personal-use one
<teward> so not Cloud LDS, Standalone LDS
<teward> sarnold: just an oddity - Lubuntu VM, Product Identifier shows as KVM, and it's detected as a computer, not a VM.  Which is... odd, I think
<teward> sarnold: http://i.imgur.com/yQ9H5X0.png  <-- a snippet of what I see on Landscape.  I'll probably file a bug, but if you want to throw it towards their support reps feel free.  I get 0 support because i'm not paying for it (it's the standalone personal use)
<sarnold> well, if you see it, chances are good someone else may see it too
<teward> sarnold: it's odd, because I"m borrowing phillw's Lubuntu VM.  It's on KVM on a CentOS host, so maybe it's intentional to detect it as that?  (perhaps how open stack is supposed to mimick computers, theoretically?)
<teward> although granted landscape has a dedicated openstack part
#ubuntu-server 2015-07-15
<wolflarson> I think I broke something
<wolflarson> I installed a .deb and now I cant remove it
<bigjools> can anyone point to docs that explain how to PXE boot with custom net drivers please?
<patdk-lap> you don't need to?
<patdk-lap> it's pxe, the nic does it, so there is no need for a driver
<bigjools> in the naive world, yes
<patdk-lap> and your nic driver should be in your initramfs file, and that is loaded via pxe, so
<patdk-lap> how so?
<patdk-lap> the whole point of pxe is it's driverless
<sarnold> wolflarson: what errors do you get when you try to remove it?
<wolflarson> sarnold, I was able to resolve this by manually removing the files
<sarnold> wolflarson: aha
<wolflarson> things seem to be updating normlly now
<lkthomas> hey all
<neonixcoder> Good day team..
<neonixcoder> How can I eliminate this error? http://askubuntu.com/questions/41930/kernel-panic-not-syncing-vfs-unable-to-mount-root-fs-on-unknown-block0-0 ?
<neonixcoder> I want to upgrade from 10.04 to 12.04 LTS on 200+ server and when I try to do it on test machine, I get above error..
<neonixcoder> What are the precautions I should take before I upgrade OS. Everyone is saying what we have to do once we see this error, but no one is saying what we have to do in-order to avoid this error?
<lordievader> Good morning.
<jamespage> coreycb, super-awesome - thanks for debugging that!
<Elion> hi, i own a VPS on OVH, and i would like to do a full backup (similar to a snapshot) of my server, so i can restore it later or migrate it elsewhere, what should i use ?
<bekks> !backup | Elion
<ubottu> Elion: There are many ways to back your system up. Here's a few: https://help.ubuntu.com/community/BackupYourSystem , https://help.ubuntu.com/community/DuplicityBackupHowto , https://wiki.ubuntu.com/HomeUserBackup , https://help.ubuntu.com/community/MondoMindi - See also !sbackup and !cloning
<lordievader> I like dirvish.
<Elion> ubottu: thanks
<ubottu> You're welcome! But keep in mind I'm just a bot ;-)
<adsc> if you remove apache from autostart using update-rc.d, can it happen that an apache update re-adds the service there?
<adsc> the reason why I'm asking is because a colleague installed server updates yesterday, and now I see apache processes running
<rbasak> I'm not sure but I think if it does that then you have a bug. Can you reproduce it? And you're not on >= 15.04 (systemd), are you?
<teward> rbasak: hiya.  still busy?  Or do you want me to take a stab at drafting the message to the TB
<adsc> rbasak: no, I'm on 14.04 LTS
<adsc> rbasak: i think i'll wait for the next update and see if it happens again
<adsc> rbasak: maybe the dude di something wrong, he's not very experienced with command line
<rbasak> teward: sorry, permanently busy :(
<rbasak> teward: please go ahead and draft the email - don't let me stop you!
<teward> 'tis fine.  what info do i need to include in an email to the TB?
<teward> first time addressing the TB after all xD
<rbasak> Hmm.
<teward> what we're requesting, what the situation is, brief synopsis of what's been discussed so far with server and release teams, planned mapping of the course of action up to and through X release?
<rbasak> A summary of the issue. References to existing discussion. Summary of conclusions from relevant people about what we want. And a specific question that's easy for them to approve/disapprove.
<rbasak> Yeah, what you said :)
<teward> specific question might be hard - we're basically asking for a post-freeze post-release exemption - effectively, up until release of X we want to continue to merge in 1.9.x, and prior to release the latest-tagged snapshot from the upstream repository (or the tarballs), and then include 1.10.x for X either after finalfreeze or after release, due to the nginx release time
<teward> but that's not too hard
<teward> i'll draft the email, throw it your way for a review, and send it off :)
<teward> rbasak: good news though for the wily isos - the network interface names are correctly read by both systemd post install AND the installer disk (so no kernel naming pattern vs. systemd naming pattern discrepancies breaking networking-coming-up-after-installation provlems)
<teward> and thats all i'mma say on the matter (discovered it myself last week being an issue)
 * teward disappears
<rbasak> Thanks!
<Tazmain> hi all, I am having trouble removing a package. I keep getting, mv: cannot stat â/etc/php5/conf.d/perforce.iniâ: No such file or directory dpkg: error processing package perforce-swarm (--remove): subprocess installed pre-removal script returned error exit status 1
<Tazmain> does anyone know how I can remove this package ?
<rbasak> Tazmain: you can tweak /var/lib/dpkg/info/perforce-swarm.prerm but you should report a bug to Perforce. And seek further help from their support desk I guess, as it's their package rather than one from Ubuntu.
<Tazmain> rbasak, well someone in #linux suggested I just touch the file it was looking for and that solved the problem
<rbasak> Tazmain: great. Thank you for reporting back.
<skylite> if I have a folder with a bunch of hardlinks in it and I simply copy that folder it will be much bigger because the files will become actual files is that right?
<patdk-wk> yes
<skylite> and how can I copy this file structure by preserving the hardlinks?
<skylite> it contains a lot of hardlinks
<patdk-wk> rsync would work
<skylite> and if a hardlink is copied it wont matter what was the original file because there is no such thing here like in symlinks right?
<adsc> what is the default deployment setup for apache websites? Deploy as user with group www-data and rw group permissions?
<adsc> if that is the default, why does apache process not start with umask 002?
<rbasak> kickinz1: could you take a look at bug 1474863 please? Does this mean that bcache is broken in Wily?
<ubottu> bug 1474863 in bcache-tools (Ubuntu) "bcache device files aren't available in initramfs" [Undecided,Invalid] https://launchpad.net/bugs/1474863
<rbasak> Ah, never mind.
<kickinz1> OK
<rbasak> The reporter invalidated it. Sorry!
<kickinz1> NO pb!
<homecable> any one have a cs24-sc server
<homecable> ?
<mojtaba> Hi, does anybody know how can I use rsync with two destination and one source?
<sarnold> mojtaba: what's the goal?
<mojtaba> sarnold: I have one disk which I want to backup on two separate disks
<keithzg> mojtaba: The closest I can think of would be batch mode, although I can't remember actually using that myself ever: http://manpages.ubuntu.com/manpages/trusty/man1/rsync.1.html#contenttoc21
<mojtaba> keithzg: thx
<sarnold> mojtaba: I'd probably just run it twice; rsync source/ dest1:destination/  ; rsync source/ dest2:/destination/ ...
<sarnold> mojtaba: if dest1 and dest2 have a faster network connection between them, you might be able to get a speedup by logging in to dest1 and rsyncing to dest2, perhaps before doing the source-to-dest2 copy
<mojtaba> sarnold: I will consider that one thanks. But for now I am doing it all locally (external HDDs)
<mojtaba> thx
<sarnold> mojtaba: aha :)
#ubuntu-server 2015-07-16
<petersfreeman> I'm having difficulty connecting to my printer.  I set up a USB connected printer attached to my print server using CUPS.  From my desktop,  I let it find the printer connected to the server (Server and Desktop are on the same LAN).  I can print a test page from CUPS connected to the server (192.168.0.xx:631, but I cannot print a test page from CUPS connected to my desktop (localhost:631).  Ideas?
<sarnold> check cups logs on both systems?
<petersfreeman> Sarnold:  got it working.  Thaks
<sarnold> petersfreeman: nice, what was it?
<Demon_Jester> Hey guys, I am in a situation hopefully you can help me. So for some reason I decided to make my boot partition 400gb. I am wanting to move that 400gb of free space from sda1 to sda6, is there a way for me to do that? or what would I have to do.
<DeadVillain> hello all
<ikonia> win 6
<lordievader> Good morning.
<mdeslaur> dannf: I'm going to release security updates for mysql, can you confirm that the packages in -proposed are all tested?
<mdeslaur> dannf: also, since we always ship the latest upstream mysql, I'm not sure how we're supposed to maintain those patches...have they been submitted upstream?
<bekks> They are proposed and not yet finally tested. If they are tested fully. They are moved out of proposed.
<kevin070982> hi there
<kevin070982> need help for ubuntu server
<kevin070982> our Raid1 sytem failed to start after a power loose in our place
<kevin070982> anybody here?
<rbasak> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<kevin070982> no boot paste.ubuntu.com
<rbasak> You might want to state your actual problem though. Volunteers tend not to want to commit to helping someone with open ended problems because they tend to take an open ended amount of time.
<kevin070982> no boot http://paste.ubuntu.com/11887633/
<kevin070982> softraid
<lordievader> kevin070982: Did you boot a live stick, is your data still there?
<kevin070982> i will boot via live stick in few minutes
<kevin070982> still downloading one
<kevin070982> the question is what is the best way to make the raid work again
<kevin070982> seems to me that the bootloader didn^t load the raid partition
<lordievader> First see if the data is still there. See what the damage is.
<dannf> mdeslaur: the only thing that still needs testing is the trusty update, which FTBFS due to an unrelated issue. there's a fix for that in the sru queue.
<dannf> mdeslaur: oracle is looking at fixing it - they can't take my fix because it's a port from mariadb that wasn't contributed under the OCA (noted in the dep3)
<dannf> mdeslaur: trusty mysql-5.5 is good, mysql-5.6 is the one in the SRU queue
<mdeslaur> dannf: all I care about is mysql-5.5/trusty, mysql-5.5/utopic and mysql-5.6/vivid
<mdeslaur> dannf: are those tested?
<dannf> mdeslaur: yes they are
<rbasak> o/
<rbasak> dannf: http://paste.ubuntu.com/11887850/ to catch up from #ubuntu-hardened
<rbasak> (sorry I didn't notice this concurrent conversation)
<mdeslaur> dannf: so I wasn't part of the original discussion with regards to those patches...I added my concerns to the bug
<mdeslaur> but rbasak has now told me it's been discussed
<mdeslaur> dannf: so my understanding is that if I prepare a new mysql version and the patches don't apply I just ignore them?
<dannf> mdeslaur: that would cause memory corruption for ppc64el/arm64 users
<mdeslaur> of course, that is likely to regress users who think mysql is usable in trusty
<dannf> so i don't think ignoring them is a good approach
<mdeslaur> dannf: right, so are you commiting to getting me updated and tested patches for each new mysql release as soon as it comes out?
<rbasak> My understanding was that if dannf's team can't fix it, then we wouldn't hold up a security update for the other archs.
<mdeslaur> I can't selectively publish archs
<mdeslaur> unless it FTBFS
<rbasak> Right, so that would mean regressing arm64 etc.
<mdeslaur> rbasak, dannf: if the patches do appear to apply, and it builds, do I release the new version without testing on ppc64el and arm64?
<rbasak> I'd say yes.
<dannf> mdeslaur: to the extent reasonable, yes (i commit to updating), but that does need some time
<rbasak> Again, I apologise for not speaking to you before. I don't want to see this as a done thing - if that doesn't work for you, we should speak and reconsider.
<dannf> mdeslaur, rbasak +1 - if it applies, go for it
 * dannf understands this is a bad situation - wish i could do more, but nothing i can personally do since i don't hold copyright on the fix
<dannf> but i can poke oracle again and ask about status
<rbasak> I wonder if we should reconsider Oracle MySQL's place in main on the basis of this issue.
<rbasak> On one hand the patch author won't sign Oracle's agreement, but on the other hand it's Oracle that won't take the patch and haven't fixed the bug.
<rbasak> Combined with them not providing security patches.
<mdeslaur> rbasak: while that's a good discussion for the dev release, it doesn't change anything with regards to the stable releases that I have to update in the next couple of days
<rbasak> mdeslaur: understood. If you're still unhappy, I think we should reconsider carrying the patch.
<mdeslaur> adding these patches to trusty means every three months for the next 4 years the patches need to get rebased and tested on the latest mysql version
<dannf> mdeslaur: until oracle releases an update with a proper fix, yeah - which they are working on
<mdeslaur> right
<mdeslaur> ok, so here's the plan: 1- rbasak please find someone in the sru team to release the packages currently in -proposed ( mysql-5.5/trusty, mysql-5.5/utopic and mysql-5.6/vivid)
<mdeslaur> either today or tomorrow
<mdeslaur> that way, those will be available for ppc64el nd arm64
<mdeslaur> I will prepare updates for the new versions with the patches
<mdeslaur> If they apply, fine, if they don't, I'll ping dannf
<mdeslaur> I may publish the updates anyway, just not for the two archs that FTBFS
<dannf> mdeslaur: can you point me at the new release/patches/whatever, so i can look at the risk ahead of time?
<mdeslaur> depending if dannf can quickly get me updated patches
<mdeslaur> dannf: that would be the 5.5.44 and 5.6.25 new upstream versions from mysql's site
<dannf> rbasak: arges approved the srus, i can ask if he'll flush -proposed for us
<rbasak> OK. I'd like to delegate chasing the SRU team to dannf, if dannf you're OK with that.
<rbasak> Though, this assumes that mdeslaur you're happy with this situation.
<rbasak> If you're not and think we should reconsider carrying the patches in the first place, then we should do that before releasing the SRUs.
<mdeslaur> well, I can't say I'm happy with the situation...this definitely makes things more complicated, and has a chance of regression users of those archs
<mdeslaur> but if those archs are broken anyway...
<mdeslaur> if dannf and/or his team are willing to drop everything when a security notice is published to get the patches working for a new version within a day or two, then that's fine
<rbasak> I take the view that the patches can't be allowed to hold up security updates for the other architectures, and nor can we expect mdeslaur's team to fix it.
<rbasak> So that means dannf's team gets the opportunity to fix it when necessary, or if not, then the affected architectures regress.
<dannf> i can't commit anyone else from my team - but, unless i'm unreachable, i can commit myself to that
<Luke> hey guys, I have a service i'm making that can have multiple instances running on the same box. how should i represent that in systemd?
<rbasak> Luke: http://0pointer.de/blog/projects/instances.html
<Luke> rbasak: wow thanks
<Luke> that was fast
<Luke> rbasak: I hope this wasn't the first google result ;-P
<rbasak> Luke: https://encrypted.google.com/search?hl=en&q=systemd%20multiple%20units
<Luke> haha
<rbasak> But you do need to know what terms to Google for :)
<mdeslaur> rbasak, dannf: ok, so we're on the same page?
<Luke> i didn't think "instance" was the right word
<dannf> it would be nice if we had a way to at least not release broken builds on those archs in the situation that we can't. i'd hate to knowingly release broken builds to someone's stable environment
<Luke> rbasak: instance brings up the same first result /me is embarrassed
<Luke> ty
<rbasak> dannf: I suppose the patches could FTBFS and then users will be held back on that arch. But we'd need to check what the Arch: all packages do in terms of versioned dependencies.
<mdeslaur> dannf: is there a quilt trick to get it to apply the arch specific patches to see?
<mdeslaur> rbasak: oh, argh, I didn't think about the Arch: all
<rbasak> dannf: but that also means that affected arches will never get a security update. So which is worse?
<dannf> mdeslaur: ln -s debian/patches/arch-specific/patches-arm64 patches-amd64
<dannf> rbasak: tough to say in general - one is definitely going to break them though, the other (security) is status quo
<dannf> but security could certainly be worse in some situations of course
<dannf> and w/ mysql, we don't really know what the security issues are :(
<rbasak> Maybe the fact that we're considering this should mean that we shouldn't carry the patch and consider MySQL broken on the affected arches until an upstream fix arrives.
<rbasak> I'm seriously reconsidering my position here.
<dannf> rbasak: that feels like we're saying x86 is more supported than other archs, which isn't what we communicate
<mdeslaur> it's quite unfortunate that this is with the mysql package...pretty much any other package in the archive where we can backport security fixes this wouldn't have been an issue
<dannf> if there was corruption in an LTS main package on x86, wouldn't we carry a patch?
<rbasak> dannf: I feel like we're saying that in the case of Oracle MySQL, upstream policies mean that for us to keep it in main arches are supported only as well as upstream support them.
<rbasak> dannf: for src:mysql-*, I'm not sure, because of upstream policies it's a special case.
<rbasak> It only remains in main because upstream has a good track record on this (until now).
<rbasak> http://www.ubuntu.com/about/about-ubuntu/conduct - "We expect participants in the project to resolve disagreements constructively. When they cannot, we escalate the matter to structures with designated leaders to arbitrate and provide clarity and direction."
<rbasak> I'm tempted to say that we're getting to the point where we need a TB decision in order to be decisive.
 * dannf feels like we have a working model (dannf will port) and a backup plan (will drop patches) - i don't see why dropping those patches would be better, unless there's no reasonable grace period to give me to port
<dannf> counter argument is that right now we don't have working packages on those archs - but i don't know that that is obvious to any users. the builds are there.
<dannf> they will just secretly eat your data
<mdeslaur> right, that is why I'm conflicted
<rbasak> 1) I don't like the bus factor in that. I feel that we should have a team commitment to port the patches.
<rbasak> 2) Falling back to the backup plan means regressing users, who might elect to use an alternative if they know in advance, rather than receiving a regression. So the existence (and need for) the backup plan gives me doubt. Are the chances of needing it great enough that we shouldn't consider builds on these arches to be usable?
<dannf> i'm sure we can get others on my team to commit to the raw porting - my only concern is w/ the actual packaging
<mdeslaur> dannf: ideally someone on your team would maintain a tested PPA for each new upstream version of mysql with the patches applied, and tested
<dannf> and i should be open to my potential conflict of interest - i'm paid to support arm64 customers who want to deploy this
<mdeslaur> so when oracle's quarterly security advisory goes out, I can pluck the updated patches out of the PPA
<dannf> mdeslaur: that seems reasonable
<rbasak> Aren't a significant proportion of upstream releases from security advisories (ie. not available earlier)?
<mdeslaur> seems to me they come out earlier than the security advisories
<mdeslaur> I'm trying to find that out now
<rbasak> Even though we had the MRE approved, I've not had the time to keep up to date with new upstream releases.
<mdeslaur> 5.5.44 came out on 2015-05-29
<mdeslaur> and they published the security advisory for it this week
<dannf> is there an announce list for new releases?
<rbasak> Ah, so they release first and then tell people what security fixes (if any) were in it six weeks later? I didn't realise that.
<rbasak> If that's true then it seems to me that if we did keep up with the MREs then you'd just need to pocket copy to -security
<mdeslaur> I'd have to rebuild in -security
<rbasak> Ah, OK
<rbasak> So...does this mean that dannf's team will do the MREs for us? :)
<mdeslaur> heh
<mdeslaur> IT'S A TRAP!
<mdeslaur> ;)
<rbasak> :)
<rbasak> It does seem like the logical conclusion though!
<mdeslaur> dannf: sorry for making this seem complicated, but this sort of thing has happened before...and while everyone has good intentions, at some point down the road when code gets refactored, nobody has time to do the work anymore
<mdeslaur> and that's when we're stuck with the hard decision
<mdeslaur> so I just want to make sure we're on the same page if it comes to that and we do need to regress our users
<dannf> mdeslaur: right, part of our agreement here was to make sure we had a long term plan - i.e., oracle will care/provide a fix. we have that commitment, but no ETA
<mdeslaur> oh, that's good news
<dannf> we've got them hw to test with, etc - we're poking them about status today
<mdeslaur> ok, I wasn't aware that there was a commitment there...that definitely alleviates my concern a bit to know that these could possibly be upstream in the next few versions
<dannf> as for us doing MREs - i don't think that's necessarily a bad idea for this period. of course, if builds/tests fail for unrelated reasons, that's something we'd need help with
<dannf> though i'm still not sure on how to get informed about a new release
<rbasak> I'd expect my team to help with anything MRE related, though priority would be up to my manager.
<rbasak> (and thus time)
<mdeslaur> ok, so the patches do apply to the new 5.5 and 5.6
<rbasak> As for being informed about a new release, I don't really know either.
<rbasak> Perhaps we should set something up to watch uscan.
<rbasak> That'd be useful for other packages too.
<mdeslaur> yeah, or script something to monitor dev.mysql.com
<mdeslaur> perhaps there's a mailing list, I'm not sure
<dannf> i can ask oracle
<dannf> rbasak: mdeslaur: at this point, are you both ok w/ me asking sru-team to push those updates out?
<rbasak> dannf: I wonder if it's an idea to write out what we've agreed first to make sure that everyone is in agreement?
<mdeslaur> yeah, adding a comment to the bug to state what we've agreed would be ideal
<mdeslaur> once we've stated it here
<rbasak> Maybe start in a pad to avoid confusing updates in the bug.
<mdeslaur> right
<dannf> sure. 1) dannf's team will figure out how to be notified of micro releases and maintain a ppa of test builds that we use to validate on arm64
<dannf> oh, pad is fine
<mdeslaur> rbasak: do you have a pad?
<rbasak> mdeslaur, dannf: http://pad.ubuntu.com/mysql-arm64-corruption-patch
<rbasak> (I just created it)
 * rbasak wonders why everyone is a shade of pink today
<dannf> btw, i'll run this by my manager this morning to make sure we can deal w/ the bus factor
<dannf> mdeslaur, rbasak and are these updates always quarterly?
<mdeslaur> dannf: the security notices are quarterly
<mdeslaur> dannf: the mysql updates happen at any time I believe
<mdeslaur> ie: there can be 2 updates between security notices
<dannf> ok
<mdeslaur> so you can plan when you're going to update your PPA, as long as it's done before the security notice is published, which is usually at a pre-determined date
<mdeslaur> does that make sense?
<dannf> mdeslaur: yes. is there a security notice list, or should i ask oracle about that too?
<mdeslaur> dannf: http://www.oracle.com/technetwork/topics/security/alerts-086861.html
<mdeslaur> the dates, and the notices are listed there
<mdeslaur> no next date is 20 October 2015
<rbasak> So arm64/ppc64el users are at some risk of regression as it's not an upstream patch. Should we release note this?
<rbasak> (although of course it's going into Trusty too, for which release notes are already published)
<mdeslaur> dannf: so _if_ a new version is published at the same time as the security notice (I don't think that happens), is a 2 day delay enough?
<mdeslaur> rbasak: hrm, is changelog not enough?
<mdeslaur> rbasak: not sure where else to put it
<rbasak> mdeslaur: changelog will have to do I guess. My thought is to inform users of the risk _before_ it happens.
<rbasak> (as it might affect DB or platform choice)
<mdeslaur> rbasak: if we do have to drop the patches, we can add a notice to the USN text
<rbasak> That would certainly be useful.
<dannf> mdeslaur: i suspect a 2 *working day* delay would be enough
<mdeslaur> rbasak: ok, added to pad
<mdeslaur> dannf: ah, right, that's what I meant, I'll clarify
<mdeslaur> I'm satisfied, are you rbasak, dannf?
<dannf> +1
<rbasak> +1
<mdeslaur> awesome
<mdeslaur> I'll add the info to the bug
<jdstrand> I'm sorry I was in a meeting
<mdeslaur> dannf: is the mention of your commitment from oracle in the pad an issue?
<dannf> mdeslaur: let me confirm w/ my manager first, if that's ok - should be within this hour
<jdstrand> can someone tell me why the patches aren't upstreamable? certainly, upstream would want these to work well on those archs?
<jdstrand> (speaking of mysql)
<mdeslaur> dannf: yes, definitely
<rbasak> jdstrand: the patch author declines to sign Oracle's agreement.
<jdstrand> who is the patch author?
<dannf> jdstrand: mariadb devs
<jdstrand> meh
<mdeslaur> jdstrand: it's a licensing issue, but dannf's team does have a commitment from Oracle to fix the issue themselves
<jdstrand> is there an upstream bug with mysql so they can clean room patch it?
<jdstrand> ok
<mdeslaur> jdstrand: yes, there's a bug
<rbasak> http://bugs.mysql.com/bug.php?id=76135
<jdstrand> so this situation is 'temporary'
<dannf> jdstrand: yes, and they have engaged - but i don't know the status, we're asking today
<jdstrand> alright, whatever you've come up with between you and mdeslaur is fine with me
<mdeslaur> jdstrand: are you ok with what's in the pad?
<jdstrand> I just wasn't clear on that point
<jdstrand> can you paste the link?
<mdeslaur> jdstrand: http://pad.ubuntu.com/mysql-arm64-corruption-patch
<rbasak> http://pad.ubuntu.com/mysql-arm64-corruption-patch
<mdeslaur> http://pad.ubuntu.com/mysql-arm64-corruption-patch
 * jdstrand reads
<rbasak> Did you get that?
<rbasak> It's http://pad.ubuntu.com/mysql-arm64-corruption-patch :-P
<mdeslaur> hehe
<jdstrand> wait, what was the link?
<jdstrand> :P
<rbasak> jdstrand: http://pad.ubuntu.com/mysql-arm64-corruption-patch :-P
<mdeslaur> jdstrand: http://pad.ubuntu.com/mysql-arm64-corruption-patch
<jdstrand> ah, right. thanks! :)
<mdeslaur> hehe
<mdeslaur> nerd humour
<jdstrand> do we have an idea of when Oracle will fix it? eg, is there a reasonable expectation that it will be fixed for next quarter's update?
<jdstrand> I agree with the agreement :)
<jdstrand> please put it in the sru bug so they are aware too
<mdeslaur> jdstrand: yes, that is the intention, as soon as dannf's manager signs off on it
<jdstrand> great
<teward> rbasak: incoming PM, unrelated
<dannf> mdeslaur, rbasak, jdstrand : andrewc added some CYA text to the top, but otherwise approves. can we retroactively add this to the trusty release notes?
 * rbasak scrolls back to find the link
<rbasak> dannf: you might need to s/we/ with something to make it clear.
<rbasak> I don't know whether retroactively changing the release notes is a thing
<rbasak> There are point release release notes though
<rbasak> Maybe a question for the release team.
<dannf> ok
<rbasak> I think it does make sense to alert users to the issue through the release notes in principle
<dannf> so maybe just queue it up for the next point release if it hasn't been fixed properly by then
<rbasak> I'll ask in #ubuntu-release
<rbasak> jcastro: FYI https://lists.ubuntu.com/archives/technical-board/2015-July/002125.html thanks to teward
<jcastro> git comm\o/
<jcastro> whoops, I mean, yay! \o/
<teward> lol
<teward> jcastro: copy-paste fail? :P
<jcastro> indeed
<jcastro> more like window focus fail
<jcastro> we really need a focus-follows-eyes window manager
<teward> :P
<teward> or direct neural communication with systems
<teward> in any case this is up at the TB now, so we can only hope at this point :P
<rbasak> Don't worry, the TB are on our side. They want Ubuntu to continue to be awesome too :-)
<mdeslaur> dannf: cool, can I paste that into the SRU bug?
<dannf> mdeslaur: yeah
<mdeslaur> thanks dannf, rbasak!
<dannf> rbasak: btw, is there an existing PPA/group that makes sense for these pre-release builds, or should i just shove one under ~ce-hyperscale?
<rbasak> dannf: there's https://launchpad.net/~mysql-ubuntu
<rbasak> dannf: however that isn't Canonical only, so I don't think we can get a devirt PPA there.
<rbasak> I'm not sure of the current status of virt/scalingstack builders for arm64 and ppc64el. Might be worth enquiring.
<Stuxnet> Hi all, newbie here, simple question. I access my server via ssh. When I first started I did the manual username/password and I would always get the default MOTD. Now I login by key authentication and no more MOTD. I even went into sshd_config and changed PrintMOTD to 'yes'. It prints last login but not MOTD. What gives?
<Stuxnet> As a side note I've been doing key based login for a while now and I just happened to notice that I miss the motd.
<pmatulis> Stuxnet: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/543767
<ubottu> Launchpad bug 543767 in openssh (Ubuntu) "ssh logins doesn't show the MOTD when connecting with public key authorisation" [Low,Expired]
<Stuxnet> Oh okay well at least I know it's a bug. Why is it expired? Can it be reported again?
<Stuxnet> I'm reading...
<pmatulis> Stuxnet: just add a comment of your own. it doesn't seem right to me. i presume you are running 14.04?
<pmatulis> Stuxnet: as a workaround you can always call motd from your init shell files. the bug mentions how
<Stuxnet> Yes 14.04. I think I found the problem, about to test...
<Stuxnet> Okay so
<Stuxnet> I had to set UsePAM to yes in sshd_config and now it prints the motd
<Stuxnet> Apparently the motd is generated with PAM
<Stuxnet> These guys say that as long as challenge response authentication and password authentication are set to no and public key authentication is set to yes then it's fine
<Stuxnet> Thanks guys!
<pmatulis> Stuxnet: ok, i read it too quickly then
<slowe> I'm using an internal mirror of Ubuntu 14.04 (amd64 architecture only), and I'm finding that I have to run "dpkg --remove-architecture i386" in order for things to work on 64-bit installs of Trusty. Is this expected? If so, is there a setting/way to automate this?
<patdk-wk> yes
<patdk-wk> there are 32bit packages required for some things
<patdk-wk> so to mirror only the 64bit packages would cause an issue
<slowe> patdk-wk: Can you elaborate on the required 32-bit packages?
<patdk-wk> well, I have lots of 32bit that is required for my usage
<patdk-wk> due to using 32bit compiled software on my 64bit system
<slowe> patdk-wk: Let's assume that I'll only be using 64-bit software (these are stripped down server builds). Does that change the picture?
<slowe> patdk-wk: Or is that assumption flawed? In other words, is it not possible to use only 64-bit software/packages on a typical Ubuntu Server build?
<patdk-wk> you must have done something
<patdk-wk> my desktop machine and some of my servers have a mixture of 64 and 32bit installed
<patdk-wk> but my servers that I don't run outside binaries on, my pure basic ones true open source ones
<patdk-wk> are purely 64bit
<patdk-wk> dpkg --print-foreign-architectures
<patdk-wk> that command says i386 on my desktop
<patdk-wk> but normally nothing on my servers
<patdk-wk> meaning only 64bit packages are installed
<slowe> patdk-wk: When I run "dpkg --print-foreign-architectures" on the server(s), the result is empty (meaning only 64-bit packages are installed).
<patdk-wk> dpkg -l will also show you what packages are i386
<slowe> patdk-wk: However, when I try to use the amd64-only internal mirror, it will fail until I run "dpkg --remove-architecture i386". This is even though "dpkg --print-architecture" returns *only* "amd64".
<patdk-wk> are you sure that is right?
<patdk-wk> for me I get
<patdk-wk> dpkg --remove-architecture i386
<patdk-wk> dpkg: error: unknown option --remove-architecture
<teward> patdk-wk: it's in the manpage
<slowe> patdk-wk: This is 14.04.2
<patdk-wk> I was on 12.04 by accident :)
<slowe> patdk-wk: No worries :-)
<teward> patdk-wk: https://pbin.dark-net.net/view/raw/3d72be32 <--- just for the future :)
<patdk-wk> dpkg --remove-architecture i386
<patdk-wk> dpkg: warning: cannot remove non-foreign architecture 'i386'
<patdk-wk> that one is still running 14.04.0
<slowe> patdk-wk: That's what I just got, but I'd already run it once, so I'm guessing the command isn't idempotent and tries to do something again.
<patdk-wk> I should update it, it's just my source code repo, behind lots of firewalls :)
<patdk-wk> well,I have never run that command before
<patdk-wk> so by default atleast, i386 is not installed
<slowe> patdk-wk: In any case, do you know of any file/setting that is modified by that command that I could track? This would allow me to use Ansible to run that command and then track if the command has been run before.
<patdk-wk> you must have pulled something in, like say, java
<patdk-wk> I don't know
<slowe> patdk-wk: I'm using a plain jane Vagrant box I built myself using a standard Ubuntu Server 14.04 installation. I'll dig in a bit more---thanks for your help.
<patdk-wk> updated to 14.04.2, still no i386
<patdk-wk> 1190 packages installed
<patdk-wk> mine are build using the normal, minimal-install virtual machine option, from the iso's
<jrwren> slowe: you can answer this yourself by running strace and seeing which files dpkg --remove-architecture i386 removes.
<jrwren> slowe: I used to rm -f /etc/dpkg/dpkg.cfg.d/multiarch to do the same thing.
<slowe> jrwen: Thanks, I'll give strace a go. /etc/dpkg/dpkg.cfg.d/multiarch doesn't exist on these systems, though.
<jrwren> slowe: did you already run dpkg --remove-arch... on those systems?
<slowe> jrwen: Nope. This is on a fresh instance of a Ubuntu 14.04 Vagrant box, and "dpkg --print-foreign-architectures" does report "i386".
<jrwren> slowe: Ok, thanks.
<slowe> jrwen: However, I see a package called "multiarch-support"...going to try removing that to see if that does anything. (This is a Vagrant box, so no big deal if it blows up.)
<slowe> jrwren: That won't work. Wants to remove most of the packages on the system. :-)
<patdk-wk> how did you install?
<patdk-wk> minimal install? or just normal?
<patdk-wk> I can't think of anytime I have done a normal, non-minimal install
<slowe> Found it...dpkg architectures are stored in /var/lib/dpkg/arch, each architecture on a separate line.
<slowe> Removing "i386" from that line fixes the original issue AFAICT (internal amd64-only mirror works as expected with no errors). Now to automate this with Ansible...
<jrwren> slowe[away]: works for me. I do it very often.
<jrwren> slowe[away]: why the desire to remove foreign arch?
<tgeek> Anyone here ever seen /dev/sda as "hp ilo internal sd-card".  I can't get kickstart to install lvm correctly because it always wants to install it there even when I tell it to install it to /dev/sdb which is my hdd.
<bekks> Yes, almost every of our servers behaves like that.
<tgeek> what's your workaround?
<bekks> Either pull the sd card, or install to the /dev/cciss/ raid controller logical volumes you created before.
<tgeek> that's nto exactly what I wanted to hear, but I appreciate the help.  Looks like a trip to the datacenter tomorrow.
<bekks> I assume you have no raid controller then?
<tgeek> I'm not really sure how to point it to /dev/cciss/.  Should I define that in the kickstart file?
<tgeek> I'm doing a network install now without any automation.  In the beginning I did a rmmod usb_storage and when it came to the partition section, it didn't see it.  I'm going to try to incorporate that into the automated kickstart file.
<slowe> jrwren: Sorry, had to step out for a bit. Need to remove foreign arch because internal amd64-only mirror won't work otherwise (apt-get reports can't find binary-i386 packages).
<sarnold> slowe: did you try prefixing your apt entries with e.g. deb [arch=amd64] http://....  ?
<slowe> sarnold: In sources.list?
<sarnold> slowe: yeah
<sarnold> https://wiki.debian.org/Multiarch/HOWTO
<slowe> sarnold: No, hadn't tried that. Will give that a try! Is there a strong advantage one way or the other?
<bekks> tgeek: First, make sure you have the required hardware :)
<tgeek> I do
<bekks> Then remember to create a logical volume on your raid controller before installing an OS.
<bekks> Or automate it, using kickstart and an external script.
<sarnold> slowe: heh, no, this was the easier way I found for dealing with a similar problem
<slowe> sarnold: Fair enough :-)
<sarnold> slowe: though perhaps it's nice i fyou've got multiple deb sources, and one of them is e.g. amd64 only, but your system still needs the 32 bit stuff from other mirrors
<slowe> sarnold: Sure, that makes sense
<Luke> anyone know how to start a systemd user service as a non-root user?
<teward> anyone ever hear of a server randomly stop logging to syslog?
<teward> or dmesg
<ianorlin> teward: I have not
<teward> ianorlin: nor have I, it's new to me to see that
<teward> meh, not super important since all that's there is bind9
<patdk-lap> you can't stop logging to dmesg, that is just not possible
<patdk-lap> unlessthe kernel crashed
<patdk-lap> now not logging to syslog is simple
<patdk-lap> don't have syslog running, or have a read-only filesystem
<patdk-lap> or bad permissions, or
<sarnold> or a race condition between the log rotation and the logging system closing and opening the new file -- see if the logs are going to the .0 or .1 file instead
<patdk-lap> yes, but still the *dmesg* command should always work
<patdk-lap> dmesg log, totally different story
<sarnold> yeah, dmesg should always work, but the benefit there is only the kernel gets to write to it :)
<patdk-lap> yes
<teward> patdk-lap: no dmesg either, which is REALLY odd
<teward> and i rebooted the server just in case
<teward> so maybe it's a perms problem
<patdk-lap> the dmesg command?
<teward> no output
<teward> nor did /var/log/dmesg have anything
<teward> which was really od
<teward> odd*
<patdk-lap> well /var/log/dmesg would be expected
<patdk-lap> if syslog isn't working
<teward> would the `dmesg` command still output?
<patdk-lap> it should
<teward> and if it doesn't
<patdk-lap> unless something like /dev was messed up
<teward> should i drop a nuke on the server?
<patdk-lap> or apparmor gone nuts
<teward> wouldn't put it past this VPS image
<teward> but it was doing those before
<patdk-lap> it's a vps?
<teward> openvz but yes
<patdk-lap> oh probably shouldn't work then
<teward> heh
<teward> i know syslog was working though
<teward> because bind9 would report there
<patdk-lap> ya, that is different and *probably* easy to fix
<patdk-lap> openvz I haven't used for a long time
<patdk-lap> but it likely doesn't allow dmesg usage, cause you don't own the kernel
<patdk-lap> the provider does
<teward> mhm
<teward> i'm not horribly worried about it, i could tell bind9 to log to a file instead of syslog but i'm lazy
<patdk-lap> I could be wrong, never used openvz much, but it does block lots of kernel things
<sarnold> openvz may force kernel.dmesg_restrict=1 in their containers..
<teward> sarnold: quite possible.  i'm looking to put bind9 to a file rather than syslog where i can, now, since that's really the only log I care about
#ubuntu-server 2015-07-17
<neonixcoder> Hi team,
<neonixcoder> I am upgrading from 10.04 to 12.04.. but middle of installation after kernel upgrade, my system is rebooting with out any warning.. And once its boots I am getting kernel panic..
<neonixcoder> This is happening on already existing system. I tried on a new machine with same set of hardware and configs. At this time, the upgrade went smoothly.
<neonixcoder> Any suggestion where should I check so that it will not reboot after kernel upgrade?
<sarnold> neonixcoder: were you able to capture any kernel messages?
<neonixcoder> yes sarnold..
<neonixcoder> one min, let me write it down here..
<sarnold> neonixcoder: can you pastebin them somehwere?
<neonixcoder> sure..
<neonixcoder> my bad..
<neonixcoder> will do that
<neonixcoder> Its a single line "kernel panic-not syncing: VFS: unable to mount root fs on unknown block(0,0)"
<neonixcoder> sarnold: I want to avoid it instead of correct it. Right now I am testing it in  lab.
<neonixcoder> so in production, upgrade should go smooth
<sarnold> neonixcoder: hmm, do you need any 'funny' modules to mount your root filesystem on your hardware?
<neonixcoder> sarnold: I did not get you..
<patdk-lap> do you have some kind of raid card, flash thing
<patdk-lap> using something other than onboard sata ports
<neonixcoder> pdtdk-lap:No such cards, but I install it on a small cf card
<neonixcoder> which is 2gb
<sarnold> hmm, reminds me of my pandaboard es; after roughly a year it started crashing under heavy io load and then eventually started crashing rouhgly once a day..
<sarnold> replacing the sd card was sufficient to fix it
<sarnold> neonixcoder: can you try something like badblocks on the card on a different system?
<neonixcoder> sarnold:the funny part is.. I am able to upgrade on the same machine with same CF card which is a fresh install from 10.04 to 12.04
<neonixcoder> sarnold:So I thought some where there could be a setting my old image where it reboots once kernel is update(I guess)
<sarnold> neonixcoder: none that I can recall :/
<neonixcoder> sarnold:hmm yes.. bit strange.. I will try to check if old image and fresh install have same settings in /etc/apt folder
<thomedy> okay.. sudo apt-get install php5-fpm is not processing the triggeres
<thomedy> i can man it but i cant finish the apt-get
<neonixcoder> sarnold: I just wondering how frequent linux write data to disk?
<sarnold> neonixcoder: that's quite complicated :) it'll write immediately when programs issue fsync or fdatasync calls; apt/dpkg do this extensively
<neonixcoder> immediately means less then a second?
<neonixcoder> bcz I just want to check logs which are written when upgrading my OS which is resulting me in kernel panic..
<sarnold> yeah; it'l suspend the program execution until the writes have finished
<sarnold> neonixcoder: the fatrace program can do that
<sarnold> for an upgrade it'll be an amazing amount of output..
<neonixcoder> let me check that..
<murcha> when i run cron to mv files to mounted backup partition i get error: sudo: no tty present and no askpass program specified
<sarnold> why are you tryiung to use sudo in cron? that won't go..
<murcha> sarnold: thanks, i  tried to mv files to backup partition but it required authentication.
<fcefan> murcha: See first fix here https://www.shell-tips.com/2014/09/08/sudo-sorry-you-must-have-a-tty-to-run-sudo/
<murcha> fcefan: thanks
<DenBeiren> hi all,.. i'm trying to set up an rsync, but the transferspeed is way too slow
<DenBeiren> i'm getting 10MB between 2 dualGB nic machines
<DenBeiren> configged with LAG on the GB switch
<DenBeiren> the copy is local, so encryption is not really needed
<DenBeiren> any ideas?
<lordievader> Good morning.
<DenBeiren> hey lordie
<lordievader> Hey DenBeiren, how are you?
<DenBeiren> gd gd
<DenBeiren> maybe you can help out with my "issue" here above?
<lordievader> Is that ram -> ram?
<DenBeiren> ?
<lordievader> !pm | DenBeiren
<ubottu> DenBeiren: Please ask your questions in the channel so that other people can help you, benefit from your questions and answers, and ensure that you're not getting bad advice.
<DenBeiren> i don't know if everybody is going to benefit from dutch ;-)
<lordievader> Ask the question in english.
<DenBeiren> i did :-)
<DenBeiren> just before you entered ;-)
<lordievader> DenBeiren: Yes, and I asked: Is that ram -> ram?
<DenBeiren> it's a synonogy share => a temp ubuntu share (to reconfig the syno)
<lordievader> What I am trying to rule out is external factors like disks.
<DenBeiren> when copying from a windows client to the temp samba i get 66 - 80 MB
<DenBeiren> the disks in the syno are brandnew
<murcha> is there any service to restart to effect changes in visudo
<lordievader> DenBeiren: Do you have root access or ssh access on the synology?
<DenBeiren> yes, the rsync is running,.. only it's capping @ 10/11 MB
<DenBeiren> evy now and again i see it peaking to 24 - 66 - 30
<DenBeiren> but stabilizing @ 10
<DenBeiren> command used is the following:
<lordievader> I'll take that as a yes I have ssh access. Run a dd over ssh towards the synology's /dev/null
<DenBeiren> sudo rsync -avhzP admin@192.168.6.9:/volume1/Data /samba/allaccess/
<lordievader> murcha: The sudoers file is read everytime when sudo is run, for as far as I know.
<DenBeiren> lordievader: just got a call,.. need to go,.. get back to this later,.. TIA
<murcha> lordievader: when i change settings in visudo to allow a user and a script to run w/o sudo from cron, i get the same permission denied error
<lordievader> Without sudo?
<lordievader> You mean you allow it without a password? You still need sudo though.
<murcha> yes when i run a script from cron automatically i get this error: sudo: no tty present and no askpass program specified
<lordievader> Could you pastebin your sudoers file?
<murcha> sure
<murcha> lordievader: here is the configuration: http://pastebin.com/0BPJ0xrC
<lordievader> It's about the classi-backup script?
<murcha> lordievader: yes
<jerto> Murcha, are you trying to invoke sudo in a cron ?
<lordievader> murcha: As what user are you invoking the script?
<murcha> jerto: i want to run automatically the script through cron....but i get permission denied error
<murcha> lordievader: office
<lordievader> Why not as root?
<lordievader> I suppose that the user office is in the group office?
<murcha> yes
<murcha> lordievader: i tried root user, again i get permisison denied error
<lordievader> Now that is interesting. Do you get the same when you run the script as root?
<murcha> lordievader: no not at all, only i get when i try the script from cron. from terminal it is all ok.
<lordievader> Hmm, would it be environment variables. Could you pastebin the script?
<murcha> lordievader: here is the script a simple mv: http://pastebin.com/ShAdLwhi
<lordievader> You are not specifiying an interpreter?
<murcha> lordievader: oh it is here at the top #!/bin/bash
<lordievader> Ah, ok. Does it have execute permissions?
<murcha> lordievader: yes 777
<lordievader> Hmm, odd.
<lordievader> Do you have another user in the group office?
<murcha> lordievader: i should check
<murcha> lordievader: yea there is www-data
<lordievader> Can that user run the script correctly?
<murcha> no it does not run the script
<murcha> lordievader: ^
<lordievader> Does not run the script, how?
<murcha> i tried to run the script after login www-data user, but i get not found error
<lordievader> The path to the script is correct? Or is mv saying that.
<murcha> lordievader: the path is correct
<murcha> lordievader: i tried to run the script like sudo bash path/to/script it is running fine
<murcha> ^ from www-data user
<lordievader> Okay, so that works...
<murcha> lordievader: thanks! finally worked after creating the script under root user.
<lordievader> Still odd...
<lordievader> But okay, glad it works :)
<murcha> :)
<_ruben> is there a way to have grub operational through both console and serial?
<jamespage> mfisch, hey - so https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1470120 covers the 2.3.2 update for ovs
<ubottu> Launchpad bug 1470120 in openvswitch (Ubuntu Vivid) "[SRU] openvswitch 2.3.2" [Medium,In progress]
<jamespage> took me a while to get it into wily due to some changes in behaviour in our testing; just working the SRU cogs now
<jamespage> med_, ^^
<med_> mornign
<med_> thanks jamespage
<jamespage> med_, np - sorry for the lag
<Kully3xf> how much ram does tar use
<Kully3xf> is it more cpu or ram
<Kully3xf> can I throttle it's ram usage?
<patdk-wk> can't imagine it uses either
<patdk-wk> unless you enable some kind of compression option
<Kully3xf> tar -zxcf so gunzip
<Kully3xf> -zcvf
<Kully3xf> friday
<Kully3xf> in case anyone was wondering it is very low memory and cpu intesive.
<pmatulis> use a monitoring utility to answer your question
<pmatulis> Kully3xf: â
<Kully3xf> I figured it out - am not looking to figure it out on the fly, wanted to know before I ran the command
<Kully3xf> in case anyone wants to know it's cpu instensive and no ram
<dannf> rbasak, mdeslaur : fyi, arges is approving the msyql updates now
<teward> with regards to Apache server, when I configure SSL, does the certificate file need to contain the entire chain or just the site's certificate?  And is there a way to serve the CA chain (intermediate cert, root CA cert) without putting it in the main certificate file?
<teward> probably a better question: whatever I put in SSLCertificateFile, does that need the entire CA trust chain if I also provide SSLCertificateChainFile in the configuration for a vhost?
<rbasak> IIRC it is the entire trust chain.
<rbasak> I don't know if there's an alternate way to configure it.
<rbasak> No idea about SSLCertificateChainFile
<rbasak> Use "openssl s_client" with -verify and experiment ;)
<teward> well i think http://serverfault.com/questions/382633/difference-between-sslcertificatefile-and-sslcertificatechainfile answered it
<teward> that'll be the first test
<TJ-> teward: This is how I configure domains, using symlinks to virtual-host home directories in order to make switching keys+certs not require any changes to the apache config.  https://iam.tj/projects/misc/apache-ssl-config.txt
<teward> TJ-: erm... that's not what i was after, but OK
<teward> i needed to know what specifically was in the CertificateFile file
<teward> I.E.
<teward> does it need just the site cert or the entire chain
<teward> and i got that answer
<teward> in that server there's only one site anyways, so changing the config wouldn't affect others.
<TJ-> teward: I thought the example specifies that. The SSLCertificateFile contains *just* the site's certificate, any intermediate Certificates are in the SSLCertificateChainFile, and the root CA can be in that file, or in the usual /etc/ssl/certs/
<teward> i couldn't glean that from your example, sorry.
<teward> (I'm tired :/)
<TJ-> teward:  Hmmm, maybe I'm too familiar with it.  "ssl/certs/iam.tj.pem -> iam.tj.Wosign.solo.2018-06-29.pem"  "solo" is a bare cert with no supporting intermediates
<teward> ahh, OK.
<teward> TJ-: i come from nginx, not apache, and workplace uses apache on some things :/
<teward> kinda inherited things on some of these services >.<
<TJ-> teward: I used to have the 'chain' in the domain's /home/ but that was silly since many domains may use the same CA, so the intermediates are now always in  "/etc/ssl/certs/<CA-name>-chain.pem" which is referenced from the SSLCertificateChainFile
<TJ-> teward: The remainder of the layout is so I can easily replace certs/keys without making changes to the server config, so it's a non-root operation
<IamEld3st> im installing ubuntu 14.04.2 server distribution but i cant get past the iscsi part i dont understand it i have unallocated disk in system and cant select it?
<IamEld3st> i found out that i shoud disable raid setting in bios
<patdk-lap> what does raid setting have to do with iscsi?
<IamEld3st> i dont know i just cant get thour the installation i have one sata drive and while instaling configure iscsi voluems and i cant get past it
<IamEld3st> i never seen it before
<patdk-lap> well, a sata disk isn't iscsi
<patdk-lap> so going into iscsi isn't going to help
<IamEld3st> i know
<patdk-lap> what options are on your bios?
<patdk-lap> first one you should pick is AHCI
<patdk-lap> if there is no option, then select RAID
<IamEld3st> ok it was set to ide
<IamEld3st> should i save it and try it?
<patdk-lap> you can attempt ide also
<patdk-lap> but I wouldn't want to use it, unless you have to
<IamEld3st> ide went to that iscsi thing
<IamEld3st> ok i will try to install it
<patdk-lap> how?
<patdk-lap> it can't see your disk
<IamEld3st> yeah but in bios it shows up
<patdk-lap> so?
<patdk-lap> set it back to AHCI or RAID
<IamEld3st> ok
<patdk-lap> and figure out why ubuntu can't see it
<patdk-lap> something is wrong
<IamEld3st> i booted ubuntu desktop and it sees it...
<IamEld3st> in live distro
<IamEld3st> ok it went good thanks alot man
#ubuntu-server 2015-07-18
<lordievader> Good morning.
 * CiPi wtf, i was disconnected
<Lartza> CiPi, Are you pasting some huge wall of text to some channel?
<CiPi> Nehhh
<CiPi> I did /list
<CiPi> Got excess flood?
<Lartza> Maybe don't do /list then
<Lartza> :P
<lordievader> Hehe, from the irssi help page: Trying to list all the channel names usually causes you to be disconnected from the server with the reason "Excess flood", as usually all 40000 channels form together and server naively attempts to send you them.
 * CiPi https://www.youtube.com/watch?v=lUF6klWuB38
<mojtaba1> Does anybody know how can I print specific emails from command line? (and also check for new emails all the time?) basically I have a gmail account and I want to be able to print automatically all receiving emails with specific subject.
<mojtaba1> Does anybody know how can I print specific emails from command line? (and also check for new emails all the time?) basically I have a gmail account and I want to be able to print automatically all receiving emails with specific subject.
<bekks> You could setup a satellite SMTP server, receive your email, and use procmail.
<Stuxweb> Hi all newbie here. So I have vsftpd set up on my server to allow SFTP login which is working great. I also wanted to enable FTPS for other reasons (optional for my purposes though.)
<Stuxweb> Anyway, while trying to connect via FTPS I get an error: GnuTLS error -15: An unexpected TLS packet was received.
<Stuxweb> I only found one solution which was to revert back to an old version of vsftpd and I think that's not acceptable
<Stuxweb> Apparently it was documented as a bug in File Zilla which is the client I'm using but the page for the bug is here https://trac.filezilla-project.org/ticket/8313 which is way out dated.
<Stuxweb> Does anybody have any experience with this problem? It seemed to be pretty well known. I just couldn't find the solution.
<Stuxweb> Apparently they rejected the bug claiming it was a server problem.
<patdk-lap> are you using nat in there anywhere?
<Stuxweb> Okay this is the latest bug report on it https://trac.filezilla-project.org/ticket/10207
<patdk-lap> ftps does NOT work with nat, won't ever, and is impossible
<Stuxweb> no I don't think so
<patdk-lap> no private ips on either side? only public?
<patdk-lap> without any firewalls
<patdk-lap> guess firewall would be ok if running in pasv mode
<Stuxweb> Forgive me I am very ignorant when it comes to networking but
<Stuxweb> the server is behind a router
<patdk-lap> what is the ip addresses on both machines?
<Stuxweb> the server's ufw is set to enable ftps and sftp
<patdk-lap> how can it enable ftps?
<patdk-lap> ftps uses all kinds of random ports
<patdk-lap> unless you configure those ports in your ftps server and in the firewall manually
<Stuxweb> Well I did sudo ufw allow ftps, sudo ufw allow sftp
<Stuxweb> and it accepted the rules..
<patdk-lap> yes, it will accept the primary port
<patdk-lap> but not the data ports
<Stuxweb> ah
<patdk-lap> but that only is needed when doing a file transfer to directory listing
<patdk-lap> or
<patdk-lap> basically, ftps is impossible
<patdk-lap> due to the limitations of it living in the 70/80's
<Stuxweb> Well the ubuntu server documentation only mentioned that in order to enable ftps simply add one line in the my ftps daemon config file enabling SSL
<Stuxweb> and said nothing more at all about it lol
<Stuxweb> ok
<patdk-lap> yes, if you are running in active mode
<patdk-lap> but active mode won't work with any client side firewalls
<patdk-lap> or nat's
<Stuxweb> oh ok
<patdk-lap> so ftps is unusable to use basically outside a local network
<Stuxweb> Gotcha. I did not know that
<patdk-lap> well, your firewall has to do a lot of stuff to *fix* ftp
<Stuxweb> That would probably be the problem.
<patdk-lap> ftps blocks that cause it's encrypted
<patdk-lap> no fix, no work, unless you do it all manually
<Stuxweb> Okay. that makes sense because I am currently at work on a laptop on a secured wireless network.
<patdk-lap> and manually is normally way over peoples head
<Stuxweb> So to allow external secured FTP for users I should just allow a user to SFTP and maybe disable shell access?
<patdk-lap> yes
<patdk-lap> well
<patdk-lap> depends
<patdk-lap> the best way is normally use a ftp server that does sftp, put it on port 22
<patdk-lap> then move ssh to a different port
<patdk-lap> you could go with real users, with only sftp access, and chroot them
<Stuxweb> Okay well I do my SSH on a different port anyway
<patdk-lap> but I really don't like openssh's way to do that, it's rather annoying
<Stuxweb> heh
<patdk-lap> or do what I did
<patdk-lap> and completely wrap the hell around sftp with apparmor
<Stuxweb> ah
<patdk-lap> would still be a good idea for whatever ftp server you use
<patdk-lap> but can be alittle annoying to get it nice and tight
<Stuxweb> So that basically controls what files users have access to right?
<patdk-lap> I wonder if any of the ftp server support apparmour profile changes
<patdk-lap> more than that
<patdk-lap> it controls everything, files, directorys, read, write, execute, socket, ...
<Stuxweb> Cool
<patdk-lap> so just incase they *break* out of the sftp program, they can't really go anywhere
<patdk-lap> or if chroot is broken, can't see anything
<Stuxweb> Gotcha
<Stuxweb> Well that definitely answers my question, thanks man.
<Kully3xf> hey all - how can I connect to my file server connected to router
<Kully3xf> tried mounting direct over smb but it fails out each time
#ubuntu-server 2015-07-19
<lordievader> Good morning.
<AppAraat> hi, has anyone configured an Ubuntu printserver on a samba share here? I'm wondering what difficulties did you face. Has having a multi-version windows environment been problematic?
<lordievader> AppAraat: For me it was a Debian print server. I could simply add the printer in the cups admin panel.
<AppAraat> I found that AppArmor complained when I tried to print a test page. I'm researching that at the moment.
<lordievader> Ah, Debian doens't have AppArmor.
<Abhijit> i was following this guide and created the myproject in /etc/init but sudo start myproject gives start command not found ls /etc/init shows myproject is there
<Abhijit> https://www.digitalocean.com/community/tutorials/how-to-serve-flask-applications-with-uwsgi-and-nginx-on-ubuntu-14-04
<Abhijit>  iam using 15.04
<lordievader> Abhijit: 15.04 uses systemd, not upstart.
<Abhijit> ok.
<Abhijit> so everything changes then?
<lordievader> Yes, systemd is a completely different init system from upstart.
<lordievader> Abhijit: https://wiki.ubuntu.com/SystemdForUpstartUsers
<Abhijit> ok
<bayoumi> Hi, ubuntu touch device list? Where to find?
<bayoumi> nevermind :) found it..
<YamakasY> hi guys, this is not working in my mirror.list trusty main main/installer-amd64 what do I need to set to download the installer-amd64 folder ?
<AppAraat> so suppose I encrypted the /home dir. How do I "unencrypt" that. Can I simply copy the contents to a new partition, wipe the old and modify fstab to reflect it?
<AppAraat> running 14.04
<lordievader> Perry much, yes.
<sysop2> hi
<sysop2> my ubuntu server box is losing the contents of resolv.conf every now and then and I have to run dhclient again to get the name resolution working agian.
<sysop2> any ideas? I have a cronjob that runs every minute and runs dhclient if the resolv.conf is empty. but that is just a work around I  really need to figure why its happenening.
<bekks> Do you use network-manager?
<sysop2> I dont see it in the process list or in init.d so I would say no.
<sysop2> I that was more on desktop boxes?
<sysop2> not servers.
<YamakasY> oh hence which Percona packages do we want to install on Ubuntu these days ? man they all seem to be the same
<histo> huh?
<histo> !info percona
<ubottu> Package percona does not exist in vivid
<ianorlin> histo: that package name is not just percona but has things after like if you run apt-cache search percona there are several
<histo> !find percona
<ubottu> Found: percona-galera-3, percona-galera-3-dbg, percona-galera-arbitrator-3, percona-galera-arbitrator-3-dbg, percona-server-5.6-dbg, percona-server-server, percona-server-server-5.6, percona-server-source-5.6, percona-server-test, percona-server-test-5.6 (and 8 others) http://packages.ubuntu.com/search?keywords=percona&searchon=names&suite=vivid&section=all
<sysop2> hmm my ubuntu server box seems to be losing the name servers every 10-13 minutes.  but nothing longer than 13 minutes.
<sysop2> ok I setup the cronjob to write to a log  the date/time right after it runs dhclient. I also setup auditd to monitor the resolv.conf file(the real one)  and this is what I got.  http://pastebin.com/DVRJu7Kq
<sysop2> it doesnt make much sense to me. its not a cmd that is calling it, its a syscall, but would the system blank out the dns servers ever 10-13 minutes?
<sysop2> why would I meant.
<sysop2> every
#ubuntu-server 2016-07-18
<sky> anyone worked with uwsgi on 16.04?
<Gorian> I tried to use it, got a segfault, and switched back to apache since I couldn't find anything on how to fix it
<jamespage> ddellav, coreycb: backporting pyopenssl to UCA - needed for compat with pycrypto - I think its the cause of the master branch build failures for xenial across the board today.
<jancoow> Hi there
<jancoow> I  was uprading my serve 14.04 server to the newest version xeneos
<jancoow> unfortinally the installation process got stuck
<ddellav> jamespage ok, good news. I was fixing up CI and wondering why I couldn't get any packages to build. I was getting some very strange build-dep issues
<coreycb> jamespage, ok thanks
<ddellav> coreycb jamespage unable to build barbican in xenial-newton. It needs pykmip 0.5 but it's not in uca/newton-staging so sbuild can only find the xenial version, 0.4
<coreycb> ddellav, ok it's in yakkety but needs to get backported
<ddellav> coreycb right. I'm using sbuild-newton so it adds the newton-staging ppa to the xenial build
<coreycb> ddellav, ok I kicked off a backport for that
<coreycb> ddellav, ok that looks like it's backporting successful, you should see it building now in the staging ppa
<ddellav> coreycb fantastic thanks
<rbasak> cpaelzer: I'm a little confused by your yakkety debdiff in bug 1590688. What's this a diff against?
<ubottu> bug 1590688 in clamav (Ubuntu) "clamav-daemon doesn't start after installation" [High,Confirmed] https://launchpad.net/bugs/1590688
<cpaelzer> rbasak: well it should be against clamav as in yakkety - let me check
<cpaelzer> rbasak: I see the orig files from my moving that form the Xenial code/test area into yakkety - let me refresh that for you
<cpaelzer> rbasak: was anything else on top of that?
<cpaelzer> rbasak: I cleaned that up, the file sizes should have made me wonder
<cpaelzer> rbasak: thanks for letting me know
<cpaelzer> rbasak: new files should be good now
<ddellav> coreycb aodh point release ready for review: lp:~ddellav/ubuntu/+source/aodh
<coreycb> ddellav, ok
<rbasak> cpaelzer: thanks
<rbasak> cpaelzer: the clamav debdiff looks good, thanks. Would you like me to upload both Yakkety and Xenial or just Yakkety and wait for your instructions to upload Xenial?
<rbasak> cpaelzer: I can give you the signed files actually, to upload when you're ready.
<cpaelzer> rbasak: while I trust myself in this case I'd still like to have the extra safety to test once more whatr appears in yakkety archive
<cpaelzer> rbasak: so yes uploading yakkety and providing a signed xenial file would be perfect
<cpaelzer> rbasak: once I tested yakkety I could dput that myself then
<rbasak> OK, I appreciate your caution.
<aderyugin> hi there! I have a question regarding cloud-archive. There's a murano-agent packaged for newton, but no murano itself. Is there any estimates on murano packaging for newton?
<aderyugin> coreycb, jamespage ^^
<coreycb> aderyugin, hi, we're working on it.  some packages aren't backporting cleanly so we need to work through them.
<aderyugin> coreycb: ok, thanks
<coreycb> ddellav, aodh 2.0.2 is pushed/uploaded. thanks.
<ddellav> coreycb ack
<noonien> hello folks
<noonien> does xenial core not come with snappy installed?
<rsalveti> cpaelzer: hey, are you going to import dpdk rc2 and rc3 as well?
<rsalveti> wanted to started testing that more, but wanted to make sure I'm using the latest :-)
<sarnold> noonien: I'm not sure what "xenial core" is, but snappy ought to be pre-installed on most xenial systems
<noonien> the xenial ubuntu-core root found at http://cdimage.ubuntu.com/ubuntu-core/xenial/daily-preinstalled/current/
<noonien> snappy appears to be installed
<noonien> however, if I chroot in, and run `snap list`
<noonien> I get the following error: error: cannot list snaps: cannot communicate with server: Get http://localhost/v2/snaps: dial unix /run/snapd.socket: connect: no such file or directory
<sarnold> did you start the snappy daemon in the chroot first?
<noonien> how would I do that?
<sarnold> I'm not sure that's going to work anyway, but if you didn't start the daemon then there's nothing for the client to talk with
<noonien> root@kaneki:/# systemctl start snapd
<noonien> Running in chroot, ignoring request.
<noonien> I figured that much :(, however, I can't seem to be able to start the daemon
<sarnold> I don't think snappy works in an lxd container yet, and if systemd won't start it in a chroot, that may mean your only option is to try it in a VM or on native hardware
<noonien> well, I'm trying to create a bootable pxe image, and I need to install the packages I need before creating initrd
<ddellav> coreycb ci fixes for lp:~ddellav/ubuntu/+source/barbican and lp:~ddellav/ubuntu/+source/ceilometer ready for review/push
<coreycb> ddellav, pushed, thanks
<coreycb> ddellav, did you start on ironic for newton ci?
<ddellav> yes, but it's broken due to a new dependency version requirement
<coreycb> looks like we need ironic-lib 2.0.0
<ddellav> python-ironic-lib (>= 2.0.0)
<coreycb> ok I'll do that
<coreycb> ddellav, ok 2.0.0 should publish to yakkety-proposed shortly: https://launchpad.net/ubuntu/+source/python-ironic-lib
<coreycb> ddellav, want to backport that to xenial after it's in yakkety-proposed?
<coreycb> ddellav, looks like we need a new stevedore for keystone.  I'll get that.
<ddellav> coreycb ok, thanks, i was going to work on that after i get done showing carlos the ci process :)
<coreycb> ddellav, np I'll get this one
<coreycb> ddellav, ok stevedore 1.16.0 is uploaded
<coreycb> ddellav, want to backpor that shortly once it's available in yakkety-proposed?
<ddellav> coreycb sure
<coreycb> ddellav, did you start on the mitaka cinder failure?
<ddellav> coreycb no, not yet
<coreycb> ddellav, ok I'll get that
<Guest_87473> Allah is doing
<Guest_87473> sun is not doing Allah is doing
<OerHeks> sun is bought by oracle.
<Guest_87473> moon is not doing Allah is doing
<rattking> is allah doing Linux too?
<Sling> not this again
<OerHeks> !religion
<ubottu> Some topics are controversial and often end in negativity. Take care on subjects like war, race, religion, politics, gender, sexuality, drugs, potentially illegal activities and suicide. The topics are not banned; stating your position is ok, but trolling, baiting, hostility or repetition are not. If you are asked to stop, do so politely. Disputes to !appeals, please adhere to !freenode Policy and the !CodeOfConduct
<Sling> OerHeks: this is just a spamme
<Sling> +r
<Sling> has been going on in freenode channels all over this week :)
<nRy2> hi, I hope that someone can help me with something beginner level but it is very annoying to me...
<nRy2> I am simply trying to find an easier way to manage files on my ec2 Ubuntu 14.04 web server
<nRy2> What is the best method for moving files back and forth from my local system to the remote ubuntu web server?
<nRy2> I can't seem to get the permissions to work with Filezilla
<nRy2> and I am also having problems with SCP
<nRy2> help is much appreciated, thanks in advance ;-)
<sarnold> many options; rsync, sftp, scp, sshfs, mounting NFS mounts over a VPN, submitting files to s3 and then pulling them back down from s3...
<sarnold> oh yes, maybe git, if that's a good match for the files..
<nRy2> what would you say is the easiest method?
<sarnold> it depends what you're doing. If you're moving one file around on occasion, scp is great
<nRy2> I would prefer to use sftp, but it seems that my web server is setup to deny permissions that way
<sarnold> if you've got a directory of files locally that you'd like to get replicated onthe remote server, rsync is great
<sarnold> if you've got changes coming from either direction and you'd like to merge them back and forth, git is great
<nRy2> well for right now SCP might be best
<nRy2> I am just trying to move two files for my updated SSL certificate
<nRy2> but I am having all sorts of trouble.
<sarnold> are you perhaps trying to do something like scp filename hostname:/etc/ssl/private/  ?
<sarnold> .. and I assume that your user account on the remote system won't have permission to write to /etc/ssl/private
<nRy2> this is the string I tried using
<nRy2> scp -i ~/name.pem ~/home/user/Documents/Security/SSL/server.crt ubuntu@ipaddress:~/etc/apache2/ssl/
<nRy2> and I am doing this from a cleared command terminal
<nRy2> on Ubuntu 16.04 LST desktop
<nRy2> the server is Ubuntu Server 14.04 LTS
<nRy2> my local system is Ubuntu Desktop 16.04 LTS  is what I meant to say
<sarnold> I suspect ~/etc/apache2/ssl/ is a mistake -- unless the ubuntu user account really has a directory etc/apache2/ssl/ in its home directory :)
<sarnold> probably the ubuntu user account can't write to /etc/apache2/ssl/ anyway, so just removing the ~ won't fix it
<sarnold> so scp the file to the ubuntu user account directory and then login and move it to /etc/apache2/ssl/ by hand
<nRy2> the directory on the server that I am trying to upload to the two SSL files to is: /etc/apache2/ssl/
<nRy2> I think this is pretty standard on Ubuntu Server 14.04
<nRy2> this is also what it shows here: https://www.domainsatretail.com/blog/security/simplest-way-use-ssl-certificates-amazon-ec2-ubuntu-server/
<nRy2> sarnold: how would I login and move the file by hand as you suggested?
<nRy2> do you mean login via SSH?
<patdk-lap> or any other method
<patdk-lap> nx
<sarnold> nRy2: ssh -i ~/name.pem ubuntu@ipaddress   -- then run "sudo mv foo.crt bar.key /etc/apache2/ssl/"
<patdk-lap> x11
<patdk-lap> ...
<sarnold> patdk-lap: :P
<patdk-lap> vnc :)
<patdk-lap> telnet people still use it?
<patdk-lap> rsh?
<sarnold> nRy2: you'll probably want to configure your ~/.ssh/config to save you from typing -i .. and ubuntu@  all the time :)
<sarnold> patdk-lap: ooh ooh mosh  :)
<nRy2> you guys lost me
<nRy2> sorry trying to keep up
<nRy2> sarnold: so you are suggesting that I first copy the SSL files to my web server's home directory...and then move them via the mv command?
<nRy2> sarnold: also how do I configure my ~/.ssh/config ?
<nRy2> btw: thank you for the help
<sarnold> nRy2: a small nitpick; your web server is apache and its home directory is probably /var/htdocs/ or /var/www/ or something similar :)  you want to copy the files to your user account's home directory on the remote system
<nRy2> Google was giving me a lot of misinformation I think.
<nRy2> yes /var/www/
<sarnold> nRy2: for your ~/.ssh/config file you'd want to use a block sort of like this: http://paste.ubuntu.com/19970970/
<nRy2> what would I do with that block?
<sarnold> nRy2: you'd configure it for your system -- put in your aws IP address and put in the path to your private key
<nRy2> I will need to try to figure that out after
<sarnold> makes sense
<nRy2> for now, I am a bit lost on how to properly use SCP
<sarnold> I think you'll be happier once you do sort it out :)
<nRy2> should I first be SSH'ed into the ec2 instance before using SCP?
<sarnold> it won't help or hurt
<nRy2> ok so what is the proper strong to copy a file from local to host with SCP?
<nRy2> if I am logged in?
<sarnold> on your local system, probably something like "scp -i ~/.path/to/key ./filename ubuntu@ipa.add.ress:"
<nRy2> hmmm still not working
<nRy2> I must be doing something wrong here.
<nRy2> I have used SCP in the past, but for some reason I have all sorts of trouble using it with this web server
<nRy2> I only started to work from Ubuntu Desktop full time about a year ago.
<nRy2> so the process must have been different from putty
<nRy2> when I try something like: scp -i ~/home/user1/Documents/Security/pems/name.pem ~/home/user/Documents/Security/SSL/server.crt ubuntu@ipaddress:~/etc/apache2/ssl/
<nRy2> I am getting an error
<nRy2> saying:
<nRy2> .pem not accessible: No such file or directory.
<nRy2> Permission denied (publickey).
<nRy2> lost connection
<nRy2> shouldn't the syntax just be:
<nRy2> scp ~/my_local_file.txt user@remote_host.com:/some/remote/directory
<nRy2> ?
<vacho> hello all, I am running a LAMP server on Ubuntu 16.04. I was wondering if there is anyone here that is willing to share their deployment script. I am trying to learn the best way to deploy a LAMP server.
#ubuntu-server 2016-07-19
<nRy2> is there a secure method that I can use to give "ubuntu" user permission to upload files through FileZilla on my Ec2 Ubuntu 14.04LTS instance?
<nRy2> I am using Ubuntu Desktop 16.04 LTS
<nRy2> but when I try to upload a file to any location on ec2 ubuntu server, it gives "permission denied"
<nacc> vacho: isn't there a lamp-server packageset? (`apt-get install lamp-server^`)
<nacc> nRy2: how are you uploading?
<vacho> nacc: there is... I wan't to see how others are dealing with user creation, permissions, app paths, etc..
<vacho> nacc: and how they are configurating the VHOSTS
<nacc> vacho: i see; it tends to be the case that everyone thinks their way is the "best" way -- so I'm not sure it's a very fruitful path to go down :)
<vacho> nacc: I just want to learn
<nacc> vacho: ime, this channel is more about support for server issues; i think there are several tutorials you'll find that will give examples of installing & configuring LAMP servers on Ubuntu (which is what I think you mean by deployment). I think there's even an official help.ubuntu.com page
<nRy2> ah, I finally managed to get my SSL files moved over to the ubuntu ec2 server.
<nRy2> now I think all that is left is to configure the VirtualHost file
<nRy2> could someone please tell me how I might do that?
<nRy2> it seems that namecheap does not really provide good instructions on this step.
<Impaloo> How do I focus a window through non-interactive means (X11)?
<sarnold> it depends upon your window manager
<sarnold> most support alt-tab thanks to win3.1
<sarnold> but fancier window managers support fancier ways to move
<CodeMouse92> #tomcat is dead atm....I'm on Ubuntu 14.04 and Tomcat7. I tried installing EHour via the instructions at http://wiki.ehour.nl/display/DOCU/Install+War+on+Tomcat...
<CodeMouse92> But after all that, I'm only getting a 404 when I go to <server>:8080/ehour, although <server>:8080 shows my Tomcat index
<CodeMouse92> What's going on, and how in the hey do I fix it?
<nthrow> do the needful
<cpaelzer> rsalveti: I saw you did the tar import, checked and acked
<cpaelzer> rsalveti: doing the rebase to match again atm
<cpaelzer> rsalveti: btw there is also #deb_dpdk
<cpaelzer> rbasak: if you had a minute to look at 1571295 - nothing complex I just wonder what the appropriate next step is
<cpaelzer> rbasak: bug 1571295 was the one you found the maintscript-helper to be missing in the debian fix
<ubottu> bug 1571295 in pptpd (Ubuntu Xenial) "pptpd module config loaded at wrong location" [Medium,Triaged] https://launchpad.net/bugs/1571295
<rbasak> cpaelzer: I commented already
<cpaelzer> rbasak: thanks
<jamespage> ddellav, coreycb: http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/newton_versions.html - some yakkety proposed migration issues?
<jamespage> testing newton staging now
<caribou> rbasak: looks like I messed up on LP: #1570093, it only has a changelog entry :-/
<ubottu> Launchpad bug 1570093 in multipath-tools (Ubuntu Xenial) "multipath-tools update introduced syslog messages about partx" [Low,Incomplete] https://launchpad.net/bugs/1570093
<rbasak> caribou: no problem, thank you for dealing with it.
<caribou> rbasak: well, that's my upload; forgot the quilt push after importing the patch
<caribou> rbasak: & dragan-s is in my team and I kindly offered to help.
<dmburmistrov> jamespage, hi! can I ask you about OpenStack UCA packages?
<coreycb> jamespage, ddellav, I think the proposed migration blockers are all due to MIRs.  I'll poke at those.
<coreycb> dmburmistrov, what's your question?
<dmburmistrov> I think there is a missed dependency: glance-glare needs "python-swiftclient", but it is not in dependencies (including "downstream" packages)
<dmburmistrov> from log: ERROR: Store swift could not be configured correctly. Reason: Missing dependency python_swiftclient.
<coreycb> dmburmistrov, interesting. that may be a bug upstream as well because I don't see it in requirements.txt: https://github.com/openstack/glance/blob/master/requirements.txt
<coreycb> dmburmistrov, mind opening a bug here? https://bugs.launchpad.net/swift
<dmburmistrov> in swift? maybe glance?
<coreycb> dmburmistrov, sorry yes
<coreycb> glance
<dmburmistrov> good, sure - I'll do it
<dmburmistrov> thank you!
<coreycb> dmburmistrov, np point me to it when you're done please
<dmburmistrov> deal
<dmburmistrov> coreycb, https://bugs.launchpad.net/glance/+bug/1604397
<ubottu> Launchpad bug 1604397 in Glance "python-swiftclient is missing in requirements.txt (for glare)" [Undecided,New]
<coreycb> dmburmistrov, thanks
<dmburmistrov> no problem
<cpaelzer> jgrimm: if nobody answered til then the mail "Enable SUPPORT_PROXY compile option for exim" on devel-discuss would fit the scope of community requests for server packages
<cpaelzer> jgrimm: since I'll miss today meeting I thought to set a reminder for somebody
<coreycb> jamespage, have you come across this at all? http://paste.ubuntu.com/20034999/
<jamespage> coreycb, yeah pbr does not like package ~ versions
<jamespage> you have todo a munge of OSLO_VERSION or PBR_VERSION to override it
<ddellav> coreycb i see the new stevedore in yakkety but when I run the backport it says it can't find the package in yakkety. I used "python-stevedore"
<coreycb> ddellav, you need the source package name, try apt-cache show python-stevedore
<ddellav> coreycb ah ok
<jamespage> coreycb, urgh neutron trip hazard
<jamespage>     cfg.StrOpt('of_interface', default='native',
<jamespage> requires ryu by default now
<jamespage> newton-staging is deployable but non-functional ATM
<coreycb> jamespage, ok.  we may have a MIR that we can revive.
<jamespage> coreycb, +1
<jamespage> good-oh
<coreycb> jamespage, bug 1500950
<ubottu> bug 1500950 in ryu (Ubuntu) "[MIR] ryu" [High,New] https://launchpad.net/bugs/1500950
<jamespage> coreycb, installing ryu fixes the problem
<coreycb> jamespage, great
<jamespage> coreycb, can we get a sync with exp as well please:
<jamespage> python-ryu | 4.4+dfsg1-1         | experimental     | all
<jamespage> oh wait -not yet
<jamespage> that's on the blacklist for the dep in neutron
<jamespage> coreycb, ^^
<jamespage> ryu!=4.1,!=4.2,!=4.2.1,!=4.4,>=3.30 # Apache-2.0
<coreycb> jamespage, ok looks like we're ok where we are for now
<jamespage> coreycb, agreed
<jamespage> coreycb, 4.3 would be ok :-)
<jamespage> but lets stick for now
<coreycb> jamespage, ok yeah
<ddellav> coreycb ok the backport finished successfully. How long until it shows up in xenial? and will rmadison show the change?
<coreycb> ddellav, you can watch the staging repo or the reports html page to see when it is available in staging.  rmadison won't show you since that just reports on the ubuntu archive.
<ddellav> coreycb gotcha
<coreycb> jamespage, munging seems to be working, thanks
<jamespage> coreycb, ddellav: pushing pkg updates for neutron#s dep on ryu
<coreycb> jamespage, ok. I left some messages in #ubuntu-release earlier for package promotion/MIRs
<coreycb> jamespage, mind if I bump the epoch for horizon to align with debian? it's going to be required in order to sync some plugin dashboards.
<jamespage> coreycb, sure
<coreycb> ddellav, need anything pushed for CI fixes?
<ddellav> coreycb nah, keystone and ironic are still broken in depwait
<coreycb> ddellav, ah waiting on backports. ok should be able to kick them off soon though right?
<ddellav> coreycb yep, im watching them closely
<ddellav> coreycb im working on SRU stuff right now
<coreycb> ddellav, actually we can rebuild the yakkety versions now
<coreycb> ddellav, I'll kick those off
<ddellav> coreycb ah thats true, ok
<caribou> rbasak: regarding LP: #1570093, I've uploaded it to Yakkety & will handle the Xenial upload when it gets in the archive
<ubottu> Launchpad bug 1570093 in multipath-tools (Ubuntu Xenial) "multipath-tools update introduced syslog messages about partx" [Low,Incomplete] https://launchpad.net/bugs/1570093
<caribou> rbasak: that might have to wait until thursday since I'm away tomorrow
<coreycb> ddellav, ironic probably needs it's min stevedore bumped too
<ddellav> coreycb yea i did
<coreycb> ddellav, ok.  I can push what you have for now if you want and try yakkety with it
<ddellav> coreycb oh no, ironic didn't have an update to stevedore, but i'll look again
<ddellav> coreycb ironic was complaining about ironic-lib
<coreycb> ddellav, right. it gets a new error now for yakkety though, now that ironic-lib is up-to-date.
<ddellav> ironic requirements.txt says stevedore 1.10.0
<ddellav> coreycb when i build ironic locally in xenial or yakkety i dont get dependency issues but pretty much every single test fails.. something is up
<coreycb> ddellav, looks like it may be dependent on a higher version of python-pecan than g-r specifies, which would be a bug
<ddellav> coreycb im running the tests on upstream to see if they pass just to double check
<jamespage> coreycb, ddellav: aside from the neutron/ryu issue, I got a clean tempest run out of newton-staging
<jamespage> coreycb, ok if I upload the dependency fix?
<coreycb> jamespage, awesome \o/
<coreycb> jamespage, which dep fix?
<jamespage> coreycb, for ryu
<coreycb> jamespage, oh sure :)
<coreycb> thanks
<jamespage> it will generate into mismatches then and it will get focus
<rbasak> jgrimm: any progress on bug 1397250 please?
<ubottu> bug 1397250 in libnss-ldap (Ubuntu) "SIGPIPE not caught in do_atfork_child()" [High,Triaged] https://launchpad.net/bugs/1397250
<jgrimm> rbasak, nothing new
<rbasak> OK
<rbasak> nacc: I see progress on both of your bacula bugs, but I didn't see anything in the sponsorship queue. Is this correct - you're waiting on reporters?
<rbasak> rharper: any progress on bug 1472639 or on bug 1585771 please?
<ubottu> bug 1472639 in openldap (Ubuntu) "apparmor profile denied for kerberos: /run/.heim_org.h5l.kcm-socket" [High,New] https://launchpad.net/bugs/1472639
<ubottu> bug 1585771 in unattended-upgrades (Ubuntu Xenial) "Automatic security upgrades are always enabled" [High,New] https://launchpad.net/bugs/1585771
<rharper> rbasak: gah, no =(
 * rharper shamefully opens them up 
<rharper> progress today for sure
<teward> rbasak: nginx merge test packages for 1.10.1-1ubuntu1 will be out today in a PPA, and i'll send out a 'please help test installation and upgrading nginx' email to the list later
<teward> in case you're wondering, and in case I don't appear at the meeting today (busy work days are busy)
<rbasak> rharper: it's OK, my fault for not prompting for weeks
<nacc> rbasak: ack, i have tested them based upon the most recent PPA and everything seems to work (includingt ivoks  issue with upgrading)
<nacc> rbasak: and a few have been tested by others and reported back positively
<nacc> rbasak: actually, had a few questions for you
<ivoks> nacc: i had some issues
<ivoks> nacc: in fact, it still have
<ivoks> nacc: it seems like jobs are scheduled, but not executed (show schedule shows schedules, but status dict shows no jobs is scheduled)
<nacc> ivoks: have you tried with my ppa build?
<ivoks> no
<nacc> ivoks: i tested both upgraded & fresh installed and was able tos chedule & run jobs (with mysql)
<ivoks> what version is in ppa?
<nacc> 7.0.5+dfsg-4ubuntu0.1~ppa1
<nacc> https://launchpad.net/~nacc/+archive/ubuntu/bacula3
<ivoks> ok
<ivoks> trying
<ivoks> nacc: scheduled jobs now show fine!
<nacc> ivoks: cool :)
<ivoks> thanks
<nacc> ivoks: i am rebasing my pathces on top of debian so we can fix in yakkety too (some of my changes got picked up) -- then we'll SRU bacula and it should come via -updates
<nacc> ivoks: thanks for testing!
<ivoks> i can tell you tomorrow if everything ran as scheduled
<nacc> ivoks: thanks, that'd be ag reat confirmation; my testing is lighter for sure, as i dont' actively use bacula; but i got a fewbackups run right away in my test env and it seemed to dtrt
<teward> rbasak: can I get a once-over on the debdiffs before I push a PPA build for the nginx merge?  To see if there's any issues I completely utterly missed.
<teward> rather fix them before the PPA builds and before the call-for-testing goes out
<rbasak> teward: I'm a bit tied up today, but sure. Let me know what I'm reviewing - I've forgotten the context, sorry.
<teward> rbasak: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1580252 - nginx 1.10.1 from Debian -> Ubuntu merge.
<ubottu> Launchpad bug 1580252 in nginx (Ubuntu) "Please merge nginx 1.10.1-1 (main) from Debian Unstable (main)" [Wishlist,In progress]
<teward> basically, all the packaging changes they made
<teward> with dynamic modules... what little support exists there.  *rolls eyes*
<teward> s/what little/or what little/
<teward> debdiffs attached at the bottom
<teward> started from Debian packages, pure, took some bits from MoM (changelog), manually redid the nginx-core changes.
<teward> this package being one that did *not* work with the git workflows hehe
<teward> no rush
<sky> heya, so I'm getting packet_write_wait broken pipe errors on my 16.04 server, doesnt happen with my 12.x server in same place
<matzie> qn re fan networking: : when creating a fan network with fanctl <opts> -- dhcp , is there any way to pass extra args to the dnsmasq instance that is launched?
<blizzow> I just tried to do an apt-get dist-upgrade on one of my 16.04 servers.  It downloaded 64 packages, unpacked base-files and plymouth-theme-ubuntu-text, got through processing triggers for man-db install-info.
<blizzow> Now it's just hanging at this:
<blizzow> Processing triggers for initramfs-tools (0.122ubuntu8.1) ...
<blizzow> update-initramfs: Generating /boot/initrd.img-4.4.0-28-generic
<blizzow> 15 minutes have passed with no load on the server.
<blizzow> The disks are idle.
<blizzow> The CPU is idle.
<sarnold> blizzow: do you have any processes in D wait state?
<blizzow> sarnold: nope.
<sarnold> blizzow: if you could run ubuntu-bug initramfs-tools on it before cleaning up, that'd be great. dunno if anyone will spot anything that can be done about it, but at least it's worth a try
<blizzow> I'm just trying to figure out how to kill the process cleanly and get a good upgrade
<sarnold> I -think- the approach is going to be ^C, maybe dpkg-reconfigure -a? or maybe apt-get update again. Maybe apt-get install a tiny pointless package that you don't actually care about just to get it moving again..
<blizzow> is there a way to get a little more verbosity out of the apt-get dist-upgrade /var/log/apt/term.log is pretty short on info.
<sarnold> sadly no
<sarnold> almost nothing is logged :(
<blizzow> ugh
<rattking> Hi folks, I have a custom make package that installs a entry in /etc/cron.d on 16.04 this file is owned by uid 1000 and when I installed it on 12.04 it would by owned by root uid 0.. does anyone know why this would have changed?
<rattking> s/make/made/
<rattking> I am about to add a chown to the postinst file, but I am trying to understand why that changed
<eanxL01> \merge
#ubuntu-server 2016-07-20
<nacc> does anyone here know enough about samba in 16.04 to say whether both libpam-winbind and libnss-winbind would both be necessary to auth to AD?
<nacc> or is it that libpam-winbind provides AD-based auth to PAM and libnss-bind provides winbindd with AD lookups?
<nacc> it seems that at some point, at least, libpam-winbind contained the files that are now in libnss-winbind (pre-trusty, i think)
<jamespage> coreycb, tempest full test failures against newton-staging http://paste.ubuntu.com/20154691/
<jamespage> 14 out of 1300
<jamespage> that's good
<coreycb> jamespage, that's great, just 14 failures
<mdeslaur> rbasak: I'm working on mysql security updates...unfortunately, that means I'll be superseding your xenial-proposed package
<rbasak> mdeslaur: thank you for the note. It's very unfortunate timing. The SRU fixes a bunch of upgrade issues which users will hit once they upgrade after 16.04.1 is out.
<rbasak> It might even be better to verify quickly and forget the aging time.
<mdeslaur> if you'd get them verified, I'll leave them in the security update
<rbasak> My original SRU included the MRE, but infinity wanted the two separated. Otherwise the SRU would already contain the version bump.
<rbasak> I'll verify now, thanks.
<rbasak> cpaelzer: are you available?
<cpaelzer> rbasak: hi
<cpaelzer> reading ...
<cpaelzer> rbasak: available for what - helping to verify soemthing in proposed or wherever it currently is?
<cpaelzer> rbasak: actually no matter what - for how much time should I plan ?
<rbasak> cpaelzer: yes please. https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.12-0ubuntu1.2 is the list. I'll start with 865. Could you start with 712 please, and we'll work our way through?
<rbasak> cpaelzer: I'd like to do as thorough a job as possible as we'll be cutting the usual aging time short.
<cpaelzer> rbasak: yeah I'll try to help - I can continue on that arch dependent curtin bug I'm n atm later
<rbasak> Thank you.
<cpaelzer> rbasak: bug 1574458 done, continuing ...
<ubottu> bug 1574458 in mysql-5.6 (Ubuntu Xenial) "Logs.var.log.mysql.error.log.txt contains usernames and passwords" [Undecided,New] https://launchpad.net/bugs/1574458
<cpaelzer> you said you are doing 1571865
<cpaelzer> I'm picking bug 1602763 next then
<ubottu> bug 1602763 in mysql-5.7 (Ubuntu Xenial) "postinst does not print a helpful message when the server will fail to start" [Undecided,Fix committed] https://launchpad.net/bugs/1602763
<rbasak> cpaelzer: thanks. Yes, I'm still on 865. I think I need to test 5 combinations, so may be a while.
<rbasak> cpaelzer: for 763, I noticed that changing the datadir doesn't work - known upstream. The fix should cause the addition of "broken = 1" to /etc/mysql/mysql.cnf.d/... to result in a helpful postinst error though.
<rbasak> cpaelzer: some people in the bug have reported it doesn't help them, but I think they have different unrelated underlying issues.
<rbasak> cpaelzer, mdeslaur: SRU verification failure for the 865 bug. When infinity asked me to not bump to 5.7.13, I forgot to drop down the version string it compares against for the upgrade path fix. So it does nothing :-/
<rbasak> I'm not sure what to do now.
<mdeslaur> well, my version will work :)
<mdeslaur> actually...
<rbasak> dpkg --compare-versions "$2" le-nl "5.7.13-0ubuntu3~"
<rbasak> It might be wrong anyway. Sorry.
<mdeslaur> ah, yeah, it will be wrong
<mdeslaur> I'll change it in my package, and will upload it to the the security team public ppa
<mdeslaur> if you can verify the others in the meantime
<mdeslaur> then you can verify the one in the sec team ppa
<rbasak> OK, thanks.
<rbasak> cpaelzer: I'll take 458 next.
<rbasak> cpaelzer: we just both verified 458?
<cpaelzer> ?
<rbasak> cpaelzer: I thought you were going to do 763?
<cpaelzer> yeah, that was the first I did
<cpaelzer> see above in chat
<rbasak> I'm sorry, so you did.
<cpaelzer> and I updated the bug itself right away with tags and so
<cpaelzer> better twice than never verified
<cpaelzer> rbasak: sorry I missed when you said you take that one next
<cpaelzer> If I'd feel better today I might have realized that before you did id - but that isn't my day :-)
<rbasak> cpaelzer: it's OK, it's my fault.
<rbasak> cpaelzer: OK, pad time.
<rbasak> cpaelzer: http://pad.ubuntu.com/8qgZ3lJnHY
<cpaelzer> ok, I'm there with you
<rbasak> Thanks. Does what I have look correct?
<rbasak> I'll do 712 now then
<cpaelzer> rbasak: yes the status in the pad looks like reality atm IMHO
<rbasak> OK thanks
<cpaelzer> rbasak: 763 done, picking 647 next, pad and bug updated
<rbasak> Thanks
<cpaelzer> rbasak: 647 done
<rbasak> cpaelzer: thank you!
<cpaelzer> rbasak: so if I read that correctly all done right?
<rbasak> Yes.
<cpaelzer> great
<rbasak> cpaelzer: I wonder if we could pause and consider anything we might have missed?
<rbasak> cpaelzer: can you think of any edge cases which could cause problems given the fixes we're putting in here?
<rbasak> For 865 I think there are many combinations to test, I'll do that once the package is in security-proposed with the version string fixed.
 * cpaelzer |><|    <- shall show a spinning hourglass
<rbasak> :-)
<cpaelzer> rbasak: I think the most critical one could be one based on 763
<rbasak> For 712 I checked that the ordering is correct, so it does pick up on the change before attempt to start the server again. That seems to work (say my reading of the logs).
<cpaelzer> rbasak: where the prestart to check for errors actually breaks something
<rbasak> Good point, I agree.
<cpaelzer> rbasak: but that is just a risk evaluation - I have no idea of a real case that could do so yet
<rbasak> It did come from upstream. I found one false negative (changing datadir) but no false positives so far.
<rbasak> And false negatives should be no worse than if we didn't change it.
<cpaelzer> rbasak: yeah false negatives are ok
<cpaelzer> rbasak: this is a best effort approach to fix this anyway
<cpaelzer> I mean incompatible versions are incompatible
<cpaelzer> you can only do so much to auto-transition
<cpaelzer> and since you tackled 865 it even is better than just "show them a message"
<cpaelzer> as it takes care of the most common things
<rbasak> OK. So are we agreed that we think this SRU is good, apart from the 865 version check and additional testing I need to do on that?
<cpaelzer> the apport fix might in rare cases remove too much lines, but that isn't of reasonable severity
<cpaelzer> rbasak: yes, from what I see the SRU is good except thealready identified version check issue
<rbasak> Yeah the apport fix shouldn't cause a regression in production, only to apport reports, so shouldn't regress production.
<rbasak> cpaelzer: thank you for your help. I really appreciate it - both in terms of time to get this done and for your second pair of eyes.
<cpaelzer> rbasak: you are absolutely welcome
<cpaelzer> ok, I'll go back and fight with curtin then
<cpaelzer> let me know if anything comes up either in this or in the merges
<rbasak> Will do.
<cpaelzer> rbasak: ah since I missed the IRC yesterday
<cpaelzer> rbasak: in terms of prio the NTP>>other merges
<rbasak> I was reviewing your ntp merge but got interrupted by this. Sorry! I'll go back to it as soon as I'm done with this.
<cpaelzer> yeah, and the ntp merge is really messy and bug due to all the req bugfixes
<cpaelzer> so I beg a pardon and hope to not trigger too much facepalm mode review moments
<rbasak> It looks good so far - confusing but that's because it is complex. When I follow it through it has made sense so far.
<rbasak> mdeslaur: I think we're done. Four bugs verified, the fifth one needs that version string fixing.
<mdeslaur> rbasak: ok, I'll let you know once I've uploaded it to our public ppa
<mdeslaur> rbasak: thanks!
<rbasak> mdeslaur: thanks. Do you have a rough ETA please, so I can try and be available?
<mdeslaur> couple of hours probably
<rbasak> OK thanks.
<mdeslaur> actually, before that, I'll just change the string and will upload it....30-45 min
<rbasak> OK
<ddellav> coreycb lp:~ddellav/ubuntu/+source/keystone ready for push/review
<mdeslaur> rbasak: uploaded: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages
<coreycb> ddellav, jamespage might have fixed up keystone already - https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/keystone/log/
<ddellav> coreycb ah ok, disregard
<rbasak> mdeslaur: thanks! I'll test now.
<coreycb> ddellav, ok
<rbasak> mdeslaur: W: Failed to fetch http://ppa.launchpad.net/ubuntu-security-proposed/ppa/ubuntu/dists/xenial/main/binary-amd64/Packages  403  Forbidden
<rbasak> Oh sorry, that's probably my local proxy.
<mdeslaur> rbasak: it's not built yet
<mdeslaur> the hamsters are spinning
<rbasak> Oh, OK. Well, in the meantime I'll fix my proxy :)
<kpettit> I'm using ubuntu 16.04 and for this server apache dies all the time it seems.  Well the process is still running but my test site goes down.
<Odd_Bloke> kpettit: Are you using the packages from the Ubuntu archive?
<kpettit> It's a default 16.04 running on Rackspace.
<kpettit> sorry I mean digital ocean.
<kpettit> I've got 10.04, 12.04, 14.04 and now this one.  But it's my only one that just craps out like that.
<Odd_Bloke> kpettit: Ubuntu doesn't come with Apache running by default; how did you install Apache on the system?
<kpettit> I did tasksel and selected lamp
<Odd_Bloke> OK, cool.
<kpettit> From there the MPM settings are always too high so I adjusted those.  This is what I'm using http://pastebin.com/VXqEeMQz
<Odd_Bloke> kpettit: Do you see the issue you're having without any customised configuration?
<kpettit> I think it's very minimal, but who knows.  The site I'm doing isn't public, it's a locked down wordpress site with at most 2 users
<Odd_Bloke> kpettit: (Just trying to narrow down what's causing it :)
<kpettit> yes.
<kpettit> usually I don't have to mess with apache until a site goes public and starts getting real load.  So it threw me off out of the box with just me it would die frequently
<Odd_Bloke> kpettit: Are there any untoward messages in /var/log/apache?
<kpettit> I don't see anything obvious when I do TOP.  And restarting apache always fixes it
<Odd_Bloke> I've never really used Apache in anger, so I'm not going to have a huge amount of useful input from this point onward. :p
<kpettit> Yeah, usually apache is solid.  I've been doing lamp stuff for a decade.  Out of the box things normally work.  This is the first time I've had it just suck out of the box.
<kpettit> But I haven't used 16.04 in production yet either so was curious if anybody else has issues or maybe it's just this one VM or something weird on it
<cpaelzer> kpettit: is there anything in the logs why it dies?
<kpettit> I've been looking.  It just stops.
<cpaelzer> kpettit: either the apache logs or in the journal for apache?
<cpaelzer> kpettit: so process gone, and no message anywhere?
<kpettit> The process is still there.
<kpettit> it's more like apache gets hung up
<kpettit> so doing top everything still looks normal.
<rbasak> Kehet: define "goes down" then. Does it refuse new connections? Or accept and then hang? Or hang before accept?
<cpaelzer> kpettit: so it doesn't accept new connections in that situation then?
<kpettit> yes.  I don't have the exact error up.  But it doesn't accept anything new for sure.
<kpettit> I'm trying to re-create error....
<jonah> Hi does anyone know much about php.ini ? I'm using FastCGI and as far as I've read each website such as /home/domainname/ should have their own php.ini file you can set in /home/domainname/etc/php5/ - but when I amend a site's php.ini it still loads the one from /etc/php5/cgi/php.ini
<jonah> How do I get Virtual Servers to use their own php.ini files correctly?
<patdk-wk> heh?
<coreycb> ddellav,  python-pecan
<patdk-wk> each fastcgi php instance loads a php.ini file (the same php.ini)
<patdk-wk> you sound like your only using a single fastcgi php instance
<patdk-wk> not sure who told you each website has it's own, that is not true
<patdk-wk> unless you WORK VERY HARD, to make that the case
<ddellav> jonah there are a few ways to do it. Usually you'd specify it with a php admin flag in the virtual host definition. I'm not sure if this works with nginx though (you can google to find out).
<ddellav> also it's not strictly necessary to have a different php.ini for each site, that's only necessary if you need completely different settings for each domain, or if you want to have certain domains more secure than others. This is a typical use-case for hosting companies, to allow customers to have a completely different setting file than other customers on the same box
<ddellav> but inside php scripts you can set/get ini settings by using the ini_set and ini_get methods
<rbasak> mdeslaur: it still doesn't work :-(
<patdk-wk> ddellav, that won't work
<rbasak> mdeslaur: this is another oversight. mysql-server-5.7 is a new package when upgrading from Trusty, since it was mysql-server-5.5 (or 5.6) back there. So the maintainer script doesn't treat it as an upgrade.
<patdk-wk> php flag in the virtual host does not work for fastcgi
<rbasak> This is frustrating.
<ddellav> patdk-wk ok, i thought it would still pick it up but the last time i did it was with the apache module
<patdk-wk> the .user.ini file
<patdk-wk> but really, that isn't the issue, the issue is any other customer can read the other customers configs
<mdeslaur> rbasak: oh, right, duh
<ddellav> that means he'll probably have to setup different pools for each domain
<patdk-wk> unless yo uhave each php running as a different user
<rbasak> I guess maybe the logic should be "if installing fresh and /etc/mysql/my.cnf.migrated exists, or upgrading and the previous package is prior to 5.7.13-0ubuntu0~, then run fix_old_config_options"
<rbasak> Not ideal, but it'll work.
<mdeslaur> rbasak: can you give me a diff?
<rbasak> ack
<rbasak> mdeslaur: http://paste.ubuntu.com/20192824/ maybe? Untested. I'll test now, but would appreciate your opinion.
<mdeslaur> rbasak: how about removing the version and just using le instead of le-nl
<mdeslaur> le should treat empty as less
<rbasak> Good point, thanks.
<mdeslaur> sorry, s/the version/the empty string check/
<rbasak> That seems to have worked. I need to test further though.
<blizzow> I have some virtual machines running ubuntu 16.04.  Of course ye olde eth0 is now ens3.  A) What's the proper way to get it back to eth0?  There seems to be a udev rule that people are 50/50 on the fact that it may work. or there is a modification to GRUB that can be done. B) Why the heck did this change?
<rbasak> blizzow: A) net.ifnames=0 on kernel command line; B) because in the case of multiple NICs, it was always racy and broken before.
<teward> ninja'd >.<
<teward> https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ if you care to read about the new predictable network interface names system
<teward> blizzow: ^
<rattking> the new system for naming nics only seems predictable if I know what bus and where on it the nic is located
<rbasak> This is indeed true. The old system for naming nics was only predictable if you only had one.
<rattking> or didn't change them around..
<rbasak> There are other modes available I believe.
<nacc> rattking: technically, no, even if you didn't physically alter the order, you weren't guaranteed the enumeration was the same
<nacc> rattking: so if you never saw that bug, jsut consider yourself lucky :)
<rbasak> It would be nice if in the case of one NIC it defaulted to not doing this, but I didn't ask for this because AFAIK it is impossible to determine if you have only one NIC because hotplug.
<nacc> yeah, it's not just having one NIC, but forever only having one NIC :)
<rattking> heh I definitely had the drive enumeration problem before uuid's but for NICs on servers I guess I have been lucky
<nacc> rattking: yeah, it's a very similar problem to the drive enumeration issue; it also is a "good thing" in that it makes the user interface (even if an ugly naming) not dependent on kernel naming (which eth* was)
<nacc> rattking: but yeah, i've seen it a few times with NICs on big machines ... debugging that was no fun :)
<rbasak> mdeslaur: looks good with that fix. I'm just writing up.
<rbasak> mdeslaur: I've written up my testing in https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1571865/comments/16
<ubottu> Launchpad bug 1571865 in mysql-5.7 (Ubuntu Xenial) "mysql fails to start after upgrade if previous defaults were customised" [High,Fix committed]
<rbasak> mdeslaur: so on top of your version string match fix, we also need to s/le-nl/le/ on that line.
<mdeslaur> rbasak: ok, I'll upload a new package to the ppa, thanks!
<rbasak> mdeslaur: thank you for working through this with me. Do you need anything else from me?
<mdeslaur> rbasak: nope, I should be good. Thanks!
<rbasak> mdeslaur: OK. FYI, I'm EOD now. I'll keep an eye on IRC but will be slow to respond.
<House> can anyone recommend a mysql server backup tool? i'm using `automysqlbackup` now but having problems using NFS mount as the target. we don't have a huge setup, but still  the database server locks up for too long and the various CMSs and apps using it lose their connection
<sarnold> House: can you save the output locally and then move it over nfs later?
<House> sarnold : yes, automysqlbackup has a nice option for pre- and post-run commands, so i'm using an rsync there to shift it over, but while i'm looking at the various issues we have with the current setup, i thought i'd get recommendations for alternatives too
<sarnold> House: aha :) good thinking.
<House> i love rsync.  previous job had a network admin who thought rsync initiated by the remote to central server was the only way to move scheduled traffic. so, backups were pushed into the DC, and data bundles were periodically (like every 5mins) polled for and retrieved when they existed...    love/hate relationship with rsync, but it's now grafted to my soul and cannot be ignored!
<sarnold> haha. I know the feeling...
<patdk-lap> house, that is the issue with using it
<patdk-lap> use it on a slave mysql
<patdk-lap> use lvm snapshot and backup from that
<patdk-lap> or use percona xtrabackup
<sarnold> lvm snapshot with a database? o_O
<patdk-lap> sarnold, why not?
<patdk-lap> isn't that the whole point of lvm snapshots?
<patdk-lap> used it years ago, when that was the only option
<sarnold> yeah but you've normally got to bring the database to a quienscent state so you don't snapshot garbage
<House> hmmmm http://dba.stackexchange.com/questions/18017/how-to-create-snapshot-backups-in-mysql
<patdk-lap> flush tables with lock on mysql
<patdk-lap> snapshot lvm
<patdk-lap> unlock tables
<patdk-lap> then copy/backup/...
<House> sarnold : link shows flush+lock, snapshot, unlock
<patdk-lap> but these days, just xtrabackup :)
<sarnold> House: it's certainly encouraging that what you found matches exactly with patdk-lap's advice :)
<sarnold> poor percona, they had such grand dreams, and now they're known primarily for the backup tool? heh
<House> so patdk-lap, you're cloning a filesystem snapshot of a quiesced database server's data volume, out to a backup location?
<patdk-lap> no
<House> then i presume releasing the snapshots immediately or some time in the future
<patdk-lap> I did that when I wanted to make a new slave, like 10years ago
<blizzow> If I make a change to /etc/network/interfaces, it seems like a 50/50 chance that the change takes place immediately with no 'services networking restart'.  Is there some newfangled, proper way to give a server a static IP?
<House> ah, k
<sarnold> blizzow: "service networking restart" isn't safe, and should report an error ...
<sarnold> blizzow: ifdown and ifup after making the changes
<House> patdk-lap, sarnold: this approach is quite similar to vmware+vdp/veeam with windows VSS. I'm not sure how well it works in linux guests. (i had poor experience with dell/equallogic integration with rhel6)
<patdk-lap> vmware supports it for linux
<patdk-lap> you just have to setup the freeze and unfreeze scripts to sync/flush the filesystems properly that you are using
<patdk-lap> personally, anything that doesn't flush properly to begin with, is improperly designed
<blizzow> sarnold: that's the problem, I copy a new file into /etc/networking/interfaces, and half the time my connection dies instantly and is changed over to the new config, the other half it stays and I should expect to reboot or do the ifdown ifup dance.
<blizzow> so I'm wondering if there is some new accepted stable way to change IP addresses.
<nacc> blizzow: i think it's rather unexpected that an "immediate" change to eni takes effect.
#ubuntu-server 2016-07-21
<nacc> blizzow: do you have some other package installed that maybe is "watching" eni?
<blizzow> It's a fresh install with the only thing selected during the install being openssh server.  To be fair, this is happening via ansible.  I copy /etc/network/interfaces containging a static ip into place, and the next command ansible tries to run fails because it can no longer connect to the host.
<nacc> blizzow: i'm not sure if ansible would be interacting there. I woudl maybe try it without ansible (seems like it would be trivial to do)
<nacc> blizzow: that is, fresh install, ssh in, change eni (or more appropriately, maybe eni.cfg/...
<blizzow> I copied a new /etc/network/interfaces over manually and it won't change over now. Like I said, it's 50/50 for me so far and I can't figure out rhyme or reason as to how ubuntu is dealing with the change of /etc/network/interfaces.
<nacc> blizzow: well, like I said, it's rather unexpected to me (and I've never seen that), so I'm not convinced it's ubuntu doing anything yet. AFAIK, various tools might write to eni (and ifup/ifdown read from it), but it doesn't happen spontaneously
<TylerWhitney> Hi good ubuntu folks. I attempted to upgrade my server from 14.04 to 16.04 tonight and the installation failed. When I try to get things working again with the "apt-get -f dist-upgrade" command to the packages it fails on "util-linux" package with "insserv: Service mountdevsubfs has to be enabled to start service hwclock" ... while I have a backup, I figured I'd play around with this botched system as a learning experienc
<sarnold> TylerWhitney: odd indeed. could you file a bug against util-linux and initscripts about that?
<sarnold> TylerWhitney: for your own playtime this may be helpful  : find /etc -name '*hwclock*'  and  find /etc -name '*mountdevsubfs*'
<TylerWhitney> I will file a bug, in my original searches I did see a similar mention of this, but I'll have to go back to google to make sure it was filed as a bug
<TylerWhitney> sarnold: With those find commands I see init scripts for both of them
<TylerWhitney> If I try to run the script for mountdevsubfs I get the message "Can't open /lib/init/tmpfs.sh"
<sarnold> TylerWhitney: the S symlinks say when to start the service during the boot; the K symlinks say when to shut down the service when changing runlevels or shutting down
<sarnold> strange, I don't have that file either
<TylerWhitney> appears to be called on line 26 of the init.d file
<TylerWhitney> I created a quick and dirty tmpfs.sh script there that creates a loopback on a tmp file and mounts it
<TylerWhitney> when I run the init script it says mountdevsubfs is running, though I get the message still when trying "apt-get -f install" that it hit a problem with util-linux because "Service mountdevsubfs has to be enabled to start service hwclock"
<TylerWhitney> very odd
<sarnold> now try the 'update-rc.d mountdevsubfs enable'   -- maybe with a -n to prevent it from doing anything, so you ca nsee what it intends to do first
<TylerWhitney> hmm "update-rc.d: error: cannot find a LSB script for mountdevsubfs"
<sarnold> try with mountdevsubfs.sh ?
<TylerWhitney> Yes, that was the issue I think.
<TylerWhitney> I also tried removing it with the update-rc.d command and then setting it with defaults
<TylerWhitney> That seemed to get traction
<TylerWhitney> I still got an error with "apt-get -f install" but the command "apt-get -f dist-upgrade" is working and installing packages now...
<TylerWhitney> This seems promising.
<TylerWhitney> But you were right I forgot the .sh at the end when I first ran it, hence the not found error
<TylerWhitney> I think I also know what caused the issue in the first place now.
<sarnold> oh? :)
<TylerWhitney> So, I had a really old custom written init script in the init.d directory
<TylerWhitney> I think because it didn't conform to standards when it came to updating it somehow failed starting/restarting all the services
<TylerWhitney> I'm more of an application developer that dabbles in this stuff, usually when things go awry I just restore from backups... I'm a lazy sys admin
<TylerWhitney> But figured tonight was a good time to play on a broken system... you never learn as well as you do when fixing broken stuff
<sarnold> I
<sarnold> I'd hope it would take more than that to send it awry, but maybe that was it. :)
<TylerWhitney> Yes, I could be very wrong
<TylerWhitney> I saw an error relating to trying to start that old service that no longer existed when I ran "dpkg --configure -a" and thought... oh damn that doesn't exist anymore
<TylerWhitney> well I made some progress and now we fail on mysql-server
<TylerWhitney> Seems to be a known bug http://askubuntu.com/questions/760724/16-04-upgrade-broke-mysql-server
<TylerWhitney> I did an "apt-get remove --purge mysql-server mysql-server-5.7" then deleted everything in the /etc/mysql directory and did an "apt-get install mysql-server mysql-server-5.7" and it worked like a charm
<TylerWhitney> And... thats it, we're back to normal and 16.04 it appears!
<TylerWhitney> sarnold: thanks for the push in the right direction
<TylerWhitney> I was not familiar with all of the update-rc.d commands
<sarnold> hopefully we'll be rid of update-rc.d some day
<TylerWhitney> He
<TylerWhitney> Well, that was certainly the issue... the MySQL server thing appears totally isolated and separate from the first
<sarnold> yeah it probably is
<TylerWhitney> this was a production server, I like living on the edge!
<TylerWhitney> Its a minor server and I schedule the downtime for tonight though ;-)
<sarnold> ahhh at least it happened on your terms. sortof. :)
<TylerWhitney> Haha! Now the real deal, lets see what happens when I reboot
<TylerWhitney> I have the backup image ready if need be.
<TylerWhitney> The right way would probably be to install 16.04 fresh, install the required packages, then restore files from backup.
<TylerWhitney> But then, what fun would that be.
<sarnold> the mysql issue seems annoying. Doing the purge approach to fix it seems needlessly brutal ..
<sarnold> 'cause now you've got to deal with the mysql configuration from scratch.
<TylerWhitney> luckily my configuration wasn't all that customized
<TylerWhitney> I seem to have run into more issues with PHP considering it seems php7 is now default.
<TylerWhitney> Got everything working again, but had to manually install some packages that were there before trying to upgrade
<sarnold> s/default/only php/
<TylerWhitney>  /msg NickServ VERIFY REGISTER TylerWhitney oqvrpwipphlb
<TylerWhitney> fail
<ndee> when the OOM-killer is invoked, is it possible to execute a script? Since I know for 99% which services would need to be restarted.
<andol> ndee: You can probably hack something together by have something watch the kernel log, but I don't think there is any explicit reliable way to hook a script in there.
<ndee> andol: ok, since normally, it's always mysql and apache that needs to be restarted and the server would function again but I'm not sure on how to achieve that.
<andol> ndee: Depending on circumstances, I'm otherwise partial to have the kernel panic-and-reboot in case of an OOM.
<andol> Yet, in case this is a common problem for you, it sounds like the first thing you should do is to tune the memory usage of Apache and Mysql.
<zbouby> hi all i have this problem after upgrade from ubuntu 12.04 ==>14.04
<zbouby> dpkg: dependency problems prevent configuration of libapache2-mod-php5:
<zbouby>  libapache2-mod-php5 depends on apache2 (>= 2.4); however:
<ndee> andol: I just checked, in apache, the processes just started to rise and rise until 256 and then remained there until the restart of apache. How could I avoid that?
<ndee> the keepalivetimeout is set to 5 and the timeout in general is set to 300. The number of processes rose over a time of 6 hours
<andol> ndee: Was a while since I spent some serious quality time with Apache, but if I remember correctly you might want to tune your MPM settings, regarding how many childs and threads to allow, etc
<andol> ndee: But really, now I'm mostly shooting from my hip, so you should probably rather get your advice from someone who does this stuff for real.
<FManTropyx> will 14.04 systems be getting automatic upgrade soon?
<Odd_Bloke> FManTropyx: Yep, for some value of "soon". :)
<FManTropyx> okay, I remember hearing today's date previously
<sveinse> Isn't it safe to uninstall mdadm and lvm2, when its not needed? I have ubuntu-server installed, and these two packages are depended upon
<sveinse> I find the message "W: mdadm: /etc/mdadm/mdadm.conf defines no arrays." a real annoyance
<patdk-lap> must have picked the install everything option, instead l minimal install
<patdk-lap> I actually find having openiscsi installed to be more annoying
<sveinse> patdk-lap: I haven't noticed that one actually. How is it bothersome?
<rbasak> jcastro: hey, do you know if there's a PHP webapp charm? I need to set up a LAMP stack for a non-work project but I couldn't find one.
<jamespage> ddellav, coreycb: ceilometer and aodh are now blocked on cotyledon
<jamespage> well for post b2 anyway
<techsayan> Hi, I was trying to assign group permissions in my server, can someone help me out setting up group permissions on the system level rather than file/directory level?
<cpaelzer> rbasak: hey, I'm not sure yet if I find the time - but atm I'm kind of blocked on almost all ends I worked on, so would you pick 1-3 bugs depending on their compexity for me to work on?
<rbasak> cpaelzer: I don't have many prepared, sorry. I need to fill the backlog again. How about bug 1594202? Or just take a look around for one?
<ubottu> bug 1594202 in dovecot (Ubuntu) "apparmor messages everywhere" [Medium,Confirmed] https://launchpad.net/bugs/1594202
<jgrimm> cpaelzer, or knock through some more merges too
<rbasak> cpaelzer: see "List of recently modified bugs in packages looked after by the server team" in https://wiki.ubuntu.com/ServerTeam/KnowledgeBase
<cpaelzer> jgrimm: do you still have the generated list for the merges that could identify candidates other than just looking around?
<coreycb> jamespage, ok and as for MIRs I think we're just blocked on aodhclient and ryu
<jgrimm> cpaelzer, i have a script now!  but really its easy enough to just look at MOM
<cpaelzer> sure, can do that in case I run dry again :-)
<jgrimm> cpaelzer, maybe rbasak would hand off exim4 to you? i know that's been on his backlog for a long while?
<jgrimm> cpaelzer, and i'm quite certain rharper would let you take strongswan
<cpaelzer> I didn't want to grab something too big before vacation as surely curtin, dpdk and the open merges are soon suddenly full of work once unblocked
<jgrimm> fair enough, plenty of those too!
<jgrimm> cpaelzer, logwatch and amavisd-new are probably trivial
<cpaelzer> rbasak: nacc: so to be ready for safety if one could make available for the importer: exim4, logwatch and amavisd-new - that would be great no matte rwho takes it eventually
<coreycb> jamespage, ddellav: zigo's working on cotyledon.  we'll need to MIR that as well.
<rbasak> cpaelzer: sure, I'll import now.
<ddellav> coreycb ah ok, good news
<jamespage> coreycb, ack
<jgrimm> rbasak, 'at' and memcached too please
<rbasak> ack
<rbasak> jgrimm: https://bugs.launchpad.net/usd-importer/+bug/1605280
<ubottu> Launchpad bug 1605280 in usd-importer "memcached cannot be imported" [Undecided,New]
<jgrimm> rbasak, :) thanks
<coreycb> jamespage, ddellav: aodhclient MIR approved
<frickler> cpaelzer: if you are looking for a bug to solve, https://bugs.launchpad.net/ubuntu/+source/percona-xtradb-cluster-5.6/+bug/1574509 would still be a good one for me ;)
<ubottu> Launchpad bug 1574509 in percona-xtradb-cluster-5.6 (Ubuntu) "mysqladmin-5.7 fails to set password for percona-xtradb-cluster-server-5.6" [Undecided,Confirmed]
<jgrimm> rbasak, fyi->https://bugs.launchpad.net/usd-importer/+bug/1605280
<ubottu> Launchpad bug 1605280 in usd-importer "memcached cannot be imported" [Undecided,New]
<jgrimm> err meant nacc ^^ sorry
<nacc> jgrimm: yep, i'm reading and working on it now
<jgrimm> nacc, cool. tx
<zetheroo> how do I stop a tty instance and disable it in Ubuntu as is done here for CentOS: https://mrkmg.com/posts/2015/07/proxmox-centos-7-console-showing-two-login-prompts/
<ddellav> coreycb lp:~ddellav/ubuntu/+source/ceilometer and lp:~ddellav/ubuntu/+source/openstack-trove ready for review/push. FYI: Trove had quite a few dependency updates. I'm not sure what you want to do about that but i added them.
<jamespage> ddellav, coreycb: newton-proposed passed tempest smoke - pushing to updates now
<coreycb> \o/
<ddellav> woot
<coreycb> ddellav, ceilomter is pushed/uploaded
<coreycb> ddellav, for openstack-trove the only dep that should need updating is oslo.concurrency>=3.7.1, which is ok.
<ddellav> coreycb there was a bunch that were out of sync. Do we just ignore those?
<coreycb> ddellav, that's the only one I noticed was different between 5.0.0 and 5.1.0
<ddellav> coreycb thats correct but if you manually diff the requirements.txt and d/control there are many differences
<ddellav> coreycb https://cl.ly/2s2u331N1D0A/Image%202016-07-21%20at%2012.15.28%20PM.png
<coreycb> ddellav, gotcha, so we missed updates to d/control on previous changes.  /me looks again.  as long as they're in the archive for xenial it should be fine.
<coreycb> ddellav, yep looks good
<ddellav> coreycb ok, then it's good to push :)
<coreycb> ddellav, yep, builds ok I assume?
<ddellav> coreycb yessir
<coreycb> ddellav, trove pushed/uploaded as well.  for ceilometer I asked arges to reject our previous mitaka point release that was in the review queue since this one overrides it.
<ddellav> coreycb ok, i updated the bug and the card to include 6.1.3 as well
<eagles0513875|2> hey guys is there a reason why 16.04 doesnt require sudo when one does init 0 or what ever init command
<tarpman> eagles0513875|2: yes
<eagles0513875|2> tarpman: whats the reason is it expected behaviour or a bug
<tarpman> eagles0513875|2: the default policy allows users with a local session to shut down the system. it's expected.
<eagles0513875|2> isnt that a bit of a risk especially for production systems
<eagles0513875|2> and when you say policy what do you mean exactly by policy please?
<arges> coreycb: which one
<arges> 6.1.1
<coreycb> arges, yes 6.1.1
<coreycb> thanks
<arges> coreycb: ok done
<tarpman> eagles0513875|2: /usr/share/polkit-1/actions/org.freedesktop.login1.policy is the policy I'm talking about. specifically <action id="org.freedesktop.login1.power-off"> with <allow_active>yes</allow_active>
<eagles0513875|2> ok never really looked into that stuff that is why it works and i dont touch but thanks for enlightening me :)
<poood> hey guys do you know how to clone a disk?   http://unix.stackexchange.com/questions/297446/how-to-clone-an-entire-linux-disk-and-boot-it
<dr4c4n> poood: dd?
<poood> dr4c4n: i used dd but forget the boot sector
<poood> don't know how...
<dr4c4n> it shows you on the page how to backup the mbr
<sarnold> if you clone the whole disk you don't need to worry about a disk sector specifically; if you clone just a partition then you'll have to install a boatlaoder of some sort
<sarnold> sigh
<dr4c4n> yes then run grub-install
<poood> sarnold: okay. thank you. let me try :)
<poood> many thanks btw
<poood> so helpful
<bulletxt|2> hi, im trying to upgrade from 10.04 to 12.04 with do.-release upgrade
<bulletxt|2> if finds precise 12.04 but then stops after reading repos and restores back to previous source list
<bulletxt|2> any idea why is this?
<bulletxt|2> I could paste the output but since its long I dont know how to scroll as the process from what I can understand is run inside the "screen" utility
<terje> hi, I'd like to download the xenial cloud image (which I've done) and add a bunch of packages to the img file.
<terje> I've attempted to guestmount it, then apt install <stuff>
<terje> but I'm getting this error:
<terje> Fatal Python error: Failed to open /dev/urandom
<terje> any suggstions?
<dr4c4n> https://ubuntuforums.org/archive/index.php/t-2305183.html
<bulletxt|2> anyone?
<rattking> terje: are you mounting and chrooting into a image? if so you probably need to bind mount proc sys and dev into the images filesystem..
<bulletxt|2> I found the isse in the logs, at a certain point in the do.release upgrade at the beginning it says something like
<bulletxt|2> "it was not possible to authenticate some packages. This could be a temp problem etc"
<bulletxt|2> any clue?
<rattking> I *think* the package signing keys are in ubuntu-keyring maybe you need to update that first?
<bulletxt|2> I did that
<bulletxt|2> a lot of times
<bulletxt|2> I did an apt-get update and upgrade
<bulletxt|2> rebooted
<bulletxt|2> I did them all
<bulletxt|2> now I was reading this http://askubuntu.com/questions/425355/error-authenticating-some-packages-while-upgrade
<rattking> did you pull in the package from the version you are trying to upgrade to?
<bulletxt|2> its a long story, im on 10.04
<bulletxt|2> I put the EOL repos
<bulletxt|2> they seem to work
<bulletxt|2> but do-release upgrade is failing
<bulletxt|2> miserably with that log (and it took me 1 hour to find the log!"
<bulletxt|2> but at least now I know whats happening
<bulletxt|2> yea, http://askubuntu.com/questions/425355/error-authenticating-some-packages-while-upgrade fixed my problem
<vidasov> Hi guys, I have problem with kvm/libvirt and apparmor. Usb-passthrough doesn't work because of apparmor profile. Question is that I can't find answer anyware, are quotes considered to be ok in apparmor profile defined by libvirt-xxx.files?
<sarnold> vidasov: yes, you can quote paths with e.g. spaces in them if you need to
<vidasov> ok, sounds good but that is not a bug which bothers me than. thnx sarnold
<vidasov> but why some paths in libirt-xxx.file are quoted and some not, no spaces in path. I gues if quotes are ok than I should not consider it anymore....
<sarnold> vidasov: the paths may have been stuck in quotes by an automated tool somewhere, which didn't go to the trouble of finding out if the quotes are needed :)
<vidasov> Yes, looks like I need to oppen a bug request :-(
#ubuntu-server 2016-07-22
<LeMike> hello. On a server hosting multiple services, is it possible to grant SSH access but jail them in their own context? The crux for me is, that every user may use a different mysql-server or other db - so I don't know how to jail, if jail is good and how to swap sockets to their login.
<AtuM> the topic is wrong about 14.04 to 16.04.. it's July 22nd... so when will this be possible (without intermediate upgrades)?
<henkjan> AtuM: i guess upgrading to 16.04 should work now
<henkjan> as 16.04.1 seems on the mirrors http://releases.ubuntu.com/
<AtuM> henkjan, Perhaps our local mirror is not updated yet...  so it works in general elsewhere?
<thekrynn_> hey all, does anyone know of a preferred/faster way to scan a large FS faster for a small list of changed files?
<henkjan> AtuM: maybe canonical still needs to flip a bit to make the update checker aware of the new LTS
<AtuM> henkjan, since I've waited so long.. a bit more won't matter :)
<zetheroo> what is the equivalent of these commands for Ubuntu:          systemctl stop getty\@tty1
<zetheroo> systemctl disbale getty\@tty1
<InnerCode> Hi, Is there a way to convert LXC 1.* containers to LXC 2.0?
<mdeslaur> rbasak: https://utcc.utoronto.ca/~cks/space/blog/linux/Ubuntu1604MySQLUpdatePain
<meekrat> Anybody know when do-release-upgrade will start to work for 16.04.1?
<mhoney> can an iscsi lun be setup on top of an lvm logival volume?
<mhoney> What I'd like is an iscsi target that can grow if needed
<jamespage> coreycb, ddellav: have a hunch that the ironic ftbfs is due to slightly old pecan - proving that now
<jamespage> https://bugs.launchpad.net/ironic/+bug/1605629
<ubottu> Launchpad bug 1605629 in Ironic "requires pecan > 1.0.2" [Undecided,New]
<jamespage> ddellav, coreycb: cotelydon is in the NEW queue in debian (thanks zigo)
<jamespage> once that's accepted we can sync and fix the aodh and ceilometer build failures - okies...
<jamespage> ddellav, the wedges in yakkety-proposed appear to mostly be s390x autopkgtest failures
<jamespage> I tried fixing one by adding rabbitmq-server to the list of pkgs, but that did not appear to resolve the problem
<hallyn> meekrat: i don't think do-release-upgrade does that, just a regular apt upgrade
<meekrat> hallyn: neither seems to trigger it - the ubuntu servers may not be handing it out yet, I guess
<hallyn> meekrat: according to #ubuntu-devel topic it has been released.  i'm not sure what you're expecting to see - it's not a full upgrade, it's
<hallyn> just a new 'release' based on what's in xenial archive at the moment
<hallyn> http://cdimages.ubuntu.com/releases/16.04.1/
<hallyn> bt if you've been keeping uptodate, yo'ure likely already there
<Pici> meekrat: are you on 14.04 now?
<hallyn> oh i c.  that'd make sense :)
<Pici> according to the release folks, they're waiting for things to settle down before the release upgrade from 14.04 will be turned on. And yes, I thought it would be the day and date when .1 was released too.
<meekrat> pici: I'm on 14.04.x LTS
<meekrat> I'm thinking they are just letting things settle down - I can wait....thought the 16.04.1 LTS would trigger the release.  Thanks all
<mpjetta> my fresh ubuntu 16.04 from a -server.iso is showing a black screen on the local console on boot, I have to Ctrl-Alt-F5 to get a login prompt. any ideas how to get rid of the black screen?
<mpjetta> it boots so fast that it is hard to tell the server is up ;)
<heydrick> any idea when http://cloud-images.ubuntu.com/locator/ec2/ will have the 16.04.1 images?
<Tangurin> Hi, can someone here help me find out why my subdomain not working on my Ubuntu Server (Apache)? It is the first time I am doing this, and I don't know if I done something wrong
<Superdawg> Does anyone know what changed in 16.04 that would cause a locally created apt repository (using dpkg-scanpackages) to not work?  It works in 15.10.
<sarnold> Superdawg: do you get any error messages?
<sarnold> Tangurin: do you get any error messages?
<Tangurin> Just that I can't reach the site
<Tangurin> http://laravel.io/bin/523O8
<Superdawg> sarnold: only from apt-show-versions "Error: No information about packages! (Maybe no deb entries?)"
<Superdawg> I don't have the Release.gpg or InRelease files that 'apt-get update' tries to grab, and I'm not sure if that's what is causing it.  I *do* have the Release file.  That's been sufficient for all debian based distros I've used since some point pre-debian etch.  I tested the same sources.list entry on a 15.10 box and it works fine.
<teward> Tangurin: is it a page showing coordinates, and a username/password auth?
<sarnold> heydrick: they may not be called 16.04.1, it's just 16.04 with everything updated; the daily builds are already that..
<sarnold> Superdawg: "the same" -- did you change the "wily" to "xenial" and so on?
<Tangurin> ... yes teward
<Tangurin> how did you get in :O
<Superdawg> This is a private deb repository that I maintain.
<teward> Tangurin: it's up here.  Nuke your browser cache and try again.
<sarnold> Tangurin: how about the /var/log/apache/error.log ?
<Tangurin> sarnold: I tried to access the log but I got permission denied when I am trying to access the /var/log/apache2 folder :S I don't know why
<Superdawg> my sources.list entry looks like 'deb [trusted=yes] http://hostname/ref_mirrors/debmirror stable main'
<teward> Tangurin: because you should be using `sudo tail /var/log/apache2/error.log` or similar, it's locked out to standard user access
<teward> Tangurin: that said, erase your browser cache, start again.
<Superdawg> It works in 15.04, 15.10, but not 16.04.
<teward> Looks like it's working
<Tangurin> teward: okey, great info, thanks :)
<Tangurin> teward: I did: sudo dscacheutil -flushcache but it did not help :S
<teward> Tangurin: i didn't mean on your server
<teward> I meant on your computer where you're trying to access the site from ;)
<Superdawg> I use the same format for many mirrors.  Ranging from way back at debian etch all the way to, at this point, ubuntu wily.
<heydrick> sarnold: gotcha. the most recent AMI on the ami finder is from 6/27, was hoping for a newer image that has all the updates
<Tangurin> I wrote: sudo dscacheutil -flushcache on my computer, in the terminal
<sarnold> heydrick: hmm that feels like a surprisingly long time ago
<Superdawg> So I'm confused on what is causing the break in 16.04.  Haven't found much with regard to what might be wrong.
<sarnold> Superdawg: hmmmmm. very curious. :/
<sarnold> Superdawg: the InRelease files are relatively new in the last few years, it's a combination of Releases and Releases.gpg files that can be updated atomically
<sarnold> Superdawg: (I don't think that's related here, but maybe if those files exist and are blank, maybe..?)
<Superdawg> sarnold: Yeah, that's what I'm suspecting is the problem.  Maybe they added that as a requirement.
<Superdawg> It doesn't like a blank version of those files.  I tried that this morning.
<Tangurin> teward: is there another way to clear cache? :)
<Superdawg> I also tried just one that works but doesn't necessarily reflect what I've got
<Superdawg> that didn't work either. heh
<teward> Tangurin: i don't think you know what I mean by cache
<Superdawg> I'll try to go about generating that and see how we end up.
<Tangurin> Maybe not?
<Tangurin> teward:
<teward> oh you're on Apple
<Tangurin> teward: yes :)
<teward> dscacheutil is the Directory Service cache ***NOT*** your web browser cache
<teward> Tangurin: nuke your web browser's 'temporary internet files' or 'cached files' (depends on the browser how to do it), then try again
<Tangurin> teward: Thanks it was cache :) Appreciate your help!
<teward> bleh missed him by a minute
 * teward goes back to poking the Internet
<sarnold> Odd_Bloke: hmm, the newest 'xenial' on http://cloud-images.ubuntu.com/locator/ec2/ appears to be from 20160627 -- but there was a kernel published on 2016-07-14 https://launchpad.net/ubuntu/+source/linux  -- is the autopublisher thing working well?
<Superdawg> sarnold: Looks like generating the gpg signed InRelease, Relase.gpg and then importing the key into apt was the fix.  I am now able to get the packages on my repo.  That kinda sucks since I need to change my build process around a bit, but oh well.  Those are the pains of upgraing.
<Superdawg> upgrading*
<Superdawg> sarnold: Thanks for the second set of eyes
<sarnold> Superdawg: hmm. that's not exactly a satisyfing answer but at least you've got a path forward
<Odd_Bloke> sarnold: It's working its way through now.
<sarnold> Odd_Bloke: thanks :)
<jonah> hi can anyone help. It's just take over an hour to install a new ubuntu server and then right at the very end it's sprung up with "Unable to install Grub in /dev/sda" "Executying 'grub-install /dev/sda' failed! Does anyone know how I get get grub installed correctly without losing all this time/setup..?
<sbeattie> jamespage: hey, does ceph relly need 1GB sized test-dbg debs? http://archive.ubuntu.com/ubuntu/pool/universe/c/ceph/?C=S;O=D
<sbeattie> seems kinda mirror-hostile.
#ubuntu-server 2016-07-23
<pennTeller> Hi guys, can anybody shed some light on where to add an mx record?
<Keo-0w>  i keep having that error message whenever i try anything w/apt-get
<Keo-0w> linux-server depends on linux-headers-server (= 3.2.0.99.115); however: Version of linux-headers-server on system is 3.2.0.106.122.
<sarnold> Keo-0w: are you on an out-of-date mirror? the new version of linux-server is at http://archive.ubuntu.com/ubuntu/pool/main/l/linux-meta/ and looks like it has been for a few days
<jamespage> sbeattie, dropped in yakkety - apologies
<sarnold> thanks :)
<sarnold> ("hard drive manufactures hate this man and his one simple trick to save terabytes of storage!")
<danialbehzadi> Hi. I am getting a dedicated server and I want to setup some appliances (about four) on it. Is it rational to manage it with Maas or not? Since classic visualization method are not optimal, what is the best plan for managing this?
<tomreyn> danialbehzadi: if you are talking a single server, MaaS is not for you
<danialbehzadi> tomreyn: So, What is the best for single servers? LxD? Docker? etc.?
<tomreyn> just setup some virutalization or container environment (possibly with a web interface) and add VMs on top.
<tomreyn> depends on what you want to do. those 'appliances' are probably in some specific format?
<tomreyn> ...and can have some requirements
<danialbehzadi> tomreyn: No. I can make them myself in any format. Just looking for the best formatâ¦
<tomreyn> if you can afford virtualization, use that. the easiest way to manage a single server nowadays is maybe with kvm, libvirt, virt-manager
<tomreyn> if you don't care about security so much you could also go with docker / lxc / lxd
<negev> hi, just filed this but i'm not sure if it's a bug or a config issue: https://bugs.launchpad.net/apparmor/+bug/1605855
<ubottu> Launchpad bug 1605855 in AppArmor "Base abstraction for writing to the systemd journal doesn't work" [Undecided,New]
<van777> i've got ubuntu-server in vmware. Does it support listening mp3 with mplayer? Mplayer shows, it's playing, sound card ok, no sound. https://imgur.com/a/MUwXa
<compdoc> van777, what do you use to connect?
<van777> compdoc: I just use wmware
<van777> wmware workstation. and i usually use putty, but i did not even try to listen to something via putty )
<compdoc> I install ubuntu server with a minimal Mate desktop and the x2go service to connect to guests in KVM. sound and clipboard works
<van777> i've got no desktop, just the server
<compdoc> I guess spice might work too, but I never have much luck with that
<van777> i am wondering wether mplayer can play on the server without X desktop..
<compdoc> have you ever had sound working using vmware?
<van777> compdoc: good question!  let me check.
<van777> compdoc: another vm neither has sound . it must be the weird USB soundcard that doesn't work with vmware..
<compdoc> dont know enough about vmware tao say if it supports sound
<compdoc> to
<van777> compdoc: thank you, it must be the hardware problem.. http://imgur.com/a/RcLFz
<OerHeks> van777, what happens when you switch to 'default host soundcard' ??
<OerHeks> besides the mpeg codecs you need to play
<van777> OerHeks: default host soundcard doesn't play too.
<OerHeks> then i guess there is a codec missing to play?
<van777> OerHeks: will this be ok? sudo apt-get update && sudo apt-get install ubuntu-restricted-extras
<van777> do i really need them in ubuntu-server? hmm
<OerHeks> van777, that will pull a desktop environment too, all you need is alsa and add the user to the audio group tons of howto's > https://learn.yancyparedes.net/2013/02/playing-audio-files-on-ubuntu-server-12-04/ >>> http://askubuntu.com/questions/582750/play-music-from-vlc-on-ubuntu-server
<van777> OerHeks: thanks!
<OerHeks> the first url i used a few years back myself
<van777> i'll reboot, brb
<van777> OerHeks: you're a genius. i does play with alsa!
<van777> solved
<OerHeks> van777, have fun!
<sambagirl> i need to assign a domain to a local server with a static ip here and i was wondering if someone could point me to to the correct way to do it. i read a bunch of stuff but confused by the conflicts in approaches. it is 14.04lts server
<sambagirl> it would be a tld btw
<sambagirl> no sub
<codedmart> How can I recover the default sites-enabled file from nginx? I made some changes but want to reset to default.
<negev> anyone around who knows apparmor well?
<CarlFK> if I use the di installer, tasks="" (so no desktop) I think that gives me a u-server.  but maybe not so don't shoot me.
<CarlFK> what is blanking the console?
<CarlFK> like screen saver after 5 min (or some amount of time)
<guestuser1234> Hey, how do I set FQDN in ubuntu server?
<guestuser1234> hostname -f returns just hostname
#ubuntu-server 2016-07-24
<guest1_> I need some assitance accessing my server outside of my LAN
<guest1_> I just installed the latest Ubuntu Server OS 16. I can SSH into it fine if Im on the network its running on, whats the best option for accessing out of network range?
<tempspace> Hey all. I am migrating my infrastructure from Debian Wheezy to Xenial. In wheezy, if I run the command sudo -u user command, it would use the ssh key from that user's ssh dir. In Xenial, sudo doesn't do that any longer. Hints?
<tempspace> nm, had to use -i now, combined with executing things through sh -c
<krist64> hello
<krist64> LAMP 16.04 it secure online?
<patdk-lap> define secure?
<patdk-lap> nothing will stop you from misconfiguring it and opening up any number of insecurities
<sambagirl> can someone send me a link for configuring a domain with bind9 for a static server? thanks
<sambagirl> a simple but effective procedure.
<b4r> sambagirl: https://askubuntu.com/questions/330148/how-do-i-do-a-complete-bind9-dns-server-configuration-with-a-hostname?
<sambagirl> ok thanks b4r
<sambagirl> yuck b4r
<b4r> sambagirl: not what you wanted?
<sambagirl> one would think that you could just simply apply a few values and run a script and fix it like that.
<sambagirl> ot
<b4r> you could do fix it that simply if you had a script/program to do it for you ;)
<sambagirl> it's way to technical and convoluted. i've looked at a bunch of different procedures but they are so different in ways that it doesn't make sense.  I was wondering if i can do it witbh webman or one of the other management systems. what you just pointed to me is surely the correct procedure but jeez oh man.
<sambagirl> i can't find one b4r
<sambagirl> and if i did i dont know if i would trust it
<b4r> afaik there aren't any nice tools for this sort of thing
<sambagirl> seems to me that during the lamp install or the server install there should be an option for domain and static ip installation.  maybe there was and  i didnt see it?
<sambagirl> i dont think there is either
<b4r> you mean like when you install postfix and mysql dialogue boxes?
<sambagirl> well i was thinking around that time or when you do the initial server specific iso installation or if it is a netinstall
<sambagirl> well here is a question. which dns servers do you have to use? the ones you create yourself? or the ones that the isp provides or google dns servers?
<b4r> you mean for your own hosting?
<sambagirl> yes
<b4r> depends on the situation but I'm gonna go ahead and say to use your own
<b4r> so you bought the domain, then point the domain to use your dns server
<sambagirl> for example i have 5 static ips and i have 4 servers and i use one ip for a wireless router. so for a couple of the servers i wanted to use a domian name
<sambagirl> so the dns server can be on the same server? i dont have to have a separate box for the dns server? i keep seeing about virtual servers for dns servers. that is what is throwing me.
<sambagirl> and i see where that link you sent says dont use .com well why not?
<b4r> I'm not gonna claim to know a bunch about all that but it's possible to use it all on the same server
<b4r> it does?
<sambagirl> that is what i think too
 * b4r reads
<sambagirl> yep look
<sambagirl> it says use .net or hom
<b4r> I'm gona say it's not an accepted answer to the post
<b4r> but it has otherwise decent information
<sambagirl> yes
<b4r> oh but it is a community wiki so idk
<sambagirl> i will see if i can first do this in a vm server so not to mess up that one server i have in mind to do this to
<sambagirl> why are the always subdomains though?
<sambagirl> i have no interest in doing a subdomain
<b4r> maybe they wanted to be thorough and assumed the dns server would be used by inter- and intra-net users so the more specific names can be accessed
<sambagirl> yeah i suppose so
<sambagirl> but i still think that there should be a aspect of the server iso installation for configuring a domain name.
<b4r> I don't see why that wouldn't be an unreasonable request
<sambagirl> i suspect there is a reason why that isn't a part of the installation now.
<b4r> probably no one's gotten to that list item yet ;)
<sambagirl> hey thanks b4r for the ideas and support! chat later! peace!
<theblindghoulie3> Having issues with my server
<sambagirl> like what
<tigefa> heelo all, ask: best irc log for ubuntu server 14.04 ?
<b4r> anyone notice how `rm -rf *` deletes all files and ubuntu warnconfirms deletion of all files in the directory but leaves '.files' untouched and wont warnconfirm deletion `rm -rf.*`?
<theblindghoulie3> I need some assistance configuring my server
<ikonia> just ask then
<ccha5> hello is there any altervative to reprepro ?
<bekks> What is that?
<theblindghoulie3> Server help!
<theblindghoulie3> Cant access server outside of LAN
<bekks> Why not?
<theblindghoulie3> Have port foward to 80, 21, and 22. For SSH and FTP
<bekks> Forget oprtforwardings, they arent necessary for accessing things outside your LAN.
<theblindghoulie3> ok, whats the next issue to look at?
<bekks> First you need to TELL us the actual issue.
<theblindghoulie3> I have the latest Ubuntu Server OS installe on a Lenovo PC. I wanted to setup a server to store and transfer files. I installed and setup the router for FTP and SSH. However, I want to be able to access the server while at home or out and about. I cant do that because when I try to connect to the server outside the network it rejects the login
<bekks> Can you name the version you are using pleasE?
<theblindghoulie3> Ubuntu Server 16.0.4.1
<bekks> So you are trying to access, from within your network, the public IP of your router?
<theblindghoulie3> Access the server from outside the network
<bekks> So take a look at the logs of the service yuo are trying to access.
<theblindghoulie3> Im thinking it has something to do with Apache
<bekks> Why would apache has anything to do with ssh or ftp?
<bekks> *have
<theblindghoulie3> It doesnt I dont believe, this is my first attempt at setting up a server, so Im still learning.
<theblindghoulie3> I'll keep researching.
<bekks> Take a look at the logs.
<theblindghoulie3> I went to the logs, but I dont see anything thats helping me figure out the right question to ask.
<bekks> You experienced the problem that you are denied to log in. Search for traces of that issue, at the timestamps when that issue occured.
<theblindghoulie3> the log file for FTP (vsftpd.log) shows the successful attempts but not the failed
<theblindghoulie3> ok the auth.log file for SSH has a bit more to look through, would you like me to screenshot the log file?
<_Crash_> I've just followed the Perfect Server tutorial for Ubuntu 16.04 and I've come across an issue where my mail seems to direct to my System User instead of the email Mailbox
<_Crash_> So if I SSH in, It'll show me my email if I type "mail", but it shouldn't since it should direct to the dovecot mailbox?
<_Crash_> I can view the mail when I SSH in, but if I check my mail on my phone, my mailbox is empty
<_Crash_> any ideas?
<ikonia> _Crash_: talk to the people who wrote the guide
<k2gremlin> Hello all, I have a small problem on my Media server. I have a secondary drive mounted in /Storage that I use for media. In that folder, I have movies, tv show folders and such
<k2gremlin> Now the problem I have is I cannot ls the /Storage folder.. but if I cd /Storage/movies and run ls it works
<k2gremlin> if I ls /Storage it just freezes up. Only way I can recover is to close my ssh session and log back in. One way I have found to temporarily fix the problem is a quick reboot. However, it keeps coming back
<k2gremlin> Anyone seen this before
<bekks> Just show us the permissions of /Storage
<k2gremlin> drwxrwxr-x
<k2gremlin> bekks, It works fine for a few hours after a reboot. But randomly if I less a few hours later, it will just freeze the SSH session
<bekks> Sounds like the drive disconnects then.
<k2gremlin> But I can go to /Storage/movies
<k2gremlin> and run ls there.. I can also play movies from it
<k2gremlin> so really confused lol
<k2gremlin> I am in the directory.. df . shows.. /dev/sdb       412718256 49517132 342213220  13% /Storage
<k2gremlin> So it's still mounted.
<bekks> Tak a lok at dmesg then.
<bekks> *take
<k2gremlin> bekks,  INFO: task ls:7946 blocked for more than 120 seconds. wtf?
<bekks> k2gremlin: thats a random line from dmesg with no further context. what do you expect me to answer now?
<k2gremlin> bekks, sorry, I am grabbing the whole thing for pastebin
<k2gremlin> bekks, http://pastebin.com/jr2y5mkQ same message when I try to sftp http://pastebin.com/jr2y5mkQ
<k2gremlin> sftp to that directory
<k2gremlin> bekks, Well, weird.. it is working now without reboot.
<bekks> k2gremlin: as can be seen, you have severe issues with that cifs stuff, and you should reboot+
<k2gremlin> bekks, Yea I had this problem last night and rebooted it. Only been up 22 hours lol
<k2gremlin> I have 2 folders INSIDE of /Storage that are mounted cifs to other systems
<k2gremlin> but that shouldnt stop me from lsing /Storage?
#ubuntu-server 2017-07-17
<vbotka> hehehe, FWIW, https://serverfault.com/questions/702945/rsyslog-local-and-remote-logging
<cpaelzer> good monring
<cpaelzer> morning even
<lordievader> Good morning
<soahccc> Hey, could someone with iptable knowledge help me out here and tell me what I am supposed to enter in the last line? I can't quite tell what to put in for the placeholders and I don't want to mess this up. https://unix.stackexchange.com/a/211110
<lordievader> soahccc_:  The {{ROUTE_SOURCE}} should be replaced with the NATted network, the interface is the outgoing interface,  and the route target the outside/public ip.
<soahccc> lordievader: Thank you :) I was on the wrong track then. But this seems to work. I now have to figure out how to run a process without root :/
<lordievader> soahccc_: What do you mean? Running it as a user doesn't do the trick?
<soahccc> Well I can't run it as non-root "setting the network namespace "eth0_a_ns" failed: Operation not permitted"
<lordievader> It makes sense to make network config root only. You don't want some random user be able to change the entire network config.
<soahccc> But I tested it with root and I think this solution doesn't even fix my actual problem. The thing is that I try to get a program running and it works on a different server but on mine it has network problems. I assumed it can't handle multiple IPs on eth0 but I guess I was wrong all along
<soahccc> lordievader: yeah makes sense but I just want to use it there no?
<lordievader> What it the error of the program?
<soahccc> lordievader: it's mono so I guess you will just puke here :D https://gist.github.com/2called-chaos/e8d8f5629cad20c0cc43b989933088d3
<soahccc> I have two ubuntu 16.04 and it works on the one with one IP so I just have to assume thats it right?
<lordievader> `Error -14 EFAULT bad address in system call argument` doesn't sound like the multiple IPs is the problem.
<lordievader> I have no idea what it (probably the kernel) thinks is a bad address though...
<soahccc> The program unfortunately doesn't have an bind option (just port). I compiled mono the same way on both systems and they both run on the same kernel (4.4.0-83)
<soahccc> So my guess is, it tries to magically detect the IP and it fails when I have secondary addresses. I mean I _could_ try to remove the secondaries for a test but that would kill all my services :D
<soahccc> lordievader: okay I tried to ifdown all eth0:* secondaries and it indeed doesn't change a thing. Do you have any other idea? I compared "ip addr show" on both servers and they were the same essentially. The only thing is that I upgraded this one (where it doesn't work) from 12.04 and it's an older installation whereas the other server was recently installed with 16.04. I have no idea what could have broken there
<lordievader> Same size of subnet too?
<soahccc> Oh actually its /26 vs /27
<lordievader> Not that that should matter...
<Steve[cloud]> good morning folks
<Steve[cloud]> I'm having an issue with a networking bridge, and I'm not seeing much info on the net about it
<Steve[cloud]> basically I'm attempting to run a bridge almost like a "hub"
<Steve[cloud]> all the traffic from the incoming span port is replicated to all of the veths attached to it
<Steve[cloud]> unfortunately, even after setting the ageing on the bridge to 0 (which should turn off mac learning) im still only getting broadcast traffic ont he veth
<Steve[cloud]> I know im getting everything on the interface, as running tcpdump on the bridge or the int directly works as expected, but not when sniffing fromt he veth
<lordievader> Not sure if the bridge module can be forced to work as a hub...
<Steve[cloud]> lordievader: I did get it to initially work
<Steve[cloud]> then it just...stopped
<Steve[cloud]> no config changes
<Steve[cloud]> lordievader: I had followed this: http://ask.xmodulo.com/disable-mac-learning-linux-bridge.html
<lordievader> [1] seems to go a bit more in depth. [1] http://www.programering.com/a/MDN4QzNwATk.html
<Steve[cloud]> lordievader: yeah the 4 steps mentioned in the beginning is what im trying to accomplish
<Steve[cloud]> directionality issues arent a concern as the phys is connected to a mirror on the cisco switch
<lordievader> Did you do the xt_TEE steps too>
<lordievader> ?
<Steve[cloud]> oh man....thats hard to read
<zioproto> coreycb: I got the notification to test the stable package for python-cinderclient https://bugs.launchpad.net/python-novaclient/+bug/1559072
<ubottu> Launchpad bug 1559072 in Ubuntu Cloud Archive newton "[SRU] exceptions.from_response with webob 1.6.0 results in "AttributeError: 'unicode' object has no attribute 'get'"" [High,In progress]
<zioproto> coreycb: but this Xenial package is for Mitaka if I understand correctly
<zioproto> Mitaka I cant really test, because I have eveything in newton
<zioproto> Is a Newton package for the Ubuntu Cloud archive for Xenial also going to be released ?
<coreycb> zioproto: yes there's a newton package, and thanks for the reminder needs to be promoted to -proposed.
<coreycb> jamespage: beisner_ : when you have a sec, can you promote python-cinderclient 1:1.9.0-0ubuntu1~cloud2 to newton-proposed?
<jamespage> coreycb: on my list
<coreycb> jamespage: thx
<jamespage> coreycb: done
<coreycb> jamespage: thanks.  zioproto: python-cinderclient that should be available shortly in newton-proposed.
<eatingthenight> Quick question, ubuntu 14.04 rsyslog package writes as the user syslog:adm but the logrotate file included with the rsyslog package doesn't set the user properly so after a rotate rsyslog can't write
<eatingthenight> I know I can add the create entry... but this seems like a bug in the package or am I missing something?
<eatingthenight> i purged and reinstalled the package as well to make sure it wasn't some local change I made in the past that messed up the rsyslog confs
<vimart> Hi
<zul> coreycb: btw I added a fix to mistral on Friday thought you should be aware of it
<zul> jamespage: ^^^
<coreycb> zul: ack thanks
<ahasenack> does anybody know what this error means or what causes it:
<ahasenack> Dpkg: WARNING: Can not find the file name list file for the package update-manager, assuming that the package does not currently have any files installed in the system.
<ahasenack> the actual package doesn't matter, this is being said about basically all of them
<ahasenack> not my system, it's in a bug report
<sarnold> ahasenack: sounds like someone went crazy with rm around /var/lib/dpkg/info/ to try to save space, or their filesystems aren't mounted properly, or btrfs ate their lunch or something
<ahasenack> are these the *.list files in there?
<sarnold> yeah
<DammitJim> so, I have edited my ubuntu servers to NOT automatically do security updates
<DammitJim> one of the reasons I did that was because the /boot partition was getting full (sometimes we don't patch a server for  6 months)
<DammitJim> should I have a larger /boot partition?
<DammitJim> or is it OK to just disable security updates?
<tomreyn> DammitJim: you should just reboot occasionally, and, of course, patch
<tomreyn> once every 6 months is not enough
<tomreyn> daily is sometimes not enough
<DammitJim> oh gosh
<sarnold> DammitJim: how large is that /boot ? I thought newer systems took care of it well for you
<tomreyn> but whether or not you patch and reboot, /boot should not normally store more than 3 kernel images
<DammitJim> 236M
<genii> DammitJim: Might want to read https://help.ubuntu.com/community/RemoveOldKernels#Configure_Unattended_Upgrades_to_Remove_Unneeded_Kernels_Automatically
<tomreyn> doh thats tiny
<sarnold> that's kind of tiny but it ought to be able to handle three, right?
<DammitJim> oh, it can handle 3
<DammitJim> problem is when we don't patch often
<DammitJim> and it's just not possible to test everything for the amount of servers we would need to patch every month for example
<DammitJim> I don't have those resources
<tomreyn> just install patrches automatically and reboot on kernel updates
<sarnold> DammitJim: btw https://usn.ubuntu.com/usn/usn-3353-2/
<DammitJim> thanks sarnold I'm patching as we speak
<DammitJim> and have resources allocated to test
<DammitJim> tomreyn, things don't work like that in my company
<DammitJim> it takes a LOT of work to get patching done... all apps have to be tested because of bad expriences they've had in the past
<tomreyn> that's a pity. security patches don't normally break stuff.
<sarnold> while we go to great lengths to test our fixes before releasing them, our tests can't cover everything
<DammitJim> that's what said, but can't change that rule at the moment
<sarnold> regressions are a fact of life :(
<DammitJim> sarnold, agree
<DammitJim> I wish I could let the systems just do their thing and walk away...
<sarnold> normally the places that want to test updates before installing them have infrastructures in place to do so cheaply
<DammitJim> oh, we have virtual labs
<DammitJim> and every time a server is tested, the test team has to spend time there
<sarnold> with tests that the ycan run on the software important to them, so it might take ten minutes to deploy a new system, then install updates, then run for a few horus or day to make sure the applications still work, then they can roll out across the larger infrastructure
<hehehe> sarnold: do u use nginx?
<hehehe> I cant compile darn thing with modsecurity - it does not like some flag in compilation
<sarnold> hehehe: I do
<hehehe> sarnold I am getting erro
<hehehe> going to pastebin it
<hehehe> https://pastebin.com/H5895e1E
<sarnold> hehehe: see if this is the issue https://bugs.launchpad.net/nginx/+bug/1657596
<ubottu> Launchpad bug 1657596 in Nginx stable "[PPA] fPIE/fPIC build problems" [Critical,Fix released]
<hehehe> yes I read it
<hehehe> its fixed in ppa but I compile from scratch
<hehehe> so I need to find tomas fix?
<hehehe> is there easy way to list default cflags?
<hehehe> sarnold: it may well be the issue
<hehehe> but how do I tell compiler where those flags are?
<sarnold> hehehe: you call make with whatever flags you need
<hehehe> yes
<hehehe> I just wonder whats up
<hehehe> sarnold: are you using nginx stable?
<hehehe> and if yes how did you compiled it with modsec?
<hehehe> the configure options
<hehehe> I did compile it with just modsec module it does work
<sarnold> hehehe: 'apt-get install nginx-light"
<sarnold> done and done :)
<hehehe> eee
<hehehe> what is nginx light?
<hehehe> sarnold: why light
<hehehe> it does not have full blown options
<hehehe> and it does not have modsecurity there
<hehehe> or does it?
<sarnold> hehehe: because after reading the sources in the package I asked teward to make it easy to install only things directly from the nginx crew, and then put -that- package in main, and leave the packages with non-nginx-sources in universe.
<hehehe> :)
<hehehe> sarnold: well I am not using nginx from ppa Iam compiling it from scratch
<hehehe> nginx from ppa does not come with modsecurity as you said
<hehehe> so how did you compiled nginx with modsecurity? :)
<hehehe> I compiled ubuntu into mac os :) yep just rewrote kernel on weekend
<hehehe> as if
<Epx998> boss just asked me to build a centos7 unattended, something is afoot
<sarnold> Epx998: oh so -now- they want to run latest releases..:)
<Epx998> sarnold: for some other team I think
<Epx998> netboot failed miserably tho so yeah
<hehehe> :)))
<hehehe> folks how do you use ossec?
<hehehe> some neat active responce rules to be aware of?
#ubuntu-server 2017-07-18
<chodson> Hey Guys, I am trying to directly ssh into a ubuntu container running on lxd. I've created it with a bridge but it keeps giving me permission denied (publickey)
<chodson> the auth log on the container says that the lxd host ip is closing the connection
<Epx998> hmm ive run into that problem before
<sarnold> Epx998: do you recall what the solution was? i'm guessing either (a) the cloud-init didn't copy over the key or (b) the username didn't match
<sarnold> pity he's already left and we'll never find out
<Epx998> trying to remember what I was doing when I got that error
<hehehe> chodson do u use appamor?
<hehehe> lol should be penalty 5 usd if you quit within 30 min after asking question
<Epx998> im ocd'ing on this centos7 kickstart cfg hmmm maybe i should go home
<cpaelzer> good morning
<lordievader> Good morning
<nacc> rbasak: fyi, i think you didn't push any tags for import of scim-chewing
<nacc> rbasak: which breaks the linter
<nacc> rbasak: or was the atomic thing  you were mentioning?
<rbasak> Odd_Bloke: one for you I think? https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2017-July/017554.html
<teward> sarnold: anything that's not a dynamic module will be static-compiled into that specific package.
<teward> sarnold: email is faster by the way
<teward> sarnold: wrt that specific module you pinged about, it's a dynamic module - `libnginx-mod-http-echo` - it can be added by a user at their discretion.
<teward> there's a 'static' compile element and a 'dynamic' element - static compile is why all the flavors conflict with each other still because they still build static binaries.  Dynamic modules are the exception
<teward> and they can be built and then included individually.
<teward> sarnold: pre-1.12, everything's static compiled in, so it's only referenced at build time.
<teward> 1.10.3 (Zesty/Artful) and 1.12.x are really the first time we've rolled out dynamic modules.
<teward> but thats the standard now - if it can be built dynamically it needs to be added as its own package; if not, it needs to be static-compiled in.
<teward> sarnold: we also have a modsecurity 'headache' - that thing isn't trivial to update.
<teward> so if there's a 'patch' that needs to deploy to fix something in modsecurity we usually have to just update the whole module rather than nit-pick a patch.
<teward> sarnold: also sorry for not being awake - yesterday was a cluster**** once I got home.
<sarnold> teward: I'm sorry to hear it :( thanks for the information
<teward> sarnold: no idea what version was in use, but if it's not got the libnginx-* module packages, they're all static compiled and that's referenced only during build time.
<teward> just saying :)
<sarnold> teward: <3
<sbeattie> jamespage: hey, do you know what changed in ceph 12? samba in artful FTBFS against the version of cph in artful-proposed...
<Steve[cloud]> lordievader: hey man, thanks for the help yesterday
<Steve[cloud]> in case you may be interested, I eventually found a solution
<Steve[cloud]> http://stevemcgrath.io/2017/07/docker-containers--network-sniffing/
<GMBeniamin> Hello guys. Is this the right place to cry about having a problem regarding ubuntu server networking?
<GMBeniamin> Anyone?
<sarnold> GMBeniamin: you may get more results if you pastebin what's going on..
<Epx998> network, 2 cups with a string between them. network.\
<GMBeniamin> It's first time when I am trying this and I don't want to post walls of text in the wrong place.
<GMBeniamin> I have a brand new supermicro SuperServer 6028R-TRT. I installed ubuntu server on it and I am trying to connect to internet. I am trying to do that via a MODEM + SWITCH (with management). However, even if it seems that it is configured correctly in /etc/network/interfaces, there is not internet connection. Using the same IP, Netmask, Gateway and DNS on a windows laptop the internet works.
<sarnold> GMBeniamin: is your modem a NAT firewall? or simple bridge?
<sarnold> GMBeniamin: if it's a NAT firewall, can you ping it directly?
<GMBeniamin> I am still pretty new to networking in general so it may be difficult to speak the same language but: from the server I can ping my IP, not anything else. Also, I forgot to mention, I got a static IP. I can ping my gateway from outside my static connection.
<Epx998> he said modem and I immediately thought dialup
<Epx998> GMBeniamin: Did you verify your gateway?
<GMBeniamin> I can ping the gateway from outside the network. How else could I check it? I think there is a problem with something I set up on the server because the same connection works great on the windows machine. The server has something called IPMI 2.0 but I could actually access it. I am using the right ethernet port.
<Epx998> You can ping the gateway from an external IP, from your laptop but not the server?
<GMBeniamin> Yeah. From an external IP I can ping the gateway. I can't ping it from inside the machine. From the machine I can only bing my main IP. However, I can ping the gateway externally even if the cable is not plugged in the server's port, which puzzles me even more.
<Epx998> use pastebin to paste the contents of /etc/network/interfaces ?
<Epx998> and maybe output from route ?
<Epx998> doh no one entered these new servers to dhcp
<GMBeniamin> I have to learn how to use pastebin and I don't know how to copy the output from the server. Let me think of an efficient alternative.
<sarnold> if it had internet access then the pastebinit tool would be very helpful :)
<GMBeniamin> I am typing everything manually.
<Epx998> i'd use pastebin
<Epx998> or gist hub, nvidia blocks pastebin
<GMBeniamin> https://pastebin.com/6Akfm3ei
<GMBeniamin> Did my best in copying it exactly. I used route -n command and copied the results.
<sarnold> GMBeniamin: I think the 'broadcast' is incorrect there, it shouldn't end with .255
<sarnold> GMBeniamin: fiddling with http://www.subnet-calculator.com/cidr.php gives a range 82.79.76.0 - 82.79.76.31  -- I think the .31 should be the broadcast address for your network, no?
<GMBeniamin> I set up it up manually because I thought it must be *.255. Should I delete it from the interface or replace 255 with 31?
<sarnold> try replacing the 255 with 31
<GMBeniamin> I did and used sudo ifdown eth0 && ifup eth0 for update. Used ifconfig and it got updated, but there is still no internet connection.
<sarnold> can you ping 82.79.76.1 ?
<GMBeniamin> When I do that from the ubuntu machine is tells me: From 82.79.76.20 Destination Host Unreachable.
<GMBeniamin> From another connection ping 82.79.76.1 works.
<gheorghe_> ocata openstack-dashboard upstream is already 11.0.3, however ubuntu cloud ocata packages only deliver 11.0.2 ... is there any way to get in contact the packagers and ask them to update the packages?
<gheorghe_> 11.0.2 has a bug that is really annoying. 11.0.3 fixes it
<GMBeniamin> Any other suggestions?
#ubuntu-server 2017-07-19
<sonu_nk> hi , i am facing some critical issue with my ubuntu server.. it is giving me "Error:	Server unexpectedly closed network connection
<sonu_nk> Error:	Could not connect to server" ... but it was working tomorrow perfect. with same credentials i tried today and its giving me error.. i cant access SFTP , No webmin working and no SSH working
<sarnold> I believe that's the error message you would get if tcpd (hosts.allow, hosts.deny, hosts_options) would give if an address isn't allowed
<sarnold> maybe it's run out of RAM and is OOMing?
<sonu_nk> sarnold, what are the step for troubleshooting ?
<sarnold> sonu_nk: I think you're stuck looking at the console at this point
<sonu_nk> my ubntu server installed on Linode
<sarnold> do they have remote console services? if not, you'll have to hit the reboot button and hope there's something useful in the logs
<sonu_nk> remote console services
<sonu_nk> exist there
<sonu_nk> https://paste.ubuntu.com/25123475/ see my log here which i tried to access via remote console sarnold
<sarnold> sonu_nk: ewwww
<sarnold> I'm out of ideas
<sarnold> sonu_nk: once you've got a prompt on that system please run ubuntu-bug systemd-logind and please fill it out as best you can. That's crazy.
<sarnold> I've got to run, good luck
<sonu_nk> ok sarnold thankyou
<sonu_nk> "Network Helper did not run: could not determine distribution or distribution version  " this message coming when i reboot ubuntu server via linode panel
<cpaelzer> good morning
<hhee> morn
<lordievader> Good morning
<m1dnight_> Hey guys, I'm trying to configure squid-deb-proxy but I keep getting TCP_MISS/404 in the access.log, but also 404's in the store.log..
<m1dnight_> I can find a lot of data on the first problem, but not on the second
<m1dnight_> Any pointers?
<m1dnight_> I've even put "http_acccess allow all" in the file, to make sure that's not the issue.
<cpaelzer> m1dnight_: are yu setting it up like https://wiki.ubuntu.com/SquidDebProxy or anything more complex?
<m1dnight_> The basic configuration without any changes, honestly. Well, except the http_access allow all to be sure.
<m1dnight_> Is there a setting I can use to cache _everything_?
<m1dnight_> That's what I was going to test right now.
<cpaelzer> in general if you only look for apt/deb caching you might check out apt-cacher-ng
<cpaelzer> not so sure on squid conf - maybe just "." like refresh_pattern . 0 40% 40320
<cpaelzer> http://www.squid-cache.org/Doc/config/refresh_pattern/ will be of help
<cpaelzer> but all hits I found warned you to please not cache too huge files there
<m1dnight_> also, what does it mean for  line to be bungled?
<m1dnight_> Bungled /path/to/conf.conf line 21:...
<cpaelzer> rbasak: nacc: on https://code.launchpad.net/~paelzer/ubuntu/+source/multipath-tools/+git/multipath-tools/+merge/327618
<cpaelzer> rbasak: nacc: if we are going to upload multipath-tools before the current artful-proposed will leave proposed do we need to jump through all the loops to make the merge apply?
<cpaelzer> rbasak: or could one just accept and merge the upload tag and I upload as-is and things would work?
<cpaelzer> it is kind of a race against time with only i386 dep8 tests missing due to the huge queue
<rbasak> cpaelzer: I think it'd be fine to just add a new commit importing that changelog entry into the merge result.
<cpaelzer> that would certainly be easier
<rbasak> cpaelzer: the only thing the importer cares about to preserve rich history is that the upload tag's tree matches the archive.
<cpaelzer> ok, then I'll prepare that way and you can merge/mark-upload tag just before I upload
<rbasak> cpaelzer: and then next time that commit can just be dropped when following our usual merge workflow.
<rbasak> ack
<cpaelzer> rbasak: ok, done - ready to merge and tag as upload so I can upload the actual change
<cpaelzer> rbasak: or do you want to upload the change as well as part of the mergeing?
<rbasak> cpaelzer: do you have an upload tag I can pull from somewhere please, and I can push that before you upload?
<cpaelzer> head of merge-artful should be it, I can tag and make it available if that helps
 * rbasak looks
<cpaelzer> rbasak: cd2f5a906c
<rbasak> Oh, that should be fine, sorry. I had assumed you were sponsoring for someone else or something.
<cpaelzer> I pushed it, but didn't set the upload tag on it as that usually is on the "accept the merge" task
<cpaelzer> no my merge
<rbasak> (because I hadn't really paid attention; sorry)
<cpaelzer> fine
<cpaelzer> enough involved people in that merge, but hey 3 reviews on day 1 is good
<cpaelzer> rbasak: my dput is ready and waiting, just ping me once it is merged on USDI (or if there are any issues)
<rbasak> cpaelzer: upload tag pushed
<rbasak> cpaelzer: I didn't review or anything. In theory an uploader should be able to push an upload tag, but we don't have Launchpad ref wildcard ACLs yet. So I'm just being an ACL for you :)
<cpaelzer> ok for me
<cpaelzer> and uploaded that way (and accepted) as reviewed and acked, thanks rbasak
<cpaelzer> rbasak: will you set the MP to merged then?
<cpaelzer> so that it drops off the active reviews queue?
<rbasak> Done
 * rbasak should write a bot or something :-/
<cpaelzer> thanks again
<cpaelzer> if you are an ACL be a bot as well :-)
<rbasak> :)
<cpaelzer> we are going the first steps, but I like the linter
<cpaelzer> I didn't ask about that before, but has it a mode to lint before upload - to keep the silly mistakes hidden to others :-)
<cpaelzer> rbasak: nacc: ^^?
<rbasak> I believe so.
<cpaelzer> ok, then next merges get even more clean
<cpaelzer> I really like to see that every time a merge comes by it gets easier due to our  improved process and tooling
<rbasak> cpaelzer: just "git ubuntu lint" and it'll look at HEAD.
<cpaelzer> freeing up some time to fix things :-)
<cpaelzer> oh nacc pushed it to the snap already
 * cpaelzer is testing the linter
<m1dnight_> If you do apt-get update, what is actually being downloaded? I'm looking for the proper name
<m1dnight_> package descriptions?
<lordievader> m1dnight_: More a list of available packages and versions of a repo.
<GMBeniamin> Hello guys! I was here last night with a problem regarding not being able to connect to internet with my new server. Is there someone willing to help me?
<rbasak> m1dnight_: package metadata. You could call them indexes. Look in /var/lib/apt/lists/. It's plain text and is exactly what was downloaded.
<sonu_nk> Does the SSL include XSS protection as well?
<fginther> rbasak, I attached a testing summary to https://bugs.launchpad.net/bugs/1701350, please let me know if that meets your needs
<ubottu> Launchpad bug 1701350 in walinuxagent (Ubuntu Zesty) "WA Linux Agent 2.2.14" [High,Fix committed]
<rbasak> fginther: that looks great. Thanks!
<linuxlove> hi
<linuxlove> anyone here ?
<lordievader> o/
<linuxlove> i used a2dismod mpm_perfork
<linuxlove> and enabled e2enmod worker
<linuxlove> my apache has crashed
<linuxlove>  [mpm_prefork:notice] [pid 15351] AH00169: caught SIGTERM, shutting down
<linuxlove> i see this
<linuxlove> what should i do ?
<lordievader> Restart apache?
<linuxlove> when i restart apache
<linuxlove> i get error
<linuxlove> im on ubuntu server 16.04
<lordievader> Only that error above, or some others too?
<linuxlove> i saw that in /var/log/apache2/error.log
<nacc> linuxlove: that's not an error that's a log you restarted it
<linuxlove> when i restart i see
<linuxlove> Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.
<linuxlove> ubuntu245@ubuntu245:/var/log/apache2$
<nacc> linuxlove: ok, so pastebin those outputs
<linuxlove> https://pastebin.com/LK6mM5ZQ
<nacc> linuxlove: see the latter output
<nacc> linuxlove: your config fails the test
<nacc> linuxlove: iirc, check /var/log/apache2/error.log or so
<linuxlove> nacc,
<linuxlove> https://pastebin.com/j0X50Bzn
<linuxlove> its latest in error.log
<nacc> linuxlove: those segmentatin fauls are rather concerning
<linuxlove> what should i do now ?
<linuxlove> how can i find cause of error ?
<linuxlove> apache crashed just when i disabled mpm perfork and enabled worker
<linuxlove> this all i know at moment
<linuxlove> whats solution ?
<nacc> linuxlove: switch back to prefork?
<linuxlove> i did
<linuxlove> $sudo a2dismod mpm_worker
<linuxlove> $sudo a2enmod mpm_event
<linuxlove> but i cant restart apache2
<lordievader> How default is your (apache) config?
<MorpheusXNL__> any apache guru's in here
<thebwt> so wait: you disabled prefork and enabled worker which causes the crash; then you disabled worker and enabled event and it still crashes. Did you switch back to prefork ever?
<Masterphi> how do i allow a user to run reboot?
<sarnold> Masterphi: you can add a sudo entry to your sudoers file; it's a bit of a brutal manpage, though, so I suggest skimming to the end, reading the examples, and looking through the manpage to answer questions..
<sarnold> Masterphi: I have a feeling it'd be best to give the exact command line arguments you want the user to use in the sudoers file; without args means it can be called with any args, which might be a bit much
<Epx998> misery is our new datacenter
<sarnold> :(
<Epx998> chassis labels are merely rack locations, if you want to know what server youre looking at, nslookup the rack location
<Epx998> not so snazzy when trying to reimage 18 servers, not in a row
<Epx998> boss got us 10gb, i suggested we disable onbaord nics to WAR the ub bug with off board interfaces, was told no.. now go reimage said servers
<Epx998> you got to nslookup a rack location, swap cables, kickstart, rename interface, reboot and swap cables
<sarnold> so the label says "row 3 rack 10 server 22" rather than "s1292835" ?
<Epx998> racks are hot like the sun and no soda machine in this DC
<Epx998> dc2-04-12
<Epx998> as an example, row 4 slot 12
<Epx998> which is just a dns alias, so when you look it up, you'll get the real hostname
<Epx998> then we ordered dells without enterprise licensing or something
<sarnold> oh crap no idrac?
<Epx998> so forget remote console
<sarnold> DOOOMED
<Epx998> its wonky idrac
<sarnold> that's going to take more than a soda machine
<Epx998> this new manager we poached from google, hes great and data solutions but hes built out two DC's and i HATE going to either for these reasons
<Epx998> we hired 2 data center techs - soo us engineers could actually work - yet im still here at the DC
<Epx998> im just annoyed hehe
<Epx998> these dells have a serial port, i asked for a serial console switch, nopee. didnt get that either
<Epx998> the new VP of our business unit only cared about reducing build turn around time, so no one in charge is thinking about supporting the infrastructure we are building out, we are cutting corners and paying for it
<Epx998> make builds quicker, support the infra is an after thought
<Epx998> ok my rant is over
<sarnold> it was a good one though :)
<sarnold> me, I just bought the one machine for my basement, and when I saw that e.g. dell wanted extra currency for their remote console stuff and lenovo .. well, Icouldn't even figure out how to work the lenovo order forms, let alone be frustrated that they charged money for the remote access key ..
<sarnold> .. sent me straight to supermicro. super cheap. everything included. it's like staying at a cheap hotel that has fast and free wifi without hassles.
<Epx998> yeah my mgr who bought our first dells said we didnt need enterprise, i was asked if we need it, my answer was (yes if we want remote console)
<Epx998> that manager was in austin, not santa clara and his local DC was in his building where as mine are a drive away
<Epx998> then we hired a replacement but....... alas turn around times
<Epx998> supermicro eh
<Epx998> we trialed some microservers from them, seemed ok
<Epx998> remote was weird tho, the ones i liked the most were huawei - they were very helpful
<Epx998> our newer hp's have ilo licenses, which is nice - not sure why we didnt do it on these dells
<sarnold> no kidding? I got a giggle that huawei sells "datacenter in a box", a shipping container pre-stocked with servers and power and networking and whatnot. it arrives, you supply power and it does the rest.
<Epx998> oh wait so the issue is, its a non-shared port and we didnt order a switch to support the 2nd port for idrac
<Epx998> my last gig, we boughut supermicro premade racks and shipped them to the uk
<Epx998> plug n play - was kind of nice, but when working on supermicros, take aspirin and bandaids
<Epx998> try getting serials for asset tagging ha.
<sarnold> oh man no separate management network? that makes it hard to protect against bmc/idrac etc flaws :( maybe that's not a huge deal in a build farm, but still
<Epx998> nope - ive been asking for that since our first DC
<Epx998> 3 datacenters deep, no mgmt network
<Epx998> we dont even have a seperate network to our netapp
<Epx998> and we are huge data consumers across our network
<Epx998> thought is with 10g its ok
<sarnold> _today_ it's okay with 10g..
<sarnold> I had the impression most big sites were going with storage networks, 'application' networks, and one or two management networks (depending if they want something isolated for ssh to work on)
<Epx998> and done
<Epx998> sarnold: we are growing real fast, hard to plan everything - but there are 2 of us on this team. im the only guy who wasnt hired by trhis mgr
<Epx998> and im 8/10 times ignored, despite i have trhe most extensive datacenter bring experience
<Epx998> ok back to the office, i need a soda
<sarnold> see ya Epx998 :)
<tomreyn> Epx998-: here's the solution (well workaround) for the shitty management: get 'replacement' serial cables, cross connect servers using them, so you can still conect to servers when network links fail, and can at least have basic OOB management.
<tomreyn> the medium term goal is to get them fired, though ;)
<Epx998-> lol
<Epx998-> i like my workmates more or less
<tomreyn> two options: replace mgmt, or get yourself and your friends hired by someone with a clue
<tomreyn> the latter is probably a lot less hassle
<Epx998> well i dont want to sound rude, but that wont happen
<Epx998> for typical silicon valley reasons
<tomreyn> silicon valley = mgmt wont be replaced by people with a clue AND there ar eno other companies with less silly management who would hire you and your friends?
<Epx998> not exactly
<tomreyn> i'm not really into silicon valley, but i wasn't aware it's that doomed ;)
<Epx998> there is a trend here
<tomreyn> becoming clueless in management? oh right, i heard about your president.
<Epx998> ha there is that
<Epx998> middle americas fault that one
<Epx998> the coasts voted blue
<tomreyn> sure, silly con vally needs immigrants to grow cheap.
<Epx998> forgot what I was going to do with the rest of my date
#ubuntu-server 2017-07-20
<Epx998> day
<hehehe> folks
<hehehe> did you use dapperlinux?
<hehehe> correction https://dapperlinux.com/features.html
<patchobriar> Hi all. I have been muddling through apache2 for the past two days trying to get everything up and running properly. I still cannot seem to get my images to show up on the live site. I checked both my html and css code via validation service with no errors. Any hints on where to look online?
<fishcooker> is it normal to see this syslog verbose intensely like this... cmiiw, it seems related to the docker service http://vpaste.net/YcYc9
<cpaelzer> coreycb: FYI - I pushed the tests your zesty SRU on libvirt was blocked on, it is now good in pending-sru except waiting a few days more as usual
<sonu_nk> hi Does the SSL include XSS protection as well?
<cpaelzer> sonu_nk: no I'd think http://www.computerweekly.com/tip/Cross-site-scripting-explained-How-to-prevent-XSS-attacks
<cpaelzer> there are zillions of sources, this was just the first somewhat readable that came up on a search
<lordievader> sonu_nk: SSL does not provide any security for the contents of a page, hence XSS attacks are still possible.
<RoyK> sonu_nk: SSL, that is, TLS, is just transport safety, it doesn't do anything about bad code on the page, as lordievader says
<sonu_nk> ok
<station> whats a good webpannel for ubuntu server virtual machine host
<station> 16.04
<Masterphi> can someone confirm this is the right way of configuring automatic updates using automatic-updates? https://help.ubuntu.com/lts/serverguide/automatic-updates.html
<Masterphi> (I'm using an ec2 instance)
<Epx998> maas has its own channel probably?
<thebwt> Masterphi: Correct, unattended upgrades probably the most common way of doing automatic updates with apt.
<Masterphi> :+1: thx
<thebwt> Np
<supercool> Hi
<supercool> How do I untar a folder/file ?
<sarnold> tar tf filename.tar | less   -- make sure it will untar what you expect; then tar xf filename.tar
<supercool> sarnold: the compressed file uses .tar.gz extension
<supercool> It means the file is zipped then tarred?
<sarnold> supercool: these days tar recognizes several different compression formats, including gz, and 'x' works on the ones it knows
<sarnold> supercool: the other way around -- tarred, then gzipped
<supercool> So I keed tar tf filename.tar | less
<supercool> keep*
<sarnold> yeah; you don't want to be surprised if it has ../../etc/passwd in the tarball or something similar :)
<supercool> :D
<supercool> Alright, let me test it.
<drab> hi, I'm trying to do transparent proxying and also do transparent dns redirection using a box that's not the gw
<drab> any thoughts on the best approach?
<drab> right now the content filtering it's happening on the gw, a simple iptables REDIRECT from port 80 to 8080
<drab> but if I move the cf to another box that won't work since REDIRECT is local only
<drab> I could NAT, but that seems nasty to do on LAN, and I
<drab> 'd end up with double NAT (that + nat'ing again on the GW)
<drab> for dns, there's people with hardcoded dns's which I'd like to redirect to our internal one
<drab> so again outgoing requests to port 53 should be redirected to an internal server
<drab> is [D/S]NAT with iptables the best solution to this kind of thing?
<phibs> so i'm following https://help.ubuntu.com/lts/installation-guide/amd64/ch08s07.html and setting the boot parameter rescue/enable=true via PXE, but the installer keeps trying to preseed/install, any help appreciated.
<drab> phibs: just to be sure, hwo do you determine that the installer keeps trying to preseed/install? because that page you linked does say that a few screens of the installer will be shown
<drab> no note in the corner of the display?
<phibs> if I remove the earlycmd exit from my preseed, it asks partitioning questions etc
<drab> mmmhk, lemme try just out of curiosity, I have pxe here for installs, but never use it for recovery, for that I just boot a liveCD over pxe
<phibs> nod I hear ya
<phibs> also working on just building my own images with debirf as an alternative
<phibs> and thanks!
<drab> nope, that didn't work for me either... no clue why. not very helpful I know
<phibs> well, I feel better now at least.
<drab> what if you just use the shell during the installer? would that help?
<drab> it's just busybox, but maybe it's enough?
<phibs> Yeah i'm trying to present a nice environment for my techs to debug stuff
<phibs> so more control would be better
<drab> oh, I see
<phibs> (and them not having to do extra stuff)
<phibs> debirf built me a kernel/initrd, so it's possible that route will work nicely
<drab> liveCD is not an option? too much stuff to load? that would even give you a GUI if that's the kind of tech you deal with
<drab> oh, ok, had never heard about debirf, looks nice
<phibs> don't need/want a gui, a lot of times we're debugging with SOL (IPMI)
<drab> fair enough
<phibs> (otherwise yeah, good suggestion)
<drab> phibs: ah, I got it
<phibs> what you gotg!
<drab> phibs: I have a bunch of diff isos, server, mini, desktop and alternate
<drab> I had a hunch and tried alternate and the pxe param worked
<phibs> oh...
<phibs> yeah this is just using http://archive.ubuntu.com/ubuntu/dists/$DISTRO-updates/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/initrd.gz
<drab> lubuntu alternate install to be precise, "Rescue mode" popped up in the corner and it dropped me to the prompt to enter rescue mdoe as expected
<drab> yeah, that's what I tried too initially
<drab> and indeed it did not work
<drab> I also tried with server, same problem
<phibs> grr
<drab> actually lemme test once more just to be sure, but mini/netboot did not work for sure
<phibs> this is why we can't have nice things
<drab> ok, I was wrong, I guess I tried diff minis... server works too
<drab> so it's just the mini/netboot that does not work with rescue/enable=true
<drab> the others do
<phibs> hmm
<phibs> which exact one did you use, the installer initrd/kernel?
<phibs> (and did you specify a preseed url)
<drab> the way I set up pxe is: download iso, unpack, copy files to srv/nfsroot and then copy stuff from install/ to tftp etc
<drab> ubuntu-16.04.2-server-amd64.iso
<drab> using that iso
<drab> yes I used preseed to specify my internal mirror, language, etc
<phibs> ah ok, thanks
<phibs> we use pure initrd, no nfs
<drab> yeah that's what I do for mini/netinstall, but not for server/dekstop installs
<drab> and it seems you can't do rescue with mini/netinstall
<phibs> ;0
<drab> even tho since June I'm just using mini + ansible and haven't touched server/desktop isos once
<phibs> nice.
<phibs> we take the server ones and customize a bit adding other debs and tools
<phibs> thanks for your help btw
<sarnold> hey phibs :)
<phibs> sarnold: yo ;0
<drab> phibs: my pleasure, it was good to know
<drab> .o/ sarnold
<sarnold> hey drab :)
<drab> any thoughts about the transparent content filter question? :)
<drab> bbl
<sarnold> man I can't find the blog post from a pal that I thought would help. I've asked, but he might have gone to bed already.
<gheorghe_> guyssssss please add openstack-dashboard version 11.0.3 to the repos ... we just have 11.0.2 and this version has some major interface bug and you can't deploy istances with volumes... 11.0.3 was already published by openstack devs.
<gheorghe_> anybody know whom i can span with this request? are the guys who manage ubuntu packages here on irc? can we make their day bad so they push the packages faster? :))
<sarnold> gheorghe_: what bug number?
<gheorghe_> sarnold i can search if you want. should i? does this info help?
<sarnold> gheorghe_: issues with bug reports tend to get fixed faster than issues witohut bug reports; I was just going to see if the bug report looked at all useful, filed in the right place, etc
<gheorghe_> sarnold the bug got already fixed. the package is just not available within the ubuntu repo
<sarnold> gheorghe_: if there's no bug filed against an ubuntu package then no one will ever find out about it :)
#ubuntu-server 2017-07-21
<drab> sarnold: no worries, thanks for prodding him
<lordievader> Good morning
<gheorghe_> sarnold i can't find bug ID atm. so this means the patch will never be uploaded to the packages list?
<frickler> gheorghe_: you could create a new bug, similiar to e.g. https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1696133
<ubottu> Launchpad bug 1696133 in swift (Ubuntu Yakkety) "[SRU] newton stable releases" [Undecided,Fix released]
<frickler> jamespage: btw., will uca-newton still be updated even though yakkety seems to be eoled now?
<jamespage> frickler: it will yes
<linuxlove> how can i know how much is my volume for /
<dpb1> df -h
<silentcuboid_> Newbie here. problem getting for example "[" and "]" in terminal. Ubuntu server 17 in VBX on windows 7 bootcamp host on macbook pro. macbook keyboard swedish layout. Swedish characters works in terminal. ctrl + alt + 8 usually for "[" no it is "esq"-insert mode i guess.
<silentcuboid_> right alt+8 worked
<silentcuboid_> sry to bother
<drab> trying my luck again, any recommendation to redirect ports on a lan to transparently proxy stuff other than NAT'ing with iptables?
<drab> right now I'm doing transparent proxying using iptables REDIRECT target hosting the CF on the GW box
<drab> but REDIRECT only works for localhost and I'd like to move the content filtering to another box and then do the same for dns too so that it enforces the internal DNS (as opposed to just drop outgoing requests to port 53)
<hashwagon> If I edit /etc/hostname or use systemctl set-hostname why do I manually need to update /etc/hosts? Otherwise I get "sudo: unable to resolve host myhostname"
<rbasak> hashwagon: the system needs to know how to resolve its own name
<rbasak> Usually that's done in /etc/hosts
<hashwagon> I know it's just interesting that I need to manually edit it. * I realized I type systemctl, meant hostnamectl. Anyways with centos hostnamectl does it all in one command. Just wanted to make sure I wasn't missing anything.
<rbasak> I'm not sure how the fedora family handles self name lookups
<rbasak> The Debian family uses /etc/hosts, which AFAICT hostnamectl isn't defined touch.
<hashwagon> I see, thanks rbasak
<rbasak> cloud-init has some functionality to fix /etc/hosts with manage_etc_hosts, but this doesn't apply to non-cloud
<rbasak> Is the hostname the fqdn in fedora land?
 * rbasak doesn't recall
<ahasenack> if your hostname can be resolved by appending the "search" or "domain" bits from /etc/resolv.conf to it, then you don't need it in /etc/hosts
<ahasenack> that's how it works
<ahasenack> andreas@nsn7:~$ hostname -f
<ahasenack> nsn7.lowtech
<ahasenack> andreas@nsn7:~$ grep nsn7 /etc/hosts
<ahasenack> andreas@nsn7:~$
<ahasenack> it's a matter of dns configuration
<ahasenack> if your hostname is made up and not registered with dns, then you need an entry in /etc/hosts
<rbasak> That's true, but I'd say it's wise to have your system able to look itself up without a network connection anyway.
<rbasak> I've always put it in /etc/hosts even if it is available in DNS for this reason.
<rbasak> Otherwise maintenance with the network down is a PITA.
<sarnold> drab: https://ds9a.nl/tproxy/tproxy.md.html
<sarnold> drab: see if this helps?
<hehehe> hey people
<hehehe> how about using this for canonical and ubunti foundation https://buffer.baremetrics.com/ ? :)
<Epx998-> never a dull day
<Epx998-> Today deploy ub14 by hand for a build farm that has no unattended setup
<drab> sarnold: that's pretty cool, bookmarked it for the future, but not sure it's something I want to use right now because as far as I understand it would require modifications in the proxy code
<drab> ie the content filter would have to open the socket with IP_TRANSPARENT
<Epx998> I have a dumb question
<Epx998> If I convert a server from dhcp to static, aside from the interfaces file - should i disable any paticular service?
<drab> no, there's no dhcp client service to begin with
<drab> it's triggered from the interfaces file
<Epx998> Reason I ask, I forgot to add my nameserver entry to the interface file and noticed /etc/resolv.conf mentions the resolvconf stuff
<Epx998> ok let me add the dns junk and reboot
<sarnold> drab: re: modifications, that might not be hard, and might even be something e.g. the squid team would accept patches for
#ubuntu-server 2017-07-22
<hehehe> hey hey
 * hehehe looks aroun
<hehehe> any people for some reason active here? :D instead being in a bar
 * hehehe lights torch - hmm empty chairs, some manual about ubuntu, old shoes 
<hehehe> o well
<ewook> tsk tsk
 * hehehe looks at ewook . waves
<hehehe> :)
<hehehe> how are you?
<drab> sarnold: after asking around some more it seems that "the right way"[tm] is indeed NAT, at least that's what I've been told is routinely deployed and schools and other locked down places that do transparent http/dns whatever interception
<drab> overhead is supposed to be minimal, will watch and see what happens, I'll setup a test instance and take some timings with and without before redirecting all traffic to the new CF
<drab> wish upstream was more consistent so that timings wouldn't be all over the place, but I guess that's too much to ask when you're basically out in the sticks
<ewook> hehehe: almost sleeping thanks. and yourself?
<hehehe> playing with 1 app I made
<hehehe> :)
<hehehe> and about to make porridge
<ewook> drab: what was the question? *_*
 * helpbott drab welcome, operator ewook is here with you now
 * helpbott drab please restate your question or press 1 if you need more time
<phibs> anyone good w/ Polkit?  Trying to let systemd-networkd set the system hostname from DHCP w/o success :(  Getting: systemd-networkd[906]: eth0: Could not set hostname: Interactive authentication required.
<dribble> phibs: https://github.com/systemd/systemd/issues/4646 here
<dribble> :D
<phibs> yeah that hack seems to work
<phibs> I dislike it though, should be able to override somewhere cleaner :(
<SaneNurse> well dislike it :)
<phibs> now the suck part is, it only sets the 'transient' hostname vs the static one :(
<SaneNurse> !!!
<SaneNurse> write solution there
<phibs> I need to figure out how to make it set the static hostname (this is a PXE booted rescue image, and i'd like the hostname to be set proper so people knwo what host they are on)
<hehehe> since you said suck at free awesome solution I am skipping part 2 :P
<phibs> lol
<hehehe> there is 1 big linux forum folks there seems to know alot ;) :D
<lordievader> Good morning
<hehehe> hey hey
<hehehe> who here uses rocketchat and or caddy?
<hehehe> for some reason caddy yet to work with letsencrypt
<hehehe> in fact
<hehehe> snap.rocketchat-server.rocketchat-caddy.service: Start request repeated too quickly.
<hehehe> Failed to start Service for snap application rocketchat-server.rocketchat-caddy.
<hehehe> :)
<drab> ewook: transparent proxy with a box different than gw
<drab> and dns proxying, same thing, I need to transparently intercept outgoing queries for certain things (http and dns for now) and have them answered by local servers
<drab> and somebody actually just pointed out why NAT will screw me up because I have squid rules on src ip and that'd be gone
<drab> so it seems it's ip marks and policy routing...
<drab> but then i'm stuck again on the return path issue and asymmetric routing
<hehehe> ok fixed
#ubuntu-server 2017-07-23
<rose_> I want to know how to slim down xubuntu in console mode
<rose_> by default it uses around 250mb on a 512mb memory laptop
<rose_> but I notice that after running this game server for a few days I ended up having almost 0 mem left and like 25MB of swap file
<rose_> I have the game server running at 96mb
<rose_> or 20% of my ram
<rose_> come on!
#ubuntu-server 2018-07-16
<cpaelzer> good morning
<lordievader> Good morning
<cpaelzer> hi lordievader
<lordievader> Hey cpaelzer How are you doing?
<cpaelzer> lordievader: fighting my inbox after PTO before it steals my soul :-) so I'd say good
<cpaelzer> lordievader: and you?
<lordievader> Doing good here
<cyrils34> Hello All
<cyrils34> I'm new on ubuntu server. I have ha dedicated hosting on Go daddy with Ubuntu server 16.04 (no control pannel)  and i get some trouble for configure my dns and ssl. Did someone can help me ?
<tomreyn> cyrils34: hi, please discuss these issues in detail.
<tomreyn> just to understand where you're coming from: you say you previously had 'dedicated hosting', so this was a dedicated server / VM, managed by Godaddy (but you probably had a login, just not root access)?
<cyrils34> on go daddy website i get nothing for manage the server, i get only a button for restart it, else everything is made by ssh
<cyrils34> and i have root access
<tomreyn> ok, so effectively ouy already managed an ubuntu server before.
<cyrils34> I have follow some tutorial for configure the dns and ssl, but seems i've make some mistake, when i write my domain name on browser www.exemple.com, i get back my ip and not the www.exemple.com and ssl i get NET::ERR_CERT_COMMON_NAME_INVALID
<tomreyn> i will continue to subsitute www.exemple.com for your actual domain name, which i do not need to know for now.
<tomreyn> i will substitue 1.2.3.4 as the ip address www.exemple.com resolves to (as a result of running 'host www.exemple.com')
<cyrils34> ok
<tomreyn> you say "when i write my domain name on browser www.exemple.com, i get back my ip and not the www.exemple.com". does this mean that when you access http://www.exemple.com, does it redirects you to http://1.2.3.4 and your web browser shows this address in the address bar in the end?
<cyrils34> yes
<tomreyn> so it really shows your servers' ip address in the web browsers' URL bar in the end, are you sure? this is an unusual misconfiguration, if so.
<cyrils34> yes, i write www.exemple.com and on chrome i get 1.2.3.4
<tomreyn> so the address hown in the address bar actually updates to the ip address of the server, ok.
<cyrils34> yes
<tomreyn> do you have another linux computer where oyu can run some commands on?
<cyrils34> i have install ubuntu server 16.04 on my laptop for make some try, so yes i have
<tomreyn> so when you run "host www.exemple.com" on your laptop's ubuntu, does it say "host www.exemple.com has address 1.2.3.4"? does it say something else?
<tomreyn> anything about "CNAME" or "alias"?
<cyrils34> its show me an ip but not my hosting server . If i copy this ip to chrome, is open godaddy website where is a page for make a long url to short url
<tomreyn> ok, now try this (similar but not the same):
<tomreyn> so when you run "host exemple.com" on your laptop's ubuntu, does it say "host exemple.com has address 1.2.3.4"? does it say something else?
<cyrils34> also say exemple.com mail is handled by 0 mywebsite.com.mail.protection.outlook.com
<tomreyn> okay, is this wrong?
<cyrils34> no this is right
<tomreyn> and it DOES say "host exemple.com has address 1.2.3.4", right?
<cyrils34> yes
<cyrils34> but is not my address as what i said before, is give an ip and if i go on this ip is going to shortener.godaddy.com
<tomreyn> okay, so what you need to do is to update authoritative DNS for your domain name.
<tomreyn> oh there, too, ok
<cyrils34> ok, how to do ?
<tomreyn> this authiritative DNS service is usually run by the comapany where you rent your domain name.
<tomreyn> *authoritative
<cyrils34> i have buy the domain on godaddy only, then after x months i have buy a dedicated server on godaddy
<tomreyn> what you need to make sure is that both www.exemple.com and exemple.com point to 1.2.3.4 there.
<tomreyn> i am not a godaddy customer and can't guide you to their web panels for domain management.
<tomreyn> but they surely have some form of customer support for this.
<cyrils34> i will tell you what i have wait a little
<tomreyn> also, none of this has anything to do with ubuntu really (it is not specific to the operating system you run on your server), it's just about the basic workings of how hostnames are resolved to ip addresses on the internet. you should normally talk to godaddy for getting help with this.
<cyrils34> i have think my problem was with bind
<tomreyn> so you run a nameserver on your server. does it serve as the authoritative name server for your domain name? maybe you want to point us to the tutorial you have been following.
<cyrils34> the tutorial is a video in french, but i can copy to you the code i've write on the file of bind
<tomreyn> !paste | cyrils34
<ubottu> cyrils34: For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<tomreyn> (also, i could probably still understand at least the technical information on a french tutorial.)
<cyrils34> https://imgur.com/a/k0h3vdj
<cyrils34> https://imgur.com/a/sSVdv1s
<cyrils34> https://imgur.com/a/bRIjFcM
<cyrils34> that's the 3 files i've edit
<blackflow> cyrils34: can you pastebin them please?
<blackflow> and it'd be great if you didn't obfuscate anything so we can check what resolves where and how.
<cyrils34> ok wait
<cyrils34> and just for know, did i get an ssl error because the dns or the 2 problems are different ?
<blackflow> cyrils34: they're unrelated, the ssl error is about expired or invalid name certificate (you access example.com by https, and the cert is for anotherdomain.com)
<tomreyn> cyrils34: your SAO record, as seen on https://imgur.com/a/bRIjFcM , is most likely incorrect
<tomreyn> *SOA
<cyrils34> ah ?
<tomreyn> it says ksXXXXXXXXX...
<blackflow> I understood those are screens from the tutorial, not actual config files?
<tomreyn> oh, that's possible
<cyrils34> yes, im copying what i have change
<cyrils34> screenshot is tutorial
<blackflow> so please pastebin the actual configs you have?
<cyrils34> yes wait im doing
<tomreyn> you're not. ;)
<cyrils34> almost done
<blackflow> cyrils34: are you.... typing it out? O.o
<cyrils34> https://paste.ubuntu.com/p/2vvnqTxhRG/
<cyrils34> https://paste.ubuntu.com/p/JSK8cnncBQ/
<cyrils34> https://paste.ubuntu.com/p/tTHjqgHdvd/
<blackflow> cyrils34: you seem to have a different NS entry there. I'm guessing domaincontrol.com is not yours :)
<blackflow> cyrils34: so what are the NS entries on the domain at your registrar? that's why I asked you did NOT obfuscate data, so we can check the entire chain.
<cyrils34> the only thing i change is mywebsite.com and change number of ip by XXX
<cyrils34> all other is what i get
<cyrils34> in godaddy is write domaincontrol
<blackflow> cyrils34: your zone is wrong then
<cyrils34> ah ?
<blackflow> cyrils34: yes. when your domain name is resolved, your registrar points to IPs in the NS entries. Which NS entries are there? the server you run Bind on, or domaincontrol.com?
<lordievader> Brr, wildcard record
<blackflow> whoever is listed there, is authoritative for your domain. so either you do NOT have control with that Bind, or you do but your NS entry is wrong.
<lordievader> What is the actual domain  name cyrils34 is trying to configure?
<blackflow> cyrils34: also line 11 in the second pastebin does not look correct. That quote looks invalid. Should be  zone "mywebsite.come" { ...; };
<blackflow> lordievader: well I asked them NOT to obfuscate so I can check it, but no answer to that.
<lordievader> cyrils34: What domain are you trying to configure?
<cyrils34> hmmm im not sure to understand
<cyrils34> did you mean that i need not to configure bind because godaddy do it already ?
<blackflow> cyrils34: if you want any more help from me (and others here I assume) you will have to start telling which domain it is so we can check. Also you did not answer my question about NS entry at the registrar.
<blackflow> cyrils34: also consider NOT running a public server that can harm others on the internet, ESPECIALLY not a DNS server which can harm others VERY much if you don't know the basics of DNS.
<lordievader> Good point. Do make sure to disable recursion.
<lordievader> We have enough open resolvers on the internet ð
<blackflow> it's fun when you combine that with a cheap godaddy 1gbps piped "servers for masses" and turn it into a 1gbps udp gun for hire....
<ahasenack> rbasak: how do you usually verify Dropped changes from a delta, in a merge MP? Compare the new (logical) delta with the old one?
<rbasak> ahasenack: yes. I run "git log -p --reverse old/debian..logical/..." in a left window and "git log -p --reverse new/debian..merge-branch" in a right window.
<rbasak> Then for every commit on the left, I should see it mentioned in the new changelog and accordingly dropped, transferred or modified.
<ahasenack> ok
<ahasenack> let me try that
<rbasak> cpaelzer: bug 1487679 came up in my 180 day warning. IMHO, it's not critical. It's a relatively uncommon use case and one where users can be expected to tweak /etc as they need anyway. What do you think we should do about it? Just take it off our backlog? Anything else?
<ubottu> bug 1487679 in nbd (Ubuntu Xenial) "CRITICAL BUG: Breaking ordering cycle by deleting job NetworkManager.service/start" [Undecided,Triaged] https://launchpad.net/bugs/1487679
<blackflow> yuck!
<easyOnMe> hello everyone
<easyOnMe> just want to ask
<easyOnMe> what is the terminal command to implement all the config files in the sites-available folder to the sites-enabled folder
<easyOnMe> I only have one file containing all the vhosts directives with one main domain and the rest are all subdomain directives
<easyOnMe> please help
<cpaelzer> rbasak: yeah I think it is loosing the high-effort-VS-rare-case
<cpaelzer> rbasak: I'd be ok to remove it, but OTOH it is a valid case so you might add the bot-stop-nagging tag instead
<cpaelzer> if you think we would get to it one day
<cpaelzer> if not, lets be honest and state that we likely don't get to it
<blackflow> easyOnMe: I don't know apache tools (and I'm guessing it's apache from your question in #ubuntu), but those should all be symlinks, yes? if so, you can just symlink them manually
<easyOnMe> blackflow: how do I do that
<blackflow> easyOnMe: check the ln manpage  (man ln)  . something along the lines of        ln -s /etc/.../sites-available/foo.bar /etc/.../sites-enabled/foo.bar       -- I don't know exact paths or filenames involved, for each vhost in sites-available that you want to make enabled.
<easyOnMe> blackflow: thanks man
<Ussat> So, is the upgrade from 16.04 --> 18.04LTS avaliable at the moment ?
<Ussat> I would like to fun some tests with my test boxes
<Ussat> s/fun/run/
<blackflow> easyOnMe: so if there's more of them, maybe an onliner like this (make sure you understand what this does first):    cd /etc/.../sites-available/ ; for F in * ; do [ ! -L "../sites-enabled/$F" ] && ln -s "$F" "../sites-enabled/$F" ; done
<easyOnMe> blackflow: I did the first one but it says the file exists already
<easyOnMe> now I am tempted to copy the file from sites-available to sites-enabled
<blackflow> easyOnMe: no, the whole point of sites-available and sites-enabled is symlinking
<easyOnMe> exactly but the first command did not succeed
<blackflow> easyOnMe: but the file is already there you say, linked?
<easyOnMe> blackflow: what i mean is update the one in the sites-enabled
<easyOnMe> I did changes in the files in sites-available and they are not update in the sites-enabled
<blackflow> easyOnMe: I don't know what you're doing there.  your config _files_ should be in sites-available.   you then _symlink_ those you want active into sites-enabled. the point of symlinks is that you don't end up with TWO copies of the file
<easyOnMe> the sites-enabled files are still the old versions
<blackflow> and from what I understand, the tools that manage those, expect and require symlinks.
<easyOnMe> blackflow: I really do not know man
<easyOnMe> probably i messed it up
<easyOnMe> now I am trying to figure out how to correct what I messed up
<easyOnMe> any ideas?
<blackflow> well I just told you what you should have. if you have files in sites-enabled, instead of symlinks to their counterparts in sites-available, you should fix that first.
<blackflow> easyOnMe: btw, this sites-enabled/sites-available paradigm is specific do debian (and derivatives, like Ubuntu)  configuration of apache. it is _not_ mandatory by Apache
<blackflow> *to
<easyOnMe> blackflow: I see
<easyOnMe> but my subdomains are not working
<easyOnMe> all the subdomains keepon saying the error:
<blackflow> which means I'm assuming you're using the default config templates. which means the main apache config file should source from the sites-enabled (not sites-available!) directory for vhost configs.
<easyOnMe> blackflow: erver certificate does NOT include an ID which matches the server name
<easyOnMe> *server
<easyOnMe> until now I not resolve this issue
<easyOnMe> I am past my dinner time already
<blackflow> that's a bit beyond being ubuntu specific and should perhaps ask for help in #apache, on how to configure and use the Apache web server.
<blackflow> easyOnMe: is that a public server btw?
<easyOnMe> blackflow: what do you mean public
<easyOnMe> you mean online already
<blackflow> hosting sites or services available on the public internet
<easyOnMe> yes
<blackflow> eg. not in your LAN
<easyOnMe> no
<blackflow> right. so consider NOT doing that until you've learned how to manage Apache properly. Doing this and not knowing what you're doing, on public internet, can HARM others.
<npgm> I did a netinstall of 18.04 and got everything up and running very well. Realized I need 16.04 though, so made a netinstall usb with that and went to install. First issue: very slow install during the "preparing $package" phase.
<npgm>  Second issue: upon reboot I was dropped directly into an EFI shell. Tried following these instructions, no luck: https://askubuntu.com/questions/597213/bootable-device-not-found-after-clean-install-of-ubuntu-14-04-uefi
<npgm> Now, I try to boot from the install media again, and the display never comes up, I can switch to a separate TTY though, whats the default login creds for a netinstall iso?
<Ussat> easyOnMe, I would take that down untill you have it configured correctly
<Ussat> Just my opinion
<easyOnMe> Ussat: I see
<easyOnMe> it is only the subdomain that is not working well
<easyOnMe> the main domain is ok
<easyOnMe> and the subdomains are not yet open for use
<easyOnMe> it is just for testing only
<Ussat> Then I would test on a non live server
<Ussat> testing in prod is...not the best idea IMHO
<easyOnMe> I manage to achieve success in my local server but in the public server I just could not figure out what I missed doing correctly
<blackflow> easyOnMe: perhaps then start with actual problem you're having? Like, you're doing X, and expect Y to happen but instead, Z happens.
<easyOnMe> blackflow: that is what I am doing
<easyOnMe> witht he subdomain
<easyOnMe> but I cannot figure out how to resolve the errors I am encountering especially the one I just shared
<easyOnMe> that is the only one left to solve and I am good to go
<blackflow> easyOnMe: no, I mean explain here what you have and what you're trying to achieve.
<easyOnMe> easyOnMe: oh I see
<blackflow> for example, pastebin the errors you're encountering.
<easyOnMe> I wanted establish a subdomain and like subdomain1.example.org and expect it to show up on the browser when I hit enter
<easyOnMe> unfortunately it says:This page isnât working
<easyOnMe> sg.infinityls.org redirected you too many times.
<blackflow> easyOnMe: first of all, is the DNS for it valid and resolving to correct IP?
<easyOnMe> blackflow: yes
<easyOnMe> https://apaste.info/8D3R
<easyOnMe> just ignore the output for the back up file
<easyOnMe> it has been deleted already from the sites-enabled folder
<blackflow> easyOnMe: yeah and don't put files into sites-enabled
<blackflow> so, can you pastebin the actual vhost file you're using?
<easyOnMe> blackflow: I don't but for some reason the back up came out when I did apachectl -S
<easyOnMe> the back up became part of the output
<easyOnMe> I also do not know why it became included in the sites-enabled
<blackflow> probably syslog with crit(ical) level which is configured to go to console
<blackflow> wait, that is actually the contents of the file?
<Ussat> looks like a serious miss-paste
<easyOnMe> blackflow: virtual host config for the main domain and the subdomains
<easyOnMe> for port 443
<easyOnMe> and port 80
<blackflow> easyOnMe: yes, but is that.... no, wait. can you pastebin the _actual_ file?       cat /etc/.../sites-enabled/foo.vhost.conf | nc termbin.com 9999     and post here the URL you get       of course use proper path.
<easyOnMe> blackflow: its the same
<easyOnMe> i just changed the names of the subdomain and the main domain
<easyOnMe> basically what you see there that is it
<blackflow> that is not a correct apache config file syntax
<blackflow> easyOnMe: looks like you copypasted some output of grep or something.
<easyOnMe> blackflow: no that is the result of apachectl -S
<blackflow> easyOnMe: so why don't you pastebin the actual file
<easyOnMe> blackflow: because our work does not allow us to
<easyOnMe> we seek help but we are not allowed to pastebin actually files with real names
<blackflow> easyOnMe: then how do you expect anyone to help you?
<easyOnMe> so I changed it to subdomain and maindomain
<easyOnMe> so I do not get fired
<blackflow> I can't help you untill I see what your config is and what's wrong with it.
<easyOnMe> I see
<easyOnMe> but that is the best I can do man
<blackflow> btw.... this is not Ubuntu specific, so please direct all your Apache support request to #apache.
<easyOnMe> the mainDomain is the dns name
<blackflow> over and out.
<easyOnMe> subdomain are the respective subdomain names
<easyOnMe> ok no problem
<easyOnMe> thanks for the attention though
<Ussat> So, is the upgrade from 16.04 --> 18.04LTS avaliable at the moment ?
<teward> Ussat: not until the 18.04.1 release
<Ussat> ahh...gotcha, thanks
<teward> yep.
<blackflow> easyOnMe: I do have to ask what kind of work is that where you're not fired and are supposed to touch production machines with zero clue. all this smells like BS to me.
<easyOnMe> blackflow: it is just the names that are changed man I do not think it really matters that much
<Ussat> Yes, yes it does
<easyOnMe> how so
<blackflow> easyOnMe: when you have no clue how to configure apache, and are asking for help, don't assume you know what is or isn't relevant.
<easyOnMe> just following protocol here man
<easyOnMe> anyone its ok
<easyOnMe> sorry if it offends you
<easyOnMe> this is my first job
<easyOnMe> *anyway
<blackflow> I just don't buy it any more that you have a legit help request.
<easyOnMe> blackflow: I really do
<easyOnMe> the other day I got a good dressing down for similar case
<easyOnMe> so just learned some lessons too
<easyOnMe> anyway man its ok
<Ussat> I assume you have backups ?
<easyOnMe> yes we do
<blackflow> well if you're serious, I'd gtfo of there asap and find a better job, one that offers proper training and supervision, before allowing anyone to prod.
<easyOnMe> blackflow: I do but I am newbiew who will hire me with no experience at all
<Ussat> restore latest working GOOD backup, and test in test
<easyOnMe> Ussat: ok will do
<easyOnMe> thanks
<Ussat> Thats MY opinion
<easyOnMe> Ussat: I will take it from there though
<Ussat> and dont touch prod till you are 100% sure
<easyOnMe> Ussat: no problem
<blackflow> easyOnMe: but seriously, find another, more responsible company, before they dump on you the next Equihax and hang you out to dry.
<easyOnMe> blackflow: yeah in our country here I consider myself lucky man
<easyOnMe> a lot of people here have no work or job to speak of
<easyOnMe> for me with no experience having this job this is already a blessing to start with
<easyOnMe> difficult yes, but that is where all newbies start anyway
<easyOnMe> one year max and I am out of this company
<easyOnMe> this company is not that big too so they kind of hire people whom they can make the most out of
<easyOnMe> blackflow: anyway thanks dude for the advice
<easyOnMe> really appreciate all your help earlier
<blackflow> easyOnMe: the problem is not in not having experience. nobody was born with it. the problem is all the rest about it. esp. the cherry on top, of being unable to pastebin a config file, even with obfuscated domains.
<easyOnMe> blackflow: that was the actually config file already
<blackflow> that is not a valid apache config file, so no :)
<easyOnMe> the name of the file is 000-default-le-ssl.conf
<blackflow> easyOnMe: these are:  https://httpd.apache.org/docs/2.4/vhosts/examples.html
<easyOnMe> I got it from the /etc/apache2/sites-available folder
<blackflow> ServerRoot: "/etc/apache2"  is not a valid apache config stanza
<easyOnMe> blackflow: oh so sorry I got what you mean
<easyOnMe> man I am very sorry
<easyOnMe> I assume I pastebin the 000-default-le-ssl.conf
<easyOnMe> blackflow: man really sorry my bad
<easyOnMe> hang on
<blackflow> that still wouldn't look like a valid config file. apache config syntax doesn't have   keyword: value    stanzas
<easyOnMe> blackflow: yeah I agree so sorry man
<easyOnMe> brb
<blackflow> np
<easyOnMe> not to restart this laptop
<easyOnMe> hang on
<easyOnMe> blackflow: here it is man: https://apaste.info/Bm9W
<easyOnMe> thanks for the wait
<blackflow> easyOnMe: I don't see a redirect rule there that could explain that previous error. Did you try cleaning your browser cache? If there was a 301 there somewhere before, it could've been cached in your browser. Also, is there PHP involved that could explain any redirections happening that aren't visible in vhost configs?
<easyOnMe> blackflow: yes there is some php involve
<blackflow> and see, if you didn't obfuscate the domain name, now someone could try to connect and see the headers and progression of redirects...
<easyOnMe> i am using .htaccess too
<blackflow> oh .htaccess, check that too, it's config too
<easyOnMe> blackflow: are you familiar with codeigniter3
<blackflow> ten years ago I was.
<easyOnMe> blackflow: I am using it now and what I did was just to copy the application and system folders inside each subdomain folder
<easyOnMe> now to test one subdomain I tried performing the necessary config adjustments but to no avail
<easyOnMe> but when I did with my local server I got it running very well
<easyOnMe> blackflow: now I did apachectl -S and the error there states that there is no id matching the server name
<easyOnMe> so I came to the conclusion that the multiple redirect was the result of the failure to match the cert id with the correct server name
<blackflow> easyOnMe: can you pastebin    culr -v -s http://<your domain here> 1>/dev/null      run from a linux machine with curl installed, use proper subdomain, one that results in inifinite redirects
<blackflow> easyOnMe: no, SSL certs don't result in http redirects in any way.
<blackflow> btw, I typoed up here, it's curl   not    culr
<easyOnMe> blackflow: ok noted with thanks
<easyOnMe> blackflow: shall i use https instead of http
<blackflow> no, use http
<easyOnMe> ok
<blackflow> actually do both.   properly configured SSL should have a redirect from http to https anyway
<easyOnMe> blackflow: do I include the number 1 here:<your domain here> 1>
<Ussat> ya.....we just changed all our internal stuff to be https a,d http redirects to https
<Ussat> well, over the last month
<blackflow> easyOnMe: yes,   1>/dev/null is a separate param, redirects stdout to devnull.    in fact 1 is not needed,   >/dev/null shold work, but I like to be explicit about those
<Ussat> we have an internal CA for the internal stuff
<easyOnMe> blackflow: ok
<blackflow> easyOnMe: because curl will output the fetched site content to stdout, and we don't need that here, only hte headers (with -v) that are output to stderr
<easyOnMe> blackflow: https://apaste.info/trtB
<easyOnMe> that is the result
<easyOnMe> same for the other subdomains
<blackflow> easyOnMe: okay that's a 302 to https. now please do https
<easyOnMe> blackflow: that is https
<easyOnMe> please see line 1
<blackflow> oh right... well that's the problem there, you have a redirect back to itself.
<easyOnMe> blackflow: hang one
<easyOnMe> for the other subdomains its 402
<blackflow> HTTP/1.1 302 Found    and Location: https://subdomain6.example.org/
<blackflow> easyOnMe: please pastebin the file   /etc/letsencrypt/options-ssl-apache.conf
<easyOnMe> blackflow: for the other subdomains its 403 sorry
<easyOnMe> blackflow: ok hang on
<blackflow> 403 is okay, means you don't have a permission to view it, but it's not a broken redirect back to itself.
<easyOnMe> blackflow: https://apaste.info/9hVm
<blackflow> easyOnMe: huh, okay, so what about .htaccess files. Any redirect rules there?   RewriteRule   directoves?
<easyOnMe> blackflow: yeah but when I started configuring subdomain6 this issue occurred initially subdomain6 was also 403 error
<blackflow> *directives
<easyOnMe> blackflow: ok I will pastebin it too
<easyOnMe> blackflow: https://apaste.info/2lej
<easyOnMe> that is the .htaccess for subdomain6
<easyOnMe> which is very similar to the its mainDomain's htaccess
<blackflow> and that's it, lines 5 and 6
<easyOnMe> blackflow: why what about those lines
<blackflow> line 5 should have 80 and not 443 in the RewriteCond
<easyOnMe> ok
<easyOnMe> what about line 6
<blackflow> line 6 looks good if the idea is to redirect http to https and retain the URI
<easyOnMe> blackflow: so only line 5 change back to 80
<blackflow> I'm not sure about the RewriteBase, I'm a bit rusty in Apache....
<easyOnMe> i see
<easyOnMe> never mind let's see
<blackflow> btw, why is that in .htaccess.... ideally you should not have any .htaccess files. that is useful only for shared hosting environments when you want to allow users change httpd configs without touching the master config file
<easyOnMe> blackflow: that's what I learn
<easyOnMe> since I learned using codeigniter
<easyOnMe> blackflow: by the way we are back to 403 error
<blackflow> well at least the cycling redir is fixed :)
<easyOnMe> now the issue is that it does not use codeigniter's own index file
<blackflow> there should be apache error log somewhere, check in there what is it failng on
<easyOnMe> ok hang on
<blackflow> you need DirectoryIndex index.php   to tell apache to automatically assume index.php to be the index file, when one is not given
<blackflow> see, when you access http://domain.org/   you're technically acessing  /index.html, implicit through DirectoryIndex directive
<easyOnMe> blackflow: yes correct I agree in fact 403 will not pop out if index.html is around
<easyOnMe> the thing is the folders for ci such as applications and system are already inside the subdomain6 folder so by right it should look for the controller file right
<blackflow> and that's a whole new level of problems. configuring PHP for apache. I can't help you there, it's really been a while since I apache'd.   Best ask in #apache.
<easyOnMe> but it this case it did not
<easyOnMe> instead it tried to look for index.html instead of the main controller
<easyOnMe> blackflow: yeah I went in there but the guys there seem clueless or probably asleep
<easyOnMe> lol
<blackflow> Try adding DirectoryIndex index.php   to that .htacccess
<blackflow> oh wait.... you have Options -Indexes in the main vhost files.... try removing that too
<seizo> im trying to install ubuntu 18.04 server on an apu2c4 board, need to force it to use serial interface instead of gfx. how can i make changes to the install iso?
<RoyK> seizo: not sure, but something like console=serial(something) in the kernel line might do the job
<RoyK> seizo: hm - it's not the console that's the problem - it's TTYs - not sure how to enable serial TTYs during instaall
<oerheks> maybe a help https://help.ubuntu.com/community/SerialConsoleHowto
<seizo> RoyK: yeah thats what im thinking, trying to figure out how to edit the grub file on the read-only iso / live usb stick
<seizo> oerheks: yeah i found that, most of the info is way out of date :/
<npgm> I'm having some issues with a USB 3.0 ethernet adapter. The driver seems to be a bit buggy from what I can tell (kevent 12 error msgs). I'm running a fresh 16.04 install. Basically I need a USB NIC thats as reliable and plug and play as possible, the actual speed doesn't matter so much. Does anyone have a recommendation on something to pick.
<sarnold> npgm: I'd try 18.04 before giving up on the thing
<npgm> sarnold: ya, so given my use case its more cost effective for me to pick something that works, this is for a largescale deployment
<npgm> if theres some usb 2.0 NIC thats known to have a mature reliable driver on 16.04 thats much better for me
<sarnold> npgm: ah. then *maybe* the 16.04 LTS HWE stack would be a nice medium.
<npgm> sarnold: ya, thats not an option as well. :D sorry for all the constraints.
<npgm> is there some place I can look to find a list of _very_ well supported hardware?
<sarnold> npgm: heh, bummer :)
<Mystic_Reverie> any other ubuntu helps rooms anywhere?  the 'ubuntu'  people are such aloof snobs, im stuc kwith ubuntu and i dread going in there asking for help now.
<_KaszpiR_> Mystic_Reverie dont' expect better support, really
<Mystic_Reverie> ive had great support in here, when they are around
<nacc> Mystic_Reverie: also pleaes don't corosspost
<nacc> *crosspost
<nacc> Mystic_Reverie: your question has nothing to do with ubuntu server
<nacc> Mystic_Reverie: you just didn't like the answer in #ubuntu
<Mystic_Reverie> oh sorry wrong room.  im not corss posting , am asking fo a room that isnt full of nasty snobs
<Mystic_Reverie> im fine in other rooms, puppy linux ect
<Mystic_Reverie> some people in ubuntu had a nasty attitude problem
<nacc> Mystic_Reverie: that's not the purpose of this channel
<nacc> !alis | Mystic_Reverie
<ubottu> Mystic_Reverie: Alis is an IRC service to help you find channels. For help on using it, see "/msg Alis help list" or ask in #freenode. Example usage: "/msg Alis list http"
<hggdh> Mystic_Reverie: please don't go there
<Mystic_Reverie> get stuffed
<Mystic_Reverie> u need to learn hpw t otreat people
<nacc> lol
<Ragz> Hi all
<Ragz> anyone help with server migration from 12.04 to 14.04?
<nacc> Ragz: 12.04 has been eol for a while
<nacc> !eolupgrade | Ragz
<ubottu> Ragz: End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
<nacc> Ragz: you are better off reinstalling
<nacc> (IMO)
<Ragz> Thanks guys, only issue is i got word press sitting on it
<Ragz> and i dont have enough word press experience
<Ragz> tried migrating the dam thing but kept on failing due to one of it plugins which no one supports
<Ragz> spent most of the day trying to upgrade from 12.04 to 14.04 but mysql doesnt want to start
<Ragz> or apache breaks
<JanC> probably better drop that extension if you can then...
<JanC> or plugin or whatever it's called
<JanC> maybe replace it if possible...
<JanC> and do that before trying to upgrade...
<sarnold> JanC: ragz's been gone for a while :(
<JanC> I know
<JanC> maybe he/she will come back  :)
#ubuntu-server 2018-07-17
<Srgjames> #ubuntu-server
<Srgjames> erofl
<Srgjames> How the hell can i get Mod_rewrite or the Vitrualhost when using a vhost on 443
<nacc> Srgjames: hard to tell what exactly you are asking for, but: https://httpd.apache.org/docs/2.4/rewrite/vhosts.html
<Srgjames> nacc so instead of Login.php its just login
<nacc> Srgjames: you mean that http://.../login redirects to login.php? or you don't want to see login.php at all?
<nacc> *https://...
<Srgjames> nacc I have this file https://thorn.eveinterface.com/login.php but would rather people see https://thorn.eveinterface.com/login
<nacc> Srgjames: i don't think that's what mod_rewrite is for
<nacc> https://www.plothost.com/kb/how-to-remove-php-html-extensions-with-htaccess/
<nacc> though, maybe? it's limited to just the extension, afaict
<sarnold> mod_rewrite can do way more than just strip extensions http://httpd.apache.org/docs/current/mod/mod_rewrite.html
<sarnold> whether or not it *should* do those things is another question
<Srgjames> sarnold no clue why but I cant get it to work at all
<Srgjames> at least with extensions
<nacc> sarnold: sorry, i meant the above link, htaccess based rewrite
<sarnold> ah!
<nacc> sarnold: i'm not sure you can do more than the extension-based rewrite in htaccess
<sarnold> I never spent much time seeing what htaccess could do, those are re-read and re-parsed and so on every single request, so I pretend they don't exist because that's just silly.
<nacc> heh
<hehehe> sarnold: can you even code creatively?
<sarnold> no, too old now
<jak2000> hi all
<jak2000>  how to check if a port is open?
<sarnold> ss -l or netstat -lnp
<easyOnMe> blackflow: good day
<easyOnMe> I figure out the issue and it has something to do with codeigniter configuration
<easyOnMe> do you have any idea about it
<jak2000> sarnold:  https://paste.debian.net/1034013/
<sarnold> those are two separate commands. try them both.
<jak2000> sarnold: https://paste.debian.net/1034016/
<jak2000> the port 3306 is open?
<jak2000> sarnold
<jak2000>  if stop iptables i can connect to mysql if start cant connect...   how to open the port?
<lordievader> Good morning
<tobasco> anybody seen issues with masked systemd files before?
<tobasco> https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1782097
<ubottu> Launchpad bug 1782097 in redis (Ubuntu) "redis-server systemd unit file is masked and cannot be enabled" [Undecided,New]
<tobasco> coreycb: semi-openstack related since redis is used in the CI when testing bionic+rocky ^
<oerheks> did you edit /etc/redis/redis.conf and set supervised systemd ?
<tobasco> oerheks: thanks for the tip, setting supervised to "systemd" did not help, systemctl enable still fails
<oerheks> i found that on, https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-redis-on-ubuntu-18-04
<oerheks> umask gave no error .. curious
<tobasco> oerheks: weird, i spawned up a new bionic machine from vagrant and it worked
<tobasco> must be something puppet related that causes it to be masked or smth like that
<tobasco> wonder why i can't unmask though
<tobasco> oerheks: thanks for the help, I found the issue :)
<oerheks> tobasco, nice
<oerheks> is it just a glitch or ..?
<tobasco> oerheks: somehow related to puppet when installing the package, more of a workaround, don't enable it :(
<oerheks> :-)
<SomeT> anyone help me with the following step, step 6 at https://gitlab.com/tslocum/tinyib it says to set directories as writeable (https://i.gyazo.com/d3c5a3997a8aa3bf1db0f109df0f91b5.png) but what chmod number do I use for this and what command in Linux Ubuntu therein?
<lordievader> Writable for whom?
<SomeT> this is the thing thats confusing me I think...
<SomeT> it literally just says: CHMOD write permissions to these directories:
<SomeT> ./ (the directory containing TinyIB)
<SomeT> ./src/
<SomeT> ./thumb/
<SomeT> ./res/
<SomeT> ./inc/flatfile/ (only if you use the flatfile database mode)
<SomeT> then lists those directories
<SomeT> I presume it means to make them writeable publically?
<lordievader> That sounds like a bad idea.
<lordievader> Investigate who needs those right and only give them the rights.
<ducasse> SomeT: don't crosspost, it's rude and wastes other peoples time
<SomeT> I just crossposted because that other guy is crying in there
<SomeT> so he is getting all the attention about his graphics driver
<oerheks> SomeT, i still wonder who needs write permissions, the user, or a group, or php ?
<oerheks> that guide is pretty ... not saying
<SomeT> would it be all three?
<SomeT> so basically 776?
<lordievader> Like I said, investigate.
<SomeT> I cant
<SomeT> this is all the info I have
<lordievader> Is it code that is supposed to run?
<ducasse> contact the maintainer(s)
<SomeT> no
<SomeT> the folders are empty
<lordievader> Looking at the gitlab page it looks like a bunch of photos scripts. So whoever runs the php stuff on your machine needs write rights, most likely.
<oerheks> add it to the www-data group?
<lordievader> Depends on the setup.
<ahasenack> rbasak: hi, I didn't understand one thing about https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777
<ubottu> Launchpad bug 1249777 in sssd (Ubuntu) "libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation" [Low,Confirmed]
<ahasenack> rbasak: why are they installing the sss-sudo (name to be corrected) package if they do not want to use it?
<ahasenack> it just comes along because of dependencies perhaps?
<ahasenack> libsss-sudo*
<rbasak> ahasenack: I assume it's a Recommends so is coming in automatically.
<ahasenack> sssd-common indeed recommends libsss-sudo
<ahasenack> teward: hi, did you see https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1781971 ?
<ubottu> Launchpad bug 1781971 in nginx (Ubuntu) "nginx daemon should be provided in a package that doesn't have dependencies to systemd (or nginx-common)" [Undecided,New]
<ahasenack> wishlist?
<rbasak> I commented with a side note
<rbasak> But yeah, +1 for Wishlist
<ahasenack> thx
<teward> ahasenack: rbasak: saw, and replied.
<teward> there's a headache to consider here though
<teward> to do this we need to do three things at least:
<teward> (1) rename nginx-core (which is the 'upstream-provided modules only' version of nginx-full) to something else,
<teward> (2) each flavor of NGINX needs its own -core package
<teward> which means we go from nginx, nginx-{light,core,extras,full,doc,common} to nginx, nginx-doc, nginx-{light,ubuntu?,extras,full,doc,common}, nginx-core-{light,ubuntu,extras,full}
<teward> of which nginx, nginx-ubuntu, nginx-core-ubuntu, and nginx-common become Main included
<teward> (assuming that nginx-ubuntu is whatever name we rename nginx-core to)
<teward> (3) This makes maintaining this while merging from Debian that much more difficult
<teward> meaning as I said in my reply to the bug we probably have to permanently diverge in a non-mergeable way from Debian
<teward> not to mention the build rules currently don't take kindly to changing, we'd have to do some serious work on the d/rules to probably make this work
<teward> it may be the lack of coffee talking just now, but I'd be hesitant to do this without some heavy-duty discussions first
<teward> so the earliest I think we could roll this out would be *maybe* next cycle if we choose to do this
<teward> the key problem is nginx-{core,light,full,extras} all have different nginx binary applications in them
<teward> because not all NGINX modules are dynamically includeable
<teward> so to replace this so each of those flavors' nginx executables are able to be used independently in a 'core' package variant like MySQL does is a significant overhaul
<teward> and I can't guarantee it'll even be done by next cycle.
<teward> *my* suggestion would be to upstream this to Debian for their thoughts, and depending on what they do decide where we go next
<rbasak> teward: OK, thank you for your thoughts.
<teward> rbasak: not to say we can't do it, but it'd need thought out, adjusted, and heavily tested
<teward> that's the thoughts I have on it right now
<teward> I also have to get into the habit of version controlling the package (do we have it in git yet?)
<teward> (Launchpad VCS is... tricky to say the least... compared to github or such)
<teward> now, to be fair, I've got an idea of how this can be implemented.  It'll just be very tricky to get working properly...
<teward> rbasak: ahasenack: do you want me to proceed with prototyping this so we can see how the existing 18.04 package would have to be altered to work properly?  do we have a replacement name for the 'core' flavor that we have for NGINX?
<rbasak> teward: I suggest you hold on this for now, pending further discussion. Some of my colleagues are sprinting at the moment so it may not be for a week or two.
<rbasak> (given that Andres filed the bug, I suspect that it's because MAAS would like this facility from the nginx package; there may be other possible solutions)
<teward> rbasak: ACK
<sweb> my preseed command is return exit code 1
<sweb> here my command : https://paste.ubuntu.com/p/4YGmgJ82VR/
<l4m8d4> Is it possible to create a network bridge on a physical interface, and at the same time derive MACVLAN interfaces from it?
<RoyK> l4m8d4: yes - it's quite simple
<RoyK> l4m8d4: something like this https://wiki.debian.org/BridgeNetworkConnections
<sweb> https://serverfault.com/questions/922311/ubuntu-pressed-exit-with-code-1
<l4m8d4> RoyK: Ok, not sure if what I wanted is really what I need. I (will) have 2 containers and 1 vm (possibly more in the future) on the machine, and I have 1 physical NIC (eno1) that I want to devote completely to the containers and vm. Another physical NIC is used to directly connect the host to the network seperately. Would I be able to create 3 virtual NICs, bridge them with the physical eno1, then
<l4m8d4> "give" them to the containers and VM?
<l4m8d4> And also, would these be able to configure these virtual NICS themselves, assigning addresses, putting up and down, and so on?
<l4m8d4> Before, I planned on only containers, there I could just use MACVLAN with systemd-nspawn, which would do just that, without evem requiring a bridge, or any manual config on the host even. With VMs, I guess this approach wont work (it seems netplan can not configure macvlan that can be handed to the VM)
<RoyK> l4m8d4: kvm?
<l4m8d4> Yes
<RoyK> then just use that bridge
<l4m8d4> Ok. Systemd containers support connection to the brdige too, so that should be ok
<RoyK> in the vm setup, just connect to that bridge - it'l work - I use the same thing on a few servers
<l4m8d4> RoyK: Thanks, I'll try to set it up like this then!
<SomeT> having trouble getting php code to connect to my sql database
<SomeT> checked ufw and the port 3306 is open
<SomeT> I can't figure out what else is wrong?
<RoyK> SomeT: which sql server?
<RoyK> mysql? postgresql? mariadb? sqlite? mssql?
<SomeT> mysql
<SomeT> @RoyK?
<RoyK> SomeT: are you connecting from the same machine or another?
<blockflaw> SomeT: what kind of "Trouble"?
<SomeT> its a digitalocean dropley
<blockflaw> surely there's a specific error message to it
<SomeT> its a digitalocean droplet
<SomeT> one sec
<SomeT> give you more details
<blockflaw> wait, you're accessing your db remotely, over the public internet?
<RoyK> with cleartext password?
<RoyK> fun
<SomeT> no
<SomeT> well kinda
<SomeT> I am logged into a virtual machine
<SomeT> https://gitlab.com/tslocum/tinyib
<SomeT> I am trying to install this on a LEMP stack
<SomeT> via digital ocean
<SomeT> I got as far as step as step 7
<SomeT> on there read me
<SomeT> when I go to/imgboard.php
<blockflaw> doesn't matter where you're logged. the question is on which server is the php client and on which server is the db and is the traffic going over the public internet, or infact, any network between two different IP addresses.
<SomeT> https://gyazo.com/e879dd520f7e58d0eba7ee03c0635715
<SomeT> I get that error message
<RoyK> SomeT: can you telnet into port 3306 in that db server?
<SomeT> um never tried that
<SomeT> but I already checked ufw
<RoyK> SomeT: erm - you're missing a library
<blockflaw> mysql by defautl listens on localhost only, if I'm not mistaken? so... is this supposed to work between two different machiens or is all within localhost?
<SomeT> https://gyazo.com/dea0f3ef73de514c3a35d607f6e9a2cc
<SomeT> a library?
<SomeT> which one?
<blockflaw> mysql client lib for PHP otoh
<RoyK> the first thing you pastbinned was saying "mysql library missing"
<RoyK> pretty normal noob issue ;)
<spaces> hi guys, do we still need ondrej for PHP packages in 18.04 ?
<SomeT> wait I need that enabled?
<blockflaw> spaces: probably if you'll want 7.3 in a few months.
<SomeT> what thing
<SomeT>  https://gyazo.com/e879dd520f7e58d0eba7ee03c0635715 ?
<RoyK> php-mysql something
<SomeT> ah I see
<SomeT> one sec
<SomeT> http://zchan.net/test.php
<blockflaw> mysql PDO probably (as there's THREE mysql libs for PHP.... two actually I think one was discontinued with 7.x)
<SomeT> definitely the mysql library?
<SomeT> if you check that page for me
<spaces> blockflaw I wasn't able to install php-curl with the default repo's in 18.04, it failed, dependency and I came from ondrej
<SomeT> because I find it bit confusing to read
<blockflaw> SomeT: you got them all it seems, ont he _server_. where's the client? on the same machiine?
<nacc> spaces: you never "needed" ondrej
<SomeT> yeah
<nacc> spaces: you chose to require something that wasn't in ubuntu, which then made you need ondrej's repo
<SomeT> I usually just direct connect through pUTTy
<spaces> nacc 7.1 and 7.2 had some advanatges where 16.04 didn't had those
<blockflaw> SomeT: so, mysql and php (fpm) are running on the same machine?
<nacc> spaces: can you pastebin the exact output of installing php-curl?
<nacc> spaces: right, that's a *choice* you make
<SomeT> yes
<spaces> nacc I can see if it's tstill in my terminal
<nacc> spaces: ok
<SomeT> I don't care about the security to much at this stage
<SomeT> I am still learning ;)
<SomeT> I will make a not of your security advisement though
<SomeT> as I get where your coming from
<blockflaw> don't say that. even if you don't care, someone else cares that you don't and will gladly take over your machine and turn it into a 100Mbps UDP gun for hire.
<SomeT> besides it makes sense because thats how I do it locally
<spaces> nacc php-culr is sumlinked as you know: https://pastebin.com/Hd9bET7M
<SomeT> the amount I delete my servers anyway it dont matter so much
<nacc> spaces: you have ondrej enabled.
<nacc> spaces: don't use a ppa.
<SomeT> but anyway back on point, you said the mysql library is installed right?
<blockflaw> SomeT: if you don't install in your brain a security savvy mind and do it the right thing from the start, it'll be harder later to do so.
<spaces> nacc it was not enabled anymore
<blockflaw> SomeT: according to that phpinfo, it is.
<spaces> nacc earlier you needed appa
<SomeT> because php -m gives:
<spaces> *ppa
<SomeT> mcrypt
<SomeT> mysqli
<SomeT> mysqlnd
<SomeT> no just mysql
<nacc> spaces: yes you do.
<nacc> spaces: look at the output.
<nacc> spaces: `apt-cache policy php7.2-curl`
<blockflaw> SomeT: that's okay. also, pdo should be listed there
<SomeT> yeah pdo is on there
<nacc> spaces: if i had to guess, you didn't purge the ppa, and still have packages from it.
<SomeT> I am at a loss
<SomeT> like I even looked through the code to find whats bringing up that error message but could not find it
<SomeT> ohhh
<SomeT> actually
<SomeT> https://gitlab.com/search?utf8=%E2%9C%93&search=MySQL+library+is+not+installed&group_id=&project_id=6824919&search_code=true&repository_ref=master
<SomeT> didnt think to search using gitlab
<SomeT> if (!function_exists('mysql_connect')) is my key to solving this
<SomeT> question is which function?
<nacc> SomeT: do you just need to set TINIB_DBMODE to mysqli?
<nacc> *TINYIB
<SomeT> um
<SomeT> could be
<SomeT> one sec
<blackflow> SomeT: that tinyib thing is using mysqli, which you have according to that phpinfo
<SomeT> not tried that
<nacc> blackflow: i believe by default it might use 'mysql'
<SomeT> how do I even enter mysqli command line in ubuntu though...
<blackflow> I grep'd the source
<SomeT> I will try it and see
<SomeT> I tried to change to pdo already
<blackflow> oh wait, yes, it can use more than one backend....
<nacc> SomeT: took me about 5 seconds of reading their maing gitlab page
<SomeT> ok
<SomeT> Could not select database: Unknown database 'TinyIB'
<SomeT> I get that when I change to mysqli
<nacc> SomeT: that's a better error
<SomeT> I defined the database in the code
<SomeT> I thought it would auto create it
<nacc> dunno
<SomeT> but now my issue is I have no idea how to create a database in mysqli
<nacc> that seems more like a tinyib problem than an ubuntu one
<SomeT> only in mysql
<SomeT> yeah at least you got me that far thanks
<SomeT> is a better error
<SomeT> MySQLi is a replacement for the mysql functions, with object-oriented and procedural versions. It has support for prepared statements.
<spaces> nacc maybe indeed but installing curl itself fixed it all
<spaces> so I think a dep issue in the ppa packages
<spaces> old ones or so
<spaces> dunno
<nacc> spaces: no, it's because you have two repos setup
<nacc> and ondrej's versions are after ubuntu's.
<nacc> spaces: your issue is using a ppa you don't need
<spaces> nacc yes but taht would be no issue as it should get the latest ones but I think it was still looking for 16.04 packages and didn't match where 18.04 were newer
<SomeT> ok I fixed it
<spaces> between ppa en 18.04
<SomeT> I just went into mysql and created that database
<SomeT> thansk for the help
<nacc> spaces: i'm otp now, one sec
<spaces> nacc I'm at att now (at the toilet)
<spaces> more then one sec ;)
<blackflow> ...
<spaces> blackflow what's wrong with it, better let people know where you are, do you know how many people die on the toilet each year ?
<blackflow> a statistic I'm dying to find out.
<spaces> wot?
<blackflow> you asked if I knew how many people died on the toilet each year, no?
<blackflow> your rhetoric question was answered with a cynical, nihilistic sarcastic answer. sans smileys for a pokerface response.
<spaces> blackflow you say so but it happens a lot because people hold up too long and need to use pressure to get it out, some vane in your head can explode then
<spaces> kinda tricky, really when you get older
 * blackflow politely coughs and looks at the offtopic sign hung near the door.
<spaces> blackflow better know then find out when it's too late ;)
<spaces> nothing wrong on the side for a small talk
<blackflow> =)
<spaces> blackflow now I need to drink so I can pee out later on what I didn't hydrate and sweated out <- tip is drink from time to time :P
<DammitJim> is there a way to get a service status on Ubuntu 16 where it just prints the status and exits?
<DammitJim> (you don't have to press q to quit)
<RoyK> systemctl status <service>
<DammitJim> RoyK, I appreciate it, but when you do that, you'll see at the bottom: lines 1-14/14 (END)
<DammitJim> you need to press q to get out of that window
<DammitJim> meaning, the systemctl command in that case doesn't return you back to the prompt
<RoyK> dosaboy: it does
<RoyK> DammitJim: it does
<DammitJim> it does what?
<RoyK> DammitJim: it returns - or if not, just "true | systemctl status <service>"
<DammitJim> did you try it for yourself?
<DammitJim> even with true, it still doesn't return you to continue running more commands
<RoyK> I've never seen systemctl status not return
<DammitJim> try it and pastebin it... maybe I have configured something wrong
<RoyK> you paste bin it
<DammitJim> https://paste.debian.net/1034115/
<DammitJim> Again, I appreciate you trying to help, but please don't tell me that it returns when you haven't even tried it yourself
<DammitJim> because as someone who is trying to learn, it makes it even more confusing
<RoyK> it doesn't stop for a prompt there
<DammitJim> does it return to the prompt for you?
<DammitJim> paste bin it and let me see
<RoyK> it does
<RoyK> DammitJim: http://paste.debian.net/1034117/ <-- systemctl status apache2 - nothing else
<DammitJim> yup, yours doesn't return to the prompt either
<DammitJim> you can't run another command after it
<DammitJim> you have to press q or something to get out of that console
<RoyK> DammitJim: no
<RoyK> DammitJim: you're quite wrong here
<DammitJim> can you run the date command after that?
<nacc> spaces: i'm back now
<DammitJim> hey nacc
<DammitJim> do you know of a command on Ubuntu 16 where you can check the status of a service
<DammitJim> but the command returns you back to the prompt?
<sarnold> DammitJim: try this: PAGER=cat systemctl status lst-dash89-1
<nacc> DammitJim: do you want to just know if it's running?
<DammitJim> yes
<DammitJim> you know, use shell scripts and stuff
<DammitJim> the old way was running: service <service_name> status
<nacc> systemctl is-active?
<DammitJim> it would return something I can parse
<nacc> and --quiet if you don't want any output
<DammitJim> noway!
<nacc> parsing is alwways the wrong choice
<DammitJim> thanks man!
<nacc> use exit codes/retrun codes
<nacc> the textual output of those commands is not an ABI :)
<nacc> there is also is-failed, iirc
<DammitJim> yeah, you are right nacc... I was saying parsing because right now that was the only way I knew from looking at the huge output from systemctl <service> status
<nacc> sure
<nacc> DammitJim: i think the above is what you want, though
<DammitJim> now, is-active is not the same as running, or is it?
<DammitJim> I've seen the status say: active (<something else in here>)
<DammitJim> oh yeah, like: active (exited)
<nacc> that'd be a oneshot if so
<nacc> you can read the systemctl manpage to see
<nacc> the closest you can get to 'running' is is-active, afaick
<nacc> which just means it hasn't failed
<DammitJim> ok, great!
<nacc> if it is long-running, it's still running, if it's oneshot, well, it shot :)
<DammitJim> thanks! that's very helpful
<trekkie1701c> So is there a way to get the 4.15 kernel on 16.04 or do I have to go to 18.04?
<nacc> trekkie1701c: you should wait for 16.04.5 to come out.
<nacc> trekkie1701c: you can use the edge hwe kernel if you want, i think
<trekkie1701c> hwe only goes to 4.13
<nacc> !info linux-image-generic-hwe-16.04-edge
<ubottu> linux-image-generic-hwe-16.04-edge (source: linux-meta): Generic Linux kernel image (dummy transitional package). In component main, is optional. Version 4.15.0.23.25 (bionic), package size 1 kB, installed size 14 kB
<nacc> !info linux-image-generic-hwe-16.04-edge xenial
<ubottu> linux-image-generic-hwe-16.04-edge (source: linux-meta-hwe-edge): Generic Linux kernel image. In component main, is optional. Version 4.15.0.24.46 (xenial), package size 2 kB, installed size 10 kB (Only available for i386; amd64; armhf; arm64; ppc64el; s390x)
<nacc> trekkie1701c: please do some research, as that is not correct.
<trekkie1701c> I installed hwe a few minutes ago and I'm on the 4.13 kernel so...
<nacc> trekkie1701c: read what i wrote *again*.
<nacc> trekkie1701c: the *edge* hwe kernel.
<trekkie1701c> Alright then, I didn't realize there was a difference.  Sorry.
<ahasenack> hm, dpkg-buildpackage is complaining that I have changes that cannot be represented
<ahasenack> so far, a common mistake,
<ahasenack> but it's about .git/* content
<ahasenack> I've never seen that before
<nacc> ahasenack: pass -i -I
<nacc> iirc
<ahasenack> I never had to do that before
<ahasenack> could something in cosmic have changed?
<nacc> ahasenack: dunno, we pass it in git-ubuntu automatically
<nacc> ahasenack: it's actually an option to dpkg-source, iirc
<ahasenack> yeah, ignore certain default files/dir
<ahasenack> nothing recent in dpkg's changelog, I must have skipped a step without realizing
<Veus_uni> hello is there jshell for ubuntu? or something simular where i user would be logged into their dir, and not aloud to go out side of it, but able torun mono and screen
<sarnold> you could set the user account to have a specific shell, and create an apparmor profile for that shell..
<Veus_uni> how do you mean?
<Veus_uni> something like rbash?
<Veus_uni> i knoe with cpanel they have jailshell which will only let them go to /home/user, but will let them run almost anything
<sarnold> rbash is easy to bypass if you let the user run something like vim or mutt or screen since it's trivial to get to a real shell and then do what you want
<sarnold> nearly every useful tool lets you execute shell commands..
<sarnold> so that's why a stronger tool like apparmor is useful; it can confine the user beyond what a single "restricted" process is able to provide
<Veus_uni> with apparmor are the users able to view through ssh other folder other than thier own i,e if i have user1 in /home/user1 would they be able to see anything in /home/user2
<sarnold> if you wanted something that'd work on all users with the shell, you could write the rules like: "owner /home/*/** r," to let them read only files they own.. if you've got one user in mind, it could be "owner /home/untrusted/** r," to only let them read the files in their own home directory, IFF they own the file ..
<Veus_uni> ok i sort of get that, would they be able to run screen and mono, and be able to write in their directory etc, basically im creating a hosting service for a niche market, and the users need to access their own directory only, i.e read write, but able to execte things like mono and screen, and also editors like nano so they can edit .ini files in their directory
<sarnold> yeah, all that's possible with apparmor
<Veus_uni> would it also be possible to restrict the amount of ram and space a user can use with apparmor? i.e let the programs they use only use2gb ram etc, and only let them have 20gb space? i think quota will work for the space
<sarnold> you may also wish to investigate lxd; it uses the kernel's namespacing features to let you build a bunch of shared instances.. it's got less overhead than full virtualization, and is easier to admin / configure..
<sarnold> lxd would do resource limits easier; apparmor can set the rlimits on processes, but it's harder to work with aggregate limits that way
<Veus_uni> i had thought about that but went against it with the stuff needing mono etx
<Veus_uni> the ram limits its not a major must atm
<Veus_uni> with lxd how would the ip work? as the server will only have 1 ip, and that would need to go over all "containers"
<sarnold> hmm, I don't know how that'd work :/
<Veus_uni> looks like apprmor then, just need to know how to set it up ptoperly
<sarnold> Veus_uni: hm. I'm getting a bit dissapointed when tyring to find some good docs on how to use apparmor. the apparmor.d manpage is too detailed -- it's good for reference but poor for learning..
<Veus_uni> yeah im tryimg to read some atm
<sarnold> Veus_uni: the apparmor wiki is best ignored -- a lot of it is just notes for us for future development work, and it's not obvious which bits are which
<sarnold> Veus_uni: the suse folks have a nice enough chapter at https://www.suse.com/documentation/sled11/singlehtml/apparmor_quickstart/apparmor_quickstart.html -- but bits of it are specific to suse :)
<Veus_uni> yeah, im thinking of getting someone to make a profile for me, then use that as a template
<Veus_uni> grrr i need ubuntu though
<sarnold> Veus_uni: here's a profile that I've used for testing things before http://paste.ubuntu.com/p/T3vm8SB6Pv/
<sarnold> Veus_uni: if you cp /bin/bash to /tmp/bash and load this profile (store this file in /etc/apparmor.d/tmp.bash and then load it iwth apparmor_parser --replace /etc/apparmor.d/tmp.bash)
<sarnold> Veus_uni: .. you can then execute /tmp/bash, see what works, see what doesn't work, watch the kernel logs or audit logs for the DENIED lines to see how it works.. add lines as needed..
<sarnold> it's not a bad starting point to learn about apparmor anyway
<Veus_uni> brb need to nip down stairs
<Veus_uni> will do thanks
<Veus_uni> sarnold, dpes appamor work for users?
#ubuntu-server 2018-07-18
<sarnold> Veus_uni: what do you mean?
<sarnold> Veus_uni: users currently can't load their own policy, but we aim to address that some day
<Veus_uni> its seems to only restrict apps, im needing to restrict users
<sarnold> Veus_uni: aha
<sarnold> Veus_uni: so .. if you restrict the processes that a user interacts with to enter the system, that achieves much the same goal
<Veus_uni> it would be good someday but for my use not now, but im looking the is jailshell which can be installed on ubuntu which seems good, as i would need to do something like that, but would it run screen and also mono
<sarnold> Veus_uni: so, if you let users log in via ssh, then you make sure that the shell sshd starts for the user is confined (and make sure the built-in sftp server either doesn't let them in, or confine sshd..)
<sarnold> Veus_uni: if you let the user write their own mono or provide their own shell configuration file then those kinds of restricted shells are toys :(
<Veus_uni> yeah, basically, im wonting to provide shared region hosting for oepnsimulator, and thought of the idea from cpanel of jailshell, but its finding a way to make it work, i know cpanel uses it. but would it work on ubuntu and would it run mono and screen, as both is needed, the only other option would be to buy a bigger server and run vpn, but that would be too much to be honest,
<cpaelzer> good morning
<lordievader> Good morning
<Ussat> \o/ my private test lab is fineally done
<RoyK> Ussat: congrats - what're you going to test there?
<Ussat> Nothing in particular, I have my test lab at work, this is in VM's on my laptop, for more spur of the moment tests etc
<Ussat> kinda like "hey, lets see if this works" kinda things
<Ussat> it mimics my test lab at work
<Ussat> if that makes sence
<npgm> hi so I'm having difficulty getting a usb ethernet adapter to work with 16.04
<compdoc> npgm, does it show 'unclaimed' when you list with lspci?
<compdoc> or maybe lsusb
<npgm> compdoc: actually realized my issue. I had a really malformed interfaces file. Things seem to be working fine.
<compdoc> :)
<Veus_uni> sarnold, you about?>
<sarnold> hey Velus :)
<l4m8d4> Is it possible to install virtinst without all the desktop package dependencies? I wanted to install it on a server without a video card and it wanted to pull in all type of desktop stuff, which I obviously don't want
<sarnold> l4m8d4: consider uvtool instead
<l4m8d4> sarnold: So this acts as an image fetcher + vm manager?
<sarnold> l4m8d4: yeah
<l4m8d4> Is it possible to customize things like networking with uvtool? Is it compatible with machinectl?
<sarnold> configuring networking seems likely, no idea on machinectl
<hashwagon> Can anyone recommend me a channel to answer a CPU question I have? I'm wondering if the Intel Xeon E3-1220 (BX80662E31220V5) has a integrated graphics.
<Velus> hashwagon, it dont have intergrated graphic
<blackflow> hashwagon: https://ark.intel.com/products/52269/Intel-Xeon-Processor-E3-1220-8M-Cache-3_10-GHz
<blackflow> ark.intel.com is the best place to query info about CPUs
<blackflow> *about Intel CPUs
<Velus> thats what i checked blackflow and it dont have intergrated graphics
<hashwagon> Thanks, guys. That's a good website - I'll book mark it. Any suggested alternatives to this CPU that have IG?
<Velus> https://ark.intel.com/Search/FeatureFilter?productType=processors&QuickSyncVideo=true
<Velus> that will help you
<hashwagon> Excellent - thanks
<blackflow> Why quicksyncvideo? The search form can do Integrated Graphics  Yes/No
<blackflow> hashwagon: https://ark.intel.com/Search/FeatureFilter?productType=processors&FamilyText=Intel%C2%AE%20Xeon%C2%AE%20Processors&IntegratedGraphics=true
<blackflow> assuming you want a Xeon and not a desktop-y CPU
<l4m8d4> hashwagon: A lot of motherboards for xeon CPUs have an on-board graphics chip too, so in most cases the integrated xeon graphics is not needed
<Velus> sarnold, do you know of any way i can jailshell someone i did look at jail-shell but it lets people look around in ssh at other peoples files which i dont want to happen, i want them to be able to use other stiff like mono and screen and be able to work in thir dirctory but not others
<blackflow> Velus: ssh or sftp chroots
<blackflow> (that was about ssh, wasn't it?)
<Velus> yes
<Velus> ssh
<Velus> and i tried this thing from github called jail-shell
<Velus> brb break time
<blackflow> Velus: if it's over ssh, you don't need any additional software, you can chroot users.   Check out ChrootDirectory in sshd_config manpage. Note in particular the need to bring in the shell and any /dev/... stuff into the chroot, as needed.
<blackflow> which is not needed for sftp, so what exactly do you need there? sftp or full ssh access?
<sarnold> Velus: I strongly recommend skipping anything marked "jail shell" kind of tools. blackflow's suggestion of ssh'd chroot support is pretty good if you only care about ssh and want to maintain different environments for the users entirely
<nacc> and i definitely wouldn't use it from github
<blackflow> yeah, if exclusive to ssh "containment".
<Velus> its only over ssh its a server held in a data center, basically wanting to do shared hosting for opensim which is a virtual world so you need ssh access to set it up
<Velus> blackflow, lets say i have user john and user shaun on my server can user shaun kill a process that user john is useing
<sarnold> no, standard unix discretionary access controls will prevent that
<Velus> would they be able to see the porocess that they are using?
<sarnold> yes
<sarnold> there's a proc tunable ..
<Velus> ok
<sarnold> look through procfs(5) for the hidepid variable
<nacc> why not just put them in private containers?
<nacc> this seems like a lot of overhead just for isolation
<sarnold> nacc: I think Velus only has one IP address to work with so can't just pop everybody into their own lxd
<nacc> sarnold: ah, I'm sure you can do some trickery there, but I can see how that would be a limitation
<sarnold> (that'd probabl also be unfortunate if you had to have N copies of mono runtime / program loaded rather than just re-using the one copy..)
<nacc> yeah
<sarnold> cn you do hardlink tricks to have just the one copy in memory?
<nacc> in theory, you could share it from the host
<nacc> to each lxd, i think
<sarnold> .. well, that'd probably bust the moment once one of the users wants to upgrade or similar
<nacc> yeah
<nacc> i'd assume this is meant to be a rather restricted environment; maybe upgrades are not supported.
<RoyK> hidepid works well
<sarnold> hey RoyK :)
<RoyK> hi
<RoyK> sarnold: all well?
<sarnold> RoyK: yeah, pretty good :) I'm feeling ever so slightly overwhelmed with all there is to do, but such is life I guess :)
<sarnold> RoyK: how're you doing? :)
<RoyK> sarnold: good, thanks - just got myself a cr-10s - summer fun :)
<sarnold> RoyK: oh sweeet :D
<RoyK> sarnold: printing out a wee lampshade now - had one in glass that hit the floorâ¦
<sarnold> RoyK: heh, bummer about the old one.. but hooray :D
<RoyK> sarnold: openscad is neat
<RoyK> blender too, but a wee bit steeper learning curve
<rbasak> l4m8d4: uvtool is a front end to libvirt, cloud-init and image fetching. You can customise networking as much as libvirt can customise networking, which is the same level as virtinst I think (which also uses libvirt as the backend).
<blackflow> sarnold: btw, with single IP you can have sshd's in containers on different ports.
<sarnold> blackflow: mm interesting idea, do you know if that works with lxd?
<blackflow> but containers are really not needed and create a whole lot of different logistic issues
<blackflow> sarnold: not from personal experience, but I don't see why not. I do have such a setup on FreeBSD though. An alternative is bridged networking, internal IP per container, and some iptables magick for port forwarding.
<blackflow> that one I knwo from personal experince it works (though it was LXC, not LXD)
<sarnold> blackflow: aha, then I'd expect something similar to work with lxd, but might exceed the cost/benefit ratio ;)
<blackflow> it's defo an overkill, since you basically have to manage whole ostree sans kernel, per user.
#ubuntu-server 2018-07-19
<cpaelzer> good morning
<lordievader> Good morning
<sweb> how to enable blank screen on ubuntu server .. i use my old laptop as ubuntu server ... i need to blank screen on not activity mode
<blackflow> sweb: check out consoleblank=X kernel option, where X is number of seconds for the timout (=0 disables it)
<sweb> if i install ntp on my dedicate server do i need to install ntp for my virtual machines ?
<blackflow> sweb: you mean for VMs on that dedicated server? no, there's kvm-clock with newer kernels I believe...
<blackflow> sweb: yeah that's it. verify with   dmesg | kvm-clock   in the guest VMs
<wr> disk space size for a VM with isc dhcp, php, apache2 on a ubuntu 16.04 server?
<tomreyn> yes
<teward> wr: Dealer's Choice as to what disk space you want to provision.  :P
<sarnold> wr: I wouldn't go below 10 gigs, 20-30 might let you never think about drive space..
<teward> i'd not go below 20 GB IMO depending on what you're running on the apache and PHP parts.
<teward> though I'd probably have the DHCP server be its own separately
<teward> (IMO)
<teward> especially if this is a VM, you can split services up over multiple VMs
<RoyK> wr: doub you'll need much for dhcp alone - how many clients?
<RoyK> wr: dhcp only spends space on the lease file (which is minimal) and the logs (which may be quite a lot with a bunch of clients)
<l4m8d4> rbasak: I think I'll just use libvirt then, thanks!
<coreycb> jamespage: narrowed in slightly on the py3.7 threading issue: https://bugs.launchpad.net/designate/+bug/1782647
<ubottu> Launchpad bug 1782647 in Designate "py3.7 possible race condition in threading" [Undecided,New]
#ubuntu-server 2018-07-20
<wr> RoyK, about 30 (sorry just got back now)
<RoyK> wr: should be trivial
<RoyK> wr: at work we have 30k or so - works well on a single vm
<wr> RoyK, i think i'll use like 8Gb
<sarnold> seriously, it's the 2000. Splurge on a few extra gigs so you never have to clean up kernels when /boot fills.
<RoyK> sarnold: it's no problem to expand that later
<sarnold> in some environments anyway :)
<RoyK> sarnold: I'd say most - unless you refuse to use lvm :Ã¾
<sarnold> RoyK: I swear learning how to use lvm has been on my todo list for only a dozen years I'll get to it :)
<cpaelzer> good morning
<caribou> hello everyone; I just wanted you to know that I revived LP: #1662345 and took ownership of the bug
<ubottu> Launchpad bug 1662345 in qemu (Ubuntu Xenial) "smbios parameter settings not visible in guest" [Medium,Confirmed] https://launchpad.net/bugs/1662345
<caribou> it is a showstopper for us to deploy cloud-init on ARM64 and, since it works on Bionic, I'll try to identify the change for an SRU to Xenial
<ahasenack> caribou: ok, it definitely helps to have an arm64 host to try on
<caribou> yeah, we got plenty of that
<caribou> and a vested interest in fixing it :-)
<ahasenack> good combination :)
<hsn> i have ubuntu 12.04 what is end of support date?
<rbasak> hsn: see https://wiki.ubuntu.com/Releases
<rbasak> 12.04 is already EOL
<hsn> so support is only for 5 years
<rbasak> Correct.
<rbasak> Canonical provide additional support to its customers, but Ubuntu LTS for servers has always been five years.
<hsn> any linux distro has more then 5 years support? i have lot of linuxes out of support now here
<blackflow> hsn: https://www.ubuntu.com/support
<hsn> found this page https://linuxlifecycle.com
<sdeziel> hsn: this site doesn't mention ESM that adds 2y of support to an LTS
<Guest87713> I'm seeing lots of HTTP 404s that point to this website. http://t20.proxy-checks.com/favicon.ico: 1 Time(s) I'm running Nginx and don't have proxying configured. Should I be worried?
<blackflow> hsn: if you're willing to change the entire distro and go through everything that assumes (different logistics, different programs, different versions of existing programs, etc...), then you can simply just upgrade to next LTS every 5 years, if you don't wanna pay for extended support beyond 5yr.
<hsn> you will get different versions of programs after upgrade anyway no matter distro you use.
<hsn> i want to update as less as possible to major software versions because it do not earns any money
<blackflow> RHEL systems are radically different from debian/ubuntu based ones. you're not gonna change only program versions.
<JanC> actually, upgrading every 2 or 4 years will make it easier to upgrade than when you wait 8 years or more
<JanC> because even RHEL will run out of support one day, and by then everything will have changed so much you'll practically have to re-write all your code at once
<blackflow> definitely. Netflix had a series of talks about that, why riding on development version of the OS helps them achieve that. It's another extreme (riding on dev), but it's part of the same paradigm of frequent upgrades with small steps and less to test, than rare huge bumps with months of testing and software adjustment required.
<JanC> I doubt months of testing will be enough by then  :)
<blackflow> right now, switching from 12.04 to, say, 18.04 is far less work than going to RHEL/CentOS 7 which is a totally diferent platform.
<JanC> to get even just close to the same stability as a system that has been around for 10 years, you would be testing for years
<hsn> we have RHELs and Ubuntus here. Ubuntus for development and RHEL for software testing.
<blackflow> well yeah, in 10 years a LOT has changed, esp. in today's world of agile dev.
<blackflow> hell, just look at Fedora and how much it changes from realease to release. Fedoras are what RHEL is made of.
<arrrghhh> hey all.  How can I troubleshoot a service timeout?  My machine is taking a very long time to boot, I think it is waiting for a service to start and failing
<nacc> arrrghhh: systemd-analyze blame will help you know if that's the case
<arrrghhh> nacc, hm.  That is a great command, although perhaps you are correct that it is not the case - the longest service is 3.4s, everything else is milliseconds.
<nacc> arrrghhh: does the total time there match what you are experiencing?
<nacc> arrrghhh: as in, does it seem quite long
<arrrghhh> I saw some timeouts in syslog yesterday related to snappy/snapd.  I tried removing it, and I still have a slow startup... I'm not sure if snapd is required or not tho
<nacc> arrrghhh: well it is if you use snaps :)
<arrrghhh> nacc, no I'd say not.  I guess there is another reason for the slow boot... seems like a timeout somewhere since the system is just sitting idle for almost 5 mins while it boots
<arrrghhh> I don't think I use any snap packages
<nacc> arrrghhh: `snap list` will tell you
<nacc> and you can remove snapd if you don't need it
<arrrghhh> yea snap is not installed haha
<arrrghhh> "Command 'snap' not found"
<nacc> arrrghhh: what version of ubuntu?
<arrrghhh> 18.04
<nacc> arrrghhh: strange, happens every time?
<arrrghhh> nacc, yep.  It just started in the last few weeks... I don't think any changes were made, although I do randomly upgrade the system
<arrrghhh> I really like this systemd-analyze tho.  I wonder what else it could be if it's not a service timeout
<arrrghhh> wouldn't a NFS or CIFS mount timeout show in the syslog?
<arrrghhh> I don't think I have any... nope none in fstab at least
<JanC> arrrghhh: do you know at which point it hangs?
<JanC> sometimes if filesystems aren't unmounted properly on shutdown they can be slow to start up...
<JanC> database servers can also be slow to start up if they have lots of data to check
<JanC> (even more so if they are not shut down properly, of course)
<DammitJim> Do you guys know what gives a network interface the name eth0 or ens160, etc?
<nacc> https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
<nacc> DammitJim: --^
<DammitJim> thanks nacc
<blackflow> DammitJim: the default order tried is defined in /lib/systemd/network/99-default.link    This part is a bit less obvious.
<DammitJim> thanks guys
<DammitJim> so, I had to do the net.ifnames=0 change to a server so that it would use eth0 instead of ens160
<blackflow> yup
<DammitJim> this server happens to use keepalived and the configuration relies on eth0 now that everything is working
<blackflow> DammitJim: see NamePolicy=   in systemd.link(5) manpage
<genii> Consistent Naming is both a blessing and a curse
<blackflow> hear hear
<DammitJim> well, now when we try to do a recovery from a backup on the cloud, the interface is coming up as ens3 instead of eth0
<DammitJim> from what I understand, the could company doesn't use ESX, which is what we use, but they use KVM
<blackflow> yah ens3 sounds like virtio net KVM VPS
<DammitJim> so, I think the ethernet controller they are assigning it is an e1000 and not a VMXNET3
<DammitJim> how do I overwrite that (again)
<blackflow> DammitJim: should be virtio, check in dmesg
<DammitJim> thanks for listetning blackflow
<DammitJim> yeah, blackflow it changes to virtio if I change the controller from e1000 to virtio
<DammitJim> but my Ubuntu VM was build in ESX with a VMXNET3 controller
<DammitJim> I'm looking at the file you mentioned blackflow
<blackflow> DammitJim: wait, what is the problem exactly? IF you use net.ifnames=0 kernel option, it'll be eth0
<DammitJim> so, I would break it down in 2 things I did
<DammitJim> 1) The default Ubuntu install on ESX would show ens160 as the network interface, so I set net.ifnames=0 and biosdevname=0 in /etc/default/grub
<DammitJim> that changed ens160 to eth0
<DammitJim> 2) When recovering the VM in a KVM environment, the network interface is showing up as ens3
<DammitJim> so, how do I change it from ens3 to eth0 "again"
<blackflow> same way. are you sure you're booting with those kernel options?
<DammitJim> blackflow, how do you mean "same way" I already changed /etc/default/grub to use net.ifnames=0 and that changed ens160 to eth0
<DammitJim> so, the VM has that configuration now
<DammitJim> but when recovering the same VM in a KVM environment, it's not coming up with eth0, but with ens3
<DammitJim> even though I already have net.ifnames=0 configured
<blackflow> DammitJim: well are you sure that the kernel is given those options? what does    cat /proc/cmdline   say in that VM that doesn't change to eth0?
<DammitJim> as a matter of fact, dmesg says: virtio_net virtio0 ens3: renamed from eth0
<blackflow> DammitJim: note that /etc/default/grub per se doesn't do anything. it's a file sourced by update-grub that sets up the grub menu. is it possible different grub menu is used when you changed the VM?
<DammitJim> cat /proc/cmdline yields: BOOT_IMAGE.... ro quiet root=UUID=.... rootfstype=ext4 enforcing=0
<blackflow> DammitJim: yah, no net.ifnames=0
<DammitJim> that's a good question blackflow I don't know what grub menu is used by the KVM (DR)
<DammitJim> ok, cool! so, maybe when they recover the VM, they are passing a different parameter when booting the kernel?
<DammitJim> I can't tell what is being used within the VM< right?
<blackflow> DammitJim: you can force it yourself to test, in teh grub menu hit 'e' to edit the first line, navigate down to the line starting with vmlinuz, and add  net.ifnames=0 to it,   hit F10 to continue booting.
<blackflow> DammitJim: under KVM you should have full control over the booting process and grub options.
<DammitJim> Oh Ok... let me see what I can find
<DammitJim> but what you have provided is invaluable!
<DammitJim> where does one change the timeout to pick what kernel to load in grub?
<blackflow> DammitJim: in /etc/default/grub
<DammitJim> LOL.. thanks blackflow you are good
<DammitJim> I was just going there telling myself I shouldn't have asked until I confirmed that wasn't it
<blackflow> wasn't it?  did you run upate-grub after changing that file?
<DammitJim> ah, that's what I missed
<DammitJim> weird... I don't see a line that starts with vmlinuz after doing 'e' in the grub menu
<DammitJim> ok, I see a line starting with /boot/vmlinuz-4.4 etc
<DammitJim> but it has the parameters!
<blackflow> DammitJim:   linux /boot/vmlinuz ......         ?
<blackflow> ah yes, that one.
<blackflow> DammitJim: so, there's net.ifnames=0 in there?
<DammitJim> weird
<DammitJim> hold on
<DammitJim> it worked
<blackflow> I'm guessing it works now because you ran update-grub, which you missed earlier.
<DammitJim> no, I ran update-grub when I set net.ifnames=0
<blackflow> I assumed you knew you had to run it, because you mentioned you already edited /etc/default/grub and had what you wanted, under ESX.
<DammitJim> and that was working in ESX
<DammitJim> I didn't run update-grub when I changed the timeout from 2 to 20
<blackflow> DammitJim: so anyway, you have eth0 under KVM now?
<DammitJim> yes
<blackflow> great.
<DammitJim> they must have a bug in their system where they change the things they load to the kernel
<blackflow> DammitJim: as far as I know (could be wrong), under KVM you boot from the VM. It's not like Xen (sans pvgrub) with external kernel.
<blackflow> so it boils down to which /boot was used, under which hypervisor. one of them has /boot separate from root?
<DammitJim> hhmmmm
<blackflow> anyway, gotta run, bbl
<DammitJim> thanks man!
<arrrghhh> JanC, sorry moved computers... I'm not sure which point it hangs which is a bit of the problem.  Should I look at syslog?  It doesn't seem extremely helpful
<JanC> syslog might show what happens around the time it continues
<JanC> syslog or journald, of course
<arrrghhh> I guess I'll check journald?  Not familiar with that one.  syslog hasn't been extremely helpful thus far...
<arrrghhh> bbiab
<crandon> Today on a sever operated by someone else I faced the following problem: I created a .tar.gz with ordinary files, all owned by the user running tar, but could neither extract it, not list it's content with -ztvf. tar simply blocked and did nothing. Interestingly as root I could list the archive content just fine. Running an strace as both the regular user and root I found, that compared to where tar got stucked as regular user
<crandon> (some futex calls after getuid() and getgid()) as root the next calls initiated some mysql queries. The machine's nssswitch.conf is configured to use mysql. Any idea what could be misconfigured and how tar could be told not to do such thing?
<nacc> !crosspost | crandon
<ubottu> crandon: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.
<crandon> Sorry, I was told on the other channel to come here.
<nacc> crandon: i see that now
<nacc> crandon: does the system behave normally otherwise? what is the nsswitch.conf contents?
<crandon> nacc:
<crandon>        passwd: files mysql
<crandon>        shadow: files mysql
<crandon>        group:  files mysql
<crandon>      
<nacc> crandon: i see (switching to here)
<crandon> nacc: You mean like "--no-same-owner"? No I haven't, but those should be the default. Unfortunately I don't have access to the system right now (trying to be proactive here until I get access again)
<nacc> crandon: that's one idea, yeah
<nacc> crandon: i really don't know, sorry
<crandon> nacc: What I tried are --no-acls, --no-selinux, --no-xattrs
<nacc> crandon: hrm
<crandon> Ok, thanks. It's just annoying when you try to do some work and you got stuck on something like extracting a simple tgz...
<crandon> nacc: BTW even if I'd find some tar switches which allow the extraction I'd still be stuck as the problem is triggered when running pyenv to which I'm not sure how I could pass the tar options...
<crandon> nacc: Anyway, thanks for your time!
<nacc> crandon: yeah not sure; it's almost certainly while tar is doing some lookup
<nacc> crandon: i'm just wondering if the system is generally broken for that user
#ubuntu-server 2018-07-21
<benl90> hello, I want to ask about netplan, What's expected mapping error. I couldn't find in google anything about it. Thanks
<sarnold> can you give some context?
<MrCrow_> So, I have both the ufw firewall and my routers firewall configured so that my server is accessible to the external network. When I start and stop my service on the open port on my ubuntu server, http://canyouseeme.org/ reports that it can/cannot see the service accordingly. However, when trying to connect to the server with the specified port and the IPaddress of my server (which has that port forwarded to my server) nothing
<MrCrow_> I can connect through the LAN address and that port fine, but I cannot connect through the WAN address
<benl90> does your router port forwarding is enabled?
<sarnold> does the protocol in question have to think that it's actually listening on the IP address?
<MrCrow_> sarnold, you just gave me an idea - give me one moment and I'll see if that fixes it, if not I'll answer
<MrCrow_> nope that didn't help
<MrCrow_> So, I am running a minecraft server - I had the IP set to the local IP which, it technically is receiving information addressed to 192.168.1.x but that didn't help
<benl90> MrCrow_: Does you do port forwarding or not?
<MrCrow_> yes
<sarnold> MrCrow_: when you say "I cannot connect through the WAN address" -- are you testing from *within* the lan? or from outside?
<benl90> Hmmm he left
<IaMnEwHeRe> Hi there, I have a problem with the ubuntu-image on docker-hub, a) it does not provide the basic means to edit configuration, a simple editor would be a huge help( I know why it is not there(minimalizing the footprint)) but if I want to toy around with different ideas, this is a dealbreaker, because It would also require me to set up a registry
<IaMnEwHeRe> The problem I am currently facing is this one:
<IaMnEwHeRe> I see this output https://www.zerobin.net/?c4c6578a574c1982#Vkav1gAVwraWpOPVM4Wc+Y5NQ67Bxpkx8PsRbmlpwls= whenever I try to install packages(e.g. for diagnostic-purposes of other images in my setup)
<sarnold> does netcup.de sound familiar?
<IaMnEwHeRe> How do I mitigate this problem without having to setup my own registry?, I am running this image in a k8s-pod(docker being containerengine) image is pulled from library/ubuntu, different setup for pods is reachable from the outside and the pod's can talk to each other via services, So ATM I assume there to be no problem with netowrking
<IaMnEwHeRe> sarnold yes why?
<sarnold> IaMnEwHeRe: they own that IP address
<sarnold> it did'nt look like the usual IP addresses so I wondered if you were getting BGP hijacked or something
<sarnold> but maybe they did it intentionally
<sarnold> since you recognize the name, anyway :)
<IaMnEwHeRe> good point, didn't think of the checking the URL-resolution
<IaMnEwHeRe> I think they do it in connection with their own, base-install-images they provide
<sarnold> if you're lucky they stuffed it in /etc/hosts and you can remove it
<sarnold> if you're less lucky then I'm not sure what step to take next..
<IaMnEwHeRe> I think that solves the problem then, thank you very much
<IaMnEwHeRe> well first I will open a ticket :)
<IaMnEwHeRe> but seriously please consider adding a simple editor into the package for the ubuntu-base-image ;)
<IaMnEwHeRe> would be  huge help
<IaMnEwHeRe> sarnold, not in /etc/hosts....
<sarnold> IaMnEwHeRe: I know next to nothing about docker but I *think* someone at docker manages that image
<IaMnEwHeRe> so I will just drill down /etc/resolve...
<IaMnEwHeRe> hmm weekend is ahead and I have a door I can try to knock down :D thx
<sarnold> IaMnEwHeRe: http://paste.ubuntu.com/p/SjDSwSR4jp/
<IaMnEwHeRe> thx
<sarnold> IaMnEwHeRe: nano? pica? vi? emacs? joe? jed?
<IaMnEwHeRe> I am not picky, the one with the smallest foot-print will do, doing regular editorial stuff with plain sed, is a pain
<IaMnEwHeRe> and hard to remember
<sarnold> sed, easier than ed, but that's about it :)
<IaMnEwHeRe> never used ed
<IaMnEwHeRe> arghhh..... they even put  the DNS-resolving into systemd..... where are the good old times where you could just edit a file....
<IaMnEwHeRe> *happy* the old times are still here, the files just changed :D
<IaMnEwHeRe> sarnold, thanks again for the help, have a good one.
<LaserAllan_> hey guys
<LaserAllan_> how do I avoid getting apache installed on a freshly installed ubnutu amchinme?, i remmeber there were some weird caveats sometime ago where i installed Nginx and for some reason got apache installed allready
<blackflow> LaserAllan_: apache is not installed by default unless you deliberately install it
<rbasak> LaserAllan_: can you explain what you were doing that caused apache to get installed? It shouldn't do that normally. The closest thing I can think of is that some packages require a working web server, and that may default to apache unless you already have nginx installed or are installing nginx at the same time.
<rbasak> LaserAllan_: but apart from that, it's really hard to answer a question to avoid something that we know nothing about. If you can provide exact steps that lead to Apache getting installed when you don't want it, that would help.
<LaserAllan_> rbasak: I think it was that I was trying to install php fpm or something like that and then I guess I hadn't at the time installed nginx so i guess it installed php-fpm and apache?
<LaserAllan_> It is a few weeks ago
<rbasak> LaserAllan_: that sounds likely, yes.
<rbasak> LaserAllan_: so to answer your original question then, you can avoid that by installing all your packages in a single call to apt (or apt-get if from a script), rather than doing them one by one.
<blackflow> or have nginx installed first, so packages depending on either it or apache, will have satisfied deps.
<rbasak> Sure, but that only solves the specific issue of apache coming in. In the general case, there could be other choices you are making in your package selection too that are also different from the default that apt would otherwise pick. Installing your choices all together helps apt pick things that fit your entire set of preferences.
<xtuh> Hello, need some assistance with iptables.
<xtuh> please pm me
<blackflow> !pm | xtuh
<ubottu> xtuh: Please ask your questions in the channel so that other people can help you, benefit from your questions and answers, and ensure that you're not getting bad advice.
<rbasak> xtuh: people generally don't volunteer to help people for free like that. I suggest you ask your real question here. Use a pastebin for details if they are long. Then people may be able to help you in public depending on who is around and has time. If you absolutely require private support, you may that you need to pay someone for that.
<rbasak> you may _find_ that
<xtuh> https://pastebin.com/unfKMgEG
<xtuh> its the first time i had to use iptables, so i need to solve that quick and right. then, i promise, i will learn more. thank you. :)
<spinza> http://linux-ip.net/html/nat-dnat.html
<spinza> xtuh, ^
<xtuh> spinza: after command is typed is it became active immediately?
<xtuh> what difference in my example with example 5.6 ?
<xtuh> iptables -t nat -A PREROUTING -i venet0:0 -p tcp -m tcp --dport 33333 -j DNAT --to-destination 1.1.1.1:33333
<xtuh> iptables -t nat -A PREROUTING -p tcp -d 10.10.20.99 --dport 33333 -j DNAT --to-destination 10.10.14.2
<xtuh> goes to  > iptables -t nat -A PREROUTING -p tcp -d 10.10.20.99 --dport 33333 -j DNAT --to-destination 1.1.1.1
<xtuh> what is "-d 10.10.20.99" ip of server's wan port? can it be replaced by name?
<NotSoFastJames> I want to make a drive on my ubuntu18.04  server accesable to my client running genuine ubuntu 14.04
<NotSoFastJames> how to?
<ChmEarl> NotSoFastJames, what is the fs on 18.04? Why not try nfs?
<NotSoFastJames> chmearl so to facilitate availability across gnu systems i need nfs formating? i currently ran ext4
<NotSoFastJames> i thought it would be ok with ext4 since it is all linux since it is both ubuntu versions
<NotSoFastJames> I have been able to facilitate backups and network share in smb for my gf's windows machine but now i want to backup my own linux machine
<NotSoFastJames> maybe  I can give permisions to a newly created user ChmEarl and then given those permissions conect to the server drive for backups and the like.
<ChmEarl> NotSoFastJames, man exportfs
<blackflow> NotSoFastJames: no, nfs is Network File System, it's not on-disk format.
<tomreyn> the term "file system" may be misleading there
<tomreyn> so you dont need to reformat, nfs is just a way to make local file systems available on the network, an alternative to samba
<blackflow> exactly.
<tomreyn> NotSoFastJames: there are many ways for doing backups. if you can discuss what you want to backup, too, and which of these systems (ubuntu 18.04 server, system providing the backup storage, yet another system) you want to initiate and manage the backup process from, we can provide more suggestions.
<NotSoFastJames> tomreyn i want to basically mount the drive in question that is on my server on my local client which also runs ubuntu and the backup the entire client to the server drive with rsync
<NotSoFastJames> how  do i mount the ext4 drive ? permissions? ownership? setting up ext4 access for client?
<tomreyn> NotSoFastJames: rsync can work thorugh ssh with -e, this may be easier, no need for setting up nfs then
<tomreyn> alternatively, there is also rsynd for unencrypted network access
<tomreyn> NotSoFastJames: so if you will initiate / control the backup process from this local client, you can install openssh-server +rsync on the server, openssh-client and rsync on the local client, then ocnfigure a user on the server which has permissions to write to where you want to store the data. then you just need to run rsync on the client (probably as root, if you want access to everything) to sync the client to the server, logging in as
<tomreyn> theis new server user you created, via rsync+ssh
<NotSoFastJames> tomreyn can i
<NotSoFastJames> ty man
<NotSoFastJames> can i just use the comuters name as a new user?
<tomreyn> NotSoFastJames: sure, you'll still need to configure it, though, and ensure it has sufficient file system access privileges.
<Guest86863> ciao
<Guest86863> list
<xtuh> https://pastebin.com/eXqp3WSp
#ubuntu-server 2018-07-22
<MrCorvid> Hello! So, I want to make a script that, when called runs the "screen" command, which then upon creation runs the "optirun" command (from bumblebee, for controlling nvidia GPUs) which then runs the java command to run a program under optirun within the screen.
<MrCorvid> The issue I am having now is that when this happens, the java program crashes because it attempts to modify files that it cannot because it needs root permissions. So, I need to A) find a way to have the script give ONLY  either that optirun command OR that java command sudo privaleges (that initial script is being run with root privileges due to it being owned by the root folder, and also being accessed by systemd)
<MrCorvid> or B) make it so that jar can access all the files it needs without root without enabling ANYONE to modify or run those files other than root and this jar
<DWSR> Hey all, just curious how to do a completely unattended install of Ubuntu 18.04 Server. It looks like the installer has changed away from d-i.
<sacarde> hi
<sacarde> is true that: networkd contains its own in-built DHCP client implementation ?
<sacarde> can I disable? or set static IP ?
<blackflow> sacarde: yes, and of course.
<blackflow> it only means you don't need dhclient or similar, if you want dhcp.
<sacarde> I have a proble, I set in "interfaces" only a static ip
<sacarde> but when system start it get a dhcp ip too
<blackflow> which Ubuntu?
<sacarde> ubuntuserver1804
<sacarde> I remove dhcpcd dhclient pkgs
<blackflow> 18.04 no longer uses /etc/network/interfaces,  which is part of "ifupdown" package. It uses netplan, which is configuration abstraction tool that works with backend: networkd on servers, and NetworkManager on desktops.
<blackflow> But you don't have to use neplan either, you can configure a .network unit directly, for networkd.
<blackflow> !netplan
<ubottu> Netplan is a network configuration abstraction renderer which uses YAML descriptions of a network to work with either a NetworkManager or Systemd-networkd "renderer". More information at https://netplan.io/
<sacarde> can you show me an example? static ip without dhcp
<blackflow> sacarde: click that link
<sacarde> ah ok
<SlowJimmy> is nfs the only way to mount a drivepartition from the server  on my client machine? or can this be done in ext4?
<blackflow> SlowJimmy: ext4 is on-disk filesystem, nfs is network "filesystem" that works with any underlying on-disk one. One alternative to nfs is samba.
<SlowJimmy> blackflow can i convert ext4 to nfs without harming the preexisting data?
<blackflow> SlowJimmy: no, nfs does not exist as an on-disk format. there's no mkfs.nfs. nfs is a system that allows you to export one directory, over the network, mountable as if it was local, onto another machine
<blackflow> it's actually more than one directory, so called "exports", but the gist is it works like that.
<SlowJimmy> so it is similar to samba but just for real computers not just windows?
<SlowJimmy> i see, i dont have a man page but i will just read up on nfs somewhere they are bound to talk about how i can share the ext4 partition
<blackflow> smb/cifs and nfs are protocols similar in functionality, yes.
<SlowJimmy> i mean if i understand right, then i can just follow some procedure or list of steps and use nfs to make the partition available
<blackflow> pretty much, yes.
<SlowJimmy> man you cant imagine how invaluable your help has been
<blackflow> you don't have to convert anything, you just export some directories, over the network, to anotehr machine.
<SlowJimmy> that will do wonders for my backups
<ducasse> !nfs | SlowJimmy see this
<ubottu> SlowJimmy see this: nfs is the network file system. See https://help.ubuntu.com/community/SettingUpNFSHowTo for information on installing and configuring NFS.
<blackflow> SlowJimmy: note, however, there's no TLS or encryption involved, so if you're doing it over the public network, you'll need to take additional steps.
<SlowJimmy> didnt have a man page for nfs on sys
<blackflow> (nfsv4 can do some encryption with kerberos, but what I mean is, it's not there by default)
<SlowJimmy> how do i protect against somebody somehow sitting on my internal network?
<SlowJimmy> or what if one of the clients is infected?
<SlowJimmy> then all my data is fair game?
<SlowJimmy> can you tell with the network conenctions and so forth if somebody is accessing your network who shouldnt be?
<blackflow> if you don't trust your network then treat it like public internet
<blackflow> SlowJimmy: that's why you set up authentication and encrypt connections. NFSv4 is capable of that.
<blackflow> or use something like VPN tunneling
<SlowJimmy> i have a question regarding authentication, if you use keypair authentication for ssh and a password is the password still cleartext?
<SlowJimmy> oh ok i will try to set everything up that way
<SlowJimmy> better safe than sorry
<SlowJimmy> also if you got a keypair set up... how do you prevent your privatekey falling into the wrong hands?
<SlowJimmy> i mean if it just sits on a client wont it be a risk because once that client is compromised then basically the server and withit the whole network?
<blackflow> you're asking overly broad questions. with ssh keys you have private and public keys. you can share the public one freely, and you protect the private one with a passphrase.
<blackflow> you keep that private as protected as possible, and teh passphrase is there in case of it being stolen or compromised, teh attacker would still need to know the passphrase to use that key.
<SlowJimmy> blackflow but wont that be useless if the computer you use to conect with to the server has been compromised? i mean wouldnt they be able to just copy the private key and key log the pasphrase?
<blackflow> so public keys are form of 2FA in itself. something you know (the passphrase to even use the key) and something you have (the key itself).
<blackflow> "log the passphrase"? only if they somehow see you type it in.
<SlowJimmy> so if they got my system compromised with a trojan wotn they be able to use keylogging functions of that malware to basically record the keystrokes?
<blackflow> in theory, yes.
<SlowJimmy> i mean if one of the clients i use to ssh in is compromised isnt then the whole system gone?
<SlowJimmy> i mean server and all other clients?
<blackflow> but they'll also need to get that key in order to use it.
<SlowJimmy> but wouldnt that be easily done with a keylogger?
<blackflow> no. like I said, you give public keys to the machines you log into. public keys work only in conjunction with your private key, so if the public key is stolen, nothing bad happens.
<blackflow> pubkey auth is a form of asymmetric encryption. it takes one key to encrypt and another key to decypt. one key cannot be used for both. in this particular case, the private key you keep to yourself,  protected, and the public key is given out to machines you ssh into.
<SlowJimmy> no i know, i just am not clear how the private keys sittig on the clients isnt a huge security risk?
<blackflow> the private keys shouldn't be "sitting on the clients", if "clients" are machines you SSH into.
<SlowJimmy> no i mean the clients is what i use to ssha into the server
<SlowJimmy> the server has the public key
<SlowJimmy> and the client has the private key
<blackflow> you can even do this. put your private key on usb. with ssh-agent running on your local machine, you instert the usb stick once, unlock the key (ssh agent remembers it), and you can remove the USB. that machine can now use the ssh-agent to access remote machines with that private-public key pair.
<SlowJimmy> basically my lapto ruig ubuntu has a pricvage key and my server has the public key but if somebody takes over my desktop with the private key isnt then the whole system lost?
<blackflow> but yes, if tha "client" is compromised, if the ssh private key is stolen, if the passphrase for the private key is easy to guess or tortured out of you,    ur dun goof'd.
<SlowJimmy> wait but if the desktop is just in any way compromised then the private key is bound to be just simply copied by the attacker and they can easily isntall a keylogger to capture my passphrase, no?
<blackflow> in fact, a few years ago there was an attack on servers noted on webhostingtalk forums, servers with tight security and pubkey auth were being compromised. the conclusion was (and I don't know if it was every 100% confirmed)  that there was a trojan that stole those private keys, the admins were windows users, and itw as in conjunction with how they used putty.
<SlowJimmy> so in this keypair authentication it all hinges on the assumption that your desktop runing ubuntu is not compromised or has a trojan or whaterver they use
<blackflow> SlowJimmy: yes, but..... balance of probabilities.
<blackflow> in fact, this is ONE reason why I run custom AppArmor profiles that forbid any app with network access, from touching ~/.ssh/
<SlowJimmy> and the usb thing does not help since once compromised they do not need to have access to the usb costatly only once woudl be enough...
<SlowJimmy> and they would not have to be connected to do that either
<SlowJimmy> blackflowâº that is excellent
<blackflow> and that is why security is hard.
<SlowJimmy> you prevent any connectable services from acces to the privatekey
<SlowJimmy> what though if one app that has no internet touches your private key and then hands it to the other buddy app that has internet
<blackflow> then I'm compromised.
<SlowJimmy> so does your apparmor increase security then?
<SlowJimmy> i mean it seams like there is a way around it
<blackflow> it does. any intrusion vector shut down, even if not 100%, is increased security. security is not black and white, never 100%. it's a process.
<blackflow> given enough time and money, there's always a "way around", even the best security in the world.    https://xkcd.com/538/
<SlowJimmy> cant one reduce any ssh activity to a life cd?
<blackflow> "life cd"?
<SlowJimmy> like make a custom live cd of ubuntu make sure it is md5 checksumed and all, and then put the private key on that, bur it to disk and then onyl physical access will grant them access to the private key
<SlowJimmy> who ever them is...
<SlowJimmy> liek you only ssh into the server with this live cd and have noother copies of the private key than on the livecd itself
<blackflow> that's one way to make it more secure, yes
<SlowJimmy> does this aproach have security holes too?
<blackflow> but then... openssh itself could be found (and has been in the past) vulnerable.
<SlowJimmy> i see that if your original copy has been tempered with yes...
<SlowJimmy> but you can md5 checksum to make sure
<SlowJimmy> somewhat...
<SlowJimmy> oh
<blackflow> so your remote machine is compromised, an openssh vuln exist, you connect to that machine, poof your keys are stolen. (hypothetically, if such vuln existed)
<SlowJimmy> i mean you cant run a server off of a livecd
<SlowJimmy> or can you?
<blackflow> so the bottom line is, you cover as many vectors as you can, but it's never 100%. there will alwys be something, somewhere, lurking, that can potentially compromise you.   a visit from the attacker with a $5 wrench, included.
<blackflow> you can run read-only stateless servers yes.
<SlowJimmy> wait why the live cd in the first place? cant you basically write a script that md5 checksum the system and asks you to sign off on any changes and maybe show those changes to you, sort of liek a firewall for making changes to the system
<blackflow> which may or may not be feasible depending on what they do
<andol> Not to mention, that there are all kinds of precautions you could take, but wouldn't neccesdarily be practical, since they would make your server less useful.
<SlowJimmy> and if there is an unallowed change it reverts the system back with rsync
<blackflow> andol: indeed.
<blackflow> SlowJimmy: sure, check out AIDE
<blackflow> !info aid
<blackflow> !info aide
<ubottu> Package aid does not exist in bionic
<ubottu> aide (source: aide): Advanced Intrusion Detection Environment - static binary. In component main, is optional. Version 0.16-3 (bionic), package size 706 kB, installed size 1986 kB
<SlowJimmy> blackflow well i just want to be reasonably secure the guy who made the effort to physically visit me at that point i am beate
<SlowJimmy> beate
<SlowJimmy> beaten
<SlowJimmy> literally
<SlowJimmy> this AIDE does add all kinds of paranoid security measures?
<SlowJimmy> nice!
<SlowJimmy> blackflow what book can i read to get on top of this?
<blackflow> no, it's essentially a database of checksums and various other file properties, and then you do frequent runs and it reports what changed about the files in the db.
<SlowJimmy> liek to know where the weakess of my system are liek what you said earlier with the openssh vulnerabilites and such
<blackflow> like that md5 script you mentioned above, md5 being just one thing it does.
<SlowJimmy> black omg that is sweet!!!
<blackflow> SlowJimmy: for THAT though, check out Snort.
<blackflow> !info snort
<ubottu> snort (source: snort): flexible Network Intrusion Detection System. In component universe, is optional. Version 2.9.7.0-5build1 (bionic), package size 678 kB, installed size 2148 kB
<SlowJimmy> couldnt you combine this with your current ssh protection?
<blackflow> sure
<SlowJimmy> check for any file changes evertime your ssh folder is accessed
 * andol thinks SlowJimmy would benefit more from general sysadmin understanding, and less from specific tools.
<blackflow> Snort goes as far as monitoring traffic in real time and detecting patterns of known or potential malicious behavior
 * blackflow agrees with andol 
<SlowJimmy> it is very soothing to lear about these tools though
<SlowJimmy> to know there already is a way to deal with these issues
<SlowJimmy> i am i the process of readig several gnu/linux server adming /network administration books
<tomreyn> for any complex problem, there is always a more complex partial or full solution. ;)
<tomreyn> or rather multiple, so you can spend more time on finding out which one is the least bad one.
<SlowJimmy> lol
<SlowJimmy> keeping you perpetually busy in the process
<tomreyn> unless you notice you are and break the loop. so how long have you spent on these thoughts today? ;)
<RoyK> SlowJimmy: https://debian-handbook.info/ <-- good reading - you'll probably learn a lot - debian isn't ubuntu, but then, they're about the same (ubuntu is based on debian after all)
<andol> Yepp, great book!
<SlowJimmy> RoyK yeah they all are so similar
<SlowJimmy> thansk man i really apreciate your help
<SlowJimmy> thanks blackflow thanks andol thanks tomreyn  thansk RoyK
<tomreyn> :)
<MrCrow> Hey, I need some help - I want to run a script from systemd, which either operates with root privileges and has a password on it, or runs a single command with sudo
<MrCrow> or remove the need to run that command with sudo
<Zahovay> hello guys i need a little help. Just got a vps with 15.10. trying to install 16.04 through ssh but cant install update-manager-core
<Zahovay> any suggestion on  it?
<Zahovay> the main problem during installing update-manager-core that it says "unmet dependecies: python3-update-manager
<Zahovay> is not going to be installed"
<blackflow> !eolupgrades | Zahovay
<ubottu> Zahovay: End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
<blackflow> Zahovay: so the hosting company has no modern ubuntu images?
<Zahovay> hosting company is old as hell, its also awful but its the cheapest by far
<blackflow> I'd still drop them if they don't support modern images. plenty of cheap but quality providers
<Zahovay> anyway its already payed we didnt know its like that..
<Zahovay> which server version u suggest?
<blackflow> Zahovay: 18.04, latest LTS
<Zahovay> does it have any drawbacks?
<blackflow> Zahovay: well personally I don't like the netplan NIH but it's nothing you can't remove/ignore/not use
<blackflow> or use it if you like it.
<Zahovay> blackflow: and when i edit sources.list do I use old-releases with 18.04?
<Zahovay> or archive?
<Zahovay> oh that question is stupid im sorry
<blackflow> not with 18.04, you use that in your existing 15.10 in order to be able to upgrade
<blackflow> but if I were you, and that hoster had a "rescue mode", even if debian, I'd use that and install with debootstrap. in fact that's how I alwys install remotely because of encryption.
<Zahovay> it says kernel version not supported. (upgrading with update-manager-core) any ideas?
<blackflow> well, rescue mode, debootstrap
<blackflow> Zahovay: how much are you paying for that thing?
<Zahovay> half a dollar / month
<blackflow> well, pay peanuts, get monkeys :) the "cheap but quality" providers really start at around few â¬/mo
<Zahovay> I know and I told my manager that this was the worst possible choices of all
<blackflow> "manager"? so this is for business purposes?
<Zahovay> actually this is kind of a research labor of IOT and nobody has server side experience at all
<Zahovay> I thought that I will try to setup the server by myself since I know c/cpp programming this setup could not take much work
<Zahovay> shoud*
<blackflow> programmers are usually the worst sysadmins :
<blackflow> jokes aside, y'all should really consider hiring some help.
<Zahovay> well I want to learn this part of the life too. I want to become kind of a security expert of the IOT part of IT
<Zahovay> learning some server part should help me
<blackflow> that's perfectly fine. local VMs are best used for that.
<Zahovay> agreed but the manager said that our work would be tracked through a website's database with visual diagrams etc.. so he choose this .. I accepted server side so i learn from it
<blackflow> welp, that's what grinds my gears. people wiht no experience running public servers that get compromised and turned into gbps UDP cannons for a botnet.
<Zahovay> actually it is not going to be public server
<Zahovay> i already restricted all ports and connections except my ssh which is not the default ssh
<Zahovay> and database will be set to be used only from local access. (so the server program)
<blackflow> and I hope you disabled password auth in sshd_config?
<Zahovay> i mean publicly available but only auth users will use it
<blackflow> wait, a db listening on public IP?
<Zahovay> let me have a smoke and will continue
<Zahovay> im courius about these
<Zahovay> can i pm you?
<blackflow> please don't.
<Zahovay> okey, so I would have a mysql database restricted to local access only with a pubic ip running a nodejs server serving connections
<Zahovay> is this a bad idea?
<blackflow> not per se
<Zahovay> after upgrading i've been dropped from sudoers file. Can I resolve it?
<blackflow> if root has password, try     su -l      and use root's password
<RoyK> usually root doesn't have a password on ubuntu, try "sudo -i"
<blackflow> RoyK: "dropped from sudoers file"
<Zahovay> Well the guy who pays the vps is not active, i could not solved this.. Thanks for you help guys
<RoyK> blackflow: login on the console or use an usb thing
<blackflow> Zahovay: check if you have sudo priv anyway, maybe through %sudo group? or %wheel
<Zahovay> I had sudo before upgrading. Now when I type "%sudo group" it says no such job
<Zahovay> for wheel it says the same
<blackflow> Zahovay: lol... %sudo   is notation for the "sudo" group in sudoers file
<blackflow> it's not a command
<Zahovay> I cannot "cat" the sudoers file
<Zahovay> permission denied
<blackflow> right. but can you sudo anything?  sudo -i   for example?
<Zahovay> it asks for my pw then it says im not in the sudoers file
<Zahovay> and "its going to be reported"
<blackflow> lol yeah, that's sudo the little snitch. you're lucky sudo on ubuntu is not compiled with insults.
<blackflow> anyway, does that hosting company have a rescue env? if you can mount the disk in the rescue env, you can change the sudoers file or assign root pass
<RoyK> Zahovay: is this a vm somewhere out in the cloud?
<Zahovay> Well probably has, i have to wait 'til the guy who paid and have the access to everything wakes up and give me some login infos for the vps company's site
<Zahovay> Can I check somehow the usernames on this vm ?
<Zahovay> i mean on the ubuntu
<RoyK> Zahovay: check /etc/passwd
<RoyK> don't pastebinit
<Zahovay> command worked but didnt help
<RoyK> Zahovay: it's a text file, /etc/passwd - it lists the users on the system
<RoyK> Zahovay: I won't help you to hack a system, just saying how things work
<Zahovay> Actually this our own vps where I had root password on 15.10 and after upgrading to 16.04.5 (was 3 hours of work due to messed up sources.list) i lost my root priv
<Zahovay> but I understand your point and I do not ask you to help me in such a thing
<RoyK> then 'su -' should give you root acesss
<Zahovay> well it says auth failure
<Zahovay> dunno why
<RoyK> or you may have to ask the supplier of the VPS
<Zahovay> I will have to.. tomorrow when the guy who paid woke up..
<Zahovay> wait
<Zahovay> im dumb
<Zahovay> and it worked
<Zahovay> thanks lol
<RoyK> fine :)
<blackflow> for that money, I doubt the hoster would even laugh. :)
<Zahovay> i had to wrote my username after the su
<Zahovay> ah thanks guys
<blackflow> uh... that just started a new shell as ..... you.
<blackflow> `whoami` will confirm
<RoyK> or "who am i"
<RoyK> like looking into a mirror
<Zahovay> lol so it did not work
<blackflow> nope. `su -l`  is to become root with root's pass.   `sudo -i` the same but with your, sudoers, pass.
<RoyK> blackflow: or just "su -"
<blackflow> (it essentially being the same as `sudo su -l`)
<blackflow> RoyK: I like being explicit.
<blackflow> but, yes.
<Zahovay> not sure if I understand but "su username" then pw it runs fine without error but I do not get any root priv. (I've alsod done "su username" then pw then whoami
<RoyK> Zahovay: "su" means "switch user" - if you don't give it a username, it means root
<Zahovay> oh lol
<RoyK> https://xkcd.com/149/
<Zahovay> :DDDDDDDDDDDDD
#ubuntu-server 2019-07-15
<lordievader> Good morning
<braingain> Hi I'm on 16.04 trying to make use of systemd-run to start one-time jobs
<braingain> I get a message that timer and service get created but systemctl tells me there is no .timer or .service-unit
<braingain> it works fine in centos and debian
<Pugs> one time only ?
<tomreyn> braingain: show your logs and unit + timer (use a !pastebin), discuss your ubuntu version. if you cannot share those details, create a simplified example where you can show details, see if this runs properly, if not, show the same for this one.
<Pugs> Have you tried Type=oneshot
<braingain> hmm after update from 16.04.4 to 16.04.6 now it seems to work. I was puzzled as to why I couldnt await the output with journalctl -f -u
<braingain> output just shows with journalctl -u, not -f
<tomreyn> point proven: using readily available bug fixes can help!
<tomreyn> plus you got free security patches for free, too
<braingain> still unsure I should use this atd replacement productively
<TJ-> strange issue; on 18.04 trying to figure out when unattended-upgrades last ran but due to the systemd timers/services and so on it's proving difficult. E.g. on the 'problem' system there's no update to /var/log/apt/history.log since July 1st but /etc/apt/apt.conf.d/50unattended-upgrades is correct
<tomreyn> do you not have /var/log/unattended-upgrades there?
<TJ-> tomreyn: yes, but that is only used by the shutdown service (by default u-a is not configured to log - it does have an option to log to syslog but that's not set by default)
<TJ-> the only file there is unattended-upgrades-shutdown.log (0 bytes - because being a server it is never shut down)
<TJ-> The systemd timers for apt-daily and apt-daily-upgrade are triggering correctly so trying to figure out why u-a hasn't been applying -security upgrades
<tomreyn> hmm weird, i'm on 18.04, too, and have more logs in /var/log/unattended-upgrades
<tomreyn> https://paste.ubuntu.com/p/Jm4prKcDRB/
<tomreyn>  /etc/apt/apt.conf.d/50unattended-upgrades  https://paste.ubuntu.com/p/4PvRvP7RCT/
<tomreyn> but i do indeed have records about unattended-upgrades in /var/log/apt/history.log as well, so this is probably irrelevant and just leading away from your inital question - sorry.
<TJ-> ooooo! checking "dpkg -L unattended-upgrades" there's a "/usr/share/unattended-upgrades/20auto-upgrades" but that isn't in /etc/apt/apt.conf.d/
<TJ-> hmmmm, this was working until the end of June so did something remove that ?
<tomreyn> cat /usr/share/unattended-upgrades/20auto-upgrades; echo Â·Â·Â·; cat /etc/apt/apt.conf.d/10periodic | pastebinit     ->   http://paste.ubuntu.com/p/WtCdM9KwyD/
<tomreyn> actually this is the output produced by this:   pastebinit < <(cat /usr/share/unattended-upgrades/20auto-upgrades; echo Â·Â·Â·; cat /etc/apt/apt.conf.d/10periodic;)
<tomreyn> i remember i needed to change *something* about unattended-upgrades to make them work again a while ago, too. sadly forgot all the details.
<TJ-> hmmm, after reading the .postinst file I checked debconf and it reports "unattended-upgrades/enable_auto_updates: false"
<tomreyn> i just ran this on my 2 18.04 server VMs, which were both installed using the 18.04.2 server live installer, i think: grep -B1 bin/unattended /var/log/apt/history.log | tail -n20
<tomreyn> both list multiple runs in july
<tomreyn> i don't have those VMs running constantly, though - so these runs may have been a result of booting those VMs on those days.
<TJ-> ahh, "dpkg-reconfigure unattended-upgrades"
<TJ-> not sure how it got disabled but there was a lot of tweaking going on in June
<tomreyn> both VMs return     unattended-upgrades/enable_auto_upgrades: true    when quries using     debconf-show unattended-upgrades    and i did most likely not run dpkg-reconfigure against those. but may have chosen this during installation, if there was a prompt.
<tomreyn> s/quries/queried/
<TJ-> the .postinst isn't entirely clear but it looks like it reads the debconf via db_get to determine whether to enable on 'configure', so maybe there was something weird there
<JustJohnny> what are the recomended options to implement bare metal backup in CLI-only ubuntu server?
<blackflow> JustJohnny: ZFS filesystem + snapshots w/ send|recv offsite
<JustJohnny> that would require to reinstall and reconfigure the servers, I'm afraid
<tomreyn> i wouldn't say that ZFS is a general recommendation for ubuntu there.
<tomreyn> lvm snapshotting would be the more traditional route, doesn't depend on out of tree modules. i agree zfs can be the better option while support and performance last.
<JustJohnny> I just read about timeshift but it comes with GUI and this is a CLI-only enviroment
<tomreyn> timeshift uses btrfs snapshotting, that's also an option if you consider the btrfs features you'll use to be sufficiently stable.
<TJ-> backup != snapshot, sounds like a job for rsync/bacula or similar
<blackflow> tomreyn: why wouldn't be ZFS recommended? Ubuntu is officially supporting ZFS and the next LTS installer is supposedly getting support for it as well.
<blackflow> TJ-: backup = snapshot + offsiting
<blackflow> even without offsiting it's a form of backup. backup fs state before a change is made. one that you can revert to. it's a backup alright.
<tomreyn> blackflow: i'm just saying IMO it's not *the* generic recommendation. you know why: possibly degrading performance and supportability as a result of license incompatibilies / linux dev's interest in supporting it. btrfs is also supported by the installer, i would still not *generally* recommend it for production.
<blackflow> that's a load of BS. there is no single "the" generic recommendation.
<rbasak> I had a btrfs filesystem fail to mount and fail to fsck the other day, though it's a very old one (from 2012 ish)
<rbasak> Had to restore from backup
<blackflow> btrfs is a valid alternative to ZFS, yes I agree.
<blackflow> I personally recommend ZFS because I've got a metric ton of experience with it, on and off Ubuntu.
<blackflow> and lol the OP quit before they saw all this..... _neway_ I was about to recommend rsnapshot if fs choice is unfeasible. it's fs agnostic, works with hardlink based snapshots and rsync. I used it for years before I started using ZFS.
<blackflow> "snapshots" .... as atomic as it gets with rsync, which is not too much... but still.
<TJ-> the number of outstanding defects in ZoL wouldn't make me confident to rely on it, in the same way that BTRFS is suspected due to its issues.
<TJ-> many of those in the send|resume component too
<blackflow> well, I'm using it on a fleet of debian and ubuntu servers (the kind of servers that keep food on my table), some freebsd still, for years now. so I'm confident to recommend it.   on the other hand, somethign as mature as ext4 _still_ in 2018 had data corrupting bugs...
<blackflow> at the storage scale we use, which is a lot or nothing much, depending whom you ask, I've seen bitrot and I've seen ZFS in action auto-correcting it. I'd never use anything other than ZFS.
<TJ-> it's often corner-cases that catch folks out. This is what I am referring to: https://github.com/zfsonlinux/zfs/issues?q=is%3Aissue+is%3Aopen+label%3A%22Type%3A+Defect%22
<smoser> hey. it'd be nice if someone on ubuntu server team reviewed this
<smoser>  https://code.launchpad.net/~smoser/cloud-utils/+git/cloud-utils/+merge/370135
<smoser> and even merged it... jsut to have one of you all in the flow there.
<smoser> powersj: ^
<supaman> hey, I have several websites and running apache virtual hosts, I have all the websites on an NFS host and the webserver mounts the websites from there, the logs for each website goes to the path /var/www/website/logs (not /var/log)
<supaman> the logs seem to be updated (not rotated) monthly but some don't get cleared correctly and get filled up with empty space in the beginning
<supaman> so I end up with 4GB logs that are 90% or more just empty space
<supaman> I want to find out what is handling these logs but can't find anything in cron or systemd timer
<supaman> any idea?
<lordcirth> supaman, are they sparse files?
<sdeziel> supaman: check logrotate maybe?
<supaman> lordcirth: sparse files? ... don't think so, how do I find out?
<lordcirth> supaman, compare ls -l to du
<supaman> sdeziel: can't find anything in logrotate
<supaman> lordcirth: aha, ls -l gives 5700115704 but du gives 124440
<lordcirth> called it. So I bet the application is writing to the new file at the old offset, instead of starting over
<lordcirth> So it gets created sparse.
<supaman> ok, but that doesn't really solve my question of "what is handling this" :-)
<supaman> some log files for other websites are just fine, no empty space in the beginning, and they all start at the beginning of the month
<supaman> so something is doing something to those logfiles
<supaman> :-)
<lordcirth> on the bright side, at least it's not filling your disk
<supaman> true :-)
<lordcirth> supaman, so, you are running what Ubuntu version? Apache installed from repos? How did you configure Apache?
<supaman> lordcirth: Ubuntu 18.04 with apache from Ubuntu repo
<supaman> versoin 2.4.49 of apache
<supaman> I don't know how Apache was configured in the beginning, this is not a system I set up
<lordcirth> supaman, ok, well, start going through /etc/apache2 I guess?
<supaman> yeah, any hint on what I should be looking for (not that familiar with apache)
<lordcirth> supaman, Well, I would look in /etc/apache2/sites-enabled first. See if there is anything in there overriding logging settings. Otherwise, look in apache.conf
<lordcirth> conf-enabled/ is also a good place to putting logging config
<supaman> ok, looking at a sites-enabled for one of the sites shows nothing unusal, ServerName, ServerAlias, ServerAdmin, DocumentRoot, ErrorLog (and path to it), SetEnvIf Request_URI "^/check\.txt$" dontlog, Customlog /path/to/log combined env=!dontlog and then finishes off with https rewrite
<lordcirth> supaman, alternatively, just grep -r for the unusual log path
<smoser> rharper: i suspect there is no autolander at https://code.launchpad.net/~smoser/cloud-utils/+git/cloud-utils/+merge/370135
<smoser> but autolanders are nice. so... if that was configured, that'd be nice.
<smoser> i'm going to land that manually.
<rharper> smoser: right, we could set up the autolander to look at cloud-utils
<supaman> lordcirth: not finding anything
<lordcirth> supaman, grep -r all of /etc? I've found things that way before :P
<supaman> ah well ... I give up on this, will just monitor the system during next end of month and see if I can catch the culprit ;-)
<supaman> lordcirth: thanks for assist though
<lordcirth> supaman, np, it's an odd one
<lordcirth> Picking up other people's servers is the worst sometimes
<sxclimax> I have a home server running lubuntu. I have a hitron CGN3U router. I have things set up to the point that I can access my server's website remotely (e.g. website.noip.me) and the correct page displays, but when I try to ssh into website.noip.me I cannot get in. When I type in my local ip address for the network (192.168.X.X) I can access both the html and ssh. What am I missing? Is this in the router settings? Is this a port issue?
#ubuntu-server 2019-07-16
<distant> Hello, im just looking for somw help with errors im recieving trying to enable memory ballooning. Everytime i try to execute the command "VBoxManage modifyvm <VM name> --largepages off" with the UUID i get from "sudo blkid" or "# /usr/sbin/dmidecode | grep UUID" i recieve a error stipulating: "VBoxManage: error: Could not find a registered machine with UUID"
<lordievader> Good morning
<supaman> lordcirth: found it! :-) (it was a cron job on the NFS server that uses truncate to set the file size to 0)
<gokhani> hi folks, How can we configure iscsi volumes on ubuntu 18.04.2 LTS live server ? There is no selection like Configure ISCSI volumes ? I need help
<DangerosoDavo_> Hey, I hear here is a good place to ask about postfix and ubuntu
<DangerosoDavo_> Well incase it is, can someone give me a little help?  I'm trying to setup a contact form on a website I'm hosting on a digital ocean droplet. (LEMP server image) ive got it working, the website works well and all.  but its not sending emails via the contact form, however it was in the past on a pervious host, after a little digging i am getting so
<DangerosoDavo_> me errors in the /var/log/mail.log Its losing connection while performing the HELO handshake
<sdeziel> gokhani: I don't know if the live installer has that ability. I'd check the d-i one maybe
<sdeziel> DangerosoDavo_: are you losing the connection no matter where you make it? Or is it just a single domain/MX that drops you?
<gokhani> sdeziel,  I checked debian installer but it has not ability to set vlan intarface
<gokhani> sdeziel, I want to reach iscsi disk with vlan tagged interface
<sdeziel> gokhani: OK, then maybe you could open a shell in the installer env and do the missing setup by hand. Missing setup meaning VLAN config for d-i and iSCSI for live installer
<sdeziel> gokhani: I suspect that doing the VLAN config on d-i might be easier
<DangerosoDavo_> I didnt see the reply sorry.
<DangerosoDavo_> This screenshot might help https://i.imgur.com/DjSzSBN.png  But I've got 2 domains pointed to the server and the mx records point to an email provider (123-reg) as I'd like my emails to be handled by them, but I have a contact form on a website which sends to another domain so its all in one palce
<DangerosoDavo_> i have a records pointing to the ip
<DangerosoDavo_> sdeziel I forgot to tag
<TJ-> DangerosoDavo_: try the same connection manually using telnet, see if you get any indications from the remote MTA as to why the HELO negotiation fails
<TJ-> DangerosoDavo_: it's possible you're trying to treat the remote MTA as a relay and it blocks that, if it isn't the MX for the target domain
<sdeziel> DangerosoDavo_: if you are relaying through an email provider (123-reg) then your postfix should only be talking to their servers. ATM your postfix tries to do direct deliveries to mailguard-2.talkcloud.co.uk
<DangerosoDavo_> I see, Email is new to me, How do i use telnet do that?  I'm new to running the server too.  I know my way around linux to a fairly basic but functional way. I can setup a server to host a site/proxy etc but I havnt used sendmail or postfix before.  I'm guessing the auto-config digital ocean have doesnt work without futher configuration
<TJ-> DangerosoDavo_: the local postfix should be sending the email directly, not relaying it through a 3rd party MTA (unless that 3rd party has authorised relaying)
<DangerosoDavo_> Okay, right, so directly. I was reading that there needs to be an MX or A record pointing back to there server ip. I just thought, would going trough cloudflare would change that resolved ip?
<DangerosoDavo_> the* server ip
<TJ-> MX records are for *receiving* email to your domain; nothing to do with *sending* email to others
<tomreyn> there are 'contact forms' which can do remote smtp auth - might be a better option?
<TJ-> sounds like the 'form' is using the local postfix/sendmail but postfix has been configured to send everything to a smarthost. Sounds like a very good example of why not to operate your own MTA if you've got no previous experience
<DangerosoDavo> postfix has been left as it was installed, it tries to send the email directly (unless im mistaken) as it showed in the screenshot.  https://i.imgur.com/DjSzSBN.png
<DangerosoDavo> I don't know why it is failing the HELO handshake though.    After thinking about it and what has been said above,  I think that postfix needs configuring.
<TJ-> DangerosoDavo: oh! beg-pardon - your description suggested you were using a mail relay
<DangerosoDavo> sorry :D
<TJ-> DangerosoDavo: start a telnet session to the server and do the negotation manually  https://port25.com/how-to-check-an-smtp-connection-with-a-manual-telnet-session-2/
<DangerosoDavo> Sorry for being such a novice https://i.imgur.com/x9wIxtC.png  Did i type those commands correctly?
<DangerosoDavo> need to setup my .bashrc / .bash_profile too yet :D
<DangerosoDavo> not transferred it yet
<TJ-> DangerosoDavo: it's pretty clear "No SMPT service here"
<TJ-> DangerosoDavo: I'd guess that your host's reverse-DNS is not configured correctly
<DangerosoDavo> Is that on the remote host (talkcloud)?  Or on the web server?  It receives email normally from other sources, I'm in regular contact with them.
<TJ-> DangerosoDavo: to prevent abuse, the remote MTA will use the EHLO <fqdn> to do a reverse-lookup and check that the IP address matches the clients IP address
<DangerosoDavo> Makes sense.
<superboot> How can I install php-apcu on 18.04 server? I've installed the package php-apcu, but PHP/apache2 isn't seeing it. Hints?
<teward> superboot: did you restart Apache and PHP yet?
<teward> you need to restart Apache2 to refresh the PHP plugins if you're using Apache's inbuilt PHP modules
<superboot> teward: No I didn't. Haha
<superboot> Thanks. That worked. :)
<teward> superboot: restart the Apache2 service then try.  whenever you change PHP plugins you have to restart the underlying PHP process - for Apache2's inbuilt you have to restart the entire Apache service :P
<superboot> teward: Ok, cool. That makes sense. :)
<DangerosoDavo> Right-o Followed some guides, https://i.imgur.com/gFC17mR.png
<DangerosoDavo> Cheers for your help and patience TJ
<DangerosoDavo> It was the reverse dns, turns out Digital ocean sets it up for you, but you have to use a fqdn as your droplet name
<TJ-> DangerosoDavo: aha !
#ubuntu-server 2019-07-17
<makara> exit
<coreycb> cpaelzer: fyi kashyap in #openstack-nova opened this for the firmware descriptor files issue we discussed - https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/1836859
<ubottu> Launchpad bug 1836859 in edk2 (Ubuntu) "RFE: Ship the firmware "descriptor files" as part of the 'ovmf' package" [Undecided,New]
<cpaelzer> thanks coreycb I'll ping dannf who usually takes care of edk2
<coreycb> cpaelzer: ok thank you
<teward> for 18.04 servers, is it possible to roll custom nameservers with DHCP and ignore the DHCP assigned nameservers?
<teward> i forget :P
<teward> (this is for LXD containers which get DHCP'd network data)
<lordcirth> teward, yes
<lordcirth> teward, using netplan, you need dhcp4: true but dhcp4-overrides: use-dns: false
<lordcirth> Assuming the docs are correct, haven't tried it
<seveneleven> how can i configure a NIC to use vlan id 2 using ubuntu preseed?
<lordcirth> seveneleven, the NIC is on a tagged port, and you need it to create a vlan2 interface and configure networking on that?
<seveneleven> lordcirth, it's on an untagged vlan 2 port
<seveneleven> lordcirth, so i should just configure pvid 2 on that port instead?
<lordcirth> seveneleven, if it's untagged, why would you need to do anything different?
<seveneleven> wait, let me rethink why it didn't work last time
<seveneleven> ok i described it wrongly
<seveneleven> it's a vm on a hypervisor, now the hypervisor is connected to a tagged vlan 2+3 port, last time i created a br.2 bond and got the vm working with an internet connection
<lordcirth> seveneleven, so the hypervisor should expose an untagged port to the VM, and put it on vlan 2.
<seveneleven> yeah
<lordcirth> We do that with LXC containers at $WORK
<seveneleven> i use libvirt kvm qemu
<lordcirth> seveneleven, ok, so what problem are you having?
<seveneleven> i wonder how I can configure br.2 in ubuntu's preseed
<lordcirth> seveneleven, if the hypervisor is providing an untagged eth0, why would you need to?
<seveneleven> hmm, not sure
<seveneleven> last time I simply created a br0 bond, and got no route to WAN, once I created the br.2 explicitely it worked
<seveneleven> thats why i thought i need it
<lordcirth> seveneleven, then your hypervisor was passing in a tagged port.
<seveneleven> hmm
<seveneleven> lordcirth, i just checked and my hypervisor uses a bridge between the vm http://dpaste.com/0NB8V3S
<lordcirth> seveneleven, ok, so what is br0 tied to? 'brctl show br0'
<seveneleven> enp0s31f6, vnet1 and vnet2
<lordcirth> seveneleven, and enp0s31f6 is the tagged one with vlans 2+3, right?
<seveneleven> yeah
<lordcirth> seveneleven, so, br0 is tagged, and your VM's interface is therefore tagged.
<seveneleven> enp0s31f6 is like eth0
<seveneleven> ohh gotcha
<lordcirth> What you want is to create a enp0s31f6.2 interface on the host, which is untagged vlan2
<lordcirth> Then make a br2 that is tied to that, and put your VM on that.
<seveneleven> oh that's clever
<lordcirth> Our LXC servers essentially do this - I use Salt to generate the netplan configs for a list of vlan IDs, and we get a iface.422 tied to a br422, and make containers on br422, etc.
<seveneleven> wow then you end up with many many interfaces
<lordcirth> yeah, but, automation :P
<seveneleven> im going to try that, but just out of curiousity, would it have been possible to configure ubuntu to br.2 via the preseed? i assume yes, but it's probably more complicated
<lordcirth> It is probably possible, but I don't know how.
<lordcirth> Well, you could drop a netplan file in, but that wouldn't get you networking in the installer.
<seveneleven> mhmm
<seveneleven> i keep it simple and stupid and try your solution :-)
<seveneleven> yeah seems custom bonds are not really supported for ubuntu installer https://askubuntu.com/questions/528211/can-d-i-ubuntu-installer-configure-bond-vlan-and-second-network-interface-dur
<seveneleven> lordcirth, should i configure an ip on the iface.422?
<seveneleven> or just "create" it and configure the IP on the br422?
<seveneleven> im using /etc/network/interfaces for configuration
<lordcirth> seveneleven, you don't need an IP on the host side to have the VM work
<seveneleven> mmhm
<seveneleven> so I just add `auto enp0s31f6.2` and `auto br2` inside /etc/network/interfaces?
<seveneleven> (and use brctl to add enp0s31f6.2 to br2)
<lordcirth> seveneleven, this is what I have: https://gist.github.com/lordcirth/a4c3b71a0f6ec29be704a440ceb5961e
<lordcirth> brctl is transient, you want it all in files.
<seveneleven> aaah right, brctl forgets it after reboot
<lordcirth> the vlan device needs to be explicitly tied to the interface, and the bridge to the vlan
<anton4i3ke> Im seveneleven, seems like my network died after restarting its service hehe ð
<lordcirth> anton4i3ke, it is easy to make a mistake when doing this
<sarnold> anton4i3ke: you might have missed < lordcirth> the vlan device needs to be explicitly tied to the interface, and the bridge to the vla
<anton4i3ke> Yeah
<anton4i3ke> Going to troubleshoot now
<sarnold> anton4i3ke: due note that it's entirely normal for all existing connections to an IP address to drop when you add a bridge to a NIC (or add a NIC to a bridge?) -- on linux the IP is associated with the *bridge*, not the nic..
<coreycb> jamespage: sahid: i think i have the remaining py2 drops done. once we get the RM bugs handled we should know for sure.
<seven-eleven> lordcirth, hmm i dont get a route between the vm and the hypervisor
<seven-eleven> how does your interfaces config look like on the vm?
<lordcirth> seven-eleven, just eth0 as a static IP
<seven-eleven> hmm i tried that
<seven-eleven> i worry this is a libvirt issue
<lordcirth> seven-eleven, can you pastebin your /etc/network/interfaces on the host?
<seven-eleven> ok
<seven-eleven> lordcirth, sorry i need a while, i have X running in the basement now, so i cant connect to the X remotely anymore, and i dont know what display manager i used so i cant stop it :D
<lordcirth> seven-eleven, lol. you can kill X?
<seven-eleven> i tried killall X
<seven-eleven> i run `startx` in the basement
<lordcirth> seven-eleven, killall Xorg
<seven-eleven> let me try
<seven-eleven> not found hmm
<seven-eleven> i can just reboot, but im curious
<seven-eleven> i reboot
<seven-eleven> i cant pastebin because i dont have a connection, so I write it 1:1 http://dpaste.com/0R0RKCT
<lordcirth> seven-eleven, is that the host or the guest?
<seven-eleven> ah thats the guest
<seven-eleven> a moment
<seven-eleven> https://termbin.com/1ixi
<seven-eleven> ohhh
<seven-eleven> found the mistake!
<seven-eleven> it's actually libvirt issue
<seven-eleven> libvirt automatically adds vnet1 to br5, so now we have enp0s316.5 and vnet1 inside br5
<lordcirth> And you wanted 2?
<seven-eleven> nope
<lordcirth> I thought you wanted vlan 2, but there's no enp0s31f6.2. Was it 5 you wanted?
<seven-eleven> ah, two interfaces dont matter regarding tagged vlan, would have to be two vlans inside br5 to be considered tagged?
<seven-eleven> i wanted vlan 2
<seven-eleven> but the problem is if I set it to vlan 2 then br0.2 stops working
<lordcirth> seven-eleven, if the switch port is tagged, it's tagged, even if there's only 1 vlan
<seven-eleven> i had to delete enp0s31f6.2 to get my LAN back working
<seven-eleven> gotcha
<seven-eleven> so I need to get the vm to use vlan 2
<lordcirth> But the host also needs an IP on vlan 2?
<seven-eleven> that means I have to remove br0.2, rewrite my iptables to source through br2
<seven-eleven> yes
<seven-eleven> the host itself needs an ip
<seven-eleven> i would add it to br2 right?
<lordcirth> I would create a enp0s31f6.2, which is an untagged interface. Then tie it to 'br2'. Then set an IP for the host on br2, and attach the VM's eno3 to br2 as well
<seven-eleven> so i would do something like http://dpaste.com/00YW181 ?
<seven-eleven> ok i retry this :-)
<seven-eleven> lordcirth, should I move br0.3 to enp0s31f6.3 respectively or leave it as br0.3?
<seven-eleven> br0.3 is not used for guests, br0.3 goes directly to the WAN router
<seven-eleven> br0.3 is tight via br0 to enp0s31f6
<seven-eleven> not sure if br0.3 can coexist with using enp0s31f6.2
<seven-eleven> i will just try
<lordcirth> seven-eleven, the paste looks correct, assuming you use '2' instead of '5' and that the enp0s31f6.2 interface is also correct
<seven-eleven> lordcirth, ok
<seven-eleven> lordcirth, so i leave br0.3 tied to br0
<seven-eleven> and use now br2
<lordcirth> I am not sure how your network is set up for br0.3
<seven-eleven> br0.3 is in the subnet of my WAN router
<seven-eleven> br0 is tied to eth0
<seven-eleven> br2 is now tied to eth0.2
<seven-eleven> lordcirth, works fine. now it's properly configured, so much easier to just configure eth0 on the guests, and makes auto installing easier
<seven-eleven> thx! :-)
<lordcirth> seven-eleven, great, you're welcome
#ubuntu-server 2019-07-18
<k_sze> Does Ubuntu 18.04 server edition suffer from the same problem? https://news.ycombinator.com/item?id=20463251
<k_sze> I *think* I noticed my Linode instance taking much longer to accept SSH connections after reboot, after upgrading to 18.04, though I'm not sure if that's the cause.
<lordievader> Good morning
<cpaelzer> good morning lordievader
<jamespage> coreycb: swift in eoan-proposed is a bit foobar - the python3-swift has python2.7 module installed
<coreycb> jamespage: hrm, ok i'll take a look. should we give a ping to the release team on the RM bugs?
<jamespage> yah probably as that's blocking migrations - doko might help us there
<coreycb> jamespage: ok
<jamespage> coreycb: pinged him in -devel with three bug reports
<coreycb> jamespage: thanks, i'll send any others
<coreycb> jamespage: i'm not sure why python3-swift is pulling in python - https://paste.ubuntu.com/p/sB2GJtW7kk/
<smoser> rbasak: have a minute?
<rbasak> smoser: o/
<smoser> when we rebase logical delta in git-ubuntu...
<smoser> that is actually *not* a rebase, right? but a merge
<smoser> right? no history is lost
<rbasak> smoser: it's a rebase
<rbasak> I think. If I understand you, etc.
<rbasak> We did experiment with different commit graphs to represent that.
<smoser> hm.
<rbasak> But the plan going forward is that we'll just take your rebase commit exactly as-is, with nothing else in the DAG.
<rbasak> (no tie to previous)
<smoser> ok.
<smoser> but the history would still be available because the tag
<rbasak> Right
<rbasak> However git-ubuntu doesn't care about what you provide as long as it matches.
<smoser> of the previous release head *that* logical delta there.
<rbasak> If you have fun with the DAG, git-ubuntu won't care.
<smoser> so the ubuntu/devel git history is always debian/<something> + new changes
<smoser> is that right?
<smoser> (where new changes >= 0)
<rbasak> As long as some assumptions are correct.
<rbasak> We trust the uploader's debian/changelog
<rbasak> So it's possible to create disconnected ubuntu/devel git history I think.
<rbasak> Let me share my draft spec with you.
<rbasak> I suspect the precise answer to your question can be determined from my draft spec, but it might not be trivial to correctly answer in case of the edge cases.
<smoser> :)
<rbasak> smoser: note that the current implementation doesn't exactly match the spec. Changes are in progress still.
<ahasenack> what's DAG?
<lordcirth> ahasenack, directed acyclic graph
<lordcirth> the data structure that git (and anything else that uses hashed objects to refer to other hashed objects) uses
<ahasenack> heavy
<ahasenack> thanks
<rbasak> ahasenack: specifically, here, I meant the graph of commits, and the upload-tag-supplier's choice of what parents the upload tagged commit has, recursively.
<nacc> bryce: hiya!
<nacc> bryce: we'll need to be a bit async, but i'm happy to chat a bit while i'm in meetings
<bryce> nacc, sure that's fine with me
<nacc> bryce: so you're looking at 7.2 -> 7.3, right?
<ahasenack> you are happy to chat *while* in meetings? :)
<nacc> bryce: so basically, in your ppa, you'd upload a new php-defaults that points to php7.3 rather than 7.2
<nacc> ahasenack: i'm a manager now, let's leave it at that :)
<bryce> nacc, right
<ahasenack> haha
<nacc> bryce: and then you'd need to see what will fail it's autopkgtests once you do that
<nacc> ideally it won't be too much
<nacc> but you'll probably need to bootstrap things like phpunit (without tests)
<bryce> nacc, what I'm seeing is that 7.3 is indeed present but it's also detecting 7.2 is available, so attempts to compile against both, and fails when it finds the latter
<nacc> bryce: do you have a log / exmaple?
<bryce> yeah
<bryce> https://launchpadlibrarian.net/433527551/buildlog_ubuntu-eoan-amd64.php-igbinary_3.0.0-1build1_BUILDING.txt.gz
<bryce> nacc, also summarized my analysis in the email I sent, maybe a bit tldr
<nacc> ack, reading
<nacc> bryce: ok, have you reproduced this locally on your machine?
<bryce> I've found in building locally in a container, if I force uninstall php7.2-common (and php7.2) the build proceeds fine.  Just wondering if there's a trick to doing the same within a PPA.  But if this doesn't sound at all familiar, perhaps there's something new going on.
<nacc> right, so you need to figure out *why* php7.2-common is being pulled in
<nacc> php7.3-common shoudl be sufficient
<nacc> but you might be missing some other dependency link
<bryce> I suspect it's pulling it in via the build-depends for the package in question.  Wondering if maybe phpdefaults needs a conflicts against 7.2 or something?
<nacc> let me look at the pkgsrc
<nacc> sorry, it's going to take me a second to context switch myself in
<bryce> a bunch of packages have this same issue, and same workaround, that haven't had significant packaging changes in quite some time, so guessing it's not just needing the package control tinkered with
<bryce> nacc, no prob, really I just wanted to see if this was a known problem for you, but sounds like it's not.  I can dig more on my own.
<nacc> you might need to rebuild php-apcu first
<nacc> https://launchpad.net/ubuntu/eoan/amd64/php-apcu/5.1.17+4.0.11-1
<nacc> it provides php7.2-apcu only currently
<bryce> mm, yeah I can try that
<nacc> so basically now that you have that rebuilt php-defaults, you have to rebuild a bunch of thigns
<nacc> so that they all refer to 7.3 only
<nacc> and some thigs will need backports
<nacc> although ideally a lot less than in the past, since debian has already transitioned
<nacc> oh there's another thing you can reverse-depend check on
<nacc> phpapi-20170718
<nacc> that's the 7.2 API version
<nacc> you don't want anything to reverse-depend on that
<bryce> ok
<nacc> you should be able to see what string you want for that instead with 7.3
<nacc> https://people.canonical.com/~ubuntu-archive/transitions/html/html/php7.3.html
<nacc> i assume you know about that?
<nacc> that's the pile of things taht will need rebuilds, etc.
<nacc> there will be more, because you'll get dep8 failures
<bryce> yep, that's the link I've been working from
<nacc> but you basically have to boostrap the core first to get to 7.3 (even if it's in universe for now) then transition the whole rest of the stack
<nacc> symfony is usually the worst
<nacc> but i can help you deal with that eventually
<nacc> i can also help sponsor uploads as needed
<bryce> nacc, I did notice though that for the 5->7.0 transition you had a much longer package list - 400-some.  But most of those no longer exist, so was curious about the story there
<bryce> I've managed to successfully build the majority of what's on php7.3.html, only about half a dozen failures
<nacc> bryce: right that was much more painful :)
<nacc> bryce: we were ahead of debian (they supported both, not just 7.0) and we had to remove some/many
<nacc> bryce: that's great (half dozen is way more tractable)
<nacc> bryce: so yeah, i'm guessing if you rebuild & bump php-apcu, php-igbinary will work
<nacc> i would go ahead and just do all of those in that same PPA
<bryce> ok great
<nacc> if tests fail, you can upload once with tests disabled, so it builds, then upload again with tests enabled
<bryce> yeah I think I've lucked out between you and debian things are reasonably clean for my first go :-)
<nacc> it chews versions, but it also is a way to bootstrap without root archive access
<bryce> nacc, thanks, this gives me some directions to chase, I'll touch base next week or so if I have any other questions, thanks again!
<nacc> bryce: definitely, i'll be around; i'll try to respond within 24 hours
<foo> Is it possible to allow 1 user to restart a systemd server? I normally use sudo ... but I only want them to restart a service (after some files change)... I don't think a server can automatically restart when files echange
<foo> hmm
#ubuntu-server 2019-07-19
<sarnold> foo: you could install sudo rules to allow running a specific commandline or script to a specific user
<sarnold> foo: systemd also does some policykit interactions of some sort, you could probably also express what you want to allow that way, but I don't know what you would do for that
<foo> sarnold: thanks. I could have a separate daemon watch for file changes too and then reboot... instead of giving a user access. hmph.
<sarnold> foo: https://www.freedesktop.org/software/systemd/man/systemd.path.html may be useful
<foo> sarnold: thank you, PathChanged= and PathModified= look beneficial
<sarnold> foo: there's also incron, but you're probably already running systemd, and it's a systemd thing you want to do..
<foo> sarnold: actually, I don't think this will work... since some of the files in this folder could be user generated. That would then be restarting the service. Will have to trigger another way
<mwhudson> people here might be interested in this https://wiki.ubuntu.com/FoundationsTeam/AutomatedServerInstalls
#ubuntu-server 2019-07-20
<MJCD> Is there something more user friendly/modern than znc ?
<MJCD> It's web interface is pretty horrific
<tomreyn> IMO the fact that it *has* a web interface makes it stand out. there's psybnc, i think there are also web interfaces for it. and there are probably znc forks (but i don't know whether any of these provide a nicer web interface).
<MJCD> realistically idc if it has a web interface
<MJCD> but ideally some kind of gui
<MJCD> oh man cpanel and this um
<MJCD> softaculous
<MJCD> easy as hell
<tds> MJCD: it's significantly more than just a bouncer, but thelounge is nice and modern and user friendly
<MJCD> oh, i've heard of that
<MJCD> what do you mean more than a bouncer
<tds> it's a full browser-based client
<tds> there's a demo instance somewhere if you want to try it without installing :)
<MJCD> I will indeed as I am currently using a preconfigured copy of hexchat portable
<MJCD> i'm imagining they charge $ for bouncer style services if you don't run it yourself eh
<MJCD> run/host
<ncuxo> hello
<ncuxo> I have a dell r815 that doesn't recognize my drives
<ncuxo> I used a flash ESXI hypervisor os with 6 sas drives and all was fine
<ncuxo> today I wanted to switch to KVM and from #ubuntu told me that it would be better to get the os to an ssd
<ncuxo> I've removed the sas drives and put two ssd but the server doesn't find any drives
<ncuxo> except the flash boot drive
<tomreyn> ncuxo: by KVM, do you mean kernel virtual machine then? or keyboard, video, mouse?
<ncuxo> virtual mashine
<tomreyn> if you'll do virtualization then most writes (and reads, too) will go to the VM storage. the OS storage doesn't has to be fast then.
<ncuxo> so I could get the os to usb drive and get the sas drives back
<ncuxo> I did it and it booted but then I was told that it would be way better to get an ssd and just put it in there
<ncuxo> and that this will be more reliable than the usb stick
<MJCD> tomreyn, no virtualization instructions for storage exist to date that i'm aware of
<MJCD> thus, it all goes through the host
<MJCD> impossible not to
<tomreyn> MJCD: meaning?
<tomreyn> i assume you wrote this to counter some of what i said?
<MJCD> tomreyn> if you'll do virtualization then most writes (and reads, too) will go to the VM storage. the OS storage doesn't has to be fast then.
<MJCD> false
<tomreyn> so you're saying because the writes you do against the VM storage are also written on the OS storage?
<ncuxo> MJCD:  but the problem when I remove the sas drives and put ssd is that the server doesn't recognise the ssds
<MJCD> it's impossible not to, given as I said there is no storage virtualization instruction set available currently
<ncuxo> I've tried with ssd and sata not still not recognised
<MJCD> ncuxo, SAS SSD's?
<ncuxo> so should I use only sas drives
<ncuxo> MJCD:  regular ssd from old laptop
<MJCD> well, I mean, if your rig is using SAS, you must use SAS drives, yes
<ncuxo> dang
<MJCD> whether they are ssd's or platter drives
<ncuxo> because lff sata also is not reconised
<ncuxo> I read somewhere that sata  and sas should be compatable with each other
<ncuxo> this is why I tried the recular sata drive(also from old laptop)
<ncuxo> *regular
<tomreyn> MJCD: hmm not sure i can follow though. obviously all data transfer goes over the same CPU(s), RAM, SAS controller as the OS storage would, but if you have, say a RAID-1 across two disks for OS, and a RAID-10 for the other four disks, then i don't think a write against a VM storage would actually end up on the OS RAID. It would pass through the virtualization hosts' RAM, and it'd be written to the VM storage.
<MJCD> you're mixing/muddying between two different layers. The fact is regardless, without virtualization instruction set - it MUST pass through the host OS and is otherwise inaccessible
<tomreyn> pass through the OS is not the same thing as end up on the OS storage
<MJCD> no, but it does mean that it's a potential bottleneck/overhead
<MJCD> and it's important to keep the layers separate otherwise you'll run into hypotheticals as above
<MJCD> and to understand that's what's going on
<MJCD> I do believe there are plans toward creating the instructions
<MJCD> because it's potentially a real security problem potentially if things aren't configured well
<tomreyn> so how would you do it with those 6 disks?
<ncuxo> MJCD:  okay then why there are sd card slots in the system if its going to be a bottleneck for the hypervisor os?
<MJCD> a raid generates to the OS generally but 1 drive
<MJCD> your vm's virtual disk exists on that "one" drive
<MJCD> the rest is an OS-level concern
<tomreyn> i can't tell whose question you just answered
<MJCD> tomreyn> if you'll do virtualization then most writes (and reads, too) will go to the VM storage. the OS storage doesn't has to be fast then.
<MJCD> false
<MJCD> end
<MJCD> <3
<tomreyn> hmm well in regards to writes to storage, which is all this statement was about, i continue to consider it correct. but we don't need to discuss this.
<MJCD> ye
<MJCD> done
<MJCD> cpanel is being weird
<MJCD> and I don't appreciate it
<MJCD> I made 2 users
<MJCD> [initials]@[domain].live
<MJCD> set my own password at the time
<tomreyn> ncuxo: personally i'd want to spin some form of mirror RAID across the OS storage. you could theoretically do this with flash storage on usb and sd card, but this is a rather bad idea, both because these are different physical media types, different controllers. and flash storage is short lived compared to other storage, and not very reliable.
<MJCD> but cpanel won't let me log in as anything but the company name
<MJCD> you CAN do that, I had a USB 3 hub with 5x 32gb sticks lol
<ncuxo> tomreyn: this is why I guess I was told to put the os on ssd
<MJCD> It wasn't worth the effort when 250gb ssd's are AU$30-50
<tomreyn> ncuxo: how would you connect this ssd then?
<MJCD> most servers have atleast a couple of direct connections, without SAS
<MJCD> mainly meant for the dvd drive included
<tomreyn> r815 has one internal usb port
<ncuxo> but since I have to use sas ssd and I don't have one I'll see if I can get the os on the sas drives
<MJCD> or a vertical riser that has a specific ssd slot
<MJCD> though most will just have a general purpose pcie
<ncuxo> MJCD:  I haven't thought about pcie card just for the ssd but good Idea
<MJCD> fastest, obviously :)
<MJCD> and not serial
<MJCD> which comes with big async benefits
<tomreyn> ncuxo: i guess you could use pcie nvme's
<ncuxo> don't have those laying around
<tomreyn> also servicing those is annoying
<MJCD> pcie doesn't neccisarilly == nvme
<MJCD> if you can use nvme, that's even better ofc
<MJCD> but support is not tied to pcie in any way, separate connector even (m.2)
<MJCD> I got an xps 12 sitting here with a dead screen backlight or something screen related
<MJCD> 250GB NVME
<MJCD> need like $200 to get it repaired officially
<MJCD> cause too fiddly to do myself being a 2 in 1 convertable
<MJCD> with ultraslim bezels on which the screen revolves
<MJCD> lol
<MJCD> but it's like a $1100 laptop even second hand as is
<MJCD> er, as is but working
<MJCD> lool
<tomreyn> ncuxo: so if those are sata ssd's you could buy a sata controller (which is cheap), put this into the pcie slot, and have it manage two ssds. but you'd still need to find a place to put those ssds, where they don'T break the airflow.
<ncuxo> I think I have a sata controller somewhere laying arround
<ncuxo> brb
<tomreyn> think about the storage location first,though
<ncuxo> on top of the cpu shield
<tomreyn> covering the cpu fan then?
<MJCD> errr
<MJCD> as I said before
<MJCD> MOST servers will have atleast 1 sata port (what model is it?)
<MJCD> and secondly SAS exists for a good reason
<MJCD> you may want an SSD for your OS as you said
<MJCD> that makes sense
<MJCD> for 98% of your data though, put in platter SAS drives
<MJCD> the more drives even if small capacity, the better
<MJCD> SAS ensures clean IO
<MJCD> it's pretty essential to a server
<MJCD> the same way as ECC ram is
<MJCD> can't have data getting corrupted randomly
<MJCD> that's bad news for anybody, let alone for any kind of commercial service
<ncuxo> MJCD: I need the sata only for os
<MJCD> ncuxo, what modelllll
<ncuxo> model?
<MJCD> of server
<ncuxo> as said noob to servers
<tomreyn> dell r815, as he said in the very beginning
<ncuxo> r815
<ncuxo> dell
<tomreyn> https://www.dell.com/downloads/global/products/pedge/en/Poweredge-R815-Technical-Guidebook2010.pdf
<ncuxo> yes
<MJCD> damn that's nicer than mine >:p
<ncuxo> you wouldn't imagine for how much I bought it :D
<tomreyn> ncuxo: do you know which PERC storage controller you have in there?
<MJCD> so that has a sata connector
<MJCD> right next to um
<ncuxo> 64 cores 256 ram 1.5 v I want to exchange it to 1.35v  for 243  euro
<ncuxo> ebay :D auction
<MJCD> http://prntscr.com/ohr6uu
<ncuxo> perc 700
<MJCD> @ ncuxo
<MJCD> ncuxo, how much?
<ncuxo> is the storage connector
<MJCD> that's just a sata port
<MJCD> it will probably look like SAS
<MJCD> as it's got both power and data together
<MJCD> you will need a female to female power cable
<MJCD> should have been included but if second hand, easy to go missing if not used
<ncuxo> I already put the sata pcie card
<MJCD> just get a $50 pcie ssd
<MJCD> save the hastle
<MJCD> you don't need a sata controller
<MJCD> use SAS drives upfront
<MJCD> for good reason
<MJCD> (s)
<ncuxo> MJCD:  I will use the sata only for the os
<MJCD> just seems silly is all
<MJCD> but if you have the cable required
<MJCD> off you go
<MJCD> :D
<MJCD> MOST people don't boot from SAS
<MJCD> thus why there's generally atleast 1 sata port
<compdoc> i don't boot from SAS
<MJCD> my $45 200gb pcie ssd pulls through 1600mb/s read/write
<MJCD> for 3200mb/s total
<MJCD> many flagship cpu's can only process upto around 50gb/s
<MJCD> (each, yours can have 4 so not really a concern lol)
<ncuxo> okay another stupid question how to power the ssd
<MJCD> I told you already
<MJCD> >.<
<MJCD> I literally said "you will need x cable for power"
<MJCD> lol
<ncuxo> lol missed that sorry
<MJCD> lol all good
<ncuxo> well the cable not included
<ncuxo> but I have some from the risers I used for mining back then
<MJCD> just get a pcie ssd, for the third/fourth time
<MJCD> :P
<ncuxo> I wanna do it now
<MJCD> nvme if you can afford it, but all of them are way fast enough
<ncuxo> not ordering stuff and wait days :D
<MJCD> so go to a pc parts store ?
<MJCD> they are hardly rare
<MJCD> it's consumer level hardware
<ncuxo> not in germany
<ncuxo> everything is closed on Sunday
<MJCD> you CAN buy enterprise level ones but frankly they're ssd's, they don't suffer many issues requiring paying extra
<ncuxo> as I've said couple of days
<ncuxo> I hate waiting :D
<MJCD> so then you'll have to wait a day jeez
<MJCD> I hate you
<MJCD> ;p
<ncuxo> haha
<noregret> I noticed that my NIC sometimes operates at 100Mbps, I found this in demsg https://bpaste.net/show/FjIK - still not sure what causes that, any ideas? this is on 18.04
<tomreyn> usually bad cabling
<tomreyn> i mean wires
<noregret> tomreyn: i'll keep my eye on it
<noregret> i just changed the cable
<JanC> I've also seen that happen because of NIC driver bugs, but that was over a decade ago
<ncuxo> could  you guys give me suggestions for pci cards to add to my home lab server
<ncuxo> one is going to be NIC
<ncuxo> what else
<ncuxo> I already have perc 700 raid controller
<compdoc> yeah, but do you have the new spatial anomaly pci-e card? its a must have
<mybalzitch> high quality sound card is a must to tone out fan noise
<mybalzitch> *tune
<ncuxo> yeah right :D
<ncuxo> I have 5 free pci slots and wanna fill them with something just don't know what
<mybalzitch> are they actually pci? or do you mean pci-e
<ncuxo> pci-e gen 2
#ubuntu-server 2019-07-21
<_KaszpiR_> nvme risers
<tomreyn> epoxy
<hggdh> /csaccess
#ubuntu-server 2020-07-13
<tyuiop> hi
<tyuiop> getting this error with my site The website encountered an unexpected error. Please try again later.
<tyuiop> when i try to fix it this command sysctl -w fs.inotify.max_user_instances=1024 on my ubuntu 9
<tyuiop> getting message like this : sysctl: setting key "fs.inotify.max_user_instances": Read-only file system
<xue> hi all, i was redirected here as my question concerns ubuntu-server
<xue> i have rpi2 which i need to use with ros. To use it that way i need to be connected by wi-fi so i do use wifi dongle
<xue> but i am unable establish connection
<xue> http://paste.ubuntu.com/p/xmZgCQhvkt/ here is my netplan config file, does anybody know what i might be doing wrong?
<xue> i need also add, that while booting dongle lights up diodes but still timeouts
<RoyK> xue: before someone elsee starts complaining, I guess this question belongs to #ubuntu-arm
<xue> RoyK: thanks for help, it was very useful
<xue> here, get some ++ from me
<xue> RoyK++
<xue> Does Ubuntu-server especially ARM comes with proprietary software of i have to enable it by hand
<xue> it doesnt seems like its possible as rpi requires closed source software to book
<xue> boot
<oerheks> rasppi comes with firmware, you find the images here https://ubuntu.com/download/raspberry-pi
<xue> i asked about ubuntu-server not raspian
<xue> sorry
<xue> i mean kernel modules required to use some USB devices
<oerheks> that url is not raspian, it is ubuntu server build for rasppi
<waveform> ubuntu server for pi uses the same firmware as raspbian/raspios, including the binary blobs required by the kernel for wifi+bt support (specifically, we source the binary firmware blobs from the raspberrypi github repos)
<lotuspsychje> xue: are you having issues with an usb device specificly, if you do, perhaps elaborate more so the volunteers can try to help?
<waveform> (I should clarify: for the built-in wifi+bt support in the 3 onwards)
<waveform> just read the back-scroll and I see you're using a 2B with a wifi dongle. In that case, we may well differ from raspbian's kernel in support (ubuntu server for pi uses ubuntu's kernel with pi-specific patches from the pi foundation, but ultimately that means they do have different configurations)
<xue> rlt8188, on ubuntu mate 18.04 with de i worked ootb but i cant make it work on 18.04 server
<xue> guys from #netplan told me, that my config files are rather good
<lotuspsychje> realtek chipset can be picky about kernel versions, you might wanna investigate dmesg xue
<oerheks> interesting, can you paste your .yaml on paste.ubuntu.com ??
<xue> pasted here once, and on ubuntu gerneral and arm and netplan
<xue> http://paste.ubuntu.com/p/xmZgCQhvkt/
<xue> here you are
<oerheks> sure you installed wpasupplicant ?
<oerheks> and are you sure wlan0 is correct?
<oerheks> that would be the old interface naming scheme, not sure it works
<TJ-> it's RasPi :)
<xue> i dunno, i am tired of this shieeet, that enough at least for today
<xue> im gonna play some gothic 2
<xue> see ya
<trippeh> strange, apt upgraded a 18.04 with rocket.chat snap, now snap.rocketchat-server.rocketchat-server.service just dont start and doesnt log anything. the mongo and caddy services come up fine.
<trippeh> okay it started after switching to the stable 3.x track. lets see if it upgrades cleanly :)
<trippeh> seems so!
#ubuntu-server 2020-07-14
<JonTheNiceGuy> Hi, if I was hoping to set up a simple centralised AAA system on Ubuntu for 5 Linux servers, am I best off with FreeRadius+PAM_Radius, should I look at some kind of LDAP service, or is there some other option I've missed?
<JonTheNiceGuy> Also, rate of change between servers is pretty low and connectivity between servers is very stable.
<rbasak> JonTheNiceGuy: o/
<rbasak> JonTheNiceGuy: openldap + sssd seems to be one commonly done thing if it'll work for you. No need for radius then AFAIK.
<JonTheNiceGuy> Hey rbasak
<JonTheNiceGuy> I need to have a poke around and find more about setting up OpenLDAP then :)
<JonTheNiceGuy> Any whitepapers or Ubuntu Wiki entries I can have a paw through?
<rbasak> I'm not familiar with this area, sorry. I'd ask ahasenack but he's not here right now.
<rbasak> Looks like he's out until later today
<JonTheNiceGuy> No worries :)
<ahasenack> JonTheNiceGuy: hi, just saw your AAA question, it really depends on who are the clients you want to authenticate. You need a common denominator, or else you will be duplicating authentication again
<ahasenack> FreeIPA is a common solution to this on the server side, as it also gives you all the management tools you need, but I don't think it's running well on ubuntu yet, it's a fedora thing
<icey> jamespage: should I mark that MIR bug in-progress, new, or something else?
<jamespage> inprogress and assign it to yourself while you're prepping for the MIR
<jamespage> then set back to new and assign to ubuntu-mir when what's in ubuntu is ready for review
<JonTheNiceGuy> Thanks "ahasenack" (https://matrix.to/#/@freenode_ahasenack:matrix.org)  that's the worry I have. I've basically got 5 admins and about 25 users. It's the sort of thing I could (Ansible|puppet|chef|bash) but I'd rather do it "better"...
<ahasenack> JonTheNiceGuy: well, start with all the things you want to authenticate (user login, ssh, windows login, some webapp you have, etc), and find a common denominator amongst them, and throw in security requirements
<RoyK> ldap+kerberos
<RoyK> AD should work
<RoyK> :)
<JonTheNiceGuy> "RoyK" (https://matrix.to/#/@freenode_RoyK:matrix.org) joke.popey.com :)
<JonTheNiceGuy> Oh, it doesn't do the sounds any more :(
<kevindank> Hello, im having firewall issues i believe.  Ive issued an SSL certificcate for my wordpress install running on ubuntu, but when i try to curl it it shows 443 connection refused
<kevindank> I allowed port 443
<kevindank> when i do ufw verbose it shows 443 as allow
<sarnold> kevindank: do you need to modify security groups or other cloud-provided firewalling?
<kevindank> sarnold: I don't believe so
<kevindank> site is ledwell.com
<ahasenack> do you have something listening on port 443?
<kevindank> Yes, i setup a listener through the openlitespeed control panel to set 443 to any ip address
<kevindank> set it to secure
<kevindank> i used certbot for the certificate, so i set the paths and then set chained certificate to yes
<sarnold> does ss -ntlp show your server listening on the correct port and address?
<kevindank> I dont see 443 in that list
<sarnold> aha :) figure out which program should be listening to that port and make it see things your way :)
<kevindank> i think i may have figured it ut
<kevindank> under protocal i needed to check off ssl 3.0  and tls 1.3
<kevindank> rebooted after that and it seems to work but i cant get to my wp-admin panel now
<kevindank> actually, now its giving me a 404 for the domain also
<sarnold> "check off ssl 3.0 and tls 1.3" -- I'm confused and worried what this means
<kevindank> theres an area when you setup the ssl certificate paths, that says protocal and inside there you have to enable ssl3 and tls
<kevindank> but now that ive done that by site is displaying a 404 and not my wordpress install which i still see on the http only version
<kevindank> like its almost like it doesnt recognize that it needs to display the wordpress install
<kevindank> but its using the same vhost as the non ssl version
<sarnold> unless you've got something crazy going on, you don't want ssl3, tls1, tls1.1
<sarnold> a lot of people like mozilla's recommendations for tls configuration https://wiki.mozilla.org/Security/Server_Side_TLS
#ubuntu-server 2020-07-15
<MonkZ> Hiho, is there a reason that the "lts" alias still points to 18.04 on https://cloud-images.ubuntu.com/ ? See "lxc image list ubuntu: lts"
<Orcs53_> Hi everybody! I have a question regarding configuring a simple routing firewall. I plan to use Ubuntu Server 20.04, and ufw, and I have found a good example for the configuration (see "Full example" in https://manpages.ubuntu.com/manpages/focal/en/man8/ufw-framework.8.html). However, in this example, it is mentioned "Your firewall will undoubtedly
<Orcs53_> want to be less open.". I would like if someone could discuss any further steps for hardening the configuration seen in this approach. Thanks!
<icey> jamespage: https://github.com/openstack/taskflow/commit/598e09fb062daed36fd4f10943ce9b4381843c9e is the change I was referring to - it does seem to be limited, functionally, to postgres
<icey> jamespage: might be worth looking at using the sqlalchemy built in JSOn type instead
<icey> JSON
<Orcs53_> Hi everybody! I asked this question earlier, I am still keen to here back if anybody can help. I have a question regarding configuring a simple routing firewall. I plan to use Ubuntu Server 20.04, and ufw, and I have found a good example for the configuration (see "Full example" in
<Orcs53_> https://manpages.ubuntu.com/manpages/focal/en/man8/ufw-framework.8.html). However, in this example, it is mentioned "Your firewall will undoubtedly want to be less open.". I would like if someone could discuss any further steps for hardening the configuration seen in this approach. Thanks!
<icey> jamespage: except, that introduces a behaviour change for newer databases where they actually have a JSON datatype :-/
<Odd_Bloke> MonkZ: Ubuntu generally only starts recommending upgrading to the latest LTS after its .1 release, it may be something to do with that.
<Odd_Bloke> rcj: Do you happen to know ^?
<icey> it does pass it's tests jamespage...
<ubone> my hostname was something random - not the domain i use for postfix - now i see thunderbird warning because of it (via dovecot?), is  make-ssl-cert generate-default-snakeoil  the command to redo the postfix/dovecot certs ?
<rcj> MonkZ: Odd_Bloke is correct.  The LTS alias moves to the latest LTS release around the time of the .1 release.
<rcj> https://git.launchpad.net/simplestreams/tree/tools/ubuntu_versions.py#n24 is the code that creates the stream data which lxd reads for these aliases
<rcj> Odd_Bloke: ^ FYI
<MonkZ> thanks that information is helpful!
<lotuspsychje> firewall | Orcs53_
<lotuspsychje> !firewall
<ubottu> Ubuntu, like any other Linux distribution, has built-in firewall capabilities. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | GUI frontends such as gufw and ufw-kde also exist. | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo
<lotuspsychje> Orcs53_: see also #netfilter and ##networking for firewalling topics
<Orcs53_> Thanks for the responses
<Orcs53_> I am familiar with ufw and would like to discuss this firewall tool specifically, I assume this fits the topic for this channel.
<avu> is that factoid out of date or is 20.04 really still using iptables?
<Orcs53_> lotuspsychje, Thank you I will note these channels and also seek help there.
<lotuspsychje> avu: the wiki seems to be edited in 2020 think that might still be valid then
<avu> lotuspsychje: weird, wouldn't have imagined Debian stable and CentOS/RHEL to be ahead of Ubuntu in such a thing :)
<mason> avu: Ubuntu 20.04 ships nftables.
<mason> avu: And there's a compatibility layer, so it's relatively safe to still talk in terms of iptables.
<mason> avu: Finally, there's a vast amount more iptables still deployed.
<keithzg[m]> Damn, the problem hadn't occurred for a few days but it just happened again, the 18.04 server I have set up as a primary storage pool (serving via NFS, SMB, and SSHFS, and hosting among other things user home directories used on other servers on the LAN) had file i/o on its BTRFS pool (raid10, 4x4TB HDDs) slow to such a crawl things were failing hard, but with nothing in the logs pointing any cause, just every file
<keithzg[m]> operation suddenly taking way too long. This continues to stump me :(
<sarnold> keithzg[m]: I have two thoughts (a) use perf top to try to determine what is taking a long time and see if you can do something about it (b) blindly try what helps me on my zfs system when it's unhappy at having to access way more files at once than linux was intended to handle -- echo 2 > /proc/sys/vm/drop_caches
<keithzg[m]> sarnold: I've tried stuff along the lines of (a) but it just seemed to be normal routine i/o like Dovecot deliveries that were perpetually hanging, no i/o actually being used and they couldn't be killed :(. I should probably redouble my efforts along those lines though, and hadn't used `perf-top` yet. Never even heard of (b), I'll definitely give that a shot next time this happens, interesting! (Certainly sounds
<keithzg[m]> less troublesome than wholesale rebooting, which has been the only 'solution' so far.)
<sarnold> keithzg[m]: yeah, perf top gives you a chance to figure out what exactly is taking forever. it might or might not lead to a better solution than dropping caches :) but not even knowing why it's sad is too much to bear
<keithzg[m]> sarnold: Noted and very true!
#ubuntu-server 2020-07-16
<brachamh> hey all, i have ubuntu server running on what is essentially an old desktop system. i have emby set up in a docker container. it had been streaming smoothly to even a couple devices at a time in the house. but lately devices have been buffering occasionally. the buffering devices are all wireless, three roku units and a laptop. the server is connected to a switch along with two other computers, which is then connected to the network extender
<brachamh> unit, connected to the main modem at the other end of the house.
<brachamh> is there a way to see if something in my network is causing the buffering, such as the switch, or a wireless router?
<smoser> rharper: when you get in. growpart .. your fix for bug 1834875
<ubottu> bug 1834875 in cloud-utils (Ubuntu Eoan) "cloud-init growpart race with udev" [Undecided,Fix committed] https://launchpad.net/bugs/1834875
<smoser> i dont think that unlock_disk_and_settle ever gets called.
<smoser> because $resizer (resize_sfdisk_gpt, resize_sfdisk_dos, resize_sgdisk_gpt) does not return.
<icey> hey jamespage - could you do a follow up review on https://code.launchpad.net/~chris.macnaughton/ubuntu/+source/python-sqlalchemy-utils/+git/python-sqlalchemy-utils/+merge/386651 again? I'd like to get +1 from you and coreycb
<Aison0> anybody experienced with zfs zvol? I created a virtual machine using a zvol as storage. The virtual machines is using ext4 as Filesystem. Do I have to take care of the block size? volblocksize (zfs) is 8K, ext4 block size is 4K. Is that a problem?
<mason> Aison0: I use zvols as backing store for VMs almost exclusively. I've not had issues where I felt pressed to muck with block sizes thus far.
<Aison0> mason, ok
<Aison0> mason, one strange thing: I allocated a zvol with a size of 25G. The guest vm can use this 25G. Why does the zvol use over 50G?
<jamespage> icey: looking now
<mason> Aison0: It might make more of a difference if your back end is flash.
<Aison0> logicalused 25.1G, logicalreferenced 25.1G
<mason> Aison0: Snapshots maybe?
<mason> Aison0: ZFS space usage is kind of a black art.
<Aison0> used 54.1G, referenced 53.5G
<icey> thanks jamespage
<Aison0> there are no snapshots
<mason> Aison0: #zfsonlinux has folks way more expert than I that can probably give deeper, better answers.
<Aison0> mason, :-) thx for that hint
<mason> Aison0: From what I see, my backing zvols tend to be right around the size I allocated, with refer slowly growing as the virtual disks fill.
<smoser> paride: i guess cloud-utils got moved to github ?
<paride> smoser, yes
<smoser> i think probalby you should just remove the launchpad git repo
<smoser> unless you have some reason for it
<icey> jamespage: I've updated with your suggestion too now :)
<paride> smoser, we discussed the thing a bit. We'll keep using the LP bug tracker as it has per-series bugs and allows closing bug from d/changelog
<paride> we could do this without the repo, but the repo allows to have daily builds in PPAs
<paride> and LP is setup to automatically mirror GitHub
<paride> so I think we're keeping it as it comes almost for free and allows recipies
<paride> *recipes
<paride> smoser, I'd like to disable MPs to the repo on LP, but I don't think that's possible
<TJ-> Is there any way to prevent the 20.04 -server installer, when creating a LVM VG, from zeroing it?
<tomreyn> is't this like a tickbox option when you configure it?
<tomreyn> i guess the fact that you'Re asking this contains the answer to my question. ;-)
<TJ-> indeed; I had already created an underlying MD RAID1 from shell using mdadm ... --assume-clean ... to avoid a long sync and had manually created a VG on it. The installer could not refresh the current view to pick up the VG and on rebooting the installer it wouldn't offer the existing VG as an installation target, so had to use the option to create a VG which does the zeroing
<tomreyn> right, i don't think it's particularly good at handling existing structres.
#ubuntu-server 2020-07-17
<r0zy> Hey all, I was wondering, if I have an extra NIC on my machine, and want to say plugin a switch with a camera, can I VLAN it but still us it locally? is that possible without usuing a router
<Aison0> is there a package that provides /usr/lib/nagios/plugins/check_btrfs
<Aison0> nagios/icinga2 check command?
<andol> Aison0: monitoring-plugins-btrfs
<r0zy> Hey All, I have an extra NIC on my machine, is it possible to plug a switch into it with a camera VLAN it or do I need a router for something like that?
<quadrathoch2> r0zy i guess you would need to explain it a little bit more
<r0zy> I have a security camera that I dont want on the main network, and a little POE switch, I want to plug that switch into an extra ethernet port on my machine (not connected to a router just the switch) can ubuntu give it an IP and gateway ect or is that something a router will have to do?
<r0zy> sorry if im not asking the right way or if its more a networking thing
<r0zy> the machine is connected to the router via main port
<quadrathoch2> r0zy you could setup a dhcp server, or just give those two interfaces static ips
<r0zy> quadrathoch2 thannk you, is there a network manager GUI for ubuntu server? not the best at command
<quadrathoch2> r0zy there should be nmtui
<r0zy> quadrathoch2 thank you again im going to give this a shot
<RoyK> r0zy: you could also use a separate VLAN for that camera, given your switch supports that. Less hassle
<RoyK> r0zy: btw, are you planning on connecting the camera to the same switch as the rest? just a different ip network?
<r0zy> royk its a small tp link poe switch i dont think it will even let me do any thing :(
<RoyK> r0zy: will that be dedicated for this camera network?
<r0zy> royk correct, yeah camera will go to that switch, i got it somewhat connected on my mint machine with link-local only but trying to get it on my ubuntu box
<r0zy> I guess im not that best at networking but understand it a bit
<RoyK> what sort of switch is this?
<r0zy> tp link
<RoyK> model?
<r0zy> tp-sg1005p
<r0zy> my other nic isnt activated or is showing as down, so fixing that first
 * RoyK doesn't like unmanaged switches :Ã¾
<RoyK> but hey - it'll work :)
<r0zy> royk what is your fav managed switch? are most of those enterpise sort of deals?
<RoyK> a lot of cheap switches are also managed
<RoyK> with a managed switch, you can monitor performance, setup VLANs, tagged or untagged, well, most, really
<r0zy> is "smart" managed the same thing?
<RoyK> most of them come with a webui and a serial/ssh interface for configuration and monitoring
<RoyK> probably same ballpark
<r0zy> oh ubiquity has one nice
<RoyK> they have a lot of nice things :)
<quadrathoch2> r0zy https://networkengineering.stackexchange.com/questions/33719/what-is-the-difference-between-smart-vs-managed-switch
<r0zy> Thank you, NMTUI for some reason doesnt show my current connections but i will just do terminal I guess , brought it up with ip link do i need to install the DHCP part to assign proper gateway and IP?
<RoyK> quadrathoch2: IMHO it's the same - just synonyms - everything is marketed as "smart" these days even though we have had that smartness for decades
<RoyK> r0zy: which ubuntu version is this?
<rangergord> "The issue that makes us resist the idea of simply disabling [snap] updates altogether is that very often that will mean never update rather than update at someoneâs discretion, and then weâre getting back to some of the problems that got us here in the first place. Thatâs why weâve been resisting introducing that global switch, at least for the time being, and instead working with people to mitigate
<rangergord> the bad side effects of having automatic updates enabled."
<r0zy> royk: 18.04
<r0zy> royk: 18.04.4
<rangergord> As people running servers in production, how do you reconcile the direction Ubuntu is taking with snaps, with the need for stability and control over when services get updated/restarted?
<r0zy> royk Linux version 4.15.0-101-generic (buildd@lgw01-amd64-003) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #102-Ubuntu
<r0zy> rangergord I guess production supersedes security
<JanC> just remove snapd
<rangergord> JanC, but given the direction things are taking, what happens in 22.04, 24.04, etc, when even your Postgres install is a snap?
<rangergord> and what if you want to update some packages but not others
<JanC> I get Postgres from Postgres
<rangergord> that's you
<rangergord> that's not what the majority of a Linux server distro do
<rangergord> *users
<quadrathoch2> rangergord just move on if you don't wanna use ubuntu, omg is it so hard? I mean you are not locked into the ecosystem by canonical
<rangergord> quadrathoch2, I'm trying to have a discussion with people who use Ubuntu Server in production, to see how they handle the things that worry me
<rangergord> if that's not you, if you're some fanboy, feel free to /ignore me
<rangergord> I'm a long-time Ubuntu fan (usually a version or two behind), this isn't some hit job
<rangergord> I'm planning my next generation of systems and had been planning to use Server 20.04, but I'm reading up about the snap situation and it's worrying me
<JanC> I explained that I remove snapd, will see what happens in the future
<quadrathoch2> yeah just remove snapd and move on, or just use another system. there are literally THOUSANDS of other distros
<JanC> and I use Postgres packages from upstream
<quadrathoch2> even which give you commercial support like redhat or suse
<rangergord> OK, so we have one guy who downloads and installs packages manually instead of using a package manager like everyone else, and another who feels personally attacked and tells me to stop using my favorite and most popular distro. Any 3rd opinions?
<rangergord> JanC, the reason I use the package manager is that Debian/Ubuntu maintainers will have made sure the package is properly configured to work with the current system
<JanC> rangergord: upstream packages from the Postgres Ubuntu repositories
<quadrathoch2> rangergord who tells you that it's the most popular distro? I guess we can all agree that nobody can say that
<rangergord> Postgres was just an example. I use hundreds of packages.
<JanC> I also don't know what Canonical will do with Ubuntu...
<quadrathoch2> and honestly how many packages do you know of which are only installable with snapd? I can pull out of my head exactly 3, chromium which just doesn't matter to -server and canonical-livepatch, I guess you are out of luck and lxd, which imho, just use lxc
<quadrathoch2> and funny how I get called a fanboy, when I don't even have ubuntu right now installed
<rangergord> quadrathoch2, I just read about lxd and it seemed like a taste of things to come. Will almost everything on Server become a snap within 4 years? I'm not just concerned about right now, I'm building a foundation for the next several years.
<JanC> making everything a snap would kill Ubuntu as a cloud OS
<quadrathoch2> yup, and you don't need to run lxd in a snap, just compile it yourself for 20.04
<rangergord> I don't know anything about cloud, I'm an embedded/IoT developer
<JanC> well most people don't want to compile everything themselves, even if just from a security perspective
<r0zy> When assigning an IP to my unmanaged switch, is it assigning it to the switch it self or the camera connected? should i DHCP the interface ?
<quadrathoch2> JanC yeah, i would also rather not (especially for production) but if there would be no way around it *shrug* if you really care that much about snapd
<rangergord> why would using snaps kill Ubuntu as a cloud OS? I'm already reading comments on Hacker News about snapd restarting various systemd services in the middle of operation, due to an auto-update of some snap. (they didn't specify which packages)
<quadrathoch2> r0zy if the switch is really unmanaged, it shouldn't have an IP
<r0zy> Or I guess i mean assigning the ip to the interface
<quadrathoch2> r0zy which interface specifically?
<r0zy> quad : enp3s0 ?
<quadrathoch2> ah so you mean from the system
<r0zy> yeah, it looks like i got it set and connected...
<quadrathoch2> I guess the easiest would be to setup a dhcp server on that one network link. if not, try to figure out which ip the camera has, and try to assign one in the same subnet to the (managed?) switch / desktop/server you got
<r0zy> i can ping the ip i set
<quadrathoch2> r0zy great :)
<r0zy> now i guess i have to figure out the camera lol thank you for the help, I thinkyoure right though because how will the camera get an ip or is it the ip i set I would think id be able to http into it but maybe theres no webpage for it
<r0zy> oh i can ssh into it
<quadrathoch2> even better :) hope you can now figure everything out r0zy
<r0zy> quadrathoc2 thank you for the help, any of you guys use proxmox?
<quadrathoch2> r0zy I guess you would need to look somewhere else (even if it's based on debian/ubuntu), as we don't know what they changed from the "default"
<r0zy> is snap better than apt? or am i confused
<r0zy> whats weird is theres an rdp port open on this thing
<r0zy> reolink camera
<quadrathoch2> Snap and apt are two differently ways to installs things. Sometimes one is better than the other one. But most people like apt more because of the history imho, and because apt is able to share libraries with other packages (where snap isolates the certain package)
<quadrathoch2> r0zy are you sure?
<mybalzitch> well thanks ubuntu during an update renaming all my interfaces from enp* back to eth*
<r0zy> yeah when trying to connect it gives me an error about the libfreerdp does not support h264, and the work around is to install remmina from the flatpak/snap pacakges which i will try
<r0zy> mybalzitch never update (jokes)
<r0zy> maybe its just looping back to my own machine :()
<quadrathoch2> How did you figure out that there is rdp open r0zy
<r0zy> nmap
<r0zy> yeah nm its just looping back to my self lol
<JanC> quadrathoch2: one of the big differences (& problems) is that snaps always auto-update (unless that changed recently?)
<r0zy> wow headache
<quadrathoch2> JanC yes you are right but for example where it really matters, for example in a business you can disable auto updates completely. (Itâs an enterprise feature) I guess they never talked about that really a lot. So when the guy before was talking about production, it was clear he was a non paying customer
<quadrathoch2> So seems like canonical wants to give incentives to pay for support
<JanC> ugh, you mean you can disable it if you pay ransom? that's even worse...
<quadrathoch2> I wouldnât call it ransom, but the systems where it matters, you probably pay, and the rest is more of a test system / homelab POV maybe? Idk the reasoning why they want to do that
<quadrathoch2> Imho same thing with live patching. But there they clearly stated that itâs a paid feature, so I guess less people have an issue with that
<JanC> right
<JanC> if they want snaps to be a paid feature, they shouldn't push it onto everyone
<quadrathoch2> Itâs not about snaps being a paid feature, itâs only specifically about removing the auto update âfeatureâ) (and yes thatâs why I donât like snaps, but I wouldnât go as far as not using the Distro or complain about it on an irc channel)
<JanC> well, complaining is one way to tell people there is a problem  :)
<quadrathoch2> And btw, I only know about that commercial feature because Martin wimpress (Desktop leader) was talking about it on his podcast) so you can guess how well âknownâ that feature is
<JanC> I don't care too much that auto-update is the default (especially for user apps on the desktop)
<JanC> (and I would care even less if the average snap was maintained well...)
<quadrathoch2> okay I thought we were still talking about that as thatâs whatâs most people think is annoying
<JanC> "default" means that you can disable it on systems that are used for real  :)
<Aison0> andol, thx for the hint
<Aison0> why is "monitoring-plugins-btrfs" installed into "/usr/lib/nagios-btrfs/plugins/check_btrfs" and not /usr/lib/nagios/plugins/check_btrfs
<Aison0> icinga2 requires /usr/lib/nagios/plugins/check_btrfs
<Aison0> well, I created now a symlink
#ubuntu-server 2020-07-18
<ComputerTech> Hello
<ComputerTech> i am trying to run this command as root    sudo apt-get install ntp
<ComputerTech> and i get this error
<ComputerTech> http://paste.tclhelp.net/?id=6k33
<ComputerTech> i am running ubuntu 20.04
<ComputerTech> i have tried running  apt-get update
<ComputerTech> i get this then
<ComputerTech> http://paste.tclhelp.net/?id=6k34
<tomreyn> ComputerTech: no, you're not running ubuntu 20.04
<ComputerTech> <ComputerTech> i am running ubuntu 20.04
<ComputerTech> did i not say that?
<ComputerTech> oh ok
<ComputerTech> um which am i running then?
<tomreyn> ubuntu 20.04 comes with systemd
<ComputerTech> ok i just clicked download on my vps panel
<ComputerTech> hehe
<ComputerTech> the latest ubuntu
<ComputerTech> other than that i have no idea
<tomreyn> so this is some custom image by the vps provider. we can't know how it was modified
<ComputerTech> ok
<ComputerTech> well do you know of a work around to fix this error?
<tomreyn> but your output shows you can't even resolve hostnames, so the if you want to overcome this you'll need a working resolver configured first of all
<ComputerTech> hmm again i have not much knowledge on linux
<tomreyn> why did you want to install ntp?
<ComputerTech> for my irc server
<ComputerTech> for time syncing
<ComputerTech> https://www.unrealircd.org/docs/Time_synchronization
<tomreyn> ubuntu uses systemd-timesync for this by default
<ComputerTech> well the unrealircd admins told me to do this command
<ComputerTech> Â¯\_(ã)_/Â¯
<tomreyn> i promise that if you'll run an irc server at your current level of linux expertise, you'll run into problem you can't handle.
<trippeh> isnt that how we learn ;-)
<ComputerTech> indeed
<ComputerTech> i wouldnt say i am new to this
<tomreyn> yes, but there are more pleasant approaches
<ComputerTech> i'd rather stick to the path i am on
<tomreyn> also for the network around you ;)
<ComputerTech> but thanks for the heads up :)
<ComputerTech> i have pleanty of help
<ComputerTech> anyway, just wanted to fix that error
<ComputerTech> since it successfully worked on another server i own
<ComputerTech> just wanted to try fix it on this one also
<tomreyn> the immediate problem is that the nameserver configured on this system is inoperable, unreachable. or there is none configured.
<ComputerTech> oh well, i guess i'll need to try and figure it out myself xD
<ComputerTech> thanks anyway guys
<ComputerTech> :)
<RoyK> trippeh++
#ubuntu-server 2020-07-19
<Rubato> hi
<Rubato> need help
<ducasse> Rubato: what is your problem?
<ducasse> please be specific and provide details
<Rubato> i have a problem restarting sql server
<Rubato> ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (111)
<Rubato> it seems the socket is already in use
<Rubato> but sql process
<Rubato> but if i kill the pid
<Rubato> it keeps coming back
<RoyK> Rubato: quite normal - systemd will often try to restart something that dies unexpectently - systemctl stop <servicename> is the way to go. Is this mysql or mariadb?
<technoob> Hi
<lotuspsychje> welcome technoob
<technoob> Im a flask python programmer
<technoob> Who here wanna talk
<lotuspsychje> technoob: this channel is the ubuntu server support
<technoob> Oh
<technoob> I see
<technoob> Wait is this the channel where they auto flush out inactive users?
<geosmile> how do i maintain my own private authenticated PPA - are there any good tools to help with this effort?
<RoyK^> geosmile: something like this? https://www.dynamsoft.com/codepool/linux-debian-reporisory-reprepro.html
<geosmile> RoyK^, Thanks. That was written for 14.04 - reprepro was last updated in 2019 - is there a tool that is well maintained for this? I also looked at aptly - same problem
<geosmile> https://github.com/KanoComputing/kano-repository-manager - perhaps something like this but well maintained
<andol> geosmile: Not sure if I missed somewhat, but what is the "same problem" shared by reprepro and aptly?
<geosmile> andol, they both are not actively maintained. aptly is worse than reprepro - comparing last updates
<geosmile> andol, have you used any of those tools?
<andol> geosmile: I've used reprepro, and I've been happy enough with it. Aside from not having been updated since 2019, is there anything in paritcular missing/broken with reprepro?
<geosmile> andol, it looks painful to use. Are there any wrappers that make it easier to use?
<geosmile> andol, as far as I can tell, one can just host a nginx/apache server - host the files in a particular directory structure and apt-add-repo will work, am i correct?
<geosmile> I see "dists" and "pool" directory - is that enough?
<andol> What reprepro/aptly/etc does is that they generate, and sign, the needed repository metadata. Then however you host it is up to you. Using a web server is a common solution.
<geosmile> andol, how do you add a authentication/password/key - so that the PPA can only be used by a machine that has that certificate/password?
<geosmile> andol, https://github.com/KanoComputing/kano-repository-manager - also - do you know of a tool like this that is well maintained?
<andol> Well, that depends on how/where you want to host your repositority, but in the case of apache/nginx you'd simply use its native access control.
<geosmile> andol, if i put a password on nginx for example, how do you supply it to apt?
<andol> geosmile: From what I've understood you go with the https://username:password@server.example.com/ in your sources.list
<geosmile> andol, can ssh be used ? or https is the only way?
<andol> geosmile: ssh ought to be usable as well.
<geosmile> deb ssh://repo-owner@repo.server.com:/home/repo-owner/debian/ ./
<geosmile> Yup, that works!
<geosmile> andol, it seems that I've to store root@public keys of all the client machines - which might be a security hazard to some extent
<andol> geosmile: Surely you'll use a dedicted user for repository access?
<geosmile> so the repo.server should have keys so that it can enter all the client machines?
<exalted_shmo> Hello! I'm having some difficulty with bridged networking within a docker container on ubuntu 18.04. Is this the right place to ask for help, or is there another channel that would be better?
<quadrathoch2> no, just give us more information exalted_shmo :) hopefully somebody can answer your questions
<exalted_shmo> Sure! I am running ubuntu 18.04 server on digital ocean and I'm trying to run some docker containers, but within the container it seems the network is not active.
<exalted_shmo> I can start a new ubuntu container with `docker run -dit --name ubuntu1 ubuntu bash`
<exalted_shmo> and do `docker attach ubuntu1`
<exalted_shmo> but when I do `apt update` apt cannot connect to any host
<exalted_shmo> the DNS may be a problem, but I have also run other tests and found that I cannot even ping 8.8.8.8 from within the container
<exalted_shmo> If I run `docker run -dit --network=host --name ubuntu1 ubuntu bash` everything works as normal, so I was able to install ping that way and test it out.
<quadrathoch2> as I don't run docker, I can only guess. did you look at your firewall exalted_shmo?
<exalted_shmo> this is the current output of `ufw status`:
<exalted_shmo> ```Status: activeTo                         Action      From--                         ------      ----8000                       ALLOW       Anywhere                  OpenSSH                    ALLOW       Anywhere                  8000 (v6)                  ALLOW       Anywhere (v6)             OpenSSH (v6)               ALLOW       Anywhere (v6)
<exalted_shmo> ack, sorry about the formatting
<exalted_shmo> I suspect the firewall is not configured correctly, but I am unsure what the correct configuration would be
<exalted_shmo> ```
<exalted_shmo> ```Status: activeTo                         Action      From--                         ------      ----8000                       ALLOW       Anywhere                  OpenSSH                    ALLOW       Anywhere                  8000 (v6)                  ALLOW       Anywhere (v6)             OpenSSH (v6)               ALLOW       Anywhere (v6)
<exalted_shmo> ```
<quadrathoch2> exalted_shmo use paste.ubuntu.com for stuff like this
<exalted_shmo> apologies, thank you
<exalted_shmo> https://paste.ubuntu.com/p/w5xzrD36qK/
<exalted_shmo> it may also be significant that I recently upgraded from 14.04 with `do-release-upgrade`
<quadrathoch2> do you deny outgoing traffic? just guessing here
<exalted_shmo> is there a way I could tell that that is the case?
<quadrathoch2> ufw status verbose
<exalted_shmo> https://paste.ubuntu.com/p/mrQrmtJ2zd/
<quadrathoch2> I'm pretty sure this could be a problem: deny (routed)
<exalted_shmo> possibly, I did not set that explicitly, so I do not know how to change that one
<exalted_shmo> I modified `/etc/default/ufw` and set `DEFAULT_FORWARD_POLICY="ACCEPT"` and then restarted ufw and now ufw status verbose says `Default: deny (incoming), allow (outgoing), allow (routed)`
<exalted_shmo> but I am still having the same trouble within the containers
