#ubuntu-server 2006-07-24
<Nethernet> is there any way to translate the stuff in dmesg to dates/times?
<Ries> Overand: dmesg only happesn when the kernel starts?
<Overand> hm
<Overand> no
<Overand> but
<Overand> change of topic-
<Overand> I'm having what I *think* are power management issues
<Overand> are there any daemons i should be checkjugn?
<Overand> i didn't see apmd running
<infinity> apmd shouldn't be running on a server system, that's for sure.
<infinity> (It's not running in our default desktop install either, for that matter)
<infinity> What are the power management issues you think you're seeing?
<Overand> the system is waiting to get colocated, at a friends house
<Overand> and it's been going unreachable
<Overand> and he can't ssh in
<Overand> from inside the lan
<Overand> and i can't do anything from outside
<Overand> so hey grabs the keyboard to bring up a local console
<Overand> and all of a sudden... everything works again
<infinity> Sketchy...
<Overand> yeah
<Overand> we'd *just* gotten done stress-testing, too
<infinity> None of the nwtwork drivers should be powering down the cards, EVER.
<Overand> and were ready to colocate this stuff
<Overand> well it's aTyan GT20 (S2865)
<infinity> In fact, NICs are one of the few things that stay on even when a machine's asleep.
<Overand> which uses some broadcom card and an nividia one
<Overand> and we're *not* using the nvidia one
<Overand> =] 
<infinity> Was this a server install, or a desktop install?
<Overand> server
<Overand> but- it was one of the RCs
<Overand> that being said,it's vbeen updated
<Overand> latest kernel,etc
<infinity> Yeah, RC makes no difference if you've been updating.
<Overand> well, latest *pacakged* kernel
<Overand> ... packaged
<Overand> it's AMD64 though
<Overand> THis is waytoo weird of an issue
<infinity> Which also makes no difference.
<Overand> theoretically
<Overand> just saying the drivers may be less mature in some cases
<infinity> Not generally, no.
<Overand> OK
<infinity> There are a few weird issues if you run the i386 dist on amd64 hardware, but amd64-on-amd64 is quite solid.
<Overand> yeah, i've had no problems at all
<Overand> the system was stable for ages
<Overand> i can't track down *when* it freaked out
<infinity> When he hits the console, I assume the machine responds instantly?... ie: It hasn't actually put itself to sleep, doesn't do a resume cycle, etc?
<Overand> it miiiight have been after a kernel upgrade
<Overand> asking him
<Overand> I might just drag his ass in here, heh
<Overand> I'm better with ubuntu and linux in general, and slightly better with hardware, but he's OK.
<Overand> well it's alive now
<Overand> so i'm having him set aside the keyboard, and leave the monitor on, and we'll see if it fires down
<Overand> I had him check the BIOS for weird config issues- nothing
<Overand> he says the monitor doesn't fire itself down
<Overand> k- no delay
<infinity> Okay, so it's almost certainly not a power management thing, unless we broke the tg3 driver (we didn't) to recently start powering down NICs just for fun.
<Overand> I'm hoping it's not hardware
<Overand> he's gonna try a fresh install
<Zambezi> I can find anyone who can help me with rtorrent in #ubuntu. Can anyone here help me? Cause server is without X and rtorrent runs without X, so probably somebody here knows.
<Overand> Zambezi: there are some nicePHP base torrent clients
<Overand> great for allowing people to get *nix ISOs and whatnot
<Overand> very cool stuff- can't remember app napes
<Overand> ah- torrentflux
<Overand> check that out
<Zambezi> Overand, But I would like to use rtorrent. But the applications isn't find in Breezy.
<Overand> did you check in universe and multiverse?
<Zambezi> Overand, And a packages I need doesn't work in Dapper. It sucks. I need Edgy now!
<Overand> yeah- it's out there
<Overand> i see it in dapper
<Zambezi> Overand, I checked the packagesite on Linux. And rtorrent is only found in Dapper.
<Overand> Zambezi: misread you re: dapper
<Overand> what packagedoesn't work in dapper?
<Overand> just curious
<Zambezi> Overand, It's an external packages.
<Overand> ok
<Zambezi> And I'm starting to freak out if I can't solve this problem. :-(
<Overand> ugh
<Overand> so that machine I was having hte 'power management' problem with seems dead again.
<Overand> I'm tempted to blame the issues on the 'router' it's behind- consumer NAT.
<omarkj> Good day.
<nihilocrat> helloooo
<nihilocrat> I was just wondering if the LAMP server install option has any sort of accelerator pre-installed
<nihilocrat> or various parts of the php and apache config pre-tuned to work best for a LAMP setup
<Ries> nihilocrat: I just compile eAccelerator from scratch.... works on of the box
#ubuntu-server 2006-07-25
<Mustafa> hi
<damned[office] > hi all
<damned[office] > can anybody suggest why can X11Forwarding not work via ssh?
<Stonekeeper> hi. Is there a way to use the partitioner from the installer after you've installed? I'm looking for a nice way to manage LVM. Thanks.
<derekS> i am having trouble when I ssh into my ubuntu box (using putty) to access mutt.... it is charset issues, anyone experienceing these?
<ajmitch> derekS: set putty to use UTF-8 translation
<derekS> ajmitch: how?
<derekS> i thought it is?
<ajmitch> not by default
<derekS> ajmitch: do you know where?
<ajmitch> the option is in there somewhere.. it's been awhile since I had to use it
<derekS> ok thanks :)
<derekS> google knows :)
<skateinmars> the option is in the "translation" menu
<skateinmars> or something like that, if I remeber
<ajmitch> window->translation
<derekS> yeah
<derekS> i just found it :)
<derekS> it is set to 
<derekS> ISO-8859-1:1998 (Latin-1, West Europe)
<ajmitch> then change it
<derekS> as a side note, should i keep my terminal type as xterm or linux?
<derekS> mutt looks perty again :)
<ajmitch> whatever works
<derekS> ajmitch: heh, i will keep xterm then
<derekS> thanks for your help!
<derekS> (now i gotta pretend like i understand how to config mutt+fetchmail+procmail+etc)
<derekS> what imap server do you guys use? courier?
<Antich> hola
<Antich> alguien en el canal que hable castellano?
<Antich> hi
<Antich> I hava a problem with ubuntu server
<Antich> I install in a k6-2 with 128 Mbytes of RAM 
<Antich> in the first run after the install 
<Antich> the system reboot
<Antich> I need some help
<exobuzz> hi
<exobuzz> As ubuntu uses evms, why does the installer not utilise evms to setup/manage volumes ?
<exobuzz> Also: I boot from a raid-1 array. I set it up from the installer, but changed grub to boot from /dev/evms/md/md0 instead of /dev/md0. that worked so I guess evms is in the initrd.
<exobuzz> however after switching to evms (and changing the fstab line to evms too), i get an error on booting (minor script syntax error - tells me some script is missing a semi-colon)
<exobuzz> everything works, but this looks like a bug (and it seems to be in the initrd stage)
<exobuzz> any comments ?
<derekS> what would you guys reccomend for speed courier, cyrus, dovecot or UW?
<lionelp> derekS: it depends :)
<lionelp> for a simple install, I would say courier or dovecot
<derekS> lionelp: i have courier currently, but it seems slow?
<derekS> and kills cpu
<exobuzz> dovecot is small and fast
<exobuzz> i recommend it
<derekS> exobuzz: how does it compare to courier
<exobuzz> i use it with vexim and mysql users
<derekS> exobuzz: i am basiclaly just using it as a mail store
<exobuzz> dont know. courier is quite complex in comparison. dovecot is really easy to get running
<derekS> exobuzz: i will try it out
<exobuzz> tooo hot in here
<exobuzz> 31 C... argh
<derekS> lol
<exobuzz> do harddisks like operating at 48 degrees ? i hope my machines will be ok
<derekS> lol
<derekS> prob not
<exobuzz> my homemade raid server has 4 case fans and 2 fans for the harddisks.. and its still hot
<exobuzz> sorry.. 5 case fans :)
<derekS> exobuzz: dovcot does seem alittle faster :)
<exobuzz> :)
<exobuzz> oh wait.. macbook is intel or ppc ?
<exobuzz> wrong channel :/
<derekS> lol
#ubuntu-server 2006-07-26
<jas02> Hi, i am new here and i want to help you with ubuntu-server. I am using Debian as server for long time, and now i am using Ubuntu server too (Dapper Drake). What is the best way to start?
<skateinmars> I think it depends on how you want to help
<jas02> i can help in many ways. I can programming something (Perl/C) and/or i can help with bug reporting. Can you tell me what do you plan for next release (Edgy Eft) server? Is there some TODO list wrom which i can take same task(s)?
<screeb> hi jas02, i'm also new here :)
<jas02> screeb: hi :-)
<screeb> I'm trying to join a project on writing a web interface for ubuntu-server
<screeb> http://ubuntuforums.org/showthread.php?t=191858&page=11
<screeb> It is just an information ;)
<jas02> well, i just start read it
<jas02> it looks very interesting. I see already some WWW interface on top of the Debian, but nothing so professional.
<screeb> :)
<screeb> I am not in the Ubuntu Server Team, and don't have lot of feadback from ubuntu yet
<screeb> it is maybe not structured enough yet...
<jas02> same as me
<screeb> you have some project for ubuntu?
<jas02> not yet
<skateinmars> jas02, screeb maybe you should try to contact the team via the mailing-list
<jas02> i am already in mailing list, but no mails comming :-)
<jc-denton> hi all
<jc-denton> anybody here who is familiar with mdadm / lvm?
<jimcooncat> gnome-system-log is segfaulting when trying to open /var/log/getmail.log.1.gz. How do I search that file?
<derekS> jimcooncat: gnome isn't included on ubuntu-server, you are better off in #ubuntu
<derekS> and it seems like youasked there before here
<jimcooncat> ok. just wanting to know how to seach a .gz'd log file, thought you could tell me an easy way
<jimcooncat> sorry, I asked in #ubuntu, and got an answer -- I thought they weren't listening
<derekS> jimcooncat: from now on ask in the appropriate channel. gunzip should work to extract it
<jimcooncat> yessir
* Ries tthinks this is a more friendly channel then ubuntu
<derekS> Ries: i agree, but i gnome isn't included in ubuntu server (and it has nothing to do with it)
<derekS> if he was asking about something like hula or open-exchange, even though it isn't included, it would be appropirate :)
<allee> mhm, jas02 is gone. Nevertheless ;) next time someone asks for something to help.  Point to https://launchpad.net/distros/ubuntu/edgy/+specs
#ubuntu-server 2006-07-27
<Ries> hey Guys
<Ries> Got a question...
<Ries> can anyone of you tell me if this works under Linux? http://www.aflax.org/examples/sockets/sockets.html
<NineTeen67Comet> Hi all .. I've got an issue that is stumping me .. I run about 7 sites and one is simple not starting .. It times out with a server error .. but the vhost is fine, path and such are okay .. I just dunno .. 
<amee2k> hi all
<amee2k> i'm on a fresh ubuntu server 6.06 install. when i do "ls -l" some directory names are printed highlighted. what's so special about them?
<amee2k> screenshot: http://img129.imageshack.us/img129/169/sshotib7.png
<amee2k> (that's logged in over ssh)
<amee2k> any ideas?
<infinity> amee2k: It's due to the permissions.  World-writeable directories get a different colour, to warn/show you that they're a bit.. Different.
<amee2k> yeah
<amee2k> ty
<maswan> as long as you don't do the red hat/scientific linux way of defaulting to blinking white-on-red to tell me that a symlink destination is missing.
<maswan> it's horrible. I'm probably scarred for life for having to maintain such hellish machines
<amee2k> lol
<amee2k> Q: why doesn't the "install LAMP server" option also install php5-mysql??
<amee2k> i mean LAMP == Linux Apache Mysql Php - so they are supposed to work together, right? then why not install mysql client module with PHP (which mysql is intended to be used with)?
#ubuntu-server 2006-07-28
<tkup> I have had created a partition that I left during install for LVM. After install, I pvcreate /dev/hda3; vgcreate extra /dev/hda3; but when I vgcreate I get this error twice: Incorrect metada area header checksum. and then "No physical volume label read from /dev/hda3 and then "not identified as an existing physical volume. I'm stuck. can anyone help?
<Stonekeeper> hi. Has anyone ever configured nss/ldap to work with TLS?
<lionelp> Stonekeeper: yes
<Stonekeeper> did you edit /etc/ldap.conf ?
<Stonekeeper> i tried all the settings in libnssblah.conf but it still refused to work
<Stonekeeper> i only found ldap.conf after i asked the Q
<lionelp> You have to alter three files if you want full TLS : /etc/ldap/ldap.conf, /etc/libnss-ldap.conf /etc/pam_ldap.conf
<Stonekeeper> hmmm... what do you do to pam_ldap.conf?
<Stonekeeper> ah, ok
<Stonekeeper> i see
<Stonekeeper> thanks lionelp
<Stonekeeper> have a good weekend
<amee2k> hi all
<amee2k> i'm on ubuntu server 6.06, vsftpd-2.0.4: i want have a system account and want to allow password-less FTP login for it. "passwd -d" removes the password from the account but then vsftpd denies login. how can i allow password-less login for an account in vsftpd?
<uniq> hmm..
<amee2k> yes?
<uniq> i think you need proftpd or something more advanced to get that functionality.
<amee2k> hm....
<amee2k> when trying with passwd -d, it does not encrypt an empty string but just clears the password field in /etc/shadow. is there a way to have an empty string encrypted?
<uniq> don't think you can encrypt nothing.
<amee2k> :/
<uniq> even if you can encrypt it i don't think vsftpd accepts blank passwords for local accounts.
<uniq> I can get vsftpd to accept one space as a password.
<amee2k> hm... sounds like i'm better off with proftpd then
<A-Kaser> amee2k, you want on user or more ?
<A-Kaser> because if you need just one user (login), you can use anonymous user
<amee2k> no, more than one
<A-Kaser> so why you don't use anonymous user ?
<amee2k> because anonymous is just one user?
<A-Kaser> oh sorry I don't read the "more"
<A-Kaser> :)
<amee2k> ^_^
<A-Kaser> so each user can connect to the server
<A-Kaser> without password
<A-Kaser> but with a different user
<A-Kaser> and they can access to the same directory or not ?
<amee2k> they are all under /var/archive however they don't share the same home directory.
<amee2k> for example /var/archive/repo/info /var/archive/repo/data /var/archive/repo/media /var/archive/sandbox ...
<amee2k> i'd prefer a lightweight solution because my hardware is already on the "needs upgrade" list for some time
<A-Kaser> ok ok
<amee2k> what is the "information_schema" database in a fresh mysql server install good for?
<AndreasBe> Hi there.
<AndreasBe> i got a problem authenticating against an OpenLDAP server using the gdm login manager. tty and ssh authentication is fine. anyone able to help?
<AndreasBe> (slapd running on ubuntu server; gdm on a ubuntu client. i have folled the guides for ldap authentication in the wiki)
<NineTeen67Comet> Hello all. I've never used Gallery2 via letting the package manager install it. How do I tell the core web site where the code base lies when apt-get installs gallery2? (normally I untar it in my main sites directory, then tell all the other sites where the code base is).
#ubuntu-server 2006-07-29
<NineTeen67Comet> I have a question about accessing my server via nfs .. How do I control permissions? I mean the files are user:group 775 for the most part, but I'm finding I can not write to those directories from my other linux boxes (all Ubuntu). (I'm a user on the server too) .. 
<NineTeen67Comet> The directory I need rw access to is www-data:users .. 775 .. and I am a member of users .. shouldn't I be able to write to it?
<A-Kaser> hello
#ubuntu-server 2006-07-30
<NineTeen67Comet> anyone awake in here? .. I apt-get installe gallery2 on my server .. (I've used gallery2 for a while now but always manually untared it) .. My "Q" is, where/how do I impliment gallery2 when it's apt-get installed?
<cf12345> Hello, is it possible to install HP Insight Manager Agents on Proliant 360 G4p?
<cf12345> how can i monitor the hardware-components on a hp proliant(raid/power supply/memory/nic)?
<cf12345> does anyone run dapper on a hp proliant DL360 or similar?
#ubuntu-server 2007-07-23
<Innatech> What should I make of this?  insmod: error inserting '/lib/modules/2.6.15-28-386/kernel/net/ipv4/netfilter/ip_conntrack.ko': -1 Unknown symbol in module
<bje> ip_conntrack.ko is probably not from a 2.6.15-28-386 kernel
<Innatech> hrm. I kinda figured it would be considering I have a different directory structure for other kernels. 
<Innatech> in any case, what would I do to fix it so I can have ip_conntrack ? 
<tck> feisty universe uses ike-scan 1.7 when 1.9 is out
<tck> is there a way one can request an update?
<CraigYounkins> so i'm using 7.04 server and mdadm for software raid 1 over 3 drives. When i physically fail a drive, ubuntu will not start, stating "mdadm: /dev/md0 assembled from 2 drives (out of 3), but not started" . It appears this is related to the flags it's passing to mdadm to assemble the array. I made modifications to rcS.d, but I can't seem to get it to work. Any ideas?
<mralphabet> CraigYounkins: booting off the array? is it raid 5?  Last I heard, mdadm had difficulty booting off raid 5
<CraigYounkins> the first 2 partitions (/boot and /) are raid 1
<CraigYounkins> and third partition is a swap (non RAID) and the fourth is for RAID5
<mralphabet> CraigYounkins: odd, I know I've booted off depracated arrays before
<CraigYounkins> Yeah I mean the OS and /boot is all on each drive. it should be able to boot with only 1 of the 3. It's something with the way ubuntu is assembling the array. as you can see above, it won't "Start" the array even though it has 2 of the 3 drives.
<mralphabet> is this holding up booting?
<mralphabet> or just not mounting the raid 5
<CraigYounkins> it only boots fully with all 3. with only 2 it prints the message above and dumps me into ash without mounting any of the arrays.
<CraigYounkins> i might try the more server-stable Debian
<infinity> CraigYounkins: Take the "--no-degraded" out of /usr/share/initramfs-tools/scripts/local-top/mdadm and update-initramfs -u
<infinity> CraigYounkins: We've been having a pretty heated argument over the sanity of that default recently.
<CraigYounkins> wow... thanks for the response infinity! let me try it!
<infinity> I take no responsibility for your computer blowing up.  I've been awake for 2 days (the last 18 hours of which have involved sitting in LAX, waiting for a flight), so I'm not all here. :)
<CraigYounkins> infinity: Thank you again. I believe it worked, but i'll have to do more testting to be sure
<ScottK> lamont: If you are up for looking at Postfix bugs, Bug 127555 might be worth a look.
<ubotu> Launchpad bug 127555 in postfix "package postfix 2.4.3-1ubuntu1 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New]  https://launchpad.net/bugs/127555
<vas> is any one here at the moment?
<CraigYounkins> yeah, ask 
<vas> so I do not seek help from thin air
<vas> k cool
<vas> I thought that apt-get remove would un-install a program so I coulod re-install it, although after usint it, I tried to apt-get install it and it cannot be found
<CraigYounkins> for the record, there are 46 people in the room -_-
<CraigYounkins> what proggie
<vas> proggie?
<CraigYounkins> what program
<vas> snort
<vas> it reeffers me to snort-common... and when I do that it reffers me back to snort
<vas> any ideas?
<infinity> Do you still have universe in your sources.list?
<CraigYounkins> vas:  what happens with "sudo apt-get remove snort"?
<infinity> Sounds to me like perhaps you don't actually HAVE snort available anymore.
<infinity> (ie: you don;t have a deb source for universe anymore)
<vas> I had it available tirty seconds ago
<vas> how do I get it back infinity
<infinity> Err, what error does apt give you?
<infinity> Paste it.
<vas> sudo apt-get install snort?
<infinity> Yeah.
<vas> socrates@SOCRATES:~$ sudo apt-get install snort
<vas> Reading package lists... Done
<vas> Building dependency tree       
<vas> Reading state information... Done
<vas> Package snort is not available, but is referred to by another package.
<vas> This may mean that the package is missing, has been obsoleted, or
<vas> is only available from another source
<vas> However the following packages replace it:
<vas>   snort-common
<vas> E: Package snort has no installation candidate
<vas> snort-common does teh same except it reffers me to snort
<infinity> grep universe /etc/apt/sources.list
<vas> ## universe WILL NOT receive any review or updates from the Ubuntu security
<vas> deb http://us.archive.ubuntu.com/ubuntu/ feisty universe
<vas> deb-src http://us.archive.ubuntu.com/ubuntu/ feisty universe
<vas> # deb http://us.archive.ubuntu.com/ubuntu/ feisty-backports main restricted universe multiverse
<vas> # deb-src http://us.archive.ubuntu.com/ubuntu/ feisty-backports main restricted universe multiverse
<vas> deb http://security.ubuntu.com/ubuntu feisty-security universe
<vas> deb-src http://security.ubuntu.com/ubuntu feisty-security universe
<infinity> Curious.
<infinity> "sudo apt-get update && sudo apt-get install snort"
<vas> infinity, it seems to be connecting and downloading a bunch of files
<vas>  Could not resolve 'us.archive.ubuntu.com'
<vas> Err http://security.ubuntu.com feisty-security/multiverse Translation-en_US  
<vas>   Could not resolve 'security.ubuntu.com'
<vas> Err http://us.archive.ubuntu.com feisty/multiverse Translation-en_US         
<vas>   Could not resolve 'us.archive.ubuntu.com'
<vas> Ign http://security.ubuntu.com feisty-security Release                       
<vas> Err http://us.archive.ubuntu.com feisty-updates Release.gpg                  
<vas>   Could not resolve 'us.archive.ubuntu.com'
<vas> Ign http://security.ubuntu.com feisty-security/main Packages                 
<vas> Err http://us.archive.ubuntu.com feisty-updates/main Translation-en_US  
<infinity> Well, there you go.
<vas> gn http://security.ubuntu.com feisty-security/multiverse Packages           
<vas> Ign http://us.archive.ubuntu.com feisty-updates Release                      
<vas> Ign http://security.ubuntu.com feisty-security/multiverse Sources            
<vas> Ign http://us.archive.ubuntu.com breezy-updates Release                      
<vas> Err http://security.ubuntu.com feisty-security/main Packages                 
<infinity> Your DNS is broken.  Can't fix that for you.
<vas>   Could not resolve 'security.ubuntu.com'
<vas> Ign http://us.archive.ubuntu.com feisty/main P
<vas> tlike that
<vas> things like that** ??
<vas> how do I fix it
<infinity> 12:46 < infinity> Your DNS is broken.  Can't fix that for you.
<infinity> If you run your own DNS, fix it.  If it's your ISP... Well... Nothing I can do.
<vas> I don't beleive it's my own DNS
<infinity> (This is all assuming the machine has an internet connection at all...)
<vas> yes
<vas> it does
<vas> could it be a problem in host
<vas> I have been bugging around with that a little because I am setting up SAMBA
<infinity> You moight want to take this to #ubuntu.
<vas> would be ok if I pasted the first 2 likes real quick for you to see
<infinity> Generic "My DNS /network is broken" isn't very servder-specific. :)
<infinity> Ugh, I can't type.
<vas> alright
<vas> thnx for the help this far guys
<CraigYounkins> infinity: Don't you need some sleep?
<CraigYounkins> well whatever. Good night!
<vas> hey is anyone here familiar with snort, their channels dead
<vas> not dead but quiet... no one talking at all
<BFTD> hrm?
<[miles] > morning
<[miles] > is anyone using Landscape yet?
<jbrouhard> landscape ?
<[miles] > yep
<[miles] > http://cetico.org/tech/2006/05/ubuntu-landscape-somewhat-announced.html
<[miles] > http://www.cetico.org/nwu
<[miles] > mmm interesting also
<[miles] > cos I've got quite a few boxes I'm admining, this would be handy
<soren> [miles] : It was only just announced yesterday. I doubt it has seen widespread adoption yet :)
<[miles] > jeje
<[miles] > well, just check out this NWU now also
<[miles] > soren: do u know if Support from Can. is per-box or as unlimited boxes, per yeaar?
<soren> [miles] : Per box, but I'm sure you can get a good deal if you've got many machines.
<jbrouhard> eh.. i'm not sure i like nwu, but I use nagios to keep track of servers tbh
<soren> [miles] : Landscape is quite a bit more than nwu, as far as I can tell.
<[miles] > jbrouhard: nwu is for updates, nagios is to monitor
<[miles] > ok thanks soren
<[miles] > a Mono based GUI would be nice
<[miles] > for NWU
<jbrouhard> meh
<jbrouhard> a simple cron script would solve the updates ;)
<[miles] > jbrouhard: yes, but also you can drive a mini or a ferrari
<jbrouhard> Nah
<[miles] > personally, I'd rather drive the ferrari
<jbrouhard> those cars are too small :)
<[miles] > jeje
<jbrouhard> I like my pickup
<[miles] > need to find more info out on NWU and see if it's stable etc
<jbrouhard> That and my '69 dodge Charger :)
<jbrouhard> nwu does sound like a decent application
<jbrouhard> tho why is nagios broken in ubuntu ?  i keep getting package dependency problems (php4)
<[miles] > try Zabbix
<[miles] > we're running it here
<[miles] > added SMS alerts etc
<[miles] > been running since b4 xmas
<jbrouhard> Oh?
<jbrouhard> SMS Alerts?
<jbrouhard> nice
<jbrouhard> how easy is it to install ?
<[miles] > very
<jbrouhard> is it in debian repos as well ?
<[miles] > dunno, I built it from source
<[miles] > right, coffee time
<[miles] > bbiab
<soren> jbrouhard: I've done sms alerts with nagios, too.
<soren> jbrouhard: Which version of Ubuntu are you on?
<jbrouhard> heh.. it only exists in ubuntu, not debian upstream.  hah
<jbrouhard> Right now, I'm using Kubuntu Feisty Fawn.  my servers currently run Debian Sarge
<jbrouhard> i'm planning a major migration when we move our colocation servers from Portland, OR to Kansas City Missouri in the next month or two.  the New servers will have Ubuntu-server 
<soren> jbrouhard: I'm just curious about why you say Nagios is broken? It works fine for me (Edgy and Gutsy systems).
<jbrouhard> one monment
<jbrouhard> lemme recreate what i did
<jbrouhard> where's ubuntu paste bin ?
<soren> !pastebin
<ubotu> pastebin is a service to post large texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu-nl.org (make sure you give us the URL for your paste - see also the #ubuntu channel topic)
<jbrouhard> Thanks
<jbrouhard> http://paste.ubuntu-nl.org/30877/
<soren> jbrouhard: What if you remove nagat from the equation?
<jbrouhard> Lemme try that
<jbrouhard> That worked
<jbrouhard> whats up with nagat ?
<soren> That was on Feisty, was it?
<jbrouhard> Yes
<soren> jbrouhard: Broken (stale) dependencies. 
<jbrouhard> aha
<soren> jbrouhard: We ditched php4 (and never had php3), but nagat didn't list php5 as a valid option.
<jbrouhard> aha
<jbrouhard> I'm trying to find out if Plesk will install on ubuntu-server.
<jbrouhard> I'm told it may not
<soren> jbrouhard: http://ftp.acc.umu.se/mirror/ubuntu/pool/universe/n/nagat/nagat_1.0a2-8ubuntu3_all.deb
<soren> If you use that instead (it's from gutsy), you should be fine.
<soren> bbiab
<jbrouhard> Ok
<jbrouhard> i"ll try that next time
<jbrouhard> I gotta get to sleep
<jbrouhard> thanks soren
<[miles] > mmm why is nwu not included in server ?
<[miles] > mmm ok, it's alpha
<[miles] > jeje
<[miles] > :-|
<soren> [miles] : Have you used it?
<[miles] > no
<[miles] > litterly found it when I was asking you about Landscape
<soren> [miles] : Ah, ok.
<[miles] > It does not seem to be overly developed
<[miles] > erm, activivly even
<[miles] > currently. Zimbra is my baby... wow, I love it
<soren> [miles] : Anyhow, Landscape seems to combine something like nwu, Zimbra and a few other things. I've never used it, though.
<[miles] > you mean zabbix right, not zimbra
<soren> [miles] : Um, yes.
<soren> [miles] : Yes, definitely. I'm on crack.
<[miles] > jaja
* [miles]  is on smack
<soren> [miles] : Where did you hear about Landscape anyway?
<[miles] > mmm wired iirc
<soren> [miles] : Ah, ok. I was just curius since the article you linked to was over a year old. It seemed like a curius concidence that you stumbled upon that only the day after Landscape actually was announced :)
<[miles] > jesus, FF is bombing out left right and centre
<[miles] > I've never know it to be so unstable
<Nafallo> morning. I have about ~20 servers and a backupbox with 8 3ware-raided drives. all servers connected on the same optical ring, but in different datacenters.
<Nafallo> what backupsolution should I be looking at? :-)
<[miles] > bacula
<Nafallo> looking at that right now infact. do you know ofhand how restores is done? if I have different users with the same uid/gid on two servers and does a partial restore from one to the other, who will own the files? :-)
<soren> Nafallo: I will :)
<soren> Nafallo: muahahah!
<Nafallo> soren: :-P
<Nafallo> hmm. another thought. do bacula in Ubuntu has a maintainer who takes care about security in it? ;-)
<Nafallo> I see it's in Universe ;-)
<soren> Nafallo: I don't remember how fine-grained you can restrict access to do partial backups, but if it's sane, you could make it so that users only can restore from/to the server where the backup originated.
<Nafallo> yea, but I've ran backuppc at home for the last years. backup my ex-girlfriends server via the darknet, and if I would need to restore a backup from my server to hers files owned by me here would be owned by her there since both are UID 1000 ;-)
<Nafallo> I'd like to avoid that if possible.
<soren> Nafallo: I honestly don't remember if bacula uses uid, usernames or both...
<Nafallo> hmm. we don't have a maintainer for it in Ubuntu it seems.
<Nafallo> if I decide to run it we will have though :-P
<Nafallo> a friend tends to get an error on restore with it.
<Nafallo> Wanted ID: "BB02", got ".".
<Nafallo> Buffer discarded.
<soren> Nafallo: http://www.bacula.org/rel-manual/Bacula_Console.html#SECTION0022180000000000000000
<Nafallo> soren: thanks
<[miles] > mmm
<[miles] > http://news.bbc.co.uk/1/hi/technology/6908946.stm
<[miles] > I've made a slight alteration
<[miles] > http://milesbarry.es/419school.jpg
<[miles] > ;)
* Nafallo thinks he settles on bacula + pgsql
<bain> alo
<bain> ajmitch: :) 
<bain> stephanbuys: :) 
<stephanbuys> bain, :)
<Nafallo> hi
<SA1300> I'm new to disk management on Linux, I installed Ubuntu server on a system with two identical 40 Gb drives. The system mounts partitions on both drives but there are about 30 Gb or so unaccounted for. Can someone help me locate this space?
<Nafallo> hmm. I think bacula in dapper is borked.
<Nafallo> complains that I only have postgresql 7.4 and claims it would like 8.1
<mralphabet> sa1300 apparently isn't terribly concerned about his missing partitions :/
<kshahnjd> I'm confused as to the email services available in the install guide for ubuntu server, are all four needed or is Postfix/Mailman all that is needed?
<kshahnjd> is Mailman like squirrel, or it just the interface portion?
<kshahnjd> nvm, stupid q
<kshahnjd> alright, so it's either Postfix or Exim4+Mailman ? I can't use the Mailman web interface with postfix?
<Nafallo> you can't?
<Nafallo> why not?
<kshahnjd> I misunderstood what each component was responsible for, i was asking stupid questions
<asisak> kshahnjd: I guess it is either exim4+mailman or postfix+mailman
<kshahnjd> I just need a MTA and a MDA, right? so that's Postfix and Dovecot?
<asisak> maybe
<kshahnjd> I kinda wanted a web interface like squirrel's too
<Nafallo> depends on what the box is supposed to be doing
<asisak> you can use squirrelmail
<Nafallo> roundcube seems a nice webinterface for IMAP btw
<asisak> but both exim4 & postfix can act as an MDA as well
<asisak> IIRC
<kshahnjd> I'm not use to having a separate transfer agent and delivery agent as they call it, whenever I'm installed an email daemon before, it's always just one piece of software
<kshahnjd> not multiple
<asisak> yep
<kshahnjd> and the postfix installation was a bitch
<Nafallo> ehrm
<Nafallo> apt-get install postfix, done
<kshahnjd> the config according to the server guide is what i followed, maybe I didn't need too
<asisak> I use exim4 that is very simple (because it is the default)
<kshahnjd> no web interface though?
<asisak> but configuring either postfix or qmail should not be very difficult
<ScottK> It's not the default in Ubuntu
<Nafallo> well, I always choose to let my conf be and do it by hand anyway.
<asisak> oh, not any more
* ScottK too
<asisak> I thought it has been
<ScottK> It's default in Debian.
<Nafallo> ScottK: postfix is still the preferred MTA, no?
<ScottK> Yes
<ScottK> Not Exim
<asisak> okay, nice to learn this
<Nafallo> :-)
* asisak uses exim4
<asisak> on both debian and ubuntu boxen
<kshahnjd> I don't understand why the MTA and MDA are separate, fyi i'm new to linux
* ScottK says asisak is welcome to Exim4
<asisak> they are two separate concepts / interfaces / tasks / ...
<asisak> not two separate pieces of software (in the case of exim / exim4 / postfix) at least
<ScottK> kshahnjd: If you want to use Postfix and are new to Linux/Postfix, I STRONGLY suggest you run out an buy "The Book Of Postfix".
<ScottK> Postfix can be an MDA, but is limited.  Depending on your needs you may want another like Dovecot or Courier.
<kshahnjd> ScottK: I have no reason to use one daemon over another yet, I would like to use something with a web interface though like squirrel
<asisak> Book The Postfix Of
<asisak> you should  take care of the postfix notation :D
<kshahnjd> So i guess i'm looking for a recommendation
<asisak> kshahnjd: squirrel is totally independent of MTA / MDA 
<asisak> it is a MUA
<asisak> (for the sake of TLAs)
<kshahnjd> I see
<kshahnjd> so what do you use?
<kshahnjd> for MTA/ MDA?
<kshahnjd> u said Exim before but that is just the MTA
* asisak uses Exim4
* ScottK uses Postfix, but doesn't have complex needs.
<asisak> it is also MDA
<ScottK> for an MDA
<ScottK> kshahnjd: Get the book and start with Postfix.
<kshahnjd> oh, that's where my confusion is, the server docs are lying to me
<ScottK> Get that working and add pieces from there.
* Nafallo uses postfix+pgsql+dovecot+sasl2 etc...
<ScottK> kshahnjd: The server docs cover a particular set of use cases that may or may not match your needs.  That is not "lying" to you.
* ScottK sits down.
<asisak> wow, Nafallo, do you administer large server(s)?
<Nafallo> coNP: that's my homeserver with several of my domains on it. will be migrating my new job to something like it ASAP though. will add a spamfilter and roundcube though.
* coNP uses exim4+spamassassin+clamav+dovecot
<coNP> wow, I also want to try roundcube
<kshahnjd> already, I gotta disable postfix then and install exim and squirrel
<kshahnjd> *alrighty
* Nafallo is paranoid enough to use postfix :-)
<coNP> do you think exim4 is vulnerable?
<kshahnjd> fmi, is Postfix also an MTA/MDA then too?
<Nafallo> I think using software that's written with security in mind all the way is the sane choice.
<Nafallo> atleast for servers
<coNP> sure
<coNP> so you recommend postfix?
<Nafallo> yes
<coNP> I might have a look at it
<coNP> do you have any performace comparisons, btw?
<Nafallo> no. not really. always used postfix and those damn beasts are configurable to the extent comparisons are not comparable :-)
<coNP> you are righty right
* Nafallo ponders how he wants mail to flow from this box
<coNP> hmm?
<Nafallo> it's just a backupbox
<Nafallo> still need an MTA
* Nafallo goes with loopback-only for now
<coNP> oh I seem to see
<kshahnjd> for real world purposes what is the advantage for a small operation using IMAP over POP?
* coNP likes IMAP because it is easier to make backups on the server side
<kshahnjd> IMAP is generally considered more secure too?
<coNP> I guess POP3S and IMAPS can be secure, but neither POP3 nor IMAP
<kshahnjd> They also want me to specify which mailbox to use for dovecot, as in maildir or mbox, and the link they provide to the advantages of either is broken
<kshahnjd> do u prefer one over the other?
<ScottK> With pop3 your users are responsible for backups and if they lose stuff, oh well.  WIth IMAP, you have to do it and if you lose their stuff, not good.
<ScottK> IMAP takes a lot more server space.
<coNP> ScottK: yep, this is the another side of what I said
<Nafallo> with IMAP mail is on the server, so you can basically reach your mbox from any MUA with Internet access :-)
<Nafallo> or rather maildir if I was to decide.
<coNP> it is transparent
<coNP> I mean from the MUA side
<ScottK> Only if you have high bandwidth and a reliable internet connection.
<kshahnjd> I guess i'm maildir then
<leonel> there's been some noise about  6.06.2    any  info on the release plans ?
<kshahnjd> suggestions for a webmail interface?
<ScottK> squirrelmail is popular.  leonel can tell you about it.
<leonel> Been using it  for some time  and it's a light  and simple webmail that  works  even in my cell phone :)
<kshahnjd> apt-get install squirrelmail :) ?
<kshahnjd> (new to linux)
<leonel> enable universe in case you haven't
<leonel> and apt-get will do the  magic
<kshahnjd> universe?
<leonel> kshahnjd: http://ubuntuguide.org/wiki/Ubuntu:Feisty#How_to_apt-get_the_easy_way_.28Synaptic.29
<kshahnjd> I'm using ubuntu-server, only command line
<kshahnjd> did I already do this when I commented my cdrom repository?
<kshahnjd> I remember I did not uncomment the backports line...
<leonel> check if you have  lines like this in  /etc/apt/sources.list :
<kshahnjd> leonel: yeah, we're talking about the same file, the only thing I've done to that file since install was comment the cdrom lines
<leonel> deb http://archive.ubuntu.com/ubuntu/ feisty universe
<leonel> and 
<leonel> deb http://security.ubuntu.com/ubuntu feisty-security universe
<leonel> 
<leonel> in case you are using  Ubuntu Feisty
<ScottK> In Feisty for new installs Universe was enabled by default, so it may not need to be added.
<kshahnjd> i have those lines
<kshahnjd> so just apt-get
<leonel> yes
<kshahnjd> leonel: so I installed postfix, squirrelmail and dovecot, but i have yet to specify a user or an admin
<kshahnjd> is the root user of the system automatically assigned a mailbox?
<Nafallo> I think uid 1000 gets roots mail by default
<leonel> the  "admin" user is the user that  you created when  installed  ubuntu
<kshahnjd> if I create new users on this box, will they too be given a mailbox? or is this like in windows where i have to specify new users independently of their relationship with the box
<leonel> can be  anyway you want
<leonel> the simplest  way is as you've done
<leonel> and the users  are system users
<leonel> I mean  you add users to  ubuntu  with  useradd or adduser 
<leonel> and they will have a mailbox
<kshahnjd> leonel: yeah, thats what i mean, users and system users doesn't seem to have a distinction in linux
<kshahnjd> which i like btw :)
<leonel> or you can have your  mail  users  appart from the system users 
<kshahnjd> i see
<leonel>  as you want to have the 
<leonel> them
<kshahnjd> how do i list all users? (logged on or not?)
<kshahnjd> or can you point me to a man on user control?
<leonel> but  just installing postfix   and dovecot  your system users will be  mail users
<leonel> with    who   you can see  you logged users  in the system
<leonel> not in the mail 
<leonel> since the mail system  connects   checks mail  download and  logout  
<leonel> you have to few users  logged at the same time
<kshahnjd> got it, thx
<leonel> you can do a :
<leonel> sudo  tail -f /var/log/mail.log  
<leonel> to see all the mail activity on your server
<kshahnjd> i use to check my mail from the command line using pine
<kshahnjd> and i know i can install it here easily, but i wanted to know what the default command line mail reader is
<leonel> you can use  mutt or  mailx 
<kshahnjd> neither are installed by default
<leonel> sudo apt-get install mutt  mailx 
<leonel> or you can  install elinks
<kshahnjd> no, i understand that, but why is the system telling me 'you have new mail' if there is no reader
<kshahnjd> oh, it just sees the file in the directory, and alerts me, it doesn't care whether or not there is a reader installed natively
<leonel> a textbased   browser 
<leonel> yes
<leonel> with elinks  you can use  your squirrelmail to see your mails 
<kshahnjd> if 'users' gives me the full list of people currently logged onto the system what gives me the list of all the accounts on the system?
<lcdd> kshahnjd: 'getent passwd'
<Creeture> Hey all. Looking for some recommendations on 32-bit PCI SATA RAID cards. I'm interested in RAID 1 + hotspare. 
<kshahnjd> lcdd: worked, thaks
<kshahnjd> 8thanks
<Creeture> SATA 3Gbps preferably. Found the HighPoint RocketRaid 1810A that should work. Would like the card to do as much work as possible.
<kshahnjd> I have a server which will be hosting example.com in the near future sitting next to a laptop physically connected to a router which is not directly connected to the internet, is it possible/how can I configure bind on the server so it claims it is example.com and so that my laptop believes its claim?
<mralphabet> server runs BIND or dnsmasq, laptop refers to server as it's dns authority
<Innatech> ^ what he said. 
<mralphabet> laptop will believe anything the server tells it
<Innatech> or just use a hosts file. 
<mralphabet> server says "I am microsoft.com! mwahahahaha!"
<mralphabet> laptop says "okay!"
<kshahnjd> laptop's gateway is not the server, it's a router though, no difference? does the server 'announce' / broadcast?
<mralphabet> gateway and dns are two different things, and there are seperate spots for it in the laptop IP configuration
<kshahnjd> well in my hosts file on my windows laptop, i can just specify that 192.168.1.98 is example.com i think..
<leonel> kshahnjd: if your nameserver in  /etc/resolv.conf  is the ip of your server wokrs
<mralphabet> kshahnjd: yes, you can use your hosts file, which innatech referred to
<kshahnjd> what is the difference between sites-available and sites-enabled?
<kshahnjd> -- i want to properly specify servername and serveralias
<Innatech> kshanjd: that's a better question for Apache people. 
<Innatech> or, rather, a question better asked of Apache people. (As in, the dev community, not the tribe.)
<kshahnjd> okay, i thought available/enabled was something native to the ubuntu config, but i guess not
<mathiaz> kshahnjd: available/enabled is specific to debian/ubuntu.
<mathiaz> kshahnjd: site-available lists configuration files specific for each apache module that is installed.
<kshahnjd> k
<mathiaz> kshahnjd: site-enabled is a directory listing the modules that should be loaded.
<kshahnjd> so which should I modify?
<mathiaz> kshahnjd: site-enabled should only contain symlinks to site-available.
<mathiaz> kshahnjd: have a look at the command a2enmod, a2dismod
<Innatech> hrrm...I hadn't realized it was ubuntu specific. Shows you how much I'm using other distros lately. 
<kshahnjd> i used those commands before but now i don't remember for what
<mathiaz> kshahnjd: which are used to enable/disable apache2 module.
<kshahnjd> yeah, i see, so i can enable like gd or php5_mod, etc using them
<kshahnjd> apache2ctl is like using /etc/init.d/apache2 but.. not exactly if i remember correctly
<Creeture> kshahnjd: apache2ctl is shipped with apache2. /etc/init.d/apache2 is the Debian/Ubuntu init script wrapper that includes a lot of fixup for the platform. It calls apache2ctl to do the real work of starting/stopping apache2.
<Creeture> As far as sites-enable/site-available is concerned, it's a simple concept. The "available" sites are available to be "enabled" into the config.
<kshahnjd> i see, so init.d commands are just generally more comprehensive since they consider everything else that is connected to apache
<kshahnjd> I see
<kshahnjd>  so when re/starting apache2 from the command line in ubuntu I receive a warning "could not reliably determine the servers fully qualified domain name, using 127.0.1.1 for ServerName".. but I have specified ServerName in /etc/apache2/sites-available/default
<Creeture> It tells you exactly the problem in that statement. Your /etc/hosts should contain a "127.0.0.1 localhost" line and also a "192.168.1.x myserver.example.com myserver" line
<Creeture> And you can comment the ServerName line in your apache config. The only reason you'd need it there is if the ServerName is different than your hostname.
<kshahnjd> oh wow... okay I see.. and is this /etc/hosts file historically the same exact thing as the windows /etc/hosts file?
<kshahnjd> someone told me to disable the mod_uniqueid module to fix it and that did not sound right
<kshahnjd> i'm still getting the error
<kshahnjd> well, warning
<ivoks> lots of traffice today :)
* Nafallo wants to give up on bacula
<ScottK> Why?
<ivoks> don't
<ivoks> we'll help
<Nafallo> cause bacula-director-pgsql is broken in LTS
<Nafallo> not only the depends, but the damn postinst as well
<ivoks> could be...
<ivoks> i've worked only on mysql part :/
<Nafallo> hmm
<ivoks> or not :)
<Nafallo> I guess that's a choice. either that or dist-upgrade some versions.
<Nafallo> /var/lib/dpkg/info/bacula-director-pgsql.postinst: line 130: /var/lib/postgresql/.pgpass: No such file or directory
<Nafallo> I guess pitti would know what've happened from 7.4 to 8.1 though.
<Innatech> seems there's a lot that doesn't get any attention from SRU or backports. :( 
<ScottK> Innatech: For backports, if there is stuff that's been requested and tested, but not approved, let me know and I'll attend to it.
<Nafallo> DOOH!!!
<Nafallo> echo "$PGSQL_HOST:*:*:$DB_ADMIN:$DB_ADMIN_PSWD" > $DB_ADMIN_AUTHFILE
<Innatech> ScottK: will do. I think someone metioned PHP a week or so ago, but I didn't go check on it. 
<Nafallo> like if postgresql even use an admin password?
<ScottK> There is a php backport pending Innatech.  It wasn't clear to me what the rdepends implications were.
* ScottK doesn't use php personally.
<Innatech> ScottK: ah, very good. It didn't sound right to me that something like PHP wouldn't get attention--glad to hear that isn't the case (even if you don't use it! heh.) 
<ScottK> There are only a very few people who can approve backports and I think I'm the only one that's particularly interested in server stuff.
<ScottK> Innatech: If you want to look at the bug and research the rdepends and the potential impacts, please comment on the bug and then ping me.
<Innatech> I didn't realize. I'm using LTS widely on my and client's servers. I'd be happy to look into the PHP thing, although I'll likely have to wait a few days. I'm dealing with a physical migration of a client for most of the week. 
<Nafallo> stupid LTS... ;-)
<Innatech> But LTS makes me happy! >sniff<
<Nafallo> sounds like you haven't dealt with an uninstallable package most of your day then ;-9
<Nafallo> ;-)
<Innatech> Oh, I've run into some of that. 
* ScottK thinks it's stupid uninstallable package, not stupid LTS then.
<Nafallo> sure. but the package would work in > 6.06 :-P
<Innatech> Here's one of my favorites: 
<Innatech> https://bugs.launchpad.net/ubuntu/+source/quagga/+bug/48848
<Innatech> No ospfd for you!
<ubotu> Launchpad bug 48848 in quagga "[Dapper SRU]  Assertion failure in OSPF" [Medium,Confirmed]  
* Innatech personally finds that medium rating to be a bit too relaxed. 
<Nafallo> good thing I run 7.04 on my server then, except it can't boot itself :-)
<kshahnjd> whats up with the #apache ppl hating on debian and ubuntu
<kshahnjd> man
<Innatech> Funny thing is that Quagga is fixed in newer verions, yet it's an SRU assignment. But, I'm sure wiser heads have their reasons. 
<ScottK> Innatech: What do you mean?
<ScottK> jdong was right to reject the backport.
<Innatech> ScottK: yeah, I gather that he was I just don't fully understand why. 
<ScottK> One of the rules that the Ubuntu Tech Board put on backports when they made it official was that we not backport for fixes that were SRU worthy.
<ScottK> The reason is that -updates is enabled by default, while (for good reasons) -backports is not.
<ScottK> If people could use the relatively easy backports process to bypass the SRU process, then fewer bug fix updates will get done.
<Innatech> That makes good sense, but it doesn't seem that fixes that exist in backports are readily accepted by SRU. Or maybe SRU is just understaffed, I don't know. But I do keep running into problems that end in open SRU bugs. 
<ScottK> The idea with LTS, particularly, is to keep it stable, so just dumping in new version X to fix a bug is not a good plan.
<Innatech> Stable is good---stable bugs, less good. 
<ScottK> Sure.
* Nafallo attempts to grab the source for bacula=edgy to try to backport for bacula=dapper so he can upload to dapper-updates
<ScottK> Usually the roadblock for an SRU is testing.
<Innatech> Not saying I could do any better--not only can I not code, but I'm not even that deft with packaging tools. 
<ScottK> Yes, but if you  can test.
<Innatech> Testing, yes, absolutely. 
<ScottK> That's actually the hardest part.
<Nafallo> ScottK: ...right ;-)
<Innatech> It'd be nice to find a way to give back, indeed. 
<Nafallo> depends on the problem :-)
<Nafallo> gaah!
<Nafallo> edgy uses dbcommon or what's it's name...
<Nafallo> *sigh*
<ScottK> if you enable dapper-proposed and see what updates are sitting there (don't install them all) you should find open SRU bugs saying what needs to be tested.
<ivoks> Nafallo: i've setup bacula-mysql more than few times :/
<ivoks> Nafallo: on dapper
<Innatech> ScottK: excellent. I'll do it on my personal machine and see if I can help. 
<ScottK> Great.
<Nafallo> ivoks: I can't even remember when I last used mysql :-P
<ivoks> i know you are trying with postgre, but... there's always mysql :)
<Nafallo> ivoks: might as well let my boss pay for me fixing a dapper-proposed ;-)
<ivoks> :)
<ScottK> coNP: No MOTU for you until you get lighttpd fixed.
<ScottK> ;-)
<kshahnjd> i saw someone d/l a file from the command line and then use zxsf to decompress and extract
<ivoks> for 6.06.2 we have to get support for newer e1000 and new 3ware sata raid controlers
<coNP> ScottK: I was sure about that
<kshahnjd> but i don't know what the command is for the d/l.. it isn't get, any ideas?
<coNP> :D
<Innatech> If you really want to get crazy you would run postgre in a VM, and pretend its on another host. Don't know how friendly that would be with Bacula, tho. 
<Innatech> *could
<ivoks> Innatech: friendly
<ivoks> bacula is very flexibile
<Nafallo> I wonder if I should backport this whole postinst :-)
<Nafallo> might even work...
<ivoks> you can have director on one, storage on second, sql on third and console on forth computer
<Innatech> That is rather flexible. Neat. 
* Nafallo screams
* Innatech shudders. Don't do that!
<Nafallo> dbconfig-common isn't a high enough version
<Nafallo> damnit!
* coNP has to won the quiz @ ubuntu-trivia first. Then heading towards MOTU, lighthttpd and ScottK 
<ivoks> lighttpd
<ivoks> it's not light httpd
<ivoks> it lig httpd
<Nafallo> no. light tpd :-)
<ivoks> :)
<Innatech> Ah, yes, of course. Named after the Ligurian coast. Everyone knows that. ;P 
<coNP> sure, -ht
<Nafallo> *sigh* good luck backporting dbconfig-common to a plain debconf :-P
<Nafallo> I wonder if someone would hate me if I rewrite the whole fucking file
<ScottK> Nafallo: SRU is supposed to be done with the least diff possible.
<Nafallo> ScottK: I know
<ScottK> OK.  I figured.  Just don't get more extravegant than needed...
<Nafallo> you haven't seen this damn file ;-)
* ScottK hopes it will stay that way.
<Nafallo> the damn postinst "patches" pg_hba.conf and restarts the sql-server :-P
<Nafallo> WTF
<Nafallo> syslog is empty...
<kshahnjd> can someone help me understand the tar options.. i'm trying to extract something.tar.gz
<kshahnjd> I was under the impression that: tar -zxsf something.tar.gz
<kshahnjd> would do it
<kshahnjd> cannot open, no such file or directory X a million errors
<Nafallo> z = gunzip, x = extract, f = force, v = verbose
<kshahnjd> didn't work
* ScottK normally -xvvz 's
<ivoks> remove -
<kshahnjd> oh
<kshahnjd> remove?
<ivoks> tar xvf something.tar.gz
<ivoks> z
<ivoks> tar xvfz :)
<ivoks> v is optional
<Nafallo> i.e. what I wrote ;-)
<ivoks> but f isn't force
<ivoks> it's --file
<kshahnjd> i think the problem is that it's not writing the directories
<Nafallo> aha
<kshahnjd> so it doesn't write the files
<ivoks> and if you use -fxvz it wouldn't work
<ivoks> kshahnjd: it does if directory is archived
<ivoks> it doesn't if files are archived
<kshahnjd> hmmm.. then id on't know what i'm doing
<kshahnjd> tar xvzf something.tar.gz
<kshahnjd> Cannot open no sch file or directory
<kshahnjd> how can I get information about a file from the command line? like it's size, etc
<coNP> kshahnjd: use ls
<kshahnjd> if I want to check it's integrity
<coNP> kshahnjd: use ls -l 
<ivoks> this really isn't question for ubuntu-server
<ivoks> :)
<coNP> sorry :(
<kshahnjd> yeah, but it is the only place where i can talk to people who regularly use the command line in ubuntu server
<Nafallo> kshahnjd: is that so?
<kshahnjd> well, afaik
<kshahnjd> i'm new to linux so, and usually never go on irc, but have for the past week since i've started
<Nafallo> I would be surprised if people on #ubuntu didn't use /bin/bash
<ivoks> don't get us wrong, but this channel is for development and support for ubuntu-server related... we don't want it to become yet another #ubuntu - multipurpose support channel
<kshahnjd> they do, i've asked there too, you're right, i'll move my venue :)
<Nafallo> this channel is a bit of everything as it is already ;-)
<ivoks> kshahnjd: or visit your local community channel
<kshahnjd> it's been quite helpful :)
* Nafallo ponders giving up now and find pitti tomorrow :-)
<ScottK> Not "giving up", "stopping work for now".
<ivoks> you guys do realize that 6.06 lacks support for some very common server hardware?
<ivoks> like new intel gigabit ethernet?
<ivoks> new 3ware controlers
<ivoks> and adding support for it is POC
<ivoks> we should push some requests to kernel team
<ivoks> we already have patches for some stuff
<Nafallo> and they apply on dapper-git?
<ivoks> ok... i have a feeling i'm alone with this problems :)
<ivoks> yes
<ivoks> and i use them daily
<Nafallo> well, give them the URLs on the mailing list and see what they say then :-)
<ivoks> i already did, but looks like i need backup :)
<Nafallo> aha :-P
<ivoks> today i've installed server, cdrom, raid controler and ethernet card weren't working
<Nafallo> \o/
<ivoks> until 8.04, intel will release couple of MB which will be useless with dapper (some of them already are) for newcomers
<ivoks> everything new with ICH8/ICH9, e1000, non-funcional on dapper
<Nafallo> 8.04 isn't that far away though
<ivoks> true, but not everybody have luxury of upgrade downtime
<ivoks> some will stay on 6.06 untill EOL
<Nafallo> hmm
<ivoks> and on every new kernel, recompile of drivers is needed
<Nafallo> but those people won't reboot for new kernels either?
<ivoks> they will, one thing is kernel upgrade, something else is test-case of complete new distribution
<ivoks> and upgrade process
<Nafallo> right
<Nafallo> ehrm
<Nafallo> PGCMD="su -s /bin/sh $DB_ADMIN -c"
<Nafallo> that should not work in Ubuntu, should it?
<ivoks> bash instead of sh, just to be sure :)
<Nafallo> sudo instead of su?
<ivoks> lol, yeah, and that too :)
<Nafallo> hmm. dpkg is root, so should work to use su to change to postgres I guess.
<ivoks> right
<Nafallo> *sigh* I should now by now this isn't low hanging fruit :-P
<ivoks> low hanging fruit is a myth
<ScottK> The low hanging fruit got fixed before release.
<Nafallo> ehrm
<ScottK> The fun stuff is left.
<Nafallo> nafallo@remembrance:~$ getent passwd postgres | cut -d ':' -f 6
<Nafallo> /var/lib/postgresql
<Nafallo> nafallo@remembrance:~$ ls /var/lib/postgresql
<Nafallo> ls: /var/lib/postgresql: No such file or directory
<Nafallo> joy...
<ivoks> very nice :D
<nealmcb> getent - cute!  new tricks for an old hacker :-)
<Nafallo> god damn it.
<Nafallo> something must have created that directory at some point...
<Innatech> ivoks: not sure which Intel gigabit you're having trouble with. I'm using dual port PCI-E server cards w/ e1000. 
<Nafallo> most likely postgres
<ivoks> Innatech: 82566DC for example
<ivoks> Innatech: 82541PI also
<Innatech> hmm...let me see what I'm using....
<ivoks> 3ware 9650SE is also PIA...
<Innatech> I did have to do that sysfs trick thing to get them recognized, but that was likely because they're OEM.....
<ivoks> update-pciids
* Nafallo gets random postgresql versions
<Innatech> The controllers in my dapper router are Intel 82573L and 82571GB . 
#ubuntu-server 2007-07-24
<ivoks> Innatech: yeah... those are older models
<necrite_> hi all
<Innatech> ivoks: ah. I suppose I got lucky, then. I didn't exactly do an exhaustive search before I bought, like I should have. 
<necrite_> what is the daemon (service) which upgrade the server time?
<Innatech> ntpd
<necrite_> ty
<Innatech> np
<Nafallo> FFS
<Nafallo> I had forgotten to install the damn SQL-server
* Nafallo tries to reinstall the package
<Nafallo> lol. still can't configure it ;-)
<Nafallo> wow
<Nafallo> I think I got it running :-P
<Nafallo> yepp yepp. uploading :-)
<Nafallo> ScottK: is there a procedure for SRU other than yell at $RANDOM_ARCHIVE_ADMIN to let it through? :-)
<ScottK> Main or Universe?
<Nafallo> universe
<Nafallo> bacula_1.36.3-2ubuntu3_source.changes: done.
<ScottK> https://wiki.ubuntu.com/MOTU/SRU
<Nafallo> thanks
<ScottK> Nafallo: Are you a MOTU.  I don't recall (sorry)?
* ivoks hopes to see gtk webkit browser by the end of 2008 and then never look back at firefox again :)
<Nafallo> ScottK: yes. since hoary IIRC :-)
<Nafallo> not very active those days though :-/
<ScottK> OK.  Wasn't sure.
<ScottK> You just dput to dapper-proposed and an Archive Admin will publish it.
<ivoks> 'night all
<Nafallo> hmm. bug report ;-)
<Nafallo> yea.
<ScottK> That would be good.
<Nafallo> I just forgot about the bugreport. I talked to pitti about it before I started mangling the package though :-P
<ScottK> In that case, just put "It's not in LP, but I talked to pitti about it, so it's OK for an SRU updload." in debian/changelog and I'm sure it'll be fine.
<ScottK> ;-0
<Nafallo> so if we forget about the bug in changelog I'm fine ;-)
<Nafallo> I've already uploaded the changelog with just the things I've changed :-)
<Nafallo> i.e. three deps in debian/control ;-)
<Nafallo> *sigh*
<Nafallo> I have updatedb eating 1 core
<Nafallo> if I uninstall slocate that will be findutils instead, which is essential.
<Nafallo> what should I do about the damn thing? :-/
<Nafallo> ha!
* Nafallo solved it by telling it not to search the 2TB partition :-)
<kshahnjd> thanks all for help, gn&gl
<halcyonCorsair> hi, can anyone tell me how to set the default route to be a particular interface?
<halcyonCorsair> ah, nevermind...oops
<iceval> hello
<iceval> i use 7.04 for server
<iceval> is it okay?
<iceval> can i install squid?
<Nafallo> yes
<iceval> how to install squid sir?
<iceval> Nafallo
<Nafallo> apt-get install squid
<ivoks> sudo apt-get install squid
<ivoks> :)
<Nafallo> :-P
<iceval> does ubuntu have root?
<iceval> coz i cant access my root
<Nafallo> yes, but its locked by default
<Nafallo> man sudo_root IIRC
<iceval> ivoks: first time to use ubuntu
<iceval> from windows98
<iceval> =)
<iceval> i want to use ubuntu to be my server
<iceval> how to install squid?
<iceval> i dont see the .exe
<asisak> iceval: is it serious?
<iceval> im serious
<iceval> i email the ubuntu and they send me 7.04
<asisak> iceval: sudo apt-get install squid
<iceval> my name is cesar quinon from philippines
<iceval> please cheak my email sir
<iceval> done this sir sudo apt-get install squid
<iceval> this one i follow ivoks: sudo apt-get install squid
<iceval> i dont see the squid in applications-places-system
<asisak> iceval: squid is not a desktop application that would show up in the menu
<iceval> oh i see
<iceval> how to see it sir?
<iceval> so i could look for it and how to creat a proxy so that i will use it to my workstations
<asisak> so you install squid on your server
<asisak> and setup workstations to use that
<iceval> yes
<iceval> but i dont have workstation now connected
<iceval> i will first make sure that squid
<ivoks> iceval: http://tldp.org/HOWTO/TransparentProxy.html
<ivoks> but... eh...
<ivoks> you should know some basics first... :/
<ivoks> and my guess is that you don't know them
<ivoks> this one is better:
<ivoks> http://www.e-healthexpert.org/node/431
<iceval> thanks
<iceval> reboot
<iceval> =)
<ivoks> reboot?
<asisak> indeed
* asisak is sure he'll be back
<Nafallo> hmm
<ivoks> asisak: from hungary?
<ivoks> were you in budapest last year on conference?
<asisak> ivoks: yeah, nope :(
<asisak> ivoks: how do you know?
<Nafallo> asisak: well. have you checked what channels you hang on? ;-)
<asisak> btw my name comes from the town near Zagreb
<asisak> lol @ me
<Nafallo> morning ScottK 
<ScottK> Good morning.
* asisak hides
<asisak> (neither light nor tpd updates yet)
<ivoks> asisak: heh
<ivoks> asisak: i'm from zagreb
<asisak> ivoks: yeah, that's why I said that
<ivoks> asisak: i was in budapest, giving talk about CUPS, very bad talk, if i may add :/
<asisak> you certainly know Sisak 
<ivoks> croatia is so small that not only i know cities, but also villages :)
<asisak> :)
<ivoks> asisak: so, why (a)sisak? :)
<ivoks> doh..
<ivoks> never mind :)
<asisak> so because of my first name
<asisak> or last
<ivoks> yeah, i figured that out :)
<asisak> the winner is: ... ivoks :)
<Nafallo> ivoks: where should I start reading to setup this beast? :-)
<ivoks> which one?
<Nafallo> bacula :-)
<ivoks> hehe
<ivoks> http://www.bacula.org/dev-manual/Brief_Tutorial.html
<ivoks> http://www.bacula.org/rel-manual/index.html
<ivoks> it will be difficult at start, but once you figure it out, you'll bowl to it every day
<ivoks> it's complex cause it's so flexibile...
<Nafallo> yea, that's why I choosed it :-)
<Nafallo> thanks.
<ivoks> np
<ivoks> if you get stuck, feel free to nag me...
<Nafallo> I will :-)
<ivoks> that was figure of speach :)
<ivoks> i was being polite :)
<Nafallo> hehe
<ivoks> it has very verbose logs, so one should get all the info from it
<ivoks> Nafallo: if you have time, take a day or two and try figure out retenation and recycle definitions :)
<Nafallo> ivoks: I haven't :-)
<ivoks> Nafallo: keep File Retention =< 30 days
<ivoks> Nafallo: Volume Retention depends on how much you want to ruse same volume
<Nafallo> its a 2TB partition on RAID5 :-)
<ivoks> :))
<ivoks> so, one day? :)
<Nafallo> I sure hope it can take more then that ;-)
<ivoks> depends on what you're backing up
<Nafallo> yea. will see how much space it will use :-)
<ivoks> file retention is period after backup during which you want to be able to single pick one file
<ivoks> volume retntion is period after backup during which you want to be able to recover data from that volume
<ivoks> so, file retention is less than volume
<soren> What's the point in having a volume with data on it, if you can't restore files from it?
<ivoks> you can
<ivoks> but you can't pick single file from it
<ivoks> cause if you do daily backup
<ivoks> and hold information about 1TB files in database
<ivoks> that database will be very large after 30 days
<soren> ivoks: Ah, I can only restore the entire backup then?
<ivoks> yes
<soren> ivoks: Entire volume, I mean.
<soren> ok.
<ivoks> it's possible to recover data even if volume is older than volume retention period
<ivoks> but this includes scaning volume
<ivoks> and... well... i didn't try it and don't plan to :)
<Nafallo> hmm
<Nafallo> I think the first step is going through the files in remembrance:/etc/bacula ;-)
<ivoks> bacula-dir is most important one
<ivoks> everything about the jobs is defined there
<ivoks> what to backup, when, at which volume, retention periods, recycling, etc...
<Nafallo> no default password?
<ivoks> iirc, there is no by default
<ivoks> but you should set one up, or two, or three :)
<ivoks> director can use different password for different modules (-sd, -fd and console)
<ivoks> but passwords are something you can setup at the end :)
<ivoks> and are easiest thing to do :)
<Nafallo> hmm.
<Nafallo> aha. Jobs points to JobDefs. smart :-)
<ivoks> don't forget, jobs can have RunBefore and RunAfter
<ivoks> this is great stuf... program gets executed at fd, so on director you say 'oracle stop'
<ivoks> and this gets executed before backup at client
<Nafallo> seems most conf is done with vi rather than bconsole? :-)
<ivoks> and after backup oracle start :)
<dendrobates> stephanbuys: ping
<ivoks> bconsole is not for configuration
<ivoks> bconsole is for monitoring and reconfiguration
<Nafallo> ah. oki :-)
<ivoks> for example, in config you define maxvolumesize
<ivoks> but if you used volume before with different maxvolumesize, then you can reconfigure it trough bconsole
<ivoks> or lables...
<Nafallo> why don't I just do the reconfig with vi then?
<ivoks> you can't
<ivoks> hehe
<ivoks> ok...
<ivoks> if you want to change something, for example volume label
<ivoks> you can change volume label for *new* volumes in config
<ivoks> but old volumes need name change to; this you can do only trough bconsole
<Nafallo> hmm. oki.
<ivoks> cause, you need to rewrite volume and update sql entries
<Nafallo> why is that? :-)
<Nafallo> ah. oki.
<ivoks> i know, you tought vi can do everything :)
<Nafallo> hehe
<ivoks> if you want, i could send you my config
<ivoks> with comments
<Nafallo> that would be kewl! thanks! nafallo@ubuntu.com :-)
<ivoks> expect it later today
<Nafallo> thanks :-)
<ivoks> cause i don't have time now to comment it :)
<Nafallo> hehe
<ivoks> and edit :)
<Nafallo> :-P
<stephanbuys> dendrobates, hi there
<dendrobates> stephanbuys: have you looked at the auth-client-config package that jdstrand created?
<stephanbuys> dendrobates, nope - not yet - wasn't aware of it
<dendrobates> stephanbuys: http://www.strandboge.com/software/auth-client-config/
<stephanbuys> dendrobates, cool - will check it out
<dendrobates> stephanbuys: It is a python script that configures pam.d and nssswitch.conf.
<stephanbuys> dendrobates, yeah - I saw the posting. forwarded it to my team and I will also have a look at it
<dendrobates> stephanbuys: what time zone are you in?  I want to schedule a meeting to discuss the spec, and all the packages and get agreement on how things should be done.
<stephanbuys> dendrobates,  GMT +2
<dendrobates> stephanbuys: BTW, debian has agreed to take our changes.  
<stephanbuys> dendrobates, thats great news
<stephanbuys> dendrobates, if this works well we can get use it in authtool
<stephanbuys> dendrobates, also, there was a query from the Google Summer of Code project that could perhaps do just that for us :-)
<dendrobates> that is my thought, I like the idea of the templates, admins could create and manage their own templates to easily configure many systems.
<stephanbuys> dendrobates, we implemented templates in authtool as it allowed us to have a predictable, known-to-work, set of configurations
<jdstrand> dendrobates: FYI: I put auth-client-config in launchpad at https://launchpad.net/auth-client-config
<jdstrand> it will just poll my website for updates for now
<jdstrand> no new changes yet
<dendrobates> jdstrand:  Cool, I am referring to it in my spec as well, because we need to get it into Gutsy. 
<jdstrand> yeah, I saw that.  great!
<stephanbuys> jdstrand, dendrobates : any plans to support winbind (or AD) authentication with this frontend?
<dendrobates> That is my plan.  But after gutsy.
<dendrobates> I am trying to take a bitesize portion. So we can be sure to get it done.
<jdstrand> stephanbuys: as far as auth-client-config is concerned, I just need appropriate nsswitch.conf and pam settings, and they can be added as one of the templates
<jdstrand> stephanbuys: but even if it is not included right away, auth-client-config will (todo) support pulling in settings from files in /etc/auth-client-config/profile.d, so authtool or whatever can just drop files in there
<jdstrand> stephanbuys: they will be automatically picked up at runtime
<stephanbuys> jdstrand, I have found the RedHat tool to be a good reference on how to do this in action: http://www.koders.com/python/fid6E833D2322AF4119AF8F430040C948D7CDC0C43D.aspx?s=authconfig
<stephanbuys> jdstrand, how about credential caching and offline usage?
<stephanbuys> jdstrand, we had to enable nss-updatedb to make sure ldap auth does not break when going home :-)
<stephanbuys> so unfortunately its not just as easy as setting nsswitch.conf and pam
<stephanbuys> bain, ^^^
<jdstrand> stephanbuys: auth-client-config really doesn't care about any of that.  It will have a database for settings for passwd, group and shadow for nsswitch, and auth, account, password and session in pam.  However Ubuntu or a sysadmin wants to configure the profiles is up to them.
<stephanbuys> jdstrand, ok - fair enough. authtool can help with that (it also has a command-line mode)
<jdstrand> auth-client-config will just provide a convenient way of maintaining a database and updating pam and nsswitch.conf, primarily for usage with debconf, but could apply to other situations
<stephanbuys> jdstrand, I see the potential of using auth-client-config as the config backend for authtool
<stephanbuys> jdstrand, we can then address the nuances like ccache, offline usage, etc through it
<jdstrand> stephanbuys: I thought it could be applied there as well-- then authtool can focus on the ui
<jdstrand> stephanbuys: and all that stuff you mentioned
<bain> stephanbuys: here 
<jdstrand> stephanbuys: it is one piece of a larger puzzle.  kindo of like update-inetd, but for nsswitch and pam
<stephanbuys> jdstrand, ok - agreed. and _extremely_ usefull
<dendrobates> I like the idea of pulling all config, including ccache and such out of any ui, and putting them in a separate package.
<stephanbuys> jdstrand, we can handle the different auth backends with authtool then
<stephanbuys> dendrobates, elaborate? (out of the authtool UI even?)
<dendrobates> A user might want the functionality but not the full authtool package. 
<stephanbuys> ok - so conceptually there is a dependency chain like this:
<jdstrand> stephanbuys, dendrobates: authtool can do that, and different packages like ldap-auth-config, kerberos-auth-config, winbind-auth-config, ad-auth-config, laptop-auth-config,... can pull in whatever packages they need, and use auth-client-config as part of there configuration
<stephanbuys> pam/nsswitch.conf/etc -> auth-client-config -> authtool
<jdstrand> s/there/their/
<dendrobates> It just seems like that functionality should be in auth-client config, but that is just my opinion.
<stephanbuys> jdstrand, In authtool we will then have a couple of backends defined, for example: Local Authentication, LDAP (or Ubuntu) Server, Active Directory, eDirectory
<stephanbuys> dendrobates, so enabling/disabling credential caching becomes a function of auth-client-config as well?
<jdstrand> stephanbuys: your dependency chain is looks good to my thinking, except I would do s/authtool/(authtool|ldap-auth-config|kerberos-auth-config|...)/
<dendrobates> since is is not specific to any one auth scheme, yes.
<stephanbuys> dendrobates, ok - agreed. also it is one of the really subtle pieces in pam and a nightmare for a first-time administrator to get right
<jdstrand> stephanbuys: as for the backend, auth-client-config only does nsswitch.conf and pam, so you can either give me your settings, or drop them into /etc/auth-client-config/profile.d (in 0.2)
<stephanbuys> (ccreds in pam)
<dendrobates> I also think those advanced features should be in the next release.  
<dendrobates> think about how much better we are making things already.
<stephanbuys> jdstrand, ok - how about: am/nsswitch.conf/etc -> auth-client-config -> ldap-auth-config|kerberos-auth-config -> authtool (for GUI)
<jdstrand> stephanbuys: have to talk to dendrobates about ldap-auth-config-- I think he will be doing debconf there?
<stephanbuys> dendrobates, jdstrand : a lot of debconf work has gone into authtool already, ajmitch envisioned using debconf where possible 
<dendrobates> jdstrand: just ldap specific debconf.
<stephanbuys> jdstrand, dendrobates : we even support dependency tracking and will install the missing auth debs if they are needed
<dendrobates> stephanbuys: we should use that in ldap-auth-config
<jdstrand> stephanbuys: just for clarity, ccreds and nss-updatedb settings in nsswitch.conf and pam is no problem.  It is just another profile type 
<stephanbuys> dendrobates, jdstrand : also authtool is great for doing things like automatic DNS discovery of the kerberos servers or LDAP lookup (in the Root DSE) of the base_dn on a LDAP server
<dendrobates> stephanbuys: great, that is something I really wanted, it gives us an advantage over the other distros.
<stephanbuys> I also envisage "zeroconf" enabling all of this in the end so that if a user has a Ubuntu server that is ready for LDAP auth on the LAN it will be automatically detected
<dendrobates> stephanbuys: that's my vision as well.
* stephanbuys loves it when a good plan comes together
<stephanbuys> dendrobates, will you drop me an email regarding the meeting you want to hold?
<jdstrand> stephanbuys: I think that with the use of profiles in auth-client-config, switching between them via zeroconf or even network-manager is possible
<dendrobates> stephanbuys: I plan on send out a request today.
<jdstrand> stephanbuys: would have to carefully think about whether that is desirable though
<stephanbuys> jdstrand, although it sounds simple we have found that in practice some things (like GDM) can be really pedantic about changes to nsswitch and pam
<jdstrand> stephanbuys: yes-- I have found that to be true too-- sometimes a restart of the system is in order (I think it has something to do with glibc, but...)
<jdstrand> stephanbuys: the idea was more to do it on boot, before gdm or anything.  But again, this is (way) down the road
<stephanbuys> jdstrand, exactly :-)
<stephanbuys> jdstrand, I think in practice users do not switch auth backends too frequently (it creates too much of a uid and gid mess), so we should be pretty isolated from that requirement for a while
<stephanbuys> jdstrand, dendrobates : ever consider OpenID as a potential auth backend?
<jdstrand> stephanbuys: agreed
<jdstrand> stephanbuys: no, but checking it out now
<dendrobates> stephanbuys: I thought openid was like ms passport.
<dendrobates> Ahh I get it.
<stephanbuys> dendrobates, its all about authentication, of course you might not "trust" all potential auth provides to log onto your work laptop (for example)
<stephanbuys> s/provides/providers/
<dendrobates> so you are saying sytem auth using openid?  Has this been done before?  What about nss?
<jdstrand> stephanbuys: the concept seems similar to kerberos
<stephanbuys> jdstrand, exactly, but potentially a 100 times easier to deploy :-)
<David_CDRJ> hi there
<stephanbuys> jdstrand, and "future proof" in a way
<stephanbuys> dendrobates, no, not as far as I know
<David_CDRJ> does anybody have problem with de e1000 module in ubuntu server 7.04
<dendrobates> David_CDRJ: Hi
<David_CDRJ> ?
* stephanbuys still gets nightmares thinking about GSSAPI and kerberos integration into all Ubuntu client apps
<jdstrand> stephanbuys: I know what you are saying, but with PAM, kerberos doesn't have to be a total nightmare.  Maybe just a bad dream.  :)
<stephanbuys> jdstrand, lol
<jdstrand> stephanbuys: really it is just finding the right combination of of ccreds, update-nss and kerberos.  That is what takes so long.  But with the work we are doing here, we should be able to take that pain away from users.
<David_CDRJ> i tried to update de module to the newest version bug every time i reboot the server the old one came back!
<stephanbuys> jdstrand, true, "Rome wasn't built in a day" seems appropriate
<jdstrand> stephanbuys: it seems openid does just the authentication.  So still need ldap for network authorization.  Am I understanding this correctly?
<stephanbuys> jdstrand, correct. OpenID is all about authentication. The "trust" of that authentication is then determined by the "service provider". which would then lead to authorization
<stephanbuys> jdstrand, for example, I would only "trust" OpenID authentication from "logon.mydomain.com" to authorize users to access work computers
<jdstrand> stephanbuys: I was thinking about uids and gids
<jdstrand> stephanbuys: the provider doesn't handle that does it?
<David_CDRJ> i guess my problem are a little less interesting that autentication...
<stephanbuys> jdstrand, ah - I see. 
<stephanbuys> jdstrand, theoretically it could 
<stephanbuys> jdstrand, OpenID should allow the user to easily select an identity with certain meta-data. That meta-data could of course provide uid and gid
<jdstrand> David_CDRJ: be patient-- people tend to check this less frequently than others.  For more immediate response, try #ubuntu
<stephanbuys> jdstrand, but to be honest I haven't thought that through yet =)
<David_CDRJ> jdstrand: thanks
* bain waves 
<stephanbuys> jdstrand, http://openid.net/specs.bml -> OpenID Attribute Exchange 1.0 - Draft 5
<jdstrand> stephanbuys: looking through that and some googling, seems very website-centric, though there http://code.google.com/p/pam-openid/
<stephanbuys> jdstrand, oh it is, still something to keep on the radar perhaps, and something to differentiate Ubuntu from other players. What I really like about it is that there are already loads of providers out there and that it seems very simple
<jdstrand> stephanbuys: yeah-- seems cool
<stephanbuys> jdstrand, dendrobates : I've got to run - good chatting to you. bye
<kshahnjd> I'm having trouble with the vsftpd configuration, I followed the ubuntu server guide precisely, I can log in, but when using my client (filezilla) I receive 'critical transfer error' when attempting transfer to /var/www
<kshahnjd> my home directory I receive the same error, but the transfer seems to work
<tck-afk> has Debian ever used chkconfig?
<tck-afk> or always used update-rc.d
<tck-afk> its ok, i found sysv-rc-conf -- looks nice
<ivoks> Nafallo: mail on its way
<kshahnjd> can someone recommend me something besides vsftpd? I am not having a good time using it
<Nafallo> kewl, thanks :-)
<Nafallo> kshahnjd: I would recommend vsftpd :-)
<kshahnjd> NO :(
<ivoks> kshahnjd: yes, vsftpd or noftp
<Nafallo> yes, I would :-)
<kshahnjd> I can't seem to figure out the permissions for the /var/www directory
<ivoks> what hard times?
<mralphabet> sftp!
<kshahnjd> i had my account join the www-data group
<kshahnjd> and.. still weird things are going down
<ivoks> like...?
<ivoks> joing user www-data group shouldn't have any effect :)
<kshahnjd> i still don't have permissions, I get errors, i chmod'ed a directory within /var/www
<kshahnjd> and using filezilla i still get 'crticial transfer errors'
<kshahnjd> but it appears to have uploaded successfully...
<kshahnjd> someone pointed me to what seemed to be an overly complex virtual user config.. I don't feel like it needed to be that complicated, i may be wrong
<kshahnjd> probably am
<ivoks> maybe it would be better for you and us if you would say what you want to achive, not how you are doing it
<ivoks> :)
<kshahnjd> he, sry, alright, so I have an account, my username, kshah, I want to be able to whatever I want to the /var/www directory and subdirectories
<kshahnjd> *to do whatever I want* as in, rwx, mkdir, deldir, etc
<ivoks> ok
<ivoks> this doesn't have anything to do with ftp
<ivoks> chown -R kshah /var/www/
<ivoks> and that's it
<kshahnjd> but doesn't that steal permission away from www-data ?
<ivoks> www-data doesn't have any permissions there
<kshahnjd> ?
<ivoks> only read
<ivoks> www-data can write only in /tmp and /var/tmp
<ivoks> like every other user
<kshahnjd> created by an app"
<ivoks> you *don't* want to chown /var/www to www-data
<kshahnjd> i see
<kshahnjd> so I can chown only for one user, what if there are multiple ftp users that should all be able to toy around with that /var/www dir?
<kshahnjd> should i then create a group which has permissions to it?
<ivoks> create group, chgrp that dir to that group, and make it writable for that group
<ivoks> don't make it writable for www-data, never!
<ivoks> only cache dirs and upload dirs
<kshahnjd> thats a security risk, right?
<ivoks> yes
<kshahnjd> so, lets say.. for instance i'm using drupal, a cms, which has certain files permissions set.. me changing owner will not effect that files permissions?
<kshahnjd> it will just override them for em?
<kshahnjd> *me?
<ivoks> phone, sec
<ivoks> back
<ivoks> where were we? :)
<ivoks> Nafallo: does it help?
<Nafallo> ivoks: wow. -dir is damn huge to get the mind around :-)
<Nafallo> and mine will probably be larger when I'm finished :-P
<ivoks> :)
<ivoks> right, every single thing is customisable
<ivoks> Nafallo: i have even bigger, but this one isn't for sharing :)
<Nafallo> :-P
<ivoks> includes couple of autochangers :)
<Nafallo> sarge. does that still have security support?
<Nafallo> hmm. seems like it.
<Nafallo> in -fd I just point to the director I just set up, right?
<Nafallo> yea. looks like it.
<ivoks> right
<Nafallo> hmm
<Nafallo> if I specify client in jobs instead of jobdefs I can have jobdef called servers with most other options included...
<ivoks> yes
<Nafallo> if I have options in JobDefs and specify other options that are already set in JobDefs in Jobs, which one will go though? :-)
<ivoks> :)
<ivoks> check out documentation :)
<Nafallo> hehe
<ivoks> JobDefs should be common settings
<Nafallo> yea
<Nafallo> so if I want to backup one host I do a JobDefs, two Jobs and two Schedulers then...
<Nafallo> I guess
<Nafallo> full daily and incremental from time to time :-P
<ivoks> no
<ivoks> one scheduler
<Nafallo> oh?
<ivoks> with couple of Run
<ivoks> Rub = Full sun at 22:00
<ivoks> Run = Incremental mon-sat at 22:00
<ivoks> for example
<ivoks> that's inside one schedule
<Nafallo> but if I want full backup every 12h and incremental every hour?
<Nafallo> hmm. oki
<ivoks> two jobdefs only if you include something else in full backup
<ivoks> but if fileset is the same, and only  diff is incremental/full
<ivoks> then one scheduler with two Run's
<ivoks> Runs
<Nafallo> so one of everything and two jobs :-P
<ivoks> no, one everything :)
<Nafallo> ehrm.
* Nafallo tries to wrap his head around it :-)
<ivoks> you can do with two schedulers, if you want, but it's not must have
<ivoks> :)
<Nafallo> so I don't need two Jobs for defining Level?
<ivoks> if you have a client
<ivoks> and file storage
<ivoks> then define one jobdefs, one job, one client, one storage
<ivoks> if you want to run daily incremental, and full on sunday
<ivoks> then one scheduler
<ivoks> with Run = Full mon-sat at 22:00
<ivoks> eerrrr
<Nafallo> I think I'm confused by Level then :-P
<Nafallo> what is that doing in JobDefs?
<ivoks> Level is default, but you can without it :)
<Nafallo> ah
<ivoks> let me check docs
<ivoks> :)
<ivoks> remove Level
<ivoks> you don't need it
<Nafallo> oki. thanks.
<ivoks> np
<Nafallo> this will take some time to get the mind around :-)
<Nafallo> damn. the standard JobDefs is used by some Catalogthingie :P
<ivoks> ?
<ivoks> ah, Catalog
<ivoks> yes, you need this
<Nafallo> I wonder what was in the standard JobDefs then :-P
<ivoks> it exports bacula's SQL into file and writes it to backup media
<ivoks> :))
<Nafallo> so I will need an -fd on localhost then=
<Nafallo> ?
<ivoks> yes
<Nafallo> *sigh* thanks
<Nafallo> to backup one host I need to backup two ;-)
<ivoks> you don't backup host
<ivoks> you backup bacula information
<ivoks> that way your backup host can fail and you'll be able to recreate everything
<Nafallo> yea, but need the daemon, so no real diff ;-)
<Nafallo> oh! both the default JobDefs and that CatalogJob has Level :-P
* Nafallo wonders why it even has a JobDefs specified.
<Innatech> Is there any compelling reason to use the 64bit LTS on Xeon servers?
<Innatech> or am I just asking for dependency problems?
<ivoks> i use 64bit on servers
<Innatech> do you have to symlink everything?
<Innatech> or do most 32 programs find the libs they need? 
<Innatech> *32bit
<ivoks> i don't use 32bit programs
<ivoks> on 64bit servers
<Innatech> ah.
<ivoks> if you need 32bit programs
<ivoks> use 32bit OS
<ivoks> unless your server has more than 4GB of RAM
<Innatech> I'm not entirely sure what I might need, eventually. Nah, not over 4GB yet. 
<Innatech> Probably safest to go with the regular 32bit x86 version for now. 
<Nafallo> 64-bit host with 32-bit VMs? :-)
<ivoks> Nafallo: LTS is in question :)
<ivoks> Nafallo: how's bacula coming along? :)
<Nafallo> dunno. confusing enough for me to leave it off and go fetch something to drink ;-)
<Nafallo> LTS can do XEN? I've seen tutorials.
<ivoks> yes, you are right
<Nafallo> we use openvz at work on LTS as well ;-)
<mathiaz> dendrobates: you were struggling with openssl licensing a couple of weeks ago.
<dendrobates> mathiaz: yes
<mathiaz> dendrobates: have you looked at yassl -  http://yassl.com/ ?
<mathiaz> dendrobates: that's what mysql is using.
<dendrobates> mathiz: hmm?
<mathiaz> dendrobates: I'm reading through mysql changelogs and they mention yassl
<dendrobates> mathiaz: I'll look at it.
<mathiaz> dendrobates: and some licensing issues. But I'm not sure how relevant this is to your openldap problem.
<dendrobates> mathiaz: It might be useful if openldap could successfully compile with it.
<mathiaz> dendrobates: they say that there is an openssl compability layer.
<mathiaz> dendrobates: and it seems that they've updated their license to cover the linking of third party software.
<dendrobates> mathiaz: gnutls has one as well, but it does not work with openldap.
<mathiaz> dendrobates: in this case, it was apache linked to mysql linked to yassl
<mathiaz> dendrobates: yeah I remember. Anyway, it may be worth to look at it. If it compiles, then I think, the licensing issue doesn't exist.
<asisak> ScottK: I started to work on lighttpd (again)
<ScottK> Great.
<asisak> ScottK: can you please help me if there is some SRU tutorial and / or what bugs qualify serious enough to be put back?
<ScottK> asisak: https://wiki.ubuntu.com/MOTU/SRU
<ScottK> Since lighttpd is in Universe.
<asisak> thanks... reading... 
<asisak> yeah, I know
<asisak> actually it was high time to do something universe-related since I want to become a MOTU :)
<ScottK> https://wiki.ubuntu.com/SecurityUpdateProcedures for security bugs.
<asisak> what does SRU exactly mean?
<asisak> security related update?
<ScottK> Stable Release Update
<asisak> I see
<ScottK> SRU is for serious, but non-security (e.g. crash/data loss/package not installable) fixes for released versions.
<pircjo1> I'm running UBUNTU 6.06 server and I have connected a windows network drive via cifs I am getting an intermittent error when I cp files to it "Bad file Descriptor"
<asisak> ScottK: I might get it wrong, but bug #127718 speaks about security fixes
<ubotu> Launchpad bug 127718 in lighttpd "lighttpd security fixes" [Low,In progress]  https://launchpad.net/bugs/127718
<ScottK> Yes.  You should use the security process for that one.
<asisak> hmmm
<pircjo1> Any advise on mounting a windows network drive?
<Innatech> So-- kernel panic trying to install LTS x86 on a dual core opteron. "MP-Bios bug : 8254 timer not connected to IO-APIC"  "Kernel panic -- not syncing: IO-APIC+ timer doesn't work! " 
<Innatech> apic=debug gives a little more information--mostly, that all of the workarounds failed. 
<Innatech> What do I lose if I use noapic? This is a server, with a 3ware RAID card. I don't want to cause interrupt problems. 
<ivoks> you already loose
<ivoks> with broken hardware
<ivoks> disable ioapic in bios if you can
<Innatech> It's a brand new Silicon Mechanics / Supermicro server. Tested out on CentOS5. If anything's broken, its the LTS kernel/distro/installer. 
<Innatech> I know how to work around it, I'm just trying to make sure that the workaround won't cause problems down the road. If I want to use a different distro, this is the time to decide. 
<ivoks> well, you've got message from kernel
<ivoks> IO-APIC doesn't work
<ivoks> so, disabling it wouldn't harm
<Innatech> Right. So--what do I lose by going with LTS w/o APIC -- versus, say, CentOS with it?
<ivoks> are you sure it is with it?
<Innatech> Yup. 
<ivoks> then report kernel bug if you have time
<Innatech> Yes. Great. But, meanwhile I have to do my job. I've never been able to figure out what the practical consequences of disabling APIC are. 
<ivoks> er...
<ivoks> APIC is for SMP machines
<Innatech> dual core.
<tck-afk> can the new landscape app install ubuntu onto remote machines a la windows SMS 
<ivoks> Innatech: disabling apic would mean disabling second core
<Innatech> >blink<
<Innatech> are you sure about that?
<Innatech> We're talking about APIC, not ACPI. 
<ivoks> http://wiki.linuxquestions.org/wiki/APIC
<Innatech> ah, nice. Thanks.
<ivoks> it is possible that CentOS is using UP kernel for installation (i'm not sure, but could be...)
<Innatech> Well, this is a tested CentOS install that Silicon Mechanics left on the system when they were done testing. 
<Innatech> It's not an installer. 
<Innatech> Still, I suppose I'll go ahead with the LTS install and see what happens. I don't really want CentOS on this box. 
<ivoks> try with nolacpi first
<ivoks> beh
<ivoks> nolapic
<Innatech> yeah, no lapic. 
<Innatech> that's an idea. 
<ivoks> something that works often for me is 'pci=nommconf'
<ivoks> this is when i get random lockups
<ivoks> not related to APIC, but wouldn't hurt to try...
<tck-afk> i would love to get my hands on this -> http://www.canonical.com/landscape
<ivoks> tck-afk: then wait just a bit more :)
<tck-afk> we will get the client
<tck-afk> the main package is for subscribers only
<ivoks> 'we'?
<tck-afk> users, clients
<ivoks> yes :)
<tck-afk> http://packages.ubuntu.com/feisty/admin/landscape-client : empty
<tck-afk> they are teasing us
<ivoks> that means it will be open source
<ivoks> so everybody could write their own server part
<tck-afk> well theres the client and the server side i guess
<ajmitch> ivoks: sure, though I'd say the server part is fairly complex
<ivoks> ajmitch: i guess it is, yes
<ajmitch> I'm glad there's at least something more than just rumours now 
<tck-afk> if it can do what Windows SMS or HP's radius does i'd be well impressed
<tck-afk> i wonder could it push down images 
<ivoks> images?
<ivoks> like network install?
<tck-afk> clients could pxe boot etc..
<tck-afk> yeah
<tck-afk> be wicked
<ivoks> you can do that already :)
<tck-afk> managed centrally ? 
<ivoks> you don't manage installation procedure, you start it and wait for it to finish
<tck-afk> i like the Semi-connected management:
<ivoks> without interaction
<tck-afk> i wonder how many in-house developers they have coding all this stuff
<Innatech> Yay! nolapic works. So, what's the difference between noapic and nolapic?
<tck-afk> they certainly churn out alot of slick apps and tools
<ivoks> Innatech: Local APIC interrupts
<Innatech> yeah, I get that. So what's the difference between APIC and local APIC?
<ivoks> http://en.wikipedia.org/wiki/Intel_APIC_Architecture#Local_APICs
<ivoks> lapic is part of apic
<Innatech> hmm. Interesting. 
<ivoks> tck-afk: anyway, i would love to see landscape too :/
<ivoks> i guess it will be expanded RHN :)
<tck-afk> having used windows SMS on my last contract
<tck-afk> it could really change how businesses look at a large scale rollout
<tck-afk> to use HP's radia (http://support.openview.hp.com/radia.jsp) is over 100,000 euro
<tck-afk> afaik M$ give SMS (Systems Management Server) away for free
<ivoks> 'night all
<coNP> ScottK: debian seem to have fixed these issues
<coNP> some of the at least
<ScottK> coNP: For lighttpd?  We need to patch the released versions in Ubuntu, not bring in new Debian versions.
<coNP> sure, but neither debian will bring in new versions to fix security issue
<coNP> s
<coNP> but I am too sleepy to investigate this any more
<coNP> security things are hard
<coNP> see you
<ScottK> OK.  
<Innatech> I have an Intel dual PT/1000 NIC (PCI-E) in my router. A couple days ago, LTS was happily recognizing it, although I had to shove it's PCI ID into /sys/.../new_id for it to be recognized. However, since then the devices it's assigned to seem to change mysteriously--first it was eth3 & eth4 (which made sense as 0, 1 & 2 are on the motherboard.) However, now they show up as eth3 & eth5 (which doesn't make much sense) -- and neith
<Innatech> er one of them seems to detect a link. How do I troubleshoot this? One thing I noticed is that lsmod doesn't show any active use of e1000 -- but ethtool says that they're using e1000. 
#ubuntu-server 2007-07-25
<Innatech> ScottK: I just did apt-get install ifrename -- and apt-get removed udev, ubuntu-minimal and some other packages --WITHOUT WARNING.  Ever seen that before?
<ScottK> I've seen it with aptitude, but not apt.
<Innatech> ScottK: http://www.pastebin.ca/632533
<Innatech> kinda scary. 
<ScottK> I'd suggest looking at the package dependencies and then filing a bug against apt or ifrename depending.
<infinity> Err, that's not a bug.
<infinity> In anything.
<infinity> You need to look at apt-get's output before you blindly answer "yes, I'd love to do that".
<infinity> ifrename correctly conflicts with udev (actually, it's the other way around, i think, but whatever)
<ScottK> OK.
<lcdd> googling for "apt-get -y" ubuntu
<lcdd> ...reveals a ton of guides using that option
<infinity> Yeah, cause "-y" is such a brilliant idea.
<Innatech> I did't force it. 
<lcdd> i'd like to have a chat with whoever started that
<Innatech> plain old apt-get install. 
<Innatech> It didn't warn me. Period. 
<Innatech> I'll try and revert it and then reproduce it w/a typescript. 
<infinity> Innatech: Then it must have stopped and said "new packages installed: ifrename, packages removed: udev, etc, etc, etc" and given you a [Y/n]  prompt.
<Innatech> nope.
<Innatech> If it had, I wouldn't have said anything.
<soren> infinity: 
<soren> whoops
<Innatech> Indicated no packages to remove, then apparently removed a lot of my system.
<infinity> Yeah, I see no way apt could do that wihout a mangled config, or piping "yes" to it...
<Innatech> Me neither. Yet...
<soren> infinity: Dapper used ifrename from udev, didn't it?
<infinity> soren: Don't recall when udev starting doing ifrenaming on its own.
<soren> infinity: Feisty, I think.
<soren> infinity: and Innatech specifically said LTS..
<ajmitch> morning
<Innatech> Can I just slap ubuntu-minimal ubuntu-common mdadm and lvm2 back on there or am I in for a reinstall? 
<infinity> soren: Yeah, he's using dapper.  They pretty obviously conflict.
<infinity> adconrad@terranova:~$ apt-cache show udev | grep ^Conflicts
<infinity> Conflicts: hotplug, ifrename
<infinity> And that's just fine.
<infinity> What's not fine is the behaviour he saw from apt, which I've never seen in my life.
<infinity> Innatech: Is it possible you just stuttered on the enter key? :)
<Innatech> well, I'm going to try restoring what dkpg shows was removed. We'll see what happens. 
<Innatech> infinity: Occams razor demands I consider it, but I swear it showed 0 packages to remove. 
<soren> infinity: I'm clearly an idiot. If udev needed ifrename to do interface renaming... Why would they conflict?
<infinity> soren: It doesn't.
<infinity> soren: It does it on its own, hence the conflict.
<infinity> soren: For non-udev systems, you need ifrename to do the same job.
<soren> infinity: Didn't we just agree that that was only the way it has been done since Feisty?
<infinity> soren: You agreed to that, I went to check for myself. :P
<Innatech> OK. This router was softRAIDed....I'm going to reboot it. We'll see what happens.....
<soren> infinity: Ok... We agreed that something had changed at some point. :)
<soren> infinity: Maybe I'm just thinking of the net-persistent-rules blah vs. iftab.
<ajmitch> most likely, that was recent
<soren> Yeah, feisty for sure.
<Innatech> is that "blah" you mentioned a way for me to prevent device assignments from changing w/o using ifrename and iftab?
<soren> infinity: What's the problem with using iftab?
<soren> Innatech: ^^
<infinity> Innatech: udev should handle iftab on its own, you don't need ifrename if you're using udev.  That's why they conflict.
<Innatech> OK..well on this reboot, eth3 and eth5 (which on the prior boot were eth3 and eth4) are now eth5 and eth6. WTF?! (at least it came back up, I guess...)
<Innatech> I scared to test apt-get now. Heh. 
<Innatech> *I'm
<soren> Innatech: And what's in iftab?
<Innatech> lemme see. 
<Innatech> soren: just eth0. >headsmack<
<Innatech> And on reboot, the link came up on one of the NICs ports---the lack of which is what got me into this in the first place. 
<Innatech> Will apt-get output show up in a typescript?
<infinity> Should do.
<Innatech> alright, then. Let me see if I can reproduce this before I get too much further into troubleshooting my actual problem.
<Innatech> OK--nevermind. I need to beat the crap out of my part-time "help."  Someone made a naughty alias. 
<Innatech> >:( 
<infinity> Ah-ha.
<Innatech> yeah. 
<ajmitch> oops
<Innatech> probably was supposed to be temporary. Still terminally stupid. 
<Innatech> amazingly, everything seems fine. That's fairly cool. It's not everyday I manage to rip out some of the core of a distro, plop it back in and have smooth sailing.....
<infinity> If it was core, it would have screamed louder. :)
<infinity> You didn't take out anything that was Essential or Required, just some nice-to-haves.
<Innatech> ubuntu-standard and ubuntu-minimal *sounded* important. 
<Innatech> and seeing LVM2 and mdadm vanish scared me. But, alls well that ends well.
<Innatech> (I'm still not sure what LVM2 and mdadm have to do w/ifrename.....but I probably don't really need to know. )
<soren> Innatech: Because ifrename conflicts with udev on which mdadm and lvm2 depend.
<Innatech> ooh. Of course.
<Innatech> OK, so--back on the dual core Opteron -- LTS server installer is hanging after HW detection. (After it prompts for hostname and HTTP proxy.) It seems like this server really doesn't want to run Dapper. Are there steps I can take to gather useful information for maintainers? (I have tried  both "nolapic" and "noapic nolapic" .)
<infinity> We run edgy on our dual-core machines in the Canonical datacentre.
<Innatech> I can do that if neccessary--I'd rather not proliferate platforms, though. I've been using Dapper almost everywhere, and CentOS5 where I can't user Dapper. I'm really over the RHEL environment, though. I'm much happier in Ubuntu/Debian land. 
<Innatech> Anyway, I was just wondering if there's anything useful I can do at this point in terms of gathering information useful to the Dapper team. 
<Innatech> can I exit the installer and look for a log in the ramdisk somewhere? 
<Shaddox> Hi everyone.
<Shaddox> What is the best FTP server to install on a server using Ubuntu?
<Shaddox> What is most common, rather.
<Nafallo> vsftpd
<Shaddox> Ah.
<Shaddox> Er, though I'm not sure if I can get -any- FTPD to work.
<Shaddox> I have all my webhosting stuff on a seperate partition, mounted at /www, and want to be able to make /www/usr/<username> for users to have their hosting, and have FTP access for it.
<Shaddox> Someone told me vsftpd wouldn't work for that, cause it doesn't follow mounts.
<Shaddox> Ah, screw it. Only one way to find out.
<Nafallo> I do what Shaddox probably wants :-)
<Innatech> how can I make the installer give me a shell when it gets caught waiting eternally for something?
<Nafallo> alt+f2?
<Innatech> yeah...it really is locked up, then. Oh well.
<Innatech> OK..I got into the syslog. It's hanging because partman can't find any volumes. This server has a mess of drives hanging off of a 3ware card. Do I need to use the alternative installer? 
<Nafallo> gnight
<Innatech> night!
<ScottK> Innatech: That's what I'd do.  I've never had much luck with the primary one.
<Innatech> Great. Thanks. 
<ryanakca> ScottK: oh fun :) eGroupware decided to split eGroupWare (wich contained both eGroupWare & eGroupWare-egw-pear) into two seperate .tar.gz. Is there any way to figure out the depends of egroupware-egw-pear if in the egroupware debian/control there is:
<ryanakca> Depends: egroupware-core (= ${Source-Version})
<ryanakca> I suppose I can just use that in the -egw-pear package? or do I have to go egroupware-core (>= 1.4.001)
<ScottK> The upstream INSTALL file usually tells you about required stuff.
* ryanakca nods
<ryanakca> and... it's a circular depends
<ScottK> For example the -pear package probably depends on a pear DB that core doesn't
<ScottK> Right.  Can't have that
<ryanakca> egroupware-core depends on egroupware-egw-pear, and vice-versa
<ryanakca> at least from I see
<ScottK> Can't have that.  You need to pick one.
* ryanakca nods
<ScottK> Is egroupware main or universe?
<ryanakca> -core is probably more important, and let's ditch the -egw-pear
<ryanakca> universe
<ryanakca> ScottK: hmmm. I guess we'll just sync. Debian already took care of it without me.
<ryanakca> that or merge
* ryanakca points to http://packages.debian.org/experimental/web/egroupware
<ScottK> ryanakca: The Australia/MZ contingent is wide awake in #ubuntu-motu.  They understand this stuff way better than me
* ryanakca nods
* ScottK notes one should proceed with caution syncing from experimental.  Stuff IME is there for a reason.
<ryanakca> ok
<totalnewbie> hello 
<totalnewbie> anybody have some time?
<totalnewbie> :)
<totalnewbie> can anybody teach me how to create a server?
<Dessan> totalnewbie, A server for what? 
<Innatech> motu = ? 
<Innatech> aside from Mark of the Unicorn? 
<soren> Innatech_away: MOTU == Masters Of The Universe. The team of developers who look after the universe component in Ubuntu.
<ivoks> amm...
<ivoks> i'm looking at the bug 81242
<ubotu> Launchpad bug 81242 in postfix "postfix-ldap is linked against gnuTLS" [Medium,Triaged]  https://launchpad.net/bugs/81242
<totalnewbie> #ubuntu
<ivoks> should we build postfix against both gnutls and openssl?
<soren> ivoks: Nah. Why would we?
<ivoks> well, postfix is atm
<ivoks> that creates problems with ldap
<ivoks> which is build against openssl
<ivoks> (which is ilegal btw :)
<soren> ivoks: Why?
<soren> ivoks: postfix is not GPL, is it?
<ivoks> i was refering to openldap
<ivoks> but it also isn't gpl
<soren> Oh, right. Didn't notice.
<ivoks> so, dump gnutls?
<ivoks> :)
<soren> ivoks: Hang on. You say ldap is built against openssl and postfix is built against.. what?
<ivoks> both :)
<ivoks> postfix against openssl, and postfix-tls against gnutls :)
<ivoks> pardon
<ivoks> postfix-ldap
<ivoks> check out ldd /usr/lib/postfix/dict_ldap.so
<soren> Welll, in a perfect world, we'd make postfix use gnutls, but I have a feeling that's not very easy to do (otherwise someone would probably have done it already).
<ivoks> and ldd /usr/sbin/postfix
<soren> I haven't got postfix-ldap installed.
<ivoks> eh, anyway:
<ivoks> libgnutls.so.13 => /usr/lib/libgnutls.so.13
<ivoks> and:
<ivoks> libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8
<ivoks> but ldd slapd:
<ivoks> libssl only
<soren> So slapd uses openssl, postfix-ldap uses gnutls, and postfix uses openssl? That's pretty crackful.
<ivoks> yeah :/
<stephanbuys> what is the reason for resistance to openssl (as opposed to gnutls?)
<ivoks> license
<soren> evil!
<stephanbuys> ah
<ivoks> stephanbuys: http://www.gnome.org/~markmc/openssl-and-the-gpl.html
<stephanbuys> there's been some interest from the Google SoC project to have LDAP-out-of-the-box (https://wiki.ubuntu.com/GoogleSoC2007) - according to Rick these library issues are also holding up the inclusion of OpenLDAP 2.3?
<ivoks> the thing is that openssl devs don't nag about breaking their license
<ivoks> but that could always change
<ivoks> and the problem is that openssl has better performance than gnutls
<stephanbuys> ivoks, having glanced over that page it seems like a shame. as you said, performance and maturity...
<ivoks> yeah, stupid 'we did this' caluse
<ivoks> that destroyed xfree too :)
<stephanbuys> ah - but it destroyed Xfree when they tried to go that route didn't it? on the other hand openssl has basically been prolific for ages...
<ivoks> there wasn't any substitute for it... now there are mozilla's nsss and gnutls
<soren> Weird. When I build postfix on my build server, it doesn't pull in libgnutls13..
<ivoks> but, with worse performance
<ivoks> soren: true and it shouldn't
<ivoks> but the binary we ship is build with it...
<soren> http://launchpadlibrarian.net/8170757/buildlog_ubuntu-gutsy-i386.postfix_2.4.3-1ubuntu1_FULLYBUILT.txt.gz
<soren> Our buildd's pull in libgnutls13 when they build postfix.
<soren> if they didn't it couldn't be linked against it.
<ivoks> i just builded postfix-ldap, so i'll check it out
<ivoks> heh... i don't get it...
<ivoks>  libgnutls.so.13 => /usr/lib/libgnutls.so.13
<ivoks> and no gnutls-dev package...
<soren> ivoks: In a pbuilder?
<ivoks> no :/
<ivoks> i have to do it in pubilder too
<ivoks> i just didn't set it up yet :/
<soren> I've just done it in an sbuild. Hang on.
<soren> wtf..
<soren>         libgnutls.so.13 => /usr/lib/libgnutls.so.13 (0x00002af524b6a000)
<ivoks> cute :)
<soren> Aw, crap.
<soren> Priority: important
<ivoks> gnutls? doh...
<soren> ...but that's not why.
<soren> libldap2-dev -> libldap2 -> libgnutls13.
<ivoks> hehe
<ivoks> and slapd depends on libssl
<ivoks> very nice... incompatibile openldap and it's tools
<ivoks> that could be a reason why connecting to ldaps doesn't work with most of the tools
* Starting logfile irclogs/ubuntu-server.log
<ryanakca> ScottK: hmm. From the marketting view, would we be better of installing the server as gutsy or feisty?
<mralphabet> there's a view other then the functional view?
<ryanakca> mralphabet: hehe, well, I'm setting up an eGroupWare server for Kubuntu Devel, and the plan is to also market it as "Look at the synergy between Kubuntu Gutsy and Ubuntu Server. You can set up a collaboration server and then easily access it threw Kubuntu's KDE-PIM suite."
<ryanakca> That type of thing, to get more enterprises using Kubuntu & Ubuntu Server
<ScottK> ryanakca: I think Gutsy.
<ryanakca> yeah, and that way I wouldn't have to get it backported to Feisty :) Thanks
<ryanakca> Now I just have to figure out why it's in experimental (changelog doesn't say, it just went experimental after a new release)
<ScottK> You might e-mail the maintainer.
* ryanakca nods
<tck-afk> qustion peeps
<tck-afk> the default command line mail program
<tck-afk> is that called mailx
<tck-afk> and is it similar to the one part of mailutils program?
<mralphabet> http://packages.ubuntu.com/feisty/mail/mailx
<tck-afk> yes ive installed that
<tck-afk> the package in mailutils is called mail though
<tck-afk> what is the diff. between mail and mailx ?
<tck-afk> http://packages.ubuntu.com/feisty/mail/mailutils
<tck-afk> ok have it
<tck-afk> mailx is a sym link to mail
<tck-afk> the GNU mailutils has some nice features in it, i might get that instead
#ubuntu-server 2008-07-21
<bitsbam_> hey  there all
<Kludge^WalesUK> hi bitsbam_, what you need? :)
<bitsbam_> i was needing some tips on mysql performance, i have indexes, etc.. but i am not using much RAM like i would like
<bitsbam_> i have 16 GB RAM and i am only using a bit less thank a gig
<uvirtbot> New bug: #250354 in mysql-dfsg-5.0 (main) "MySQL doesn't accept non-real dates on stored procedure calls" [Undecided,New] https://launchpad.net/bugs/250354
<dbbolton> i am having trouble getting X to start
<dbbolton> here is the output of startx http://pastebin.us/?show=d4464addf
<Kamping_Kaiser> try #ubuntu :)
<dbbolton> <Kamping_Kaiser> they told me to try here
<dbbolton> <Kamping_Kaiser> i'm running ubuntu server 8.04
<Kamping_Kaiser> dbbolton, doesnt sound like a server problem to me.
<dbbolton> so this channel is for problems relating to server stuff, not just problems that arise on ubuntu server?
<Kamping_Kaiser> Xorg isnt a server thing. its a desktop thing. IMNSHO of coure.
 * azteech1 agrees with kamping_Kiser
<dbbolton> i think the people in #ubuntu just sent me here because they have no idea why it isn't working
<dbbolton> x has failed on arch, debian lenny, and now ubuntu server. oddly enough it worked fine on debian etch though.
<azteech1> dbbolton: there could be any number of things which could cause Xorg to not function right - best place to start is on the Ubuntuforums.org web site .... do a search for Xorg there and go from there
<azteech1> also, you can post your problem there, and be patient. Someone shall respond with either questions, or additional input
<dbbolton> azteech1 well i really don't want to ask in this channel if the question isn't relevant
<dbbolton> thanks anyway
<DMsG_> hi guys
<DMsG_> ist der any possibility to run jdk1.6 at a V100 with 8.04?
<DMsG_> (8.04 still run at the v100, but theres no jdk avaiable)
<_ruben> DMsG_: its in the multiverse repo
<DMsG_> _ruben, i become the message "Package openjdk-6-jdk is not available, but is referred to by another package.
<DMsG_> This may mean that the package is missing, has been obsoleted, or
<DMsG_> is only available from another source
<DMsG_> "
<DMsG_> and mulitverse is enabled
<uvirtbot> New bug: #250459 in net-snmp (main) "Example in snmpcmd man page shows wrong parameter" [Undecided,New] https://launchpad.net/bugs/250459
<_ruben> DMsG_: i was looking at the sun one
<DMsG_> fuck - it seems that there ist no jdk for sparc available. Now i habe a big problem ;)
<_ruben> download from sun.com?
<DMsG_> It issent available at sun.com
<DMsG_> it doesnt't exsit i think
<Deeps> lol wut
<Deeps> sun not supporting java on sparc? lol
<kraut> moin
<DMsG_> Deeps, jdk @ linux @ sparc
<Deeps> oh, linux sparc
<Deeps> i see
<Deeps> still thats pretty piss poor
<Deeps> although most sparc users will be using solaris i guess
<DMsG_> yes sure
<DMsG_> but we have the 2 old v100 for a testing enviroment. So i decided to use linux. Its no productive thing
<Deeps> fair enough
<uvirtbot> New bug: #250465 in openldap2.3 (main) "CVE-2008-2952: BER Decoding Remote DoS Vulnerability" [Undecided,New] https://launchpad.net/bugs/250465
<nandersson> Idea: Hook up the huge Ubuntu bzr-repository (when all those 16 000 projects are imported) to the EU-sponsored project SQO-OSS (Software Quality Observatory for Open Source Software) http://www.sqo-oss.org/xwiki/bin/view/About/Screenshots
<RockHound> hi everyone ... I am looking to find an little bit more up to date version of dovecot. according to bug report #189616, there was version 1.0.13 copied to hardy-updates ... I can not seem to find it though. Did I overlook something?
<ivoks> i don't belive it's in updates
<ivoks> maybe in -backports
<ivoks> but... there's nowhere to backport from :D
<ivoks> bug 189616
<uvirtbot> Launchpad bug 189616 in dovecot "[SRU] connection problems under load with hardy dovecot" [Medium,Fix released] https://launchpad.net/bugs/189616
<RockHound> ivoks: have backports enabled aswell
<ivoks> 1.0.13 was uploaded to intrepid
<RockHound> and according to Martin Pitts post to hardy-updates
<ivoks> no, not 1.0.13
<ivoks> but a patch for 1.0.10
<RockHound> ahh ... see that is what I missed ;-)
<ivoks> actually, this isn't a bug in 1.0.10
<ivoks> it's just a note in syslog that user has reached it's limit and should adopt configuration
<ivoks> that's:
<ivoks> 1.0.10-1ubuntu5.1
<RockHound> would security fixes as those addressed by 1.0.13 get put in backports by any chance? as 1.0.10 seems really old fo me ...
<RockHound> since it is universe, I guess not
<ivoks> universe? dovecot?
<RockHound> no? where do I have my head today
<ivoks> we backport security fixes from newer versions
<RockHound> k
<zul> morning
<ivoks> zul: i attached a diff that fixes a 'postgres' problem in bacula, in -proposed
<ivoks> i also have two pathces, one for apache and one for dovecot, if you would like to review them (part of sslv2 migration)
<zul> ivoks: cool Ill take a look today
<Blinny> ï»¿I'm having a problem with different services repeatedly crashing on my updated Hardy Heron server - services including ssh, imap and samba. The processes are then defunct, which stinks because I can't remotely reboot the server (processes will never die on shutdown -r).  I filed a bug against the kernel a few weeks ago, but I think this isn't correct, as I have received _no_ response. Any ideas? (the bug report is here: https://bugs.launchp
<ivoks> you got cut off
<Blinny> ï»¿I filed a bug against the kernel a few weeks ago, but I think this isn't correct, as I have received _no_ response. Any ideas? (the bug report is here: https://bugs.launchpad.net/bugs/242804)
<uvirtbot> Launchpad bug 242804 in linux "Ubuntu Server x64 Kernel Oops - Random services tainted" [Undecided,New]
<ivoks> you didn't report the bug against the kernel
<ivoks> that's why it didn't got attention
<Blinny> Should I file against Ubuntu kernel or upstream?
<ivoks> i've changed it
<ivoks> oh, sorry, you reported it correctly
<ivoks> how much RAM do you have?
<Blinny> The bummer is it's been almost a full month since original reporting. I can only assume that this is something specific to my setup, otherwise I think I would have seen others' contributions to the bug.
<ivoks> there's one constant thing in your attachments
<ivoks> and that's zlib
<Blinny> *Nod* I noticed that too.
<ivoks> wild gues
<Blinny> There is a low-level hook that uses zlib: ipsec
<ivoks> apt-get --reinstall install zlib1g
<sommer> happy monday all
<Blinny> I could take compression out of the ipsec configuration and see if that helps.
<ivoks> sommer: hi
<ivoks> Blinny: try that
<Blinny> ivoks: I did the reinstall of zlib.
<ivoks> Blinny: you should reboot after reinstallation of zlib
<Blinny> ivoks: Will it hurt to wait until tomorrow? I have users already online - this is an LTSP server.
<ivoks> well, almost all of services depend on zlib
<ivoks> if you change it, it might produce problems to services
<ivoks> it won't kill you if you wait for tomorrow :)
<Blinny> Thanks ivoks
<Blinny> Googling around I also found this:  http://www.ussg.iu.edu/hypermail/linux/kernel/0802.2/2935.html   --  related to zlib deflate & ipsec w/ kernel Oopses
<Blinny> ivoks: Ok. Tough to the users. I will reboot anyway.
<Blinny> BRB.
<ivoks> it might not solve your problem
<ivoks> well, almost 3PM; time to move to the beach...
<Blinny> Why would one of my ethernet cards not come back on a reboot?
<Blinny> eth0: ERROR while getting interface flags: No such device
<soren> lamont: You probably know this... I want to autogenerate parts of a dhcp3-server's configuration. I can't seem to find neither a conf.d sort of thing, nor an "include" directive. Is there a way to do this already, or should I be writing a patch to support one of those things?
<soren> Blinny: Hardware failure?
<Blinny> soren: but was just fine before reboot
<Blinny> Hrm.
<soren> Physical or virtual hardware?
<Blinny> Physical
<Blinny> BRB. Going to server room.
<Blinny> Fun.
<soren> Dunno then. Do you mysteriously have a new eth<some number> that you didn't before?
<soren> rude
<soren> lamont: Err.. The *real* problem seems to be my lack of ability to read. Forget that I asked. Please.
<lamont> soren: heh
<lamont> and yeah, "include" :-)
<soren> Come on, I said "please" and everything! :)
<uvirtbot> New bug: #231199 in openvpn (universe) "revoke-full fails" [Low,Confirmed] https://launchpad.net/bugs/231199
<Blinny> eth0 came back on a reboot. W-e-r-d weird.
<fwest> is the apache2-ssl-certificate bug going to be fixed?
<soren> Which bug is that?
<fwest> the one where its missing
<soren> fwest: This can go two ways: You either be more specific and tell me what the problem is (preferably referring to a bug on launchpad) so that I might actually help you or you don't and I won't.
<Deeps> i pick the latter
<lukehasnoname> fwest: Don't mess with the soren
<soren> It really is hard to be helpful when approached with that kind of attitude.
<soren> fwest: Look, Apache and SSL works great for loads of people. I can't (and won't try to) guess what your problem is, if you're not going to be helpful yourself.
<Deeps> lol, having a bad day?
<soren> I wasn't until about 10 minutes ago.
<lukehasnoname> I need help with the bug that is messing up my desktop, what's the problem?
<soren> You're using a desktop.
<fwest> i can generate a cert, but i just found it easier to use the tool
<soren> Oh, "the tool".
<zul> mathiaz: ping ill merge the samba-3.2 this afternoon
<mathiaz> zul: great
<Deeps> lukehasnoname: chances are you're not using xp on your desktop, which is your first problem ;)
<mathiaz> fwest: The issue has been fixed in intrepid
<mathiaz> fwest: apache2 in intrepid should come with a default ssl configuration
<fwest> i guess not going to be updated into hardy?
<mathiaz> fwest: at least the problem was fixed in debian - we just have to merge it
<fwest> ah
<mathiaz> fwest: no
<fwest> so much for LTS i guess
<soren> fwest: Dude..
<soren> fwest: What do you think "LTS" means?
<fwest> well, not that same thing it means here
<Deeps> to be fair, he might have a point
<Deeps> but then it does largely depend on what the definition of "support" is
<soren> he might. With the verbosity he's exhibiting, it's hard to tell.
<jmazaredo> do server edition of ubuntu has physical volume for RAID option?
<soren> fwest: I can tell you this much: One thing LTS does *not* mean is that we'll break people's working setups to make unhelpful irc users life easier.
<uvirtbot> New bug: #226185 in openvpn (universe) "update-resolv-conf script does not restore old values" [Undecided,Invalid] https://launchpad.net/bugs/226185
<fwest> so the missing tool will break people's setup?
<soren> fwest: I wouldn't know. You *still* haven't told me what "the tool" is.
 * Deeps gives soren a hug
<fwest> [14:36] <fwest> is the apache2-ssl-certificate bug going to be fixed?
<soren> 13:37:12 < soren> Which bug is that?
<fwest> its missing
<soren> 13:41:34 < soren> fwest: This can go two ways: You either be more specific and tell me what the problem is (preferably referring to  a bug on launchpad) so that I might actually help you or you don't and I won't.
<Deeps> fwest: i think you need to explain what the package is and what the bug is
<soren> 13:46:26 < soren> fwest: Look, Apache and SSL works great for loads of people. I can't (and won't try to) guess what your problem  is, if you're not going to be helpful yourself.
<fwest> [14:37] <fwest> the one where its missing
<Deeps> and not just expect soren to know what it is
<Deeps> due to the hundreds of thousands of packages and bugs, not everyones an expert in every single field
<Deeps> !info apache2-ssl-certificate
<fwest> ok let me rephrase, apache2-ssl-certificate is missing
<ubottu> Package apache2-ssl-certificate does not exist in hardy
<fwest> its no a package
<Deeps> what is it, what does it do, why should anyone care?
<Deeps> and link to the launchpad bug would be very useful
<fwest> generates ssl certs
<soren> And what do you think ssl-cert does?
<fwest> https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/77675
<uvirtbot> Launchpad bug 77675 in apache2 "[regression] apache2-ssl-certificate has gone missing since feisty" [Wishlist,Fix released]
<soren> fwest: Have you read the comments on that bug?
<soren> Or just the title?
<fwest> and i wondered if it would be in hardy
<fwest> but i guess not
<soren> Fine. Forget it.
<Deeps> haha, i see you're in that bug
<Deeps> i was gonna ask what the rationale is to keep ssl-cert out, and then i just saw "* Disable ssl-cert until it sucks less. related to 230791"
<Deeps> but then if the issue regarding all of this has been fixed for intrepid, why not backport the relevant changes to hardy too?
<soren> From what I can see, what has changed in Intrepid is the addition of an SSL VirtualHost by default.
<soren> Making such changes in a stable release is very, *very* hard to do in a way that will not interfere with existing setups.
<Deeps> fair enough
<soren> Note that "existing setups" is not just existing installations of Hardy, but also automated scripts that install a fresh Hardy system and then runs some stuff to set the system up according to the site's policies.
<soren> If 000-default suddenly defines a *:443 virtualhost, the SSL virtualhost that people used to have in 001-local.conf (or whatever) will suddenly no longer work.
<Deeps> yep
<soren> So please spare me the "so much for LTS" crap.
<lukehasnoname> so much for LTS
<lukehasnoname> I'm not spearing Deeps
<lukehasnoname> *sparing
<soren> This is what LTS is all about: If I have something that works, it will *keep* *working*.
<fwest> you are entirely right, i found the web site definition of LTS
<fwest> just security updates
 * soren wonders where it says that
<fwest> http://www.ubuntu.com/products/whatisubuntu
<fwest> its in bold
<CrummyGummy> Hi all, one of our Ubuntu servers stopped reponding to networking for a while this morning. One of the guys touched the keyboard and it started to respond. Something like a screen-saver effect although there is no such thing installed (not even a GUI). Any one else seen this?
<lukehasnoname> CrummyGummy: Was the computer asleep?
 * soren sighs
<veNom_bz> haha
<soren> fwest: Where exactly does it say "just"?
<fwest> it doesn't say anything else
<soren> fwest: Or "only" or any other synomyn thereof.
<CrummyGummy> lukehasnoname:  seemed to be.... Not by planning though.
<CrummyGummy> Is should always be up.
<soren> CrummyGummy: I've seen it happen in a virtual machine, but not on real hardware.
<soren> Anything of interest in dmesg?
<soren> fwest: You'll have to forgive our evident inability to convey *every* *single* characteristic of Ubuntu in 7 short paragraphs.
<veNom_bz> CrummyGummy, what hardware are you on? the system at the hardware level may have switched off your nic...
<fwest> soren: well I am just trying to understand what to expect
<soren> fwest: I recommend looking stuff up (and reading what it says) and then asking, if stuff is still unclear.
<fwest> so where is the complete definition of what LTS means
<_ruben> strange . fresh install of ubuntu server 7.10 x86_64 .. machine has 6GB ram, yet `free` only shows me 4 ..
<gctaylor> Hi, is JeOS recommended if I -don't- want to distribute virtual appliances?  Just run my own VMs.  Like win and/or Linux flavors on vmware server.
<CrummyGummy> Some sort of generic AMD server. I think its a MSI board.
<lukehasnoname> fwest: Not just security updates, but focused on that
<lukehasnoname> bug updates, as well
<CrummyGummy> I haven't seen this sort of thing before upgrading to Hardy.
<soren> fwest: No such definition exists, as far as I know.
<CrummyGummy> Thats why I was wondering if there might be something new ther.
<soren> fwest: Other than:
<lukehasnoname> fwest: but major revisions and new features are not arbitrarily added
<soren> It will be supported for 3 years on the desktop and 5 years on the server.
<fwest> lukehasnoname: what about missing one, tools that were there
<lukehasnoname> :s
<fwest> its not clear what supported means,
<veNom_bz> CrummyGummy, i've never encoutered such a thing and i've been using hardy server since release (in a situation where it would sit for days) look at your hardware if this problem presists
<soren> fwest: No. And it can't be.
<CrummyGummy>  *there*
<soren> CrummyGummy: Anything of interest in dmesg?
<soren> fwest: I'll tell you this much:
<soren> Changes in hardy are *not* going to happen if the people with problems refuse to explain what their problem is.
<fwest> soren: well as it didn't take long to establish a tool was missing
<soren> And no, your problem is *not* that some random utility is missing. Your problem *might* be that you now don't know how to do something, because tools have changed.
<soren> But I don't know. Because you don't tell me.
<soren> See how it works?
<fwest> i think i did, as a conversation directly related to the missing tool
<soren> Them I'm clearly the stupid one.
<soren> I also happen to be one of the people who could fix it.
<fwest> well to answer my question, the answer is probably not
<soren> ..but seeing as I'm stupid and don't understand your problem and you refuse to help, I wouldn't hold my breath waiting for things to change.
<Blinny> I've read about a particular bug in the linux kernel mailing list. It was reported and spoke of being pushed to 2.6.24-stable in March. I'm still seeing the result of this bug, even though I'm on an updated 8.04 2.6.24.19.21 linux-image-generic   --  How can I check to be sure that the actual March kernel bug fix is in Ubuntu's current linux-image-generic short of downloading the source?
<soren> Blinny: The kernel's changelog lists the upstream changes that were imported.
<soren> http://changelogs.ubuntu.com/changelogs/pool/main/l/linux-meta/linux-meta_2.6.24.19.21/changelog
<soren> Look for "Upstream changes"
<Blinny> soren: Bully. Thank you.
<soren> Blinny: Whoops, wrong link.
<soren> Blinny: http://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_2.6.24-19.36/changelog
<soren> There, that one.
<Blinny> Cheers.
<soren> Any time :)
<_ruben> [   40.008864] Memory: 3993236k/6291456k available (2295k kernel code, 135080k reserved, 1238k data, 308k init)
<_ruben> hrmm
 * _ruben starts looking for boot options to enable that other 2gig
<soren> fwest: If it wasn't obvious, my last remark to you was an implicit suggestion that you'd restate your question in terms that I might understand.
<soren> _ruben: Which kernel and architecture?
<soren> i386 and generic, perhaps?
<_ruben> x86_64 and -server
<_ruben> dual 1st gen opteron
<fwest> soren: i thought we established that the missing tool from apache2 was not going to make it into hardy
<soren> We did.
<soren> 14:42:03 < soren> And no, your problem is *not* that some random utility is missing. Your problem *might* be that you now don't know  how to do something, because tools have changed.
<soren> Try stating your *problem* rather than repeating the (wrong) solution to said problem.
<fwest> i no longer have a problem
<fwest> my expectation has been set
<soren> Cool. Glad I could help.
<fwest> thank you
<_ruben> time to go home .. the hunt for the missing 2gb will continue tomorow :)
<CrummyGummy> bios
<_ruben> bios shows 6GB when booting
<CrummyGummy> memory hole is set?
<soren> _ruben: Hardy?
<_ruben> soren: gutsy
<soren> Oh.
<_ruben> dont think there's a vmware-server package for hardy yet
<_ruben> untill i roll my own, i'll just gutsy
<_ruben> might give hardy a shot to see if it does see the 6gg
<Blinny> _ruben: ï»¿3993236k/6291456k available looks like 6 gigs to me
<_ruben> Blinny: the 2nd number does, yet the 1st number is what's actually being available
<_ruben> hence `free` shows 4gigs of ram
<soren> _ruben: I'd ask in #ubuntu-kernel.
<_ruben> soren: i'll probably do so, tomorrow .. thanks anyways :)
<soren> _ruben: Note that the kernel team is mostly US based, so this is probably a good time to catch their attention.
<_ruben> ah
 * _ruben takes a quick peek
<soren> _ruben: Tomorrow morning (European time) not so much..
<uvirtbot> New bug: #250549 in net-snmp (main) "Wrong interface speed from snmpd running as snmp user" [Undecided,New] https://launchpad.net/bugs/250549
<godsyn> Just a heads up. I was in here a couple of days ago complaining about my fast system clock.. Turns out I was auto-over clocking via my bios.. I know, I know, I'm a tard.. at any rate, all better. Turned it off.
<godsyn> all is well.
<biz> Hello, is someone aware of http://www.policyd.org/v2/ packages?
<biz> postfix-policyd* stuff is the 1.* branch
 * delcoyote hi
<zul> mathiaz: samba-3.2 uploaded
<duiu> Can I ask a CUPS question on this channel? Because the ##cups channel is somewhat worthless.
<_ruben> duiu: dont ask to ask, such 'questions' are often ignored .. whether or not the actual question is appropriate here depends on the actual question anyways
<duiu> OK, I"m trying to remotely configure CUPS via the web admin from another computer on the local network. Everything works until I get to the screen where I have to authenticate, upon which I enter in the password for a user that's a member of lpadmin group, and then I get an error (Though the site seems valid, the browser was unable to establish a connection.) in my browser and then I have to...
<duiu> ...reload the default config file, restart cups, change the file to the modified for my network version, restart cups, and try again
<duiu> Is there something I have to do to get CUPS authentication to work?
<duiu> Screw it, I just disable authentication and it worked
<duiu> *disabled
<ivoks> hello
<zul> hey ivoks
<ivoks> does anyone think we should disable sslv2 even on upgrades?
<ivoks> (i do)
<ivoks> otherwise i'll quite and move to redhat :D
<ivoks> quit even :D
<sommer> seriously?
<ivoks> i know you would like that :)
<sommer> heck no... wouldn't wish redhat on anyone, hah
<ivoks> no, seriously... it's very hard to package that change
<ivoks> with apache it's easy, with dovecot, it's easy
<ivoks> but with vsftpd... not
<ivoks> i can't just change conffile from postinst
<ivoks> next upgrade would pop the question for a user
<sommer> I don't have strong feelings either way, but seem like sslv3 is the way to go
<sommer> so for vsftpd if v2 isn't there will it automagically use v3 >?
<ivoks> that's default for all sane applications
<sommer> that's what I was thinking
<ivoks> firefox doesn't even try with v2
<ivoks> same goes for IE and opera
<ivoks> if server provides sslv3 and tls, client will connect over it
<ivoks> there might be some old clients (pre-2000.) which don't support sslv3 or tls
<ivoks> but.. even netscape4 supports tls and sslv3
<sommer> heh, that's pretty far back
<sommer> does redhat disable sslv2?
<sommer> just out of curiosity
<ivoks> i don't know, but it doesn't have debian packaging guidelines :D
<mindframe-> ivoks, you can force certain ciphers w/ vsftpd
<ivoks> mindframe-: the issue is packaging
<ivoks> if we agree to disable sslv2 on upgrade, then everything is fine
<emgent> zul: new intrepid server will be use /var/www or /srv/www ?
<ivoks> but, if we decide to keep sslv2 on upgrade and disable it only on new installations, then we have a packaging problem
<zul> emgent: hmm?
<zul> /var/www
<emgent> nice!
<zul> still
<emgent> zul: https://wiki.ubuntu.com/EasyGuiApacheSetup
<ivoks> emgent: this is a workstation/desktop tool, right?
<zul> emgent: you might want to bring that up in the server meeting tomorrow
<emgent> ok nice.
<emgent> zul: i'm not available for server meeting, but Tacone (other rapache devel) can join.
<zul> emgent: sure please add it to the agenda in the wiki
<emgent> sure.
<emgent> ivoks: yeah now.
<emgent> ivoks: http://en.emanuele-gentili.com/index.php/2008/07/17/rapache-05-is-out-go-to-test-it/
<ivoks> i noticed it, but i'm a cli guy :)
<emgent> :)
<ivoks> a2ensite is top of the automatization for me :D
<mathiaz> nijaba: check this out - https://wiki.ubuntu.com/ImproveSSLCert
<mathiaz> nijaba: that's what I tought about during lunch
<phaidros> mathiaz: just for curiosity .. is it possible yet to use different ssl certs on a webserver on the same IP ?
<phaidros> so to say multiple vhosts with each its own ssl cert .. didn't know thats possible yet
<mathiaz> phaidros: well - not really - support for SNI is not enabled in apache2 as of now
<phaidros> mathiaz: do you have hint what SNI is?
<phaidros> (just didn't follow this issue quite a while)
<mathiaz> phaidros: that's support for multiple ssl cert over one IP
<phaidros> mathiaz: kewl, just reading about it .. sounds good :)
<emgent> hi mathiaz
<phaidros> lets see if its avail for lighty !
<phaidros> mathiaz: so it seems SNI is already available in lighty, so your ImproveSSLCert draft might consider handling lighttpd as well :)
<kirkland> mathiaz: ping
<emgent> heya kirkland
<kirkland> emgent: howdy dude
<mathiaz> kirkland: ahhhh - you scared me
<kirkland> mathiaz: ?  how so?
<mathiaz> kirkland: you're ping... is scary ;)
<mathiaz> kirkland: *your*
<mathiaz> kirkland: anyway - what's up ?
<kirkland> mathiaz: https://wiki.ubuntu.com/InitScriptStatusActions
<kirkland> mathiaz: I added to the bottom of that page a list of init scripts
<kirkland> mathiaz: those come from installing the Intrepid Ubuntu Server, Desktop, Kubuntu, and Xubuntu, and grepping through /etc/init.d for scripts that lack "status)"
<kirkland> mathiaz: it needs a bit of vetting, but that gives us a decent list of the most commonly seen init scripts
<mathiaz> kirkland: right - this list has to be reviewed and trimmed down
<kirkland> mathiaz: absolutely
<mathiaz> kirkland: I can see udev in there, and it should be be
<kirkland> mathiaz: right
<mathiaz> kirkland: *shouldn't*
<kirkland> mathiaz: I thought you might help me trim it?
<kirkland> mathiaz: there are a few I will be adding (squid comes to mind, as i found it dead on my server at home sometime last week)
<mathiaz> kirkland: I'd first filter the list by daemons
<mathiaz> kirkland: if there's a daemon, put it on the list
<kirkland> mathiaz: okay, i'll try to clean it up some before tomorrow's meeting
<mathiaz> kirkland: if there isn't a daemon running, your status_of_proc doesn't really help
<kirkland> mathiaz: "supposed to be running" ;-)
<mathiaz> kirkland: getting a status may require some package specific code
<mathiaz> kirkland: seems great - so that we can review it during the meeting tomorrow
<kirkland> mathiaz: okay, cool
<kirkland> mathiaz: thanks, back to your less-frightening work ;-)
<mathiaz> kirkland: I'm reviewing a new package: libapache-mod-passenger (modrails) - it's not that scary
<pschulz01> Greetings..
<pschulz01> What is the best (quickest) ftp server to install.
<pschulz01> I just need an anonymous ftp server on my network.
<pschulz01> Greetings
<mathiaz> pschulz01: vsftpd
<pschulz01> Ta.. I tried ftpd, but it didn;t 'just work'.
<pschulz01> mathiaz: Excellent.. that's just want i like to see :-).. and apt-get install..  It's alive :-)
#ubuntu-server 2008-07-22
<macd> mathiaz, YES!
<macd> TY
<macd> mathiaz, I've been trying to get someone to look at mod_rails, so we can get the rails stack done
<mathiaz> macd: right - I've finished reviewing the package
<mathiaz> macd: I'll send my comments but overall it looks good
<macd> This one correct: http://revu.ubuntuwire.com/details.py?package=passenger
<macd> just to make sure were talking the same one
<mathiaz> macd: It seems that mod_rails is very memory hungry
<mathiaz> macd: yop - I've reviewed the passenger package
<macd> It only builds against a forking server
<mathiaz> macd: correct - we do the same with php
<macd> so until its able to be built with perthread its kindve a stalemate
<macd> but so far mod_rails handles mem the best of all the other rails serving solutions
<mathiaz> macd: according to the passenger documentation it should only take 10 lines of code
<macd> if that
<macd> its standard debian vhost, and a directory
<mathiaz> macd: At the moment, Passenger does not support Apache with the worker MPM (which uses threads instead of processes). But because the application pool is implemented in a modular way, supporting the worker MPM shouldn't take more than 10 lines of code.
<macd> ohh, I was on another page
<mathiaz> macd: ^^ from http://www.modrails.com/documentation/Architectural%20overview.html
<macd> Interesting, I'll talk to Neil the guy who packaged it, see if hes interested in looking into that
<mathiaz> macd: I heard that nginx+thin is one of the best solution out there
<macd> Ive heard that as well
<macd> I've seen some benchmarks that dont show much of a diff really
<macd> http://ariekanarie.nl/archives/51/mod_rails-vs-thin-vs-ebb-vs-mongrel
<macd> thats just thin, not nginx added in
<mathiaz> macd: hm - interesting
<mathiaz> macd: but it seems that deploying apps under mod_rails is easier than the other solutions
<macd> mod_rails is by far the easiest to configure for sure also
<macd> its just a standard vhost
<macd> with the index set to a  deeper location, so its fairly straightforward
 * mathiaz agrees
<macd> Much easier to work that in, than what we were looking at with mongrels and multiple configuration changes
<mathiaz> macd: there are some incompatibility with other apache module though
<mathiaz> macd: the default virtual host creates an Alias for /doc, which broke my first test
<mathiaz> macd: removing it and it worked like a charm :)
<macd> did you leave a note about that?
<macd> As far as the modules go, you can use them still on different vhosts, just not within your rails host
<macd> like mod_userdir, your rails app cant live in ~user/rails
<mathiaz> macd: correct - that's documented in the passenger user guide
<macd> err could live in ~user/rails, but not ~user/
<macd> I dont think thats a problem then right?
<mathiaz> macd: oh no - not a showstopper
<mathiaz> macd: it's documented
<macd> mathiaz, does passenger-memory-status work correctly?
<macd> err -stats
<mathiaz> macd: in the sense that it reports the correct stats ?
<mathiaz> macd: I don't know actually
<macd> in the sense it works at all
<macd> I get ruby errors
<macd> but Im sure my ruby is suspect, as its not from the repos
<mathiaz> macd: oh yes - it works
<macd> The stats _are_ the actual ones, not the incorrect ps/top ones ;P
<mathiaz> macd: I was able to get the stats of the server
<mathiaz> macd: http://paste.ubuntu.com/29147/
<macd> That looks about right
<mathiaz> macd: http://paste.ubuntu.com/29148/ - that's after I've hit a simple rails app
<macd> http://blog.phusion.nl/2008/06/09/phusion-passenger-20-rc-1-and-ruby-enterprise-edition-released/  <-- that blog post seems to suggest the other MPM model is supported
<macd> cool so it works, I was just getting ruby errors, and dont have the buntu ruby installed
 * macd makes a note to setup a fresh one
<mathiaz> macd: hm - the blog post states that the worker mpm is supported now
<mathiaz> macd: that's good news - however I'd like to make sure that the worker mpm is supported by passenger running the standard ruby vm
<mathiaz> macd: not the EE vm
<macd> Thats what Im looking into
<macd> Im setting up a fresh vm
<macd> btw, are you running your vm in virtualbox? (I cant boot any intrepid kernels in virtualbox)
<mathiaz> macd: I'm using kvm
<macd> Mine are running in s2k8 atm ;P
<macd> since they boot in there
<mathiaz> macd: I ran into some issue with intrepid on kvm, using no-kvmclock to boot a 2.6.26 kernel worked
<Nathan406> hello!
<mathiaz> macd: but I heard that intrepid has also some issue with virtualbox
<Nathan406> Can someone help me fix my usb
<mathiaz> macd: I don't know how to boot them - you could try to boot with a 2.6.24 kernel
<macd> mathiaz, thats what I've been doing when I need them in there
<Nathan406> Can someone help! I cant access my flash drive from the usb port
<uvirtbot> New bug: #250655 in samba (main) "samba daemon deadlocks" [Undecided,New] https://launchpad.net/bugs/250655
<yahut> what do you think about ubuntu??
<yahut> linux ubuntu I mean............
<jeromesagisi> hello
<yahut> ya...........
<yahut> :)
<nxvl> soren: around?
<soren> nxvl: Yup.
<nxvl> soren: i have been looking for you
<nxvl> soren: i have work on some merges on the virtualization side
<soren> Cool.
<nxvl> and i suscribed you to them
<nxvl> have you noticed?
<nxvl> i think it was qemu and (not mine) bochs
<soren> I'm a bit behind on bug mail, so no.
<nxvl> exactly what i thought
<nxvl> :D
<nxvl> also
<nxvl> have you noticed that i applied for u-u-c?
<nxvl> soren: on the motu-council list
<soren> Yes, I did.
<soren> I'll get to it today :)
<nxvl> yeah, np
<nxvl> :D
<nxvl> and at last but not a least
<nxvl> are you technicaly familiar with the linux boot sequence?
<soren> SUre.
<nxvl> have you heard about the pymouth proyect?
<nxvl> project*
<nxvl> http://fedoraproject.org/wiki/Releases/FeatureBetterStartup
<soren> No.
<nxvl> well
<nxvl> pymouth is a lighter and kind of better replacement for rhgb
<soren> It seems to be "Plymouth", nor "pymouth", though :)
<nxvl> oh yes
<nxvl> my bad
<nxvl> :P
<nxvl> well, the thing is
<nxvl> the spanish fedora community is making eco on the news all over the internet (i have read at least 4 posts this week) about Plymouth
<soren> Ok.
<nxvl> the odd thing is that they are saying that the boot will be inmediat
<soren> Hm? Where does it say that?
<nxvl> soren: exactly
<nxvl> that is on all the spanish post about it
<soren> Link?
<nxvl> and of what i have understand
<nxvl> http://linux.adslzone.net/2008/07/15/fedora-10-arrancara-al-instante/
<nxvl> they are just making quicker the grafical thing on the bootsequence, which is something we don't have on server for example
<nxvl> so the init part will still be slow
<nxvl> wouldn't it?
<soren> That certainly seems to be the case, yes.
<nxvl> actually the spanish post title are: "Fedora 10 start instantaneously"
<soren> They seem to think that the boot sequence is done when you have graphics.
<soren> Yeah. I wonder how they got that idea.
<nxvl> which is not at any point the scope of the project, as i have understand it
<nxvl> jajaj
<nxvl> it's kind of funny to see people that go around saying they know a lot, and are experts make mistakes like that
<soren> Yeah, it seems very odd.
<nxvl> actually i'm enjoing it
<nxvl> the last guy that makes the mistake is a guy that goes around saying how expert he is, and how much he knows and how less we other people know (and he has a special problem with me) and i have just posted on the almost same planet than him a technicaly detailed explanation on how that's NOT what it's comming
<nxvl> so tomorrow the flamewars will start on the peruvian community
<nxvl> dammit is really late
<nxvl> i need to go
<nxvl> soren: have a nice day!
<soren> You too, Nicolas.
<soren> Take care.
<kraut> moin
<jmazaredo> can anyone help me on this http://www.howtoforge.com/how-to-install-ubuntu8.04-with-software-raid1 in the part where "make all drives bootable" im using 2 IDE my ubuntu have booted just that command i cant run
<_ruben> jmazaredo: you cant run grub?
<jmazaredo> when i type grub i get the grub probmpt
<jmazaredo> prompt
<jmazaredo> but when i try to type device (hd1) /dev/sdb
<jmazaredo> it says selected disk does not exist
<jmazaredo> i tried it inside the bash and also "before the boot up process"
<_ruben> dont think i ever used that device line .. but my guess is, that with 2 ide disks, both are master on seperate bus i hope, so they'd be sda and sdc
<_ruben> http://paste.ubuntu.com/29245/ .. thats how i do it
<_ruben> old doc tho
<jmazaredo> i only have 1 ide slot so 1 is master and  1 is slave
<jmazaredo> _ruben ty
<jmazaredo> got it working now sudo grub
<ivoks> i'm having this horrible desire to create full mail stack for ubuntu :D
<ivoks> including quarantine, per user configuration, anti spam and anti virus protection
<ivoks> and everything in mysql :) except mail, which would be in maildir, on the disk
<hads> I'm sure some people would find that useful.
<ivoks> all the parts are already there
<hads> Yep
<ivoks> we just need to combine it together
<hads> I prefer to keep mail config on the disk myself.
<ivoks> then just dump sql :D
<hads> I do :)
<ivoks> mail config like...?
<hads> users etc.
<ivoks> all the configs of services would be on disk, but per user configuration and quarentine would be in sql
<ivoks> ah... problem with users on disk is that you need to give someone a root account so he could add new users
<_ruben> ivoks: surely sounds like smth i'd want to use ;0
<_ruben> ;)
<ivoks> with users in mysql you can just give away mysql access to a service (like postfixadmin)
<hads> True. The problem with putting them in SQL is that your mail system relies on the SQL server.
<ivoks> true, but sql servers aren't that unreliable...
<ivoks> we could even provide migration tools
<ivoks> now... that could be a killer-app for ubuntu-server
<_ruben> definatly
<ivoks> i might work on something for 9.04...
<ivoks> till then we will have all tools in main... thanks to ScottK
<jmazaredo> is there a way to check the linux raid if it is copying in realtime like the command tail -f
<soren> What?
<soren> ivoks: I already have a setup preetty much like that.
<ivoks> soren: me too, but i was thinking in providing a meta package which would set up everything
<soren> ivoks: yeah. I started working a web interface for it, too, at some point, but I wanted to code it in Django, but wasn't too keen on getting Django into main.
<ivoks> soren: MailZu + postfixadmin :)
<ivoks> but much nicer interface would be welcome :)
<ivoks> one which would integrate mailzu and postfixadmin and roundcube
<soren> Yeah, that would be neat.
<ivoks> going for a walk and coffe... see you at 1300UTC
<sommer> kirkland: hey, I tried out your encrypted Private folder mount last night, and everything worked as advertised... cool stuff
<kirkland> sommer: very nice!
<kirkland> sommer: thanks!
<sommer> np
<mathiaz> kirkland: what's the status of the ecryptfs testing blog post ?
<kirkland> mathiaz: I'm pushing a patch of 8 manpages upstream
<kirkland> mathiaz: I'd like to get those into intrepid first
<kirkland> mathiaz: I'll write the post in the meantime, and just hold off publishing until then
<uvirtbot> New bug: #229252 in openldap (main) "slapd gssapi failure" [Undecided,New] https://launchpad.net/bugs/229252
<uvirtbot> New bug: #231321 in openldap (main) "ldap over ssl fails" [Undecided,New] https://launchpad.net/bugs/231321
<mathiaz> kees: does bug https://bugs.launchpad.net/ubuntu/+source/openldap2.2/+bug/249878 apply to openldap 2.2 (dapper) ?
<uvirtbot> Launchpad bug 249878 in openldap2.2 "CVE-2008-2952: BER Decoding Remote DoS Vulnerability" [Undecided,New]
<_ruben> bah .. stupid ass software raid cards .. and this pos card even has a 'bugged' kernel driver, limited its 8 ports to only 4 being usable
<lukehasnoname> _ruben: hack that
<_ruben> lukehasnoname: not feeling like rolling my kernel .. recently a bug was filed against the (vanilla) 2.6.24 kernel addressing this problem (broadcom raidcore rc4000 series) .. card's crap anyways, tho was kinda curious what its performance would be under linux
 * _ruben asks his boss for better hardware
<lukehasnoname> 3ware's the touted linux raid card brand, right?
<_ruben> 3ware's sweet .. but also far more pricey .. broadcom/raidcore is cheap shit
<ivoks> 3ware rulez
<ivoks> not only cause of driver, but mostly cause of features and performance
<ivoks> and managability
<_ruben> yeah .. that is: from what i've heard .. no hands-on experience with em tho :(
<ivoks> 3ware works with smatmontools, 3ware provides CLI and web tools for management
<uvirtbot> New bug: #250847 in redhat-cluster-suite (main) "Apache predefined script in redhat-cluster-suite is not properly setup for Ubuntu" [Undecided,New] https://launchpad.net/bugs/250847
<ivoks> oh, we can expect more bugs against rhcs :/
<zul> meh thanks ivoks :)
<ivoks> i already decided to set up a testing env. back at home in fall and get this package into good shape
<zul> ivoks: you might want to talk to fabbione as well
<ivoks> of course
<_ruben> hmm .. wonder how 'trivial' it'd be to 'update' canonical's vmware-server packeges .. be it for gutsy's new (-15) kernel, or even hardy
<_ruben> and vmware-server itself ofcourse (1.0.4 -> 1.0.6)
<macd> isnt there a server team meeting today?
<soren> macd: Yes.
<soren> It's in #ubuntu-meeting.
<macd> k thx
<gegema> If another user is logged into the server while I am also logged in, what utility can I use to send a message to that user via the terminal? [other than wall]
<soren> write
<ahasenack> is anybody else having a "grub installation error" with intrepid alpha 2 (server) and also the daily server iso?
<sommer> ahasenack: I did actually... amd64?
<ahasenack> sommer: no, both kvm/qemu and a real P4
<sommer> ahasenack: ah, not sure... and I may have had a bad CD, but I haven't done more testing
<sommer> ahasenack: did you try lilo?
<ahasenack> sommer: no, is there a lilo option within the installer?
<sommer> ahasenack: ya, once grub fails go back and there should be an option for lilo
<ahasenack> sommer: ok, I can try that
<ivoks> ahasenack: what's the size of the disk you are installing on?
<ahasenack> ivoks: 20G
<ivoks> ok
<ahasenack> ivoks: and 1G inside kvm/qemu
<ivoks> that's ok
<_ruben> Generating locales... en_US.UTF-8...
<_ruben> that isnt supposed to take minutes or is it ?
<_ruben> on dual opteron 2ghz
<ahasenack> sommer: lilo failed too
<ahasenack> sommer: it's weird
<sommer> ahasenack: is there any log entries in alt+f4 ?
<ahasenack> it says "lilo is already the newest version", and then proceeds to setup grub
<ahasenack> finally reports that dpkg returned an error code (1) while processing grub
<ahasenack> and lilo-installer: says that calling apt-install lilo failed
<sommer> ahasenack: mmmm... you might try asking in #ubuntu-installer and see if they have more ideas
<ahasenack> I can probably attach these logs to a lp ticket, I was just checking if this was known
<sommer> ahasenack: ya, a bug is probably a good idea, but folks in #ubuntu-installer may have more info
<ahasenack> sommer: ok, thanks
<sommer> ahasenack: np
<macd> ok, now is fine too
<persia> On the other hand, I'd be happy to answer (user-level) discussions about ruby gems here
<macd> persia, what is your take on the problem?
<soren> So the problem only affects gems that wants you to call them directly?
<macd> persia, were really up against a wall here trying to find some common ground fix
<persia> macd: gems are inherently broken, and if someone wants to use one, it ought be packaged.
<macd> persia, thats where Im at right now, just install gems from source and forget the debian way
<macd> but that doesnt do much to get a rails stack in ubuntu the debian way
<macd> I need about 10 minutes to go down the hall, but I'll be right back
<soren> Those are different issues, surely?
<soren> I'll be gone by then, but back tomorrow.
<persia> My opinion aside, the best fix is likely to have a README specifying that those wishing to use unpackaged gems with sudo installation ought adjust the path in /etc/environment.
<macd> well I guess I can wait
<macd> persia, cant we just do that with postinst?
<macd> nvm
<macd> opposite
<persia> No.  Packages are not permitted to alter files that don't belong to them in an automated manner.
<macd> what about some automated way of building gems from the gem repositories?
<macd> and just have those going into -updates or -backports?
<persia> There is some discussion of allowing careful manipulation of other packages conffiles as proxy for user modification, but even this is technically a violation of policy.
<macd> persia, yeah debian policy is kind've holding my hands back
<persia> Well, most gems might be able to be processed by an automated packaging solution.  Mind you, nobody has yet written an automated packaging solution that didn't end up breaking everything after a while.
<macd> persia, for sure
<persia> Debian policy is a good thing.  It makes the system work.  Without it, most things would break.
<macd> persia, I agree whole
<persia> So, long-term I'd recommend the same treatment as for CPAN or the cheeseshop: get everything interesting packaged.
<macd> the bones for a rails app gem wise, rails, mysql, or pgsql, and rails deps
<persia> This further allows control over versions: my experience with Rails is that there are usually two or three version incompatibilities in any given stack of gems one may wish, and one needs to mangle local plugin directories.
<macd> persia, yeah at least were not trying to package rmagick right ;P
<persia> Doing that at a distro level provides a much better experience to the developer.  While they may not get the newest features, at least everything works, and they can concentrate on their app, rather than on rails.
<macd> persia, I tend to agree
<macd> the version of rails and gems in intrepid now are new enough to have all the real fixes
 * persia did a 2-month web app system in RoR over a period of 6 months including 4 rewrites because the client wanted new features before calling it a bad day, so may be a bit bitter about this
<macd> persia, I feel your pain
<macd> I had a client halfway thtough decide they wanted rails2 b/c someone said it was "cool"
<persia> macd: Of course, my recommend solution means lots of packaging work for you :)
<macd> persia, yeah fun ;)
<macd> I think when Neil gets back from vacation we should have a quick discuss about gems again
<macd> in the meantime thanks for chiming in
<macd> Could you have a look at the mod_rails package in REVU?
<macd> there are 2 changes I know need to be made, but after those are done, we'd like to get it in
<macd> http://revu.ubuntuwire.com/details.py?package=passenger
<persia> Erm, perhaps later
<macd> thx
 * persia runs away in search of a short TODO list
<macd> I've gotta get some work done too
<timboy> i'm having an interesting issue: I logged in today and my LAN ip was getting dhcp instead of static even though I have it set for static! this is relevent info from syslog http://pastebin.ca/1079630
<kmaynard> anyone running pure-ftpd?
 * delcoyote hi
<kmaynard> i'm trying to figure out how to pass arguments to pure-ftpd at startup
<sommer> kmaynard: is there a /etc/default/pure-ftpd file, or something similar ?
<kmaynard> sommer, nope
<n-iCe> hello
<kees> mathiaz, kirkland: for the grub bits of degraded raid booting, I think the review should be me, evand, cjwatson
<kees> mathiaz, kirkland: for the initramfs bits of degraded raid booting, me, luke, cjwatson
<kirkland> kees: cool, thanks for the clarification
<kees> kirkland: i.e. bug cjwatson last.  :)
<kirkland> kees: good point ;-)
<n-iCe> does ubuntu-server includes the ubuntu drivers?
<lukehasnoname> does #ubuntu-chat exist?
<n-iCe> i installed ubuntuserver and it doesn't load, just reboot and reaboot, when says grub loading...
<n-iCe> anyone?
<Buzzons> hi -- anyone here had experiance with having 2 subnets on the same interface (eht0 and eth0:1)
<Deeps> lol
<Buzzons> hey deeps :P
<Buzzons> how goes real life
<Deeps> richer and more boring
<Deeps> what are you trying to do?
<Deeps> and eitherway, you'd be better off using vlans (and linux does understand the concept of multiple vlans on a single interface)
<Buzzons> i have two /28s, one is working fine -- just wanted to set up my 2nd to go router->server ->wireless (allowing me to control it a bit better)
<Buzzons> so i set up my router to have 2 subnets on one interfae (all fine)
<Buzzons> set up eth0 and eth0:1(virtual interface)
<Buzzons> if i do ping -I eth0 www.google.com it works, but if i do ping -I eth0:1 www.google.com it fails
<Buzzons> i can ping both eth0 and eth0:1 from other machines on the eth0 subnet (tracert to the eth0:1 shows it hopping over the router)
<Deeps> could be routing, do you have a default route defined for that subnet?
<Buzzons> each subnet has a default gateway set in the /interfaces config
<Buzzons> other than that -- no
<Deeps> wget -O /dev/stdout -q -4 --bind-address=xxx.xxx.xxx.xxx http://whatismyip.org
<Deeps> see what comes out from both
<Buzzons> where xxx. is the ip etc
<Deeps> uh huh
<Buzzons> the eth0 one works
<Buzzons> the eht0:1 doesn't
<Deeps> sounds like it could be routing related, can you ping another host in the same subnet though eth0:1
<Deeps> ?
<Buzzons> sec i find out
<Buzzons> eyp
<Buzzons> yep, i can ping the gateway of that subnet from it
<Buzzons> (from eth0:1 i can ping both subnet gateways)
<Deeps> given that both are gateways are on the same machine
<dana_good2> buzzons, aren't you normally supposed to set the physical interfaces to no address if you're using virtual interfaces?
<Deeps> and you dont have any proper segregation between them, thats to be expected
<Buzzons> Deeps :: the gateway ip's of the router
<Buzzons> it can also ping out of the subnet (to the other one)
<dana_good2> so instead of having eth0 and eth0:1, you'd have eth0:0 and eth0:1
<Buzzons> humm.. maybe?
<Deeps> that could be it, otherwise my money's on it being routing related
<Buzzons> houw would i fix the routing issue if it is that?
<dana_good2> Deeps: i think routing issues might be why you're supposed to set it up the way i suggested
<Deeps> sounds logical
<Deeps> try it dana's way, saves me the hassle :)
<Buzzons> route add default gw subnet1 eth0
<Buzzons> route add default gw subnet2 eth0
<Buzzons> ?
<Buzzons> **
<Buzzons> route add default gw subnet2 eth0:1
<Buzzons> where subnet1/2 is replaced with the ip of the gateway for that subnet?
<Buzzons> or... should i try with the eth0:0 and eth0:1 -- was only doin it the way i was due to a guide on the net
<Buzzons> tried adding two default gw routes -- no luck on the eth0:1
<Buzzons> I'll try what dana said -- may work -- but can't tonight
<Buzzons> thank you for the help
<kees> kirkland: the ssl memory leak in apache, was that only in intrepid, or was it found in all releases?
<kirkland> kees: hmm, let me check the bug to refresh my memory
<kirkland> kees: do you have the # handy?
<kees> https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
<uvirtbot> issues.apache.org bug 44975 in mod_ssl "memory leak with mod_ssl and zlib compression" [Normal,Needinfo]
<kees> https://bugs.edge.launchpad.net/ubuntu/+source/apache2/+bug/224945
<uvirtbot> Launchpad bug 224945 in apache2 "[SRU] memory leaks in apache2 when running mod_ssl" [High,Fix released]
<kees> kirkland: you mentioned something about gutsy, but then openssl wasn't the root cause, so I wanted to double-check.
<kirkland> kees: ah, yes, definitely not openssl's problem
<kirkland> kees: absolutely a problem with Apache, that was fixed upstream
<kirkland> kees: and we cherry picked that fix for Hardy
<kees> kirkland: yeah.  I'm just trying to understand if it was a problem with feisty/gutsy too.  (a CVE was assigned for this issue, as it turns out)
<kirkland> kees: to be honest, I never tested Feisty/Gutsy
<kirkland> kees: however, if you have a KVM, it's absolutely trivial to test
<kirkland> kees: see https://bugs.edge.launchpad.net/ubuntu/+source/apache2/+bug/224945/comments/13
<kees> kirkland: https://bugs.edge.launchpad.net/ubuntu/+source/apache2/+bug/224945/comments/8 says you tried dapper through gutsy?
<uvirtbot> Launchpad bug 224945 in apache2 "[SRU] memory leaks in apache2 when running mod_ssl" [High,Fix released]
<kirkland> kees: duh......
<kirkland> kees: okay, then i believe myself :-)
<kirkland> kees: yeah, openssl was a red herring
<kirkland> kees: the problem was definitely in Apache
<kees> kirkland: but I wasn't sure if that meant you ran some openssl-specific test or the one from comment 13
<kirkland> kees: all of the testing I did was with ab (apache bench)
<kees> kirkland: okay, sweet, so it sounds like gutsy needs this backported too.
<kees> this is an interesting corner-case...
<kees> I have a security-affecting fix already in -updates... and I have to do a backport to gutsy.  I guess I need to pocket-copy the -updates one, and then publish the gutsy fix.
<kees> hm
<kirkland> woohoo.... patch sent upstream for 20 new/modified ecryptfs manpages!!!
 * kirkland 's documentation duties are hereby DONE for a while ;-)
<kirkland> mathiaz: ping
#ubuntu-server 2008-07-23
<menblack> anyone online?
<menblack> if my pc has an amd card, should I download the amd64 version?
<kgoetz> does someone have a good explaination of how the TCNG htb works? i'm unsure how the rate and ceil relate
<kgoetz> and how they relate to the whole connection
<b2z> Hey all: I'm trying to set up Link Aggregation, and when I start up the networking service, I get 'Illegal Operation: The specified slave interface 'eth0' is already a slave". Any ideas? Thanks...
<michael_b> ... anyone??
<kgoetz> anyone what?
<b2z> sorry
<b2z> i changed my nickname accidentally
<b2z> I'm trying to set up Link Aggregation
<b2z> the original question i posed is:
<b2z> Hey all: I'm trying to set up Link Aggregation, and when I start up the networking service, I get 'Illegal Operation: The specified slave interface 'eth0' is already a slave". Any ideas? Thanks...
<b2z> ... any ideas on this kgoetz?
<b2z> ??
<b2z> anyone??
<Chipzz> b2z: if no-one is answering, that's most likely because there is no-one present who can answer. There is no need to repeat yourself
<b2z> ok - had no acknowledgement until now.. I thought my internet connection may have been a bit dodgy!
<Chipzz> you may have noticed the general absence of activity - which is most likely because most people are asleep
<b2z> ahh ok, tried asking on #ubuntu but nothing at all!
<Chipzz> hehe
<Chipzz> good luck getting any usefull answer on #ubuntu other then an answer to a FAQ ;P
<b2z> its kinda an urgent one too... i'm removing all traces of link aggregation and I'll give it another go
<Chipzz> you could try the wiki, although somehow I have my doubts :p
<b2z> yeah i tried - found a few resources through Google, but they say a few different things
<b2z> maybe i should look for nic bonding in debian? do you think I'd have more luck??
<Chipzz> that would be a good bet
<Chipzz> also
<Chipzz> every debian (and ubuntu) package includes some form of documentation in /usr/share/doc/<package>/
<Chipzz> README.Debian (if present for your package) would be a good bet to read
<Chipzz> such file (if present) includes documentation on how things are done in debian/ubuntu
<Chipzz> for example, /usr/share/doc/wpasupplicant/README.Debian includes a pointer to /usr/share/doc/wpasupplicant/README.modes.gz, which is one way of setting up wireless with wpa in Debian
<nxvl> soren: where is u-vm-builder branch stored? is it still lp:~ubuntu-virt/ubuntu-jeos/python-rewrite ?
<nxvl> (cause that branch is buggy)
<soren> nxvl: Yes, that's the right url.
<nxvl> soren: :D
<nxvl> soren: distro.py has identation errors
<nxvl> issues*
<nxvl> also
<nxvl> is there any reason for the error being raised with the whole backtrace or just random behavior
<soren> "the error"?
<nxvl> soren: http://paste.ubuntu.com/29525/
<nxvl> distro.py patch
<nxvl> soren: http://paste.ubuntu.com/29526/
<nxvl> ugly and not friendly error
<soren> Hm... I seem to have neglected to push a few things.
<nxvl> please push them to work on the latest version
<nxvl> i'm wrinting (or understanding the code to write) debian support
<soren> I've not yet entirely split errors into user errors and internal errors. Until then, it's more helpful to provide a full backtrace.
<nxvl> well yes, it's development still, so it sound fair enough
<nxvl> i love -o option
<nxvl> :D
<soren> I can't really push my changes right now. It's in the middle of a rewrite of certain core things, so it's break a lot of stuff.
<soren> nxvl: Why?
<nxvl> also i was wondering, why do all ubuntu version depend on the previous one
<nxvl> soren: because i hate to write: "rm -rf folder; ubuntu-vm-builder bla bla bla"
<nxvl> also if i can configure it on ~/.ubuntu-vm-builder it will not even needed to write -o
<soren> It's called inheritance... Every Ubuntu version is based on the previous one. We don't scrap everything every time we start a new release. We build upon the previous one.
<nxvl> yes, i know
<nxvl> but when dapper comes out of support would yo need to move things from one .py to other?
<soren> Probably.
<soren> What do you suggest instead?
<nxvl> so, then why not to write a library that handles that and having the classes inheriting from it instead of from the previuos version
<nxvl> (i have only take a quick look so i might be saying bullshit)
<nxvl> btw, have you already being working on a manpage or are you accepting patches?
<soren> No documentation yet at all.
<nxvl> some register setting can also be striped out of ubuntu/distro.py into a generic distro library
<soren> I just don't see the point of putting it into a base class and having everything inherit from that. What's the gain?
<soren> I'd have to e.g. duplicate all the quirks from Gutsy into Hardy and Intrepid.
<soren> That's pointless.
<nxvl> some of the options can be used on other distros also and avoid code duplication
<soren> They inherit in the real world, so why not in the code?
<soren> We can deal with that when other distros come along.
<nxvl> yeah, that's why i'm commenting on that, i'm working on debian support
<nxvl> the gain? easy of maintaince
<nxvl> and avoid the need to move code every 6 months
<soren> But that's the entire point! This is the the way that gives the least maintenance.
<soren> Dude!
<soren> This is the way we *avoid* copying the code.
<soren> Dapper is supported until 2011.
<soren> With your approach I'd have to copy everything from Gutsy into Hardy and Intrepid.
<nxvl> but not edgy
<soren> And every time I fixed a bug in Gutsy,  I'd have to copy the fix to Hardy and Intrepid.
<nxvl> or use a library
<nxvl> s/library/module/
<soren> If you really think that's a more useful approach, write up a patch, and I'll consider it.
<nxvl> yep i will take a better look
<soren> I doubt it'll be much use, though.
<nxvl> as i said before i just taked a quick one and have that question on mind
<soren> Hardy inherits from Gutsy. That's simply a matter of facts. Also, Ubuntu inherits from Debian.
<nxvl> after seeing the distro inherit chain, so i kind of found it odd, so i was just asking
<nxvl> :D
<nxvl> but yes i will consider on sending a patch after a better look
<nxvl> but be sure i will work on a manpage
<soren> Cool.
<nxvl> every option is documented on the code, isn't it?
<soren> Yes.
<nxvl> it will be just a matter of getting them from there and write a nice file
<nxvl> btw
<soren> The most useful approach to writing a man page would be to extract it programmatically.
<nxvl> i get really impressed to see you documenting everything to the point that i understan everything on the first and quick look
<nxvl> :D
<soren> You could write a pluging that does it.
<soren> :)
<nxvl> soren: yes, that's a man page
<nxvl> actually i was about to write a shell script to do it
<soren> Erm... ok.
<soren> So you'd parse python.... using shell?
<nxvl> also, it's a bug or a feature that using ./vmbuilder --help i have a limited set of option and using ./vmbuilder kvm ubuntu --help i get a complete set of options
<nxvl> soren: no, parse --help output
<nxvl> (btw, it's 1:36 am here, so don't expect much from my tired brain)
<soren> Well, the --help output doesn't list all the options from all the plugins.
<soren> Well, you don't know which options will be available until you've chosen the distro and hypervisor.
<nxvl> yeah, but it sould be mentioned somewhere on the ./ --help output
<nxvl> something like "to see more options try: bla bla bla"
<nxvl> i will work on it
<nxvl> but tomorrow when my brain works again
<nxvl> it's a PITA to work on an IT audit area having an economist as a boss
<nxvl> it's just wrong
<soren> Yeah, I've been there too, actually.
<nxvl> he want's me to write a tool that allows he to manage tables as in a spreadsheet document, having permision per column, and add or delete columns whenever he want
<nxvl> my brains goes upside every time i need to look at the database or model it
<nxvl> AND
<nxvl> he wants the tool to import from xls files
<soren> Sounds like fun.
<soren> Heh :)
<nxvl> not fun at all
<nxvl> i was like "fine, django and everything would be perfect"
<nxvl> but then i realize that it would be really hard to manage dynamic tables on django
<nxvl> so i just decide to use crapy php for crapy aplication
<nxvl> soren: i forgot to ask you
<nxvl> soren: what versioned build-dependency on nasm?
<nxvl> (Bug 247470)
<uvirtbot> Launchpad bug 247470 in qemu "Please merge qemu qemu_0.9.1-5 from debian sid" [Wishlist,Confirmed] https://launchpad.net/bugs/247470
<soren> nxvl: Ok, sorry. Not nasm. binutils.
<nxvl> soren: what's a change done on debian
<soren> Whuh?
<soren> So the debdiff is between which two versions?
<nxvl> wait
 * nxvl checks
<soren> Still, documenting that you've done something that is mandatory, and *always* happens is pointless. It's just noise.
<nxvl> right
<nxvl> i removed the changed line
<soren> I'm not sure I know what you mean.
<nxvl> don't worry is not important
<nxvl> for some reason i removed the debian changed line and left the ubuntu (on build-depends)
<nxvl> ok
<nxvl> new patch uploaded
<soren> Looks great.
<soren> Just one last thing I want to check... hang on.
<nxvl> ok
<soren> Oh, one last thing:
<soren> debian/control now has Vcs references pointing at Debian's repository.
<soren> ...but seeing as we have changes, and "apt-get source" tells you to get the source from whereever the VCS headers are pointing, we need to fix that.
<nxvl> right
<soren> That way we do that is to prepend "XS-Debian-" to the Vcs headers.
<nxvl> so it would have the same issues as the maintainer field
<soren> "issues"?
<nxvl> DD's complaining of people who ping them for ubuntu stuf
<nxvl> stuff*
<soren> Oh.
<soren> I thought you meant that changing it would cause issues.
<nxvl> soren: anything else before generate and upload the patch
<nxvl> heh, no
<soren> No, I think that's it.
<nxvl> i meant non changing will cause
<nxvl> ok
<nxvl> uploaded
<soren> Got it, thanks.
<soren> I need to fix up my intrepid schroot... Give me a minute.
<nxvl> now i need to sleep
<nxvl> read you! and have a nice day!
<soren> Ok. I'll be uploading it in half an hour or so, probably.
<soren> Thanks!
<nxvl> yeah, you have like 5 hours until i cna notice it
<nxvl> :D
<soren> :)
<kraut> moin
<manuvai> Hello
<manuvai> Is there a way to log a message in a specific file (/var/log/myapp.log) var the logger facility 'logger -i mymsg' ?
<incorrect> i am looking for a guide to setting up n-way replication with slapd,  i have followed the howto from the ldap site however it seems to be for a point revision ahead of the version in hardy
<incorrect> are there any plans to package vmware server for hardy?
<stgraber> hey, I'm doing some ISO testing for alpha-3. Installing all tasks at once create a conflict about the MTA (exim vs postfix).
<lamont> stgraber: yeah - don't do that
<stgraber> Installing only the mail server task seems to work so I'm not really sure with which other task it conflicts
<stgraber> lamont: well, you give the choice to the user so that shouldn't happen
<lamont> stgraber: OTOH, it's akin to telling synaptic to install everything in main.. -> error for good reason
<lamont> as to what is depending on exim, dunno
<lamont> if you install postfix, and then walk through installing the other tasks one at a time, one of them will remove postfix
<lamont> that'd be your problem child.
<lamont> beat it (or not), as appropriate. :-)
<stgraber> I'd bet on LAMP :) php probably depends on a MTA and apt selects exim (that's the bug)
<lamont> except that when postfix is selected later, it would just remove it, since exim was only soft-selected
<_ruben> incorrect: afaik this is up to vmware .. they provided the packages for feisty/gutsy
<soren> incorrect: Yes. Please shout at VMWare to make it happen.
<soren> !
<incorrect> ok
<darthmarth37|Wk> Is Ubuntu's BIND package compiled with support for LDAP?
<lamont> no
<darthmarth37|Wk> Dang.
<lamont> making it do that without dragging in ldap on all machines is on my todo list
<darthmarth37|Wk> Not likely to happen in the near future, I take it?
<stgraber> http://www.stgraber.org/download/server-task-conflict
<stgraber> that's the installer log for what happens when installing both the "LAMP server" and "Mail server" task from the Ubuntu server amd64 cd-rom
<stgraber> Jul 23 13:52:26 in-target:   exim4-config: Conflicts: postfix but 2.5.2-1 is to be installed
<stgraber> Jul 23 13:52:26 in-target:   exim4-daemon-light: Conflicts: mail-transport-agent
<stgraber> Jul 23 13:52:26 in-target:   postfix: Conflicts: mail-transport-agent
<lamont> stgraber: I wonder if LAMP is specifically depending on exim4?
<lamont> or is it just exim4|MTA?
<mdz> soren: I can't seem to get kvm to boot the desktop CD on intrepid - amd64 seems to fail to even start X, and i386 gets to X but never finishes logging in
<mdz> soren: are others experiencing similar problems?
<stgraber> I don't know but if it's exim4|MTA then the installer is doing the wrong choice :(
<stgraber> mdz: I have the same issue with amd64 but i386 works except that you don't get the mouse and have to do the install using only the keyboard
<soren> mdz: I sent a few patches to the kernel team that should fix it. I must admit I'm not sure what the status is.
<mdz> soren: is there a bug report I can watch?
<mdz> stgraber: I'll try i386 again and see if it's any different
<soren> I believe so. Hang on.
<soren> mdz: I thought I referenced it in my e-mail to the kernel-team, but I did not. It'll take me a bit longer to find it.
<mdz> soren: should it work if I go back to the hardy kernel?
<soren> mdz: Ironically, no. There's a bit of an ABI disconnect between the hardy kernel on the host side and Intrepid kernels on the guest side. I've not yet completely worked out how to fix that one with an Intrepid userspace.
<soren> It's fixed by a kvm userspace patch in hardy-proposed, but with Intrepid kvm userspace, and hardy kvm kernelspace... not so much.
<mdz> stgraber: i386 definitely doesn't work for me here
<soren> mdz: I need to wait for my desktop iso download to finish before I can tell you if it's the same issue. I have a meeting right now. I'll find the bug and get back to you when I'm done. Cool?
<soren> done with the download and the meeting, that is.
<mdz> soren: sure
<abwhostw> hi
<abwhostw> i want help
<abwhostw> I want make my pc serve
<abwhostw> any one can help me
<abwhostw> plz
<soren> helpfulness increases proportionally to quality of questions.
<soren> abwhostw: so if you ask a question, someone might be able to help you.
<abwhostw> ok  I want to make my pc as like server
<abwhostw> how
<darthmarth37|Wk> What sort of server?
<abwhostw> linux
<abwhostw> web hosting
<aljosa> i'm using gutsy and i can't execute "dpkg-reconfigure localeconf", how do i change locale on system level?
<abwhostw> ok
<abwhostw> no one want help me
<lukehasnoname> That's not a sentence.
<abwhostw> what
<lukehasnoname> Anyway, if you want to run a webserver from your linux DESKTOP without reinstalling, and run tasksel
<lukehasnoname> am I right? Is taskel in desktop?
<abwhostw> how
<abwhostw> taskel
<lukehasnoname> go to a terminal
<abwhostw> yeah
<abwhostw> sudo tasksel install lamp-server
<abwhostw> do mean to type that cmd
<lukehasnoname> something like that
<lukehasnoname> ya
<abwhostw> after that what i do
<lukehasnoname> the server should be running. Go to a web browser and type "localhost" in the address bar.
<lukehasnoname> If it's up, then you can go to /var/www/ and put your web files there
<abwhostw> It works!
<abwhostw> from  where I go to /var/www/
<lukehasnoname> what? /var/www/ is where all the web page files are saved
<abwhostw> ok
<abwhostw> from where can i get it
<lukehasnoname> I don't understand the question./
<abwhostw> u said
<abwhostw> web files
<abwhostw> u mean the web from another server
<abwhostw> when I type localhost on the web bar broswer it said to me it's work
<uvirtbot> New bug: #251160 in mysql-dfsg-5.0 (main) "Mythbuntu CC fails to shutdown MySQL when adding primary server role. " [Undecided,New] https://launchpad.net/bugs/251160
<lukehasnoname> abwhostw: You should google "LAMP" or check out exactly how a web server works
<abwhostw> ok
<abwhostw> ok
<abwhostw> I all ready didi
<lukehasnoname> I'm at work, so I can only point you in the right direction. I can't give you specific directions.
<abwhostw> ok
<abwhostw> like I all ready but the root password
<abwhostw> and like that
<abwhostw> but when I go to broswer bar type
<abwhostw> Localhost it's said it's work in index page
<abwhostw> that's only
<Deeps> look at the ubuntu server guide
<abwhostw> ok
<abwhostw> see when I put the password
<abwhostw> su -root is not wroking why
<Deeps> do sudo -s
<abwhostw> ok
<abwhostw> ok any one here
<abwhostw> tell me the exatly how to install lamp
<soren> You did that half an hour ago?
<soren> mdz: I see the bug now. It's different from the one I fixed the other day, though.
<abwhostw> yeah
<abwhostw> soren
<abwhostw> do u know
<abwhostw> about lamo
<abwhostw> lamp
<abwhostw> how to install without having a problem
<mdz> soren: which bug?
<mdz> abwhostw: try asking on http://tinyurl.com/59ldec if you need more detailed answers
<soren> mdz: I'm filing it now.
<soren> mdz: I'm filing it now.
<soren> Whoops
<soren> mdz: I meant that I'm experiencing the problem now too. I couldn't find a bug /report/ about it.
<abwhostw> why I cann't find
<abwhostw> Not Found
<abwhostw> The requested URL /~abwhostw was not found on this server.
<abwhostw> Apache/2.2.8 (Ubuntu) mod_ssl/2.2.8 OpenSSL/0.9.8g Server at localhost Port 80
<Deeps> a2enmod
<Deeps> enable userdir
<abwhostw> how to enable
<Deeps> man a2enmod
<abwhostw> Not Found
<abwhostw> The requested URL /~abwhostw was not found on this server.
<abwhostw> Apache/2.2.8 (Ubuntu) mod_ssl/2.2.8 OpenSSL/0.9.8g Server at localhost Port 80
<abwhostw> any one help me
<soren> type:
<soren> sudo a2enmod enable userdir
<abwhostw> sudo a2enmod enable userdir
<abwhostw> This module does not exist!
<soren> Er.. Sorry, I meant
<Deeps> heh, hense me telling him to read the man page, a2enmod / a2dismod, no need to specify the action as a perameter ;)
<soren> a2enmod userdir
<abwhostw> how to enable
<abwhostw> Module userdir installed; run /etc/init.d/apache2 force-reload to enable
<abwhostw> ok
<abwhostw> so where is the problem
<soren> What problem?
<abwhostw> the
<abwhostw> [11:21] <abwhostw> Module userdir installed; run /etc/init.d/apache2 force-reload to enable
<soren> How is that a problem? It's telling you that it has done what you asked it to. It then asks you to return the favour by running "sudo /etc/init.d/apache2 force-reload"
<abwhostw>  * Reloading web server config apache2                                   [ OK ]
<abwhostw> cool and after
<soren> Is that a question of some sort?
<soren> Or a statement?
<abwhostw> i don't nothing about linux that only but in windows i'm perfect on  it
<soren> I'm not sure how that answers my question.
<soren> What do you mean by "cool and after"?
<abwhostw>  * Reloading web server config apache2                                   [ OK ]
<abwhostw> after that
<soren> after that *what*?
<soren> What is your question?
<abwhostw> ~abwhostw/index.php
<abwhostw> how to make
<soren> If you expect people to spend time helping you, it's good manners to spend a bit of time working out what your question is.
<soren> You want to know how to make a PHP index file?
<abwhostw> yeah man
<abwhostw> I appericate ur time man
<soren> I recommend you find a book on PHP programming or perhaps a tutorial of some sort on the internet. It's a bit out of scope for this channel.
<abwhostw> ok no problem
<abwhostw> thx for ur time
<uvirtbot> New bug: #250998 in cyrus-sasl2 (main) "Unable to use saslauthd with postfix for smtp_auth" [Undecided,New] https://launchpad.net/bugs/250998
<lamont> yay.  another 'oh it's chrooted' bug, I bet
<psufan> how do I edit grub menu.lst so that certain kernel command line options *ALWAYS* are enabled even after kernel package updates etc
<psufan> and also that it is the *FIRST* thing on the command line since it doesn't seem to work later down the line
<soren> psufan: Add it to the kopt line
<soren> It's commented out with a single #.
<psufan> ok thx
<abwhostw> man help with this problem
<abwhostw> http://pastebin.ubuntu.com/29639/
<kirkland> mathiaz: howdy
<mathiaz> kirkland: hello !
<kirkland> mathiaz: got your email, did you get a chance to look at https://wiki.ubuntu.com/InitScriptStatusActions ?
<kirkland> mathiaz: a sanity check of the scripts, as I broke them down?
<mathiaz> kirkland: I'll review your list in a couple of minutes
<kirkland> mathiaz: cool, thanks.
<mathiaz> kirkland: your breakdown of the init scripts list looks good
<mathiaz> kirkland: I would remove the udev mention
<kirkland> mathiaz: k
<abwhostw> any one know how to config tha apache
<kirkland> mathiaz: you can edit it appropriately
<mathiaz> kirkland: if Scott said no, I wouldn't question that
<mathiaz> kirkland: ah ok
<mathiaz> kirkland: I'll edit the wiki page while you're writting up a blog post :)
<kirkland> mathiaz: k ;-)
<kirkland> mathiaz: i can do that today
<zul> hey kirkland
<kirkland> zul: howdy dude
<kees> kirkland: thanks for the security team roadmap updates!  I like it.  :)
<kirkland> kees: wow, fast reader ;-)
<kirkland> kees: my browser hasn't even stopped spinning from saving it
<kees> heh
<kirkland> *now* my browser thinks its done
<kirkland> kees: you might take a look at these slides, http://download.boulder.ibm.com/ibmdl/pub/software/dw/library/os-ltc-standards/LWE-Boston-06.pdf
<kirkland> kees: regarding certifications
<kirkland> kees: or, rather, file it away, and take a look at it if certifications come up again
 * kees nods
<kirkland> kees: btw...  i worked on the manpage repo a bit last night
<kirkland> kees: fixed almost everything we talked about
<kirkland> kees: save 2-3 little things
<kirkland> kees: i'm regenerating it now, with the new code
 * delcoyote hi
<gouki> Hi. Any recommendations for a ticketing service (if that's even a name)? Web-based, if possible.
<kees> kirkland: cool, I saw the email, excellent work.  :)
<kirkland> kees: what's next?
<kirkland> kees: I assume you'll want to review the diff
<kirkland> kees: then can I file the RT with IS?
<kees> kirkland: let me review the final work, and then we can poke IS
<kirkland> kees: okay, give me about 4 hours to do a complete run
<osmosis> I want to allow a user to  use  sftp (ssh)  to upload files, but I dont want them to see the rest of my file system. Not sure how to do this.
<mathiaz> soren: is that the place to your python-rewrite of ubuntu-vm-builder: https://code.launchpad.net/~ubuntu-virt/ubuntu-jeos/python-rewrite ?
<mathiaz> kirkland: I can see your draft post
<kirkland> mathiaz: can you review it for me?
<mathiaz> kirkland: It says that you're currently editing the post
<mathiaz> kirkland: do you have the editor open ?
<kirkland> mathiaz: try now
<mathiaz> kirkland: hm - the message is still there
<kirkland> mathiaz: i have closed all FF browser tabs to wordpress
<kirkland> mathiaz: do i need to press the publish button?
<mathiaz> kirkland: could set the state of the post to pending review ?
<kirkland> mathiaz: done
<mathiaz> kirkland: hm - I still get the warning message
<mathiaz> kirkland: could you try to publish it instead ?
<kirkland> mathiaz: done
<kirkland> mathiaz: and it's now the top post at http://ubuntuserver.wordpress.com/
<Koon> nealmcb1: hey
<Koon> nealmcb1: still at that enterprise management talk ?
<mathiaz> kirkland: meh - I've unpublished it
<kirkland> mathiaz: k
<mathiaz> kirkland: ok - the warning message is gone now
<mathiaz> kirkland: however, you should not be able to publish it
<mathiaz> kirkland: I will update the post now
<kirkland> k
<osmosis> how do I do a chroot ?
<Koon> nealmcb1: I've sent a question by mail, ask it if you have the opportunity (and Rick is not already in the room asking it)
<nealmcb1> Koon: sorry - that one is over now, but I'll send you the email addr for the guy that did the ws-management/wbem/cim stuff and http://en.oreilly.com/oscon2008/public/schedule/detail/4758
<Koon> nealmcb1: ok - it was interesting .
<Koon> ?
<nealmcb1> (via email)
 * nealmcb1 is in another session now
<mathiaz> kirkland: I've made some modification to the post - let me know what you think about it
 * kirkland looks
<kirkland> mathiaz: i fixed one grammatical error
<kirkland> mathiaz: other than that, i'm okay with it
<mathiaz> kirkland: great
<kirkland> mathiaz: I'm pulling a few changes from ecryptfs upstream and creating a debdiff
<kirkland> mathiaz: as soon as that makes it into intrepid, i'll finish the ecryptfs blog post
<mathiaz> kirkland: I've changed your role to be an contributor - could you check if you can publish your post ?
<kirkland> mathiaz: i cannot...  instead of a publish button, i have a "submit for review" button
<kirkland> mathiaz: which i just pushed
<mathiaz> kirkland: awesome !
<mathiaz> kirkland: the post will be published tomorrow
<kirkland> mathiaz: cool, thanks.
<mathiaz> kirkland: can you see the date and state of the post in your view ?
<kirkland> mathiaz: 24 hours from now  	Adding a status action to init scripts
<kirkland> mathiaz: shows up in a "Scheduled (1)"  view
<mathiaz> kirkland: great
<mathiaz> kirkland: it seems that the workflow works well :)
<kirkland> mathiaz: yup ;-)
<mathiaz> kirkland: now you can write your ecryptfs blog post and I'll review it :D
<kirkland> mathiaz: true, however, I have written about a dozen manpages that I want in the Intrepid package
<kirkland> mathiaz: and 3 utilities have changed names
<kirkland> mathiaz: from ecryptfs-setup-confidential to ecryptfs-setup-private
<duiu> I'm configuring my iptables firewall, does anyone know if IPP/CUPS uses udp or tcp packets? I know this isn't the best question for this channel, but CUPS is poorly documented.
<mathiaz> kirkland: ahh... man pages - that's awesome :)
<kirkland> mathiaz: true dat yo
<kirkland> mathiaz: made good use of my 3 hours on the plane on Monday, without internet connectivity
<kirkland> mathiaz: and wrote 12 manpages ;-)
<mathiaz> kirkland: well - at least you have a baterry that last 3 hours
<jdstrand> duiu: both
<uvirtbot> New bug: #235560 in samba (main) "Connect to smb server by name doesn't work, but by IP address does" [Medium,Confirmed] https://launchpad.net/bugs/235560
<duiu> jdstrand: thanks a ton, I've been searching for a while :)
<jdstrand> duiu: IIRC one is for browsing and the other for printing
<duiu> jdstrand: ah, makes sense
<kirkland> mathiaz: it's all about cpu frequency scaling ;-)
<mathiaz> sommer: is the version of the server guide on doc.ubuntu.com the latest that is available from the bzr repository ?
<kirkland> mathiaz: 5400rpm hard drive helps too
<jdstrand> kirkland: ha!
<kirkland> jdstrand: ha, you don't believe me?
<jdstrand> kirkland: no-- I most certainly do-- it's kees who has other opinions
<kirkland> jdstrand: oh yeah :-)
<duiu> While I'm asking port questions, what port does "ping" use? And is it the same in both windows and linux?
<jdstrand> duiu: not a port, but an icmp type
<jdstrand> duiu: what version of ubuntu are you using?
<duiu> 8.04
<jdstrand> duiu: have you tried ufw?
<duiu> no
<jdstrand> !firewall
<ubottu> Ubuntu, like any other linux distribution, has firewall capabilities built-in. The firewall is managed using the 'iptables' command (see https://help.ubuntu.com/community/IptablesHowTo), or GUI applications such as Firestarter (Gnome) or Guarddog (KDE).
<jdstrand> !ufw
<ubottu> Sorry, I don't know anything about ufw
<jdstrand> hmm, didn't get updated yet
<duiu> ah, pings not that important
<duiu> oops
<jdstrand> duiu: https://help.ubuntu.com/8.04/serverguide/C/firewall.html
<duiu> ah whatever, pings not that important on my network
<duiu> thanks
<sommer> mathiaz: no that's from hardy... I don't think it's been updated since the release
<kees> jdstrand, kirkland: while not being entirely direct, here's some details from the slides I saw: http://www.lesswatts.org/projects/applications-power-management/race-to-idle.php
<jdstrand> duiu: basically, assuming the machine in question can send anything out, you just need to run on it 'iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT'
<jdstrand> duiu: but ufw takes care of all that for you
<afief_> there seems to be no mentioning of anything other than loopback in my /etc/network/interfaces, where is the configuration for the rest of the stuff?
<duiu> thanks again, jdstrand
<mathiaz> sommer: meh - slangasek asked me how he could review the samba section of the server guide
<mathiaz> sommer: I've pointed him to http://doc.ubuntu.com/ubuntu/serverguide/C/
<sommer> mathiaz: ya, I emailed mdke about it this morning... haven't heard back yet
<sommer> mathiaz: maybe by this evening
<sommer> but if someone else has access...
<mathiaz> sommer: do you think that we can ask potential reviewers to review directly from the bzr branch ?
<mathiaz> sommer: or we should point them to doc.ubuntu.com ?
<sommer> mathiaz: doc.ubuntu.com would be a lot easier, but I've also emailed the xml files to reviewers
<jdstrand> kees: I don't doubt you have support for your 'theory' ;P -- I've just witnessed longer battery life on my laptop at slower speeds.
<kirkland> kees: interesting.....
<sommer> mathiaz: plus I think the main purpose of doc.u.c is reviewing
<mathiaz> sommer: right - but reviewing means you'd expect people to send comments
<mathiaz> sommer: what I found annoying is to get review email that lists spelling mistake
<kees> jdstrand: yeah, I think it's only a valid argument when a machine is running tickless, with good timers, and modern CPU.
<mathiaz> sommer: submitting a branch would make more sense IMO
<jdstrand> kees: nice dig at my laptop :)
<sommer> mathiaz: where would you submit the branch to?
<sommer> mathiaz: the doc ml?
<kees> jdstrand: hah, actually, I meant to dig at mine.  :P
<kees> jdstrand: at least I have tickless care of Hardy.
<kees> jdstrand: but my CPU is crap, and both my video and my wireless wreck the timers.
<jdstrand> it's probably similar here
<afief_> My server suddenly won't connect to the network anymore, and /etc/netowrk/interfaces contains no info about eth1 or anything like that... could someone help me?
<levander> Is there any way to edit a bug report on Launchpad?
<uvirtbot> New bug: #251299 in squid (main) "squid init script status action" [Wishlist,In progress] https://launchpad.net/bugs/251299
<soren> mathiaz: Yes, that's the right URL for the new code.
<maw_> after completing a "sudo apt-get dist-upgrade" how does one know if a reboot is necessary to apply the patches?
<maw_> with gui ubuntu, usually a icon appears in systray advising a reboot is needed
<Deeps> good question
<mathiaz> maw_: was the kernel updated ? if yes, you need to reboot - if no, you don't have to
<maw_> I could just reboot out of superstition... but many times one can be avoided
<maw_> mathiaz: ya that has been my rule of thumb
<Deeps> there's no 'easy' 'friendly' mechanism in the cli though, is there?
<kees> anyone that runs DNS server, make sure you and your ISP have updated your DNS software.  The DNS spoofing exploit is now in the wild.
<maw_> I patched everything last night
<maw_> could call ISP.. will they listen if they haven't patched?
<kees> dunno.  I still see that comcast is vulnerable:
<kees> dig @68.87.69.146 +short porttest.dns-oarc.net TXT
<kees> z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
<kees> "68.87.69.147 is POOR: 26 queries in 0.7 seconds from 24 ports with std dev 328.32"
<kees> though I'm not sure if porttest.dns-oarc.net is a full test.
<maw_> is that basically the problem... submit a query with many sub domains?
<infinity> kees: Hrm.  Can you renew my ubuntu-server membership?
<infinity> kees: Just cleaning up old mail, and I realised it's lapsed.
<kees> infinity: sure, one moment
<kees> infinity: done
<infinity> kees: Danke.
<bitsbam> hey there all
<bitsbam> I am running an email server, i also run a script in python that every 3 minutes checks my new mail and processes any mail there. These emails are generated from industrial equipment, and i process the data as it comes in.
<bitsbam> my question is, when i pull all the email from my inbox,
<bitsbam> what order is it in?
<bitsbam> first in first out?
#ubuntu-server 2008-07-24
<hads> bitsbam: That would depend on the POP/IMAP server. I'm not sure if they would have a defined order though they may.
<hads> At a guess you'd probably either need to read the source of the particular server of test it and see to find out.
<bitsbam> we are running a pop server. now if i make a request to fetch all unread emails, they come in order that they hit the server?
<bitsbam> yeah
<bitsbam> is cool
<bitsbam> thans
<hads> You'd think it would be FIFO but I guess that depends on the POP server.
<bitsbam> yeah, i am reading the site docs for our pop server now.
<bitsbam> will let you know
<mathiaz> sommer: I've written some instructions about updating the Ubuntu Server Guide : https://wiki.ubuntu.com/ServerTeam/KnowledgeBase#serverguide
<mathiaz> sommer: let me know what you think about it
<kirkland> mathiaz: hey, i did a few more init script patches
<kirkland> mathiaz: the list is up to date on https://wiki.ubuntu.com/InitScriptStatusActions
<kirkland> mathiaz: any of those you'd like to review/sponsor?  :-)
<mathiaz> kirkland: noticed a couple of bugs you've filed coming in :)
<kirkland> mathiaz: yessir
<mathiaz> kirkland: will take a look at it - but we have to wait until alpha3 is out as we're in a soft freeze for the archive for now
<kirkland> mathiaz: i understand that
<kirkland> mathiaz: i decided to go ahead and do the services that i personally run and want status on :-)
<kirkland> mathiaz: and the ones in universe are not frozen, right?
<mathiaz> kirkland: nope - universe is open for business
<mathiaz> kirkland: the soft freeze only applies to packages that are included on cds
<kirkland> mathiaz: right
<kirkland> mathiaz: can MOTU upload to multiverse?
<mathiaz> kirkland: yes
<kirkland> mathiaz: ie, who do I subscribe to a patch against a multiverse package?
<kirkland> ubuntu-universe-sponsors?
<mathiaz> kirkland: multiverse is the same thing as restricted for main
<mathiaz> kirkland: correct - ubuntu-universe-sponsors is the correct team to subscribe
<kirkland> mathiaz: perfect
<uvirtbot> New bug: #231882 in openldap (main) "slapd syncrepl from 2.3 to 2.4 fails" [Undecided,New] https://launchpad.net/bugs/231882
<sommer> mathiaz: awesome, the page looks good to me
<sommer> mathiaz: I really need to learn some more bzr... I didn't know you can use it to send emails, that's really cool
<mathiaz> sommer: yes - and the good part is that you don't an LP account to do so
<mathiaz> sommer: you can even the email adress to send merge request to in the public branch
<mathiaz> sommer: so the last step can be reduced to : bzr send
<sommer> cool, the doc team really isn't using bzr to it's fullest potential :-)
<sommer> but then again there aren't that many commits
<sommer> it would be better if there were though, heh
<RoAkSoAx> kirkland, ping
<unewbie> has anyone copy DVD repo to HDD?
<kraut> moin
<unewbie> has anyone copy DVD repo to HDD?
<afief> How can I configure NetworkManager to work on a static IP?
<uvirtbot> New bug: #251433 in postfix (main) "dpkg-reconfigure postfix partly broken" [Undecided,New] https://launchpad.net/bugs/251433
<uvirtbot> New bug: #251469 in samba (main) "samba nightmare" [Undecided,New] https://launchpad.net/bugs/251469
<sommer> morning all
<frippz> is there anyone else who suddenly has gotten into permission problems with apache after the latest update?
<frippz> all my websites that uses password protection suddenly spits out "Permission denied: Could not open password file"
<sommer> frippz: I haven't noticed any issues... are the permissions on the password files correct?
<frippz> sommer: they haven't changed. everything worked just fine this morning. the after the latest Ubuntu Security Notice, I ran a safe-upgrade with aptitude
<sommer> frippz: have you restarted apache?  also is "Permission denied: Could not open password file" that from the apache log or a prompt?
<sommer> frippz: apache should be restarted with the update but...
<frippz> sommer: yes, I have restarted apache and the error message is from one of the website logs
<frippz> actually, any website that uses password protection would be spitting this out in the log
<frippz> it would take a tremendous amount of time to track down what has changed, so I was hoping that someone here would be familiar with the situation
<sommer> frippz: someone else may know, but I haven't heard of a similar issue
<sommer> frippz: what are the permissions of the password files?
<frippz> sommer: they are owned by a regular user and have permissions 644
<frippz> the folders containing them has permission 755
<sommer> frippz: I'd try changing the ownership to www-data user, at least for a test
<frippz> sommer: wow, I really hope I don't have to move all those files to another place where www-data can access them. we're talking about over 50 websites :/
<frippz> but I will give this a try
<frippz> oh, I see the problem now
<frippz> for some reason the regular users home folder has gotten a permission setting of 700
<sommer> frippz: heh, that'd probably cause an issue :)
<frippz> yes, since both the password files and the document roots reside in there, that was the whole cause :D
<sommer> party!
<frippz> I really need my vacation now...
<lukehasnoname> sudo chmod -R 777 /
<frippz> lukehasnoname: a windows user would solve the issue that way :P
<lukehasnoname> true.
<lukehasnoname> http://www.iht.com/articles/ap/2008/07/24/america/Road-Rage-Killing.php
<lukehasnoname> I know it's off topic, just think about it.
<gouki> Does anyone know of a solution like MS Terminal Server, but for Ubuntu?
<lukehasnoname> LTSP
<lukehasnoname> ?
<lukehasnoname> Looks like Terminal server is MS's version of thin clients
<gouki> lukehasnoname, I have no idea. I never worked with Terminal Server. But a friend of mine just asked me if there is an alternative to MS TS for ~10 users (on a MS Windows) network.
<lukehasnoname> I know nothing about MS TS either, I just googled it
 * gouki does the same
<soren> mdz: The bug from yesterday, by the way: https://bugs.edge.launchpad.net/ubuntu/+source/kvm/+bug/251480
<uvirtbot> Launchpad bug 251480 in kvm "X hangs in Intrepid in KVM" [High,Confirmed]
<soren> mathiaz: Hi!
<soren> mathiaz: I figured out why you couldn't use virtio in the installer. The virtio_pci and virtio_ring drivers have been moved to different udeb's and are not available by default in the installer. I'm trying to get it worked uot.
<mathiaz> soren: great - I guess it won't be fixed for alpha3 then
<soren> Unlikely.
<leucos> anyone has done tests with the bind9 update to verify that VU#800113 is fixed ? (https://www.kb.cert.org/CERT_WEB\services\vul-notes.nsf/id/800113)
<leucos> I did, and it seems that port randomization is not working
<leucos> if anyone can confirm this (I've found a workaroud with iptables though)
<soren> leucos: Tell me about this workaround. It sounds fascinating.
<leucos> see http://cipherdyne.org/blog/2008/07/mitigating-dns-cache-poisoning-attacks-with-iptables.html
<soren> I'm not convinced that'll work.
<leucos> it seems to work
<leucos> tcpdump output says so
<leucos> while without it, the sourport for queries never changes
<leucos> source port*
<soren> I don't see how iptables can know when it's ok to change it and when it's not.
<leucos> it does it for all traffic
<soren> these are UDP connetions. They have no state.
<soren> So how does iptables know that a given packet is part of a new DNS request?
<leucos> conntrack
<leucos> but as the guys says on his site
<soren> conntrack inspects dns requests?
<leucos> mmmm, dunno, but I don't think so
<soren> Then it can't know.
<leucos> src ip/port/dst port/dst ip + timing
<soren> ..and then it can't randomize the source port without risking breaking connections.
<soren> So what if the "timing" thing changes in between your sending your request and the server responding?
<leucos> it times out conntrack entries
<ScottK> Depending on timing in UDP replies seems pretty broken by design.
<ScottK> Particularly in DNS where some legit servers can be REALLY slow.
<leucos> yeah but timings are pretty long
<ScottK> How long?
<soren> leucos: I don't know how long UDP "connections" live in iptables' conntrack, but I doubt it's less than a few minutes.
<leucos> this is why for some entrys with the same key you'll get the same source port for 30 seconds
<leucos> but for the bind9 problem, anyone checked port randomization in the update ?
<soren> This might be sufficient, though. I don't know the details of the vulnerability.
<leucos> since the fix is released for the DNS flaw reported by Kaminsky, I'm surprised that PR doesn't work
<leucos> soren: the timing things and mitigation solution requires some indepth analysis that I am not really able to produce as of now :p
<kees> soren: the attack is generating queries that result in an NXDOMAIN reply, and then racing those replies with additional RRs for the same domain.  It only really takes a few thousand packets.
<kees> since it's an NXDOMAIN, there's no upper limit to the attempts.  and as soon as one wins, the extra RRs are added to the local cache.
<kees> (since the domain matches)
<soren> kees: How is the source port of any significance?
<kees> soren: by randomizing src port, the race becomes several orders of magnitude more difficult to win.
<leucos> it's harder to spoof replies
<soren> kees: Um... /me doesn't get it
<kees> without src port randomization, you just send 1000 packets with guessed TXIDs for each request that you make.
<soren> kees: I send out a request to my ISP's nameserver..
<ScottK> kees: Do you have a recommendation on a Python native source of randomization that would be sufficient for that?
<kees> ScottK: I don't -- I haven't looked closedly at how python handles it.
<soren> kees: Er.. No, I can't even finish my sentence. :)
<ScottK> kees: OK.
<kees> soren: here's the attack:
<kees> while not winnar:
<leucos> guys, ty for listening, gtg
<kees>   send request for a12345.cnn.com to a recurssive name server
<kees>   send 1000 forged replies that contain NXDOMAIN as the answer plus additional RR for www.cnn.com at 1.3.3.7
<kees> next time through, request a123456, then 7, 8, 9, etc
<kees> keep cycling until you win the txid guessing game.
<kees> when you win the race, the name server will also add your additional RR to it's cache, overwritting prior information.
<soren> So even though the responses come from me, the recursive nameserver accepts them as coming from its "upstream"?
 * delcoyote hi
<kees> well, that's just a matter of sending the right UDP packets with a matching TXID.
<kees> it has no idea where the packet actually came from.
<soren> Hmm.. Right, I suppose it is.
<kees> and the only thing (prior to srcport randomization) protecting the communication is the txid.
<soren> Right. This seems very simple. I'm surprised noone thought of it.
<kees> if you wanted to be really slow, you just hold your txid at a single value and wait for the 16 bits to run out.  ;)
<soren> ..until now.
 * kees nods
<kees> no one was thinking about the additional RR part, and no one was thinking about NXDOMAIN replies.
<soren> Ok, so again... I don't think I get the significance of the source port.
<soren> Are we changing from a static to a random souce port, or from a predictabe to a random source port?
<soren> predictable, even.
<soren> kees: ^ ?
<soren> Tjah..
<soren> Whoops
<kees> soren: changing from static to random.
<kees> without the correct srcport, the UDP packet will just be ignored.
<soren> Sure, sure.
<soren> I just thought the source port changed now, but according to what the kernel hands you (which is usually use previously_handed_out_portnr+1).
<soren> and you just kept firing until you were lucky enough to hit it.
<soren> If that was the case, I just wanted to hit someone over the head with my "Statistics and probability theory" book :)
<kees> they were basically static in most implementations.
<soren> Lovely.
<soren> --
<kees> as soon as it's random, we can hit them with your book.  :)
 * soren calls it a day
<soren> Bye all.
<ScottK> My question still is how random is random enough?
<heno> soren: could you look at bug 251473 ? It's making CD testing difficult
<uvirtbot> Launchpad bug 251473 in qemu "Mouse stuck in lower right corner in Intrepid installs in qemu on hardy" [Undecided,Confirmed] https://launchpad.net/bugs/251473
<ScottK> lamont: Do you have an opinion on "How random is random enough" for the DNS cache poisoning attack?
<lamont> ScottK: I know what the patch did for bind9
<lamont> in terms of what algo they switched to
<fujin> cripes it's hard to get an answer in #ubuntu. I've got an Edgy server which I need to upgrade, preferably to LTS. do-release-upgrade won't take me to feisty
<lamont> rather, that's clear from the source - dunno off the top of my head
<fujin> as the feisty source appears dead, too
<lamont> fujin: sure it will.
<lamont> you just have to beat it hard
<fujin> oh?
<ScottK> fujin: With the exception of when software RAID was involved, I've never had manually changing sources.list to the next release and then apt-get update && apt-get dist-upgrade cause any problems.
<ScottK> It's totally unsupported however.
<fujin> mm, was hoping to avoid that
<fujin> ScottK: it's also worth nothign that the Edgy /and/ Feisty apt sources are dead now
<ScottK> Feisty should still be fine.
<lamont> 1) with old-releases.ubuntu.com in sources.list, wait until it asks you the question about "couldn't find any mirrors, do you want me to pretend yours are real?", then switch to another window and point sources.list at archive.u.c
<fujin> getting a 404
<fujin> because do-release-upgrade wants to munge my sources.list and puts in the default feisty ones, instead of old-releases feisty ones
 * lamont sees feisty on archive.u.c
<lamont> and I expect to keep seeing them until october
<fujin> lamont: http://pastie.org/240537
<lamont> right.  that's the point where you go change old-releases.u.c -> archive.u.c in sources.list in another window
<fujin> ah.
<kirkland> mathiaz: looks like we got an init script volunteer :-)  RoAkSoAx patched gdm
<lamont> and before you run do-r-u, you make it be old-releases.u.c edgy
<fujin> sorry, missed the "do that manually" step
<fujin> thanks
<fujin> that's pretty magical
<fujin> god damn the previous sysadmin
<fujin> installing point releases on boxes that should have lts
<RoAkSoAx> kirkland, yes indeed!! my first contribution for the Server Team :)
<RoAkSoAx> s/for/to
<fujin> lamont: thanks a bunch dude, got it upgradin'
<mathiaz> well - gdm is not really used on server....
 * mathiaz is picky
<mathiaz> RoAkSoAx: thanks for the help ! :)
<kirkland> mathiaz: true, but the patch looks good, and is useful, though not a server package
<RoAkSoAx> mathiaz, yeah i know is not used in server... but at least i've found something where i can contribute with th server team
<kirkland> RoAkSoAx: right, fixing these init scripts is a Server Team initiative
<kirkland> RoAkSoAx: perhaps you can ask mathiaz to choose his favorite server init script from the wiki page, and you can work on that one next?
<RoAkSoAx> sure
<RoAkSoAx> since i just started my MOTU Mentoring process is good to have easy things to do :)
<mathiaz> RoAkSoAx: any init script will do - server or not ;)
<RoAkSoAx> mathiaz, i'm already working on openvpn :)
<RoAkSoAx> kirkland, got one question, openvpn seems to create multiple pid files for each VPN. Should the status action be added for each VPN or just to know if the service is running?
<kirkland> RoAkSoAx: good question
<kirkland> i wonder if anyone here is an openvpn expert....
 * kirkland pulls the source
<mathiaz> IIRC there will be multiple openvpn daemons for each config
<mathiaz> but the init script supports starting multiple daemons
<mathiaz> since the init script is supposed to start multiple services, using status should report if all of the daemons are running
<kirkland> RoAkSoAx: right, i suggest looping over the set of pid's
<RoAkSoAx> ok cool, will do :)
<kirkland> RoAkSoAx: elsewhere in that init script, there's a loop over all pids
<RoAkSoAx> kirkland, yeah, i was thinking to do something similar to this: http://pastebin.ubuntu.com/30066/ but i'll have to set a couple of configs and try it out
<kirkland> RoAkSoAx: consider something more like http://pastebin.ubuntu.com/30067/
<kirkland> RoAkSoAx: 2 changes....
<kirkland> RoAkSoAx: awk instead of cut
<kirkland> RoAkSoAx: and, more importantly, set status=$? if the return is not 0
<kirkland> such that you continue over all pids
<kirkland> and not exit immediately
<nhandler> I am interested in helping to add a status functino to init scripts. Is there an updated list that shows what packages still need this function added? I know there is a wiki page as well as a LP bug. But I don't know which of these I should be looking at
<kirkland> nhandler: the wiki page
<kirkland> https://wiki.ubuntu.com/InitScriptStatusActions
<RoAkSoAx> nhandler, https://wiki.ubuntu.com/InitScriptStatusActions
<RoAkSoAx> kirkland, ok will do thanks :)
<RoAkSoAx> kirkland, one more question (i'm also working on dhcdbd) and i was wondering why it shows the open: Permission denied: http://pastebin.ubuntu.com/30071/ (of course it doesn't when using sudo)
<kirkland> RoAkSoAx: I've seen this in several places
<nhandler> When running the tests on the wiki page, after we run the 'sudo sh debian/FOO.init start' (replacing FOO.init with the actual file) script, shouldn't the status action return 1?
<kirkland> RoAkSoAx: elsewhere in the init script a file is being read that the current user doesn't have permission to read
<kirkland> let me grab the source...
<RoAkSoAx> kirkland, becuase, i believe this also happens with openssh-server (im doing it on intrepid alpha2) downloaded openssh-server source and tried it.. and it shows that aswell
<kirkland> yes
<kirkland> RoAkSoAx: ah, it has to do with permissions on the pidfile
<RoAkSoAx> kirkland, so i just don't pay attention to it
<RoAkSoAx> ?
<kirkland> RoAkSoAx: you can use "sh -x" when testing
<kirkland> RoAkSoAx: that'll print every line to the screen as it executes, in a debug mode
<kirkland> RoAkSoAx: yes, non-root users will just have to cope with the error message
<RoAkSoAx> kirkland, ok cool, I was just intrigued by that :)
<kirkland> RoAkSoAx: it's a good question
<kirkland> RoAkSoAx: and it would be nice if we could silence it
<RoAkSoAx> kirkland, yeah, but we will limit the status action only for root users... right?
<kirkland> i disagree.... i think anyone should be able to check the status of a service
<kirkland> they just might have to endure other messages related to their not being root :-)
<kirkland> RoAkSoAx: ultimately, status is just a really clean way of ps -ef | grep FOO
<RoAkSoAx> kirkland, yes indeed, but may be kinda annoying having that message all the time... I wouldn't be surprised if someone files a bug related to that
<RoAkSoAx> :)
<kirkland> RoAkSoAx: actually, i'm seeing the bug right now....
<kirkland> it's in /etc/lsb-base-logging.sh
<uvirtbot> New bug: #251620 in openssh (main) "openssh-server is unable to receive connections on some ports" [Undecided,New] https://launchpad.net/bugs/251620
<nhandler> Could someone review this patch for brltty? I want to make sure I am actually patching this before I upload it to LP. Here is my debdiff: http://paste.ubuntu.com/30075/
<kirkland> nhandler: why the Standards-Version: 3.8.0 bump?
<nhandler> kirkland, Because 3.7.3 is outdated. Since we are already making a change to the package, I've been told we should bump the standards-version
<kirkland> nhandler: interesting, okay, that's news to me
<mathiaz> nhandler: did you check that the package complies to the 3.8.0 policy ?
<ScottK> nhandler and kirkland: Only bump the standards version if you comply with the newer version of the policy.
<nhandler> ScottK: By any chance do you have a list of changes between 3.7.3 and 3.8.0?
<mathiaz> nhandler: ie that all changes that have been added in 3.8.0 version of the policy have been implemented in the package ?
<mathiaz> nhandler: it's in the changelog usually
<ScottK> The biggest one is the requirement for README.source in most cases if you've patched the upstream code.
<kirkland> nhandler: fwiw, your patch looks good, minus the standards version bit.  i'll let ScottK and mathiaz advise you on that one...
<nhandler> kirkland: Could you maybe explain what the tests on the wiki page are meant to output?
<nhandler> ScottK: By that, do you mean that the source package must provide a readme?
<kirkland> nhandler: one sec, i'll add them to the wiki page
<nhandler> Thanks kirkland
<ScottK> In most cases if there's a patch system in use, but read Debian Policy for details.
<RoAkSoAx> kirkland, could you please take a look at: https://bugs.launchpad.net/ubuntu/+source/dhcdbd/+bug/251624 ? thanks! :)
<uvirtbot> Launchpad bug 251624 in dhcdbd "dhcdbd init script should support the 'status' action" [Undecided,Confirmed]
<mathiaz> nhandler: http://lists.debian.org/debian-devel-announce/2008/06/msg00001.html - for an overview of the changes in 3.8.0
<mathiaz> nhandler: there is also a upgrading-checklist.txt.gz file in the debian-policy package
<nhandler> Thanks a lot mathiaz. After reading through the changes, it looks to me like this package complies with the 3.8.0 policy.
<kirkland> nhandler: done.  refresh that wiki page
<nhandler> Well, I guess I did something wrong. I get no output when I run the start/stop commands. When I run 'sh debian/FOO.init status; echo $?', I get '0' as output
<RoAkSoAx> nhandler, change FOO.init with the app init script name
<nhandler> I did RoAkSoAx
<kirkland> RoAkSoAx: btw, I have a fix for the open: error
<kirkland> RoAkSoAx: it's in lsb
<kirkland> RoAkSoAx: I'll file a bug and try to get it accepted
<RoAkSoAx> kirkland, ok cool :) so no more annoying open: error :D
<kirkland> nah, we'll get it fixed ;-)
<RoAkSoAx> kirkland, i just suscribed dhcdbd to you and ubuntu-main-sponsors and updated the wikipage aswell. I'll work on openvpn later on.. now i gtg.. Thanks for your help :)
<kirkland> RoAkSoAx: cool, thanks!
<uvirtbot> New bug: #251625 in php5 (main) "PHP5-CLI doesn't print floats properly" [Undecided,New] https://launchpad.net/bugs/251625
<RoAkSoAx> np, I'm glad i finally had the change to contribute with the Server Team :)
<RoAkSoAx> later
<nhandler> So, any ideas why the tests are failing for me?
<n-iCe> hello, I am installing ubuntu server, is there anyway to protect a ssh login? I mean to add the userlogin in a group and give him just access in one directory?
<n-iCe> I don't want them to surf in the whole system
<n-iCe> nobody?
<ScottK> n-iCe: The short anwser to your question is yes.  The long answer of how, I don't have time to answer (and I'd have to research it in any case).
<Kirill> I need to connect two locked down offices with Ubuntu servers through a Wide Area Network and allow file sharing -> Any ideas?
<gouki> Kirill, VPN
<Kirill> gouki -> Can you be on multiple VPNs at once?
<gouki> Kirill, yes
<n-iCe> ScottK: or any tutorial, or name, something? :D
<Kirill> gouki -> Thank you, I'll go read up on that :)
<ScottK> n-iCe: No.  Sorry.  I just know something like that can be done.
<n-iCe> ScottK:  ok
<n-iCe> thanks
<gouki> Kirill, check openvpn
<nhandler> Should I just upload the debdiff (http://paste.ubuntu.com/30075/) even if I can't get the tests to produce output?
<Kirill> gouki -> Hmm, Vista support included with that one. That's +1 to Ubuntu vs. Windows SBS in the proposal
<gouki> Kirill, that's good. Never worked with SBS though, even though I heard good things about it.
<Kirill> gouki -> Can't live without Exchange and I can't get a good argument to try and use Linux alternatives for clients
<gouki> Kirill, haven't used Exchange in 3 or 4 years. As for the clients, try 'money'. Licenses + DRM seems like a good argument.
<Kirill> gouki -> That's always part of it but most Exchange alternatives aren't free and fall short in terms of functionality. Things like BlackBerry support for Linux (lack thereof) is also a deciding factor.
<Kirill> BlackBerry Server*
<gouki> Kirill, I understand
<gouki> I never had specific needs that free software or open source couldn't fix.
<Kirill> gouki -> I hope to be at that point one day (where I have a good list of polished open-source alternatives)
<uvirtbot> New bug: #251632 in dhcp3 (main) "DHCP client should not create temporary files in /etc" [Undecided,New] https://launchpad.net/bugs/251632
<tacone> hello, I have some question about best practices in ssh automating.
<tacone> I am writing a program to automatically connect to an ssh server. would be acceptable, under the security profile, to generate a certificate to avoid password request when making the ssh connection ?
<soren> ScottK: From what I understand about the vulnerability, almost *any* amount of randomness is fine. As long as it's not static, I think you'll be fine.
<uvirtbot> New bug: #251641 in openvpn (universe) "openvpn init script lacks the 'status' action  [edit]   " [Undecided,In progress] https://launchpad.net/bugs/251641
<ScottK> soren: Thanks.
<Kirill> is it a good idea to have a firewall between a Ubuntu server and the open Internet?
<Kirill> or can I just use the firewall in Ubuntu?
<hads> Kirill: Yes it's a good idea to have a firewall but what's built in (IPTables) will do fine.
<n-iCe> can anyone help me wih chroot?
#ubuntu-server 2008-07-25
<nhandler> The openvpn package looks like it supports multiple .pid files in the init.d script. What should I do for the status action?
<ppires> hi :-)
<ppires> anyone around supporting Glassfish adoption?
<Kirill> Gah!! Why doesn't DELL offer Ubuntu to come pre-installed on their intro level workstations?!!!!
<ppires> Kirill: as long as they don't try to force you to pay for windows it's ok
<Kirill> ppires: they do though, I HAVE to go with Vista
<ppires> no you don't
<ppires> just recline to the EULA
<Kirill> ppires: Don't I do that when I've already received the computer?
<ppires> afaik no. only when u accept the license the first time u use it
<n-iCe> hi
<n-iCe> anyone knows how to use chroot?
<ppires> n-iCe: just call chroot on your console
<Kirill> ppires: that would only work if I recline to the EULA WHILE the order is being processed. Hmm. That's a good idea though
<ppires> i don't know how dell does that, but it shouldn't be the way you're describing
<n-iCe> I want to jail, some groups users, with ssh access ppires
<Kirill> I just signed up for a corporate account with them, guess I'll hit it up with a rep when I get a buzz tomorrow
<ppires> n-iCe: check this out http://ubuntuforums.org/showthread.php?t=248724
<n-iCe> thanks
<ppires> n-iCe: i would recommend you to read the whole thread. it's small :-)
<n-iCe_> ppires: ok im checking, thanks!
<n-iCe_> ppires: have you configured one before?
<ppires> just tried it with a friend
<ppires> no actual use
<Kirill> has anybody had any good/bad experiences with SonicWall?
<kirkland> nhandler: fyi...  bluetooth is going to be a little bit complicated
<Kirill> Okay then, ubuntu server vs sonicwall for VPN and firewall. Any takers?
<nhandler> kirkland What do you mean?
<solexious> [Q] Why do I get "The following packages have been kept back:" when doing an apt-get upgrade?
<ScottK-laptop> solexious: [A] Because apt thinks it needs to add or remove a package and it won't do that on upgrade.
<ScottK-laptop> solexious: Try apt-get dist-upgrade.
<solexious> <ScottK-laptop> ty
<ScottK-laptop> solexious: You're welcome.
<dav123192> I am working on configuring the netfilter firewall via iptables. As far as I can tell, I enabled the correct ports for SAMBA, CUPS, SSH, and going out on HTTP(S) and FTP, as well as DNS in and out (not running a dns server though). Now for somereason I can only acces my server via IP address instead of hostname (mainhub). Any suggestions why? Output of iptables-save is at http://paste.ubuntu.com/3
<dav123192> 0194/
<dav123192> http://paste.ubuntu.com/30194/ - Link got cut
<jonesy> :-D
 * jonesy is at oscon, where he found out about this chan
<soren> jonesy: Yes, this is indeed where all the cool kids hang out :)
<jonesy> :)
<jonesy> I've honestly never even deployed an ubuntu server, but have been doing admin-ish work for 10+ years, almost all with various linux distributions.
<jonesy> I've used Ubuntu on the desktop on and off since inception.
<soren> Well, if you've worked with Debian, you should feel right at home on Ubuntu as well.
<jonesy> yup. I've done some debian, but to be honest I didn't like it much. However, the difference with Ubuntu is that they seem to make it really easy to get started with contributing and eventually perhaps fixing/improving things.
<soren> We like to think so :)
<jonesy> I'm hoping I might start with the installer-related issues I've heard about at this conference. It seems there's some schizophrenia about kickstart/preseed/kickseed/etc.
<jonesy> and iirc, ubuntu actually uses Anaconda, which is written in Python, which I have an interest in.
<jonesy> ...I've also done tons of automated install setups, and have worked with most of the automated installers for Linux (and Jumpstart for solaris)
<soren> "Anaconda"?
<jonesy> yeah, when I was here (at oscon) in '06, Jeff Waugh said that Ubuntu actually uses the anaconda installer. No?
<soren> No.
<jonesy> whoops
<soren> We use d-i (debian-installer).
<jonesy> hmm. Is anaconda an available package, perhaps in the context of parsing kickstart or something?
<soren> To do automated installs, you can "preseed" the installer.
<soren> However..
<soren> "kickseed" is a piece of software that essentially parses a kickstart file and uses it to preseed d-i.
<soren> kickseed has been in the installer for a couple of years now.
<jonesy> hm. :-/
<nxvl> <- cool kid who hangs around!
<soren> jonesy: No, we don't provide anaconda at all.
 * soren high-fives nxvl
<nxvl> soren: good $Whatever_time_is_in_your_time_zone
<jonesy> wow, did I ever misunderstand.
 * nxvl high-fives back soren
<soren> jonesy: :)
<soren> nxvl: We call it morning :)
<nxvl> then good morning
<nxvl> one never knows in what timezone is the person you are talking with
<shelbyscates> hey guys how do i make a process run in the background?
<nxvl> specialy when they move so much around the world
<jonesy> shelbyscates: ./process &
<shelbyscates> so lets say the command is x11vnc... would it be ./x11vnc &?
<shelbyscates> or does that work differently for programs? :p
<jonesy> shelbyscates: that'll work, though I confess to never running that particular program.
 * shelbyscates tries
<jonesy> shelbyscates: check the man page to see if there's an option to 'detatch' or 'daemonize' or something like that.
<jonesy> seems like there should be for something like that.
 * jonesy doesn't have any kind of linux box available atm. 
<hads> Ouch
<shelbyscates> ok :)
<shelbyscates> i guess i could run the command to start vnc over ssh, then log in via vnc and open a terminal window, then enter the same command and close the ssh session :D
<shelbyscates> :P
<jonesy> shelbyscates: also man 'nohup'
<jonesy> shelbyscates: or do "ssh -c"
<shelbyscates> ssh -c?
<jonesy> if you're just running vnc for the purpose of running a single command, it seems easier to just... run the command, no?
<jonesy> maybe I'm misunderstanding
<jonesy> what is the problem you're trying to solve?
<shelbyscates> nah, its cool
<shelbyscates> when i need a vnc server ill just run it from ssh :)
<shelbyscates> not that i ever will need one ;)
<jonesy> ssh -c will just run the command on the remote host and then log you out.
<shelbyscates> thanks guys :D
<jonesy> np!
<shelbyscates> cya later :)
<hads> You need a VNC server when you don't have SSH access :)
<jonesy> hmm.
<jonesy> I've honestly never seen a shop that allows vnc but not ssh.
<jonesy> in fact, I don't currently have a client that allows vnc servers.
<jonesy> I don't know if any of them disallow ssh, either. Certainly, shelbyscates' comment seemed to imply that he had both ssh and vnc access :)
<jonesy> egads. Hope I was helpful.
<hads> I meant when your box breaks and you can't access it via SSH ;)
<nxvl> soren: you don't microblog, did you?
<soren> nxvl: I wouldn't know how if I wanted to. What is it?
<nxvl> twitter, identi.ca?
<nxvl> haven't you hear about that
<nxvl> is like...
<nxvl> IRC for dummies
<jonesy> you make your blog's font *really* small.
<jonesy> so only folks under like 25 can read it.
<soren> jonesy: Oh, I can do that :)
<jonesy> :)
<jonesy> off to bed for me - night!
<nandersson> I'm going to setup a new mail server. Before I've used courier-imap, but it seems that today Dovecot is the "weapon of choice". Is Dovecot where the "action is"?
<soren> I would have to say "yes".
 * soren likes dovecot a lot
<nandersson> soren, Thanks, time to get my hands dirty and get into dovecot + postfix then.
<soren> :)
 * nandersson likes Postfix
<kraut> moin
<spikyjt> Hi all - I've just been setting up mail filtering, following the docs in the server guide for 8.04. I've noticed a mistake which I found the solution for. I seem unable to edit the docs. Are these only editable by admins?
<_ruben> spikyjt: serverguide (on help.ubuntu.com) is maintained by the server team, not the (global) community .. so thats expected behaviour
<_ruben> i think filing a bug on launchpad is the best way to resolve this
<uvirtbot> New bug: #251760 in dovecot (main) "New Dovecot 1.1.x upstream for hardy-backports" [Undecided,New] https://launchpad.net/bugs/251760
<spikyjt> _ruben: thanks - I'll do that
<incorrect> i have a number of custom packages, i would like to setup falcon, but i am being totally stupid and can't find decent docs for it on google
<Ins|de> hi there
<Ins|de> i've installed ubuntu server 8.1 right now but i cannot get networking to work
<Ins|de> it doesnt work  with static ip neither  dhcp
<Ins|de> i followed configuration guide on thye wiki, but it stils not obtaining ip address
<Ins|de> can anybody help ?
<bicz> i'm using static conf in my box
<bicz> what do u need
<Ins|de> i prefer static conf
<bicz> me 2
<Ins|de> but after running ifconfig with static ip i can only ping my ip
<bicz> sure
<ewook> you forgot the gateway.
<bicz> u must use iptables conf to give internet or whateva @ other box's
<Ins|de> hwat could it be
<Ins|de> hm
<Ins|de> do i need to configure iptables first?
<Ins|de> but i cannot obtain ip by dhcp
<Ins|de> and i got more 2pc's with dhcp attributed ip's working fine
<bicz> Ins|de: nope u need configure u'r interfaces
<Ins|de> bicz, just configure /etc/network/interfaces file right?
<Ins|de> can youtake a look at it ?
<bicz> and give some iptables regules
<bicz> why not
<Ins|de> hmmm
<bicz> http://pastebin.ubuntu.com
<Ins|de> but.. i'm on my win machine :S
<Ins|de> i'm going to lunch, i'll be back :) thanks
<bicz> Ins|de: u got to have something like that http://pastebin.ubuntu.com/30278/
<Ins|de> bicz, my interfaces was like that, i cannot understand what's going on, maybe routing ? i dont understand much about routing
<bicz> Ins|de: there is my iptables config http://pastebin.ubuntu.com/30280/
<bicz> but this thing are for gw with 3 eth.. and a modem on eth0 :)
<Ins|de> yeah, i see, i have only one ethernet card connected to a router
<bicz> mhz
<Ins|de> with ip 192.168.10.1, is there any rule i should set ?
<bicz> so my conf isn't good for u :)
<bicz> nope
<bicz> set dns
<Ins|de> my dns /etc/resolv.conf is equal to dns address set on win boxes
<bicz> and it didn't work?
<Ins|de> it doesnt work
<Ins|de> host localhost should return any value
<Ins|de> right ??
<bicz> gud question..
<Ins|de> either if disconnected
<Ins|de> but it tells me that connectio had failed
<bicz> Ins|de: try to paste u0r ifconfig output
<Ins|de> i have RX bytes but i TX is zero
<Ins|de> packets
<pschulz01> Evening.
<hads> Morning
<lukehasnoname> Morning
<pschulz01> Just found (and installed) phpldapadmin :-)
<rbrunhuber> i run chrooted postfix + cyrus with saslauthd so i need a link from /var/spool/postfix/var/run/saslauthd to /var/run/saslauthd
<rbrunhuber> would it be possible to add a option to one of the saslauthd config files that triggers the init script to check wether that link exists?
<soren> jdstrand: How does the ufw versioning work? I say you jumped from 0.16.2 to 0.18.2.
<jdstrand> 0.16.2.x is in hardy. 0.16.3 and higher has been in intrepid
<jdstrand> soren: basically, minor bug fixes get a micro version, whereas added functionality gets a minor version
<soren> Oh. I see now.
<jdstrand> soren: so 0.17 and 0.18 added exciting new stuff
<jdstrand> but 0.18.2 not so much
<soren> I just somehow thought you went directly from 0.16.2 to 0.18.2, and that confused me a bit :)
<jdstrand> soren: apparently, you haven't been upgrading your intrepid boxes with the frequency needed to see all the new ufw versions :)
<soren> jdstrand: Or not been paying enough attention. Darn it. What have I been missing out on?
<soren> less useless logging, connrate limits..
<soren> ...and a bunch of not-so-user-visible-stuff.
<jdstrand> soren: 0.17 claim to fame was internationalization support, while 0.18 added the 'limit' command, split the code out for downstreams and better status
<soren> Alright. Cool.
<soren> ufw has really grown on me.
<jdstrand> (0.18 also made ArchLinux happy with setup.py improvements)
<jdstrand> soren: you're really gonna like 0.19
<jdstrand> soren: it brings port ranges (aka multiport) and dotted netmask support
<soren> There are a few things, though.. I can e.g. never remember the proper syntax to allow a certain host access to everything... or something. I forget what it is. I always end up trying three different things, fail, look at the man page for a bit, and then have an epiphany :)
 * soren <3 dotted netmasks
<jdstrand> soren: so you can do your goofy non-CIDR stuff
<jdstrand> soren: 0.19 also does rule normalization, so everything is presented to the user consistently
<jdstrand> eg 111.12.34.2/4 now properly evaulates to 96.0.0.0/4
<soren> Oh! that's convenient!
<jdstrand> convenient, and fixes bug #237446 :)
<uvirtbot> Launchpad bug 237446 in ufw "List of rules not consistent with the rule added" [Undecided,Fix committed] https://launchpad.net/bugs/237446
<soren> Heh :)
<jdstrand> soren: regarding the syntax-- there is 'simple' and 'extended'. simple is only for ports 'ufw allow http'
<jdstrand> soren: 'extended' is where you can get more fine-grained. if you think of it as needed complete clauses, it's easier to remember
<jdstrand> soren: eg 'to <ip>' or 'to <ip> port <ports>'
<jdstrand> soren: you always need to specify the source or destionation (from/to), but port is optional
<jdstrand> soren: you also need only specify one of source or destination
<jdstrand> both is obviously a choice too :)
<jdstrand> soren: it more or less follows PF syntax, which is used in the BSDs and generally more friendly than iptables, pcap, pix, etc
<jdstrand> soren: but sure-- it takes a little getting used to
<jdstrand> soren: I recently upgraded a server from sarge to hardy (reinstall), and it had a quite complicated fwbuilder+modifications firewall setup. I was able to get a complete ufw firewall enabled for that machine in minutes (of course, I am somewhat familiar with ufw...)
<jdstrand> soren: I was quite pleased with myself actually :)
 * jdstrand feels awesomeness swelling inside him, desperately trying to push modesty aside
<soren> jdstrand: Heh :)
<soren> jdstrand: So to let 1.2.3.4 connect to me on port 9000, I'd.. what?
<soren> ufw allow from 1.2.3.4 to port 9000 ?
<jdstrand> close
<soren> Yes. That's the one I can never get right :)
<jdstrand> ufw allow from 1.2.3.4 to any port 9000
<soren> any! Right, right.
<jdstrand> tbh, I forget the 'any' sometimes myself
<jdstrand> 'to <ip>|any' is required
<jdstrand> well, to or from
<jdstrand> meh-- you know what I'm saying
<soren> :)
<soren> Does ufw somehow allow me to shove -t nat rules somewhere manually? ISTR it rejected some stuff I put in before.rules because it had a table specified.
<soren> ...so I had to have a seperate setup for my -t nat rules.
<jdstrand> soren: you can shove it into before.rules-- you just need to make sure that *nat and *filter get COMMITted separately
<soren> Ah.
<jdstrand> eg:
<jdstrand> *nat
<jdstrand> :POSTROUTING ACCEPT [0:0]
<jdstrand> ...
<jdstrand> COMMIT
<jdstrand> *filter
<jdstrand> ...
<jdstrand> COMMIT
<soren> Ah.. Gotcha. That'll come in handy.
<jdstrand> from https://help.ubuntu.com/8.04/serverguide/C/firewall.html:
<jdstrand> Also, when modifying any of the rules files in /etc/ufw, make sure these lines are the last line for each table modified:
<soren> I completely missed the fact that these are iptables-save format things.
<jdstrand> # don't delete the 'COMMIT' line or these rules won't be processed
<jdstrand> COMMIT
<jdstrand> (thanks sommer!)
 * jdstrand nods
<jdstrand> soren: a bug report came in on that recently, I wonder if the 'ufw Masquerading' section could be clearer...
<jdstrand> I promptly Invalidated it of course
<soren> Good man!
<soren> :)
<rbrunhuber> can anyone please give me a hand with openldap? It seems totally broken in ubuntu!
<soren> rbrunhuber: Ask your question/explain your problem.
<soren> It's impossible to know up front if we can help you when we don't know what your problem is.
<soren> Well... That's not entirely true. If we know nothing at all about LDAP or Ubuntu or computers even, we could just say "no" without further ado...
<soren> It just so happens that we do know quite a bit about computers, Ubuntu and even LDAP, so you might be in luck!
 * soren is rambling
<rbrunhuber> ok: slapd and libldap are version 2.4.9 but ldap-utils is still at 2.4.7 so dependencies are broken.
<rbrunhuber> second: except from luma no client is able to connect to openldap server if tls is enable.d
<soren> ldap-utils is 2.4.9-0ubuntu0.8.04 in hardy-updates.
<soren> You seem to not be entirely up-to-date.
<soren> rbrunhuber: I'm not sure about your second issue. ISTR there being something about CA's that need to be set properly for everything to be happy. What specifically fails to work?
 * soren curses tmpfs for not support O_DIRECT, by the way.
<rbrunhuber> soren: let's put it this way: my ca cert is the standard ca cert from cacert.org shipping with ubuntu.
<rbrunhuber> soren: my keys are issued by cacert.org and are valid. the cn matches my servername.
<rbrunhuber> soren: what do you mean with ISTR?
<soren> Yes..... What specifically fails to work?
<soren> "I Seem To Remember"
<rbrunhuber> ldapsearch -H ldap://myhostname:389/ -x -ZZ fails with ldap_start_tls: Connect error (-11)
<rbrunhuber> soren: if I add -d 5 there is an error TLS: peer cert untrusted or revoked (0x42)
<rbrunhuber> which is just plain wrong the certificate is(!) valid and trusted
<soren> Perhaps it looks in a different place for the CA certs?
<soren> You could try stracing it and see.
<sommer> rbrunhuber: you might also check the permissions on the cert and key... the openldap user needs read access
<soren> Well.. The user executing the application that is failing will need read access.
<sommer> err, yep that makes more sense :)
 * soren kicks parted
<ppires> anyone around supporting Glassfish adoption?
<rbrunhuber> sommer: i triple checked this already. but slapd fails miserably if there is no readaccess.
<kees> what does your current mdadm mountfail hook script look like?
<kees> kirkland: ^^
<kirkland> good question...
<kirkland> kees: let me recover from my backed up image
<sommer> rbrunhuber: are there any other errors if you start slapd with -d -1 ?
<rbrunhuber> sommer: no
<sommer> rbrunhuber: can you pastebin the relavent lines?
<kirkland> kees: mdadm looks like: http://pastebin.ubuntu.com/30327/
<rbrunhuber> of what? slapd -d -1?
<sommer> rbrunhuber: yes
<kees> kirkland: perhaps alone with the 'exit 0' part, it needs to remove itself?
<kees> s/alone/along/
<rbrunhuber> sommer:  one moment please
<kirkland> kees: yeah, isn't that bit in your documentation ?  :-)
<kees> kirkland: yeah, I'll need to set up a test environment to really nail it down.  let me know if it continues to elude you.
<kirkland> kees: just give me a bit
<kirkland> kees: ah, there it is....
<kirkland> while [ "$giveup" -lt 1 ]; do ....
<kirkland> kees: the only option is giving up :-)
<rbrunhuber> sommer: it is just so overwhelming much output, so what is "relevant"?
<sommer> rbrunhuber: there should be lines with specific errors, probably related to tls
<sommer> rbrunhuber: also what tls options have you configured in slapd.conf?
<rbrunhuber> sommer: TLSCACertificateFile TLSCertificateFile TLSCertificateKeyFile
<sommer> rbrunhuber: just as a test what happens if you comment the TLSCACertificateFile option and start slapd?
<kirkland> kees: http://pastebin.ubuntu.com/30334/
<kirkland> kees: that one has the indentation
<kirkland> kees: and, i think the fix is in the else ... break construct
<RoAkSoAx> kirkland, we can keep adding apps to https://wiki.ubuntu.com/InitScriptStatusActions right? (like lighttpd)
<kirkland> RoAkSoAx: please!
<kirkland> RoAkSoAx: you might note if it's in main/universe
<kirkland> RoAkSoAx: obviously, we'll prioritize main ones higher
<kirkland> RoAkSoAx: but yeah, go nuts :-)
<kees> kirkland: hah.  oops, well, my newer loop should fix that, I think.
<RoAkSoAx> kirkland, haha ok cool :)
<kees> kirkland: rockin'
<kirkland> kees: oh?  you have an update?
<rbrunhuber> sommer: I do not know what happened know but even gq is working with tls now!
<rbrunhuber> sommer: And I demand validating the server certificate
<sommer> rbrunhuber: so it's working now?
<rbrunhuber> sommer: yes it's working now.
<sommer> rbrunhuber: party!
<sommer> rbrunhuber: buth that means there may be a bug with the TLSCACertificateFile... doh
<sommer> at least with that option
<rbrunhuber> sommer: no i did not remove the option.
<sommer> rbrunhuber: really?  and its magically working now?
<rbrunhuber> sommer: not so magically. bad things happened... . Someone named the cacert.org ca certificate root.pem
<rbrunhuber> on my server i have symlink to it but it was broken.
<sommer> oooooooohhhhh... that makes sense, heh
<rbrunhuber> i still consider this a bug. why can anyone name a certificate root.pem?
<sommer> rbrunhuber: there last name is root?
<sommer> rbrunhuber: I'm here all week :)
<sommer> what should it be named if not root.pem?
<rbrunhuber> sommer: cacert.org.pem?
<rbrunhuber> it is sitting in /etc/ssl/certs/
<sommer> that would be more discriptive, heh
<rbrunhuber> sommer: i have a suggestion for saslauthd are you the "right" one for this?
<sommer> rbrunhuber: I show that file as a symlink:  /etc/ssl/certs/root.pem -> /usr/share/ca-certificates/cacert.org/root.crt
<rbrunhuber> sommer: I know now.
<sommer> rbrunhuber: probably not, but some else in the channel may know more about saslauthd
<rbrunhuber> How about adding a option to saslauthd where it configures itself for "chroot" setups?
<sommer> rbrunhuber: heh, as related to postfix?
<rbrunhuber> sommer: yes
<sommer> rbrunhuber: ya, that's been discussed, or it's been discussed that it can cause issues, but I'm not sure what the end result was/is
<sommer> rbrunhuber: it's probably worth filing a wish list bug about, at least to track the progress if nothing else
<rbrunhuber> sommer: that is a good idea. And i makes explaining things easyier than writing lines and lines in irc
<sommer> yeppers, and folks that aren't online at the moment will have a chance to comment
<rbrunhuber> sommer: who is not online at the moment is not even worth to comment ;-).
<sommer> heh, it's after 5:00 on a friday in some parts of the world... that makes it party time :)
<kirkland> kees: whoop!
<kirkland> kees: the latest initramfs-tools (with the else ... break works like a charm!)
<lukehasnoname> I want to believe the truth is out there
<kees> kirkland: \o/
<kirkland> kees: here's what initramfs-tools patch looks like: http://pastebin.ubuntu.com/30347/
<kirkland> kees: i edited the changelog entry too...  see what you think
<kees> kirkland: that still shows the old giveup syntax...
<kirkland> kees: hmm, i must have missed an update from you....
<kees> kirkland: I thought you said "break works like a charm"?
<kirkland> kees: it does
<kirkland> kees:
<kirkland> +			# The root device showed up, whoop!
<kirkland> +			break
<kees> kirkland: http://people.ubuntu.com/~kees/intrepid/initramfs-tools_0.92bubuntu7.debdiff
<kees> that's what I had
<kees> your break is probably an important element regardless.  :)
 * kirkland goes play with filterdiff :/
<kees> but the usplash timeout reset needs to happen
<kees> oh, wait, it's already in there
<kees> stupid indenting.  :)
<kees> kirkland: can you paste the whole current "local" file?
<kees> I think you're fine
<kirkland> kees: yeah, you bet
<kirkland> kees: http://pastebin.ubuntu.com/30349/
<kees> kirkland: hrm.  if the rootdev shows up during the wait, this won't work.
<kees> hrmpf
<kirkland> kees: why's that?
<kees> kirkland: imagine entering the while, then the if, and during the sleep 0.1 loop, the device shows up.  when we exit the sleep while, exit the if, run the failure handlers, etc
<kirkland> kees: so we need another break
<kees> yeah, I'm trying to figure out the best way to handle the 3 places the rootfs is tested
<kirkland> kees: how about this....
<kirkland> kees: while [ "$giveup" -lt 1 && "$rootfound" -lt 1 ]  ....
<kirkland> kees: and instead of my break, i'll set rootfound=1
<kirkland> kees: and if we break out of the innermost while, we "continue" to skip out of the bottom bits
<kirkland> kees: and let the if [ $ROOT ] ... handle it
<kees> kirkland: http://people.ubuntu.com/~kees/intrepid/local
<kirkland> kees: :-)  root_missing vs. rootfound
<kirkland> who's the optimist here ....  :-P
<kees> kirkland: well, I wanted to very carefully not change the logic, and remove the duplication of code.  the same test was already happening in 3 places, and I couldn't add a 4th without making a function.  :)
<kirkland> kees: this certainly looks cleaner
<kees> hrm, and that really should be while root_missing
<kirkland> kees: yes
<kees> one sec, reworking again...
<kirkland> kees: you don't have any breaks :-)
<kees> I have one, but it's not useful if root is found.  :)
<kirkland> kees: right
<kees> http://people.ubuntu.com/~kees/intrepid/local
<kees> how's that look?
<kirkland> kees: one minute, let me read comprehensively
<kees> updated it again -- combined the root_missing and tryhooks if test
<kirkland> kees: i like the root_missing() function
<kirkland> kees: more readable, for sure
<kees> yeah.
<kirkland> kees: might be nice to write a function for if [ -x /sbin/usplash_write ]
<kirkland> kees: that's used a few times
<kirkland> kees: attempt_usplash_write()
<kirkland> kees: do the -x test, always return true
<kirkland> well, it's only 2 calls
<kirkland> kees: okay, looks good to me
<kirkland> kees: i'm going to add the attempt_usplash_write() function and test
<kees> kirkland: I'd prefer avoiding additional deltas that are semi-unrelated.
<kirkland> kees: okay, no prob
<kirkland> kees: I'll go test this one
<kirkland> kees: http://pastebin.ubuntu.com/30354/
<kirkland> kees: poo....
<kirkland> kees: Kernel panic - not syncing
<kirkland> kees: this was on my first test, regression testing, booting with a perfectly sync'd 2 disks
<kees> hmpf
<kirkland> kees: let me diff my last working local from yours ....
<kirkland> kees: http://pastebin.ubuntu.com/30356/
<kirkland> kees: that's the diff from my last good, working copy, and your latest
<kees> kirkland: I guess just take it piecemeal.  maybe the root_missing stuff isn't as sane as we thought?
<kirkland> kees: well, i can wrap my head around stuff like the infinite loop i saw earlier... but a kernel panic?
<kees> kirkland: dunno?
<kirkland> kees: oh....
<kirkland> kees: your root_missing isn't precisely the same thing ....
<kirkland> kees: the first place you use it, you're replacing:
<kirkland> [ ! -e "${ROOT}" ] || ! $(get_fstype "${ROOT}" >/dev/null) || ! /sbin/udevadm settle
<kirkland> kees: the second time, the same thing...
<kirkland> kees: the third time, however....
<kirkland> you've replaced
<kirkland> [ ! -e "${ROOT}" ] || ! /lib/udev/vol_id "${ROOT}" >/dev/null 2>&1 || ! /sbin/udevadm settle
<kirkland> get_fstype vs. vol_id
<Tarrence> Is there a Ubuntu Server web based management GUI available? Or a Mac OS X application?
<kees> kirkland: eeek!
<kirkland> kees: okay, i'm taking your patch piecemeal
<kirkland> kees: i'll add just the root_missing() function
<kees> kirkland: wait a second...
<kees> get_fstype just calls vol_id
<kirkland> get_fstype calls vol_id
<kirkland> kees: and a bit more
<kirkland> kees: i'm going to just drop in your root_missing() function, and it's 3 calls
<kees> kirkland: yeah, go for it, I have to shift attention
<kirkland> kees: sure
<kirkland> kees: perhaps root_missing needs a "local ROOT" ?
<kirkland> kees: nevermind, sorry
<kirkland> opposite of what we want
<Tarrence> Is there a Ubuntu Server web based management GUI available? Or a Mac OS X application?
<kirkland> Tarrence: perhaps ebox, or webmin
<kirkland> kees: figured out the kernel panic
<kirkland> kees: return [ ! -e "${ROOT}" ] || ! $(get_fstype "${ROOT}" >/dev/null) || ! /sbin/udevadm settle
<kirkland> is busted
<kirkland> kees: s/return//
<kirkland> (happy Drupal'ing)  :-)
<kees> kirkland: ah-ha, yeah, good catch.
<kirkland> kees: okay, i'm running through my full gamut of tests
<kirkland> kees: but I think we're nearing the finish line
<kees> \o/
<kirkland> kees: who should I talk to about the mdadm conf/config/conffile bit ?
<kirkland> kees: the postint bit works well for initial purposes
<kirkland> kees: but doesn't pose the debconf question
<kees> kirkland: start with jdstrand (since he knows debconf), then maybe move to soren/mathiaz for preseed/server-install questions, and then evand, and finally cjwatson.
<kees> kirkland: yeah, it's good for testing.
<kirkland> jdstrand: how much longer are you around today?  debconf questions...
<kees> kirkland: if you want to get this stuff uploaded, I'd actually remove the postinst bit you've got, just to avoid a conffile ever getting onto disk before you've got a settled solution.
<kirkland> kees: good call
<kirkland> kees: assuming these tests pass, are you willing to upload, or do you want me to pass all of this by luke/colin first?
<kees> kirkland: who is the "approver" on the spec?
 * kirkland checks...
<kirkland> kees: Rick Clark
<kirkland> https://blueprints.edge.launchpad.net/ubuntu/+spec/boot-degraded-raid
<kees> hrm, okay.  I think if luke is happy, we can push it.
<RoAkSoAx> kirkland, what's the difference in having lsb-base (>= 3.2-14) under Build-Depends instead of Depends ?
<kirkland> RoAkSoAx: it should be under Depends
<kirkland> RoAkSoAx: build-time dependency, versus run-time
<kirkland> RoAkSoAx: it's needed to *run*, not so much to *build*
<RoAkSoAx> kirkland, because xinetd has lsb-base under Build-Depends
<kirkland> RoAkSoAx: that sounds like a mistake
<RoAkSoAx> kirkland, ok so gonna change it then :)
<kirkland> RoAkSoAx: to be safe....
<kirkland> RoAkSoAx: add it to the Depends
<kirkland> RoAkSoAx: for some reason (I can't imagine...) but it might be needed to build too
<kirkland> kees: no-go ...  :-/
<RoAkSoAx> kirkland, so I leave Build-Depends as it originally was: lsb-base and under Depends i add: lsb-base (>=3.2-14)
<kirkland> RoAkSoAx: I think that's fine
<Smaug> is there a simple way to restrict a user to their home directory?
<kirkland> RoAkSoAx: in practice, lsb-base is pretty much *always* there
<kirkland> RoAkSoAx: as practically every init script uses it
<RoAkSoAx> kirkland, and what about those apps that doesn't have lsb-base as a depends? becaus i've tryid with nginx and after adding everything, it showed a message that said something like: status_of_proc was not recognized or something like that
<kirkland> RoAkSoAx: those absolutely need lsb-base >= 3.2-14!!!
<kirkland> RoAkSoAx: that's what has the magic status_of_proc() function ;-)
<RoAkSoAx> kirkland, haha ok, i'll work on nginx and show it to you
<Smaug> ..fine then, new question.  i have a website in home/name/public_html/website/    if I change the permissons on directory "name" from 755 to 750, would that have any affect on the websites inside it?
<Smaug> yo dudes
<RoAkSoAx> kirkland, xinetd is in main right?
<kirkland> RoAkSoAx: apt-cache show xinetd | grep Filename
<RoAkSoAx> kirkland, how does it look?: http://pastebin.ubuntu.com/30380/
<kirkland> RoAkSoAx: looks good to me ;-)
<kirkland> kees: okay, found another problem with your code
<kirkland>                 if root_missing && ! try_failure_hooks; then
<kirkland>                         break
<kirkland>                 fi
<kirkland> to get it to actually boot a degraded raid, i have to change that to
<kirkland>                 if ! try_failure_hooks; then
<kirkland>                         break
<kirkland>                 fi
<kirkland> kees: i think you added the root_missing check in case the device showed back up....
<kirkland> kees: but it has an inadvertent mal-effect
<kees> kirkland: but without that it will run fail hooks even if the root appears during the timeout
<kirkland> kees: i think we're going to have to make root_missing smarter then....
<kirkland> kees: i'm having a hard time articulating the problem ....
<kirkland> kees: but this causes the failure hooks not to run at all
<kees> what problem is being caused by doing the root_missing check?
<kees> kirkland: in the case of finding the rootfs, that's correct.
<kirkland> kees: so i tell it to bootdegraded
<kirkland> kees: and it drops me to a busybox shell
<kirkland> kees: where md0 has sda1 marked as a spare, and not activated
 * kirkland continues to be aggravated by the fact that you can't copy-and-paste from a KVM :-/
<kees> kirkland: dunno but I'm very sure we don't want to run the failhooks when the rootfs already exists.  :)
<kirkland> kees: let me grab a screen shot
<RoAkSoAx> kirkland, why do you think nginx show's me this: http://pastebin.ubuntu.com/30395/ ?
<kirkland> kees: http://people.ubuntu.com/~kirkland/Screenshot.png
<kirkland> kees: looks like it finds a filesystem that it likes, but it's not quite good enough
<kirkland> RoAkSoAx: is that init script sourcing . /lib/lsb/init-functions ?
<RoAkSoAx> let me check xD
<kees> kirkland: I'd just start adding lots and lots of text debug output to everything, and turn off splash while booting.
<kirkland> kees: as if I would have splash running :-P
<kees> heh
<kirkland> kees: basically, root_missing is succeeding in a situation where it *should not*
<kirkland> kees: rather, it's finding what it thinks is a suitable root device, but isn't really
<kees> kirkland: if you replace the root_missing call with the prior lists of tests, does it behave correctly?
<kirkland> kees: no
<kirkland> kees: but not performing that check gets the failure hooks to actually run at the bottom of the loop
<kirkland> kees: which starts the raid
<RoAkSoAx> kirkland, it wasn't, i added it (just above the case "$1"...), but, where should it exactly go, or that does not make any difference.
<kees> kirkland: I'd need a few hours to build up a test environment.  Can you document the test-cases you're using?  I think we're very close, but just some small shell glitch is biting it (which is why I suggested extensive debug output to verify each assumption)
<kirkland> kees: yeah, don't worry about setting us a test env, though I will document it
 * kees nods
<kirkland> kees: i'm going to digg deeper into [ ! -e "${ROOT}" ] || ! $(get_fstype "${ROOT}" >/dev/null) || ! /sbin/udevadm settle
<kirkland> kees: one of those is TRUE in a situation where it should not be
<kirkland> kees: i mean, in a situation where we want to run the failure hooks anyway
<kirkland> RoAkSoAx: it does make a difference
<kirkland> RoAkSoAx: grep for it in your /etc/init.d
<kirkland> RoAkSoAx: *most* scripts should use it...  look where those call it
<RoAkSoAx> kirkland, done.. oh this is fun :) xD
<kirkland> RoAkSoAx: glad you're enjoying ;-)
<RoAkSoAx> kirkland, yeah!! at least i have something to do during the day... since i don't have anything else to do :P
<kirkland> kees: okay, so here's the problem....  /dev/md0 shows up, but it's not ready to roll
<kees> kirkland: sounds like the vol_id stuff isn't being run.
<kirkland> kees: which makes the -e /dev/md0 succeed, and the root_missing
<kirkland> kees: i agree with that
<kirkland> kees:
<kirkland>         eval $(fstype "${FS}" 2> /dev/null)
<kirkland>         if [ "$FSTYPE" = "unknown" ] && [ -x /lib/udev/vol_id ]; then
<kirkland>                 FSTYPE=$(/lib/udev/vol_id -t "${FS}" 2> /dev/null)
<kirkland>         fi
<kirkland> if I run "fstype /dev/md0"
<kirkland> while it's in a "not-ready" state, FSTYPE is null, and not "unknown"
<kees> that feels like a separate bug you just happened to hit...
<kirkland> kees: yup, i see it clearly
<kees> (i.e. a change in the behavior of fstype)
<kirkland>         if [ -z "${FSTYPE}" ]; then
<kirkland>                 FSTYPE="unknown"
<kirkland>         fi
<kirkland> that's lower
<kirkland> i think FSTYPE="unknown" should be initialized as such at the top of that function
<kirkland> lemme try that....
<kees> kirkland: where does "fstype" the function/tool get defined/installed?
<kirkland> have i told you that test iterations of this sucks?  :-)
<kees> yeah.
<kees> :(
<kirkland> kees: its in /bin/fstype in the initramfs
<kees> hunh.
<kees> I wonder what that is....
<kees> what does it output in the failed state?
 * kirkland curses the lack of cut-n-paste
<kirkland> fstype /dev/md0
<kees> ah, it's in klibc
<kirkland>  /dev/md0: error 0
<kirkland> kees: and it does not set those env variables (FSTYPE, FS)
<kees> evil!
<kirkland> kees: fstype /dev/sda
<kirkland> FSTYPE=unknown
<kirkland> FSSIZE=0
<kirkland> kees: fstype /dev/sda1
<kirkland> FSTYPE=ext3
<kirkland> FSSIZE=2089091072
<kirkland> (which is actually a Linux RAID member)
<kirkland> seems bad that it doesn't detect that
<kees> that's okay, that's vol_id's job.
<kirkland> kees: okay, here's what I changed....
<kirkland> kees: http://pastebin.ubuntu.com/30402/
<kirkland> kees: haha
<kees> kirkland: I would move the -z check between the eval and the if in the case that fstype ever tries to spit out 'FSTYPE='
<kees> rather than setting a default
<kirkland> kees: oh, in case fstype nulls out FSTYPE?
<kees> right
<kees> oh!  yeah, I know why this suddenly became a problem -- it's the race between mdadm doing the degraded start and the next while check.  riiight.
<kees> anyway, good to get fixed regardless.
<ScottK> kees: Thanks for the openssl upload.  Better you than me. ;-)
<kirkland> kees: FSCKing A!!!!!!!!!!!!!!!!!!!!1
<kees> ScottK: heh, yeah.  I figured I'd take the heat.  I break all sorts of other security things, so why not?  ;)
<kees> kirkland: I hope that's the sound of success?? :)
<kirkland> kees: yes, it is
<kees> \m/
<kirkland> kees: I just may have to finish this over a beer!  :-)
<kees> or maybe I should say  [U_]
<kees> kirkland: heheh rockin'
<kirkland> kees: you may say [U_]
<kees> :)
<kirkland> kees: here's what the debdiff is looking like now ... http://pastebin.ubuntu.com/30406/
<kees> kirkland: cool! minor suggestions: move the comment on the first root_missing while loop back above the while to avoid the diff, and check white-space on the FSTYPE functions, I think they were tabs before, not spaces.
<kirkland> kees: k
<kirkland> kees: http://pastebin.ubuntu.com/30409/
<kees> kirkland: oh! crap, the -z test is needed above and below.  :(
<kees> (in the case that vol_id breaks it)
<kees> everything else rocks
<kirkland> kees: ah, right
<kirkland> kees: http://pastebin.ubuntu.com/30410/
<kees> kirkland: ship it!  :)
<kirkland> kees: let me comprehensively test it :-)
<kirkland> kees: but i'm cracking open a beer :-)
<kees> :)
<kirkland> kees: my wiki notifications say that you've been busy auditing :-)
<kees> kirkland: sure have been.
<kirkland> kees: okay, [UU] booted fine (regression testing) CHECK
<kirkland> kees: dropped disk sdb, after timeout, dropped to busybox (default behavior)
<kirkland> CHECK
<uvirtbot> New bug: #251996 in samba (main) "package winbind 3.0.28a-1ubuntu4.4 failed to install/upgrade: dependency problems - leaving unconfigured" [Undecided,New] https://launchpad.net/bugs/251996
<kirkland> kees: dropped disk sdb, gave kernel bootdegraded=true, after timeout, booted degraded raid
<kirkland> kees: dude, we are MONEY!!!
 * kees hugs kirkland
<kees> beer o'clock!  :)
<kirkland> kees: i'll attach an updated patch to the bug
<kirkland> you're 13 minutes behind me :-)
<kees> kirkland: heh, well, it's 1.75 hrs to beer o'clock for real here, but it's celebration o'clock.  :)
<kirkland> kees: true, you're technically 2 hours behind me :-)
<kirkland> kees: do my changelogs in that last pastebin look good?
<kees> kirkland: I would break the scripts/local into several "   - blah..." sections for each logically separate thing (fstype fix, root_missing rework, fail handler rework)
<kirkland> kees: k, let me do that...
<kees> once you've got that, mdadm, and lvm2 ready to fly, I'll install locally for a little extra regression testing too.
<kirkland> kees: okay, i'll push to my ppa
<kirkland> kees: bollocks.... is initramfs a bzr-managed package?
<kees> kirkland: hm, no, seems to be debian-git managed.
<kees> (we just patch on top of it)
<kirkland> kees: hmpf, sorry, i on a weird page in Launchpad
<kirkland> kees: changelog: http://pastebin.ubuntu.com/30416/
<kees> s/to replaced//
<kirkland> kees: got it.
<kirkland> kees: initramfs-tools_0.92bubuntu7~ppa10 uploaded to my PPA, if you want to test
<kirkland> kees: along with mdadm - 2.6.7-3ubuntu2~ppa9
<kirkland> kees: (you'll need them both)
<kees> rockin'
<kirkland> kees: i'm yanking the config file bits out of my mdadm patch
<kirkland> kees: saving them off somewhere ;-)
<kirkland> kees: I'm going to post my test instructions in the wiki Spec page
<kirkland> kees: okay, updated patches attached to https://bugs.edge.launchpad.net/ubuntu/+source/mdadm/+bug/120375
<uvirtbot> Launchpad bug 120375 in initramfs-tools "cannot boot raid1 with only one disk" [Undecided,Confirmed]
 * kirkland goes write test instructions
#ubuntu-server 2008-07-26
<kirkland> kees: still around?
<kees> kirkland: yawp, just doing a full upgrade/reboot before doing mdadm/initramfs testing
<kirkland> kees: ah, good
<kirkland> kees: wanna look over my test instructions?
<kees> kirkland: sure
<kirkland> wiki says *chug* *chug* *chug*
<kees> hehe
<kirkland> wiki slowness is an impact to productivity
<kirkland> kees: https://wiki.ubuntu.com/BootDegradedRaid#head-a5a91db34505d4a047fd7f30e44ac2020da369a6
<kees> nice, really nice.
<kirkland> kees: wiki page updated, fixed a couple of typos in the test description
<lukehasnoname> Hey, does the Ubuntu server CD have wireless drivers? I have a D-Link wireless G PCI card in a server
<infinity> Yup.
<lukehasnoname> is there a way I can install those drivers from disk after the OS has been installed?
<kirkland> kees: I don't think ceg's comments are against my latest patch
<kirkland> kees: he's complaining about the "sleep 5" ... that's gone
<ScottK> lamont: You around?
<ScottK> lamont: I have an apology to make.
<ScottK> I was dealing with the reporter of http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492422 and pointed out that I was just following the example of the postfix documentation and so he's gonna send you one too.
<uvirtbot> Debian bug 492422 in postfix-policyd-spf-perl "postfix-policyd-spf-perl: should use example.com and similar domain names in examples" [Normal,Open]
<user__> hey there
<ycy_> hi
<ycy_> if i install ubuntu-server from cd, i can have ubuntu-desktop AND ubuntu-desktop by simply: aptitude install ubuntu-desktop. how can i get the viceversa? there's no ubuntu-server metapackage...
<Kamping_Kaiser> you cant, per se. you could use tasksel to install the server tasks though
<ycy_> Kamping_Kaiser: what do you mean with 'server tasks' ?
<khaije1> hi i was directed here by ubuntu+1, does anyone know if pci-passthrough will be in intrepid
<rapha> Hi all!
<rapha> Is it possible to have SSL certs for 5 or 6 domains on one server?
<rapha> Because in LigHTTPd and Postfix and so on I only see config options for one key file...
<Zyna> Ich hatte vor EWIGKEITEN mal ein app in ubuntu feisty installiert das die netztopology grafisch abgebildet hat... so'n freak tool halt... kann mir wer sagen wie das hieÃ?
<Zyna> sry, wc
<rapha> Wat?
<rapha> Ein FREAK-tool?!?!
<rapha> Wie gehst Du denn ab?
<pschulz01> rapha: Ich kann nicht Deusch spechen
<rapha> pschulz01: no prob, my question was in English :-)
<pschulz01> rapha: :-)
<rapha> Zyna: anyhow, such mal auf freshmeat.net nach "net topology"
<rapha> Nobody here any SSL experience?
<pschulz01> rapha: Sorry.. closest is generating keys for openvpn.
<rapha> ic :)
<rapha> Well, I'll just stick around some tiem
<uvirtbot> New bug: #252113 in samba (main) "Cannot reinstall or uninstall samba" [Undecided,New] https://launchpad.net/bugs/252113
<ycy_> i want to create a fileserver with ubuntu, is it safe to use a /mnt/store as ntfs partition?
<kolcun> I'm trying to get bind working here, and I think i'm done.  I'm trying to verify the configuration using host myserver.mydomain.com.  It gives me "myserver.mydomain.com has address 192.168.4.2"  which is correct.   When I try host 192.168.4.2 it gives me Host 2.4.168.192.in-addr.arpa. not found: 3(NXDOMAIN).  Is this OK, or should I get something else?
<kolcun> I'm ssh'd to myserver.mydomain.com when I'm running those commands.
<kolcun> figured it out.. my reverse file was incorrect.
<ppires> hi there :-)
<ppires> anyone around supporting Glassfish adoption?
<n-iCe> how can I do an autologin when ubuntu starts?
<n-iCe> how can I do an autologin when ubuntu starts? thanks, (without a desktop)
<n-iCe> how can I do an autologin when ubuntu starts?
<n-iCe> how can I do an autologin when ubuntu starts?
<Twilight_Wolf> Hello
<Twilight_Wolf> How do I make my Ubuntu i386 computer an IRC server?
<jpds> Twilight_Wolf: Install an ircd-* package.
<Twilight_Wolf> from where?
<jpds> The repositories?
<jpds> https://help.ubuntu.com/community/IrcServer
<Twilight_Wolf> URL?
<Twilight_Wolf> k
<Twilight_Wolf> thx
 * Twilight_Wolf is away: Eating lunch at McDonalds
 * TW|AWAY is away: Eating Lunch at McDonalds
<thenewguy> hey guys, is there anyway to speedup ssh file transfer? I am using openSSH and it is painfully slow.
<sommer> thenewguy: are you transfering over the internet?  I think it's pretty much dependent on your connection speed
<jpds> thenewguy: Use the -C flag.
<thenewguy> sommer; no i am on the local network
<thenewguy> i have enabled compression in the SSH config file
<thenewguy> anytips
<sommer> thenewguy: not really, depending on the size/amount of files your moving, it's just going to take a certain amount of time
<thenewguy> thanks sommer
<n-iCe> where is nano located?
<sommer> thenewguy: you could also try nfs, ftp, etc since your just copying on the lan.... but there are some security concerns :)
<sommer> n-iCe: which nano
<thenewguy> yaa i have SMB running
<n-iCe> thanks
<Nafallo> hmm. ufw can't use portranges?
<Kohlrak> I'm planning on switching from a windows server to an Ubuntu server. I figure it'd be easier to make a dual boot machine and transfer the files over (which would be quicker) from partition to partition, is there a way to do that?
<uvirtbot> New bug: #252200 in openssh (main) "ssh-agent does not expire key" [Undecided,New] https://launchpad.net/bugs/252200
#ubuntu-server 2008-07-27
<Kohlrak> just installed the ubuntu server and now it's hanging on "Loading hardware drivers..." Is this common?
<miraage> ufw question: i just enabled NAT table rules for MASQUERADE packets for internet connection sharing, and now i get ERROR: problem running init script when I execute sudo ufw enable
<Kohlrak> is anyone here?
<Kohlrak> fuck it
<hads> hmm
<osmosis_> i just had the strangest problem. My kvm virt guest was hung, but as soon as I logged into the virt console, the host became responsive on ssh and http again. What would cause it to be offline, but to become responsive as soon as I do a console login?
<osmosis_> is there a way to console into a kvm libvirt guest without using virt-manager and a gui desktop? Can I just do it from a CLI?
<osmosis> how can I install just a single packages from intrepid? (Im on hardy)
<uvirtbot> New bug: #252303 in nut (universe) "nut 2.2.2-3ubuntu1 postinst error on Intrepid alpha3 : /sbin/udevtrigger: not found" [Undecided,New] https://launchpad.net/bugs/252303
<InsomniaCity`> Hi! I've brought up an alias to eth0 with a different IP/mask etc, but is there any way I can automaically write that to /etc/network/interfaces ?
<_ruben> InsomniaCity`: sure, just use eth0:0 instead of eth0 for that definition
<InsomniaCity`> yeah, I've already got the interface up on eth0:1
<InsomniaCity`> but I want to write my working settings to the interfaces file, so that i don't make any errors and strand the box when I do networking restart
<_ruben> InsomniaCity`: uhm .. just put those settings in that file using eth0:1 then
<InsomniaCity`> and try hard not to make an error? or would it just ignore the one it doesn't understand?
<_ruben> you cant clone the current settings to ur interfaces file automagically (though there might be scripts for that, out there somewhere) ..
<_ruben> the syntax of the infterfaces file is rather simple
<_ruben> just duplicate the stuff for eth0, replace eth0 with eth0:1 and the appropriate ips/masks
<InsomniaCity`> ok
<trappist> I just upgraded to hardy, and my saslauthd is broken, so I can't do smtp auth w/ postfix. I get SASL authentication failure: Password verification failed. Permissions were all messed up (root:root, 600) in /var/run/saslauthd. Fixed those, same problem.  But if I restart saslauthd it resets those perms.  Help?
<trappist> it also looks like the upgrade re-chrooted postfix without leaving me a backup master.cf :/
<trappist> and took postfix out of the sasl group :/
<ScottK> He didn't stick around so long.
<GodSyn_BB> so, is there an easy way to convert an existing x86 server install with 64bit chip
<GodSyn_BB> to 64bit os?
<Nafallo> no
<GodSyn_BB> sorry for the multi line feed. Blackberry with fat fingers. Thanks.
<_ruben> reinstall is the only path to switch between architectures
<Nafallo> _ruben: not really, but the easiest :-)
<_ruben> Nafallo: for mere mortals there's no alternative ;)
<Nafallo> _ruben: ;-)
<sCOTTo> gday ppl
<sCOTTo> hey guys anyone awake ?
<sCOTTo> !cpanel
<ubottu> Sorry, I don't know anything about cpanel
#ubuntu-server 2009-07-20
<billybigrigger> is there an easier way to accomplish this?
<billybigrigger> im trying to join all my log files, but i awstats spits and error when i try that command
<user345fgh> jpds, update-rc.d sabnzbplus start 2          says:   use of uinitialized value within @argv?
<qman__> billybigrigger, you want ` not "
<qman__> as in,
<qman__> LogFile=`cat /var/log/apache2/access.*`
<qman__> of course, if it gzips them, you will need to get a little more complex than that
<qman__> actually, that's wrong
<qman__> you will have to combine the files first, if it's looking for a filename
<qman__> zcat /var/log/apache2/access.*.gz > /var/log/apache2/awstats; cat /var/log/apache2/access.log.? /var/log/apaceh2/access.log >> /var/log/apache2/awstats
<user345fgh> where can i see the ubuntu version thats installed?
<qman__> LogFile="/var/log/apache2/awstats
<qman__> user345fgh, cat /etc/issue
<user345fgh> thx
<roxy09> Hi, sorry i am new here...can I ask where is this chat located Australia?
<qman__> roxy09, I'm not sure what you're getting at, there are people here from all over the world, US, europe, and other places
<qman__> this is simply the english speaking channel
<roxy09> thanks! thats is great!
<zoopster> billybigrigger: for webalizer, I log each of my sites individually, have webalizer conf files for each, and have webalizer run through them all nightly
<roxy09> hi somebody know how i can get the registers in the dns server?
<roxy09> somebody know how i can see the rulers or register in my DNS?
<andresmujica> whois yourdomain?  not sure if i understand you correctly
<roxy09> i did, but shows me No Data found
<andresmujica> try with dig @somednsserver yourdomain.com +trace
<roxy09> somebody know how i can change a register in the DNS, i mean change the IP address of a server?
<andresmujica> you need to access to your registrar
<andresmujica> it's the only place you can make that change..
<roxy09> i have access
<roxy09> remote access
<andresmujica> hmm..
<roxy09> but i dont know which command i need to use to change the register
<andresmujica> you want to change the ip address for one of your nameservers ?
<roxy09> yes
<andresmujica> ok.
<andresmujica> you have access to your registar account?  i mean the place where you put your contact data for the domain, including the hostname and ip address for the 2 nameservers?
<andresmujica> you'll need to update the data there first.
<andresmujica> then you'll need to update your zone file
<roxy09> how i can do that
<andresmujica> you must edit your zonefile ... i'm not familiar with the Ubuntu's ubication for that file, but probably is at /var/named or /var/bind
<andresmujica> look for the line with  IN NS nameserver.   and the look for the line nameserver. IN A ipaddress
<andresmujica> there you can change it.
<andresmujica> don't forget to update the zonefile serial id
<roxy09> my problem is the dns is not managed by us, i just have acces to change the rulers and check with some comands but i can't see that file...
<roxy09> i change the address in one of the server (cause was moved) and i need to change this new address in the dns register
<andresmujica> ohh.. is harder then... maybe via a web interface?
<roxy09> i know the person that used before comand like dig
<roxy09> but i am not sure how
<jmarsden> roxy09: dig will let you read/check what your DNS servers are replying with, but it can't change them.  Use the web interface provided by your DNS provider for that (or run your own DNS!).
<jon_high9000> anybody had any luck setting up fetchmail with gmail? if so, can you help?
<twb> jon_high9000: sure
<twb> jon_high9000: but offlineimap is better
<twb> http://twb.ath.cx/Preferences/.offlineimaprc
<jon_high9000> i have tried different variations and i still can't get it to work. i have a functioning internet access too.
<jon_high9000> twb: referring to fetchmail
<jon_high9000> twb: I bookmarked  the link you just posted. ty
<twb> http://hpaste.org/fastcgi/hpaste.fcgi/view?id=7253#a7253
<jon_high9000> twb: ty
<jon_high9000> i will bookmark that as well. :)
<jon_high9000> twb: i am glad there are options.
<jon_high9000> twb: I will try it out.
<jon_high9000> twb: cya
<twb> jon_high9000: unless you have another question, be quiet.
<billybigrigger> qman__, you there?
<billybigrigger> billybigrigger@sally:/var/log/apache2$ sudo cat access.log* > awstats
<billybigrigger> -bash: awstats: Permission denied
<billybigrigger> i keep getting this, i've tried cat file1 file2 file3 > awstats same thing
<twb> billybigrigger: redirection is done by the shell, not by cat.  Thus using sudo to escalate cat's privileges does not help.
<twb> Either start a root shell, or abuse tee:
<twb> sudo cat access.log* | sudo tee awstats >/dev/null
<billybigrigger> that command worked
<billybigrigger> but awstats still isn't picking up stats between july 10-18th
<altf2o> Hey all got a question if anyone knows. Running Ubuntu Server 9.04. It's set to run as a DNS server (have forwarding entries setup, but also primary for example.local). I've gone through the tutorial and set it up ok. Running named-checkzone example.local /etc/bind/db.example.local and it works fine. While SSH'd into the server i can ping all the hosts, however my clients cannot. Verified DNS entry on client, can't see what's wrong. Any
<andresmujica> altf2o: what you mean is that your clients cannot resolve ?  try from a client with nslookup and check they've got the right server and can resolve.  maybe your dns setup is not listening, or the firewall is blocking or the zone is not enabled for the internal network
<altf2o> correct, and running "nslookup example.local" from my Ubuntu 9.04 desktop outputs the following: Server: 192.168.0.102 \ Address: 192.168.0.102#53 \ Name:  example.local \ Address: 127.0.0.1  - perhaps judging by the last "Address" entry there, might my DNS be setup incorrectly?
<twb> altf2o: pass the IP address of your DNS server as a second argument to nslookup
<altf2o> Now using: nslookup example.local 192.168.0.102 , produces the exact same output.
<infinity> Of course it does.
<infinity> Your server's responding that "example.local" is 127.0.0.1, period.
<infinity> It's not a client issue.
<altf2o> very strange indeed. I've checked over my configuration file, and comparing it to the example i can't see anything wrong with it. Or more specifically where to tell it "example.local = 192.168.0.102" and not the localhost of the client.
<infinity> Pastebin your example.local zonefile?
<infinity> Well, your .local ... Whatever.
<altf2o> ok, so i just found the second line which reads:  @   IN  A  127.0.0.1 , it was my error, the directions did say to change that so i did. Now using: nslookup example.local 192.168.0.102 , i get the output: Name: example.local \ Address: 192.168.0.102 , however pinging it still isn't working. And sure let me grab it real quick.
<roxy09> hi ...i need to change one ip address form a server in DNS server, but i cant find the "named" file...
<twb> altf2o: you should know that .local is a reserved domain, for autonegotiation.
<altf2o> http://pastebin.com/m30f0f40f  - this is my /etc/bind/db.example.local , file.
<twb> altf2o: you will get exciting behaviour if you try to use it as a private LAN domain; try .lan instead.
<altf2o> ahhh, wasn't aware, let me update accordingly.
<twb> http://en.wikipedia.org/wiki/.local
<twb> "Name resolution issues may arise if Bonjour, Avahi, or other Multicast DNS software is used in conjunction with a network that implements the local toplevel DNS domain."
<qman__> roxy09, the default location in ubuntu is /etc/bind - /etc/bind/named.conf.local normally contains the zone definitions, which will list where the zone file is
<twb> Personally I find dnsmasq much easier to use than bind + isc dhcpd, for serving DHCP and local DNS lookups.
<roxy09> thanks
<altf2o> that was it! I changed it simply to 'example.lan' updated zone information, now all my clients appear to be able to ping just fine. Really appreciate the help on this one thank you :).
<roxy09> i try but i can't find
<roxy09> but when i do dig nameserver i got information
<roxy09> there any comand line to change a IP address in DNS
<infinity> for i in $(rgrep -l "oldipaddress" /); do sed -i -e 's/oldipaddress/newipaddress/g' $i; done && rndc reload
<infinity> I'm betting that's not the command line you were looking for, though. :)
<roxy09> i dont know where is the dns configurated but i can access with "dig" camand...so i just want to do with a command line
<infinity> Oh, I suppose I missed magic to update zone serials in that shell pain, didn't I?
<infinity> I lose.
<infinity> roxy09: Is this not your machine?
<infinity> roxy09: If you've taken over from another admin, the zone files are probably in /etc/bind/ somewhere.
<infinity> roxy09: But I highly recommend reading a nice bind HOWTO or something first, before diving in.
<infinity> roxy09: Since updating zones requires changing info, updating a serial, reloading the name server, etc.
<roxy09> long to explain...but i got this server already installed which is DNS server ( i dont have any documentation about) and I change the IP address form a server (which was moved ) and I need to change that in the DNS server...
<roxy09> but i cant find the "named" file ..but when i do "dig" i get information about my server with the old IP
<infinity> There is no "named" file.
<infinity> Well, not one that does what you think it does.
<infinity> Like you've been told a few times, the configuration for bind is in text files in (usually) /etc/bind.
<roxy09> is not there
<infinity> rgrep "oldipaddress" /etc
<infinity> See if you find anything.
<infinity> I don't know any better than you do how the previous admin set up your machine.
<mattgyver> I am using fail2ban, i have set the bantime to permanent (-1) however it continues to unban the user after about 10 minutes, could someone help?
 * altf2o wonders why no DNS reverse lookup tutorials mentioned that the number preceding each PTR entry, is simply the last octet in the IP. That would've saved a lot of headaches :).
<oh_noes> Im setting a lease { } block in dhclient.conf -- but when a DHCP server isnt available it isnt being used
<oh_noes> is there anything additional I need to do?
<roxy09> hi
<roxy09> somebody know how i can install a backup ldap server?
<andol> roxy09: refering to an (open)ldap slave?
<jmarsden> roxy09: https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html
<jmarsden> See the /topic in here... please read the Server Guide :)
<ruben231> hi nay squid users here...?
<ruben231> any squid users here..?
<roxy09> i mesorry..yes i have one old gentoo opendlap server and i am instaling openldap in a slave machine with ubuntu
<jmarsden> Since you are running a Ubuntu server, it pays to read the Ubuntu Server Guide :)  I'm not sure if you will have any issues with different versions of openldap between the two systems...
<roxy09> well is linux...i hope no...i tried before but doesn't work...i desinstade everything and i am intalling again...my question is if i need to install openldap like the main server or different...also how they can detect that my machine is slave
<jmarsden> Read the section "LDAP replication" in the Server Guide.
<roxy09> my version is 8.04 i suppose is the same process?
<jmarsden> https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html
<jmarsden> Probably roughly the same, but may be an older version of openldap
<roxy09> thanks a lot i will try
<uvirtbot> New bug: #383697 in util-linux (main) "lsb_release crashed with ImportError in <module>()" [Medium,Fix released] https://launchpad.net/bugs/383697
<quizme> how do you make a command run automatically after reboot?
<simplexio> quizme: /etc/init.d/rc.local for example
<simplexio> quizme: there are other solutions to problem
<quizme> thanks
<quizme> i think that's what i want
<simplexio> what you want run ?
<quizme> i want to restart my jruby app
<quizme> glassfish
<quizme> it's a long glassfish command
<simplexio> probably best way to do it is create own init script for it, so you cant get /etc/init.d/youscript stop/start/restart functionality
<simplexio> but adding command/script to rc.local is wasiest way
<simplexio> easiest..
<quizme> ok
<quizme> thanks
<ForeverSmurf> hi
<ForeverSmurf> which installation method should I follow to install jaunty on a remote server
<ForeverSmurf> I can boot into a rescue system
<ForeverSmurf> and partition/format hard drives, etc...
<ForeverSmurf> oh ssh
<ForeverSmurf> over ssh
<quizme> how do you make the root user run a command as another user ?
<ForeverSmurf> su
<acalvo> Hi!
<acalvo> Is there any way to list all active services on a server?
<acalvo> Like apache, openldap, freeradius, etc...
<simplexio> acalvo: ps aux
<acalvo> simplexio: but it'd list all active processes
<simplexio> acalvo: offcourse then you need know what services you are looking
<acalvo> I thought it'll be some kind of more readable list of active services
<jpds> acalvo: netstat -lntp
<acalvo> jpds: thanks, it'd do the jog!
<acalvo> *job
<wild_oscar> hello. I am going to test Virtualization on a new computer
<wild_oscar> my idea is to have an OS running Virtualbox, then deploy 2 virtual machines on it
<wild_oscar> because this is my first test with virtualization, it's probably easier to do it using Virtualbox's GUI
<wild_oscar> so, what ubuntu version should I install on the computer which will host Virtualbox?
<wild_oscar> server + an X environment, or desktop?
<wild_oscar> ie, I want the OS to be as unclogged as possible, but still have an X to ease the virtual servers' configuration and management
<wild_oscar> any thoughts?
<TuckLive> If your computer has decent specs installing the standard desktop version shouldn't bog it down to where it can't run the 2 virtual machines
<error404notfound> half world says its good to use unattended-upgrades, half says it isnt, which side are you on?
<error404notfound> seems like i am observing a third type, which remains silent :P
<error404notfound> anyone?
<ForeverSmurf> I'm installed about a dozen dedicated server with ubuntu but this latest one refuses to even start grub
<ForeverSmurf> I'm utterly LOST
<ForeverSmurf> I have even tried getting serial console (COM1) output to see if grub is start but have established that it is not
<ForeverSmurf> does anyone have any ideas that could help me?
<simplexio> ForeverSmurf: usually it gives some error
<ForeverSmurf> I'm not getting any error/ouput from grub at all
<ForeverSmurf> it's as if it isn't even being invoked
<simplexio> ForeverSmurf: and but you dont get no boot disk... error too ?
<ForeverSmurf> it's a remote server
<ForeverSmurf> no screen
<ForeverSmurf> hence the serial console
<simplexio> kvm switch ?
<simplexio> actually i dont do you get those boot time errors from serial console, vewer used one
<simplexio> my best quess is that you have wrong boot order. it isnt that long since i isntalled grub in ubuntu-server and it worked eithout problems
<simplexio> what fs you used for grub OR /boot
<simplexio> i didnt get xfs working year ago, so i had to use ext3.
<simplexio> dunno how you can change that with your setup
<error404notfound> why am i getting "E: Couldn't find package libapache2-mod-security" on default intrepid install?
<jpds> error404notfound: Because that package is not in intrepid?
<error404notfound> :(
<error404notfound> why? :(
<jpds> error404notfound: Reason: (From Debian) RoM; undistributable for legal reasons
<_ruben> Deleted in feisty-release on 2006-11-15  (Reason: (From Debian) RoM; undistributable for legal reasons)
<_ruben> aww .. too late :)
<_ruben> its back though
<jpds> error404notfound: There's libapache-mod-security - but it's from jaunty onwards.
<_ruben> in jaunty/karmic
<jpds> _ruben: Too slow, sir, tsk. ;)
<error404notfound> i am intrepid. Is it safe to go for jaunty?
<error404notfound> i am on*
<_ruben> for certain values of "safe", sure :)
<error404notfound> i mean overall, is it a good decision?
<_ruben> can be .. basically its just newer versions of the same stuff (globally)
<error404notfound> how many people here use jaunty as server? i still prefer hardy wherever possible...
<_ruben> i have 2 jaunty boxes here
<_ruben> at work its feisty/hardy/intrepid/jaunty .. yes .. one feisty left to upgrade :p
<_ruben> err
<_ruben> gutsy
<_ruben> not feisty :)
<shivek_> http://shivekkhurana.servebbs.com/
<shivek_> Can anyone help me on the concept of port forwarding ? **|
<Yorix> hello evbdy, im having trouble with ubuntus tomcat6, it doesnt print jasper reports
<Yorix> can anybody help me?
<shivek_> Can anyone help me (read mmy last post ) ^^|
<photon> Hey. I'm trying to use SFTP to access my server, however I (of course) can't write in root directories and I don't want to activate the root account. is there way to sudo myself in sftp?
<Yorix> photon: can you just sudo when you are already in?
<photon> Yorix: I don't know how since I use nautilus to access the server. no command line.
<Yorix> photon: can u use a shell?
<Yorix> photon: try getting in through cmd line, ddo u know how?
<Yorix> photon: you should be able to write root dirs if you are in the sudoers list through a shell
<korw> Hi all :) Is anyone fermiliar with this error? mdadm: failed to create /dev/md0
<photon> Yorix: I know how to do it with a shell, that's not the problem. I just _want_ to use nautilus, because it simplifies copying files over. can I get sudo with nautilus any way?
<Yorix> photon: i dont know if you can do it with nautilus
<Yorix> photo: gksudo should help you but not with sftp
<Yorix> when you log in, you do it with your user
<Yorix> photon: give me a minute,
<photon> ok :)
<Yorix> photon: indeed, you can't do root operations with nautilus through sftp without tempering some nasty stuff...
<Yorix> once you logged in, you r you, and can't change roles through nautilus
<Yorix> this should be done via shell
<photon> alright :(
<photon> thank you
<Yorix> can anyone give me a hand with this buggy stuff??? jasperReports not printing in ubuntus tomcat6 instance
<ttx> Yorix: if it's working with the regular tomcat tarball, then you should try disabling TOMCAT6_SECURITY in /etc/default/tomcat6
<ttx> That will mimic more closely upstream default behavior
<Yorix> ttx: done that... and yes its working in the regular tarball
<ttx> Yorix: any error ?
<Yorix> ttx: it is really strange, the text is not displaying at all, but just the text, and it is not my first time with jasper... fields are not overlapping
<Yorix> ttx: none whatsoever
<ttx> Yorix: ah, it produces something, but the output is wrong ?
<Yorix> the output "text" is not showing in any format, pdf,  html, etc
<ttx> could it be a font issue ? Do you use the same JVM in both cases ?
<Yorix> but everything else (eg field bground) is showing just nice
<Yorix> yes
<Yorix> suns 6
<ttx> bug 303291
<uvirtbot> Launchpad bug 303291 in openjdk-6 "All generated Jasper reports are blank w/ openjdk-6-jdk" [Undecided,New] https://launchpad.net/bugs/303291
<Yorix> it is really frutrating
<Yorix> hmmm
<ttx> Looks like an openJDK issue. If openJDK is installed, ubuntu's Tomcat6 uses it
<ttx> You can force another JDK in /etc/default/tomcat6
<Yorix> let me check
<Yorix> ttx: hmmm.... so if openjdk is present, tomcat makes use of it despite environment configs?
<Yorix> what if i uninstall openjdk
<Yorix> =
<Yorix> ?
<ttx> Should work, it should pick Sun's JDK (the next on the default list)
<ttx> JDK_DIRS="/usr/lib/jvm/java-6-openjdk /usr/lib/jvm/java-6-sun /usr/lib/jvm/java-
<ttx> 1.5.0-sun /usr/lib/j2sdk1.5-sun /usr/lib/j2sdk1.5-ibm"
<ttx> or override JAVA_HOME in /etc/default/tomcat6
<ttx> Yorix: the latter seems more resilient (since lots of stuff may reinstall openjdk)
<Yorix> indeed
<Yorix> ttx: thx lots man, saved my pathetic life
<shivek> Hi again ^^D
<ttx> Yorix: you're welcome.
<shivek> I've configured the apache server (http://shivekkhurana.servebbs.com). Now how to edit index.html located at /var/www
<t8llw1m> shivek: if you just want a short page, use a text editor
<t8llw1m> otherwise, point the root of your website to the real content
<shivek> No  mean it says something like permission denied
<Yorix> shivek: install apaches userdir mod and read docs
<t8llw1m> You have to do it either as the user running apache or as root
<t8llw1m> Do you have real content to start with>?
<t8llw1m> no you're not
<t8llw1m> look in /etc/passwd
<t8llw1m> you're just one of a bunch of users
<Yorix> t8llw1m: it doesnt matter, listing will be shown as default if no content is available
<t8llw1m> There's no such thing as "activating" root. What do you mean?
<t8llw1m> it's not locked
<t8llw1m> 1. make sure you have real content, 2. read the apache tutorial
<shivek> post me a link
<shivek> ^D
<uvirtbot> shivek: Error: "D" is not a valid command.
<shivek> What do you mean by real content ?
<shivek> Simple webpages or something else ?
<Yorix> nice
<t8llw1m> You know that better than me. Why do you want to run a webserver to start with?
<shivek> Its a personal website for me and friends .
<boozler1> I've got a fresh install of apache2 and am trying to point the virtual host to a directory in my home directory. All I've done is modify the document root and directory defaults to point to my "sites" directory but when I browse to localhost i get 403 forbidden! What else do I need to do? Do i need to change the grp/owner/permissions of my "sites" directory?
<firecrotch> boozler1: the user that apache is running as needs to have read permissions on the directory and all the files in ti
<uvirtbot> New bug: #401767 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1" [Undecided,New] https://launchpad.net/bugs/401767
<boozler1> firecrotch: ok so what is the proper way to handle it? modify the apache users grp or modify the directories permissions them selves?
<firecrotch> boozler1:  I would modify the permissions on the directory and files
<_ruben> i wouldnt place the docroot in my homedir either, but thats just me :)
<Steve[mbp]> Morning everyone!
<firecrotch> _ruben: true, but he probably wants to get around the "problem" of the regular user not being able to write to /var/www
<Ng> hmm, still getting weird XML out of virt-install after building 0.400.3-4ubuntu1
<BrixSat2> how so i open port 13000 from eth0 on iptables?
<Ng> kirkland: got a sec? trying out the KVM backport on hardy and I must be on crack
<Ng> hmm, actually belay that for a bit, I have some weird versions installed
<DelphiWorld> hello
<DelphiWorld> please, how i can install the orca screen reader in command line mode for UBUNTU Seerver 8.10?
<kirkland> Ng: k
<jmarsden> DelphiWorld: I think orca is fairly tightly bound to Gnome, so that may not be doable?  Might be better/easier to install ORCA on a desktop machine and then ssh from there into the server??
<DelphiWorld> jmarsden: ok, i accept that np, but why adrian support it with no gnome?
<jmarsden> I'm not an orca expert... there may be a way to compile/install a commandline only version of it... but I don't know.  Can you ask adrian, whoever adrian is?
<DelphiWorld> ok, adrian is a command line mode Operating system
<DelphiWorld> knopix is using it
<jmarsden> Um.  That would be ADRIANE :)
<jmarsden> and it seems to use SBL, not orca...
<Ng> kirkland: --accelerate should be the right option for virt-install, right? I'm getting <domain type='qemu'> which I think is wrong?
<kirkland> Ng: i'm sorry, i'm not that familiar with virt-install
<kirkland> Ng: check with soren, perhaps
<Ng> kirkland: what would be the preferred way for me to be creating kvm instances to test with this backport stuff? :)
<kirkland> Ng: virt-install should theoretically work;  i generally run kvm from the command line, or use virt-manager, though
<kirkland> Ng: did you grab the libvirt backport too?
<Ng> kirkland: 0.6.1-0ubuntu5.1~rc1ppa1 ?
<kirkland> Ng: righto
<kirkland> Ng: that might actually solve your virt-install problem, as it uses libvirt
<Ng> kirkland: I have that version installed already
<Ng> http://paste2.org/p/333274
<kirkland> Ng: hrm
<DelphiWorld> jmarsden: no, orca
<kirkland> Ng: lsmod | grep kvm
<kirkland> Ng: did you reboot after upgrading to kvm-84 ?
<Ng> kirkland: yeah I've been rebooting after each failed machine creation. weirdly there's no kvm module loaded this time
<kirkland> Ng: that's why accelerate isn't working
<kirkland> Ng: did your dkms kvm build succeed?
<kirkland> Ng: dpkg -l | grep kvm
<Ng> kirkland: I have kvm and kvm-source from the PPA. I'm not sure if the build succeeded, but I have modules in /lib/modules/2.6.27-14-server/updates/dkms/
<rgreening> ScottK: when's the last day for me to get my tac_pus + webui package in for Karmic?
<ScottK> Whatever feature freeze is.
 * rgreening searches...
<DelphiWorld> how i can login to my server using WinSCP a root?
<DelphiWorld> root is not accepted
<rgreening> ScottK: so Aug 27th seems to be FF date
<Ng> kirkland: ok, that fixed the XML virt-install is producing at least, and I now have a kvm process chewing CPU
<ScottK> Sounds right.
<rgreening> ScottK: so, once I have a clean set of packages, I can upload to universe... I assume no issues. These are standalone and provide a service which doesn't already exist in Ubuntu (at least for the last 2 releases)
<kirkland> Ng: what was the fix?
<ScottK> rgreening: REVU +1 advocate from another MOTU is recommended, but not strictly required.
<Ng> kirkland: I just manually loaded the module. I'm still a bit stumped about what to do next, I have a kvm process using a whole core of CPU, but using virsh to connect to its console gets me nothing to speak of
<rgreening> ty ScottK. I'll post up to REVU and get someone else to review/ack it
<shivek> I've created my website. When I type the url in my browser it redirects, but when I ask a friend to do so , it doesn't shows. Please help !
<BrixSat2> how do i open port 13000 from eth0 on iptables?
<BrixSat2> shivek
<BrixSat2> what is the ip of the server=
<shivek> url is http://shivekkhurana.servebbs.com/
<shivek> wget ip
<shivek> 	59.177.146.132
<shivek> BrixSat2 : are you there
<BrixSat2> yes
<BrixSat2> working ;)
<shivek> Help Me
<shivek> ! ^^D
<ubottu> Sorry, I don't know anything about D
<BrixSat2> i will
<BrixSat2> unable to establish connection.....
<BrixSat2> is it online?
<shivek> BrixSat2 : Shift to private window
<BrixSat2> no keep here
<BrixSat2> some one might help ;)
<shivek> Ok
<shivek> Hi Bot ^^D
<BrixSat2> haaa rebooting?
<shivek> Till then give me a command to move 1.JPG , 2.JPG and 3.JPG to /var/www .
<BrixSat2> ?
<BrixSat2> mv *.jpg /var/www
<shivek> Ok
<shivek> the images are on the desktop
<shivek> ^^|
<uvirtbot> shivek: Error: "^|" is not a valid command.
<BrixSat2> |help
<DelphiWorld> ubuntu server have selinux enabled by default?
<|404NotFound|> can someone help me fix: http://pastebin.com/m39b7886a ? apache keeps disappearing..
<|404NotFound|> DelphiWorld, ubuntu has aparmour, which is enabled but not confgured
<|404NotFound|> aparmour is a little bit less comprehensive thus easier than selinux
<|404NotFound|> apparmour*
<|404NotFound|> too many typos...
<|404NotFound|> DelphiWorld, Google Ubuntu AppArmor and Application Security and you will find some nice stuff..
<BrixSat2> |404NotFound| try #apache ;)
<|404NotFound|> AppArmor provides a sandbox to aps
<|404NotFound|> BrixSat2, tried :(
<|404NotFound|> also in daemon.log i get "WARNING: Couldn't read /proc/5650/environ: Failed to open file '/proc/5650/environ': No such file or directory" whats this?
<DelphiWorld> |404NotFound|: ok, thanks
<|404NotFound|> DelphiWorld, no problem i would have given you a walkthrough but i am stuck with this dumb vps
<DelphiWorld> |404NotFound|: np, i'm asking about it only because my apache tomcat is unable to listen to 8080
<|404NotFound|> you sure something else is not using 8080?
<|404NotFound|> try netstat -anp | grep 8080 to confirm
<DelphiWorld> |404NotFound|: no process in port 808
<DelphiWorld> 8080
<error404notfound> hmmm, you sure its configured to be run on 8080?
<uvirtbot> New bug: #380663 in open-iscsi (main) "open-iscsi initiator tries to resolve ipv6 address of target and fails" [Undecided,Invalid] https://launchpad.net/bugs/380663
 * manjo is away: getting lunch (gone at 20th Jul, 12:17:11)
 * manjo returns (getting lunch [20s]) (total away time: 20s)
<error404notfound> http://serverfault.com/questions/43070/apache-never-runs-after-configuring-eaccelerator-and-fastcgi
 * manjo is away: out for lunch back soon... (gone at 20th Jul, 12:21:27)
<error404notfound> any ideas about : http://serverfault.com/questions/43070/apache-never-runs-after-configuring-eaccelerator-and-fastcgi ?
<thadguidry> bootloader error when trying Server 9.04 - /in{tall/vmlinuz
<thadguidry> booting off cd directly - need help.
<thadguidry> chose my language of English and keyboard of USA and then hit enter and get the small grey BOOTLOADER error
<thadguidry> Intel Pentium 4 1.8Ghz with 512M DDR
<infinity> thadguidry: Bad burn, probably.
<thadguidry> ok, let me try a 1.0x burn and try that.... be back in 15 mins.... Thanks Infinity
<BrixSat> how do i open port 1202 on eth0?
<Armour> Hello people. I installed Ubuntu server 9.04. Got VINO working for VNC to it. It happens that only lets me VNC to an open session. But if the server is rebooted I cannot VNC on the login screen. Is there a way to set it up permanent?
 * manjo returns (out for lunch back soon... [1h 42m 34s]) (total away time: 1h 42m 34s)
<billybigrigger> does this look malicious to anyone?
<billybigrigger> someone tried to leave a comment on my wordpress site
<billybigrigger> http://imagebin.ca/view/rtKm6oM.html
<billybigrigger> thought i'd take a screenshot and show someone...looks a bit odd imo
<ivoks> that's spam
<ivoks> get use to it
<ivoks> people spam blogs
<billybigrigger> thanks, just the first time i'd seen something like it
 * ivoks enjoys cool evening by the sea...
<billybigrigger> ivoks, where do you live?
<ivoks> croatia
<billybigrigger> must be nice living by the sea
<ivoks> i'm not, i'm on vacation
<billybigrigger> ahhh
<billybigrigger> should have left your laptop in the room to enjoy it :P
<ivoks> well, i'm 2,5h drive from sea :)
<billybigrigger> oooh
<ivoks> make that 'i live 2,5h...'
<pmatulis> so you live 2.5 hrs from the sea but now you're on vacation by the sea?
<billybigrigger> i've lived in canada my whole life and still haven't seen the coasts, the only water i've seen is small lakes and the sea of cortez when i was in mexico this april
<pmatulis> billybigrigger: where in canada was that?
<ivoks> pmatulis: yep :)
<billybigrigger> calgary alberta
<pmatulis> billybigrigger: k, not much water there i figure
<billybigrigger> haha nope
<pmatulis> from montreal here
<billybigrigger> oh right on, i've been there once for a junior high school trip :P we saw an expos game, fun times :P
<pmatulis> k, expos are gone away since a while now
<billybigrigger> oh ya
<billybigrigger> long time ago
<orogor> hi here
<orogor> i got a very big problem
<orogor> i reformated my /boot as ext4, i can t boot anymore , i am using the live cd
<orogor> as an added bonus there  might be  some magic to do to ge the system partition to boot as it s on raid 10
<orogor> .... and the live cd doesnt  have ext4 support else it  d be too simple
<adam_vollrath> Good evening.  Where's the canonical list of packages available in Ubuntu Server Edition?  Web available, without installing it (don't have any installs yet.)
<adam_vollrath> Specifically, I'd like to find out which version of mod_wsgi is included in 8.04 LTS
<adam_vollrath> ^ where would I find this information via web browser?
<uvirtbot> adam_vollrath: Error: "where" is not a valid command.
<Jasonsmr> hello
<Jasonsmr> any one would like to offer assistance with a server install??
<Vog> Jasonsmr: See topic....
<Jasonsmr> dont ask to ask,,ok.
<Jasonsmr> im building a server on a nvidia 680i with 1 TB
<Jasonsmr> im configuring the raid now
<Jasonsmr> I will need hel;lp with the server install and choosing the correct server specifically I would like to find out by someone who's already installed a working PCI-DSS certificated server before
<Jasonsmr> on this server im building I need to find out how to quickly run a secure server
<Jasonsmr> would any one have advice
<Jasonsmr> thanks ill check the tiney url, and post any q on the forum when i get there..>
#ubuntu-server 2009-07-21
<howie> Im installing ubuntu server on one of my old comps and it show all these ata1.01 status {DRDY} Frozen timeout stuff..
<howie> its showing*
<howie> should i just keep letting it do its thing or do i need to fix something first?
<oh_noes> Anyone want to take a guess at where the console login screen gets the OS string and version from?
<oh_noes> I was hoping to append something to it
<jmedina>  /etc/issue, /etc/issue.net or /etc/motd, it depends how you log in
<oh_noes> thanks
<lukehasnoname> uname -a
<lukehasnoname> ?
<clusty> hey
<clusty> i am trying to install a server on a headless machine using pxe
<clusty> unfortunately the windows tftp is complaing: http://pastebin.com/m7e5a75b
<clusty> any clue how to fix this?
<clusty> the dhcp is proivided by the router
<clusty> and tftp is running on a nother machine (windows)
<oh_noes> Is there  an opem-vm-tools binary package for Ubuntu JeOS 8.04.3 LTS?
<oh_noes> Or maybe I should ask, which repository has it?
<jgedeon> oh_noes: I don't think it is in the repositories.
<jgedeon> oh_noes:  Looks like it made it into intrepid and jaunty
<jgedeon> But not hardy
<oh_noes> I think thats cos it was never 'originally' super stable for LTS release
<oh_noes> but I was hoping now, the code would be acceptable
<oh_noes> unless theres another reason
<roxy09> hi...i am trying to install a ldap backup server. I read the documentation but still i am not sure if i need to install everything like the main server and then some special configuration ?
<roxy09> teh documentation said do somehitng in the serve but im not sure if they mean the main server or the secondary server
<jgedeon> oh_noes: Lanchpad has them for hardy.
<jgedeon> https://launchpad.net/ubuntu/hardy/+source/open-vm-tools/+builds
<jgedeon> oh_noes: but I think I would just get them for sourceforge and install the newer ones or go with what vmware server 2 has.
<oh_noes> jgedeon: they are over 16 months old
<jgedeon> http://sourceforge.net/projects/open-vm-tools/files/open-vm-tools/open-vm-tools-2009.06.18-172495.tar.gz/download
<oh_noes> jgedeon: I need to automatically deploy JeOS VM's with it on there though .. is there a deb-src of them anywhere?
<oh_noes> the sourceforge page onyl has the source ...
<oh_noes> (tar.gz src)
<jgedeon> Oh ok
<twb> Debian source packages are available within the normal package archive.
<twb> Add deb-src entries to your sources.list, then use "apt-get source open-vm-tools"
<twb> If you need a newer version of a package, you should investigate -updates and -backports before building from upstream source, since packaged versions often include significant integration and bug fixes that are not available upstream.
<twb> !updates
<ubottu> Sorry, I don't know anything about updates
<twb> !hardy-updates
<ubottu> Sorry, I don't know anything about hardy-updates
<twb> Bah.
<oh_noes> twb: how would you then recommend for me to quickly deploy/install it on i386 hardy boxes here as part of an internal distribution?
<twb> oh_noes: you maintain an SOE?
<oh_noes> Compile and create my own i386 deb from deb-src?
<oh_noes> Yes
<twb> You should first try to use the .deb unchanged from, say, intrepid.
<oh_noes> twb: ok i'll; give that a go
<twb> That, or the version in hardy-backports or hardy-updates
<twb> According to http://packages.ubuntu.com/open-vm-tools, that specific package is not available in any hardy native repo.
<twb> So yeah, first try installing from the newer release unchanged, then if that doesn't work try apt-get build-dep open-vm-tools && apt-get source --build open-vm-tools to generate a binary rebuild for hardy.
<twb> If *that* doesn't work, you'll need to do more investigation -- possibly changing versions in debian/control or similar
<roxy09> Hi...somebody know about backup ldap server..i am trying to install a ldap backup server. I read the documentation but still i am not sure if i need to install everything like the main server and then some special configuration ?
<twb> What is an ldap backup server?
<twb> Do you mean an LDAP server that acts a slave to a master server, with failover to the slave if the master goes offline?
<roxy09> yes
<twb> Dunno about that, sorry.
<twb> You can also try #openldap or similar.
<oh_noes> am I drunk, or is there no way to download the deb from http://packages.ubuntu.com/intrepid/open-vm-tools ?
<roxy09> sorry im new in the ofrum...how i can go there
<roxy09> forum
<roxy09> i got
<qman__> oh_noes, click either "amd64" or "i386", with respect to your architecture
<qman__> it's a little unintuitive, I'll agree, but you click those, not the package name
<roxy09> hi, I am using my server as nat and there is some users that are download bad content from internet by bitorrent...somebody know how I can detect who was the user or how i can block bitorrent?
<tsrk_> roxy09, you could probably block the bittorrent ports somehow (sorry, I can't say any more specifically than that, but you should be able to find documentation that explains how to block ports)
<roxy09> the problmes i bittorrent use any port
<twb> To block bittorrent you want to use the L7 iptables module.
<twb> http://l7-filter.sourceforge.net/
<twb> !learn l7 is is a classifier for Linux's Netfilter that identifies packets based on application layer data. It can classify packets as [peer-to-peer data] regardless of port.
<roxy09> sonf good thanks...i am reading that...also do you know some program that i can detect traffic and conection by IP address /user and give me some statitic information. I would like to detect who is doing a bad use from internet as we are having a lot of legal problems because that
<roxy09> other question...i am installindg a wireless somebody know how do that to autentificate with my ldap server?
<quizme> how can i tell if mysql is working ?
<roxy09> hi ...i need to configure a print server with samba and use a ldap server ..somebody know how configura it?
<roxy09> alo
<roxy09> hola?
<twb> !es
<ubottu> En la mayorÃ­a de canales Ubuntu se comunica en inglÃ©s. Para ayuda en EspaÃ±ol, por favor entre en los canales #ubuntu-es o #kubuntu-es.
<dpreacher> hello people, I need help with debugging an issue of shell logins taking quite a long time on ubuntu server 8.10 64-bit. it started all of a sudden in the last 1-2 weeks
<dpreacher> any and every help is very much appreciated
<dpreacher> so far things i tried
<dpreacher> 1. tried to strace ssh since i primarily login via ssh.
<dpreacher> 2. however found that local logins took that delay as well.
<dpreacher> 3. also looked at dmesg found 560 lines with audit in them, hinting at inet6 which i believe is for ipv6 which we are not requiring...however this is not necessarily triggered at login
<jmarsden> dpreacher: Did you try creating a new account and logging into that, so you have a brand new unmodified ~/.bashrc ?  Still slow?
<dpreacher> checkin in a moment jmarsden,
<jmarsden> dpreacher: OK.  If it is still slow, in that new account try    bash --login --noprofile    and see if that is slow.
<dpreacher> jmarsden, can i try the 2nd suggestion before creating a new user
<jmarsden> Sure, if you want :)
<simplexio> dpreacher: i had that problem too.. fixed it removing Private directory mounting from pam.d
<dpreacher> hmm...private directory was local path?
<dpreacher> simplexio?
<dpreacher> where do i check for nfs/cifs mounts? esp. the latter one?
<simplexio> dpreacher: yes.
<simplexio> i just removed it from pam.d and added line to motd to hint people use ecrypfs-private-mount
<dpreacher> jmarsden,  bash --login --noprofile logged in absolutely instantly
<dpreacher> im thinking /etc/bash.bashrc may be a possible suspect
<jmarsden> dpreacher: OK.  Does    bas --login    do the same?
<dpreacher> have to check that,
<jmarsden> dpreacher: Make that    bash --login
<dpreacher> bash --login ? without --noprofile? jmarsden
<jmarsden> Right... if --noprofile makes the difference then the issue is something being done in the profile stuff...
<jmarsden> Let's confirm that before looking at specific files :)
<dpreacher> nope jmarsden, it went in quickly. i also put time command before bash and the times recorded were very very minutesimal
<jmarsden> OK.  So either that is because whatever was taking time is already done for that user, and subsequent times it is therefore quick, or else it is not profile stuff that is the cause.
<dpreacher> well i did su - user2 and then it took a real long time again, but running bash --login on that account also started another bash almost instantly
<dpreacher> jmarsden
<dpreacher> if i wanted to check if there are some unused nfs or cifs mounts, where'd i look, fstab itself? jmarsden
<simplexio> mount tells allready mounted
<jmarsden> Sounds like it is doing something that is slow "first time", but quick thereafter.  What is in anyway "unusual" about this machine?  What have you manually configured on it that might be worth investigating?
<jmarsden> And yes, you can read /etc/fstab to see what network file systems are configured there.
<dpreacher2> jmarsden, my net dropped did u get all 3 points?
<jmarsden> No, I saw nothing at all...
<dpreacher2> <dpreacher>stuff that are unusual on this machine:
<dpreacher2> <dpreacher>1. RAID setup
<dpreacher2> <dpreacher>2. 3 NICs. 2 ISP lines and 1 LAN
<dpreacher2> <dpreacher>3. its the gateway and DNS for the intranet
<psyferre> Hey folks, I'm having some trouble finding definite information anywhere online... if I install 64bit ubuntu, do I need to do anything special to make sure I install 64bit mysql?
<dpreacher2> i dunno what else to include. nothing related to bash or logins was configured or installed jmarsden
<psyferre> Or will apt get install mysql-server just automatically pull down the 64 bit package?
<jmarsden> dpreacher2: Have you checked that DNS is working well, and that the machine can look up its own name quickly?
<jmarsden> psyferre: Do nothing special, apt-get is smart enough to know what architecture your machine is.
<psyferre> jmarsden: awesome... thanks
<jmarsden> No problem.
<dpreacher2> i can access the website on the server using the fqdn of the ubuntu server machine
<jmarsden> I'm guessing... long delays can be DNS related and you have a more complex than usual network setup...
<dpreacher3> hello again
<dpreacher3> whoa /me
<dpreacher3> jmarsden i need to step out for a while...will come back soon and resume this.
<dpreacher3> thanks for your help and time
<dpreacher3> thanks simplexio as well
<jmarsden> OK... 11pm here... I may not may not be here much longer... need to sleep sometime :)
<altf2o> just out of curiosity, has anyone actually gotten Samba + LDAP working w/ the guides? Or damn near anything available on google?
<roxy09> Hello again, somebody know how i can detect quantity of downloading by IP?
<twb> $ /sbin/ipconfig eth0 ==> [...] RX bytes:84614245 (80.6 MiB)  TX bytes:5748325 (5.4 MiB)
<twb> Of course, that wraps around (rests to zero) at some point
<_ruben> twb: ipconfig is a windows command ;)
<twb> Sorry, I always get p and f backwards.
<_ruben> ;)
<uvirtbot> New bug: #402085 in lsb (main) "lsb_release crashed with ImportError in <module>() (dup-of: 383697)" [Undecided,New] https://launchpad.net/bugs/402085
<roxy09> Hi sorry i mean get some log that shows me about traffic or quantity donwloaded by Ip or user?
<_ruben> roxy09: one solution would be to use pmacctd .. tho there's several alternatives as well
<jmarsden> roxy09: ntop might be worth a look (web interface rather than a log file)
<chronodekar> when configuring a server with 8GB of RAM, how much can be allocated for virtualization ?
<twb> All of it
<dayo> i need to set up an ssh server, so that a user can remotely access his home dir. this is my network setup: http://paste.ubuntu.com/223359/  i'm thinking i need to connect the external interface of my ssh server to the router, and the internal to the switch? i've never setup an ssh server before, so i need some advice, please.
<twb> dayo: you have a application router, and a separate Ubuntu server?
<twb> dayo: that is, you are not running Ubuntu on your router?
<dayo> twb: correct. cisco 1800 router, and my ubuntu server hooked up to it, via router's switch
<twb> Does your router do NAT?
<twb> i.e. does your Ubuntu server already have a public IP address on the internet?
<dayo> twb: yes, it has a public and a private IP
<twb> Then all you need do is install openssh-server
<thefish> anyone know of any small (1u) hardware with about 4 nics to run JEOS/iptables/openvpn on?
<andol> thefish: Regarding small hardware with 4 nics perhap a soekris might be a solution? Besides that, not really sure how well JEOS applies to a non-virtual machine.
<thefish> i really like that it doesnt install any other kaka on the box, ive been running quite a few on steel with no issues
<thefish> will check out soekris, thanks
<error404notfound> I had Intrepid and i upgraded to jaunty. Now i get "You are running a kernel from Ubuntu Intrepid.  Ksplice Uptrack for. Ubuntu only supports kernels from Ubuntu Jaunty." Any idea how to fix it?
<error404notfound> how can i upgrade to latest kernel?
<ogra> error404notfound, seems you didnt properly upgrade, did you use the documented upgrade procedure ?
<error404notfound> ogra, i just did a dist-upgrade to keep intrepid to latest and then i change repo to that of jaunty and did a dist-upgrade again.
<ogra> error404notfound, http://www.ubuntu.com/getubuntu/upgrading
<ogra> at the bottom
<error404notfound> ahan... i see...
<error404notfound> lemme check
<error404notfound> ogra, what can i do now?
<error404notfound> the do-release-upgrade says that there are no new upgrades
<error404notfound> ogra, there?
<uvirtbot> New bug: #398428 in samba (main) "folder sharing not working without reboot" [Undecided,Incomplete] https://launchpad.net/bugs/398428
<error404notfound> anyone else here who could help me a badly-upgraded jaunty?
<alexm> error404notfound: i'd take a look at what do-release-upgrade does and see if there's some package missing in your system
<error404notfound> its python and i dont know much python
<alexm> since it seems the problem is only with the kernel, make sure you have jaunty kernel installed, take a look at http://packages.ubuntu.com/jaunty/linux-image
<alexm> do you have a server install?
<alexm> if so, make sure you have package linux-image-server installed, it should bring all the other dependencies
<error404notfound> alexm, i am using a vps on xen
<alexm> so you upgraded the domU from intrepid to jaunty, is that right?
<rose_> hello everyone...I need to install one samba print server but i need to authetificate with another ldap server. I just tried but doesn't work..I installed nss and pam, but still i dont know what i must to put in the configuration
<rose_> ==#
<alexm> error404notfound: are both them dom0 and the domU running jaunty?
<alexm> s/both them/both the/
<error404notfound> nope, dom0 is not even ubuntu , i doubt
<alexm> but do you know which kernel is running dom0? both dom0 and domU use the same kernel version usually
<alexm> rose_: take a look at https://help.ubuntu.com/9.04/serverguide/C/samba-ldap.html
<alexm> but note that it's the server guide for jaunty
<error404notfound> alexm, any idea about: http://pastebin.com/m771347f5 ?
<alexm> since uptrack is broken if fails too when removing it
<error404notfound> any workarounds?
<alexm> trying fixing broken packages first, apt-get install -f
<alexm> without any other option
<error404notfound> did...
<error404notfound> again tried to uninstall and got same thing
<error404notfound> alexm, btw dom0 uses the xen.org kernel.  it's a heavily modified 2.6.18-8
<alexm> that's the problem then, jaunty provides 2.6.28
<error404notfound> 2 major issues then: 1. Kernel, 2. Ksplice, i would say lets solev 2 first and then 1 as i am fine with 2.6.27 for now
<alexm> anyway, are you sure you can run ksplice on a domU?
<error404notfound> i want to uninstall it, dont need it...
<alexm> ok then
<alexm> so the problem is the broken uptrack, right?
<alexm> dif the apt-get install -f do or say something?
<error404notfound> it installed ksplice back and some other stuff...
<\sh> hmm.....25x (BL465C [2x QUAD Opterons 2.7GHz, 32GB, 2x146GB SAS] * stress --cpu 8 --io 4 --vm 2 --vm-bytes 8589934592) == max load of 39 ==> no io left for network ==> no io left for output ==> waiting for self destruction
<alexm> so now you can try to remove ksplice again
<\sh> HP BL7000C enclosure reports 4KW power consumption...that's green IT ;)
<error404notfound> alexm, same issues
<alexm> i haven't been able to find uptrack package in ubuntu, and it seems a dependency of ksplice, so try to dpkg -r uptrack ksplice and see if you get more details of the problem
<error404notfound> alexm, http://pastebin.com/m15325bc
<alexm> it seems that the install/remove hooks test the kernel, you'll have to get around them
<alexm> find those hooks in /var/lib/dpkg/info
<alexm> they should be named after the package, i.e. uptrack* and ksplice*
<alexm> grep "You are running a kernel from Ubuntu Intrepid" /var/lib/dpkg/{uptrack,ksplice}*
<alexm> then find the place where the test is run and comment it
<alexm> finally, try to remove those packages again
<alexm> sorry, i forgot /info/ in the grep above
<alexm> grep "You are running a kernel from Ubuntu Intrepid" /var/lib/dpkg/info/{uptrack,ksplice}*
<error404notfound> nothing comes up
<alexm> then search for "You are running a kernel" only
<error404notfound> nope, nothing.... i am also getting the same message in a cron every now and then
<error404notfound> even did grep "You are running" /var/lib/dpkg/info/*
<alexm> ok, please do... ls /var/lib/dpkg/{uptrack,ksplice}*
<error404notfound> http://pastebin.com/m16769fe1
<error404notfound> in cron.d i have uptrack which is http://pastebin.com/mc23f3d1 and it prints the same output as at the install time
<alexm> can you show me /var/lib/dpkg/info/uptrack.prerm ?
<error404notfound> http://pastebin.com/m56b32bce
<error404notfound> moreover like the cron: http://pastebin.com/m4bee95cb
<alexm> try running "uptrack-remove --all -y --no-network" and see if the message about intrepid kernel appears?
<error404notfound> damn, yes..
<error404notfound> commenting it
<alexm> but if you comment it out, maybe there will be some files left in the system
<alexm> it's up to you
<alexm> either you try to find out what uptrack-remove is doing or comment it on the .prerm
<error404notfound> but there is no work around, is there?
<error404notfound> btw diid you refer t http://pastebin.com/m368fe1a8 ?
<alexm> yes
<error404notfound> i have found the script that executes on uptrack-remove
<rose_> hi please...somebody can helo me...I need to install one samba print server but i need to authetificate with another ldap server. I just tried but doesn't work..I installed nss and pam, but still i dont know what i must to put in the configuration
<error404notfound> alexm, how much of a good idea is to run unattended-upgrades or ksplice with autoinstall?
<alexm> i know nothing about ksplice, sorry
<rose_> or how I can add a domain member server to PDC?
<resno> What do I use to parse apache_logs, to get stats on something?
<andol> resno: I kind of like to use awstats.
<resno> andol: how do i get awstats to go through my stats? I have never done this before....
<resno> I need stats on a specific page.
<shivek> Hi everyone ^^D
<resno> hello
<shivek> Any one has anproblem ?
<benc> by default does the time on ubuntu server syncing from the web?
<resno> oh, i have a logs, that i want to get stats off of. is installing awstats and running that the best way?
<Steve[mbp]> Morning Everyone!
<yann2> hi... ok not too sure if this is the best place to ask for this, please guide me if it's not
<yann2> I am setting up a CUPS print server for our office - and wanted to know if these drivers: http://software.canon-europe.com/software/0031040.asp  were packaged  - and if not, what the steps would be to get them packaged?
<yann2> I couldnt find any package that contained those - and it's all GPL
<_ruben> yann2: #ubuntu-motu would be a good start i think
<shivek> Hi everyone ^^D
<|404NotFound|> i have accidently set www-data:www-data to be owner of /var. Any solution to this stupid mistake of mine?
<error404notfound> anyone, please? i am going through really bad mental state due to this disasterous mistake...
<resno> change the owner
<error404notfound> resno, i dont know which directory had which
<error404notfound> i did it recursively :'(
<error404notfound> fuck up the whole server...
<error404notfound> :'(
 * error404notfound is thinking of possible ways to suicide...
<Jeeves_> error404notfound: Do you have a window?
<error404notfound> Jeeves_, window?
<Jeeves_> Yes, you know. In the wall.
<Jeeves_> To look outside, or into another room.
<error404notfound> Jeeves_, yes...
<Jeeves_> Make a hole in it
<error404notfound> why?
<Jeeves_> stick your head through it
<Jeeves_> let youselve fall into the glass
<error404notfound> Jeeves_, For God's sake....
<Jeeves_> 18:44  * error404notfound is thinking of possible ways to suicide...
<resno> !topic
<ubottu> Please read the channel topic whenever you enter, as it contains important information. To view it at any time after joining, simply type /topic
<resno> !ot
<ubottu> #ubuntu is the Ubuntu support channel, for all Ubuntu-related support questions. Please use #ubuntu-offtopic for other topics. Thanks!
<Jeeves_> Not even jokes are allowed
<Jeeves_> pff
<error404notfound> so do i have to do it all the way up, i had no backups, i spent a whole week in setting up this server from scratch using a lot of guides...
<error404notfound> Jeeves_, thanks, that really helped...
<error404notfound> so is there a solution or?
<howie> anyone know what : Grub loading, please wait..... Error 18.   means?
<resno> howie: http://tinyurl.com/m954qx
<howie> sweet
<resno> howie: does that help you along?
<howie> more then i possibly thought.... lmgty is awesome...
<resno> ive been waiting for the perfect time to use it
<howie> that was great i felt like i got trout slapped for the first time..
<jtimberman> mathiaz: ping
<mathiaz> jtimberman: hey
<axisys> how do I migrate to software raid 1 without resintalling the OS ? i have not see a complete once for newer ubuntu or debian.. like mkinitrd should be replaced by mkinitramfs and other small details.. looking for a complete how to for newer ubuntu
<ahasenack> any idea why /dev/kvm is not created with group 'kvm'? http://pastebin.ubuntu.com/223781/
<ahasenack> the udev rule seems ok
<ahasenack> ah, an "/etc/init.d/udev reload" was missing
<ivoks> hm...
<ivoks> :)
<ahasenack> yeah, I just installed the kvm package
<ahasenack> seems it doesn't reload udev in the end, but loads the module anyway
<MrGlass> hi
<MrGlass> how do i install pdo/pdo_mysql?
<hocuspocus> can anyone tell me how to install my printer from the installation cd to ubuntu?
<laytone> Does anyone have a good recomendation for a Web Hosting Panel application that will run on the latest ubuntu server?
<resno> laytone: im partial to cpanel..
<laytone> cpanel will only run on a Red Hat or CentOS server,  that was my first choice as well
<laytone> Any Other Ideas?
<resno> laytone: let me google it
<laytone> resno:  thank you but you really dont have to spend time doing research for me.  I was comming here to ask anyone if they had any ideas from experience.  :)
<resno> laytone: i was curious for myself. as i love ubuntu.
<resno> i know there ispconfig...
<resno> laytone: here is a link http://ubuntuforums.org/showthread.php?t=294169
<resno> Plesk is a popular one
<laytone> I was looking into plesk and they support ubuntu up to version 8.04 is there any chance it would run in the newer 9.x
<laytone> resno: thank you for that link btw I will look it over now
<laytone> resno: I'm thinking webmin might be the way to go
<resno> laytone: cool, glad it was helpful.
<resno> laytone: dont run a ubunut server, but will soon. want to make it can keep up with centos and others
<laytone> resno: Yes it seems like everything is supported by centos, red hat and freebsd.  Thanks for your help though
<abel408> Hello everyone! My Ubuntu server running KVM has been crashing as of late. About 3 times a day. It is usaully rock solid. Are there any logs I can check?
<abel408> The server actually still has power and fans are spinning, but it appears to be dead. Monitor doesn't show anything either
<pwnguin> automatic suspend?
<pwnguin> abel408: is the host server "crashing", or the virtual hosts?
<abel408> The host
<pwnguin> got a serial cable handy?
<abel408> I do...
<pwnguin> i wonder if theres a way to get the kernel to dump the ringbuffer to console
<pwnguin> but basically, you can hook up to the serial console and see what sort of messages go across it
<abel408> Do you think it's software or hardware?
<pwnguin> i guess i should ask
<pwnguin> by kvm you mean kernel virtual machine?
<abel408> yea
<pwnguin> my guess would be software
<pwnguin> abel408: obviously you can check the stuff in /var/log, but the most interesting stuff is in dmesg
<pwnguin> and that's stored in kernel RAM, and won't survive a reboot
<abel408> yea... Nothings in the logs
<pwnguin> it should also be printed out to serial console, which you can hook up to with minicom (or your favorite remote console logger)
<abel408> Yea I might do that and leave it running over night. I'm wondering if this is what I'm looking for: https://wiki.ubuntu.com/KernelTeam/CrashdumpRecipe
<uvirtbot> New bug: #402734 in openssh (main) "sftp subsystem dies when requested" [Undecided,New] https://launchpad.net/bugs/402734
<jhujhiti> does anyone have any idea if it's possible to migrate a kvm machine into a qemu one? preferrably live migration.
<jhujhiti> i have a pre-svm opteron driving me nuts
<bsmith> I recently installed ubuntu server 8.04 LTS on a system that previously had 9.04 server on it.  I installed the OS from unetbootin for an .iso to a usb.  I received an error 21:
<bsmith> Can anyone help me
<bsmith> Can anyone help me
<bsmith> Can anyone help me
<soren> bsmith: The easiest fix is to reinstall from a real CD.
<bsmith> Don't have a sata cdrom
<soren> bsmith: I've heard of people with similar problems when isntalling from USB.
<bsmith> soren:Did they fix it without a cdrom drive
<soren> bsmith: I believe it's because the installer gets confused by the USB drive (thinking it's the first hard drive, and the real hard drive is the second drive).
<soren> This is definitely fixed in 9.04. Why did you downgrade?
<bsmith> soren: makes sense, is there a solution
<soren> bsmith: Yes. Install from a CD or a newer version of Ubuntu. Or fix grub afterwards.
<soren> The first two options are simple. The latter less so if you're not too familiar with grub.
<bsmith> I downgraded because I couldn't get any of the media serving software to work properly.  I tried jinzora, ampache, gnump3d, I found directions that seemed promising for 8.04 thought the downgrade would be easy
<bsmith> Can you elaborate on the last one "fix grub afterwards"
<bsmith> soren: Can you elaborate on the last one "fix grub afterwards"
#ubuntu-server 2009-07-22
<FFForever> Hi ya
<FFForever> how can i move/replace all files/folders with newer ones?
<uvirtbot> New bug: #402727 in samba (main) "Install Ubuntu Server For File-Server Failed because dont install CUPS" [Undecided,New] https://launchpad.net/bugs/402727
<ewook> eh?
<uvirtbot> New bug: #402776 in postfix (main) "while installing HP driver, application crashed." [Undecided,New] https://launchpad.net/bugs/402776
<JordiGH> I have an NFS-mounted directory to which I want to let two different httpds, one from Ubuntu and one from Fedra, have read-write access. The problem is that www-data and the corresponding user in Fedora have different uids, so while they can both write to the directory, the Fedora httpd can't overwrite the Ubuntu's httpd's files nor vice versa. What's the easiest way to fix this? I'm tempted to stop one httpd, change the uid of www-data so
<JordiGH> it's same on both servers, find the files that have the old uid, and restart that httpd.
<jgedeon> usermod -u
<JordiGH> jgedeon: So that's a "yes, that's a good idea"?
<axisys> i am still for an article (new, preferably from 2009, i know of the old one which talks about mkinitrd) that covers how to migrate to software raid 1 short of reinstalling the OS
<axisys> looking for that is
<nxvl> kirkland: ping
<nxvl> kirkland: is byobu in debian?
<nxvl> kirkland: found it, nevermind
<altf2o> couple quick questions: #1 - anyone ever experienced the package "unattended-upgrade" NOT automatically updating? I've ensured the config file /etc/apt/apt.conf.d/50unattended-upgrades , does have "Ubuntu jaunty-security"; allowed and i changed the mail ok, but it didn't report that i needed updates, nor did it update them. However apticron which i also installed to test, sent an email that listed ~4 dozen security updates?
<altf2o> #2 - i've got my DNS setup fine, i have entries like:  ubuntu9ps    IN  A  192.168.0.85   , now i can ping: ubuntu9ps.altf2o.lan, but i'd like to be able to ping just 'ubuntu9ps' w/o the use of local hosts files. Is that possible with DNS? (I haven't come across an answer yet)
<pmatulis> altf2o: configure your resolver (client) to use the domain 'altf2o.lan' as its default
<altf2o> wow, either i'm mental or Ubuntu is resetting my settings. I would've bet money i changed resolve.conf. It was wrong, that issue is now resolved thank you! :).
<twb> altf2o: resolv.conf is rewritten by dhcpd
<twb> *dhcpc
<twb> Probably network-manager, that nightmare from hell, also pisses all over resolv.conf
<jmarsden> altf2o: man dhclient.conf and check out the supersede statement in particular
<altf2o> awesome, thanks guys! Looks like i got it working ok now. I'll see what happens in a couple reboots.
<rose_> ;
<jmarsden> altf2o: Now you have working DNS, does doing   sudo unattended-upgrade     upgrade things the way you expect?
<lamont> sigh... I wonder which package bug 402776 belongs to.. because it certainly isn't postfix
<uvirtbot> Launchpad bug 402776 in postfix "while installing HP driver, application crashed." [Undecided,New] https://launchpad.net/bugs/402776
<pmatulis> lamont: poorly written driver?
<jmarsden> lamont: There aren't too many postfix installations with HP drivers :)   The real question is, can the reporter reproduce the issue? :)
<jmarsden> It can probably be marked incomplete and the reporter can be asked for steps to reproduce, which will help identify the application concerned... if it can in fact be reproduced.
<lamont> he was setting up his printer... so yeah, I'll worry about that tomorrow then
<ScottK> lamont: I think it's the same /var/lib postinst failure we've seen before, but I couldn't be bothered enough to read the terminal log to know for sure.
<lamont> ScottK: ah postinst fail?
<lamont> interesting
<lamont> I'll read the terminal log first tehn
<lamont> but for now, sleep
<altf2o> jmarsden: i upgraded by hand, but now typing: sudo unattended-upgrade, it did produce the log file in /var/log/unattended-upgrades/ which did state there was none. So it appears to all be ok, i'll see when i get the next notification for security updates and see what it does.
<jmarsden> altf2o: OK.  Yes, I think fixing the DNS issue will have also fixed the unattended-upgrade one.  Of course, the "fix" is temporary until you edit /etc/dhclient.conf ... don't forget :)
<jmarsden> Make that /etc/dhcp3/dhclient.conf
<altf2o> awesome! Thanks once again :). Checking the man page now. It appears my server is ok, rebooted and all settings were fine. But i noticed in /etc/network/interfaces there was actually no eth0 entry. I'll edit both and reboot, see if it doesn't stick again.
<altf2o> sorry on my workstation client, i noticed that about no eth0, server is ok.
<jmarsden> The workstation may be using Network Manager instead of /etc/network/interfaces ?
 * twb hatessss the network manager
<dpreacher> hello, everytime I install any package on my ubuntu machine using apt the process completes ok but it always comes with a bunch of insserv warnings. Please take a look at http://dpaste.com/69822/ to see the lines. I'd like to find out how to get rid of them, even though they may say they are warnings and not errors. thanks
<twb> insserv isn't supported on Ubuntu IIRC
<dpreacher> but so far we've not put in anything apart from the repos and the default install of a ubuntu server 8.10
<twb> I think someone foolishly made universe enabled by default in 8.10
<twb> insserv was in universe in 8.04, at least
<twb> "Use this package with care, as incorrect or missing dependencies can give you an unbootable system."
<dpreacher> oh...can you explain please what enabling universe means twb
<dpreacher> so can i remove it?
<twb> The "universe" category holds packages that do not receive formal support from Canonical.
<twb> Well, see, the thing about insserv is that removing it doesn't undo the damage
<dpreacher> ohh
<dpreacher> how user friendly
<twb> I certainly wouldn't install it on a production system, unless that system was SuSE
<twb> I dunno how you managed to install it accidentally.
<dpreacher> you don't like SUSE?
<twb> No, insserv is native to SuSE.  It's supported there
<dpreacher> but if i'd installed insserv, i'd definitely known about it
<dpreacher> i dunno what package got it there...is there some way to see what pkgs depend on it
<dpreacher> using apt or aptitude?
<twb> aptitude why insserv?
<dpreacher> even question mark also?
<twb> Maybe "aptitude search ~i~Dinsserv"
<dpreacher> no why worked
<twb> Cool
<twb> I'm trying to learn to use why more
<dpreacher> i see that chkconfig recommends that and i think chkconfig isn't native to ubuntu like its to the red hat distro
<twb> I am too clever, see, so I reinvent why using search primitives
<dpreacher> red hat based i mean
<twb> Ah, yeah, I would normally use rcconf not chkconfig
<dpreacher> yes without clever ppl it'd be so hard to learn n be clever myself
<dpreacher> so if i remove chkconfig, then i won't need insserv and could remove that right?
<twb> Yes, but as I noted 17:19 <twb> Well, see, the thing about insserv is that removing it doesn't undo the damage
<dpreacher> thats also there :(
<dpreacher> chkconfig was easy to use, is rcconf also cli/ncurses based, coz server edition hasn't had a GUI yet
<twb> Honestly, though, you are *probably* safe from insserv breaking anything
<twb> rcconf is a text UI
<dpreacher> cool
<dpreacher> so twb how do i further alleviate the problem...should i disable universe repo?...gotta learn that myself and what about insserv, what all ways can i stop further damage?
<twb> Removing insserv will stop it doing anything more
<twb> Basically what insserv does is change the order of files in /etc/rc?.d/*
<twb> You could recover them with some work, but it's a major pain in the arse.
<dpreacher> do you say that rcconf is a safer tool?
<dpreacher> twb
<twb> rcconf just changes what services run at boot
<twb> insserv changes the order in which they run
<dpreacher> u mean the S12 or K34 order like startup order and shutdown order
<twb> Yes
<twb> I don't think it keeps a backup, either
<dpreacher> so is it needed if i wanted to have such an order or could i have that order manually as well
<twb> The point is that the default order is tested; insserv changes it and might change it to be wrong if dependencies are not declared correctly by the init script maintainers
<dpreacher> true. i didn't mean to alter that order but of any script that i might put at boot or shutdown
<dpreacher> when i type aptitude show insserv does it show the version available or the installed version...if i could see the installed version i cud look up relevant bug reports
<dpreacher> twb you've been really helpful. thank you so much
<twb> apt-cache policy will show you all known versions
<dpreacher> oic
<twb> I dunno which aptitude show tells you; the aptitude GUI will list all versions if you click on a package in the list
<rose_> somedody know how i can incorporate a new ruler with iptables?
<dpreacher> i see. gotta go for lunch...i think i'll get that chkconfig replaced with rcconf after doing some reading about migrating the settings
 * cef wonders when someone will actually triage his vm-builder bug and get around to assigning it to debootstrap instead
<dpreacher> laters twb
<rose_> hello, somebody know how I can incorporate rulers in IPtable?
<_ruben> rulers?
<rose_> yes
<rose_> i mean incorporate register in IPTABLE
<cef> register what and whom?
<rose_> how manage iptables
<rose_> i need to add one line in iptable
<cef> ahh that makes more sense now. default iptables firewall setup on ubuntu is ufw, and it's config file is in /etc/ufw/ (though some bits are in the file /etc/defaults/ufw )
<cef> 'man ufw' is your friend
<rose_> well is not very good friend...but thanks a lot
<cef> no problem
<cef> rose_: there is also a gui package (gufw). not used it myself.
<jmarsden> rose_: To add one rule to iptables on the fly, man iptables and notice the -I option :)  But if you are new to iptables rules, do not do that, use ufw instead, it is simpler and easier.  Its man page has reasonable simple examples it it too, which helps newcomers.
<user345fgh> hi
<user345fgh> any recommendations for a ftpd with virtual users/easy configuration. i want to access my /var/www/mypage via ftp
<simplexio> user345fgh: i prefer ssh an scp
<user345fgh> me too
<user345fgh> just for some windows guys
<simplexio> winscp is lovely little windows program which gives you scp with gui
<jmarsden> simplexio: user345fgh disappeared before anyone could mention WinSCP or FileZilla for those Windows guys :)
<nareshov> Hi
<nareshov> I was wondering if I could follow the instructions in https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html on debian too?
<simplexio> i mean .. is there any reason to run ftp anymore, other than anymouns read only file sharing
<rose_> hi again, I just intaled a samba domain member server and i nee the windows/mac PC can see my Samba server, but when i do \\myserver.domain.com ..i got this machine is not found in the network...somebody can helo me?
<nareshov> helo rose_
<rose_> helo!
<dayo> i want to accept incoming ssh connections on my ext port 10122 and forward them directly to a client on my lan at port 22. is this the correct way? http://paste.ubuntu.com/224227/
<dayo> can someone help me with this ssh forwarding issue, please? http://paste.ubuntu.com/224282/
<leslo> I have a question regarding Ubuntu validated hardware is anyone available to advise?
<leslo> Can anyone enlighten me as to why the sixth generation Hewlett Packard Proliant DL360 and DL380 servers are specified as being a PC (x86) architecture and not 64-bit PC (x86_64), like their predecessors the G5?
<leslo> On Ubuntu's Validated Hardware list <http://webapps.ubuntu.com/certificat...ategory=Server>
<leslo> With regards to Ubuntu's Validated Hardware list <http://webapps.ubuntu.com/certificat...ategory=Server>, I'm hoping someone can enlighten me as to why the sixth generation Hewlett Packard Proliant DL360 and DL380 servers are specified as being a PC (x86) architecture and not 64-bit PC (x86_64), like their predecessors the G5.
<rose_> hi again, I just intaled a samba domain member server and i nee the windows/mac PC can see my Samba server, but when i do \\myserver.domain.com ..i got this machine is not found in the network...somebody can helo me?
<nareshov> helo rose_
<simplexio> rose_: dunno, when i have used samba to server something i had to use \\MACHINE or \\xxx.xx.xx.x ip addres to acces
<simplexio> rose_: maybe machine.domain.org return ip addr that dosent listen samba etc
<uvirtbot> New bug: #403013 in php5 (main) "php : snmpwalk don't provide last entry" [Undecided,New] https://launchpad.net/bugs/403013
<www2> hi all
<www2> is the dell SAS6iR raid controler suport by ubuntu?
<rose_> hi simplexio...thanks to respond...how i can know that?
<juliux> hi
<juliux> has somebody experiences with 3ware Inc 9650SE SATA-II RAID controllern?
<juliux> the server with this controllers has a huge load
<juliux> but there is no process which use the cpus
<b3nw> is there a better resource for xen on ubuntu than https://help.ubuntu.com/community/Xen because its horribly out of date, still talking about Fiesty and Gusty.
<peterkirn> I've just had our data center at The Planet load Ubuntu Server 8.10. Initially, we had no network connectivity. Apparently on restarting the networking daemon, they got "Network Variables Missing - eth 0 failed to start." /etc/network/interfaces looks properly configured - configured for static IP, not dhcp. What else can I try, given I have remote (root) access only?
<b3nw> peterkirn: probably need to do some research to see if the nic card is supported, or what type it is
<peterkirn> This is strange, too --  /etc/udev/rules.d/*persistent-net.rules is blank.
<peterkirn> b3nw: so if I'm correct, I assume that could simply mean the network interface isn't persisting from session to session? It's frustrating, as this is a dedicated server sitting in a data center. This should theoretically be their tech's problem, but now they're claiming they don't "really" support Ubuntu Server and that it's a "desktop" OS and not suited to server use. (yeah... augh.)
<ScottK> peterkirn: Why 8.10?
<peterkirn> ScottK: Well, let's put it this way -- I'm happy to reload to LTS. I was concerned about a couple of dependencies on 8.04, and specifically had been experimenting with etckeeper (although, upon reflection, maybe not a great reason to choose 8.10 over LTS!)
<ScottK> peterkirn: How about 9.04?
<ScottK> I'd suggest either the most recent or LTS.
<peterkirn> ScottK: I don't think they gave 9.04 as an option.
<peterkirn> ScottK: But yes, I'd consider reloading to LTS. Even before switching, though, it'd help to know if there's a particular bug.
<ScottK> I've not had any similar trouble, so if there is a bug, I'd guess something hardware specific.
<peterkirn> ScottK: I should be able to do apt-get dist-upgrade to 9.04 from this machine, though, even if they didn't provide it as a preload option, I assume? :)
<ScottK> peterkirn: Yes, although do-release-upgrade is the recommended tool.
<peterkirn> ScottK: Okay, thanks. Do you know of any reason  /etc/udev/rules.d/*persistent-net.rules would be blank? Is there anything else I should be doing to ensure that eth0 persists as eth0?
<ScottK> peterkirn: I don't.  My experience with 8.10 and the kernel wasn't good, but I didn't have any network problems.
<peterkirn> ScottK: I don't know of any significant networking service changes... but of course could be something subtle. I've asked the Planet for more info on this NIC. If they don't really support ubuntu, they should stop offering it as an OS reload choice and should have said something when I asked specifically. ;)
<ScottK> Agreed.
<peterkirn> ScottK: what kernel issues did you encounter?
<ScottK> A sata controller bug that caused failed to boot was the really annoying one.
<peterkirn> ScottK: Yeah, the more I look at this, the more it looks like some sort of odd NIC incompatibility... which I won't know for sure until I hear back what the card is. And that *could* be kernel related, too, of course.
<resno> has anyone ever used analog to analyze apache files?
<zoopster> yes, but analog doesn't present it as well as webalizer...analog is far better for firewall logs and syslogs, imho
<mathiaz> kirkland: have you tried to test the alpha3 iso candidate under kvm with virtio drives?
<kirkland> mathiaz: no, i have not
<kirkland> mathiaz: i'm rsyncing the images now
<mathiaz> kirkland: ok - I'm seeing a lot of I/O request error on vda in the guest
<kirkland> mathiaz: is this a recent regression?
<yann2> kirkland > kvm84+libvirt pretty reliable for the last week here btw
<kirkland> yann2: great to hear
<mathiaz> kirkland: yes
<mathiaz> kirkland: alpha2 was working correctly
<mathiaz> kirkland: as I've run all the iso test for alpha2 on my server
<kirkland> mathiaz: what's the kernel difference between those two?
<resno> has anyone ever used analog to analyze apache files? i need some help configuring it.
<Ethos> anyone setup a bouncer on ubuntu-server before?
<mathiaz> kirkland: now in the meantime I've also updated kvm on the host (I'm using the kvm backport on a hardy host)
<mathiaz> kirkland: hm - I don't remember which kernel alpha2 was running
<mathiaz> kirkland: ok - you're downloading the alpha3 candidate now anyway
<mathiaz> kirkland: could you confirm whether you see the same issue?
<kirkland> mathiaz: yeah, sure
<mathiaz> kirkland: I see that at the begining of the install while it tries to mount vda1 as an ext4 partition
<peterkirn> ScottK: at least found out the NIC. Broadcom 95722 PCI-E ...but then, yeah, that doesn't leave me anywhere, really, not familiar with it.
<Ethos> anyone installed BNC before?
<kirkland> mathiaz: ps -ef | grep kvm
<kirkland> mathiaz: what's your kvm command line look like?
<mathiaz> kirkland: http://paste.ubuntu.com/224589/
<mathiaz> kirkland: I'm using libvirt to start my vm machines
<mathiaz> kirkland: ^^ this is the command line taken from the qemu log file
<kirkland> mathiaz: yup, reproduced here
<kirkland> mathiaz: can you reproduce it with a karmic desktop guest?
<mathiaz> kirkland: hm - I haven't tried that yet.
<mathiaz> kirkland: I don't have a desktop guest though.
<kirkland> mathiaz: i reproduced the problem with a karmic server guest
<kirkland> mathiaz: but not with a karmic desktop
<kirkland> mathiaz: thinking it might be a kernel problem
<kirkland> mathiaz: neither of those vm's are karmic-current yet
<mathiaz> kirkland: are you doing installs?
<kirkland> mathiaz: i'm snapshotting both, and then upgrading
<kirkland> mathiaz: not yet
<mathiaz> kirkland: IIRC both server and desktop isos are using the same kernel
<kirkland> mathiaz: these are existing machines
<mathiaz> kirkland: ok.
<kirkland> mathiaz: oh, you're seeing this in the isos
<mathiaz> kirkland: yes
<kirkland> hrm
<mathiaz> kirkland: Let me boot an existing vm to see if I see the same IO error
<mathiaz> kirkland: hm - I don't see any of the error on my karmic guest
<kirkland> mathiaz: ?
<mathiaz> kirkland: however this guest is using an lvm snapshot as the base file
<mathiaz> kirkland: while the install uses a qcow2 file
<kirkland> mathiaz: yeah, i reproduced the error using the desktop installer
<mathiaz> kirkland: should I test something else?
<kirkland> mathiaz: do you have an alpha2 iso still?
<kirkland> mathiaz: it would be good to back down and see where the regression occurred
<kirkland> mathiaz: i'm going to start installing older kernels
<kirkland> mathiaz: as i think this is pretty clearly a kernel regression
<mathiaz> kirkland: I don't have any alpha2 iso laying around
<kirkland> mathiaz: btw... on boot, do you get an fsck error?
<kirkland> mathiaz: about not cleanly shutting down?
<mathiaz> kirkland: on my karmic guest? no
<mathiaz> kirkland: let me check though
<mathiaz> kirkland: hm - yes I do have an fsck error
<kirkland> mathiaz: unable to check?
<kirkland> mathiaz: can you pastebin it?
<mathiaz> kirkland: http://paste.ubuntu.com/224638/
<mathiaz> kirkland: ^^ from kern.log
<kirkland> mathiaz: hmm, okay, i think that's unrelated
<mathiaz> kirkland: yeah - me too.
<mathiaz> kirkland: I can see similar entries dating back to jaunty
<mathiaz> kirkland: (in kern.log)
<kirkland> mathiaz: okay, i installed jaunty's kernel on an up-to-date karmic server ... errors go away
<mathiaz> kirkland: is this with -generic or -server?
<kirkland> mathiaz: -server
<mathiaz> kirkland: right - the installer uses -generic
<kirkland> mathiaz: now, i'm trying these: http://kernel.ubuntu.com/~kernel-ppa/mainline/
<mathiaz> kirkland: ok. Let me know if I should conduct another test.
<kirkland> mathiaz: let me identify the last good kernel
<kirkland> mathiaz: and i'll get you to verify that
<mathiaz> kirkland: ok. Note that I *don't* see the error on my regular guest where use lvm snapshots
<mathiaz> kirkland: I only see the error on qcow2 files
<kirkland> mathiaz: gotcha
<kirkland> mathiaz: alls i have is qcow2 files
<kirkland> mathiaz: could you try maybe with a raw file?
<mathiaz> kirkland: sure
<mathiaz> kirkland: it may take a while as I'm on something else right now
<kirkland> okay
<kirkland> mathiaz: on the plus side, virtio network is working extremely well :-)
<kirkland> mathiaz: i'm downloading at native speeds :-)
<yann2> kirkland > on kvm84 virtio-disk is slower than the default
<yann2> a bit weird but :)
<kirkland> mathiaz: can you install http://kernel.ubuntu.com/~kernel-ppa/mainline/v2.6.30/ and see if your problems go away?
<mathiaz> kirkland: I'll give it a try a bit later.
<mathiaz> kirkland: hm well. I only see a problem when I try install from an iso
<mathiaz> kirkland: replacing the kernel on the iso seem impossible without respinning
<kirkland> mathiaz: right
<kirkland> mathiaz: you need a vm where you experience the problem in userspace
<kirkland> (i have several)
<kirkland> such that you can replace the kernel
<mathiaz> kirkland: right - I'll first try to use raw/qcow2 files
<mathiaz> kirkland: may be I'll be able to reproduce that way
<axisys> I am planning to create md0(/boot,sda1,sdb1,100mb,raid1), md1(/,sda2,sdb2,75gb,raid1) and md2(swap,sda3,sdb3,raid0)
<axisys> any other recommendation to creat md ?
<axisys> during initial install that is
<error404notfound> i have configured postfix to work with my gmail account using SASL, now issues is i have configured the following in redmine "smtp server: localhost, port:25, authetication:none", and in postfix's mail.log i get: http://pastebin.com/m6d481b0a
<cemc> hi. on postfix, is there a way to filter some emails with a particular charset in the header to a particular domain/address ?
<cemc> something like mime_header_checks, but only for some address/domain, not globally
<Bilge> You must think this channel support every possible application package
<ScottK> Bilge: Postfix is the primary MTA for Ubuntu Server, so we do tend to support it.
 * ScottK does not, however, know the answer to that question.
<Bilge> It is?
<Bilge> How is it primary?
<yann2> Bilge > probalby the only one in main?
<Bilge> I thought Exim was also
<qman__> postfix is the one it uses when you use the turnkey mail server
<ScottK> Exim is also in Main, but Postfix is the one we support in our documentation and the one defined as default when an MTA is needed to be installed.
<ajmitch> some of us persist in using exim still
#ubuntu-server 2009-07-23
<Kira> I installed the kubuntu-desktop and ubuntu-desktop packages on my Jaunty server. Now the graphical desktop environment shows up every time the computer boots up.
<Kira> How do I disable it properly?
<Kira> (I want to have access to the graphical desktop environments when I feel extremely lazy)
<Kira> but I don't want it to show up automatically at boot time.
<twb> Kira: remove gdm/kdm from the list of services started at boot.
<twb> rcconf provides a simple checkbox ui to do this.
<Kira> sounds great. Thanks
<Kira> How about X server though?
<Kira> Shall I/do I need to disable it?
<Kira> be back later
<mathiaz> kirkland: hey - does every source file need to have copyright and license notice?
<mathiaz> kirkland: is this something archive admins would use to reject a new package?
<mathiaz> kirkland: example: http://revu.ubuntuwire.com/report.py/legal?upid=6399
<kirkland> mathiaz: here's my take
<kirkland> mathiaz: every file *should* have a copyright header
<kirkland> mathiaz: but upstream doesn't always do it that way
<kirkland> mathiaz: if upstream is friendly, and trying to get this packaged for ubuntu, then i'd probably ask them to make sure they have a copyright header in every file, and give them a list of the files missing that stuff
<kirkland> mathiaz: on the other hand, upstream is often inactive, or uninterested in this sort of thing
<kirkland> mathiaz: and blocking on that is a little juvenile
<kirkland> mathiaz: the thing to be certain is of the copyrights and licenses that are present
<mathiaz> kirkland: ok - I'm still asking for modification on the package
<mathiaz> kirkland: I may well ask for updates to the copyright file
<kirkland> mathiaz: yeah
<mathiaz> kirkland: I may well ask for proper updates of copyright statements
<kirkland> mathiaz: it's poor form for a project not to have copyright headers in place
<Kira> I'm back.
<mathiaz> kirkland: unrelated question - do you know of libraries that use a camel case naming scheme for their libraries?
<Kira> So, back to the desktop environment issue. Beside gdm/kdm do I also need to do something about X server?
<mathiaz> kirkland: ex: libOpenDRIMCommon0
<twb> Kira: you do not.
<twb> Kira: an unfortunately all too common :-(
<twb> Oops, bad completion.
<twb> kirkland: an unfortunately all too common :-(
<kirkland> mathiaz: hmm, not off the top of my head
<artillerytx> how would ubuntu server perform on a uverse connection
<kirkland> mathiaz: and i don't see any in /lib
<Kira> Hmm
<Kira> What's that "laptop-mode" I see in rcconf?
<twb> There should be an update-rcconf.* script that adds descriptions
<Kira> Aaah
<Kira> That's what I get for skipping the man page before using an application, heh.
<axisys> how do I swtich a ubuntu server to static ip ?
<mathiaz> kirkland: Has the reboot action disappeared in the latest version of libvirt (backport to hardy)?
<mathiaz> kirkland: I'm seeing this error while trying to define a new guest: http://paste.ubuntu.com/225499/
<twb> axisys: edit /etc/network/interfaces
<mathiaz> kirkland: this is with libvirt 0.6.1-0ubuntu5.1~rc1ppa1
<kirkland> mathiaz: https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/368962
<uvirtbot> Launchpad bug 368962 in libvirt "[Jaunty] Can't reboot kvm virtual machines using virsh" [Undecided,New]
<kirkland> mathiaz: maybe?
<kirkland> mathiaz: there are two duplicates, filed by marc tardif
<kirkland> mathiaz: sorry, this one was filed by cr3
<kirkland> mathiaz: i see 2 dupes
<mathiaz> kirkland: yes - this is it.
<nick_schembri> axisys, is anyone helping you?
<kirkland> mathiaz: confirm it, assign to soren, bug him till he fixes it :-)
<mathiaz> kirkland: does this mean that vm instances cannot be rebooted in UEC?
<kirkland> mathiaz: hmm, i'm not sure
<mathiaz> kirkland: well - since UEC uses libvirt and kvm it shouldn't support reboot an instance
<axisys> nick_schembri: i got help from twb
<axisys> nick_schembri: thanks..
<mathiaz> kirkland: hm - well - a reboot from inside the guest works as expected
<axisys> twb: thanks a lot
<twb> Yes, yes.  Quiet now, unless you need help.  I'm busy.
<kirkland> mathiaz: so it's just virsh
<kirkland> mathiaz: or through libvirt, rather
<kirkland> mathiaz: from the host
<nick_schembri> axisys: cool
<axisys> nick_schembri: thanks a lot
<cef> Re: Reboots. Inside the guest, do you have acpid installed?
<cef> ahh nm
<cef> *sigh* wish someone would get around to reassigning my bug from vm-builder to debootstrap.. *sigh*
<twb> cef: you can't?
<twb> cef: ah, you're a luv dude.  I wondered where I recognized your name from.
<cef> twb: indeed
<twb> (Apart from, y'know, Magic Knight Rayearth.)
<twb> Apparently that was "Clef"
<cef> oh and yeah.. I think I can add another project, but I dunno if I can remove it from the current one.. will give it a shot
<ajmitch> you can only mark it as invalid on the current one, you can't remove it
<cef> and yeah, it tells me there is no debootstap project on ubuntu so I can't assign it to it.. it's suggesting pbuilder.. hrm
<ajmitch> which bug?
<cef> yet I can see bugs against debootstrap in launchpad.
<cef> https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/392377
<uvirtbot> Launchpad bug 392377 in vm-builder "building vm image on text console causes gettys to stop respawning" [Undecided,New]
<cef> turns out i can reproduce that using just debootstrap.. (as in the bug report)
<cef> so nothing to do with vm-builder
<ajmitch> ok, changed it
<ajmitch> I was wrong, you can change the package of a bug task, but can't remove the task altogether :)
<cef> bbk
<rose_> hello ! i am having problmes with samba, smbd and nmbd doesn't start
<rose_> somebody can helo me?
<twb> !somebody
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<twb> rose_: you need to collect information about why it isn't starting
<twb> rose_: e.g. checking logfiles.
<rose_> hi, thanks a lot...in the log.nmbd i got  Failed to open nmb socket on interface 172.17.2.1 for port 137.  Error was Cannot assign requested address
<rose_> also this one ERROR: Failed when creating subnet lists. Exiting.
<rose_> when i do smbclient i got Error connecting to 172.19.0.72 (Connection refused)
<rose_> Connection to 172.19.0.72 failed (Error NT_STATUS_CONNECTION_REFUSED)
<dpreacher> hello people, can someone help me with understanding the following lines...
<dpreacher> Jul 23 09:23:33 <kern.notice> server101 kernel: [4218043.008816] type=1503 audit(1248321213.176:1194): operation="inode_permission" requested_mask="::r" denied_mask="::r" fsuid=104 name="/proc/26271/net/if_inet6" pid=26273 profile="/usr/sbin/named"
<dpreacher> this is IST. so its july 23rd already. its 10 am right now, so this was about 37 mins. ago roughly
<dpreacher> these are messages from dmesg that have been logged into /var/log/messages but dmesg itself now is having > 500 of these lines and does so every boot.
<dpreacher> thanks for your inputs in advance
<cef> dpreacher: if that PID belongs to the named process (which afaik is what the line does tell us), then it seems like it's trying to do something with ipv6, and the apparmor profile isn't allowing it (it seems) ?? hope that's right
<dpreacher> where would i look in on a ubuntu server 8.10 to find out relevant apparmor audits. If i'm not mistaken it comes default.
<dpreacher> cef^
<dpreacher> apparmor is novel/suse stuff right cef?
<cef> not sure myself.. going to look on a machine here.. dunno if I'll be able to find in time (about to walk into a meeting.. damn meetings!)
<dpreacher> oh man
<dpreacher> you be prepared for your meeting cef
<dpreacher> work's important. but thanks for offering to help and the clue
<cef> no probs
<cef> probably need to find out anyway, since the new dns server I'm building for work has apparmor on it. ;)
<cef> oh fun.. never want to see a segfault on boot of  a vm machine.. *sigh*
<rose_> Hi ...I am new in ubuntu and i have been spend 2 week trying to install something and everythink is a research and a bag or something, I just fonish to install a new samba server but the windows machine can't see it...
<rose_> I got some errors as por example when i try to connect with smbclient i got Connection to 172.19.0.72 failed (Error NT_STATUS_CONNECTION_REFUSED)..i google a lot but i can't find the solution...somebody can help me ?
<dpreacher> cef hi again
<dpreacher> i saw that apparmor has enforced policy profiles for /usr/sbin/named do you know how to see the policy enforced or to disable it atleast
<dpreacher> thanks cef
<dpreacher> oh oops, you were to be in meeting
<dpreacher> please take a look if you are back cef
<rose_> i dont understand why nobody responde me, maybe because i dont speak well english but unfortunately where are not to much forum online in ubuntu
<dpreacher> hey rose_ don't worry about your english. maybe its an unsolved question for others as well. no one speaks perfect english generally speaking
<rose_> thanks
<dpreacher> rose_ google results for your problem http://www.google.co.in/search?q=Error+NT_STATUS_CONNECTION_REFUSED
<dpreacher> you might try out some things suggested in top 3 results and get back here with your progress. rose_
<rose_> thanks I was googling all day and I can't find nothing
<cef> rose_: also make sure you can ping all the ip addresses listed in those error messages. if an interface is down or it's getting confused about an IP, that might help
<cef> dpreacher: just got back.. ugh.. but yes.. just looking now..
 * cef wonders why kvm is now buggy.. damn package update borking things!
<dpreacher> TIA cef
<cef> dpreacher: /etc/apparmor.d/ contains all the apparmor profiles. specifically 'usr.sbin.named' contains the apparmor details for the named process
<dpreacher> cool. looking into it . thanks cef
<cef> looking at it myself
<cef> dpreacher: do you have ipv6 in use? eg: either in bind or on your network?
<dpreacher> nowhere
<dpreacher> cef relevant to inet6 i see the following line in usr.bin.named profile
<dpreacher>  /proc/net/if_inet6 r,
<dpreacher> read only i suppose cef
<cef> yup.. seems that way.. so not sure why apparmor is complaining
<dpreacher> will it be enough to comment out that line and try...with an apparmor reload
<dpreacher> as far as possible i'd want to avoid rebooting the server
<cef> might make it just as bad.. but might want to check the man pages for apparmor (incl. apparmor.d and related executables)
<dpreacher> ok...
<sbeattie> no, you'll want to add "/proc/1-9*/net/if_inet6 r," to the usr.bin.named profile, restart apparmor (to reload the policies) and then restart named.
<dpreacher> sbeattie is it advisable to enforce policies for ipv6 which am not using at all. in fact i even disabled ipv6 related features that were enabled on bind
<sbeattie> bah, sorry, "/proc/[1-9]*/net/if_inet6 r,"
<cef> sbeattie: it's got '/proc/*/net/if_inet6 r,' already
<cef> actually, it has on my machine.. not sure about dpreacher's
<dpreacher> cef i'll check
<cef> dpreacher: you'll need both btw.
<sbeattie> cef: and you're still seeing the audit messages after restarting apparmor and named?
<dpreacher> not cef me
<dpreacher> sbeattie
<sbeattie> ah, sorry, didn't read scrollback too closely, sorry.
<sbeattie> what my guess is is that the resolver library is looking to see whether or not ipv6 is enabled by the os, to determine whether to support ipv6 in named or not, but really that's a swag.
<cef> dpreacher: on mine, the '/proc/net/if_inet6 r,' entry has a similar one (the one I posted before) under it
<sbeattie> regardless, it should be reasonably safe to allow read only access to such /proc entries.
<cef> dpreacher: if it's not there on yours, that would explain things.. what version of ubuntu/bind9 ??
<dpreacher> cef sbeattie gimme some time...brb thanks for your answers
<cef> dpreacher: np
 * cef puts any further learning of apparmor by himself on hold for a bit. :P
<cef> back to kicking broken kvm/libvirt packages for the moment *sigh*
<Guest26705> hi to everyone...am an ubuntu newbie...
<Guest26705> i had a hard time fixing my domain...could anybody help me...?
<Guest26705> hello anybody der?
<_ruben> try asking more specific questions
<dpreacher> cef sbeattie http://dpaste.com/70286/ my usr.bin.named file contents
<sbeattie> dpreacher: right, you'll want to add either the line cef suggested or the one I suggested (they  both will cover the rejections you're seeing) and then restart apparmor and named.
<dpreacher2> am bak sbeattie do i follow this command "(11:45:34)<sbeattie>bah, sorry, "/proc/[1-9]*/net/if_inet6 r," " the /proc command as it is?
<dpreacher> sbeattie do i follow this command "(11:45:34)<sbeattie>bah, sorry, "/proc/[1-9]*/net/if_inet6 r," " the /proc command as it is? did you get this msg?
<sbeattie> dpreacher: yes, add "/proc/[1-9]*/net/if_inet6 r," (no quotes) to your usr.bin.named, restart apparmor (to reload your policy) and then restart named.
<dpreacher> ok thanks. wish named luck
<sbeattie> (the named restart may not be neccesary if it's doing it over and over)
<dpreacher> i don't need to replace any existing line but add this line, right? sbeattie
<sbeattie> dpreacher: correct
<dpreacher> how are service reload and service restart different?
<dpreacher> which one do i use in app armors case?
<dpreacher> sbeattie^
<sbeattie> dpreacher: sorry, was looking elsewhere; service reload and service restart *should* do the same thing for the apparmor initscript; but if you want to be cautious, do reload.
<dpreacher> sbeattie i figured out reload would be safer as i understand it re-reads the configs only
<dpreacher> sbeattie whats the service name for named? bind?
<dpreacher> i get unrecognized service
<cef> bind9]
<cef> err - that ]
<cef> so bind9 even
<sbeattie> what cef said.
<sbeattie> (eventually. :-) )
<cef> damn typos
 * cef goes off and shoots his fingers for being adventurous
<dpreacher> cef its still safer to practice and iron out your typos here
<cef> well, better than a few programmers I know who consistently misspell words, and so they have all these misspelled function names in their code.
<dpreacher> function ristert()
<dpreacher> :p
<cef> worse is when they misspell a word so badly, that the misspelled version is actually another valid function name
<cef> dpreacher: I really hope that's not the bug that kvm currently has.. I'd really be tempted to LART the programmer responsible rather hard
 * dpreacher wonders whats LART
 * dpreacher so far has been stuck with RTFM...havin ppl shout it at him in other channels
<cef> involves a piece of timber and a hitting motion. ;)
<cef> oh fun.. and there goes my KVM machine crashing again *sigh*
<cef> at this rate, I'll never get it into production. *sigh*
<cef> and now, to see if this crashes again.. *sigh*
<twb> cef: but it's still better than openvz or vmware-server or virtualbox, right?
<cef> twb: err.. if it crashes 3 times in a day.. possibly not. I personally blame the last kvm update.. it's all gone pear-shaped since then
<cef> couldn't even force a reboot of the kvm host machine via software. :(
<twb> Don't tell my boss, then
<yann2> what host/guest versions are you using cef, with what version of kvm?
<twb> I'm trying to get some actual, you know, VT-capable hardware so I can try KVM instead of this bloody annoying openvz/vmware shite
<cef> yann2: jaunty all round.. everything up to date.. kvm pkg 1:84dfsg-0ubuntu12.3
<cef> which updated sometime this month, and in the process the 'reboot' command in virsh went with it.
<yann2> mmh... I'm using Hardy all round with the libvirt and kvm backport, not released yet, but seems fine so far
<yann2> what's your problem wth the reboot command?
<cef> yeah I suspect the latest kvm update borked things
<cef> yann2: 'reboot vmname' in virsh no longer works.
<yann2> I heard there were issues with the latest kernel
<cef> gives an error. 'shutdown' doesn't actually shutdown either, but at least destroy works.. though it managed to take out 2 VM's instead of just one.
<cef> yeah.. might be it and I've only now started to hit the problems.. ho hum.. oh amd64 too
<cef> (all round)
<yann2> cef > for shutdown to actually work you do need to define ACPI for the VM
<yann2> and regarding the destroy, from my experience it is quite likely you cloned a VM and forgot to change the UUID
<cef> yann2: replaced the ram in the machine as a precaution.. as that is relatively new to that machine. just made sure all the VM's and the host are up to date package wise.
<yann2> you should dumpxml both vms who got shut and compare :)
<cef> yann2: def not.. all built with vmbuilder. will check for ACPI though, as that may be a vmbuilder bug
 * cef has spent a lot oof time learning all of vmbuilder's bugs.... err features... ;)
<yann2> I still use the ubuntu-vm-builder bash version, works alright :)
<cef> wel.. ok.. the latest issue i found is not a problem with vmbuilder but with debootstrap, but still
<cef> specifically: install jaunty on jaunty using debootstrap, and your text getty's stop respawning. fun fun fun!
<dpreacher3> cef sbeattie...another big problem...i think
<dpreacher3> bind9 restart got stuck at * Stopping domain name service... bind9
<dpreacher3> atleast over 20 minutes
<cef> dpreacher3: you did that as root, yes?
<dpreacher3> sudo
<cef> same thing, yup
<cef> hrmmm .. weird. did you kill it?
<dpreacher3> yep...n when i did ctrl-c i got Crndc: recv failed: operation canceled
<cef> yup for whatever reason, rndc could not contact the bind9 server (rndc tells bind what to do)
<dpreacher3> other than this, i was not involved with the bind9 setup assignment, but i noticed that for the few times that we had to restart server initially, bind9 esp. rndc used to be stuck for like almost 10 mins. before it said it gave up n then server continued shutting down
<cef> just kill 'named' (eg: killall named) then start the bind9 service
<dpreacher3> ours is a test setup that we're aiming to make production ready as we learn things along
<dpreacher3> will try that
<dpreacher3> sudo killall ?
<cef> well if apparmor was blocking ipv6 stuff, it's possible that rndc could not actually communicate with named, hence the problem
<cef> yup
<dpreacher3> k k ye possible cef
<cef> dpreacher3: you might want to try 'sudo rndc status' - this should query the named service and give you some useful stats. if it doesn't, then it's a useful test to resolve the issue
<dpreacher3> oh no! i just killed named
<cef> 'sudo service bind9'
<dpreacher3> no start stop?
<cef> then try the rndc command I showed
<cef> err start yes
<cef> sorry
<cef> I tend not to use 'service' and call the scripts directly
<dpreacher3> is service command part of insserv/chkconfig?
<cef> no
<cef> so start worked?
<rose_> Hi, I am getting this error somebody know why? Failed to open nmb socket on interface 172.17.2.1 for port 137
<dpreacher3> no cef
<dpreacher3> cef  sudo service rndc status
<dpreacher3> $rndc: unrecognized service
<cef> dpreacher3: start bind9 first with 'sudo service bind9 start', then run 'sudo rndc status' (not a service)
<dpreacher3> k cef
<dpreacher3> so i gotta kill bind9 again? i just started it
<cef> rndc talks to the bind9 service (process called 'named') and is used to shut the service down - if rndc doesn't work, you get the issues you've described (can't shut down, etc)
<cef> nah, just run the rndc command
<cef> rose_: can you ping 172.17.2.1 ?
<rose_> yes
<rose_> i can ping
<dpreacher3> is port 137 blocked?
<dpreacher3> rose_
<dpreacher3> is there a way to restart rndc cef. seems to be still stuck to even show the status
<rose_> no in my server
<cef> rose_: only thing I can think of is that something is is already using that port, or it's not got permission to do that
<cef> dpreacher3: just ctrl-C it. it's just a standard program.
<dpreacher3>  sudo rndc status
<dpreacher3> ^Crndc: recv failed: operation canceled
<uvirtbot> dpreacher3: Error: "Crndc:" is not a valid command.
<rose_> the address 172.17.2.1 is a vlan and i can access with this port to this vlan apparently?
<cef> dpreacher3: btw: that should just return a few lines of text telling you the status of the named process. the fact that it's failing either means you've got a very paranoid firewall setup on the machine, or something is weird with named's config
<cef> dpreacher3: do you have a firewall enabled?
<dpreacher3> nope cef
<dpreacher3> oops
<dpreacher3> dont tell anyone
<dpreacher3> unless ubuntu server puts up one
<cef> dpreacher3: hrm.. not even ufw?
<cef> can do
<dpreacher3> bind9 works fine as it is...just that rndc stucks
<cef> yeah but rndc is the manageemnt tool for bind9
<cef> try 'sudo ufw status'
<cef> (once again, not a service)
<dpreacher3> my colleague mentions that we had to remove ufw coz of the insserv errors that i'm hunting down a solution for
<cef> rose_: that IP (172.17.2.1).. it's the IP of an interface on the machine running nmb?
<rose_> yes is in the interfaz
<cef> dpreacher3: ahh ok.. you only need to use 'sudo ufw disable' to turn it off.
<dpreacher3> now its sudo ufw nomore
<dpreacher3> cef
<rose_> ?
<cef> rose_: hrm.. ok..
<rose_> you mean ufw disable
<cef> rose_: sounds like dpreacher3 has completely removed the package
<dpreacher3> yes rose_
<dpreacher3> cef. serious errors with it n some other package
<cef> rose_: for you, try 'sudo netstat -tunap|grep 137'
<dpreacher3> installations were failing
<cef> dpreacher3: very odd
<rose_> ok, i will
<dpreacher3> oh man! i know i gotta be patient...but cef can we take up ufw another day. i need to understand why is rndc so problematic now
<cef> rose_: if you get any output, then something else (which you should see the name of) is listening on port 137, which is why nmb won't start
<cef> dpreacher3: ok.. rndc is supposed to talk to named, usually on port 953 @ 127.0.0.1 (or the ipv6 version)
<dpreacher3> well its talking foul language and getting censored now
<dpreacher3> cef
<cef> dpreacher3: does 'sudo netstat -tunap|grep 953' show anything?
<dpreacher3> checking
<dpreacher3> whats tunap?
<dpreacher3> sounds fishy
<cef> t = tcp, u = udp, n = don't resolve names, a = all, p = show PID/program names
<cef> they're options to netstat
<cef> -panut would work, as would -utapn - I just remember them as -tunap
<twb> Is the default just TCP?
<twb> I've only used -nap
<dpreacher3> cef thanks for the wonderful command
<cef> dpreacher3: no probs.
<cef> dpreacher3: does it show anything for 953?
<dpreacher3> showin ya
<dpreacher3> cef http://dpaste.com/70323/
<rose_> Yes, now is ok, but when i do smbclient i got session "request to 172.19.0.72 failed (Not listening for calling name)"
<cef> dpreacher3: those middle 3 entries are hung it seems. they will eventually time out. but it's like there is a firewall in there somewhere, or your bind config has locked it out somehow
<cef> dpreacher3: I don't know why they are hung, but they are the result of trying to shut down the bind9 service and that rndc command I gave you. they shouldn't do that.
<dpreacher3> who do i blame now?
<cef> dpreacher3: do you have a file called /etc/bind/rndc.key ?
<cef> (don't pastebin it)
<dpreacher3> ok i wont
<cef> but it exists?
<dpreacher3> yes it exists
<dpreacher3> secret stuff
<cef> yup.. ok that's good.. that's what it's supposed to have in it..
<cef> dpreacher3: do you know if you are running apparmor in 'enforce' or 'complain' mode?
<dpreacher3> so is rndc needed for bind9. my impression was that it required only for remote control of bind9
<dpreacher3> would sudo service apparmor status tell me that?
<cef> dpreacher3: it's used for local control as well
<sbeattie> sudo apparmor_status will tell you that.
<dpreacher3> thanks sbeattie
<cef> I can only guess that apparmor might be blocking the connection from/to rndc for whatever reason, which is why it's failing
<dpreacher3> its in enforce mode
<dpreacher3> cef
<cef> dpreacher3: what version of ubuntu is this you're running bind9 on?
<dpreacher3> ubuntu server 8.10 64 bit
<sbeattie> if it is, rejections ought to be showing up in dmesg|syslog
<dpreacher3> what do i grep for
<cef> sbeattie: yup. makes sense.
<dpreacher3> i showed the audit message in the morning
<dpreacher3> that cef pointed was a problem with named policy
<dpreacher3> of apparmor
<dpreacher3> other than that, what else could i filter out
<cef> sbeattie: might be related to his apparmor profile for named (as earlier) not being complete (for whatever reason)
<sbeattie> "dmesg | tail" will show you the last messages out of the kernel, including an apparmor rejections.
<cef> ok, I've gotta go.. it's almost 7pm here and I'm getting hungry. that, and I have to lock up work. good luck with it dpreacher3
<cef> rose_: good luck with your issue too.
<dpreacher3> thanks cef
<dpreacher3> have a good evening
<rose_> ok, have good evening and thanks for your help
<dpreacher3> what time is it there rose_ ?
<rose_> im in australia here is 19:00 and u?
<dpreacher3> sbeattie hold on checkin the tail
<dpreacher3> sbeattie http://dpaste.com/70327/ cud u infer anything from it
<jorgenpt> Where's the locale settings set? I installed ubuntu using debootstrap from a live cd, and things are locale-less. (locale shows LANG=, and the rest is POSIX or blank. :)
<jorgenpt> I can just pop it into /etc/environment, but I wonder what the "ubuntu way" is. (Since systems with only PATH in /etc/environment still have sane locale-settings)
<sbeattie> dpreacher: the last 3 lines are reporting the you reloaded the apparmor policies for mysql and named (twice) and the lines before that are the rejections you fixed by editing the named profile.
<dpreacher> ok...so things are swell you mean sbeattie
<sbeattie> yes, at least as far as apparmor's confiment of named is concerned; if it was blocking something else, you'd see additional audit events.
<dpreacher> ok so apparmor is released...gotta catch someone else
<dpreacher> sbeattie we'd tried reinstalling bind9 packages but nothing changed with that
<dpreacher> i'd put in chkconfig which added insserv and made the life of that server hell
<dpreacher> rose_ india 14:40
<dpreacher> sbeattie, if i'm absolutely sure that we don't need or use ipv6 then do you think we need  /proc/[1-9]*/net/if_inet6 r, policy or only a ipv4 relevant policy will be fine. more importantly, i feel this is coz of named listening on port 953 tcp6
<dpreacher> how can i make it stop listening on ipv6 tcp and listen only on ipv4. sbeattie
<sbeattie> I'm not particularly clueful on bind9 configuration, alas.
<sbeattie> dpreacher2: looks like (based on the named manpage from jaunty) you ought to be able to add "-4" to the OPTIONS variable in /etc/default/bind9 to make it use ipv4 only.
<dpreacher2> oh i see
<dpreacher2> sbeattie a bind9 restart should work right? added the -4 into options section
<sbeattie> yeah, it shou;d/
<sbeattie> sorry, time for me to crash.
<dpreacher2> ok...hope to see you again
<dpreacher2> thanks sbeattie
<rose_> hi, i finnaly could to see the server from windows client...but now, when i try to access from run (windows) \\server that show me a window that I need to ingress my user and password, i did but don't work
<rose_> still the windows conitnua asking me for the user and password
<dpreacher> if console-kit-daemon is related to UnifiedLoginUnlock which is a feature for GUI logins, what is it doing on ubuntu server edition. anyone any ideas? thanks as always
<uvirtbot> New bug: #403428 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/403428
<dpreacher> can someone tell me please how to close a tcp connection. a hanging one.
<uvirtbot> New bug: #400542 in samba (main) "matchname: host name/address mismatch: ::ffff:127.0.0.1 != localhost" [Undecided,Incomplete] https://launchpad.net/bugs/400542
<error404notfound> i have installed xserver-xorg on JeOS. How can i start x? seems like startx is not a command
<uvirtbot> New bug: #403381 in bacula (universe) "jaunty->karmic server upgrade results in two versions of postgresql installed" [High,Fix released] https://launchpad.net/bugs/403381
<TeLLuS> error404notfound: startx is in packet xinit, maybe you want to install the packet xorg instead?
<rose_> Hi somebody know why Windows client can see Samba Ldap but can not connect with ldap password?
<shivek> Hi Everyone !
<shivek> I have a problem with ddclient. Can anyone help ? !
<shivek> I've configured ddclient, but my websites ip does not updates or it updates to my local ip (192. one) so my website becomes unavailable.
<Scix> 8.04.3 don't detect a SATA RAID1 on a HP ProLiant ML110, but the two disks as two standalone disks. Anyone who knows why?
<_ruben> probably not (real) hardware raid (but so-called fakeraid)
<Scix> any workaround?
<Scix> realy need this array to work
<Scix> 9.04 finds it, but the installer skips the partitioning steps :S
<Faust-C> Scix, maybe look into the hardware compat list and see if there are any issues etc
<biczd> hi
<Gen1> hi
<biczd> hello
<biczd> someone can help me to install a wifi card?
<mtaht4> I have upgraded my ubuntu server from 7.10 to 9.04. The upgrades went well (all over ssh!), but I'm having trouble getting postfix to work now with dovecot authentication. The relevant error in syslog appears to be " fatal: no SASL authentication mechanisms " . A leftover part from my previous configuration seems to be saslauthd, is that required for dovecot's sasl to work, or is it in the way?
<RoyK> mtaht4: I think #dovecot might be a better place to ask
<mtaht4> trying #postfix now
<uvirtbot`> New bug: #403429 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 127" [Undecided,Incomplete] https://launchpad.net/bugs/403429
<mtaht4> RoyK:
<mtaht4> RoyK: The answer turned out to be postfix was setup to use, in /etc/postfix/main.cf to use just "auth", when dovecot was using "dovecot-auth"
<alexm> mtaht4: make sure you have libsasl2 package installed
<mtaht4> solution:
<mtaht4> smtpd_sasl_path = private/dovecot-auth
<mtaht4> in main.cf
<mtaht4> I don't know if ubuntu 9.04 is defaulting to the right or wrong things here, this was a major series of upgrades
<mtaht4> on my part
<RoyK> ubuntu is probably defaulting to that, but did you let the installer overwrite that file?
<mtaht4> main.cf seemed to be modified by the installer
<mtaht4> the dovecot-postfix.conf file I used was the installer's
<mtaht4> After I let this upgrade shake down for a week or two I will upgrade another box and see what happens
<RoyK> ok
<resno> Dns is not resolving when using analog. Looking for a little help.
<resno> !help
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<artillerytx> Hey guys im installing server on my dell poweredge and it couldn't find the network controller any ideas
<_ruben> dell uses fairly standard hardware for its nics, never had a problem with 'em
<_ruben> which poweredge and which ubuntu server version?
<artillerytx> 9.04 poweredge 1750
<artillerytx> and this thing is also super super loud is there  a fan management program i could download
<artillerytx> it looks like its downloading stuff from the net im not sure what it was talking about
<_ruben> no experience with 1750's .. and the fans are usualy only loud when starting up .. for a cold boot (having had its power cable disconnected) it takes a fair time to spin down, subsequent boots (without unplugging the power) should have failry quick spindowns
<_ruben> unless its a older machine
<_ruben> those are just plain noisy :)
<artillerytx> haha well its probly old its got a dual 2.8 xenon in it
<artillerytx> im not sure what you mean by old
<artillerytx> or consider i mean
<_ruben> ah, then you might be out of luck noise-wise .. and a slim chance the nic's too old as well, tho not very likely
<_ruben> well .. our sc1425 (recently discontinued) / pe860 / pe2950 /etc are fairly quite .. we some old towers which are noisy as hell .. then again sc420 towers aint really that noisy
<artillerytx> yeah i was just looking for a server to run a couple sites
<_ruben> at home i just use a mini-itx mobo with a dual core atom processor and ssd disk .. fits in a shoebox :)
<artillerytx> yeah i wasn't sure if that would work good or not... this was only $125
<_ruben> not bad .. the ssd alone was like double that ammount :)
<artillerytx> haha yeah those things are amazing... hey how do i check to see if my computer is seeing the network
<artillerytx> first time installing linux server
<_ruben> "ip l" should show the adapters (links) .. "ip a" should show any configured ip addresses
<_ruben> "dmesg | grep eth" tends to give some insights as well
<artillerytx> the dmesg tell sme driver 'sd' needs updating and sr
<_ruben> that's related to the scsi subsystem
<artillerytx> im not getting a router ip for the inet either
<artillerytx> yeah its telling me network is unreachable
<_ruben> no dhcp server on the network? cable plugged in the wrong nic?
<artillerytx> its getting a connection
<artillerytx> im not sure what to do
<artillerytx> hey guys im trying to install 9.04 and im getting a no network interfaces detected any ideas ?
<artillerytx> i can't tell if its the server or if its ubuntu just not having the driver
<jmedina> hi
#ubuntu-server 2009-07-24
<artillerytx> anyone every installed ubuntu on Dell Poweredge 1750
<artillerytx> ever
<axisys> when i ssh to a ubuntu box, how can I tell if it is installed from a desktop image or server image ?
<giovani|home> axisys: running "uname -a" will print the kernel currently running
<giovani|home> if it has "-server" on the end, it's the server install
<giovani|home> i.e. "Linux lithium 2.6.27-11-server #1 SMP Wed Apr 1 21:53:55 UTC 2009 i686 GNU/Linux"
<axisys> giovani|home: hmm.. i guess i screwed it up then.. both server and client says generic for me.. i must have jumpstarted from desktop image
<axisys> do i need to reinstall the server or they are same minus some desktop services and window manager ?
<unRob> I've just installed my first server, screwed it up considerably just to learn, and will likely reinstall tomorrow. Any advices?
<qman__> axisys, they're not exactly the same, but for most tasks you can still do just fine from a desktop or alternate install
<qman__> if it's a high security or high performance type task where you need everything tweaked just perfect, I'd start over with the server disc
<qman__> otherwise, they use the same repositories and you can install all the same software
<billybigrigger> hey all
<billybigrigger> whats the easiest, quickest, and most accurate way of viewing incoming/outbound traffic?
<axisys> qman__: thanks a lot
<twb> The big difference is that ubuntu-server's default package list isn't available as a metapackage :-(
<twb> So if you install -server you can just "apt-get install ubuntu-desktop", but not vice versa
<canuse> Â£Ã¡Â£Ã®Â£Ã¹Â£Ã¢Â£Ã¯Â£Ã¤Â£Ã¥Â¡Â¡Â£Ã¨Â£Ã¥Â£Ã²Â£Ã¥Â£Â¿
<canuse> Â£Ã¡Â£Ã®Â£Ã¹Â£Ã¢Â£Ã¯Â£Ã¤Â£Ã¹
<twb> canuse: sorry, I only understand UTF-8.
<Deevz> lol
<jhujhiti> any libvirt experts? i'm getting virDomainMigrateFinish2:3046 : dconn=0xd77c20, dname=lua, cookie=(nil), cookielen=0, uri=tcp:agni:49152, flags=0, retcode=-1 and a receiver vm shutdown when i try to migrate
<jmarsden> jhujhiti: It's a bit the wrong time of day (much of USA asleep, Western Europeans not yet awake).  But you might try asking in #ubuntu-virt
<jhujhiti> didn't know about -virt. thanks
<jmarsden> No problem.
<Eviltechie> I have this problem transferring a php script from one host to another. On the original, it works fine, on the new one, it does nothing at all.
<jmarsden> Eviltechie: diff the php.ini on the two hosts, and check whether they have the exact same version of PHP?
<Eviltechie> My php is a bit newer, and as far as I can tell, php.ini is the same
<jmarsden> Copy the php.ini from one machine to the other and then use diff to compare them... no "as far as I can tell" involved that way :)
<Eviltechie> He has fast cgi though
<jmarsden> pastebin the script if you want, I can take a quick look at it.
<Eviltechie> pastebin is down
<jhujhiti> i seem to remember that there's a special fcgi version of php..
<jmarsden> pastebin is down??? http://pastebin.ubuntu.com/ appears fine to me...
<Eviltechie> You can't put php in there
<jhujhiti> it's just text!
<jhujhiti> *facepalm*
<Eviltechie> PHP and other Web scripts are not allowed
<Eviltechie> That's what it says
<jhujhiti> really? because not only do i not see that, i see an option for PHP syntax highlighting
<jmarsden> Says where?  The site even has a PHP syntax highlighting mode...
<jhujhiti> jmarsden: jynx ;p
<Eviltechie> Ok, use this pastebin http://pastebin.ca/1505414
<jhujhiti> Eviltechie: i suppose you've done all the obvious debugging things like phpinfo() on the host that's acting up?
<jmarsden> fopen() on a remote URL?  That's disabled by most sane people ... are you sure the other guy has not disabled it?
<Eviltechie> I am the other guy
<Eviltechie> And it is enabled
<jhujhiti> QED: insane =)
<Eviltechie> I hope
<Eviltechie> allow_url_fopen = On
<Eviltechie> Any thoughts? Anybody?
<jhujhiti> how sure are you that php is using that php.ini?
<Eviltechie> phpinfo said it was loaded
<uvirtbot`> New bug: #403888 in lsb (main) "lsb_release crashed with ImportError in <module>() (dup-of: 383697)" [Undecided,New] https://launchpad.net/bugs/403888
<cef> anyone had problems with python lately? I've just seen a few segfaults with landscape-sysinfo
<jmarsden> Eviltechie: Your script produces no output for me when I run it in a test VM here with default apache2 and php5 installs...
<Eviltechie> It dosen't work on my home computer either
<jmarsden> But it does work on some other computer somewhere, right?
<Eviltechie> Yes http://test.techmastertelecom.com/ivan/radio.php
<Eviltechie> jmarsden: Any thoughts or are you as confused as I am?
<jmarsden> I'm playing with it... give me a few minutes more...
<jmarsden> I think some of the time the xsl file has a trailing blank line and your script does not protect against that?
<uvirtbot`> New bug: #403898 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/403898
<Eviltechie> jmarsden: If you think that's the problem, how should I fix it?
<jmarsden> I think you should not be parsing XSL this way at all, but if you insist... hmmm pastebin.ca is super slow to accept by fixed script...
<jmarsden> http://pastebin.ubuntu.com/229560/   # but with the php start and end tags around it :)
<jmarsden> And BTW, why did you use fgetcsv() and then use explode() ... seems odd to do things twice?
<Eviltechie> Well I really didn't know how to use either
<jmarsden> Then please learn PHP *before* asking why your scripts don't work, and before using them on Internet-facing servers.  Putting novice buggy PHp out there *will* get your server hacked, one day.
<Eviltechie> Anyway, thank you so much for getting that to work for me.
<jmarsden> No problem... but seriously... take the time to learn your tools.
<twb> IMO PHP automatically is not worthy of trust
<twb> Just because sufficiently learned hackers can create PHP code that is (nominally) secure, doesn't mean it's OK to deploy.
<twb> But that's just one man's opinion.
<error404notfound> can someone help me that why it asks me for a password here: http://paste.ubuntu.com/229564/ ?
<_ruben> is git member of the devs group?
<error404notfound> _ruben, yes...
<jmarsden> error404notfound: I'd try adding spaces either side of the NOPASSWD: tag ... I didn't know you could omit them and have stuff parsed properly...?
<error404notfound> you can omit spaces, thats normal..
<error404notfound> i even tried killing all git sessions
<error404notfound> strange, may be there was session of git even hidden from root, or may be someone was cloning while i kept killing sessions, after a reboot eveything works
<error404notfound> thanks
<artillerytx> any of you guys every installed ubuntu on a dell poweredge 1750 it can't find the NIC for some reason
<jmarsden> artillerytx: does the NIC show up in lspci -nn output, and if so, what does it show up as being?
<artillerytx> jmarsden: yes it shows up as host bridge broadcom CI0B-E I/0 Bridge with Gigabit Ethernet rev 12
<acalvo> hi
<acalvo> I'm trying to set up a PXE Server
<acalvo> I've already have a DHCP server
<acalvo> and I've set it up to point to my next server and search for pxelinux.0
<acalvo> I've also installed tftpd-hpa and tftp-hpa
<acalvo> but when I try to get some test file from the tftp server
<acalvo> I get a timed out warning message
<jmarsden> artillerytx: It doesn't appear as an Ethernet controller?  Hmm.  Sounds like it uses an unsupported chip?
<acalvo> I've changed the permissions for the directory to be owned by nobody:nogroup with r/w to everyone (777)
<acalvo> does anyone know what could I be missing?
<artillerytx> jmarsden: i mean its just a standard dell server
<jmarsden> Old Dell hardware is not what I would call "standard"... do they support Linux on it themselves?
<artillerytx> well i know of this model having ubuntu on it but they recommend i think windows server 2003 or something
<jmarsden> OK... I'm not sure... Googling suggests people run Linux on Dell 1750 hardware successfully.
<artillerytx> I don't think i did anything wrong
<artillerytx> im getting a green light and orange light from the NIC port
<jmarsden> Possibly relevant thread: http://www.mombu.com/gnu_linux/gentoo/t-dell-power-edge-1750-network-drivers-tg3-2660945.html
<_ruben> artillerytx: you could try with several versions .. like 6.06, 8.04, 9.04
<_ruben> hmm .. tg3 has been a moving target in the past i think
<artillerytx> _ruben: i have 9.04 right now
<acalvo> ok, nevermind
<acalvo> inetutils-inetd only listens ipv6 sockets
<_ruben> ipv6 ftw
<_ruben> too bad tftp doesnt do ipv6 yet i think ;)
<jmarsden> Maybe we need a tftp6 :)
<artillerytx> So... what should i do
<acalvo> yes
<jmarsden> And then PXE6 on motherboards :)
<acalvo> but I don't think that for a local lan you'll need ipv6
<_ruben> acalvo: in a few years you would
<acalvo> why so?
<acalvo> for a local lan with less than 512 computers?
<jmarsden> artillerytx: Do you have older Ubuntu CDs around to test with?
<artillerytx> yeah i do
<_ruben> because without it you wouldnt be able to access ipv6-only resources
<acalvo> oh... well
<acalvo> I expect to have ipv4 compatibility for a long time
<jmarsden> Then try those and see if any of them work with that NIC... maybe you can get 8.04 Server to run.
<artillerytx> jmarsden: i have 7.10
 * _ruben really doesnt understand why people seem to be so darn scared of ipv6
<jmarsden> artillerytx: OK, try that... beats having to download more ISO images :)
<artillerytx> yeah
<acalvo> _ruben: old-school I guess
<acalvo> ahahaha
<_ruben> ipv6 could be called old as well
<artillerytx> this server is soo loud too
<jmarsden> artillerytx:  If you have a spare PC, maybe start downloading 8.04 server on that, while you test 7.10 ?
<_ruben> ipv6 was introduced 12 years ago or so
<artillerytx> jmarsden: alright
<acalvo> yes
<artillerytx> jmarsden: i'll probly do that tomorrow
<jmarsden> OK.  Hope you find a way to get it working :)
<artillerytx> im trying 7.10 right now if that doesn't work i'll try 8.04 tomorrow
<acalvo> does anyone has set up a PXE server?
<_ruben> yes, been a while tho
<jmarsden> Same here.
<acalvo> if the tftp server is not in the same machine as the DHCP server, it is necessary to set up another DHCP server?
<_ruben> running smoothly .. gotta add support for jaunty someday soon though
<jmarsden> acalvo: No.  They can be on different servers.  Do you have IPv4 tftp working yet?  That would be a good next step :)
<acalvo> yes, it is working
<acalvo> and I've set up the DHCP server to point to the next server
<jmarsden> Where next is the TFTP server, right?
<acalvo> yes
<jmarsden> Sounds good so far.
<jmarsden> How far does an attempted PXE boot get now?
<artillerytx> still not working
<artillerytx> still can't find any network devices on 7.10
<jmarsden> artillerytx: Hmm.  Is there any way to enable/disable the NIC in the BIOS screens...?
<artillerytx> jmarsden: not sure i guess i will work on that tomorrow i can barely stay awake right now.. thank you for you help though goodnight
<acalvo> jmarsden: I get an ip, but fails replying "proxydhcp service did not reply to request on port 4011"
<acalvo> taking a look at syslog I see "Jul 24 09:18:57 infolinux inetd[4031]: tftp/udp: bind: Permission denied"
<jmarsden> So the ttfpd is being run with too few permissions to bind to the port it needs... ?  But you said tftp was working?
<acalvo> yes, it is
<acalvo> locally
<jmarsden> Ah.  Try it from a workstation across the LAN, and see if that works too.
<acalvo> ok, it works
<jmarsden> And no new log entries complaining about permissions?
<acalvo> yes... Jul 24 09:28:57 infolinux inetd[4031]: tftp/udp: bind: Permission denied
<acalvo> but, funny things, is that I've been able to get the pxelinux.0 file
<jmarsden> Something is still wrong with the TFTP server though... I need to get some sleep too, but I think you should work on getting rid of that error message before going much further.
<acalvo> in the DHCP server settings, under the definition of the subnet, I've added "filename pxelinux.0; next-server IP-TFTP-SERVER;"
<acalvo> jmarsden: ok! thanks for your help!
<jmarsden> No problem.
<_ruben> acalvo: oughta be enough .. i do have quotes around the pxelinux.0 part tho
<_ruben> though the permission denied error does remain strange
<_ruben> perhaps a selinux/apparmor issue?
<_ruben> tho that should show clearly in the logs as well
<acalvo> well
<acalvo> the inetd conf entry for tftp is: tftp           dgram   udp     wait    root  /usr/sbin/in.tftpd /usr/sbin/in.tftpd -s /var/lib/tftpboot
<acalvo> however, looking at some tutorials, I should be able to set up "allow booting; allow bootp;" in the DHCP server
<_ruben> same here
<acalvo> but it seems to be obsolete
<_ruben> dont have those in my dhcp config
<acalvo> so weird
<acalvo> _ruben: are you using dhcp3-server or dnsmasq?
<ashish> hi everybody,i want to configure vicidial on ubuntu server.i hav einstalled ubuntu and vici-inst package but donr what should be next steps i have to follow?
<ashish> any refernce links to configure vicidial on ubuntu?
<_ruben> acalvo: dhcp3-server
<_ruben> wonder how hard it'd be to package dhcp4
<acalvo> I wonder why all linux tutorials seems so straightforward before you really start following the steps
<acalvo> _ruben: could you try a netstat -an | grep 4011 and tell me if there is any output?
<_ruben> nope
<_ruben> as in: no output :)
<acalvo> I don't understand
<ashish> any here who can tell me something about vici dial call center application for ubntu
<Hasbro> ashish try #vici-dial-call-center-application
<Hasbro> This channel's related to the actual Ubuntu-server operating system. Not third party software afaik
<acalvo> well
<acalvo> no luck setting up a pxe boot server
<uvirtbot`> New bug: #403913 in bind9 (main) "package bind9 1:9.5.1.dfsg.P2-1 [modified: usr/share/bind9/bind9-default.md5sum] failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/403913
<autoditac> hi. is it possible to install debian lenny as a kvm guest on ubuntu 9.04 using vmbuilder?
<axisys> where do I find the netboot image for ubuntu server?
<axisys> i used image from http://archive.ubuntu.com/ubuntu/dists/jaunty/main/installer-amd64/current/images/netboot/
<axisys> and that gave me -generic
<BrixSat> hi
<BrixSat> how can i check port forward?
<Daviey> BrixSat: from outside the network, try and connect to the port..
<Daviey> What application is listening on the forwarded port?
<BrixSat> rtorrent
<Daviey> BrixSat: http://www.utorrent.com/testport?port=XXX
<Daviey> change XXX to the port you forwarded
<Daviey> (looks suitable)
<BrixSat> ;)
<BrixSat> does it have to be done in the machine where the port is redirected or it can be done on any other machine on the same network?
<_ruben> axisys: the image is the right one, you just need to use the proper seeds when initiating the install
<axisys> _ruben: i did not do autoinstall .. just network install ..
<_ruben> axisys: still, the selection of the server stuff is done by a seed, tho im sure if its present on the netboot image, i'd guess it is
<axisys> _ruben: my netboot extracts to this http://pastebin.com/f32a01c78
<axisys> _ruben: which file in there would decides for server or desktop image?
<_ruben> the seeds are probably hiding in the netboot tarball .. the pxelinux* files might contain some hints as well
<axisys> _ruben: those files are the extract of netboot.tar.gz ..
<axisys> http://pastebin.com/f27352a8e is the contents of pxelinux.cfg dir's only file default
<_ruben> dunno then .. i've only used the netboot images in conjunction with my own preseed file
<_ruben> here's some hints: http://ubuntuforums.org/showthread.php?t=255249 .. it includes the contents of the server.seed which you could put on a web/nfs/etc server and point to it
<axisys> _ruben: thanks .. let me take a look
<uvirtbot`> New bug: #404099 in openvpn (universe) "please merge openvpn 2.1~rc19-1(main) from debian unstable(main)" [Undecided,New] https://launchpad.net/bugs/404099
<shivek> I don't want my website links to be underlined. What's the html tag for removing the "underline" from hyperlinks.
<biczd> hello
<pmatulis> biczd: hello
<biczd> hello pmatulis
<pmatulis> biczd: w'sup in germany today?
<biczd> i'm tryng to find some example of /etc/network/interfaces for wpa or wep or whatever :)
<biczd> but i'm not in germany :)
<pmatulis> biczd: no?
<biczd> nu
<pmatulis> nu?
<biczd> no :)
<pmatulis> where are you?
<biczd> rome
<pmatulis> ah
<biczd> what about you
<pmatulis> your ip is linked to a german provider
<biczd> and?
<biczd> its a box of my friend
<pmatulis> ok
<pmatulis> setting up wireless on server right?
<biczd> nope
<biczd> its already up
<biczd> need to do something for close it
<biczd> i mean i need something to protect it
<pmatulis> yes
<biczd> and yes is a little homeserver named "accessbox"
<pmatulis> investigate wpasupplicant package
<biczd> done tnx pmatulis
<mathiaz> bdmurray: hi - is there a way to get all the bugs that have been 'fix released' for packages relevant to the ubuntu-server team?
<mathiaz> bdmurray: 'fix released' for a certain period of time (like last week)
<teddy_> is there any problems with using those motherboards with fakeraid? Is it not a hardware version of mdadm?
<bdmurray> mathiaz: relevant to as in a specific list of packages the server team is interested in?
<mathiaz> bdmurray: yes
<mathiaz> bdmurray: https://bugs.launchpad.net/~ubuntu-server/+packagebugs
<RoAkSoAx> mathiaz, if you have some time, could you please review: https://bugs.launchpad.net/ubuntu/+source/ipvsadm/+bug/402718 and sponsor it if it's ok? Thanks a lot.
<uvirtbot`> Launchpad bug 402718 in ipvsadm "Please upgrade ipvsadm from 1.24 to 1.25" [Undecided,In progress]
<mathiaz> bdmurray: I'd like to have a list of bugs that were fixed released during the last 7 days for all packages listed on https://bugs.launchpad.net/~ubuntu-server/+packagebugs
<mathiaz> RoAkSoAx: I'll try to have a look at it.
<mathiaz> RoAkSoAx: I'd also suggest to subsribe the relevant sponsor team - https://wiki.ubuntu.com/SponsorshipProcess
<bdmurray> mathiaz: bugs whose status became fix released or bugs that were changed to fix released by a changelog entry?
<mathiaz> bdmurray: the former
<mathiaz> bdmurray: we'd like to have such a list for SRU purposes
<RoAkSoAx> mathiaz, Yes I already subscribed it. Thanks a lot :)
<mathiaz> bdmurray: and make sure that important bugs are nominated for the SRU process and don't get lost.
<bdmurray> mathiaz: yes, it should be possible with launchpadlib
<bdmurray> mathiaz: that particular url or its equivalent isn't available via the api afaik though
<mathiaz> bdmurray: right - I'm doing screen scraping for this
<mathiaz> bdmurray: I've actually though about publishing a list of relevant packages
<mathiaz> bdmurray: as the url above doesn't cover everything
<mathiaz> bdmurray: especially new packages that are introduced in the archive
<bdmurray> mathiaz: well should those get on that list?
<mathiaz> bdmurray: it could be an option
<mathiaz> bdmurray: but how to discover new packages to add to the list?
<mathiaz> bdmurray: one solution:
<mathiaz> bdmurray: look at all uploads made ubuntu-server team members and add the relevant ones
<mathiaz> bdmurray: I'm doing something similar for the month in the archive post
<bdmurray> mathiaz: I think I have a fair bit of it written
<DDzev> anyone installed Ubuntu 64bit on Dell PowerEdge R610?
<StefanWray> By mistake, we installed Ubuntu Server LTS 8.04 32 bit version on a 64 bit Sun Server. Will this create problems for us?
<ball> StefanWray: only if you want to run 64-bit software or use > 4 Gbytes of RAM  <- this is a guess
<ball> (does 32-bit Ubuntu support PAE?)
<StefanWray> what is PAE?
<mushroomtwo> Physical Address Extension
<ball> a hack to enable > 4 Gbytes of RAM on a 32-bit processor.
<mushroomtwo> on windows machines
<StefanWray> i don't know if Ubuntu 8.04 LTS supports PAE
<ball> mushroomtwo: I think NetBSD supports it, where present.
<mushroomtwo> if you have more than 4GB of RAM, install 64-bit. you'll hate life less.
<StefanWray> mainly curious if there are known issues with running the wrong version of Ubuntu server software
<ball> mushroomtwo: that sounds like good advice
<ball> It's not the "wrong" version, just one of two available choices
<ball> it's only wrong if its a bad match for your application
<ball> (or denies you access to important resources)
<giovani|work> there's very few reasons to install 32-bit on a server
<giovani|work> if your machine supports 64-bit
<giovani|work> desktops are another matter (although not applicable here, just want to be clear)
<StefanWray> our Sun Server X2200 has 2 GB of Ram and is 64 bit
<giovani|work> ball / StefanWray -- ubuntu server's 32 bit kernel does support PAE
<giovani|work> the desktop kernel does not, afaik
<ball> giovani|work: good to know, thanks.
<ball> hello ahe
<StefanWray> so to conclude, we could remain using the 32-bit version of Ubuntu server on the 64-bit Sun Server, and it's not going to be a problem, but we might get better performance if we reinstall the 64-bit Ubuntu server package?
<giovani|work> StefanWray: the performance gain is likely to be minimal for most apps, but for specific ones, yes
<giovani|work> I'd advise installing the 64-bit version regardless
<ball> StefanWray: Depending on your application, I'd try both and do some benchmarking
<ball> Use whichever works best for you.
<StefanWray> our apps are drupal and civicrm primarily
<giovani|work> well, that's PHP as a binary
<giovani|work> you won't see performance gains from PHP on 64-bit
<giovani|work> in the vast majority of cases
<giovani|work> if it's a lot of trouble to reinstall, 32-bit will be fine
<giovani|work> if not, put in the little bit of effort now and go 64-bit
<ball> giovani|work: there isn't a 64-bit php binary?
<giovani|work> ball: there is, but you're not likely to see many gains from typical large php apps
<giovani|work> the 32 vs. 64-bit speed improvements have to be specifically taken advantage of, you don't just fall into performance gains :)
 * ball nods I suppose it's all interpreted anyway.
<giovani|work> it's interesting though -- I haven't seen many people buying x86 small suns
<giovani|work> not that it isn't quality hardware ... just doesn't seem to be common
<ball> I considered it, but eventually went with an HP ML110
<giovani|work> yeah, I'm a fan of Supermicro's gear
<ball> ...lately I've been reading about their blade servers though.
<giovani|work> right now work uses Dells almost exclusively
<giovani|work> but I'm pushing Supermicro
<ball> Does Ubuntu Server work with an HP Smart Array E200 RAID controller (including the ability to check on the health of individual drives)?
<giovani|work> that's a question for HP
<giovani|work> (i.e. does HP provide linux drivers and utilities to check said information)
<StefanWray> With our Sun Server we'll also be pushing through a lot of video, although the streaming server will be on another box, and so will the encoder, so I'm guessing again that upgrading from 32-bit to 64-bit Ubuntu server package will not matter much for that.
<ball> giovani|work: We bought the box with some sort of Linux license, but I don't recall the distro.
<giovani|work> StefanWray: once again, the recommendation is generic -- go 64-bit if you have hardware that supports it, unless you have a specific reason to stick with 32-bit
<ball> I wiped it and installed NetBSD
<giovani|work> ball: typically this is a question for HP support though
<ball> ...which works with the controller to an extent.
<giovani|work> as it's going to likely be a commercial driver
<ball> giovani|work: Hmm... I suppose I could call them.
<ball> We do have some sort of support contract.
<giovani|work> http://cciss.sourceforge.net/
<giovani|work> nope, there's an open source one
<StefanWray> giovani | work: final question: is 2G RAM enough to support 64-bit Ubuntu server, or do we need 4GB?
<giovani|work> StefanWray: the requirements are identical regardless of 32 or 64 bit
<StefanWray> got it . . . thanks
<ball> giovani|work: Perhaps I should ask them whether there's a monitoring utility though.
<giovani|work> ball: yeah, typically the big vendors only provide RPMs
<giovani|work> and often they don't work too well with "non-approved distros"
<ball> Are RPMs binary packages?
<giovani|work> RPMs are RedHat packages, which typically contain binaries
<giovani|work> yeah, HP's support pages lists SuSE and RHEL as the supported Linux distros
<giovani|work> s/lists/list/
<ball> Aha!  cciss_vol_status looks promising.
<giovani|work> indeed
<ball> Excellent.  I'm now actively considering a migration to Ubuntu Server
<giovani|work> if that driver/utility set does what you need, ubuntu offers cciss-vol-status as a package
<giovani|work> http://packages.ubuntu.com/jaunty/cciss-vol-status
<giovani|work> there are other utilities that may be of use to you mentioned on the CCISS website that are offered as ubuntu packages as well -- cpqarrayd, arrayprobe, etc
<ball> giovani|work: that's useful to know, thanks.
<giovani|work> ball: are you new to debian/ubuntu?
<ball> giovani|work: yes.
<giovani|work> what are you used to?
<ball> (can you tell? ;-)
<ball> giovani|work: NetBSD mostly
<giovani|work> ah
<ball> at least on production gear.
<giovani|work> what kind of industry are you serving?
<ball> These days?  A small non profit.  I run NetBSD on the file server and occasional support systems.
<ball> Yesterday I installed a random NetBSD box to do the job of a terminal server)
<giovani|work> gotcha
<giovani|work> the only systems I've run NetBSD on are embedded
<ball> Yesterday's box /should/ be an embedded board, but I don't have any laying around.
<ball> ...and the box only burns about 30 Watts total.
<ball> (40 Watts when it's thinking hard)
<giovani|work> heh
<ball> There is a gap here in my study where the machine used to be.  Thinking about it, perhaps I should have kept the monitor.
<ball> Oh well.
<giovani|work> why do you need it to have a monitor?
<ball> giovani|work: I may also use it for odd router configuration jobs, to look up documentation etc.
<giovani|work> ah
<ball> ...the terminal server role doesn't need (or benefit from) a monitor
<giovani|work> I'd hope not :)
<ball> ...though I suppose they'll also be able to walk up to it and type commands.
<giovani|work> I like role separation
<ball> (but they can do that from anywhere on the LAN now, without resorting to modems)
<giovani|work> between servers and desktops
<ball> giovani|work: agreed, but the terminal server role is trivial enough that it probably doesn't warrant an embedded board purchase.
<ball> ...and using a computer may eventually help with logging.
<giovani|work> I'd love to integrate some FreeBSD here
<giovani|work> but we're all cranky and like everything to conform
<ball> giovani: I'm impressed at how quickly I can bring up a server with Ubuntu Server.  The OS takes a bit longer to install, but I don't have to build all the application software from source.
<giovani|work> heh, yeah, welcome to the world of binary distros ;)
<ball> ...and updates are easier.
<giovani|work> the OS install can be incredibly streamlined obviously
<giovani|work> I haven't done a cd-based install in years
<ball> I'm told that blade servers come with software that lets you install from your desktop.  I suppose with a large enough site you could use something like ROCKS to provision them.
 * ball shrugss
<ball> I need some more modern hardware (the ML110 is on-site and in service)
<BrixSat2> :( i got port's forwarded to the server and still cant access 13000 :S
<ball> 13,000 whats?
<BrixSat2> rtorrent
<ball> Oh, I like rtorrent.
<BrixSat2> ball i cant seed because i do not know
<BrixSat2> online test says that port is not forwarded but in the router it is
<ball> Perhaps your router's broken.  Many seem to be.
<BrixSat2> no it is not it works ok all other ports are ok i added some after and it is ok
<ball> Can you forward 13000 on your router's WAN port to 22 on your server and then ssh in via 13000 ?
<ball> (just to check the forwarding part)
<BrixSat2> yes i can
<BrixSat2> ill do it  in 2 seconds
<BrixSat2> http://campingave.dyndns.tv
<BrixSat2> be right back in 5 minutes
<BrixSat2> try 12000 in ssh ;)
<ball> Why 12000?
<ball> I thought you wanted to test 13000
<uvirtbot`> New bug: #403711 in samba4 (universe) "samba4 cannot mount cifs " [Undecided,New] https://launchpad.net/bugs/403711
<giovani|work> ball: I presume (re: install from your desktop) that you mean something KVMoIP or IPMI based?
<giovani|work> that's present in many machines, including Supermicro's regular servers
<giovani|work> but there's really no reason to be booting from cd, if you have a TFTP architecture in place
<giovani|work> then you can fully automate installs on a per-machine basis with all of the settings customized
<ball> giovani: I suppose which approach you take will depend on how many servers you have to support.
<ball> For me, currently, that's not many.
<giovani|work> I suppose ... with a blade system, you're likely already over the limit of doing things manually if you're smart :)
<ball> I heard IPMI mentioned during the Ubuntu UK podcast as an alternative to the WoL magic packet
<ball> giovani: true.  I'm mostly reading about blade servers because the day may come again when I need more than a handful of servers.
<giovani|work> so, yeah, IPMI rocks
<giovani|work> Supermicro has an awesome implementation of it (do I sound like a big enough Supermicro fanboi yet? ;)
<ball> Perhaps I should read up on that.
<giovani|work> but Dell DRAC and HP iLo aren't bad
<ball> istr Supermicro used to make some well-regarded server mainboards.
<giovani|work> yeah, they still do
<ball> BrixSat2: nmap claims you don't have 13000 open, at least on campingave.dyndns.tv
<giovani|work> they don't make entire ready-to-deploy servers
<ball> giovani|work: any nice socket F systems?
<ball> (I'm drawn to AMD's quad core 40 Watt chip)
<giovani|work> but they make cases, and motherboards, and will sell them together, and you can either place your mb/hd/cpu in yourself, or pay an integrator to do it for you
<giovani|work> however, they've gotten big into the blade market
<giovani|work> they have plenty of Socket F stuff
<giovani|work> (their A+ line is the AMD stuff)
<giovani|work> s/mb/memory/
<giovani|work> but yeah, Supermicro's KVMoIP/IPMI has saved me a few times when machines have broken
<ball> brb, phone
<giovani|work> much less expensive than an IP-KVM device, and less hassle
<ball> ...and that's in the blades, or in the chassis?
<giovani|work> ball: both, their IPMI stuff is becoming standard built-in to their higher-end boards
<giovani|work> for the lower-end ones, it's usually a $50-100 add-in card that you plug into the motherboard on a special slot
<ball> Does HP's ILO let you do comparable things?
<giovani|work> kind of
<giovani|work> it's probably more a matter of preference
<giovani|work> the Supermicro stuff actually runs a *nix on the IPMI board
<giovani|work> which you can script up and hack nicely
<giovani|work> I prefer it
<giovani|work> but the iLO and DRAC stuff is more corporate-friendly, definitely
 * ball ponders
<giovani|work> I'm sure there's a demo system up somewhere
<ball> I have to go, sadly.
<ball> giovani: where are you btw?
<giovani|work> ball: NYC
<giovani|work> you?
<ball> Illinois
<giovani|work> Chicago area? or outside?
<ball> Outside
<ball> If I lived in Chicago I'd probably be working more.
<giovani|work> ah ok, I was just in Chicago last week on business
<ball> Closest I've got lately is Brookfield Zoo
<giovani|work> downtown wasn't too nice to stay in
<giovani|work> every eatery closed at 9-10
<giovani|work> difficult when you're working until 10pm every night :)
 * ball nods
<ball> I like food, me
<ball> I have to go, but I shall return.
<ball> giovani: thanks for your help.
<giovani|work> no problem -- talk to you later
<Daviey> ball: IPMI really is the good stuff.. Out of band control.. iLo is also good
<Daviey> (don't bother with the iLo upgrade tho)
<giovani|work> Daviey: iLO has an IPMI compatability layer I think
<ball> Daviey!
<ball> Do both ILO and IPMI let me install an OS on a server that's across the campus (or across the room)?
 * ball misses serial consoles
<ball> Same question for Sun ILOM.
<ball> kirkland: ping
<Byron_> hello everyone.
<Byron> I'm using vsftpd and I can't seem to get a newly created user to have FTP access
<ball> Hello Byron
<Daviey> ball: both IPMI and iLo provide a serial console functionailty
<Byron> Also, I can't see to FTP outside of my given IP through the router.
<Byron> Hello ball
<ball> Daviey: I meant real, old-fassioned serial consoles ;-)
<Daviey> ball: However!  I have previously installed Ubuntu on totally remote servers, with just ssh :)
<ball> ...but it's good to know that similar functionality is available via IP now.
<ball> Daviey: don't you need some sort of LOM to ssh into bare metal?
<Daviey> ball: IPMI and iLo rely upon on a soft serial console.. so the OS still needs to be setup as you normally would
<Daviey> ball: nah.. just preseed, set grub, and ssh into debian-installer :)
<ball> Daviey: ah, so doesn't work with a bare machine then?
<Daviey> ball: you either need VNC or similar to setup windows to allow you to, or if it's already a linux box - ssh in and set a minimal instatter
<Daviey> ball: iLo and IPMI work with bare metal, yes
 * ball nods
<ball> ...but your ssh example requires something in-situ
<ball> Anyway, it's good to know.
<Daviey> ball: you need to redirect the bios output to the fake serial port.
<ball> Daviey: was it just me, or was there an implication in the kirkland interview that Xen was just for machines that lack hardware virtualisation?
<Daviey> ball: hmm.. i've installed Ubuntu on remote windows and linux with just VNC or ssh.
<Daviey> ball: Well many will agree that xen is largely dead on modern hardware..
<ball> That's interesting.  It's not a view that I've encountered elsewhere.
<ball> Anyway, kvm seems to have some interesting capabilities
<Daviey> ball: I've only got a couple of xen servers left, and they are slowly being moved over to kvm
<ball> I want to ask kirkland for clarification on some of them, but that will have to wait until I get some other things done.
<Daviey> ball: TBH Xen doesn't even work that well on Ubuntu in my experience.. it takes some poking
 * ball nods
<ball> Not surprising if people have been concentrating their efforts on KVM
<Daviey> When Citrix bought Xen, they didn't keep the work flow going like it was before
<ball> ugh.  phone.
<Daviey> ball: you need to remember that Xen isn't even linux in the form we know it.. It's a huge patchset, that constantly needs tweaking to work with modern kernels
<giovani|work> ball: so, Supermicro's IPMI extensions (KVMoIP) work on bare-bones machines
<giovani|work> you don't need anything installed
<ball> Daviey: I'd rather run something that appeared to the guest OS as though it were basically bare metal
<ball> Thanks giovani
<ball> Ironically that phone call was about a device with a serial console that just hung for no readily-discernable reason.
<ball> I'll have to read up on KVM when I get back home.
<ball> I have about 45 minutes to run out and do a bunch of chores.
<Daviey> ball: I think you missed what i said. :)
<ball> Daviey: which part?
 * ball is confused now.  It sounds as though kvm is preferable for Linux servers.
<ball> (virtualisation thereon)
<jpds> ball: It is?
<ball> jpds: that's the impression I get from the podcast and from the conversation I've just had here.
<Daviey> It is.
<ball> I liked the idea that the hypervisor can throttle back the clock if a server is lightly loaded too.
<Daviey> I was dubious of the choice to favour kvm over xen in Ubuntu.. However, it was the correct choice :)
<Daviey> ball: Well the main bottleneck is often disk IO.. and using kvm OR xen these can be prioritised per instance.
<Daviey> Using KVM you can also better prioritise other resources.
<ball> Daviey: This is stuff I need to learn, but I'll have to annex half of Mrs. ball's machine to get started (hers has amd-v)
<ball> I shouldn't try this on the production server.
<Daviey> no.. best to learn on a test box
 * ball nods
<ball> Daviey: pity I'm not in a position to buy a development server.
<ball> Oh well
<ball> I'll be back later, perhaps when you're snoring.
<Daviey> :)
<Daviey> ball: see if you can aquire a spare one at work :)
<ball> Daviey: we only have the one.  Might be an idea for us to secure a backup server at some point.
<ball> bye!
<BrixSat2> ball thanks
<jpds> BrixSat2: Too late!
<BrixSat2> jpds i know :(
<BrixSat2> why does my stupid thomson  does not make port forward correctly :@
<Byron> How do I create a FTP user for vsftpd? I seem to have all the requirements but it won't go online
<Byron> err, it won't connect
<jj__> hello
<jj__> help openvpn
<jj__> http://pastebin.ubuntu.com/231513/
<jpds> jj__: Try looking for more info with: tail -n 20 /var/log/daemon.log
<Byron> IIRC, I just need to add the user/password and I'm all set
<jj__> openvpn.log the file is empty
<jj__> Install openvpn via apt
<jj__> create certificates
<jj__> configuration server.conf
<jj__> when I / etc / init.d / openvpn start me from that mistake
<JordiGH> Are backports automatically pinned low?
 * JordiGH checks.
<JordiGH> They're not!
<JordiGH> Hm.
<JordiGH> This is a big difference from Debian.
<ScottK-desktop> It is.
<ScottK-desktop> It's on the list for things to change.
<JordiGH> Oh well, I can pin manually.
<maccam94> I need run a command on bootup. do i need to write an rc script for this (if so, how?) or is there an easier way?
<maccam94> *to run
<jj__> Jul 24 23:39:14 debian ovpn-server[3280]: Warning: Error redirecting stdout/stderr to --log file: /var/log/openvpn/openvpn.log: No such file or directory (er
<jj__> rno=2)
<jj__> Jul 24 23:39:14 debian ovpn-server[3280]: OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
<jj__> Jul 24 23:39:14 debian ovpn-server[3280]: Note: cannot open /var/log/openvpn/openvpn-status.log for WRITE
<jj__> Jul 24 23:39:14 debian ovpn-server[3280]: Cannot load DH parameters from /etc/openvpn/easy-rsa/keys/01.pem: error:0906D06C:PEM routines:PEM_read_bio:no start
<jj__>  line
#ubuntu-server 2009-07-25
<sseiersen> How do I set a static IP?
<ball> hello zul
<artillerytx_> any of yall know where in the bios i can change the fan speed?
<artillerytx_> on a dell
<ball> artillerytx_: generally you don't.
<ball> ...though there may be a setting that lets you choose "full" or "auto"
<ball> ...how old is the server?
<artillerytx_> ball: oh okay i thought there might be a quiet option cause this thing is loud
<artillerytx_> 2005 i think
<ball> That's old enough that it may be permanently jammed in "full" ;-)
<artillerytx_> man
<artillerytx_> that sucks
<artillerytx_> are there any program i can download to monitor fan speed
<ball> artillerytx_: that's up to your firmware I think.
<artillerytx_> apparently there is an update
<artillerytx_> that might help
<ball> Perhaps
<ball> ...depending on the hardware and mood of the chap who wrote the firmware
<artillerytx_> so i was installing ubuntu server on this computer originally and i couldn't get the nic to work and someone suggested using the desktop version instead ... saying i can use it the exact same as the server
<artillerytx_> and now i have no idea what to install
<artillerytx_> or should i just install ubuntu server on this computer
<ball> artillerytx_: do you intend to use it as a server, or a desktop?
<artillerytx_> ball: i want to host a few domains off of it
<artillerytx_> ball: so yeah as a server
<ball> I'd install Ubuntu Server then probably.
<artillerytx_> ball: alright
<artillerytx_> and if i want a gui i can just install it later
<ball> I'm told that's possible, but it's not something that appeals to me.
<ball> If you want a GUI then it's a Desktop.
 * ball shrugs
<artillerytx_> yeah
<artillerytx_> i dont really care cause once i set this up i can just use webmin
<artillerytx_> and throw this in a closet
 * ball doesn't know webmin
<artillerytx_> oh
<artillerytx_> what do you use your server for?
<ball> Which one?  The Ubuntu one is just a Web server and it lets me experiment with various aspects of Ubuntu Server.
<artillerytx_> oh okay...
<artillerytx_> have you ever set up a dns server
<ball> I have never needed to.
<artillerytx_> oh
<ball> ...though I've had DNS records on other people's servers
<artillerytx_> yyea this is a first for me
<ball> hello infinity
<chrislabeard> Hey guys if i want to set up ubuntu server to host a domain and i have a dynamic ip how would i go about doing that
<ball> chrislabeard: I've done that
<ball> I had to tell my router to keep dyndns updated.
<ball> ...and forward port 80 to the Ubuntu Server box
<ball> ...that was about it.
<chrislabeard> ball: okay so i need to still register a dns with dyndns
<ball> You're not registering a dns with them, you're registering a hostname as a subdomain of one of theirs
<ball> ...or I suppose the hostname doesn't /have/ to be the same as the subdomain that you create.
<ball> My Ubuntu Server box is called delia, but you can find her at http://potch.endoftheinternet.org/
<ball> "potch" is the part I chose, "endoftheinternet.org" is one of their domains.
<chrislabeard> oh okay but can't you get a dynamic dns from them and then host your own domain names
<ball> chrislabeard: possibly, but if you really want to host a domain of your own, it's best to use a static IP address.
<ball> hello dralik
<chrislabeard> ball: and not a dns
<ball> You would still use DNS records with a static IP address
<ball> I did for years.
<ball> ...obviously that was done without the need for dyndns
<chrislabeard> ball: yeah but can't i host my own dns server and make it dynamic
<ball> That doesn't sound like a sensible combination.
<ball> If you need a local DNS for some reason, don't use an Internet connection with a dynamic IP address.
<ball> I have to go
<chrislabeard> what do you do if you want to host more than 1 domain off of one server
<chrislabeard> okay
<chrislabeard> does webmin still exist
<ScottK> chrislabeard: It does, but it's not in the Ubuntu repositories.
<chrislabeard> ScottK: i found it
<chrislabeard> thanks
<ScottK> chrislabeard: People here tend to speak well of ebox.
<chrislabeard> ScottK: oh really hmm
<chrislabeard> ScottK: I'm really new to this
<chrislabeard> ScottK: just found a tutorial about webmin
<ScottK> It's also packaged for Ubuntu.
 * ScottK doesn't use either, so has basis for an opinion.
 * ScottK has helped people fix systems broken by webmin.
<ScottK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<chrislabeard> ScottK: yikes how do i get rid of it it than ?
<chrislabeard> ScottK: i just installed it
 * ScottK has no idea.
<infinity> Install it in reverse? :)
<chrislabeard> lol
<infinity> If you haven't actually configured anything with webmin yet, it probably hasn't broken anything.
<infinity> But yeah, it's notorious for being off in la-la-land about how it takes over your syste,
<chrislabeard> ScottK: yikes so is there no way to uninstall it though
<chrislabeard> or remove it
<ScottK> There is, I just don't know what it is.
<infinity> Once you go webmin, you can never really use any other tool, nor have sane conffile updates from packages, nor even make sense of the config files at the CLI hald the time.
<infinity> s/hald/half/
<ScottK> Consult the webmin documentation.
<chrislabeard> # apt-get --purge remove webmin
<infinity> I've never used ebox, so can't really say if it's any good, but I know a fair few people at least spent some time TRYING to make it vaguely integrate sanely in Debian/Ubuntu.
<chrislabeard> it just looks like webmin has alot more tutorials
<ScottK> It's been around longer.
<ScottK> Doesn't mean it's better.
<ScottK> All you need is one tutorial if it's right.
<chrislabeard> yeah
<chrislabeard> it looks like webmin cripples xbox in features though
<chrislabeard> if it doesn't work i can just throw in the lake
<chrislabeard> just testing this out right now
<chrislabeard> any of yall every set up mysql
<infinity> Not much to "set up", unless you need specific performance tuning.
<chrislabeard> well for some reason webmin keeps telling me connection to localhost failed and i can't login
<ScottK> This really isn't the place to get help with webmin.
<chrislabeard> ScottK: oh is there a channel sorry
<ScottK> chrislabeard: No idea.  Whether there is or not, doesn't have an effect on if this is the place to get support for webmin.
<chrislabeard> ScottK: yeah there is sorry guys
<chrislabeard> So if i install LAMP during the ubuntu server install that pretty much installs everything i need to run a web server
<infinity> Depends on what you do with it.  It installs apache, php, and mysql, as advertised.
<chrislabeard> k
<chrislabeard> when you are editing the network interfaces file ... what does network pertain to
<chrislabeard> ?
<chrislabeard> i understand gateway which is the router and never heard of broadcast or network
<chrislabeard> looks like network is just 192.168.0.0
<Deevz> So how do people work with headless server?
<Deevz> Do they have some sort of utility to access the CLI from another comp?
<ScottK> Deevz: ssh
<Deevz> Secure shell?
<ScottK> Yes
<Deevz> does ssh server come packed with ubuntu server?
<ScottK> It's an option at install time or you can easily install it later.
<artillerytx> How do you tell apache how much space it can use?
<_ruben> you dont
<artillerytx> oh
<artillerytx> can anyone help me figure out why i can't login to my ftp server ?
<artillerytx> i added a user using webmin and had porftpd installed and it keeps telling me login incorrect
<_ruben> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<artillerytx> yeah but its better than ebox
<_ruben> apparently its not good enough
<_ruben> since it aint working for you
<_ruben> anyway, im out
<artillerytx> duece
<DrNick_> hi. does anyone have any good experience with running ubuntu server on fujitsu hardware? in particular the PRIMERGY RX200 series? I tried several releases ago - it detected the disk controllers OK, but struggled with the Broadcom Fibre card
<orogor> hi here
<orogor> i got a small issue with dhcpd which doesn t start on boot
<orogor> anyone has an idea?
<RoyK> orogor: probably a typo in the config file - check the logs
<alex_joni> orogor: make sure the service is added to the proper runlevel
<orogor> humm
<orogor> apparently it sstarted but not with the good conf or something
<orogor> it doesn t get alease by the service buyt does when started manually
<RoyK> do you have a symlink for the dhcpd under /etc/rc2.d ?
<orogor> got only S24dhcdbd
<RoyK> and that links to where_
<RoyK> ?
<orogor> ../init.d/dhcdbd
<orogor> script says dhcdbd provides a D-DBus interface to dhclient
<RoyK> well
<RoyK> cd /etc/rc2.d
<RoyK> ln -s ../init.d/dhcpd S25dhcpd
<orogor> .
<alex_joni> ,
<orogor> RoyK,  root@pascalou:/etc/rc2.d# ls ../init.d/dhcpd
<orogor> ls: cannot access ../init.d/dhcpd: No such file or directory
<alex_joni> sounds like dhcpd isn't there..
<alex_joni> you sure you installed it?
<alex_joni> dpkg -l dhcpd
<Maleko> folks
<Maleko> if i install a guest os inside vm on a ubuntu server box, how do i make the guest os uses the server box ip?
<orogor> no package matching
<RoyK> Maleko: don't install a guest os on a guest os
<orogor> also when i do /etc/init.d/networking restart , it hangs on DHCPRELEASE on eth1 to 82.227.228.254 port 67
<Maleko> RoyK: ha..sorry?
<orogor> when doing it manually iot doesn t try to realease and it doesn t get stuck
<Maleko> i have ubuntu 8.10 on my server box and i thought of testing drive intrepid ibex in vm on that server
<RoyK> isn't 8.10 == intrepid ibex?
<Maleko> eh sorry i mean 9.04 Jaunty Jackalope
<Kimf> Any good tools to get reports from logs? Or any web interface for viewing logs?
<uvirtbot`> New bug: #404514 in lsb (main) "lsb_release crashed with ImportError in <module>() (dup-of: 383697)" [Undecided,New] https://launchpad.net/bugs/404514
<uvirtbot`> New bug: #400492 in bind9 (main) "Rebuild bind with --enable-fixed-rrset" [Wishlist,New] https://launchpad.net/bugs/400492
<anirban> The module could not find the mount point for your home directories filesystem /home. Quotas editing has been disabled. How can I fix it in Virtualmin ? I am in Ubuntu 9.04 . Ref : http://mr-euro.com/virtualmin-suexec/
<uvirtbot`> New bug: #404574 in samba (main) "package samba-common 2:3.2.3-1ubuntu3.5 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/404574
<magg> hi, im a new user of ubuntu
<magg> someone can suggest me a good tutorial for manage ubuntu??
<iulian> Bleah.
<Scix> I'm trying to install ubuntu server 9.04 on a HP PL ML110 with a embedded SATA RAID. however when disk-detect is runned, i'm resiving these two error messages: "ERROR: either the required RAID set not found or more options required" and "no raid sets and with names: ".ddf1_disks"" and the installer freezes. Anyone who has a solution?
<giovani> Scix: this is a fakeraid controller?
<Scix> yes
<giovani> any particular reason you want to use it?
<giovani> Scix: ?
<Scix> giovani: Yes it is. It's a fakeraid controller
<Scix> embedded on the motherbord
<Scix> sorry, didn't see your last message
<Scix> i need it so i can set up a RAID 1, on a realy cheep but important server
<Scix> it works in opensuse, but i want ubuntu on it
<Scix> is there a better alternative? The server is goint to work as a KISS SMB and CUPS server
<jmarsden> Scix: Just use software RAID instead?
<Scix> yes, i considered that, but is it safe enough?
<jmarsden> Yes :)  It is in some ways safer than fakeraid, because worst case you can migrate the drives to a different machine for recovery...
<Scix> me like :) But now it's barbecue time, so i have to look into it later? Thanks for all help :)
<jmarsden> No problem.
<uvirtbot`> New bug: #404623 in samba (main) "Samba shares created by smbclient are read-only" [Undecided,New] https://launchpad.net/bugs/404623
<grkblood13> i am running an ubuntu server for a site that i want google to crawl more, is there a way to make it more crawler friendly or is it just base on the number of hits?
<jmarsden> grkblood13: http://www.google.com/webmasters/docs/search-engine-optimization-starter-guide.pdf
<giovani> grkblood13: and just to be clear, that's highly unrelated to ubuntu
<kc8pxy> what could cause my apache server, managed by webmin, and virtualmin, to quit being accessible from the same switch, with onyl the addition of shorewall between the internet and the webserver?  accesing the webserver from the interwebs is fine,  it's just from the lan that's not working anymore.
<kc8pxy> this is an ubuntu 8.04 32-bit server.
<giovani> kc8pxy: unfortunately, that's not really enough information to diagnose -- can you log into the server, and run a few commands in order to troubleshoot?
<kc8pxy_> giovani: yes..  what commands?
<giovani> kc8pxy_: well, "netstat -anp | grep :80" as root (so, prepend "sudo " if you're running this as a non-priv user) to start
<giovani> you can copy and paste the output to a pastebin (like http://pastebin.ubuntu.com/)
<kc8pxy_> giovani:  weird..   it's not letting me from the lan.
<giovani> kc8pxy_: this is why I first asked if you were able to log into the server
<giovani> it sounds like you've misconfigured your network settings on the server, or the switch has been misconfigured, or something even less common
<kc8pxy_> giovani:  weird.. i can login to it from outside the friewall,  but not from inside it.
<giovani> kc8pxy_: the firewall is on a physically separate machine, right?
<giovani> a network diagram would help here -- since your description is a little unclear
<kc8pxy_> giovani: comming
<kc8pxy_> giovani: entry to the system is a DSL modem. plugged directly to the modem is eth0 on a debian lenny box running shorewall. eth1 has a switch pullged into it,  and the web server, as wwell ass several others,  and several workstations are plugged into it.
<kc8pxy_> tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
<kc8pxy_> it won't let me sudo, i obviously need to fix that.
<giovani> it sounds like you either have a broken network
<giovani> or possibly some iptables rules preventing access from the local lan
<artillerytx> someone told me last night how to do this but i can't get the transcript how do i check the computers temperature in terminal
#ubuntu-server 2009-07-26
<artillerytx> anyone have experience with setting up name servers?
<pmatulis> !search sensors
<ubottu> Found: sensors, lm-sensors, lmsensors
<artillerytx> ... so if im setting up a server and dns ... how exactly does the domain mydomain.com know that the name servers are hosted as ns1.mydomain.com
<artillerytx> because i don't think it will take ns1.mydomain.com as a dns server
<jmarsden> It works fine.  As an example do    dig computeroptions.net ns    and notice that both nameservers are with the domain concerned.
<artillerytx> i followed this - http://beer.org.uk/bsacdns/
<artillerytx> and when i try to change the name servers on my domain it says that the one i created is invalid
<artillerytx> or am trying to use
<jmarsden> You need to tell your domain registrar what machines are nameservers for your domain.  if it says they are invalid, then most likely your newly created nameserver is not working right, and when the registrar check it they discover that and so won't let you set your DNS servers to a non-working server.
<artillerytx> oh okay...
<artillerytx> i did everything in that tutorial except to see if its working which i don't know how he did that
<jmarsden> Do you need to troubleshoot your new server and make sure it works and believes itself to be authoritative for the domain concerned.
<jmarsden> Ever heard of the dig command? :)
<artillerytx> never
<jmarsden> man dig
<artillerytx> um
<artillerytx> well maybe you can tell me if what im doing is completely wrong or not... I want to host a couple domains off my ubuntu server
<artillerytx> so im creating a dns server
<jmarsden> Sounds fine as long as you know enough to run a DNS server :)
<artillerytx> I want to learn but it seems like i can't grasp exactly how it works
<jmarsden> DNS is just a global tree of databases so you can look up names and get numbers (IP addresses) back, and look up Ip addresses and get names back.
<artillerytx> right... So if i have a domain lets say apples.com and i want that one to be the one that has the name servers associated with it like ns1.apples.com ... i added a master zone and then the name servers
<artillerytx> and than what do i do domain side
<pmatulis> artillerytx: who will be using this dns server to look up your domains?
<artillerytx> pmatulis: what registrar ?
<artillerytx> i just thought anytime you want to host a domain on a certain server you have to enter in the name servers and tell the hosting service this domain should look in this virtual folder
<jmarsden> artillerytx: Does that newly created nameserver *work* ?  Can you query it (with dig) and get the answers you expect?
<jmarsden> Until it works, telling your registrar to use it as a master DNS server is not a good idea...
<artillerytx> jmarsden: when i do digg @apples.com it says no server could be reached
<jmarsden> artillerytx: Use the Ip address sicne it is not yet registered :)  dig @12.34.56.78 apples.com
<artillerytx> k
<artillerytx> im behind a router i should probly open the ports
<giovani> artillerytx: apples.com is the domain, not the address of the server, I imagine
<giovani> there's no need to forward ports if you're testing internally
<artillerytx> okay
<jmarsden> What does    dig @12.34.56.78  apples.com   do when 12.34.56.78 is the local IP on your LAN of the DNS server machine?
<artillerytx> i tried dig @xx.xx.xx.78 longhornpcrepair.com and it says connection timed out
<artillerytx> oh lol
<jmarsden> Where xx.xx.xx.78 is a local IP address?
<artillerytx> okay i'm seeing the name servers
<jmarsden> You are testing internally...
<giovani> artillerytx: then either your DNS daemon isn't running, or there's a firewall in the way
<jmarsden> So, now use dig to check all the info you expect (MX records, A records, etc).  When you know they are all there, you'll need to straighten out your router/firewall so the rest of the world can see this DNs server.
<artillerytx> alright im seeing the name servers i created earlier
<giovani> where are you seeing them?
<artillerytx> on the local ip
<giovani> you said dig failed and said connection timed out
<artillerytx> i was using the public ip
<artillerytx> its been a long day
<artillerytx> now i can open the ports
<giovani> ok, well if you have an A record for that domain ... then the answer should've been printed
<artillerytx> oh where is says SERVER:192.168.1.2#82(192.168.1.2)
<artillerytx> woops
<artillerytx> the #number is the port i open
<giovani> no
<giovani> DNS is run over port 53
<artillerytx> forgive me if i sound super idiotic this is just very new and strange
<artillerytx> Okay so what do i need to do so that my registrar will let me use ns1.apples.com
<giovani> well you're in the middle of a topic you haven't really learned yet, so it's normal for it to be new and strange
<jmarsden> artillerytx: Straighten out your firewall so the world can see your DNS server on TCP and UDP port 53.
<giovani> artillerytx: you need to register your nameservers with your registrar, each registrar has different ways of doing this
<jmarsden> Then ask your registrar to use your server as the master DNS server for your domain.
<jmarsden> Until your newly created DNS server exists (and works) on the Internet, your registrar is unlikely to let you use it, because for everyone except you, it does not yet really exist :)
<giovani> I don't know of registrars that prevent you from using inactive DNS servers
<giovani> but he'll need to register his nameservers first if he wants them to be referenced as nsX.apples.com
<artillerytx> okay well i opened the port 53
<jmarsden> artillerytx: Do you have a way to test frm the outside?  ssh to a remote machine and dig from there to @yy.yy.yy.yy apples.com where that is your public Internet Ip of the DNS server?
<artillerytx> how do i check and see if the world can see it
<artillerytx> jmarsden: no i don't
<jmarsden> Or tell me what the IP and apples.com are and I can test it from here... :)
<artillerytx> can i PM you ?
<jmarsden> Sure.
<giovani> artillerytx: this isn't a secret, you've already pasted your domain name into the channel
<giovani> and your nameserver's IP can't be private
<artillerytx> thats true
<artillerytx> well my domain isn't apples.com
<giovani> I'm aware
<giovani> you pasted it earlier
<artillerytx> Oh okay
<artillerytx> haha sorry i trust you guys
<giovani> well trust us or not, the channel is logged on the internet
<artillerytx> k
<artillerytx> so it would be @75.43.20.78  dns1.longhornpcrepair.com
<artillerytx> i guess
<giovani> no ...
<giovani> we're not looking for an A record for dns1.
<giovani> but yes, your DNS server is reachable from the internet
<giovani> so you can continue setting things up
<artillerytx> hooray
<artillerytx> argg still not taking it
<artillerytx> is there something special i need to do to get them to take it
<giovani> artillerytx: I told you that you need to *register* your name servers first
<artillerytx> how do you do that
<ball> kirkland: ping
<ball> Goodnight everyone
<uvirtbot`> New bug: #404768 in bacula (universe) "package bacula-director-mysql 2.4.4-1ubuntu5 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/404768
<Skaag> how do I get pure-ftpd to recognize a symlink?
<nai1sirk> Has anyone enabled SELinux on a ubuntu server?
<andy1234124> hi
<andy1234124> I can't setup apache2 mod_rewrite properly under ubuntu(it works well under windows, but not ubuntu).
<andy1234124> anyone there?
<RoyK> andy1234124: works for me (tm)
<RoyK> have you enabled it?
<andy1234124> yes.
<andy1234124> Royk: yes
<andy1234124> it works for some pattern
<RoyK> erm
<RoyK> ok?
<RoyK> it's still only apache - the code is the same
<andy1234124> under windows, all the patterns are ok. but under ubuntu, some are ok, some don't work.
<RoyK> what versions of apache?
<andy1234124> apache2.2
<andy1234124> there are apache2.conf, http.conf, sites-enabled/000-default, i am not sure which file should I add the rules?
<giovani> andy1234124: this is probably much more relevant for #apache (they probably know more definitively)
<andy1234124> giovani: thanks
<andy1234124> RoyK: thanks
<giovani> my initial guess is either your rules are for a different version syntax, or they weren't written to spec initially, and now they're broken in the newer version, or there are some minor differences between the *nix/windows versions
<andy1234124> ah, interesting. I moved the rules into that specific directory, then it works
<giovani> you said some were working, some weren't
<giovani> that doesn't really make sense if they were in the wrong directory
<andy1234124> no. i put those things globally inside apache2.conf
<andy1234124> sorry for the confusion. now i moved them to sites-enabled/000-default, then everything is ok
<andy1234124> but still don't understand why can't put things at the end of apache2.conf.
<giovani> nobody said you can't -- it's just messy, and definitely not scalable
<giovani> you'll appreciate one-config-per-site when you have a few hundred/thousand of them, trust me :)
<andy1234124> :) thanks a lot. i don't know much about apache, i'll definitely read the apache manual ag.
<uvirtbot`> New bug: #404905 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 [modified: /var/lib/dpkg/info/mysql-server-5.0.list] failed to install/upgrade: subproces pre-installation script gaf een foutwaarde 1 terug" [Undecided,New] https://launchpad.net/bugs/404905
<artillerytx> is there no apache module for ebox
<fightskillz> hi, is there a log that shows ssh user actions?
<giovani|notwork> fightskillz: you mean shell commands?  That's up to the shell to record
<fightskillz> my server got hacked this morning, I wanted to see what they did after they ssh-ed in.. assuming they didn't delete their tracks
<giovani|notwork> fightskillz: do you know which user they logged in as?
<fightskillz> not yet, i'm gonna boot up and grab the logs and then decide what to do.. just want to make sure i get them all
<giovani|notwork> well there's no need to "get" them all -- whatever's there is there
<giovani|notwork> presuming the users use the bash shell, they'll have a file in their home directory named .bash_history
<artillerytx> woo i registered my name servers
<artillerytx> how do i remove ebox ?
<giovani|notwork> artillerytx: sudo apt-get remove ebox
<artillerytx> i didn't know ebox wasn't really for web servers
<fightskillz> i'm concerned that they'll ssh in again and delete the log files. but thanks i'll download the home directories too
<giovani|notwork> fightskillz: if the system has been compromised, you shouldn't be placing it back on the network at all, so that shouldn't be a concern
<fightskillz> catch 22?
<giovani|notwork> that's not a catch-22
<giovani|notwork> that's incident response 101
<giovani|notwork> unless you're *trying* to get the attacker to log back in
<fightskillz> ya but how do i look at the log files without putting it on the network
<giovani|notwork> you connect via keyboard, serial console, IPMI, KVMoIP, whatever
<chrislabeard> is there an alternative to webmin thats not ebox
<giovani|notwork> chrislabeard: there are others ... none are supported here
<chrislabeard> giovani|notwork: the only one that is supported is ebox ?
<fightskillz>  ipmi
<giovani|notwork> chrislabeard: yes
<fightskillz> sorry, ignore that
<chrislabeard> giovani|notwork: why ebox sucks
<chrislabeard> giovani|notwork: wait it doesn't suck just takes more time to set up
<giovani|notwork> chrislabeard: because ebox is the only one that works with debian/ubuntu properly
<chrislabeard> excuse me
<giovani|notwork> if it were up to me, none of them (including ebox) would be supported
<giovani|notwork> but clearly there's too much demand to say no
<chrislabeard> yeah
<chrislabeard> cause people like me will just use the web panel instead of actually know whats going on
<giovani|notwork> which leads to many problems down the road
<chrislabeard> yeah
<giovani|notwork> yeah, so I advise against using any kind of "web panel"
<giovani|notwork> for sever administration
<chrislabeard> alright what about like phpmyadmin ?
<chrislabeard> that shouldn't be that bad
<chrislabeard> just mysql
<giovani|notwork> it's bloat, it opens up a host of security risks, and it keeps you from learning how to actually use mysql
<giovani|notwork> but you're clearly free to use it
<chrislabeard> man i'm getting a syntax error when i try to start apache
<giovani> chrislabeard: presumably you mean a syntax error in your config files -- you should check them with "apachectl configtest"
<chrislabeard> mmk
<giovani> (this is in the apache manual, and all over google)
<fightskillz> lol, so instead of taking your advice, I booted my server and downloaded the log files before shutting it down again..  within 10 seconds iftop was showing a bunch of ssh connections from other ips. i'm still looking through the logs but looks like they never actually got in. one set of hackers were brute forcing usernames and the other brute forcing passwords, what's funny is it's been going on for days and i only noticed it or t
<fightskillz> hought to look after seeing suspicious apache log. i've gotta get on top of this
<giovani> yeah ...
<giovani> this is why IDSes are useful
<giovani> you would've seen it instantly
<fightskillz> agreed i've been a fool. a FOOL!
<giovani> or even just log monitoring
<chrislabeard> you guys know of any way to be able to see my webserver inside my network .. it works fine outside my network but i can't go to the live url and see it
<giovani> chrislabeard: you can use its internal ip
<chrislabeard> giovani: true
<giovani> or have your internal dns resolve the external domain to your internal ip
<chrislabeard> is this working http://75.43.20.78:80/ for you guys
<fightskillz> It works!
<chrislabeard> hooray
<chrislabeard> what about http://longhornpcrepair.com
<giovani> chrislabeard: yep, it works
<chrislabeard> great
<fightskillz> ditto
<chrislabeard> no i need to figure out how exactly virtual hosts work
<giovani> apache has great docs on the subject
<chrislabeard> yeah im reading it right now
<chrislabeard> so whenever i want to host another domain i create another virtual server add a new record to my dns server and that should be good
<chrislabeard> im still reading thats just what im assuming right now
<chrislabeard> so each domain has its own virtual server
<fightskillz> dns will direct requests to your ip address, vhosts will direct those incoming requests based on port and requested domain/subdomain to a folder
<giovani> chrislabeard: no, there's no "virtual server"
<giovani> just a virtual name host
<chrislabeard> giovani: yeah sorry
<giovani> presuming you want all of your sites to be on the same IP
<giovani> if not, then you use ip-based virtual hosts
<chrislabeard> alright.. so i have a new domain i assign my dns servers to it... they will look on my server to see if i have created a host for this domain
<giovani> ok
<chrislabeard> alright i think i understand how it works now
<Acs> hello
<Acs> I have this entry in my crontab
<Acs> 30 * * * * /home/acs/update.php
<Acs> shouldn't this run every 30minutes?
<Acs> every time the script is ran it writes to a log file and I have log dates an hour apart instead of 30m
<Acs> anyone?
<Acs> is there something wrong with how I set up the time??
<giovani> Acs: no, that's incorrect
<giovani> the first field should be "*/30" to get the job to run every 30 minutes
<giovani> putting 30 in there means that it will run every hour at the 30 minute mark
<Acs> oooohh of course
<Acs> giovani thanks
<giovani> if you know specific minute-marks you want it to run at, you can specify them
<Acs> giovani I really just want this to run every 30 m
<giovani> ok
<giovani> then */30 will be what you want
<Acs> so it will be like
<Acs> */30 * * * * /home/acs/update.php
<Acs> thanks giovani
<giovani> Acs: yep
<chrislabeard> anyone ever setup proftpd?
#ubuntu-server 2010-07-26
<vaporstun> hi all, i installed ubuntu server and it will not boot. just shows cursor blinking with black background
<vaporstun> when i boot into ubuntu server cd, i can tell it to boot from first hard disk and it works fine
<vaporstun> tried re-installing grub, installing lilo, etc. to no avail
<vaporstun> any ideas?
<vaporstun> oh, i am using a 2.2TB hardware RAID array which is properly recognized by the installer and is formatted as ext4
<doolph> what package do ubuntu 10.04 server has for Qos?? I want to use it as internet gateway
<KurtKraut> doolph, I don't belive this could be achived by just installing a package. You'll have to configure from ground to top a firewall with QoS,
<doolph> do you know where to start?
<KurtKraut> doolph, yes: studying iptables firewall.
<KurtKraut> doolph, you'll spend a great effort reading, studying, trying, but at the end, you'll be able to have the most 'cirurgical' QoS and other complex firewall settings.
<Saturn2888> I upgraded to Ubuntu Lucid and now when logging in, I find it takes at least 50 sec just to authenticate me to user and also a long time to authenticate me as root. Why is this?
<Saturn2888> I /did/ notice something like 60 console-kit-daemons loaded. I wonder if they load up every time I log in
<Saturn2888> yes, it's starting them up every time I login. Second, I noticed if I've already authenticated as root, it doesn't take any time to log me in. Something about entering in a password correctly is triggering the creation of all of these
<aitd> Saturn2888: going on memory here, not at work to check my logs, but I had the same problem and I modified the /etc/sshd_config file, appending "UseDNS no" (unsure of correct syntax. Google it. After doing so, the logins returned to a more normal time period.
<Saturn2888> apt-get remove consolekit did not fix the problem,
<bogeyd6> Saturn2888, which authentication method are you using, PAM, LDAP, DOMAIN?
<Saturn2888> PAM I think. I didn't know you could use Domain or LDAP actually bc I'd rather prefer adding domain in :P
<bogeyd6> kkk
<bogeyd6> heh
<bogeyd6> Saturn2888, change your /etc/ssh/sshd_config file to "UseDNS no" and restart the service using sudo /etc/init.d/ssh restart
<Saturn2888> "UsePAM yes" Could I even add "UseDOMAIN yes" ?
<bogeyd6> second you should be using SSH keys to login with SSH and not passwords
<bogeyd6> https://help.ubuntu.com/community/SSH/OpenSSH/Keys
<Saturn2888> meh, it's not online, it's my home network, and I use PuTTY, and it's a bit of a pain to do the key thing. The 1 security flaw about keys is that someone gets the key and no password is needed.
<Saturn2888> is the DNS thing commented out or should I add it? Second, why didn't I have these issues in Hardy?
<bogeyd6> 1 security flaw is anyone sniffs your connect and you lose
<bogeyd6> You should add it
<Saturn2888> What do you mean about sniffing the connection?
<bogeyd6> we need to fix the obvious and lay a good base so we can further troubleshoot, right now you got two big problems
<bogeyd6> Cain&Abel
<Saturn2888> :P
<Saturn2888> login is still slow. I need to restart ssh don't I?
<bogeyd6> really?
<Saturn2888> yeah, still slow
<Saturn2888> http://pastie.org/private/xekad7aqtulkicszgvyuqa
<bogeyd6> i meant "sudo /etc/init.d/sshd restart"
<Saturn2888> wait wait. That's not the whole file
<Saturn2888> ok referesh
<Saturn2888> refresh*
<Saturn2888> it's ssh restart. sshd isn't a service in init.d
<bogeyd6> does the delay occur after you type password?
<bogeyd6> ok now we need to debug
<bogeyd6> ssh -vvv user@server
<bogeyd6> after that we will need to take a look at if you have the update motd script running
<Saturn2888> ok
<bogeyd6> http://www.walkernews.net/2009/04/06/how-to-fix-scp-and-ssh-login-prompt-is-very-slow-in-linux/
<bogeyd6> im out
<Saturn2888> yes
<Saturn2888> after the password. Does it for root too, but does NOT do it when I do sudo su - right after having logged in as root meaning, if I do not authenticate again, I do not have the issue
<Saturn2888> bogeyd6: http://pastie.org/private/1ih8lnt1o9vaal6yuosfaa
<Saturn2888> I also keep seeing domainadmin@grubber:~$ debug2: tcpwinsz: 263536 for connection: 4  at the prompt and can't get rid of it
<bogeyd6> *** System restart required ***
<bogeyd6> *** System restart required ***
<bogeyd6> lol
<bogeyd6> LOL
<Saturn2888> bogeyd6: ? Where is that? And it does the password thing in tty
<bogeyd6> dude, "sudo shutdown -r now"
<Saturn2888> or just reboot :p
<bogeyd6> line 144
<Saturn2888> great, well darn. I wish I'd seen that before
<Saturn2888> Wow, the great feat of Windows tech support
<bogeyd6> hopefully, just hopefully
<Saturn2888> yeah
<Saturn2888> I don't think that's it. I'm almost sure it did that after a restart
<bogeyd6> it will solve it, because your next step is to start PAM trouble shooting and changes lots of things
<Saturn2888> ?
<Saturn2888> I'm getting a keyboard
<Saturn2888> finally, now it's going down. I lost my DHCP lease in the process....
<Saturn2888> logging in on the host machine itself was fast.
<Saturn2888> but it didn't reboot from terminal
<Saturn2888> only from tty
<Saturn2888> but I can't acces sit
<Saturn2888> access* it
<Saturn2888> aw great.. I restarted the wrong server.
<Saturn2888> that was my router. The reason i can't access it is because I'm at the grubrescue> screen. I dunno what to do.
<Saturn2888> booting now. I need to update-grub then grub install into the compact flash drive I have in there. I must've forgotten. then I'll swap out the USB drive with the Compact flash and should be okay
<Saturn2888> if you're wondering, grub2 wouldn't embed into /dev/md0 so I mad /boot on a USB, it worked bu it's so slow. I ended up moving it all to an IDE Compact Flash drive I had sitting around but must've forgotten some stueps
<bogeyd6> sounds like you got alot of work ahead of you
<Saturn2888> yeah, slow in tty1 for sure
<Saturn2888> well this should be about 1 min (after login) to fix GRUB
<Saturn2888> the rest is logging in being slow. It's not SSH-related
<Saturn2888> rebooting it. hoping this time it'll use the compact flash. Maybe it did last time and grub was like "WTF?" Hmmm. The USB isn't large enough to use anyway.
<Saturn2888> bogeyd6: yay works. Ok, back to this problem
<Saturn2888> I think it has to do with something in /etc/pam.d
<twb> Saturn2888: what are you trying to do?
<Saturn2888> login in both ssh and tty is extremely slow taking 30sec to 1min. I am trying to figure out why. I restored an old snapshot of the /etc/pam.d directory, no fix. I wonder what's causing it. Before, i noticed everytime I authenticated, I got a ton of console-kit-daemon --no-daemon processes which I used apt-get remove consolekit to kill. Then I also noticed that if I logged in as root, hit CTRL D, and did sudo su - before the tim
<qman__> Saturn2888, the default motd in jaunty and newer takes some time to process
<qman__> it checks system load and then checks for updates
<Saturn2888> qman__: oh ok. Where is it? I have it not to load over ssh, but that probably just stops it from being displayed
<qman__> Saturn2888, /etc/motd.d
<Saturn2888> hmm only motd.
<Saturn2888> http://pastie.org/private/sty5kobyzckuhinvbx4yuq
<qman__> hmm, must be the wrong path
<qman__> ah
<qman__>  /etc/update-motd.d/
<twb> Saturn2888: what auth methods do you want/try to use?
<Saturn2888> password?
<Saturn2888> superman?
<twb> So you aren't using, say, LDAP, or kerberos?
<Saturn2888> I dunno what you mea
<twb> This is a single-user single-host machine without a network connection?
<Saturn2888> oh oh, no no. I wish. I only found out today it was possible in SSH, didn't even know it was possible for tty
<Saturn2888> I get into it via SSH almost always. it is a single-user machine in that I am the only one using it, but some apps have their own users.
<twb> Oh, you said it's still only taking a minute to boot
<Saturn2888> http://pastie.org/private/sty5kobyzckuhinvbx4yuq
<twb> Unless this is a brand new machine, one minute is *good*
<qman__> yeah, all those scripts run to generate the motd
<Saturn2888> only? no no, boot is a different issue. I'm talking about login
<Saturn2888> like "Ubuntu 10.04.1 Login: "
<qman__> if any one of them takes more than a couple seconds, you're going to notice it
<Saturn2888> after typing in my pass it's like "let's go to sleep now"
<twb> Saturn2888: You mean the delay is after you enter your username and password?
<qman__> and they do on every system I've installed
<Saturn2888> no
<Saturn2888> qman__: ok. So I check them all?
<Saturn2888> twb: it's the delay after entering a correct password to getting to the prompt
<qman__> move the ones you don't care about out of that directory
<Saturn2888> which ones are which? Why are they there?
<qman__> they generate the info that shows up in the motd
<twb> Saturn2888: then the problem is most likely in your .bashrc, .bash_profile, .profile, or other login scripts.
<qman__> system status, updates, zombie processes, that sort of thing
<qman__> it's a convenience feature
<twb> Checking motd is also a good idea, although I *thought* those were updated at boot time, not at login time.
<qman__> not sure when it updates, but I notice with fresh installs that logging in takes longer because of it
<qman__> even on fast hardware
<qman__> and even when logging in long after booting has finished
<twb> Shrug.
<Saturn2888> qman__: do I restart something after doing this?
<qman__> no
<Saturn2888> I'm moreso thinking it's in bash then like twb says
<qman__> just log in and see if it fixes the problem
<Saturn2888> didn't fix it
<Saturn2888> well lemme move more things.
<Saturn2888> yeah,  no fix from even completely moving the update-motd.d folder
<qman__> ok then, must be something else
<Saturn2888> The only thing I changed in bashrc is something I changed on all my other systems, I added the colors
<Saturn2888> maybe something else went screwy. I want to try copying files from one server to this one and see what happesn
<Saturn2888> happens*
<Saturn2888> hmm. did anything change from hardy to now?
<Saturn2888> in the bash rc files
<qman__> they have changed, but I don't think any of the configuration itself has changed
<qman__> just the order and the comments
<qman__> if your question is whether a hardy .bashrc will work on lucid without issues, the answer is yes
<Saturn2888> ok good
<Saturn2888> lemme try swapping the files now. Unless you guys can point me to some default ones
<twb> Saturn2888: put "date --rfc-3339=ns" at the top of your .bashrc
<twb> Then, when you next log in, you'll know how quickly it reaches that point
<Saturn2888> why's that?
<Saturn2888> ooh cool!
<twb> You can also try something like printf "${BASH_SOURCE[0]}:$LINENO"
<twb> I forget the exact syntax
<Saturn2888> For what?
<Saturn2888> 2010-07-25 22:53:50.296067986-05:00   if it's saying it only took 10 sec, that's a lie  so this is saying it's probably def bashrc?
<Saturn2888> I had pasted it in the wrong chat :P
<twb> For when you have a dozen such timestamp lines; it prints out which file/line the timestamp belongs to.
<Saturn2888> oh I see, i want that. I dunno how to lookup the syntax for it. Never done  bash scripting myself
<twb> go onto #bash and ask
<Saturn2888> haha oh yeah
<Saturn2888> 1 min
<Saturn2888> gonna swap out the file first
<Saturn2888> swapping out the .bashrc file didn't fix it either
<Saturn2888> qman__: haha, it's not fixing that way either
<Saturn2888> do you guys know what scripts run when you login? Maybe that's killing it
<twb> Saturn2888: /etc/profile.d
<Saturn2888> nothing in there
<twb> I find that hard to believe
<Saturn2888> twb: http://pastie.org/private/orjqbjlsjizbpw4h9j32pw
<Saturn2888> was there supposed to be stuff in there?
<twb> bash_completion, at least
<twb> Maybe ubuntu moved it somewhere "helpful"
<Saturn2888> hahaha
<Saturn2888> I have some things in /home/user
<Saturn2888> http://pastie.org/private/orjqbjlsjizbpw4h9j32pw
<Saturn2888> twb: Something looks off to me: http://pastie.org/private/3plvoir17bujn2lpljrsha line 19
<Saturn2888> I see something, the if /etc/bash_completion part. That file is in /etc
<Saturn2888> although, this is commented out for root login
<Saturn2888> twb: Oddly enough, it gives me enough time when it's logging in to switch out the .bashrc file.
<Saturn2888> so it's whatever executes before bash
<twb> .bash_profile
<Saturn2888> ok
<Saturn2888> lemme log back in, I wanna also try changing the password
<twb> Whatever; I'm not hanging on your every word.
<Saturn2888> np np, sorry. I might wanna note ,if I type in my password wrong it does that normally
<Saturn2888> the speed that is
<Saturn2888> http://pastie.org/private/xcbagfsqv9ewytwd47bq
<Saturn2888> oops, that was my fault
<Saturn2888> does bash have anything to do with password authentication?
<Saturn2888> if not, that's the new place to look for this because authenticating this password to change it took forever
<qman__> that's pam
<Saturn2888> back to pam then?
<qman__> probably /etc/pam.d/common-auth
<Saturn2888> What could be the issue now?
<Saturn2888> ok
<Saturn2888> http://pastie.org/private/xcbagfsqv9ewytwd47bq
<qman__> well, there you have it
<qman__> you're attempting to authenticate with winbind
<qman__> it's probably failing
<Saturn2888> oh ok, I am?
<qman__> winbind and ldap
<Saturn2888> wait wait, so I can auth as a samba users?
<qman__> what specifically do you mean?
<Saturn2888> oh, this machine is the LDAP server, now I remember. But LDAP stopped working after the upgrade. Ah ha! so I should comment it out
<qman__> that's not going to solve the problem
<Saturn2888> ok
<qman__> that file is now automatically generated
<qman__> you need to fix or remove ldap
<qman__> and winbind
<Saturn2888> ok
<qman__> otherwise, next time the pam update script runs, it'll be slow again
<qman__> you can comment as a temporary solution
<Saturn2888> oh
<Saturn2888> it's okay. I'll just remake my samba users again
<Saturn2888> I have no clue why it's not working anyway
<qman__> winbind/ldap is a separate thing from samba
<qman__> what exactly are you trying to do?
<qman__> you CAN authenticate samba users via ldap/winbind, but they don't by default
<Saturn2888> or was I trying to do. Does uninstalling those fix pam?
<qman__> might, though you might need to purge them
<Saturn2888> I had this as an LDAP master and my other server as an AD server which got users from LDAP on this machine
<qman__> the reason it's taking so long is it's timing out attempting to authenticate against winbind or ldap, or both
<Saturn2888> one of them is gone, the pam-ldap.so use_first_pass is still there. Commenting it out
<Saturn2888> no fix though
<qman__> you only commented it out in one method
<qman__> common-auth
<qman__> it more than likely exists in others
<qman__> and when pam updates again, it'll uncomment
<qman__> you need to fix/remove ldap
<Saturn2888>  pam-auth-update , ran that, didn't fix it though
<Saturn2888> oh oh! fixed
<Saturn2888> I forgot to uncheck samba. weird, at least now I have more control over this
<Saturn2888> Thank you guys so much!
<Saturn2888> I'm heading out
<lwizardl> Hi
<mase_wk> hi lwizardl
<lwizardl> I know Landscape is a payware type of service but does there exist something similar to it for free usage ?
<twb> Depends if you want to babysit both ends
<lwizardl> twb, what do you mean?
<mase_wk> landscape is a service
<lwizardl> well what I am looking for is something that will let me manage everything from a single location
<mase_wk> i think it's proprietary, not entirely sure. But even if it was free, they would still charge for the service.
<lwizardl> I know I could use stuff like cpanel, ebox, webmin, etc to do most of it
<mase_wk> i don't think landscape does what you think it does
<lwizardl> yeah I am not looking for someone else to do the work. more a just a single program versus using shell to handle this, then that, etc
<lwizardl> ah ok
<lwizardl> then I must have been confused
<mase_wk> landscape will let you manage a pool of VM's
<mase_wk> systems etc..
<mase_wk> so packages etc.. on the boxes
<lwizardl> last time I looked at landscape was around the first advertisement date on the server download site
<lwizardl> oh
<mase_wk> cpanel and lanscape do have some crossover in terms of functionality but i think they are fairly different beasts.
<mase_wk> landscape is probably what you want if you ahve a number of servers to manage
<mase_wk> and you want to administer/ provision them automagically
<lwizardl> ok yeah I just have 1 server and 10 domains on it
<mase_wk> you probably don't want ladnscape.
<lwizardl> that I manage manually
<lwizardl> yeah i don't think so
<lwizardl> now if i had like 5-6 servers then yeah
<lwizardl> ok
<lwizardl> thanks
<mase_wk> what are the main issues for you wrt to managing the server via CLI ?
<mase_wk> is it just unfamiliarity or do you need to give other people access to things?
<lwizardl> mase_wk, I am fine with the cli just sometimes people ask for access to this or that
<lwizardl> and then i have to remove it etc
<lwizardl> also would like to be able to have printable charts of usage etc
<lwizardl> there are a few things here and there I don't know how to do but a quick google search usually helps for those
<mase_wk> yeh i understand what you mean. i've had to do something similar with some of my servers  however I basically just created an ldap server, and hooked apache/ postfix / everything else up to the ldap server for auth
<mase_wk> and then wrote a web frontend to which ever parts of the ldap records i wanted people to be able to change
<twb> lwizardl: cfengine, puppet, chef, etc. provide a centralized mechanism for managing a network of heterogeneous systems
<lwizardl> yeah what I was doing was more setup a temp ftp and link to those files needed. and then after the login and they got that file i remove the account
<Roxyhart0> hi there, i need to control which user are accesing p2p connection from internet. Somebody have any idea about any tool?
<lwizardl> Roxyhart0, that seems to be a firewall relationship issue. I would look into ipcop
<Roxyhart0> i mean, p2p is open...i just need to control when the user are downloading stuff with copyright issues
<mase_wk> Roxyhart0: thats pretty hard to do unless you know which files have copyright issues in advance
<lwizardl> Roxyhart0, ah ok I thought you was trying to stop all p2p on the network
<Roxyhart0> no yet
<lwizardl> Roxyhart0, that program i listed has a option to block all p2p traffic on the network, and lots of other stuff. I haven't set one up yet but it will be done this week after my network is installed at the location
<twb> mase_wk: the other problem with landscape (apart from being proprietary) is that the client is only available on Ubuntu
<mase_wk> twb: ah ok so it handles stuff at the application level etc.. too ? i dont use landscape ( b/c it's proprietary )
<twb> AFAIK landscape is basically just a cfengine-type system with the server side, and its web ui, being proprietary
<Roxyhart0> thanks...at the moment identify user who download material with copyright issues. It is more "after" the problem as we still are not going to block p2p
<mase_wk> twb: ah ok. fair enough.
<mase_wk> Roxyhart0: how do you handle encrypted p2p ?
<mase_wk> is this for an office / corp environ or something like a wifi hotspot ?
<Roxyhart0> this is a educational institution
<Roxyhart0> an
<mase_wk> k
<Roxyhart0> and i dont know, but the most of the traffic p2p is not encrypted i suppose?
<mase_wk> not really sure i guess it depends on your users. the most useful way i've managed to combat p2p in an office is by heavily shaping everything that isn't a service we actively use
<mase_wk> and offering to download torrents at high speed on behalf of users. For those that want new distro torrents or other legal things
<lwizardl> I don't think so but most p2p today seems to be torrents and most clients are setup to use encryption
<mase_wk> we had alot of encrypt on our network
<mase_wk> hence why i couldn't really stop it per se
<mase_wk> but i could make it annoyingly slow
<mase_wk> and those that want something quick know they can get it quick if it's legal.
<lwizardl> the ipcop program one of my friends used when he did a bunch of network setup installs for a church community center
<lwizardl> and set it to block stuff like kazaa/limewire/frostwire bittorrents
<Roxyhart0> i will check it, i leasen about ipp2p and Dante(as proxy) as well...but doesn do that im looking to do now
<lwizardl> only thing that still works for what he told me was stuff like megaupload etc and he just added those to the blocked sites
<lwizardl> plus that has a option to setup cache for updates so if you have say 10 computers on the network that all need to get updated it only grabs it once from the internet and the other 9 computers grab a cached version from the firewall
<Roxyhart0> mase_wk, how you can do slow the traffic if you cannt detect if it is p2p? i mean encrypted traffic?
<lwizardl> i think its just a modded version of monowall/shorewall but has lots of nice features
<mase_wk> Roxyhart0: i dont' detect it's p2p , i just shape everything and unshape the protocols we actively use, ssh, http, ssl etc..
<Roxyhart0> ah ok...
<mase_wk> the shaping works well because it's not like it doesn't work. so people just assume the torrents are slow
<mase_wk> esp when generic web access etc.. is quick
<mase_wk> so most of the time they just give up
<Roxyhart0> haha...
<mase_wk> if they complain, they usually complain about a legal torrent, in which case i explain that it's shaped etc..
<mase_wk> and then download it for them
<lwizardl> mase_wk, yup but the more tech people will try and use a proxy and see if that will bypass and get faster
<mase_wk> lwizardl: proxy won't help in this scenario unless it tunnels the p2p over http
<mase_wk> which means your downloading it twice
<lwizardl> ah true
<mase_wk> once remotely and then pushing it through the proxy
<mase_wk> which people who run proxy's don't like either
<mase_wk> same applies to an ssh tunnel
<mase_wk> in both cases people who understand it realise it's easier to do it from home :)
<lwizardl> yeah just saying if someone wants it bad enough they will try other options
<lwizardl> yes
<lwizardl> or look for another wifi spot and try with that instead
<mase_wk> yeh just makign it easier to do something else is usually enough
<lwizardl> yup and then if something happens you have tried to stop people from doing it
<lwizardl> me I plan to offer internet lan access in my store and I want to make 100% or as close as possable to stop any p2p downloading
<Roxyhart0> i read dante works with p2p
<lwizardl> and I also want to try and block access to adult related sites which is both something that the ipcop program does and then it has more options that I can make use of also
<Roxyhart0> i will have a look at ipcop
<lwizardl> yeah the only issue I have seen is that your box you install it on will need to have atleast 3 nic cards installs
<lwizardl> so you can set them for how trusted the network you want Red/Blue/Green
<lwizardl> basically Internal network only, external network only, and both
<Roxyhart0> so, the nic with both is going the trusted traffic?
<lwizardl> yeah
<mase_wk> the adult sites can be handled by blocking dns requests to anything other than your dns servers
<lwizardl> and has full access, external only can visit web sites like google etc, and internal only is for computers you need to do other stuff on like your backend server keep track of POS cash registers etc
<mase_wk> or you can use a service like openDNS
<mase_wk> and only allow dns requests to those dns servers
<lwizardl> mase_wk, yeah I was going just display a generic "sorry these types of pages are not allowed on the network"
<lwizardl> and then also disable the usb ports so people can't bring files from home and save them onto the computers to cause problems
<lwizardl> I want to set the machines to do like the computers at my old college did. after you reset the computer it booted a set system and automatically removed any files a user may have left or installed
<Roxyhart0> can you do that with linux? I know with AD form windows ypu can do, i mean reset policies in clients (windows) but i am not sure if it is possible with linux server, could be great
<qman__> lwizardl, should be pretty straightforward if you build an image and set them to netboot it
<qman__> most of the trouble in setting up a netboot system is the persistent data
<lwizardl> qman__, yeah I think that is what they did
<qman__> but since you don't want any that takes that whole bit out
<qman__> in absence of adequate network resources, you could build a custom live CD
<qman__> but then you'd have to burn a new CD every time you patch it
<lwizardl> yeah and that would be a waste
<mase_wk> Roxyhart0: depends if your clients are linux or windows. I don't believe you can give the windows clients those sorts of profiles from a openldap etc..  like you can with AD
<mase_wk> but if you have linux / osx clients you can
<lwizardl> I will look into that because the computers I am running as internet terminals aren't that great of machines but for just net access they work great
<lwizardl> they are running Ubuntu 10.04
<EvilPhoenix> any idea why when I try and add this to iptables it fails: http://starfleet.pastebin.com/gQtgRsfg
<Roxyhart0> yes the most are windows and mac
<lwizardl> I'm using old Compaq IPAQ desktop computers 550mhz with 256mb ram, and a 10gb hdd
<EvilPhoenix> #netfilter says its the kernel
<EvilPhoenix> i'm not sure what to look for to fix it
<mase_wk> Roxyhart0: well the mac ones with auth against openldap. I don't / haven't used windows clients since 98 so i'm not sure how they will deal with an openLDAP server.
<qman__> mase_wk, they won't
<lwizardl> I keep 1 windows desktop around and thats just for editing commercials from my ReplayTV DVR other then that I'm fully Ubuntu only on the other machines
<qman__> you need samba, and some serious hacks
<mase_wk> qman__: ye figured as much
<qman__> and even then it's only partially working at best
<qman__> ugh
<qman__> upgraded to lucid, it picked a resolution out of range
<Roxyhart0> in the most of the suff are ok, but for apply policies...no unless there are some way that we dont know
<lwizardl> I have 1 windows machine, 1 server, 4 terminals, 2 linux pos computer cash registers, 1 office pc, 1 soon to be firewall, and 1 backend server
<lwizardl> and 3 computers that are soon to be installed into MAME arcade cabinets
<mase_wk> can anyone remember where hardy stored it's getty configuration ?
<Roxyhart0> Hi EvilPhoenix, look this page http://www.shorewall.net/OpenVZ.html
<Roxyhart0> "if you see annoying error messages as shown below during start/restart, remove the module-init-tools package from the VE"
<EvilPhoenix> Roxyhart0:  the issue isnt with OpenVZ, the issue is iwith the kernel image loaded on it
<qman__> mase_wk, the per-TTY configs are in /etc/event.d
<EvilPhoenix> its not reading the modules necessary to detect ESTABLISHED,RELATED connections on iptables
<mase_wk> qman__: thats it . thanks. don't suppose you can copy/paste your getty line from /etc/event.d/tty1 ? I am de-xenifiying a virtual machine
<qman__> yeah
<qman__> exec /sbin/getty 38400 tty1
<mase_wk> thank you
<qman__> no problem
<qman__> now to figure out why my video mode changed
<qman__> so, for some reason
<qman__> video modes that worked fine in hardy, now show 'out of range' after upgrade to lucid
<qman__> if I remove the modeline it works, but obviously it's low resolution
<qman__> video card is an ATi Rage XL
<qman__> don't tell me I need to install grub2 to get more than an 80x25 terminal :/
<KurtKraut> How can I detect the fastes Ubuntu mirror to set in my sources.list file?
<uvirtbot> New bug: #570456 in qemu-maemo "Unimplemented cp15 register write (c9, c12, {0, 0}) with Ubuntu OMAP image" [Medium,Fix released] https://launchpad.net/bugs/570456
<Roxyhart08> hi there, there are someway to identify users by IP address?
<Roxyhart08> i mean who is using an IP?
<binBASH> Roxyhart08: google for host based authentication
<Roxyhart08> thanks
<twb> It depends on a range of factors, like whether you have control of the network and all the machines that use it.
<uvirtbot> New bug: #609979 in mysql-5.1 (main) "aptitude install mysql-server freezes at dpkg" [Undecided,New] https://launchpad.net/bugs/609979
<kim0> Hey folks .. when is the 10.04.1 release
<jcastro> kim0: https://wiki.ubuntu.com/LucidReleaseSchedule looks up to date
<kim0> jcastro: you're da man :)
<hari__> after getting ip from dhcp server.. and only ubuntu lucid image
<_ruben> hmm, speaking of 10.04.1, my desktop vm just announced itself as 10.04.1 .. that's odd
<silentwhisper> good day
<silentwhisper> how can is send mail to jigsneth@yahoo.com
<silentwhisper> how can i send mail to jigsneth@yahoo.com?
<larsemil> silentwhisper: assuming you have a mailaccount, in the to field of your client(webbased or other) you paste the adress. If you prefer you can write something in the subject line. In the usually bigger square you write your email and press send. Some clients require you to press send & recieve button or similar. If your question is about some more server-side stuff like postfix i prefer you alter your question
<Database> Howdy. I recently replaced the motherboard in my Ubuntu Server 10.04 install, and now the network isn't working - is there any way to get Ubuntu to redetect and reinstall the correct drivers without having to reinstall the whole OS?
<Sharcho> Any idea why a fresh install of mysql on a fresh installation of 10.04 gets stuck when running "start mysql"?
<Jeeves_> Database: Do you have an onboard NIC?
<mattt> Database: did your NIC get detected as eth1, or eth2 or something?
<remix_tj> Database: are you sure you nic is invisible? ifconfig -a what says?
<Jeeves_> Database: Your new NIC is probably mentioned in /etc/udev/rules.d/70-persistent-net
<Jeeves_> The old one will still be mentioned there, probably
<Database> hmmm.
<Database> Okay.
<Database> Jeeves_, yes, it's onboard.
<Database> hang on, I'll go check to see if it's detected as eth1.
<mattt> it's probably mapped your old NIC's mac address to eth0
<mattt> not sure what the 'official' fix is, but i usually just grab the new mac address and replace what's mapped to eth0 ... and then remove reference to the newly added device (eth1, eth2, whatever)
<Jeeves_> mattt: Removing that file and rebooting works too :)
<mattt> Jeeves_: does it just recreate it?
<mattt> i like that option better ... cuz when i'm adjusting that file, it's usually over KVM, or something ;)
<Database> okay, so I can just delete /etc/udev.rules.d/70-persistent-net?
<Database> I've found my new NIC is mapped to eth2, so you are right.
<mattt> Database: do the needful
<mattt> :)
<Jeeves_> Database: Removing it is ok. It will be recreated on the next reboot
<Jeeves_> altering it is also ok
<Jeeves_> (and might help you to understand what happens better)
<Database> okay
<Database> It works :D
<Database> Thank you all :)
<mattt> woot!
<uvirtbot> New bug: #610066 in commons-io (main) "Sync commons-io 1.4-3 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/610066
<ivoks> alright, got my laptop back
<chrismat> How do I mirror packages between two systems
<chrismat> there was some command to dump the package list
<chrismat> and to get it on the other system
<Pici> !clone | chrismat
<ubottu> chrismat: To replicate your packages selection on another machine (or restore it if re-installing), you can type Â« aptitude  --display-format '%p' search '?installed!?automatic' > ~/my-packages Â», move the file "my-packages" to the other machine, and there type Â« sudo xargs aptitude --schedule-only install < my-packages ; sudo aptitude install Â» - See also !automate
<chrismat> thanks ubottu
<Pici> You're welcome ;)
<chrismat> !clone
<ubottu> To replicate your packages selection on another machine (or restore it if re-installing), you can type Â« aptitude  --display-format '%p' search '?installed!?automatic' > ~/my-packages Â», move the file "my-packages" to the other machine, and there type Â« sudo xargs aptitude --schedule-only install < my-packages ; sudo aptitude install Â» - See also !automate
<chrismat> !clone
<chrismat> !automate
<ubottu> Ways to automate installation of Ubuntu on multiple machines are described at https://help.ubuntu.com/10.04/installation-guide/i386/automatic-install.html - See also !cloning
<a_ok> I have an active connection to an iscsi target. I have added an extra lun to this target, however the added volume does not show up at the server with the active connection. How can I make it recognice the change without breaking the connection?
<TuxSax> hi all
<ivoks> kirkland: ping
<TuxSax> ping you too!
<TuxSax> I have a question about UEC
<TuxSax> anybody home?
<jiboumans> TuxSax: just go ahead and ask the question; if anyone here has the answer I"m sure they'll share
<ivoks> jiboumans: hi there
<ivoks> long time no see
<jiboumans> ivoks: hey
<ivoks> i know you hate me :)
<jiboumans> ivoks: hah, yeah i dodge the channel ;)
<jiboumans> ivoks: kirkland's boarding a flight right now
<ivoks> ok
<jiboumans> with a little luck he's back online in ~3-4 hours
<TuxSax> I was thinking about setting up our own private could at our company, and I'm trying to understand how exactly can we benefit from it's use
<TuxSax> I still don't get a simple answer to what exactly a could is
<jiboumans> TuxSax: well that depends a lot on your needs i suppose
<TuxSax> * cloud
<TuxSax> let me tell you what I was thinking and you can tell me if I'm in the right direction
<jiboumans> TuxSax: out of curiousity, did you see http://www.ubuntu.com/cloud and cloud.ubuntu.com/ yet?
<TuxSax> we have needs for linux servers, from time to time we need to add a server, or to upgrade/reinstall an old one
<TuxSax> Yes, but the "human readable" information I was trying to confirm doesn't exist there, a lot of buzz but not a real simple answer to what I need
<TuxSax> I was thinking about setting up a initial setup of two or three servers, according to ubuntu documentation a basic cloud consist of one controller and one or more nodes
<TuxSax> so I was thinking about setting up a couple of servers, and be able to add more nodes as I migrate some of the services I already run, to virtual servers, and then some of the hardware that get's free will become new nodes
<jiboumans> TuxSax: yeah, you can set up the management components on a single machine and then add single servers as nodes
<jiboumans> tuxsax: this talks you through it https://help.ubuntu.com/community/UEC/CDInstall
<TuxSax> my question is, if I set up, let's say five nodes servers, does it mean they all run as a kinda big single server sharing their hardware and storage or I've got the wrong concept?
<TuxSax> I don't have problems with the setup or the howto, I know the documents online, I just want to be sure I understand the concept
<jiboumans> tuxsax: if you use s3 and ebs, yes you can consider the storage as one big shared pool
<TuxSax> when they talk about running an "instance", does it mean I can run a LAMP server in one instance, and an FTP server on another instance and so on?
<ivoks> you have multiple servers
<ivoks> it's not one big server, like HPC cluster; it's pile of virtualized servers on top of couple hardware servers
<TuxSax> is an ubuntu cloud comparable to VMWare ESX or Citrix ZenServer hypervisors?
<ivoks> all independet
<jiboumans> TuxSax: UEC is actually exactly comperable to Amazons EC2
<jiboumans> the virtualization is one part of that
<ivoks> it's much more than ESX :)
<TuxSax> what I'm trying to gain is scalability, so if I run 5 virtual servers and let's say I feel a bit of load in the system, I can add another node to share the load?
<TuxSax> YEah, also Amazon EC2 is something I'm trying to understand, it's the same concept
<jiboumans> tuxsax: if your system benefits from more hardware, then yes of course that works
<jiboumans> if you add a node, you can run more virtualized servers basically
<TuxSax> what I didn't get about Amazon was that in the howto they said "remember to stop the running instance, you're paying as long as it's running"
<jiboumans> tuxsax: amazons billing scheme is based on the amount of hours the instance is 'up'
<jiboumans> (idle or not)
<jiboumans> tuxsax: with UEC, your system is in house so you don't have to pay amazon ;)
<TuxSax> but if I run a server to server files for other people, what good can be to close the instance?
<TuxSax> I can't imagine what service could I possibly want to run for only several hours...
<jiboumans> tuxsax: if you're using an instance, obviously you wouldn't turn it off
<TuxSax> anyway, I prefer to run my own cloud, I was just trying to understand Amazon's service
<TuxSax> so, the work load of all the instances is load balanced among all the "available hardware" of nodes?
<Jeeves_> TuxSax: I still don
<Jeeves_> 't get it..
<TuxSax> so if my five instances are running a little slow and I add two new nodes, all of them will benefit from this "processing power" addition?
<jiboumans> tuxsax: it's not balanced automatically, no
<TuxSax> mmm, then? who decides on what node every instance runs?
<TuxSax> Jeeves_: what exactly you still didn't get?
<schweppp> hi guys. have a weird problem. virtualbox on win7 host, guest os is ubuntu server. pinging the server on 192.168.0.40 sometimes replies from 192.168.0.41??
<Jeeves_> TuxSax: The whole use/idea behind this Cloud stuff
<TuxSax> Jeeves_: That's exactly what I'm trying to understand too...
<Jeeves_> TuxSax: Please, do keep on trying. Maybe I'll get the picture too, some day :)
<TuxSax> jiboumans was trying to help me out here but he dissapeared on me... ;-)
<jiboumans> TuxSax: sorry, i'm on calls for the next 90 mins
<TuxSax> oh, you're on duty...
<jiboumans> tuxsax: if you're only looking to virtualize your current hardware, you may want to look at just running KVM
<jiboumans> tuxsax: beyond that, and the UEC/EC2 feature list is the best explenation at the moment, a personal cloud may make sense
<TuxSax> you mean to run KVM on top of a cloud?
<jiboumans> tuxsax: no, just kvm on the hardware
<TuxSax> jiboumans: I think that what I actually need is http://www.beowulf.org/overview/index.html
<TuxSax> a cluster that allows me to share the load of a few virtual servers that run on top of the cluster
<TuxSax> and then having the option of adding processing power, if needed, by adding more nodes to the cluster
<TuxSax> I was sure that a cloud could give me the same...
<TuxSax> guess not...
<ivoks> nope
<ivoks> that's hpc cluster
<uvirtbot> New bug: #610103 in migrationtools (main) "package suggests editing an installed non-conffile for normal operation" [Undecided,New] https://launchpad.net/bugs/610103
<ivoks> TuxSax: note that your app would have to be cluster aware
<TuxSax> HPC?
<ivoks> TuxSax: if you plan to have web server, then you just need lots of hardware to set up apache load balancing
<TuxSax> I don't actually mind what exactly to use as long as it gives me what I need
<ivoks> you need to scale load on multiple servers, right?
<TuxSax> right now I have a few servers that run several tasks, not only apache
<TuxSax> a couple of apache servers, a couple of DNS, a network tool server, a backup server, and similar
<ivoks> what's the load? is it network connections or cpu load?
<ivoks> you basically need high availability cluster with load balancing option
<TuxSax> so I was thinking about taking one or two and start a kind of cluster or cloud and move to there those services, and then, once a service is moved from a physical server to a virtual server on the cloud/cluster
<ivoks> doh...
<ivoks> let me guess what you want :)
<TuxSax> I could take the free hardware, reinstall and make it join the cluster/cloud as a new node, thus adding more power to the main system, then I can migrate another services to there and free up another box
<ivoks> you have multiple services?
<ivoks> right?
<TuxSax> and so on, get the idea?
<ivoks> ok, let's say you have 4 servers, each 4GB of RAM and two cores
<ivoks> that means you have 16GB of RAM and 8 cores to use
<TuxSax> yep, that's more or less the kind of servers I have
<ivoks> you can set up cloud on top of that
<TuxSax> but instead of running 4 different ubuntu servers that each one does something
<ivoks> meaning you can have 8 virtual machines, each could have its own core and 2GB of RAM
<ivoks> (more or less)
<ivoks> you could have 16 servers, with each 512MB of RAM
<ivoks> or you could mix
<TuxSax> ok, but what you're saying is that the load distribution is kinda static and predecided
<ivoks> two servers for DNS, each with 256MB of RAM
<ivoks> exactly
<ivoks> nothing would scale automaticaly
<ivoks> and beowulf isn't for DNS/web/etc...
<ivoks> it's for computing
<TuxSax> on what stage do I have to decide? when creating a new instance?
<ivoks> instance = running operating system
<ivoks> so, you could do with it what ever you want
<ivoks> having cloud for just scaling apache on multiple machines is pointless overhead
<AndyGraybeal> is there documentation on Ubuntu-Server 10.04 for RAID... i see this page: https://help.ubuntu.com/community/Installation/SoftwareRAID  <--- which is for ubuntu 9.10 -- is htis also applicable to 10.04?
<ivoks> think of cloud as a pool of hardware
<ivoks> if you have 4 hardware servers, you could set up multiple machines on top of it... 4, 8, 16, ... 256
<jiboumans> smoser, ping
<ivoks> but of course, 256 virtualized machines won't work as good as just 4, since hardware is limited
<TuxSax> but it has to be a multiple of a total
<smoser> jiboumans, here.
<jiboumans> smoser: hi, you're tough to get a hold of
<ivoks> no, it can be any number :)
<smoser> this morning has been a bear
<ivoks> TuxSax: you know what KVM is?
<ivoks> or vmware
<jiboumans> smoser: sorry to hear =/ is now a good time for a call, or should we try later in the week?
<TuxSax> yeah, just played around a bit with it on my PC
<ivoks> vmware manages multiple virtualized machines, right?
<smoser> now is good. jiboumans
<ivoks> so you can have 2,3,4... virtualized machines on one server
<TuxSax> yep
<ivoks> so, cloud would be the same thing with one exception
 * ccheney brb, rebooting irc box
<jiboumans> smoser: cool, join me on mumble?
<smoser> y
<ivoks> it wouldn't be one server, but 4 or how many of them you have
<TuxSax> but when you run an instance from the cloud, what really happens? the server runs a kvm session on one of the nodes?
<ivoks> exactly
<TuxSax> well, not exatly KVM I guess
<ivoks> it's kvm
<TuxSax> what runs in beneath?
<TuxSax> kvm itself?
<TuxSax> nice
<ivoks> kvm is virtualization layer
<TuxSax> but I don't have to care much about it, right?
<ivoks> bellow it there's eucalyptus that decides where to run what
<TuxSax> the cloud manager makes it happen
<ivoks> right
<TuxSax> kvm is the so called "hypervisor" ?
<ivoks> yes
<ivoks> now i'm sorry, but i have to go
<TuxSax> fine, so what the cloud actually gives me is the ease of managing?
<ivoks> :)
<TuxSax> ok, thanks for your info!
<ivoks> it merges all your hardware
<ivoks> this isn't something you can achive with kvm by it self
<ivoks> you have pool of ram, cpus, etc...
<ivoks> and it has potential to automaticaly start an instance once your load is high
<TuxSax> so it does merge the sum of all hardware, so if I move a service to a new cloud instance and I get a free server, I can add a new node and gain more power to the pool?
<ivoks> but i'm not that much into cloud to know if that's available now
 * ccheney back
<ivoks> yes
<TuxSax> cool, then it does give me what I planned!
<TuxSax> you've been a real aid, ivoks!
<TuxSax> now it all makes sense
<TuxSax> 10x a lot
<ivoks> (i have never used cloud in my life)
<ivoks> :D
<TuxSax> I'll try and tell you how it feels... ;_0
<ivoks> more power = more available cpus and ram
<ivoks> it won't automaticaly add cpus to instances :)
<hggdh> Daviey: morning/late afternoon
<Daviey> hggdh, Hello sir, good trip back?
<hggdh> Daviey: fantastic, slept about 8 hours of the 10-hours flight :-)
<Daviey> \o/
<hggdh> Daviey: you were going to upload a new euca 2.0 -- did you?
<AndyGraybeal> anyone want to help a newb through raid configure in 10.04?  i did this back in 8.10, i got it to work without much pain.
<Daviey> hggdh, Hmm.. not today.. nothing urgent changed.
<AndyGraybeal> i can either start after i install the server or before i install the server, i got 5 drives, 4 of which need to be part of the array, and the first 1 is the boot drive.
<AndyGraybeal> i got 4 300gb drives, and ultimatly i'd like to get like 10 raid, w/ 500gb
<hggdh> Daviey: OK. I will go back to the basics, and will start trying it on Maverick, from all-in-one
<Daviey> AndyGraybeal, Install time is much easier IMO.
<Daviey> hggdh, Good idea.. i'm doing the same
<AndyGraybeal> Daviey: okay thank you for the insight.  i'm a little confused by the partitioner program.  i go to "Configure Software RAID" and it says i's gonna change the partitions on the first drive (which is not necessarily what i want, i think atleast)  is this correct procedure?
<AndyGraybeal> i want the first drive not in the array, but the next 4 in the array
<Cubber> for some reason I cannot get any of my scripts that use sendmail to send mail when they are run via cron
<Cubber> they work perfectly when ran at the CLI
<Daviey> AndyGraybeal, it's a two stage process...  Ignore the first drive to start with.. and create a new raid partition on the others.
<Daviey> then you get the raid device as a block device (ie, the installer sees it as a disk)
<AndyGraybeal> Daviey: thank you agian,
<Cubber> a basic script I am trying to test with to send the mail, if I use a proper email it works from CLI not cron, cron will run the script and do the commands within however it just wont send the mail and there is no log of an attempt in any of the /var/log/mail.* files
<Cubber> http://pastebin.com/ryuup4UB
<Cubber> 00 5 * * * bash /scripts/test >/var/log/backup/test >/dev/null 2>&1
<Cubber> that is the entry in crontab
<Cubber> these scripts work perfectly on my gentoo server
<TuxSax> Cubber: when running a script from crontab you need to be sure the full paths for all commands are exact
<Cubber> so sendmail for instance
<Cubber> interesting that they work fine in gentoo as is but I will edit it with the full path to sendmail and try
<hggdh> Daviey: \o/ we now have access to ppa.lp.net under tamarind!
<TuxSax> Cubber: if you run the /scripts/test script and on the script it says "command bla bla bla" it should be "/path/to/command bla bla bla"
<TuxSax> what cron program you use on gentoo? vixiecron?
<Cubber> yes
<TuxSax> perhaps the difference comes from there
<Cubber> probably thank you for the info I will test
<Cubber> looks like sendmail is in /usr/sbin/sendmail
<Daviey> hggdh, Yes!  I was going to say - but i saw they CC'd you \o/
<Daviey> Makes life easier, eh? :)
<hggdh> indeed it does :-)
<\sh> hey hggdh...
<TuxSax> I always put all the commands with full paths under a variable on my scripts, so when calling them I don't need to worry
<hggdh> \sh: cheers, how are you?
<\sh> hggdh: fine so far...a bit tired after a hard weekend of datacenter work (moved 4 racks from one city dc to another city dc)
<TuxSax> so for sendmail I'd set a variable called MAILER=/usr/sbin/sendmail or whatever mailer is used
<TuxSax> then later on on the script I'd use $MAILER bla bla bla
<hggdh> \sh: and I had a bout of insomnia last week, and netted just under 20 hours of sleep in 7 days...
<TuxSax> ok, I'm outta here, see ya all
<AndyGraybeal> okay.. i got it.. it was confusing because i have to first 'partition' the drives... geesh
<\sh> hggdh: oh but looks like that I have to force myself to not sleep tonight, because I have to deploy some machines till tomorrow morning...
<hggdh> \sh: then... Welcome to the Sleepless Club. We are glad to have you here, and all that ;-)
<\sh> hggdh: btw...the tool I talked about is released...launchpad.net/dc2
<hggdh> \sh: looking at it now
<\sh> hggdh: on my blog there are more informations...and on dc2.sourcecode.de
<hggdh> \sh: cool, thank you. Any intention of packaging?
<\sh> hggdh: more docs are coming this and next week when I'm back on normal sleep schedule
<hggdh> heh
<AndyGraybeal> Daviey: thank you for the hand holding.
<\sh> hggdh: it's not ready for packaging, but we are planning to finalize V1.0 and to do packaging for debian and ubuntu,we need some more deps packaged before we can do the real upload :)
<hggdh> \sh: no prob. I am really interested in checking it
<Daviey> AndyGraybeal, awesome
<\sh> hggdh: people from the FAI group already got some hints...http://michael-prokop.at/blog/2010/07/08/report-from-fai-developer-workshop-072010/ <- this is the report from the FAI developer workshop there are some infos about the tool
<hggdh> \sh: so I understand you will eventually deploy FAI/(DC)^2 at work?
<\sh> hggdh: it's already deployed here at my company
<\sh> hggdh: it's already working since more then a year :)
<hggdh> \sh: heh. Feedback from the field is good, I guess :-)
<\sh> hggdh: I already have a lot of feedback several admins from dif. companies do want to have this...they are eager to test it :)
<hggdh> \sh: cool. I will bring this up here then
<silent1mezzo> Hey, I just installed Ubuntu Server onto an old server.  Everything worked fine until I restarted.  Now I'm getting this error: "I9990301 Hard disk drive boot sector error" and then "I9990305 Operating System not found
<RoyK> silent1mezzo: might be there's a bad sector or two on it...
<silent1mezzo> is there a way to test this from Ubuntu?
<RoyK> silent1mezzo: boot on the cd and use badblocks
<silent1mezzo> ok thanks
<RoyK> if the system is just installed, using _destructive_ read/write might be a good idea
<RoyK> just keep in mind you'll need to reinstall afterwards
<silent1mezzo> whats _desctruve_read/write?
<RoyK> but boot on the live (desktop) cd - I don't know if badblocks is on the server cd
<RoyK> silent1mezzo: it overwrites data on the harddisk to check for bad sectors
<RoyK> non-destructive testing may not find errors that easily (or at all)
<silent1mezzo> ok
<silent1mezzo> thanks
<RoyK> but destructive doesn't mean it messes with your hardware
<RoyK> that is - if you have data on a drive that you want out, don't do anything like that - just get the drive out and as fast as possible and don't write to it, but then, this doesn't seem to be the case - right?
<silent1mezzo> aye
<silent1mezzo> this is, I've formatted my disk, installed the os and tried to boot it
<RoyK> how much memory do you have in the box?
<silent1mezzo> 8gb
<RoyK> oh - that'll suffice :)
<silent1mezzo> lol
<RoyK> what sort of drive is this?
<silent1mezzo> older 3.5" sata drive...don't remember the make/model
<RoyK> ok - try badblocks
<silent1mezzo> ok, will do
<RoyK> man badblocks once you're running on the live cd
<silent1mezzo> aye, I'll have to download/burn the desktop cd first
<RoyK> k
<silent1mezzo> thanks RoyK
<RoyK> np :)
<RoyK> mind, if the memory isn't ECC, it might be a good idea to run memtest86 to see if something's wrong
<RoyK> well, even if it _is_ ECC, if it's an old server....
<Jinxed-> I have been trying to get simple vlan trunking working for the past 5 hours, and thus far all i have managed to do is make my wireless "not managed"
<Jeeves_> Jinxed-: :)
<Jinxed-> note: currently im using the desktop version, not server edition
<Jinxed-> I installed vlan
<Jeeves_> Jinxed-: And that's about it :)
<Jinxed-> and set net.ipv4.ip_forward = 1
<Jinxed-> I also edited the /etc/network/interfaces configuration
<Jeeves_> add interfaces in /etc/network/interfaces like so 'auto ethX.<vlanid>'
<Jeeves_> And that should be it.
<Jinxed-> Here is my current config: http://paste.ubuntu.com/469425/
<Jinxed-> a diagram of my simple setup: http://imgur.com/MJm6t
<Jinxed-> two laptops on different vlans and one laptop to route between them
<RoyK> what sort of switch is this?
<RoyK> there are several trunking protocols - does yours support 802.1q?
<Jeeves_>  'auto eth1'
<Jeeves_> that shouldn't be there, you're not configuring that one
<Jinxed-> cisco
<Jinxed-> 2960
<RoyK> yeah, but cisco what?
<RoyK> any letters after that?
<RoyK> cisco has lots of different software versions
<Jeeves_> RoyK: Cisco2960 is a normal switch
<Jeeves_> the 2960 is new, and supports dot1q
<RoyK> ok
<Jinxed-> I already checked the config on the switch it is setup for 8021q
<RoyK> ok
<RoyK> just asking
<Jinxed-> haha no i appreciate it
<Jeeves_> Jinxed-: And what interfaces do you get on the machines?
<Jinxed-> Not sure I understand your question
<RoyK> on ubuntulap, what does 'ifconfig' say?
<Jeeves_> Jinxed-: What RoyK says :)
<Jinxed-> http://paste.ubuntu.com/469426/
<RoyK> no vlan interfaces are up there
<Jeeves_> Nope
<RoyK> an interface can be in 802.1q mode or non-802.1q mode - not both
<Jeeves_> Jinxed-: And what happens if you type 'ifup vlan10' ?
<RoyK> imho eth1 shouldn't be up at all
<RoyK> perhaps that's what's blocking it
<Jeeves_> RoyK: That's true.
<Jeeves_> But it may be up
<Jeeves_> I mean, it's allowed to have a untagged interface
<RoyK> if an interface is in 802.1q mode, it will need vlan tagging. if you send untagged frames to a switchport defined as a trunk port, the frames will be discarded
<Jinxed---> sorry that last command got me kicked off
<RoyK> (OTOMH)
<Jeeves_> RoyK: That's not true.
<Jeeves_> You are allowd to configure an native vlan on a trunk
<RoyK> Jeeves_: what should the switch do with those packages then? send them to all vlans?
<Jinxed---> I have not seen anything after when Jeeves asked what happens if you type ifup vlan10
<silent1mezzo> RoyK: it was the disk :P I just tossed it and installed it onto a new disk...Runs fine
<Jeeves_> untagged packets will be send on the native vlan
<Jinxed---> My wireless device is now not managed again
<RoyK> silent1mezzo: :)
<Jinxed---> and it said
<Jeeves_> Jinxed-: You're not trying to do vlan's over your wireless interface, are you?
<Jinxed---> Set name-type for vlan subsystem should be visible in /proc/net/vlan/config
<Jinxed---> added vlan with vid == 10 to IF -:eth1:-
<Jeeves_> Jinxed-: That's ok.
<Jinxed---> nope
<Jeeves_> That means that it created eth1.10 for you
<Jeeves_> (so it works)
<RoyK> Jinxed---: what is eth1 - the wired or the wireless interface?
<RoyK> silent1mezzo: remember to remove those supermagnets from the dead drive :D
<silent1mezzo> most definitely, already got a use for them
<J3ckyl> wired
<uvirtbot> New bug: #610150 in mysql-5.1 (main) "autocompletion doesn't work" [Undecided,New] https://launchpad.net/bugs/610150
<Jinxed---> RoyK how do I tell?
<RoyK> J3ckyl: why do you have an IP set on eth1?
<J3ckyl> Royk, why do I? or why do you?
<RoyK> J3ckyl: lshw will show you the mac address assigned to each interface iirc, and ifconfig will show the mac address
<RoyK> J3ckyl: sorry - wrong guy
<Jinxed---> ok
<Jinxed---> checking
<RoyK> Jinxed---: on most laptops I've been out for, eth1 is _usually_ the wireless card
<RoyK> can't be sure, though - the actual numbering is defined by udev
<RoyK> that is - wait - the wireless shouldn't really be ethx, it should be wlanx or something
<RoyK> eth0 for the wired one
<RoyK> but then again - check /etc/udev/rules.d/70-persistent-net.rules
<Jinxed---> ok im confused what am i looking for
<RoyK> Jinxed---: can you pastebin /etc/udev/rules.d/70-persistent-net.rules and the 'lshw' output?
<RoyK> there's another potential issue I've ran across - that the GUI network manager overrides /etc/network/interfaces
<RoyK> the latter isn't meant to be used on a desktop
<RoyK> and iirc you're running this on a desk- or laptop setup, right?
<Jinxed---> yeah
<Jinxed---> ok i got back online with my ubuntu laptop
<Jinxed---> about to send links
<Jinxed-> hello
<Jinxed-> http://paste.ubuntu.com/469435/
<RoyK> Jinxed-: if you can use something else than ubuntu desktop for this, it'll help a lot
<Jinxed-> http://paste.ubuntu.com/469434/
<Jinxed---> that is what this computer is for
<Jinxed---> but it's hard to pastebin the files not on the ubuntu laptop
<RoyK> Jinxed---: wlan0 and eth1 has the same mac address, so that's your wireless interface
<RoyK> eth0 is wired
<Jinxed---> ok, so in the /etc/network/interfaces
<Jinxed---> i should change everything that is eth1 to eth0
 * RoyK has never used VLAN tagging with linux
<RoyK> Jinxed---: try
<Jeeves_> Jinxed---: Yes, that would work better, I think :)
<RoyK> Jinxed---: looks ok
<Jinxed---> hmm
<Jinxed---> ok now when i do ifup
<Jinxed---> it kills my wired connection
<Jinxed---> guess it's time to ping
<RoyK> Jinxed---: pastebin the config again
<\sh> RoyK: vlan tagging is easy
<RoyK> \sh: not my problem - Jinxed---  is the one trying :)
<Jeeves_> \sh: Yes, it it. But not if you're trying to trunk on your wireless :)
<Jinxed---> everyone keeps telling me it's easy
<Jinxed---> im not trying to do my trunk on wireless
<\sh> Jeeves_: well, I wonder why someone wants to do that
<Jeeves_> Jinxed---: It is easy. If you understand what the hell you're doing ;)
<\sh> apt-get install vlan
<\sh> vi /etc/network/interfaces
<Jinxed---> did that
<\sh> auto vlan<vlanID>
<Jinxed---> did that
<Jinxed---> did that
<\sh> iface vlan<vlanID> inet static
<Jeeves_> \sh: Barking up the wrong tree  here :)
<\sh> address bla
<RoyK> Jinxed---: I didn't say it's easy - just pastebin the config again
<\sh> netmask foo
<Jinxed---> ok
<\sh> gateway foobar
<Jinxed---> one sec
<Jeeves_> \sh: I guess we're just too smart ;)
<\sh> vlan_raw_device <your real trunking interface like eth0 bond0 or whatever>
<RoyK> \sh: we have the docs as well
<Jeeves_> \sh: Shall we create #ubuntu-server-experts and charge admission fees? :P
<\sh> Jeeves_: why? it's written all over the googlenet...e.g. http://www.mysidenotes.com/2007/08/17/vlan-configuration-on-ubuntu-debian/ ;)
<Jinxed-> http://paste.ubuntu.com/469438/
<\sh> direct hit..."ubuntu vlan"
<RoyK> Jinxed-: still eth1
<Jeeves_> \sh: Why? To make money, duh :P
<\sh> Jinxed-: you have to s/\-/\_/g
<Jinxed-> opps
<\sh> on all vlan_raw_devices lines
<Jinxed-> old pastebin
<Jinxed-> http://paste.ubuntu.com/469442/
<Jinxed-> current interfaces
<\sh> then you need to check your switch that it has all allowed vlans for trunking
<\sh> Jinxed-: again - instead of _
<RoyK> Jinxed-: and as \sh said, s/-/_/g
<RoyK> :%s/-/_/g
<RoyK> :Ã¾
<Jinxed-> http://paste.ubuntu.com/469446/
<Jinxed-> current trunk setup
<\sh> http://paste.ubuntu.com/469447/ <- thats a vlan trunk interface with source based routing (or policy based routing)
<RoyK> Jinxed-: did you change - to _ ?
<Jinxed-> in what file
<\sh> Jinxed-: /etc/network/interfaces
<\sh> Jinxed-: and I don't see any vlan config on your switch just the already enabled vlan 1
<\sh> which is a default
<RoyK> Jinxed-: sh vl
<RoyK> Jinxed-: conf vl ....
<Jinxed-> http://paste.ubuntu.com/469448/
<RoyK> can't see any tagged ports there
<Jinxed-> that first paste was just a detailed look at interface f0/4
<Jinxed-> if you look
<Jinxed-> f0/1 is vlan 20
<Jinxed-> sorry
<Jinxed-> f0/1 is vlan 10
<Jinxed-> f0/2 is vlan 20
<Jinxed-> f0/3 is vlan 30
<RoyK> sure, we can read
<RoyK> but I don't see any trunk ports
<Jinxed-> :/
<Jinxed-> the trunk port doesn't show in a show vlan
<RoyK> they don't?
<Jinxed-> it is f0/4
<Jinxed-> you will notice it is missing
<Jinxed-> it is subtle
<RoyK> anyway - did you change - to _ in /etc/network/interfaces?
<\sh> Jinxed-: on f0/4 there is no alloweded vlan
<Jinxed-> http://paste.ubuntu.com/469446/
<Jinxed-> Trunking VLANs Enabled: ALL
<Jinxed-> RoyK, yes
<RoyK> ok
<\sh> oh my f...god..what switch is that? ;)
<Jeeves_> Jinxed-: Can you copy an show running config please?
<Jinxed-> yep
<\sh> with tcpdump you can even see tagged packages btw
<RoyK> \sh: cisco 2960
<Jinxed-> http://paste.ubuntu.com/469450/
<Jeeves_> Ok
<Jeeves_> only port 1 and 4 can be trunks
<\sh> Jinxed-: you know the difference between access and trunk?
<Jinxed-> yeah
<RoyK> I don't think you can mix access and trunk
<Jinxed-> switchport mode access will make the port on a vlan
<\sh> Jinxed-: what you configured is native vlan 10 on f0/1 and no alloweded trunked vlans
<Jinxed-> switchport mode trunk makes the port a trunk
<Jeeves_> \sh: If you configure no vlans on a trunk, it accepts all.. Right?
<Jinxed-> eh sorry im not using f0/1
<Jinxed-> you can ignore it
<\sh> Jeeves_: not on our switches
<Jeeves_> And indeed 'switchport mode trunk' is needed
<Jeeves_> On fa0/1 and fa0/4
<\sh> switchport mode access
<\sh> Puts the interface (access port) into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. The interface becomes a nontrunk interface regardless of whether or not the neighboring interface is a trunk interface.
<\sh> http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_see/configuration/guide/swvlan.html#wp1200245
<\sh> table 12-14 Layer 2 interface modes
<Jinxed-> ok
<\sh> and I do think that cisco "switchport mode access" rules over "trunk"
<Jinxed-> I just got rid of all the config on f0/1
<\sh> Jinxed-: if you want to have a default vlan for untagged packages on a trunk port, you need to set switchport trunk native  vlan <native vlan id>
<RoyK> Jinxed-: your linux box is on fa0/4?
<Jinxed-> current setup: http://i.imgur.com/MJm6t.png
<Jinxed-> yeah
<RoyK> Jinxed-: ok, pastebin /etc/network/interfaces and 'sh run'
<\sh> Jinxed-: your config needs to be : interface fastethernet 0/1 \n switchport trunk allowed vlan 10
<\sh> e.g.
<EtienneG> hey guys!  libpam-ldap and libnss-ldap ... are they still being looked after by the server team?
<Jinxed-> \sh, by default with cisco all vlans are allowed on a trunk line
<EtienneG> I see zul triaged my bug earlier, just wondering who I should poke ...   /me whistle innocently
<zul> not me :)
<\sh> Jinxed-: yeah I see that
<Jinxed-> if I do that only vlan10 will be allowed, (not vlan 20, 30.. etc)
<AndyGraybeal> should i partition using GUID or MBR  (this is a raid array)
<zul> EtienneG: but yes I think they are still being maintained by us...you might want to poke mathiaz
<\sh> Jinxed-: anyways, it works here with the setup I gave you on the linux side
<Jinxed-> interfaces
<Jinxed-> http://paste.ubuntu.com/469453/
<\sh> Jinxed-: you don't need to bring up eth0
<\sh> via auto eth0
<Jinxed-> show run
<Jinxed-> http://paste.ubuntu.com/469455/
<RoyK> Jinxed-: what does 'ifconfig' say?
<Jinxed-> \sh,  ok taking it off
<Jinxed-> ifconfig
<Jinxed-> http://paste.ubuntu.com/469456/
<\sh> Jinxed-: and you loaded the kernel module 8021q
<\sh> Jinxed-: and installed the vlan package
<RoyK> \sh: shouldn't that be loaded automatically when configuring a vlan?
<EtienneG> zul, thanks zul.  Our friend mathiaz is offline :(
<Jinxed-> I did sudo modprobe 8021q
<Jinxed-> and installed the vlan package
<EtienneG> zul, but no harm, there is no rush
<RoyK> Jinxed-: can you ping anything now? overthe vlans?
<Jinxed-> no
<RoyK> Jinxed-: lsmod | grep 8021q
<Jinxed-> i can ping from the laptop to itself, and both vlans on the switch
<Jinxed-> but not the other laptop
<unit3> Hey all, can someone tell me where the apt mirror prevu uses is configured?
<Jinxed-> same for the other laptop
<\sh> RoyK: to be sure it's there I'm including it in /etc/modules all the time
<Jinxed-> 8021q                  22232  0
<Jinxed-> garp                    7689  1 8021q
<RoyK> ok
<RoyK> hm. config looks right
<RoyK> \sh: what do you think?
<Jinxed-> (also I have both firewalls off on the laptops)
<RoyK> is there a way to show vlans?
<Jinxed-> yeah
<RoyK> as in 'sh vlan' the linux way?
<Jinxed-> do you want me to show vlans on the switch?
<RoyK> \sh: any idea?
<RoyK> Jinxed-: just pastebin all config once more - it looks ok to me, but then, others may have input
<Jinxed-> ok
<Jinxed-> network interfaces: http://paste.ubuntu.com/469435/
<Jinxed-> computer hardware: http://paste.ubuntu.com/469434/
<Jinxed-> trunk port f0/4 info: http://paste.ubuntu.com/469446/
<Jinxed-> cisco show vlan: http://paste.ubuntu.com/469448/
<Jinxed-> /etc/network/interfaces: http://paste.ubuntu.com/469453/
<Jinxed-> cisco show run: http://paste.ubuntu.com/469455/
<RoyK> Jinxed-: Access Mode VLAN: 1 (default) on f0/4
<Jinxed-> ifconfig: http://paste.ubuntu.com/469456/
<RoyK> Jinxed-: what happens if you ifdown eth0? do all vlan devs go down?
<RoyK> or ifconfig eth0 down
<Jinxed-> all the vlans go down as in when i type ifconfig
<Jinxed-> they aren't there any more
<Jinxed-> cisco switch has link lights still
<RoyK> ok
<RoyK> just curious
<RoyK> probably not the right thing to do, then :)
<Jinxed-> ok, so I can ping from my laptop that is 10.1.10.11 to the vlan20 which is 10.1.20.1
<RoyK> Jinxed-: switchport trunk encapsulation dot1q
<RoyK> tried that?
<Jinxed-> sorry laptop was 10.1.20.11
<Jinxed-> not directly (not possible), but i double checked to make sure it was configured for 802.1q
<Jinxed-> ok, so i can ping from the laptop (10.1.20.11) to the vlan20 on ubuntulaptop (10.1.20.1), but I can't hit vlan30 (10.1.30.1) on the ubuntu laptop
<RoyK> Jinxed-: show version
<RoyK> on the cisco
<Jinxed-> so ubuntu isn't forwarding the packets
<RoyK> netstat -rn
<Jinxed-> Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
<RoyK> Jinxed-: ok, so from the trunk, you can ping machines at boths VLANs?
<Jinxed-> netstat: http://paste.ubuntu.com/469465/
<Jinxed-> yes
<Jinxed-> from ubuntu laptop i can ping both external laptops on vlan 20,30
<Jinxed-> i can also ping the ip addresses of both vlans on the cisco device
<RoyK> sysctl net.ipv4.ip_forward
<Jinxed-> net.ipv4.ip_forward = 1
<Jinxed-> so both the ubuntu laptop and switch can hit everything
<RoyK> check sysctl  -a | grep forwa
<RoyK> see if packets are forwarded at the device given
<RoyK> _mc is just multicast - normally not needed
<Jinxed-> looks like they are mostly forwarded
<RoyK> Jinxed-: also, if this is on a private net (rfc1918 addresses) you will ned NAT to reach the internet
<RoyK> or anything != RFC 1918
<Jinxed-> RoyK, i don't want to get online
<RoyK> !nat
<Jinxed-> (at least yet)
<RoyK> can you ping from the client to the server you're on?
<Jinxed-> not sure what you mean
<RoyK> explain where ping works and where it doesn't work
<Jinxed-> From the external laptops (vlan 20/30) I can ping itself, and BOTH vlan on the switch, and the associated vlan on the ubuntu-laptop(server)
<inveratulo> I am having a problem getting the /etc/init.d/apache2 script to recognize my User= and Group= directive within my apache2.conf, so the web server continues to run as root, which is certainly not what i want.  am I overlooking something?
<Jinxed-> RoyK, so in this picture
<RoyK> Jinxed-: and I guess you can ping the 'external' laptop from those other ones?
<RoyK> inveratulo: the initial apache server will always run as root
<RoyK> inveratulo: without that, it can't open port 80
<RoyK> inveratulo: but then, all child processes are changed to the apache user
<inveratulo> RoyK: that's fine, but the damon should fork right
<Jinxed-> Laptop 1 can ping: switch (10.1.20.254, 10.1.30.254), Ubuntu-lap vlan20(10.1.20.1). It CANT ping 10.1.30.1 or 10.1.30.11
<Jinxed-> The switch/ubuntup laptop can ping everything
<RoyK> Jinxed-: then what is it the other laptops can't ping?
<Jinxed-> laptop 2 (10.1.30.11) CAN'T ping 10.1.20.11 or 10.1.20.1
<Jinxed-> so the same things
<RoyK> and how is the routing table on laptop 2?
<Jinxed-> how do i display that
<RoyK> netstat -rn
<Jinxed-> eh ok?
<Jinxed-> i can't copy/paste the laptops aren't online
<RoyK> well, is that linux box their default router/gateway?
<RoyK> or do they have static routes to the other networks they want to access?
<RoyK> or is RIP or OSPF enabled somewhere?
<RoyK> Jinxed-: any box on IP will try to reach its networks through its default gateway - if the gateway doesn't know the network, it'll send back an ICMP network unreachable
<Jinxed-> i just made the vlan they were connected to on the switch their default gateway
<RoyK> is the linux box their default gateway or the switch?
<RoyK> the switch is a layer two switch, not a router
<Jinxed-> WWWWWWWWWWWWWWWWWWOOOOOOOOOOOOOOOOOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHHH
<Jinxed-> works!
<Jinxed-> you sparked a thought
<Jinxed-> i just changed the laptops default gateway to the interfaces on the ubuntu laptop instead of the switch
<RoyK> Jinxed-: http://en.wikipedia.org/wiki/OSI_protocol
<RoyK> start there
<RoyK> a switch works at layer two, not three
<Jinxed-> haha
<RoyK> that is, unless you have a L3 switch, which costs a wee bit more
<Jinxed-> not this one, although i do have some
<Jinxed-> that i could have used
<Jinxed-> this was pure l2
<Jinxed-> now to try to stream videos
<Jinxed-> with xbmc
<Jinxed-> :)
<Jinxed-> thank you thank you thank you
<RoyK> multicast? or unicast?
<Jinxed-> RoyK, /sh, and Jeeves_  and everyone who helped
<Jinxed-> I want to set it up so the laptops(1 and 2) could request a video from the ubuntu laptop
<Jinxed-> and stream it
<RoyK> well
<RoyK> multicast or unicast?
<Jinxed-> well its requested, so it would be unicast
<RoyK> ok
<RoyK> if doing multicast, check the IGMP settings
<RoyK> AFAIK most switches come with IGMP disabled
<Jinxed-> multicast would  be like if I decided on the ubuntu laptop that i was going to stream
<Jinxed-> video
<Jinxed-> and started a multicast stream
<RoyK> multicast is used if streaming live video on a LAN
<RoyK> for VoD, unicast is what you'd use
<RoyK> for live video for < 10 machines, unicast will do ok
<Jinxed-> RoyK, have you ever done VoD
<RoyK> large-scale, yes
<Jinxed-> Noice
<RoyK> 100 concurrent views
<Jinxed-> nice*
<Jinxed-> how do you do that
<RoyK> from a couple of cheap boxes with some cheap ATA drives
<Jinxed-> what software did you use for the vod part
<RoyK> we wrote a video streaming server on top of Linux RAID-0 (with sufficient servers for failover)
<RoyK> just make the chunk size large enough so that the disks won't spend time seeking
<Jinxed-> you wrote a video streaming server?
<RoyK> you can do it with RAID-5 too if you want to - just keep lots of processes reading and have sufficient memory for the read-ahead - linux can do most of this alone
<RoyK> yeah
<Jinxed-> I was thinking about trying to use ssd with xbmc
<Jinxed-> I would be very interested in your work
<Jinxed-> sounds very similar to what I want to do
<RoyK> Jinxed-: it's simple - the problem with VoD is concurrency - lots of clients wanting to read at different places on different drives.
<Jinxed-> i take it ssd would help, but not solve the problem?
<RoyK> the solution to this is to have enough memory to use LARGE chunk sizes for Linux software RAID, and clients that can fail over to another server if the one they're on fails, which of course implies a good buffer on the client side
<RoyK> forget about the SSD
<RoyK> we wrote a system on which we had four cheap servers with some (at the time) large ATA drives in Linux software RAID-0
<RoyK> chunk size 1MB, meaning mostly no seeking, mostly just reading linearly
<RoyK> the software was simple, an HTTP server
<RoyK> we tried with Apache but got hung up with memory issues, probably fixed by now (this was around 2003)
<RoyK> anyway - with a cheap box with four 120GB drives, we could sustain >80 clients, each watching a movie with a bandwidth of 4Mbps
<Jinxed-> so then you also had file sharing capabilities?
<RoyK> we tried at the (current) Compaq lab, and with a truckload of fast SCSI drives, we could do about 100 concurrent reads
<RoyK> that wans't in the picture
<Jinxed-> nice
<Jinxed-> hmm
<Jinxed-> I want to do vod
<Jinxed-> file sharing
<Jinxed-> and eventually play with asterisk
<Jinxed-> in that order
<RoyK> just sit down and do some calculation - with today's SATA drives, you get something like 100-120 IOPS
<RoyK> meaning I/O operations per second
<RoyK> the problem is seeking
<RoyK> so if you read a LOT before seeking, even $120 2TB drives are blazingly fast
<RoyK> we just had 120gig drives back then, today it'll be far faster
<Jinxed-> would ssd eliminate seek time
<RoyK> but then, you'll want a client that can read an XML file with a randomized list of available servers from which to fetch the video
<Jinxed-> random access - no seek motion
<RoyK> sure, but SSDs cost a LOT
<Jinxed-> yeah
<RoyK> perhaps ZFS with SSDs in front will help
<RoyK> well, it will help
<RoyK> I have a couple of 50TB setups on ZFS on opensolaris with SSD caching and they perform better than we need them to
<Jinxed-> haha, i think that is larger than what i need for space
<RoyK> well, to cut it short - most filesystems aren't made for streaming
<RoyK> that's why we did this, seven years ago
<RoyK> if you want to push the limits, go low
<Jinxed-> Do you see any major disadvantages to using
<RoyK> if not, use ZFS, it'll work well
<Jinxed-> xbmc
<Jinxed-> or some other software that is designed to stream videos?
<RoyK> I don't know that product
<Jinxed-> xbox media center
<RoyK> IMHO it's not the streaming software that's the problem, but the filesystem and/or storing architecture
<giovani> xbmc is just a gui wrapped around mplayer -- it doesn't usually do "streaming"
<RoyK> Linux doesn't have anything that can compare with ZFS
<Jinxed-> it was originally developed for xbox, it now is a cross platform system that has the ability to do vod afaik
<giovani> btrfs will be there some day
<RoyK> giovani: some day, yes, I've been following the progress for more than a year, but it still doesn't have anything like raidz
<RoyK> giovani: and no SSD caching
<RoyK> Jinxed-: how much data will you be serving?
<giovani> RoyK: absolutely -- and ZFS didn't appear out of nowhere -- give it time :)
<RoyK> giovani: sure, I'll give it time, but meanwhile I'll stick with ZFS
<giovani> are you running it on Solaris, or FreeBSD?
<Jinxed-> Well right now, not too much experimenting to try to get it to work
<RoyK> giovani: opensolaris
<Jinxed-> i don't even understand what zfs is
<RoyK> Jinxed-: how much? 1TB 10TB?
<RoyK> Jinxed-: http://hub.opensolaris.org/bin/download/Community+Group+zfs/docs/zfslast.pdf
<Jinxed-> you mean the overall size of the video
<RoyK> Jinxed-: scan through that presentation
<Jinxed-> the videos that would reside on the server
<Jinxed-> or the overall amount of data going out at one time
<RoyK> Jinxed-: data size - the total
<Jinxed-> 1 tb would be much closer
<Jinxed-> maybe 300-600 gb
<RoyK> you can do that on any system, really
<Jinxed-> down the road, possibly more
<Jinxed-> I would like to make it so I could add on if I wanted to
<RoyK> how many concurrent clients?
<Jinxed-> 1-50
<Jinxed-> most likely about 4
<RoyK> any system will handle that
<RoyK> anyway
<Jinxed-> :/
<RoyK> [21:12]  <RoyK> Jinxed-: http://hub.opensolaris.org/bin/download/Community+Group+zfs/docs/zfslast.pdf
<RoyK> read that, and you'll understand a few new things about storage
<inveratulo> I am having a problem getting the /etc/init.d/apache2 script to recognize my User and Group directive within my apache2.conf, so the web server continues to run as root, which is certainly not what i want.
<Jinxed-> RoyK, looks very interesting, i don't think I have ennough background to fully appreciate it though. Im new to the whole server thing
<Jinxed---> downloading/printing/googline
<Jinxed---> googling*
<Jinxed-> RoyK, what do the additional server components of ubuntu get you if you install them?
<uvirtbot> New bug: #609743 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/609743
<Jinxed-> RoyK, so I restarted and now when i do ifconfi
<Jinxed-> ifconfig
<Jinxed-> i don't see anything
<Jinxed-> how do i get everything back up and running
<Jinxed-> ?
<ssureshot> whats jot running jinxed
<Jinxed-> ssureshot, so I had vlan trunking working earlier
<Jinxed-> i have vlan20,30 etc set up in the /etc/network/interface
<Jinxed-> but it doesn't show up when i do ifconfig
<Jinxed-> infact eth0 seems not to be working at all
<hggdh> yo Daviey, still awake ;-)
<hggdh> ?
<Daviey> hggdh, sadly :)
<RoyK> Jinxed-: is the 8021q module loaded?
<hggdh> Daviey: I figured so... I see groovy errors in the cloud-debug.log
<Daviey> hggdh, Interesting.... can you pastebin?
<hggdh> Daviey: just a sec
<Daviey> hggdh, Ok.. i'm not fully here.. just passing - but i will read it! :)
<hggdh> Daviey: I frankly do no texpect you to be fully awake at this hour ;-) http://pastebin.ubuntu.com/469518/
<ccheney> Daviey, do you have problems with recent iso having syslinux crash due to low dos memory?
<ccheney> Daviey, er well the syslinux on recent iso when used with pxe crashes for me i meant to say
<RoyK>  22:58:15 up 3 days,  7:57,  2 users,  load average: 24.26, 24.20, 24.12
<Daviey> hggdh: Ahh.. i think i know what has caused that groovy issue.. it's an upstream bug if my prediction is correct.
<Daviey> (introduced by refactoring)
<Daviey> ccheney: Interesting... not seen that yet
<ccheney> Daviey, ok
<Daviey> will experiment tommorrow
<jpds> RoyK: Nice.
<RoyK> all 24 cores running stably
<RoyK> close to no system time or wio
<Daviey> RoyK: My record to date (obtained over ssh) http://daviey.mooo.com/wp-content/uploads/2007/10/top.png
<RoyK> Daviey: http://karlsbakk.net/top-24.png
<Daviey> niiiice
<RoyK> we have another 16 core working on that too
<RoyK> EyjafjallajÃ¶kull ash movement inversions
<hggdh> ccheney: which package is implementing your uec provisioning?
<ccheney> hggdh, uec-provisioning-*
<hggdh> heh
<hggdh> ccheney: already in Maverick?
<ccheney> yes
<hggdh> k, thanks
<lwizardl> hey is it possable to setup email accounts to auto cc/bcc to another address ? I want the emails to stay in the correct box but I would like to have it also sent to the main email of the person in charge of that so if that person leaves we still have all the old emails
<lox_> Hi guys
<lox_> I have an emergency here
<ivoks> lwizardl: always_bcc?
<lwizardl> yeah I want it to always do it
<lox_> I add to change sda in a raid1 array, so I hot removed it with mdadm, shutdown, chnaged the disk
<lox_> buit it won' boot on sdba
<lox_> sdb
<lox_> I only get a blinking cursor
<lox_> I had a look to sdb using live cd and boot flag is correctly set on the boot partition (sdb1)
<ivoks> lox_: wait for it
<ivoks> lox_: it will bring up busybox
<lox_> is it supposed to be so long ?
<ivoks> couple of minutes
<ivoks> i think it's 5
<lox_> Ok so I wait more ....
<unit3> Just a ping on my previous question, can someone tell me where the apt mirror prevu uses is configured?
<lox_> ivoks, thks
<lwizardl> ivoks, basically I am hosting a site for a convention and the staff members tend to be replaced. example if sam is incharge of costumes and advertising, I would like to have costumes@ & advertisment@ bcc a copy of all emails sent to those emails be sent to her main address but also keep a copy of those in there original email box also. so if she quits we don't have her personal emails mixed in with the convention emails
<ivoks> always_bcc is for all mails sent and received
<ivoks> so, i guess that's not an option
<ivoks> you could setup procmail as a delivery agent
<ivoks> and have /etc/procmailrc
<lwizardl> ivoks, because we originally thought about just forwarding but then they don't stay in the main boxes
<ivoks> they can
<ivoks> you can forward a copy
<ivoks> easiest thing to do would be with /etc/aliases
<ivoks> for example, if you have user steve getting the mail
<ivoks> and you want forward a copy to mark@gmail.com
<ivoks> you would add:
<ivoks> steve: steve mark@gmail.com
<ivoks> to /etc/aliases
<lwizardl> ok
<ivoks> if you use postfix
<lwizardl> I thought that it would never reach a box for the other emails and just push the mails to the new location
<ivoks> i'm not sure with other mtas
<lox_> ivoks, the cursor has been blinking for ten minutes, still nothing else
<unit3> Oh, I've figured it out. /usr/bin/prevu-init is hardcoded to override the mirror in my /etc/pbuilderrc with archive.ubuntu.com. That's terrible.
<unit3> Guess I'll file a bug report shortly.
<ivoks> lox_: alt+f1, alt+f6?
<lox_> ivoks, no go ...
<lox_> ivoks, I had replace sdb the same way with no problem
<lox_> ivoks, is the blinking cursor from grub ?
<ivoks> did you see grub menu?
<hggdh> ccheney: this is really something, it seems euca-* commands output changed on 2.0
<hggdh> ccheney: and I am getting 100% failure now :-(
<AndyGraybeal> okay, i made a raid array with mdadm; i'm trying to get LVM on it.  i do a: "pvcreate /dev/md0" and it returns: "Device /dev/md0 not found (or ignored by filtering)"  i checked "ls -l /dev/md0" and it's there.  it's my raid array.  has anyone run into this before?  am i doing something wrong?
<ivoks> AndyGraybeal: check /etc/lvm/lvm.conf, search for 'filter'
<Daviey> hggdh: Hmm.. something seems inconsistent - i had that stage last week... left it, and it worked again.
<AndyGraybeal> ivoks: it says: filter = [ "a/.*/" ]
<ivoks> if that's the only filter, then it's not filter at all :D
<AndyGraybeal> ivoks, then that' sthe filter - do yoiu know what might be happening?
<ivoks> no idea
<hggdh> Daviey: this is really not kosher
<AndyGraybeal> okay thank you ivoks.
<ivoks>  /proc/mdstat
<ivoks> is that ok?
<hggdh> Daviey: my euca-run-instances stay in pending for a while, then go to tesminated
<Daviey> hggdh: *sigh*, that *was* working
<Daviey> hggdh: Feel free to keep prodding, can you email me your findings?  I'm going afk now :(
<hggdh> Daviey: I am opening bugs on all I find ;-)
<Daviey> rocking!
<hggdh> we will chat tomorrow, go hit the bed, don't go my way last week ;-)
<lox_> ivoks, no grub menu appeared
<ivoks> lox_: then it doesn't boot from disk at all?
<AndyGraybeal> ivoks: i decided i run the installer again before you wrote that, sory
<ivoks> haha
<AndyGraybeal> ivoks: the installer says the same thing about /dev/md0 ... even after i deleted and recreated the array
<ivoks> so, in previous life, you were a windows sysadmin? :)
<AndyGraybeal> ivoks, yes, yes, 10 yrs ago.
<AndyGraybeal> i'm still fumbling with this linux.
<AndyGraybeal> ivoks, i'll take your queues next time though, sorry.
<ivoks> you would have erase superblock before creating new md
<AndyGraybeal> anyway - my goal is to end up with 1 80gb boot drive with linux on it and one raid array with 4 disks, 320 each.
<hggdh> Daviey: apparmour, it seems
<AndyGraybeal> ivoks: okay - i don't know what really that means, erase the superblock, does that require a reboot?
<ivoks> there's nothing on the disks?
<Daviey> hggdh: Not suprised by that - it's bitten us a few times
<AndyGraybeal> ivoks, no there's nothing on the disks.. i'm just starting from scratch.
<AndyGraybeal> i got all my data backed up safely
<ivoks> AndyGraybeal: and you are in the installer?
<hggdh> Daviey: yes... for the record, bug 610265
<uvirtbot> Launchpad bug 610265 in eucalyptus "cannot successfully start an instance" [Undecided,New] https://launchpad.net/bugs/610265
<AndyGraybeal> ivoks: yes, it's unpacking softwares as we speak, i can restart it if you recommend.
<ivoks> AndyGraybeal: er... didn't you just said that it doesn't work?
<AndyGraybeal> i'm very confused and scared a bit by this whole manual partitioning.  i've been doing this for 10 years, but that doesn't mean i'm nearly anywhere good at it.
<ivoks> oh, you have one partition just for /
<ivoks> one disk
<AndyGraybeal> ivoks, the plan is one disk holds all of linux and assorted softwares; but the raid array holds /home and /srv (and data for my business)
<ivoks> ok
<ivoks> then finish installation
<AndyGraybeal> sory for the confusion and run around.  i feel like i'm never going to get good at this ... in 10 yrs.. it's been longer than tear years honestly; but we won't get into that.
<AndyGraybeal> i gave up a high paying job with windows to take the time to really learn linux.. and here i am :)  still learning.
<AndyGraybeal> but it's good, it's in a real business setting.
<AndyGraybeal> i feel more in control that's for sure.
<ivoks> what ubuntu is that?
<ivoks> which version
<AndyGraybeal> it's 10.04 server
<AndyGraybeal> 64bit
<ivoks> ok
<AndyGraybeal> okay, it's still moving, i'm going to get a bite to eat; brb
#ubuntu-server 2010-07-27
<ivoks> it's 1am here, you know :)
<AndyGraybeal> ah sorry, you'll be sleeping soon.
<AndyGraybeal> well, don't wait on me. i'll figure it one way or another.  i'll be here tomorow as well.. i need to get this done this week.
<ivoks> run pvcreate with -vvv
<AndyGraybeal> ok
<ivoks> it might give you a clue what's going on
<AndyGraybeal> thank you for the insight.
<ivoks> you've already created md0?
<AndyGraybeal> yes, it should be there.. i just deleted and recreated it in the installer
<AndyGraybeal> when i used the installer to set the LVM on it - it said the same thing in the command line (couldn't find /dev/md0 or it was filterd)
<ivoks> run pvcreate with -vvv
<AndyGraybeal> i'm not there yet, but when i get there, i will.
<webPragmatist> hey guys i am having issues with cron.d not workingâ¦. i have */5 * * * * www-data php -q /var/www/mydomain.com/tickets/public/api/cron.php
<AndyGraybeal> rebooting now
<webPragmatist> it doesn't seem to run
<ivoks> webPragmatist: use full path to php
<ivoks> and check /var/log/syslog
<webPragmatist> ivoks: okay thanks
<webPragmatist> oh i get Error: bad username;
<AndyGraybeal> mdadm -D /dev/md0 .. currently says it's rebuilding (38% complete)
<ivoks> AndyGraybeal: that could be a reason why it isn't working
<AndyGraybeal> okay, i'll wait for it to build.
<ivoks> try pvcreate anyway
<AndyGraybeal> oh idid..it says the same thing; and -vvv is lots of data, how do i redirect it into a file?
<AndyGraybeal> oh on boot up i noticed an error cannot find /dev/null ... i was like.. that sounds bad!
<AndyGraybeal> but it's there.. so i odn't know
<ivoks> 10 years and you still don't know how to redirect stdout?
<ivoks> bad windows sysadmin :)
<AndyGraybeal> well i tohught it was like > filename
<ivoks> 1> name_of_the_file 2>&1
<AndyGraybeal> k i've never seen that before, thank you.
<AndyGraybeal> here's the pastie: http://pastie.org/1061328 .. there's a lot more devices it lists.. but i figure you'd get the drift from here - i think this is the meat of the matter.
<AndyGraybeal> it says partition table signature found, skipping.  is that the problem?
<ivoks> yes, it is
<AndyGraybeal> is that resolved with parted?
<ivoks> mdadm --stop /dev/md0
<ivoks> what disks/partitions are in /dev/md0?
<ivoks> which
<AndyGraybeal> i'm not sure, how do i find out?
<AndyGraybeal> i thought i removed all the partitions.
<AndyGraybeal> i thought i actually re-created the whole array when i re-installed.
<AndyGraybeal> i mean, i remember going through the motions atleast.
<AndyGraybeal> fdisk -l doesn't show anything
<ivoks> dmesg | grep '320 GB'
<AndyGraybeal> but maybe tha'ts cause i --stoped it
<ivoks> did you run what i said?
<AndyGraybeal> http://pastie.org/1061336 <--- yes
<AndyGraybeal> yes, sorry it took me a second
<ivoks> so, it'd sdb->sde
<ivoks> fdisk -l /dev/sdb
<ivoks> fdisk -l /dev/sdc
<ivoks> fdisk -l /dev/sdd
<ivoks> fdisk -l /dev/sde
<ivoks> check if there are any partitions on those disks
<ivoks> if there are, delete them
<AndyGraybeal> okay
<AndyGraybeal> it looks like the block size is different in both those pasties, the last one is 512bytes, and the first one is 4096bytes (i don't know if this has anything to do with it)  i'm going to do the fdisk -l now.
<AndyGraybeal> they all have: Linux raid autodetect as the "System"
<ivoks> paste output of one of those disks
<AndyGraybeal> k
<AndyGraybeal> http://pastie.org/1061344
<ivoks> delete those partitions
<ivoks> or
<ivoks> wait, don't
<AndyGraybeal> k, yea, i htink i need them for the RAID
<ivoks> not really, but anyway
<AndyGraybeal> okay, yea, i have no idea.
<ivoks> mdadm --zero-superblock /dev/sdb
<ivoks> mdadm --zero-superblock /dev/sdc
<ivoks> mdadm --zero-superblock /dev/sdd
<ivoks> mdadm --zero-superblock /dev/sde
<AndyGraybeal> ok
<AndyGraybeal> oh maye i need to turn md back on?
<AndyGraybeal> mdadm: Unrecognised md component device - /dev/sdb
<ivoks> did you stop the array?
<AndyGraybeal> you had asked me to, i haven't startd it back up yet
<ivoks> ok
<ivoks> try with sdb1
<AndyGraybeal> should i start the array?
<AndyGraybeal> oh sdb1 nm
<AndyGraybeal> worked
<AndyGraybeal> i'll keep going
<ivoks> right
<AndyGraybeal> k, all done
<AndyGraybeal> should i try pvcreate now?
<AndyGraybeal> er i guess i should start the array, but i'll wait for further notice.
<ivoks> mdadm -A /dev/md0
<ivoks> then pvcreate
<AndyGraybeal> k
<AndyGraybeal> after: mdadm -A /dev/md0 .. it says: mdadm: no devices found for /dev/md0
<AndyGraybeal> gah!
<ivoks> mdadm -A --scan
<ivoks> lol, i'm stupid :)
<AndyGraybeal> same answer
<ivoks> you've cleand the superblock
<ivoks> of course it won't work
<AndyGraybeal> okay.
<AndyGraybeal> so recreate the array?
<lox_> ivoks, sorry had an appointment, donno if it boots from the disk in fact because the grub screen never shows
<ivoks> mdadm --build /dev/md0 --level=5 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1
<AndyGraybeal> ah --level=10 for me
<zul> ivoks: heya...dovecot 2.0 is suppose to be out in a couple of days...whadayathink?
<AndyGraybeal> unless you think level=5 is better
<lox_> ivoks, I even went in the bios to tell it to boot from second hard drive
<ivoks> lox_: did you replace the disk with boot partition?
<ivoks> zul: i was a bit off for some time; i have to catch up with what's new
<lox_> ivoks, yes it has a boot partition with bot flag (the boot is in the raid1 too)
<lox_> And I already copied the parytition table of sdb to the new sda
<ivoks> AndyGraybeal: i was under impression that you are building raid5
<AndyGraybeal> raid10, and it says to use 'create' instead of 'build'
<ivoks> right, create
<AndyGraybeal> go ahead with that, otherwise, i'll take your recommendations.
<zul> ivoks: okies...i was tempted to
<ivoks> zul: we might :)
<ivoks> zul: give my just some time to examine everything
<AndyGraybeal> ivoks, everything is checking out; should i wait for rebuild or should i just go ahead and try pvcreate
<AndyGraybeal> ?
<zul> ivoks: no problem
<ivoks> AndyGraybeal: do pvcreate
<AndyGraybeal> ivoks: same response: /dev/md0 not found or ignored by filtering; .. the -vvv returns the same; partition table signature found, and fdisk -l reports the same: Linux raid autodetect.
<ivoks> time to hit the bead...
<ivoks> bed
<AndyGraybeal> alright, thank you for your help ivoks.
<ivoks> AndyGraybeal: then just wait for it to build
<AndyGraybeal> okay thank you
<ivoks> never did md level 10
<AndyGraybeal> okay; i don't know what to think about it in comparison with 5
<ivoks> paste output of cat /proc/mdstat
<AndyGraybeal> i used to do 5 with evering
<AndyGraybeal> http://pastie.org/1061358
<Jinxed-> What would be a good way to do a VoD/File Server/Voip System
<Jinxed-> I was originally going to use xbmc for VoD
<ivoks> AndyGraybeal: wait for it :)
<ivoks> good night
<Jinxed-> but then I just went with simple file sharing
<AndyGraybeal> ivoks: thank you
<Jinxed-> for VoD and file server
<Jinxed-> but I feel like that is a very poor solution
<AndyGraybeal> Jinxed-: what is VoD ?
<Jinxed-> AndyGraybeal, Video On Demand
<Jinxed-> basically to allow for streaming video
<AndyGraybeal> aah ok, thank you
<Jinxed-> aka I don't want to broadcast, I want to allow remote users to request a stream
<Jinxed-> Any suggestions?
<AndyGraybeal> well, your aware of asterisk for voip, i'm sure.  i've set that up before and got it to work.. so if i can do it, it must be fairly straight forward.
<Jinxed-> haha
<Jinxed-> yeah I was planning on using asterisk
<AndyGraybeal> i shouldn't be allowed to answer questions though, they should keep me in a cage and ask the on-lookers not to feed me.
<Jinxed-> i was even tempted to try * with vmware so I could use AsteriskNow
<AndyGraybeal> fileserver, i guess would be samba or nfs if your all *nix
<AndyGraybeal> i would use asterisk straight up, it's fairly easy.
<AndyGraybeal> the guys in the channel are pretty nice too
<AndyGraybeal> #asterisk that is
<Jinxed-> they told me to use AsteriskNow
<Jinxed-> but yeah I would be willing to try Asterisk with ubuntu
<AndyGraybeal> asterisknow is linux, vmware is not needed correct?  i would us KVM and not vmware, but i'm sure that could be a holy war in a bottle.
<Jinxed-> someone mentioned trying to use zfs
<AndyGraybeal> zfs is more for bsd, but i'm sure someone here can answer better than myself.
<Jinxed-> haha, i actually was going to use virtualbox
<Jinxed-> for virtualization
<Jinxed-> so I could just basically have the two OS
<AndyGraybeal> i wouldn't run any server program in virtualbox; i would stick with kvm, but like i said, i shouldn't be answering questions.
<Jinxed-> haha
<Jinxed-> alright
<AndyGraybeal> you should wait for osmeone else to respond before you listen to me, seriously
<Jinxed-> It seems like simple file sharing (right click share folder) is a poor system
<lox_> ivoks, so, no idea why it won't boot from sdb ?
<AndyGraybeal> lox_: ivoks went ot sleepytime
<lox_> AndyGraybeal, oh, ok ... Can you help me with my raid problem ?
<AndyGraybeal> lox, no no no bro.. i'm trying to strangle myself with mdadm as we speak.
<Jinxed-> AndyGraybeal, so what server features should I install on top of the regular desktop installation
<AndyGraybeal> Jinxed-: i would do the opposite, install server, then install ubuntu-desktop ontop of that.  but you'd probably want atleast openssh-server, you'd need the KVM stuff for virtualization if that's where you wanted to go.
<AndyGraybeal> Jinxed-: i run samba for fileserver but only because i got to run some windows boxes.. i'd probably do NFS otherwise... i've never touched ZFS, so i can't tell you what about that.
<AndyGraybeal> my finance ladies won't learn openoffice and i swear my hair falls out when i run MS Office in wine... so windows boxes it is (even if they are KVM'd)
<Jinxed-> ha, well currently i just have ubuntu desktop
<AndyGraybeal> my whole group is fine wiht openoffice accept the finance ladies.. makes me angry, they gang together.. saying that the calc, now called spreadsheet or something is too different and they don't want to learn something different.
<Jinxed-> i don't have any server features (except for vlan and samba installed)
<AndyGraybeal> sudo apt-get install openssh-server ... atlest.
<AndyGraybeal> you should read about KVM and libvirt; ubuntu has nice docs!
<Jinxed-> you happen do be able to donate a link?
<AndyGraybeal> i use kvm with libvirt, i like 'virsh' the command line that controls the virtual machines.
<Jinxed-> :p
<AndyGraybeal> yea hold
<AndyGraybeal> https://help.ubuntu.com/community/KVM
<AndyGraybeal> there is also #ubuntu-virt and they are huge help
<AndyGraybeal> and #kvm and #libvirt if i recall correctly
<AndyGraybeal> lox_: i'm building my array as we speak, 38% done.
<beefstake> Heya. :)
<AndyGraybeal> hi beefstake :)
<lox_> AndyGraybeal, can i rebuild my array from livecd ?
<beefstake> lox_: if it's a mdadm raid array then you should able able to yep.
<lox_> beefstake, hi, yes it is
<beefstake> Mhmm yep you should be fine.
<lox_> beefstake, I needed to replace sda and do removed it from the array, shutdown, replaced disk and it won't boot from sdb
<beefstake> RAID 1 yep?
<lox_> yes
<beefstake> Did you have the md device set as the boot device or one of the raid members?
<lox_> beefstake, yes
<lox_> a boot partition in raid1 and a / partition on raid1 too
<beefstake> Ahh kk yep.
<lox_> beefstake, but won't boot from sdb and I am stuck there
<beefstake> lox_: What you need to to then is boot up the live cd
<beefstake> Then force assemble the array.
<lox_> beefstake, done
<lox_> how ?
<lox_> http://gist.github.com/491501
<beefstake> Ahh like sdX5 are the / partitions?
<lox_> yes, what is wrong with it ?
<beefstake> Well you need to do both anways
<beefstake> So you do it like this:
<beefstake> Hmm wait, have you recreated the partitions on sda yet?
<lox_> yes
<lox_> using sfdisk
<beefstake> Kk cool.
<beefstake> mdadm --assemble --force /dev/md0 /dev/sda5 /dev/sb5
<lox_> http://gist.github.com/491506
<beefstake> Should complain about not having a superblock.
<lox_> true
<lox_> mdadm: no recogniseable superblock on /dev/sda5
<lox_> mdadm: /dev/sda5 has no superblock - assembly aborted
<beefstake> Yep k.
<beefstake> mdadm --assemble --force /dev/md0 /dev/sb5
<beefstake> We will add sdb in just a sec.
<beefstake> mdadm --re-add /dev/md0 /dev/sda5
<beefstake> Try those 2
<lox_> $ sudo mdadm --assemble --force /dev/md0 /dev/sdb5
<lox_> mdadm: cannot open device /dev/sdb5: Device or resource busy
<lox_> mdadm: /dev/sdb5 has no superblock - assembly aborted
<lox_> sudo mdadm --re-add /dev/md0 /dev/sda5
<lox_> mdadm: cannot get array info for /dev/md0
<beefstake> Wait, what.
<beefstake> Which is the drive that didn't fail?
<lox_> sdb
<beefstake> That can't be right..
<lox_> I hotremoved sda, shutdown and replaced it, then rebooted
<beefstake> Hmm.
<lox_> Has it won't boot, I loaded live cd and copied partitions to sda
<beefstake> yeah.
<lox_> cta /proc/mdsat gives nothing from livecd
<beefstake> The issue here is that sdb is reporting that it doesn't have a raid super block.
<AndyGraybeal> what did you use to copy partitions? dd?
<beefstake> Yeah because no mds are running.
<lox_> no sfdisk
<AndyGraybeal> lox_: aah.. *googles
<beefstake> Nah you shouldn't dd them, you should only copy acroos the partition layout with sfdisk.
<lox_> This is what I have done
<beefstake> mdadm should resync the disks once you readd them to the array.
<lox_> I used sfdisk and copied only the layout
<beefstake> The issue here is that sdb is saying it doesn't have a superblock...
<lox_> it worked yesterday, I used exactly same process to replace sda (and of cource I waitied resync to finish)
<lox_> (needed to replace both because of SMART errors)7
<beefstake> Mhmm.
<lox_> But it booted on sda when removed sdb
<lox_> now it won't booton sdb, why ?
<lox_> Is that normal (from livecd):
<lox_> $ cat /dev/md0
<lox_> cat: /dev/md0: No such file or directory
<lox_> $ mdadm --detail /dev/md0
<lox_> mdadm: cannot open /dev/md0: No such file or directory
<lox_> is that normal ?
<lox_> beefstake, can I try mdadm --create /dev/md1 --level=1 --raid-devices=2 /dev/sdb5 /dev/sdb5 ?
<lox_> Or it may erase my data ?
<beefstake> Yeah don't use create.
<beefstake> Create is bad.
<lox_> beefstake, why don't I have /dev/md0 when I boot with the livecd ?
<AndyGraybeal> sounds scary lox_ do you have your data backed up?
<lox_> arf ... part of it
<AndyGraybeal> hopefully beefstake can help :)
<AndyGraybeal> i'm sure he can.
<AndyGraybeal> i'm on the edge of my seat hoping there is a good outcome.
<lox_> The array was working so nicely ...
<AndyGraybeal> how long?
<lox_> many month
<AndyGraybeal> nice
<lox_> sudo mdadm --assemble --scan
<lox_> mdadm: /dev/md0 has been started with 1 drive (out of 2).
<lox_> mdadm: no devices found for /dev/md1
<lox_> cat /proc/mdstat
<lox_> Personalities : [raid1]
<lox_> md0 : active raid1 sdb1[1]
<lox_>       476519872 blocks [2/1] [_U]
<lox_>       
<lox_> unused devices: <none>
<lox_> beefstake, ?
<AndyGraybeal> that means all your data is there, correct?
<lox_> I miss sdb5
<lox_> where all data is
<lox_> oh tru my data is here
<lox_> and boot is on it too
<AndyGraybeal> maybe back up now before things get worse
<lox_> so sdb5 could be swap
<lox_> AndyGraybeal, sure ;)
<AndyGraybeal> i hate living by a thread :)
<lox_> AndyGraybeal, should I use dd ?
<lox_> the fastest backup solution will be the best ;)
<AndyGraybeal> oh i have no idea, maybe that find and cpio or rsync to another drive just to be safe.
<AndyGraybeal> you should lisgtne to someone here, not me. i'm a newb
<AndyGraybeal> dd would be slow i assume.
<AndyGraybeal> you saw how ivok was scolding my ignorance :P
<lox_> ;)
<lox_> Backing up
<lox_> What is the best way to handle swap partitions in a raid1 array ? I have added the swap partition to the raid1 aray is it theway to do ?
<AndyGraybeal> what are you using to backup (curious)?
<lox_> rsync
<lox_> I could have used cp -a
<AndyGraybeal> i've been reading that cp -a isn't a good solution, that find and cpio is better, or rsync.
<AndyGraybeal> but i'm not sure honestly
<lox_> Basically rsync does what cp -a does with some feature like incremential backup
<lox_> http://www.mikerubel.org/computers/rsync_snapshots/#Rsync
<AndyGraybeal> okay
<lox_> AndyGraybeal, but for everyday use, I use rdiff backup
<AndyGraybeal> ah nice
<AndyGraybeal> yea, i just read now that rsync is a bad idea because of the overhead it might take while trying to 'sync' to a empty destination
<AndyGraybeal> so many variables :)
<lox_> rdiff backup only backs up diff changes between files, so I can backup every two hours with it
<lox_> I stil don't see why it is not booting from sdb alone, everything is there: grub, boot flag
<AndyGraybeal> okay, my problem is that i can't seem to build a LVM on top of a newly made array.  when i try 'pvcreate /dev/md0' it says: "Device /dev/md0 not found (or ignored by filtering)"  but that error is a little bogus because  when i do pvcreate -vvv /dev/md0, it says: "   /dev/md0: Skipping: Partition table signature found"  .. so this is where i am stuck.  i don't know what to do.  fdisk says this: http://pastie.org/1061462  ... 
<AndyGraybeal> if anyone can help me get rid of this GPT on my raid array, that might move me forward in creating an LVM on it.
<lox_> AndyGraybeal, sorry I dono LVM, never foudn a use to it ...
<AndyGraybeal> lox_: thank you for the response.  yea, i was going to give it a go, see how things worked out.
<lox_> What do u need lvmfor ?
<lowridah> an added layer of failure (in most cases)
<lox_> lowridah, that is whta I miss it seems, for me LVM is just usefull for resiing patitions
<AndyGraybeal> lox_: yea, i hear i can resize partitions on the fly too, that sounds nifty
<AndyGraybeal> lox_: i don't know, maybe it's another layer of confusion i don't need, but i was gonna give it a shot this time around.
<lox_> AndyGraybeal, a long time I have not used many parition for one system....
<AndyGraybeal> i want to have my /home and /srv as seperate partitions
<AndyGraybeal> i got 70 users and i don't know how things will go in the future, so we'll see.
<lox_> AndyGraybeal, what is /srv used for ? I only saw ebox using it until now ...
<pnunn> Guys.. I need some help with a EUC setup.  I've been pouring over the docs and found that I shouldn't be makeing edits to the network stuff in eucalyptus.local.conf but should be using eucalypts.conf (acconding to open.eucalyptus.com).. hovever, the changes I make there never seem to get into the local file and the local file takes precidence it seems.
<pnunn> Now... the local files has a big warning about not changing it directly.. so WHERE THE HELL DO YOU CHANGE THINGS???
<pnunn> I'm trying to setup some IP's that are public so I can see the machines from the outside
<AndyGraybeal> lox_: i'm gonna use it for all my users data.. aside from their /home (personal data) of course. my computer acts as a file server.. so that's where their shared files will go.
<AndyGraybeal> lox_: read .. file system hierarchy and it gives and explaination
<AndyGraybeal> lemme bring up the url
<AndyGraybeal> http://www.pathname.com/fhs/pub/fhs-2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM
<lox_> AndyGraybeal, thks for the link, bookmaking it
<AndyGraybeal> yea, i think i'm gonna head out -- i will get back on this in the AM here on EST.
<AndyGraybeal> lox, what is ebox?
<wizardslovak> hello people
<wizardslovak> jeez those f.... centos people are idiots
<beefstake> Lol
<beefstake> What did they do now?
<MTecknology> wizardslovak: I found a lot of them nice to talk to now and then
<wizardslovak> huh
<wizardslovak> ask question ?
<wizardslovak> bs
<wizardslovak> i did and none to help , just started bitching about how untechnically i am and how english is barrier to learn , wtf?
<beefstake> Lol.
<beefstake> Fail.
<beefstake> What did you need to know?
<beefstake> I use CentOS a fair bit.
<wizardslovak> damn sudoers file
<wizardslovak> but forget it , ill use ubuntu from now on
<lox_> beefstake, u have a few minutes?
<wizardslovak> also that ubuntu is as easy as windows , so no technicall people stop on debian , huh as i said idiots!!!
<beefstake> lox_: Yeah, you still having trouble with your raid?
<lox_> beefstake, mdadm --assemble --scan found my md0 aray but not the md1 (swap)
<lox_> I added sda to md0
<lox_> it syncs as I speak
<beefstake> lox_: Nice, you are home free then. :)
<lox_> But what about md1 (swap) can I start without it (still in livecd session)
<beefstake> That's fine, your system will boot without swap.
<lox_> ok
<lox_> now what do u think of my weird problem of not being able to boot on sdb ?
<lox_> md0 is in grub
<lox_> boot is in md0
<wizardslovak> always liked ubuntu people , so kind ;) thx whoever invented ubuntu
<lox_> it has grub in it
<andyltm> Anyone have IS C config and Ubutun 9.x and upgrade to 10.x and feel good? or were there issue or major problem
<lox_> and the boot flag is set on the partition
<beefstake> Mhmm..
<lox_> beefstake, I ask it because of what could happen if sda fails again ...
<beefstake> lox_: That shouldn't have been an issue though.
<beefstake> lox_: What should normally happen is you boot with the array in a "degraded state"
<beefstake> Meaning that a disk has failed.
<beefstake> Not big deal, it should just boot.
<beefstake> I think something went wrong when you were removing disks or something.
<qman__> beefstake, you have to grub-install to each disk you want to be bootable
<qman__> to the MBR
<beefstake> qman__: Ahh completely forgot to remind him of that.
<qman__> otherwise the BIOS loads the MBR of your other disk and doesn't find anything to load
<lox_> beefstake, thks bro, I hope it will boot after sync, I think the issue may be the bios ...
<beefstake> lox_: As qman__ said you need to do grub-install on each disk in the raid.
<beefstake> You will need to reinstall grub to the MBR of sda now you have replaced it.
<lox_> do I just do grub-install /dev/sdb1 ?
<lox_> from the livecd ?
<beefstake> You will probably have to mount it first but yep.
<qman__> pretty much
<qman__> I can't remember if there's more to it, but that's the idea
<wizardslovak> did anyone used ubuntu jetos?
<qman__> and no, it doesn't need to be mounted
<wizardslovak> i mean jeos
<beefstake> qman__: Yeah? How does grub-install determine the bios disk of /boot then? O.o
<lox_> sudo grub-install /dev/sdb1
<lox_> /usr/sbin/grub-probe: error: cannot find a device for /boot/grub (is /dev mounted?).
<lox_> No path or device is specified.
<lox_> I cannot mount sdb1 it is a raid partition
<qman__> oh yeah
<qman__> that won't work unless you're chrooted into your install
<beefstake> Hmm might have to do it by hand.
<qman__> what will work though
<qman__> is if you run grub, then set it up
<beefstake> Yep.
<qman__> and manually install to each disk
<lox_> but grub is only going to see md0. isn't it ?
<qman__> no
<qman__> quite the opposite, grub doesn't know about md0
<qman__> at least not at that stage
<qman__> grub sees your physical disks
<lox_> oh ok
<lox_> what about grub-install --root-directory=/mnt /dev/sdb ?
<lox_> with md0 mounted in /mnt ?
<qman__> no, that's wrong
<qman__> --root-directory is the root= parameter
<lox_> tur
<lox_> true
<beefstake> Nope.
<qman__> lox_, http://ubuntuforums.org/showthread.php?t=224351
<qman__> follow that first procedure
<beefstake> --root-directory is for installation of grub image files to /boot/grub
<wizardslovak> so n oone used it
<beefstake> Jeos? Nah I haven't.
<qman__> changing `setup (hd0)` for each disk you want
<wizardslovak> what software you need to setup ubuntu as media server?
<lox_> qman__, thks
<qman__> wizardslovak, that depends on what you mean by media server
<wizardslovak> NAS and able to play media in tv
<lox_> qman__, will it apply to grub2 too ?
<qman__> lox_, I'm not sure, grub2 is a whole different animal
<lox_> I run lucid so it it grub2 I think
<qman__> wizardslovak, do you just want to share the files and access them with an HTPC? or do you want to stream them like VLC?
<qman__> lox_, did you upgrade from hardy, or did you fresh install?
<wizardslovak> like vlc , i dont want to do it yet, just want to know huh
<lox_> this one was fresh as the upgrade killed my raid5
<qman__> wizardslovak, then the software you'd need is vlc-cli
<wizardslovak> thx gman ;)
<qman__> lox_, see method 3 here: https://help.ubuntu.com/community/Grub2#Reinstalling GRUB 2
<qman__> that's how you chroot into your install, and then grub-install will work
<lox_> qman__, but /dev/sdb1 won't mount, it is a raid partition
<qman__> lox_, you wouldn't mount sdb
<wizardslovak> ok people i am out good night ;)
<lox_> md0 already mounted
<qman__> under 4. mount your system partition, you mount where your / is
<qman__> so /dev/md0, /dev/md1, whatever it is
<qman__> same goes for boot partition, where /boot is located if it's separate
<lox_> qman__, so at point 9 I do grub-install /dev/md0 ?
<qman__> lox_, no
<qman__> you do grub-install /dev/sda
<qman__> then sdb, then sdc, and so on
<qman__> for each disk you want to be bootable
<lox_> done !
<lox_> You saved my day, I wish I had u on talk earlier ;)
<qman__> now it should be able to boot your system from any of the disks
<lox_> qman__, I wait the sync to finish and I will reboot
<lox_> qman__, the the step I miss when chnaging a HDD in an array is to reinstall grub once booted back with working raid
<lox_> qman__, I shoudl have issue sudo grub-install /dev/sdb after changing sdb and I would have not had that mess ....
<qman__> yeah, hopefully grub2 is a bit smarter than grub1 and can deal with a change in boot order
<twb> qman__: IME, no
<twb> extlinux can
<qman__> with grub1, you had to not only install to each disk, but also change the config based on which one you were installing
<lox_> qman__,  I followed that guide: http://www.howtoforge.com/replacing_hard_disks_in_a_raid1_array
<lox_> nothing about grub in that damn guide
<qman__> lox_, if you didn't replace the disk grub is installed to, it doesn't need any changing
<qman__> but sometimes that happens
<twb> Grub *SHOULD* be installed to *ALL* disks in the array
<twb> However, in the example you pasted, he fails sdb so doesn't notice because sda is (presumably) the default boot disk
<lox_> qman__, sdb is a new disk I replaced yesterday, and today I needed to replace sda, as I didn't reinstalled grub on sdb =>fail
<twb> lox_: so the lesson you have learned is: don't trust some random guide you found to be perfect
<lox_> both were having a lot of SMART errors (intensive use during two years)
<lox_> twb, and ... reinstall grub after I chnage any disk in a n array ;)
<lox_> thks guys
<qman__> yeah, I lost a RAID 5 recently because two of the disks catastrophically failed within an hour of each other
<twb> lox_: just so
<qman__> I run a raid 6 with a spare now
<qman__> raid is not a backup, never forget that
<lox_> I am afraid to run raid 5 again, upgrade to lucid broke it last time
<lox_> qman__, I learned that when my raid5 failed ....
<qman__> upgrading to lucid broke my framebuffer, of all things
<twb> qman__: that's a "feature"
<qman__> now it won't go above 640x480
<qman__> even after installing grub2 and correctly setting the parameters
<twb> qman__: in fbcon, or X, or both?
<qman__> no X, just (I assume) fbcon
<twb> grub2 framebuffers are irrelevant AFAIK
<twb> What GPU?
<qman__> ATi Rage XL
<qman__> ran vbeinfo, shows support up to 1280x1024
<twb> So I guess it'd be radeonfb.ko
<qman__> before I installed grub2, it was just giving me out of range on the monitor
<twb> You put something like "radeonfb" in /etc/initramfs-tools/modules, run "update-initramfs", and reboot -- unless it's compiled into the kernel, in which case you edit the boot: line
<twb> At least, that's how it works for fbcon with i915/KMS on an Intel GPU
<qman__> ok
<twb> Obviously if you only need 4:3 resolutions, you can just pass vga=771 or vga=779 or so
<qman__> widescreen would be nice, but I was just using 1024x768
<qman__> but before I put grub2 in there, the vga line was causing my monitor to go out of range for some reason
<twb> gentoo's wiki's "framebuffer" article has a table of vga=N
<qman__> when with hardy it worked fine
<qman__> tried several different ones, too
<twb> Shrug
<qman__> at first I thought maybe plymouth was attempting to go into 1440x900, the monitor's native resolution, and the card didn't support it
<qman__> but that doesn't explain why putting in grub2 changed the result, or why removing the vga line makes it work at default 80x25
<twb> qman__: are you using digital (DVI, displayport, etc) or analogue (d-sub)?
<qman__> analog
<twb> It's entirely possible the default timings for high resolutions are beyond the capabilities of your current monitor
<lox_> guys, witch tool would u recommend me to clean up a HDD with some SMART errors ? HDD regenerator?
<twb> If a SMART self test fails, your drive is dying and should be replaced.
<twb> It cannot be "fixed" with software.
<qman__> finally got it working, the issue is that it was attempting to use 32-bit color, while the card only supports 24-bit
<qman__> I don't know WHY it was trying to use 32-bit color, since I told it otherwise, but eh
<mase_wk> lox_: as twb mentioned your drive is dying.
<twb> qman__: there's no such thing as 32-bit
<lox_> twb, ok thks
<lox_> it is replaced
<twb> It's really three eight-bit channels (rgb), and an eight-bit alpha channel in some transforms
<qman__> twb, yeah but they're two separate modes
<qman__> and the card doesn't support 32-bit
<qman__> I don't know why it didn't work in the first place though, for that it would have to be the radeonfb thing you mentioned
<qman__> because everything else I changed was grub2 settings
<twb> vesafb can only use standard VESA 2.0 modes, which are all 4:3
<qman__> it is a standard VESA mode, 1024x768
<twb> okey dokey
<uvirtbot> New bug: #610313 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/610313
<Norkakn> Hi.  I have a 8.04LTS server with 2.6.24-19-server.  When any process is outputting, it will freeze after a bit, and then usually resume.  So, if I tail -f a file, it'll be fine for a bit, and then freeze for ~5 minutes, then be fine again
<Norkakn> writes to disk were really high earlier today, but now they are pretty sane
<twb> Sounds like you have a high I/O load
<Norkakn> 1.3%wa in top, is that high enough to cause this?
<twb> You want to measure it with iostat (iowait?)
<Norkakn> Blk_read/s averages around 250, Blk_wrtn/s 300
<twb> The first stanza reports the I/O at boot time.
<twb> Run it with an interval and then look at the second stanza
<Norkakn> http://paste.scsys.co.uk/47160
<Norkakn> that work?
<Norkakn> it seems to be related to putting things out on the screen.  If I don't redirect the output of a command, it takes 90 seconds.  If I > /dev/null, it takes 1.2 seconds
<Norkakn> I'm in over ssh though, and time is still reporting that it only takes 1.2s, even though it takes over a minute to print it all
<Norkakn> web traffic is light though
<toabctl> i use kvm on a ubuntu hardy server but i'm unable to give my guest system (ubuntu lucid) a fixed ip address. how to do this?
<toabctl> i use libvirt to manage the guest system
<mase_wk> toabctl: you could virsh console <guest> into the box and alter /etc/network/interfaces
<toabctl> mase_wk, i'm already logged in in the guest system.
<toabctl> mase_wk, but what is the network-interface name? eth0?
<mase_wk> ifconfig -a will give you a list
<toabctl> physically there's only one network interface connected to the wan
<mase_wk> yep you can set up a bridge in the host and then tell virsh to get your guest to use the bridge
<toabctl> mase_wk, is there a howto for that?
<mase_wk> well i think the libvirt site has a pretty good howto
<mase_wk> i would suggest having a google for it
<mase_wk> thats how i found it
<toabctl> mase_wk, and the bridge should have the public ip, right?
<mase_wk> yes
<mase_wk> if thats how you want to set it up
<mase_wk> well actually it really depends what your trying to do. If you have a network and each guest should have a public i[p
<mase_wk> or some portion of guests need a public IP then you set up a bridge
<mase_wk> if your hardware supports it you can do PCI passthrough for NICs directly to guests
<Jeeves_> Mogge
<uvirtbot> New bug: #610329 in bind9 (main) "name server reported by dig are wrong" [Undecided,New] https://launchpad.net/bugs/610329
<Jeeves_> ^^^ "I don't understand how DNS works, let's blame Bind"
<uvirtbot> Jeeves_: Error: "^^" is not a valid command.
<Norkakn> twb: do you have any other ideas?
<twb> Norkakn: nope
<huats> morning
<Norkakn> 'evening
 * SpamapS should not be as wide awake as he is right now
<SpamapS> ttx: does bug triaging always get this far behind when we sit in a room for a week instead of working? ;-)
<eagles0513875|2> how accurate is the dovecot documentation for 10.04 as there is no mention of it
<eagles0513875|2> in the wiki at all
<TuxSax> hi all
<alex88> !hi TuxSax
<alex88> !hi | TuxSax
<ubottu> TuxSax: Hi! Welcome to #ubuntu-server! Feel free to ask questions and help people out. The channel guidelines are at https://wiki.ubuntu.com/IRC/Guidelines . Enjoy your stay!
<zrbecker> I set up an Apache server on Ubuntu 10.04, and I set up two <Virtual host *:80> Things. In one I have the Servername as mydomain.com and the other as asdf.mydomain.com. When I type in the ipaddress of the server in the browser it brings me to asdf.mydomain.com. So for some reason it is using that as a default. Is there a way to disable this behavior?
<zrbecker> I want it to not show a webpage at all if I have not set up a vhost for the name entered.
<Jeeves_> zrbecker: The first fuond vhost is the default
<Jeeves_> So create a vhost with what you want it to show, and name the file 0000_default
<Jeeves_> And it will be the one which shows up
<zrbecker> when I enable default it doesn't display my domain virtual host, it always just uses default.
<zrbecker> Is there a way I can fix that?
<ttx> SpamapS: yep -- that's how it goes when almost everyone forgets their usual chores :)
<Roxyhart0> HI there, somebody have experience with Dante? i would like to know if it record the sites visited per users?
<eagles0513875|2> Roxyhart0: never used it but google analytics is really good at keeping track of unique visitors to your site
<Roxyhart0> thanks
<eagles0513875|2> welcome
<Roxyhart0> I am looking for a proxy p2p that also can record the sites visited by my users in case i got problems with copyright stuff. Somebody knows any tool?
<zrbecker> On ubuntu i have three virtual hosts set up with these configurations http://pastebin.com/biiJkHHt can anyone tell me why it will only serv the default one? All three of them are in the sites-enable. And if I turn off default the two other sites display fine, but I want default to be served when a random host is requested.
<Jeeves_> Roxyhart0: Kerio Controkl
<Jeeves_> Control
<Roxyhart0> thanks a lot!
<Jeeves_> zrbecker: http://httpd.apache.org/docs/2.1/vhosts/examples.html#default
<impi> hello, i have had to compile php from source, for gd to work correctly, i did this, but then this other coder did some stuff and now he gets:Use of undefined constant MCRYPT_BLOWFISH - assumed 'MCRYPT_BLOWFISH' but mcrypt is installed and all seems fine..
<Jeeves_> First hit on Google 'apache2 default vhost'
<Italian_Plumber1> Good morning.  I am running the lucid desktop 64 live CD.  Is there a way to update all the packages except the ones related to the kernel?
<Roxyhart0> Kio control apparently works just in windows server
<Jeeves_> Roxyhart0: No. It's a vm-appliance
<Jeeves_> So you can run a KVM-vm with Kerio Control in it.
<Jeeves_> Or, you can run it on a normal server, obviously.
<Jeeves_> But you can't do anything else anymore than
<Roxyhart0> sorry you mean run in a virtual machine?
<Jeeves_> Yes
<Roxyhart0> vm with windows?
<Jeeves_> Roxyhart0: Kerio Control is Linux
<Roxyhart0> ok, thanks i will read more
<zrbecker> Jeeves_: bleh, I changed *:80 to _default_:80 like that website seems to be suggesting, but same results...
<soren> zrbecker: What's the hostname of the machine?
<soren> asdf.mydomain.com by any chance?
<zrbecker> zrbecker.com
<soren> hostname -f
<zrbecker> hmm the hostname is set as MainServer. I thought this was changed.
<soren> I remember some weirdness if one of my vhost's ServerName was set to the host's $FQDN.
<soren> Thought that might be what you were seeing, but perhaps not.
<soren> I forget the details, just wanted to offer the hint.
<zrbecker> heh thanks.
<zrbecker> hmm weird, not sure since when but now it is serving the default for only one of the virtual hosts, but servering the correct files for the other one. Oh computers how I love thee. lol
<TuxSax> zrbecker: are you talking about apache?
<zrbecker> yes
<zrbecker> soren:  In my apache2.conf file my ServerName was set to zrbecker.com I changed this and it fixed it. So I guess you were right. How weird.
<zrbecker> Jeeves_: Thanks for the help too.
<Jeeves_> np
<Jinxed-> Jeeves_, question for you
<Jinxed-> i am sharing a folder over my network
<Jinxed-> and it was working
<Jinxed-> then i went to get breakfast
<Jinxed-> now i come back, and when i try to access my folder from my windows laptops
<Jinxed-> I get
<Jinxed-> is not accessible
<Jinxed-> you might not have permission to use this network resource
<Jinxed-> the network path was not found
<Jinxed-> any ideas what may have caused that/how to fix it?
<TuxSax> Jinxed-: what exactly did you have for breakfast?
<Jinxed-> pancakes
<Jinxed-> wheat
<Jinxed-> 2x
<Jinxed-> eggs
<Jinxed-> scrambled
<Jinxed-> 2x
<Jinxed-> rockstar energy cola
<Jinxed-> 2x
<Jinxed-> well not quite true... my pancakes were like an inch thick each and the size of the plate so i only made i through 1.5 of them, and i am just starting the energy cola
<Jeeves_> Jinxed-: That involces Windows, so I've got no clue
<Jeeves_> involves
<Jinxed-> hmm
<Jinxed-> you don't think it is anything on the ubuntu side?
<Jeeves_> I've got no clue. Really.
<Jinxed-> The folder Im sharing is on my ubuntu machine (I got the vlan trunking working btw from yesterday :) )
<Jeeves_> I've got no clue. Really.
<Jeeves_> And also, sharing folders via de Gui isn't really #ubuntu-server'ish
<Jinxed-> Jeeves_, Do you know of any better way to share video or to do VoD through a more server oriented approach?
<Jinxed-> I feel like sharing a folder will only work for a small number of computers
<TuxSax> Jinxed-: streaming would be a better choice
<TuxSax> you can even do it using VLC
<Jinxed-> I would like to be able to do streaming
<TuxSax> but I guess there are many other options to stream video on a network
<Jinxed-> but I believe VLC only lets you broadcast a stream like a shoutcast that people could view
<Jinxed-> I want people to be able to request a video that they want to see and stream it
<Jeeves_> Jinxed-: How many videos will you be sharing, and to how many people?
<Jinxed-> umm the numbers could very between 5-1000
<Jinxed-> people
<Jinxed-> and 600 gigs-5TB of video
<Jinxed-> well actually starting off less video
<Jinxed-> maybe like 50 gigs
<Jinxed-> I want to build a system that is scalable
<Jinxed-> I know its easy to build something for a personal network, but im interested in learning how to set up something larger
<Jeeves_> Jinxed-: flumotion, or something like that
<Jeeves_> Is it flash?
<Jinxed-> no, it will be most likely some compressed version of video
<Jinxed-> h.264
<Jinxed-> xvid
<Jinxed-> i want to be able to capture raw footage from a camera
<Jinxed-> compress it
<Jinxed-> and share it over the network
<Jeeves_> flumotion can do that, afaik
<Jinxed-> i have the stuff to capture/compress it is the video on demand
<pkramerruiz> Hi everyone!
<pkramerruiz> Can anyone tell me if the developers of "software-sources" have an channel-sources?
<pkramerruiz> Cause I want to run the process for selecting the best Mirror server, every time before making an update to some program, for obtain more speed downloading
<Jinxed-> stupid windows... i reset them and it can work
<Jinxed-> Jeeves_, I will check out flumotion
<Jinxed-> Jeeves_, that looks SWEET
<ringods> Hello, I have deployed two lucid servers (just OpenSSH server) as VirtualBox VMs. One is i386, one amd64
<ringods> networking is OK in the amd64, but not in i386: I have no eth0 ther
<ringods> lshw -class network reports the network interface as DISABLED
<ringods> ifconfig only returns lo
<ringods>  etc/network/interfaces file has eth0 configured for dhcp
<ringods> Can someone tell me how I can get my eth0 enabled again?
<TuxSax> ringods: can you see what mii-tool shows?
<TuxSax> ringods: try ifconfig eth0 up
<ringods> Both the working and the non-working system report: eth0: no autonegotiation, 1000baseT-FD flow-control, link ok
<TuxSax> ringods: try renewing your dhcp settings using dhclient
<ringods> sudo ifconfig eth0 up; sudo dhclient
<ringods> output tells me an ip address is assigned
<ringods> running ifconfig tells me eth0 is up, but only having an ipv6 address
<RoyK> ringods: if you set a static ip, can you ping out?
<RoyK> ringods: might be the logical link in vmware is down
<TuxSax> ringods: can it be a problem in the vmware host settings?
<ringods> RoyK: with static IP, it works flawlessly: /etc/init.d/networking restart brings eth0 up with the static ip assigned
<RoyK> wierd
<ringods> changing it to dhcp again results in eth0 down and (off-course) no succesful dhcp request.
<sommer> morning all
<RoyK> ringods: can you try to dump network traffic to see to where the dhcp request broadcast go?
<ringods> In the meantime, I also double checked the vbox guest settings: both are configured exactly the same networking wise
<RoyK> and vbox works?
<ringods> yes, I have 2 karmics and the lucid-amd64 running succesfully
 * RoyK blames vmware
<ringods> only the lucid-i386 fails to initialize the network
<RoyK> does lucid-i386 work on vbox?
<ringods> RoyK: except for the eth0, it boots correctly
<ringods> initial lucid support came in vbox 3.1.6. I'm running 3.2.6
<RoyK> I'd guess there might be something related to vmware, then
<ringods> vmware?
<ringods> I'm talking VirtualBox here.
<RoyK> oh, so it works
<RoyK> oh - I misunderstood :)
<RoyK> in bridge or nat mode?
<ringods> nat, with custom vbox dhcp server
<ringods> the 3 other VMs also use that custom vbox dhcp server, an they initialize correctly
<RoyK> AFAIK very little has changed in the Ubuntu DHCP client - just to be sure, have you tried to sniff the network on the server while doing a DHCP request to see where it gets sent?
<RoyK> it should use a normal broadcast
<RoyK> but then, using vbox with a custom dhcp server complicates things a bit
<ringods> problem is that /etc/init.d/networking restart seems to bring eth0 down resulting in dhcp failing.
<ringods> with the static IP, the same command works perfectly
<RoyK> does it work if you set dhcp and then reboot?
<ringods> no
<ringods> if I login, and check ifconfig: only lo, no eth0
<RoyK> lemme try to install lucid32 on vbox
<ringods> Here is how I added an additional network on my virtualbox host:
<ringods> VBoxManage dhcpserver add --netname "10.100.164.0/24" --ip 10.100.164.1 --netmask 255.255.0.0 --lowerip 10.100.164.5 --upperip 10.100.164.254
<ringods> then reconfigure nic1 of guests as follows:
<ringods> VBoxManage modifyvm <guestname> --natnet1 "10.100.164.0/24"
<RoyK> why don't you just bridge?
<ringods> I am simulating production setup...
<RoyK> will you be using vbox in production?
<ringods> no
<ringods> I use vbox to try out server configurations
<RoyK> then use bridging with vbox on a separate network
<RoyK> NAT won't help you simulating
<ringods> well, the separate network is the problem here at the office...
<ringods> I am limited in what I can do.
<RoyK> well, it's probably vbox that's making a problem here
<RoyK> I could get an address during install of lucid without problems with nat
<ringods> but why does it work for the 3 other VMs then with the same network setup?
<RoyK> no idea
<RoyK> ask on #vbox
<ringods> ok, will try there.
<ringods> RoyK: then again, even on real systems, my lucid system frequently come up with only ipv6 address assigned to eth0. networking restart solves the problem, but it is a pain to have to intervene every time
<ringods> is this a known issue?
<smoser> ok... in effort to get kernel upgrades working for uec, I'm going to have to depend on grub.
<smoser> i can do that either run-time or build-time.  i would prefer run-time as it seems like it would be easier to fix. with a package upgrade.
<smoser> Daviey, kirkland ^^ question directed at you two.
<smoser> its not a big deal to have node controllers depend on grub-pc in my opinion, as they already will have grub-pc (so they can boot).
<Daviey> smoser, Hmm.. runtime?
<smoser> "Depends" versus "Build-Depends"
<Daviey> smoser, euca-nc can add a depends on grub2-pc if you need it.. I don't see a concern there
<Daviey> It's surely already available to you tho :/
<smoser> right.
<smoser> the issue would be when / if someone needed a loader other than grub2
<smoser> but that is probably small case.
<Daviey> Looking to the future, it should probably be grub-pc|grub-efi
<smoser> the second part of the question is to use grub-mkrescue, or role my own "make a bootable floppy" utility.
<Daviey> Hmm.. good point about lilo tho.
<smoser> using grub-mkrescue would pull in a dependency on xorriso
<Daviey> smoser, How many lines would you anticpate your homebrew would be?
<smoser> < 200
<Daviey> That sounds reasonable, would it be generic or tied to euca?
<smoser> somewhhat generic, but i'm not terribly concerned about that.
<twb> smoser: would that still make sense when grub isn't the user's bootloader?
<smoser> i'd just make it euca-specific  as the shortest path, and have it as part of eucalyptus-nc
<Daviey> yeah.. i was wondering if it was generic - if there was somewhere better to put it.
<smoser> twb, the goal of this is to create a boot floppy that will eventually load the kernel/ramdisk from the guest (in a vm)
<smoser> so, yes, even when the host OS was not using grub2, it would be needed to have this function.
<smoser> Daviey, well, grub used to have 'grub-mkfloppy' which would have sufficed.
<smoser> but it has been replaced by grub-mkrescue , which depends on xorriso
<smoser> the ideal situation, was for me to use grub-rescue-pc, which is a canned ISO ready to be used.
<smoser> however, its an ISO
<Daviey> smoser, Can't you make it boot from CD?  ie ISO?
<smoser> which means i can't modify it, and i'd need to modify it a bit.  I was hoping to cp grub-rescue-floppy.img my.img && mount -o loop my.img  && modify it && umount .
<Daviey> ahh... CD = SATA
<smoser> i can maek a boot cd, yes.
<smoser> and grub-mkrescue will easily do that for me
<smoser> but it depends on xorriso
<smoser> my only hesitation in that route is runtime node controller dependency on xorriso
<twb> smoser: OK, does it make sense when hardware less than ten years old tends to lack floppy support? ;-)
<Daviey> xorriso = universe...
<Daviey> can't see a MIR being successfuly for that.
<smoser> xorriso is build depend of grub2, so it would seem that it has to be main
<smoser> twb, until kvm -floppy goes away it makes sense. and even then, at this poitn the output of grub-mkrescue is an iso that boots as a floppy or a one of those funny shiney discs that are also obsolete
<twb> Hum.
<twb> I always just use -kernel -initrd -append
<smoser> twb, right. that was what i was hoping originally.
<smoser> unfortunately, if you use -kernel and feed it a grub multiboot image , the grub multiboot image will boot, but will only see virtio and ide disks.
<smoser> scsi discs are not seen.
<smoser> and we need to support scsi disks.
<twb> If you have -kernel, why use a bootloader at all?
<smoser> -kernel would have been so much easier.
<Daviey> smoser, Ah, scrub that - it's main!
<Daviey> Lucid = universe, Maverick = Main
<hggdh> cool. Now Eucalyptus does not fail to set the public IP sometimes
<smoser> twb, thats the essential reason for this:
<Daviey> (keep in mind that it would be nice if stuff from Lucid could be easily backported to Lucid)
<hggdh> it fails to bloody get *ANY* IP address
<twb> Daviey: rmadison -uubuntu ftw?
<smoser>   kvm -kernel <my.kernel> ... guest update & upgrade ... reboot ... old kenrel.
<Daviey> twb, you don't need -uubuntu
<twb> Well, *I* do, because I'm on Debian :-)
<twb> smoser: yeah, in analogous infrastructure I have a silly dance to avoid that
<smoser> yes, the goal is to avoid all non-necessary silly dances
<smoser> ttx still has a nice silly dance that solves problems though.
<Daviey> I need it
<twb> I don't suppose syslinux's chainloading support is any easier than grub's?
<smoser> cjwatson, ping.
<smoser> twb, i might look.
<smoser> twb, i hadn't really considered that. i'll take a quick look.
<smoser> i guess the benefit of going with syslinux would be no dependency on a boot loader that might affect the host
<webPragmatist> do most of you guys kill apparmor
<qman__> I don't touch it
 * EvilPhoenix lets it sit there minding its own business
<webPragmatist> well it just screwed me for a few minutes
<qman__> I have no compelling reason to extend it, and I have not run into any issues with it
<EvilPhoenix> you were messing with it werent you
<webPragmatist> because i symlinked /var/lib/mysql to somewhere else
<EvilPhoenix> ehehehe
<EvilPhoenix> probly not a good idea
<webPragmatist> just stopped apparmor for the time being
<webPragmatist> i may just uninstall it
<webPragmatist> i don't need a heartattack
<qman__> it's mostly a damage control measure anyway
<AndyGraybeal> how do i remove a GPT partition table from /dev/md0 ?
 * EvilPhoenix never messes with things he doesnt have a reason to mess with
<AndyGraybeal> in gdisk /dev/md0 i tried, 'd' but it doesn't have a partition there, just the table.
<AndyGraybeal> or in other words, how do i clear /dev/md0 of any partition information?  can i delete the raid array and recreate it and that will remove any partition information correct?
<qman__> none of my mds have partition tables
<qman__> you could zero it
<qman__> or just format with whatever new one you want
<qman__> why exactly do you want to?
<AndyGraybeal> well, i'm trying to do pvcreate /dev/md0 and it returns that there is:  /dev/md0: Skipping: Partition table signature found
<qman__> ah, just zero the first...I forget how much
<qman__> where a partition table would be
<qman__> dd if=/dev/zero of=/dev/md0 bs=1M count=1
<AndyGraybeal> qman__: okay, i odn't know how to do that.
<qman__> should do it
<qman__> that will destroy any data in the first 1MB of the disk
<AndyGraybeal> ther'e snothing on the disk
<AndyGraybeal> qman__: okay thank you, i've never done this before
<qman__> no problem, just making sure I'm not instructing you to nuke your important files ;)
<Jinxed->  I just started using flumotion and when I do ps -ef | grep flu I see that there are alot of flumotion processes running after I close it down... how do I kill all of them at once?
<qman__> Jinxed-, killall flu
<qman__> where flu is the process name
<Jinxed-> qman__, what if I don't know it exactly
<qman__> I think regex works
<Jinxed-> user  4901  4480  5 11:27 ?        00:00:15 /usr/bin/python /usr/bin/flumoti
<Jinxed-> example line
<qman__> just run `ps a`
<qman__> hmm
<qman__> behavior is a little different than I remember
<qman__> ah, ps -e
<AndyGraybeal> qman__: that sort of worked here's what i got, in gdisk: Caution: invalid main GPT header, but valid backup; regenerating main header
<qman__> no, that one's cut off too
<AndyGraybeal> from backup!
<qman__> AndyGraybeal, hah
<AndyGraybeal> qman__: but pvcreate /dev/md0 worked!
<AndyGraybeal> qman__: do you think i should proceed?
<qman__> AndyGraybeal, yeah, should be fine
<AndyGraybeal> *with LVM i mean
<qman__> if it lets you create the volume and format it you shouldn't have an issue
<AndyGraybeal> gdisk is reporting: arning! One or more CRCs don't match. You should repair the disk!
<AndyGraybeal> qman__: i want to get rid ofthis error before i proceed.
<AndyGraybeal> can i recreate my raid array and start all over again?
<AndyGraybeal> some how get rid of any of this stuf
<qman__> AndyGraybeal, you could, but zeroing the whole thing should be faster
<AndyGraybeal> lets zero the whole thing then.
<qman__> dd if=/dev/zero of=/dev/md0 bs=2M
<qman__> it'll still take a while, but not as long as recreating and resyncing the raid
<AndyGraybeal> qman__: thank you
<AndyGraybeal> i'm gonna try it now, i've been runing downstairs and upstairs, i got a crew of people running wires.
<zrbecker> In OpenSSH is there a way to disable password authentication for a single user?
<qman__> Jinxed-, ps ax --format args | cut -d" " -f 1 | grep '/' | awk -F/ '{print $(NF-0)}' | grep flu
<phyfus> i am trying to remove the unused package linux-image-2.6.32-23-server using apt but it keeps hanging on "Running postrm hook script /usr/sbin/update-grub"
<Jinxed-> I am not running server (should clarify from the start) but I was told that there would be more expertise on this in here
<phyfus> i have tried running /usr/sbin/update-grub by its self and that never finishes either, any ideas?
<AndyGraybeal> qman__: out of curiousity, am i writing 2M of 0's at a time to the disk?
<qman__> AndyGraybeal, yes
<qman__> it's a bit faster than not specifying a block size in my experience
<Jinxed-> I have a 802.1q trunk between my laptop and a switch
<AndyGraybeal> qman__: awesome, i'm not questions, i'm just curious.
<AndyGraybeal> *questioning
<ltyr> hi
<Jinxed-> and I have it configured in ubuntu in the /etc/network/interfaces
<ltyr> im looking for something that's GUI to do backups using RAR ....
<Jinxed-> however whenever my computer restarts
<ltyr> are there any tools for linux that does this?
<ltyr> or it's most command line tools
<Jinxed-> none of the configuration is there, and I end up throwing random network commands at it until it comes back
<Jinxed-> how do I get it to start when the comp starts
<qman__> ltyr, since ubuntu server does not have a GUI, this is the wrong place to ask
<qman__> try #ubuntu
<qman__> Jinxed-, probably belongs in /etc/network/interfaces, though I've never done that kind of setup
<Jinxed-> Here is my current /etc/network/interfaces setup http://paste.ubuntu.com/469864/
<qman__> Jinxed-, I'm not positive, but I think you still should have an `auto eth0` there, even though it's unconfigured
<Jinxed-> qman will give it a shot
<Jinxed-> reboot time
<Jinxed-> qman__, no luck :(
<qman__> Jinxed-, what commands do you use to get it working?
<Jinxed-> qman__, I haven't quite figured it out what it is
<qman__> phyfus, I found a few people with the same problem, but no solutions, sorry
<Jinxed-> qman__, ok I did sudo ifup vlan20
<Jinxed-> sudo ifup vlan30
<phyfus> qman__, ok well i'm trying a reboot to see if that helps
<qman__> Jinxed-, that's it? if so, try changing auto vlan10 vlan20 vlan30 into three separate auto lines
<Jinxed-> you mean like
<Jinxed-> auto vlan10
<Jinxed-> auto vlan20
<Jinxed-> etc
<qman__> yes
<qman__> I can't find concrete information on it but 20 and 30 starting as down seems to point there
<Jinxed-> interesting
<phyfus> qman__, after reboot I was able to finish removing the package using apt-get autoremove, but I got an error The link /vmlinuz.old is a damaged link Removing symbolic link vmlinuz.old  you may need to re-run your boot loader[grub], how do i re-run  my boot loader?
<qman__> phyfus, that's safe to ignore, and only shows up when you remove all but one kernel
<qman__> phyfus, but to do it manually, `sudo update-grub`
<phyfus> ok thanks
<phyfus> ubuntu support is ace!
<harrison> hello
<harrison> I would like to learn html 5 and I am asking if anyone here knows about some learning materials around the web.
<AndyGraybeal> harrison: i would ask in #html or #web, i think w3c has their own irc server also with resources.
<Jinxed-> harrison, i feel like google might actually be a good place (I know that is usually not advicated to google it) but html 5 is very popular right now and I imagine html5 introduction or html5 tutorial would bring up some relevant starting poitns
<Jinxed-> ok qman__ no luck on the vlans starting on restart
<harrison> thanks
<harrison> I didn't know about the #web and #html chat rooms, whats the url of the W3C server?
<harrison> *W3C IRC server
<Insyte> I thought the mpt2sas module made it into 10.04...
<Insyte> Hmmm.
<Insyte> Never mind, I have to rebuild my PXE initrd.
<mathiaz> kirkland: hallyn: hi - is there a specific DebuggingKvm wiki page that outlines how importance should be set on qemu-kvm bugs?
<kirkland> mathiaz: not sure, but the guide is easy ....
<kirkland> mathiaz: critical == eats your data
<mathiaz> kirkland: which guide are you referring to?
<kirkland> mathiaz: high == crashes the host
<kirkland> mathiaz: medium == crashes the guest (and most other "normal" bugs)
<kirkland> mathiaz: low == doesn't crash host or guest, but has undesirable, clearly buggy behavior, or if it does cause crashes, can be worked around
<kirkland> mathiaz: wishlist == feature requests, everything else lower priority
<hallyn> kirkland: people.canonical.com/~sergeh/binary.iso.lzma has the uec livecd fwiw
<kirkland> hallyn: wgetting
<kirkland> hallyn: HTTP request sent, awaiting response... 404 Not Found
<hallyn> gah
<hallyn> serge, not sergeh
<hallyn> sergeh was at ibm :)
<hallyn> people.canonical.com/~serge/binary.iso.lzma
<hallyn> mathiaz: kirkland: i tend to say if it can be worked around i call it medium, if it cannot for some ppl then i call it high...
<hallyn> lose data (in either guest or host) i would call critical.  looks like i'm not in tune with kirkland
<kirkland> hallyn: pulling
<hallyn> oh, i guess we are - i was misreading
<kirkland> hallyn: i agree with ^
<hallyn> of course, 'lose data' can be easy if you use a stupid fs so then it's not kvm's fault :)
<mathiaz> hallyn: kirkland: I've updated https://wiki.ubuntu.com/DebuggingKVM
<kirkland> mathiaz: cool, thanks
<zul> SpamapS: i should have something up for you today
<someuser> hello! i need help with UUIDs. partition sda5 suddenly has no UUID, how can I create and attach new one? tune2fs -U random /dev/sda5 didn't help
<hallyn> mathiaz: thx
<AndyGraybeal> qman__: that fixed the issue!  thank you brother.
<FunnyLookinHat> Can I use SCP to move a file on a remove server from one directory to another?
<AndyGraybeal> FunnyLookinHat: why not just us cp?
<AndyGraybeal> FunnyLookinHat: SCP is more from remote machine to local machine transfers
<FunnyLookinHat> AndyGraybeal: I'm writing a cron'd PHP script to transfer files to another server - once the file is there I have to move it into the correct directory (to prevent another script from prematurely reading an incomplete file)
<FunnyLookinHat> AndyGraybeal: I'm open to any suggestions... :)
<AndyGraybeal> yea, i'm not gonna say anything becaues i don't know any better, i'm fairly new to all of this.
<AndyGraybeal> even though it's been 10 years i've been meddling with it
<FunnyLookinHat> heh- fair enough :)
<AndyGraybeal> someoen else will probably help, i'm no good at this stuff
<smoser> FunnyLookinHat, you can use 'scp' to *copy* a file from one directory to another
<FunnyLookinHat> smoser: but not to move - right?
<smoser> scp: secure CP
<smoser> cp: copy
<FunnyLookinHat> lol - figures.
<smoser> so, no, not really.
<eduardo_f> hi! I have a php that writes user input to a text file, problem is strange chars like euro sign are not written correctly, should I just change the locale?
<FunnyLookinHat> Can you think of a good way for me to accomplish this, thought?
<FunnyLookinHat> eduardo_f: I would bet so - but try ##php
<eduardo_f> thanks FunnyLookinHat
<FunnyLookinHat> np
<smoser> well, if you're needing to transfer a file across a network, you can use rsync.
<smoser> rsync will transfer file and then do a rename when it is done.
<smoser> for that explicit reason, FunnyLookinHat
<FunnyLookinHat> smoser: whoahhhh - wait.  It will do the rename?
<smoser> yes.
<FunnyLookinHat> smoser: i.e. if I do rsync -t /path/to/localfile /remote/server/file - the file won't show up in the filesystem until it's completely uploaded?
<smoser> well, it will show up in /remote/server/.file.zcBoJz
<smoser> or some name like that
<smoser> and then when complete it shows up as /remote/server/file
<FunnyLookinHat> No kidding...
<FunnyLookinHat> wow.
<kim0> Do we have an EC2 image that's closer to 10.04.1 than to 10.04 ?
<FunnyLookinHat> Thanks smoser - I'll have to check that out
<smoser> kim0, you can use a daily
<smoser> they're there for testing purposes.
<kim0> ah I'll probably do that
<smoser> kim0, http://paste.ubuntu.com/469905/
<kim0> smoser: any preference for 64bit or 32bit over ec2 for small instance
<smoser> well, small instance only works for 32 bit
<smoser> :)
<smoser> so , i suggest 32 bit
<kim0> hehe
<b0ot> anybody here use flumotion?
<smoser> be aware, that those AMIs "fall off"
<smoser> (https://wiki.ubuntu.com/UEC/Images/NamingConvention)
<smoser> we keep the latest 5 daily builds. if you rebundle, you're OK, but if not, you may have to change a reference to an AMI in your launching code.
<kim0> got you
<kim0> smoser: any reason why there's no images for 24th and 25th
<smoser> lucid build twice per week.
<smoser> development is "daily"
<smoser> (development == maverick)
<kim0> ok got you
<viusert> Hi, need help with some noob questions. am i on the right place? (ubuntu 10.04 server amd64)
<SpamapS> viusert: its best to just ask the question, sometimes there are people who have an answer, sometimes there are not. ;)
<SpamapS> b0ot: whats fluomotion ?
<viusert> i get a message in console "init: ureadahead-other main process (###) terminated with status 4"  and blinking cursor under it. i think it is not ureadahead problem, how can i figure whats wrong? in /var/log many different logs, should i look for something specific?
<b0ot> SpamapS, flumotion is a video streaming server application
<SpamapS> viusert: bug #522197 seems related to that
<uvirtbot> Launchpad bug 522197 in upstart "init: shouldn't log a warning/error when a job fails with a status in "normal exit"" [Low,Triaged] https://launchpad.net/bugs/522197
<SpamapS> b0ot: cool.
<smoser> sommer, so, https://help.ubuntu.com/community/CloudInit has more info than the cloud-config syntax post.
<smoser> cloudinit takes multiple types of input, one of which is cloud-config.
<smoser> tell me how to review section, where do i see it ?
<kirkland> SpamapS: ping
<uvirtbot> New bug: #610544 in openldap (main) "slapd apport hook" [Wishlist,New] https://launchpad.net/bugs/610544
<kirkland> SpamapS: #ubuntu-meeting, if you're around ...
<sommer> smoser: it'll be here sometime tomorrow: http://doc.ubuntu.com/ubuntu/serverguide/C/uec.html
<mathiaz> SpamapS: you should join #ubuntu-meeting
<SpamapS> crap forgot
<smoser> k
<b0ot> Anyone know how to find a stream if you are doing it over localhost?
<b0ot> FOUND IT
<ttx> ivoks: you still ahve a papercut assigned to you, bug 321091
<uvirtbot> Launchpad bug 321091 in bacula "Bacula fails to install correctly if mysql wasn't installed before" [Medium,Triaged] https://launchpad.net/bugs/321091
<ivoks> ttx: yes, i know
<ivoks> ttx: i got my laptop back yesterday so i'm back in business since today
<ttx> ivoks: do you think you can work on it by alpha3 ? That's end of this week
 * ttx slaps the laptop thief
<ivoks> they had to replace my MB
<ivoks> never buy lenovo
<ivoks> that's just junk
<ivoks> 2 times in one year
<ttx> that's the croatian lenovo.
<ivoks> it's chinese :)
<ttx> ivoks: kirkland/smoser/mathiaz are pretty happy with theirs
<mathiaz> ivoks: hey!
<ivoks> do we install recommends by default in maverick?
<ivoks> mathiaz: hey
<ttx> ivoks: I was considering buying one, if only they would ship an x201 in france
<ttx> ivoks: since Jaunty, yes
<ivoks> ttx: well, this is x200s and it's excelent, on paper
<ttx> ivoks: maybe stop scuba diving with it ?
<ivoks> and it is awesome, when it works
<ivoks> :)
<sommer> mathiaz: wondering if you have time to review the latest openldap-dit branch?
<mathiaz> sommer: on my todo list
<mathiaz> sommer: I've noticed your update
<sommer> mathiaz: coolio, if there are more changes needed I should have time to get them in quickly
<ivoks> sommer: hi there
<mathiaz> sommer: ok
<sommer> ivoks: yo :-)
<sommer> thanks mathiaz
<ttx> nxvl: you have papercut bug 16953 on your plate -- if you think that's more than two hours work, then we should unnominate that one. If you can't make it happen by alpha3, maybe unassign yourself from it
<uvirtbot> Launchpad bug 16953 in aptitude "Aptitude: should accept both "Si" and "SÃ­" (when asking for confirmation)" [Low,Triaged] https://launchpad.net/bugs/16953
<ivoks> interesting bug :)
<ttx> ivoks: that's an itch I don't need to scratch, I don't have that letter on my keyboard.
<ivoks> how about these: Ç Ç Ç
<RoAkSoAx> kirkland: could you do me a favor? Could you please take care of bug #608338 ?
<uvirtbot> Launchpad bug 608338 in libesmtp "Sync libesmtp 1.0.4-5 (universe) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/608338
<nxvl> ttx: it is
<nxvl> ttx: it needs a function that changes i for Ã­ and that means using ascii and bla bla bla
<ttx> nxvl: ok, I'll wontfix it as a papercut then
<nxvl> ttx: the problem is that there is no easy way to do that because it uses the translated string from the pot
<SpamapS> RoAkSoAx: sweet, I was going to file a sync bug for the same reason! :)
<ttx> nxvl: yep
<nxvl> so thre is no way to say "this or that"
<nxvl> the only way is to strip the `'s out of it
<uvirtbot> New bug: #610557 in openvpn (main) "NFS Client Not Properly Unmounted on Halt/Reboot" [Undecided,New] https://launchpad.net/bugs/610557
<kirkland> RoAkSoAx: done
<RoAkSoAx> kirkland: thanks :)
<RoAkSoAx> SpamapS: hehe I'm gonna update a MIR for libesmtp now that the CVE has been fixed
<SpamapS> RoAkSoAx: its needed for collectd which I'm working on a MIR for as well
<RoAkSoAx> SpamapS: awesome, I need it for pacemaker :)
<Nonpython> Is there a guide to setting up a mail server with the ability to use LDAP instead of unix accounts?
<viusert> SpamapS: the only way i can boot system for troubleshooting is install CD with rescue mode. so uoy say the upstart is my problem? where it save logs? is there a way to look where it stops?
<viusert> SpamapS:  (sorry for bad english)
<AndyGraybeal> i have /dev/md0: LABEL="data" UUID="bef0f8b9-fc8a-4e81-96fa-8d868ef58e35" TYPE="ext4"  -- how do i get this into fstab?
<_Techie_> i installed ubuntu server 10.04 last night and it cause my boot to hand at 'verifying DMI pool data' is tehre a workaround for this?
<viusert> _Techie_: 1st boot after install ?
<_Techie_> viusert: yes
<_Techie_> i have checked and re checked all the hardware
<_Techie_> and it boots fine with that drive if i install win7 on it
<viusert> _Techie_: maybe you should try no acpi  (i'm a noob too)
<_Techie_> will have to try that tonight
<_Techie_> with luck i will have my parts arrive today, so i will have a compter assembled by tonight that i can use to create live USB's
<Diego_Lilioso> I have one problem: I particioned the disks, when I will install the base system, i had this message: "The installer cannot figure how to install the base system No installable CD-ROm was found." I have one server HP Proliant ML110 G6.
<SpamapS> mathiaz: I took the 5 steps you put on the board and have been using them. Quite effective so far.
<SpamapS> mathiaz: err, 5 GTD steps I mean
<hallyn> zul: SpamapS: i think you're probably the ones to ask:  if i want an iscsi target (in a vm, for testing), what's the ubuntu-ish thing to install?
<zul> tgtd isnt it?
<hallyn> zul: freakin' cool, thanks!
<Nonpython> Is there a guide to setting up a mail server with the ability to use LDAP instead of unix accounts?
<kirkland> smoser: ping
<kirkland> smoser: re: https://bugs.edge.launchpad.net/ubuntu/+source/byobu/+bug/610134
<uvirtbot> Launchpad bug 610134 in byobu "'byobu -S _name_' is broken" [Low,Confirmed]
<mathiaz> SpamapS: glad to hear that!
<mathiaz> SpamapS: if you wanna take it to the next level, I'd suggest putting David Allen 'Making it all work' book on your reading list
<lifeless> mathiaz: hi, Have you read 'switch' ?
<lifeless> mathiaz: if not, you should :)
<mathiaz> lifeless: switch? hm - I haven't heard of this book
<lifeless> another heath book
<mathiaz> lifeless: oh
<lifeless> I linked it in my blog a few days back
<mathiaz> lifeless: the follow-up/next book from Made to Stickl
<mathiaz> *stick*
<lifeless> yes
<lifeless> its very good
<uvirtbot> New bug: #610630 in php5 (main) "Please add Kolab php patches to Ubuntu php5" [Undecided,New] https://launchpad.net/bugs/610630
<RoAkSoAx> SpamapS:/win 2
<hallyn> SpamapS: egads, the title of the kslm (klsm?) talk has changed, doesn't mention that acronym at all any more...
 * hallyn wonders whether that means he's given up on whatever patchet he was brewing
<RoAkSoAx> ups
<SpamapS> hallyn: "Service Measurement in the Kernel" ..  I think he's just not ready to present working KSLM
<hallyn> SpamapS: hm, ok, i thought last week he had KSLM in the title or abstract
#ubuntu-server 2010-07-28
<Scunizi> on a fresh install I installed samba4 out of curiosity then uninstalled it.  It's left some cruft that I think is interfearing with the samba3 install... doing a ps aux -e | grep samba & smbd & nmbd shows all are loaded.. #samba says that the samba process is related to version 4 and smbd & nmbd for version 3.. how do I erradicate samba4? Just delete all related files?
<ScottK> Scunizi: Better to reinstall and then purge instead of just remove.
<ScottK> Then if there's anything left and you remove it, the package manager won't remember you removed it by hand and reinstall it properly if you ever install the package again.
<Scunizi> ScottK: I tried purge after remove.. of course it didn't work.. will installing samba4 eliminate samba3's installation? or replace my smb.conf file?
<ScottK> Scunizi: Purge only works if the package is installed.
<ScottK> It shouldn't, but if you're concerned, make a copy of it first.
<Scunizi> did.. thanks..
 * ScottK isn't much of a samba person, so can't say for sure.
<Scunizi> ScottK: just so I have the right purge command.. sudo apt-get purge samba4 ..?
<ScottK> yes.
<ScottK> (assuming samba4 is the binary package name)
<Scunizi> ok.. thanks
<Scunizi> Also had to do a apt-get autoremove for some of the extra packages.
<cmwslw> i have multiple subdomains on my home server
<cmwslw> i used to keep the subdomain files in different folders in /var/web
<cmwslw> is this a normal place to keep it?
<Plecebo> I have a server using software raid in a esata enclosure. I physically moved the location of the server and the enclosure and now my raid array is resyncing am I loosing data?
<Italian_Plumber> http://pastebin.com/Z5DaVRvL <-- can't kill samba ... any ideas?
<qman__> Italian_Plumber, kill -9
<qman__> if that doesn't work, the only way I know of is rebooting
<Italian_Plumber> :) thanks...  I tried that and it seemst o have worked.
<harrison> does anyone know how to connect wirelessly via CLI?
<KurtKraut> harrison, this is constantly asked here. I didn't find yet a wiki/tutorial/howto about that. If you find, please, tell me so  I'll be able to answer other people.
<harrison> http://blog.tplus1.com/index.php/2008/06/13/how-to-connect-to-a-wireless-network-from-the-ubuntu-command-line/
<harrison> there is the link
<KurtKraut> harrison, did it work for you? Can I recommend this link?
<harrison> yes
<MTecknology> What's some really amazing thing about Ubuntu that I could use in a report?
<MTecknology> What he says is "Give an "Oh Wow" fact about the project."
<qman__> MTecknology, the best features of ubuntu over other linux distros aren't "oh wow" things
<harrison>  over windows?
<MTecknology> in general
<qman__> in my opinion, Ubuntu's best feature is the simplified nature of the total package
<qman__> it gets a lot of it from the debian upstream, but then ubuntu picks a well-thought out subset and puts it together nicely, very little work required
<MTecknology> I was thinking something like, 50 billion people contributed to it
<KurtKraut> harrison, thanks
<MTecknology> That is true though - it puts together an awesome default setup
<qman__> I guess the crowning moment for me was when they added the LAMP tasksel
<qman__> one check box for a working web server
<MTecknology> and now tasksel is going away....
<MTecknology> :(
<qman__> what's it being replaced with?
<MTecknology> So far I've heard nothing
<MTecknology> aptitude is being removed from the default install too
<qman__> I always use apt-get anyway
<qman__> I know aptitude offers more features but old habits die hard
<qman__> it IS kind of silly to include both in the default install
<qman__> but tasksel is one of the best features of ubuntu server
<qman__> if they don't replace it with something they're seriously hurting it
<MTecknology> qman__: indeed
<harrison> qman__ what is tasksel?
<qman__> harrison, `sudo tasksel` and see
<harrison> okay
<qman__> it also runs near the end of a ubuntu server install
<harrison> That is something to remember
<harrison> what is an edubuntu server?
<silentwhisper> HI
<harrison> hello
<twb> !edubuntu > ubottu
<ubottu> twb, please see my private message
<twb> Oops
<twb> !edubuntu > harrison
<ubottu> harrison, please see my private message
<twb> harrison: try "/msg ubottu foo" when you want to know "what is foo?"
<silentwhisper> how are you
<harrison> fine
<silentwhisper> are you a system admin?
<harrison> I will try that but what I wanted to know, does edubuntu have a server-client system?
<harrison> Silentwhisper no I am not, someday maybe.
<silentwhisper> sorry, i have no idea
<silentwhisper> why you're here?
<silentwhisper> what is your careeer now?
<harrison> Homeschool student.
<silentwhisper> This is a great start for you
<silentwhisper> i'm here to learn and shift career
<harrison> in what way?
<silentwhisper> i hope i could do that a short span of time
<harrison> What administer a server?
<silentwhisper> i would like to learn about server admin
<harrison> I mostly browse the forum how-to's to learn how to install vsftpd and samba and the sort.
<harrison> kylenet.dyndns.org is my server.
<silentwhisper> vsftpd to transfer files?
<harrison> yes it's a ftp server.
<silentwhisper> samba to host files?
<silentwhisper> were you able to finish the installation
<silentwhisper> ?
<silentwhisper> what do you want to accomplish now?
<harrison> yes
<silentwhisper> where are the files?
<harrison> I have it setup on my parents computer, it runs win 7 and it works well.
<Nonpython> I want to use postfix to, instead of having a unix account for each address, use LDAP to manage the users. Is there a guide for this?
<harrison> What's postfix?
<Nonpython> MTA.
<harrison> It's 12:14 EST time for bed. (thats in Quebec, Canada)
<silentwhisper> what is the url for your files
<silentwhisper> where is your fileserver?
<silentwhisper> nowadays what are the skills i should learn a system admin?
<silentwhisper> as a system admin
<Nonpython> What form does Postfix want LDAP users in?
<Nonpython> No matter what form I put the password in, ldap stuff gives "ldap_bind: Invalid credentials (49)".
<twb> Nonpython: is the LDAP server slapd on lucid?
<Nonpython> yes
<twb> On the server, does "slapcat" work?  Does "ss -lp" report that slapd is listening to the appropriate port?
<twb> If so, then try to use "ldapsearch -x" on the server.
<twb> Probably ldapsearch -x -H ldap://127.0.0.1/
<Nonpython> Slapcat does not work. ss -lp reports that slapd is running on port 24726.
<twb> What does slapcat say?
<Nonpython> Nothing.
<Nonpython> I am just running "slapcat". No arguments.
<twb> What is its exit status?
<Nonpython> 127.
<twb> That is "command not found"
<twb> You should be getting an error message from your shell -- you should investigate that sometime.
<twb> Are you running slapcat as root?
<Nonpython> Lawl. That was from a typo.
<Nonpython> Really it is 0.
<twb> OK; do you have any evidence that there are any objects in your LDAP database?
<Nonpython> no
<twb> I think your LDAP is working but you don't have any objects
<Nonpython> How do I get some?
<twb> ldapadd
<Nonpython> I have 2 virtual hosts. One works, and one shows the same content as the other one, which is not right. What is wrong?
<twb> By "virtual hosts" do you mean apache vhosting?
<Nonpython> yes
<twb> I don't do apache, sorry
<larsemil> twb: i got that error when having apache read the config files in the wrong order. so i renamed the other one to 00_name and that solved the problem. its about having a default one i guess.
<trinkity__> hi all
<trinkity__> i need help with shorewall. Is possible log mac address with masquerading?
<someuser> hello! need help with UUIDs: i have 3 partitions on my disk, sda1, sda2 (primary) and sda5 (extended). now, for some unknown reason sda5 suddenly has no UUID and I can't mount it anymore. How to create a new UUID and attach it to sda5?
<twb> Depends on the filesystem
<twb> What does "sudo blkid /dev/sda5" say?
<someuser> its ext4
<twb> What's the whole line?
<someuser> no result for blkid /dev/sda5
<twb> That doesn't make sense
<someuser> blkid gives me result only for sda1 and sda2
<twb> What does "sudo file -s /dev/sda5" say?
<someuser> "/dev/sda5: Minix filesystem
<someuser> e2fsck -f says that filesystem is clean
<twb> You've fucked up your filesystem somehow
<someuser> what I have already tried is tune2fs -U random /dev/sda5, but that didn't yield any result for me
<twb> What is the filesystem type for sda5 in the partition table?
<twb> IIRC it should be 83 for ext
<someuser> but how? only users with limited right are working on the system, I didn't touch anything for at least a month or two :(
<twb> I don't know
<someuser> how can I get this what you need? (83)
<twb> I would probably run "sudo cfdisk /dev/sda"
<someuser> write new partition table? will all data then be lost?
<twb> That will *inspect* the partition table
<twb> Make a backup of it first if you're really paranoid
<someuser> aha, no. I'm not that paranoid :)
<someuser> well, i'm in cfdisk, all partitions are listed
<twb> And what type does it list for sda5?
<someuser> sda1 (swap),sda2 (root, ext3) and sda5 (extended, ext3) (sry!, its ext3 after all)
<someuser> sda5 is listed as logical ext3, linux
<twb> That's what it SHOULD say
<twb> I don't know what you've done to this box that it can't see it in file -s and  blkid
<someuser> this is computer of my aunt, she has 3 children and some of them must have done something. but they all have limited user accounts, what they can do?!
<someuser> all is there except UUID
<someuser> when I run 'ls -l /dev/disk/by-uuid' only sda1 and sda2 are listed
<silentwhisper> sir twb i was able to setup webserver and mail server quit and dirty
<silentwhisper> what else should i learn in maintaining server?
<trinkity__> anyone can help me with shorewall? I need log macaddress of all my packet
<twb> someuser: /dev/disk/by-uuid won't see tune2fs changes until you restart udev
<twb> trinkity__: try #shorewall
<someuser> i did shutdown -r now
<someuser> but still no changes
<someuser> twb: i did it on the old way, with /dev/sda5 instead of UUID in fstab. but still no explanation while UUID is suddenly missing. I will do the upgrade to 10.04 and hope that upgrade process will notice that UUID is missing and generate a new one for me. thank you for your help!
<MmikeDOMA> How do I run installation in text mode? i'm trying to install server on remote HP server using the ILO interface that I can access only via ssh, but as soon as installCD boots up it goes to graphics mode. Is there a way to circumvent that?
<twb> MmikeDOMA: boot with fb=false
<twb> Unless you're using 10.04, in which case you're fucked due to a bug in the server CD.
<twb> (Serial also works, as long as there's no graphics card installed.)
<MmikeDOMA> twb, i'm using 10.04. as soon as i get ISOLINUX booting message it goes to fb
<MmikeDOMA> so I'm fucked
<MmikeDOMA> Neat :)
<twb> MmikeDOMA: you can either preseed past it and do the install over ssh, roll your own CD, or netboot
<twb> Or do a d-i-less install from an existing unix system
<trinkity__> in try in channel #shorewall but nothing help for me
<trinkity__> i need log mac address in shorewall log
<MmikeDOMA> twb: problem is that ILO remcons won't let me press any keys because it's in graphics mode. It tells me to use web graphics interface which I can't because ILO adapter is on private network, i used ssh port-forwarding to access it. And I don't have hands on site.
<MmikeDOMA> Oh, well.
<twb> MmikeDOMA: yeah, I hate that stuff with a passion
<MmikeDOMA> I'm begining to grow a passion for that hate these days, yes.
<twb> At least your LOM actually supported direct ssh
<twb> Most of the routers and loms I get thrown at ONLY support some goddamn activex-based web UI
<MmikeDOMA> Maybe there is a way to fool the java applet
<twb> MmikeDOMA: I assume you're nowhere near the machine?
<MmikeDOMA> twb, 2 hours drive. I'll be there tomorrow but I wanted to prepup from home.
<MmikeDOMA> And I'm not going there now.
<twb> Nod.
<twb> Can you boot the host off PXE?
<MmikeDOMA> Nope.
<MmikeDOMA> But, would the installCD recognize the serial console if attached?
<twb> It'll support it, but you'll need to pass parameters via the VGA console first :-(
<twb> (You need to do that for 8.04, too, it's just I assumed you could type that blind.)
<MmikeDOMA> Gnj!
<MmikeDOMA> So, the only thing I'm left to is making java applet to connect trough the ssh-forwarded connectio
<twb> Good luck
<MmikeDOMA> Why does a server install CD goes to framebuffer anyway?
<MmikeDOMA> Because of a fancier look?
<Jeeves_> MmikeDOMA: That's a very good question.
<Jeeves_> It broke stuff for much people
<Jeeves_> And has no use
<twb> MmikeDOMA: just to piss me off
<twb> that's the ONLY reason
<twb> The whole world is against me
<kim0> Hi server guys. Remember that little django app for celebrating the 10.04.1 release I mentioned yesterday. Can anyone provide me a publically reachable VM to test it on (don't wanna waste time waiting for IS)
<Jeeves_> twb: Ehm, but we agree with you! :)
<MmikeDOMA> twb, i'm with you too ;)
<twb> The fact that plymouth is a required part of ubuntu-minimal, and that even with "splash" removed from the boot parameters, it's still *running*, is enough of a turn-off that everyone in my office is turning to one another and saying "so, remind me, why did we switch to Ubuntu again?"
<Jeeves_> Yes
<Jeeves_> implementing plymouth was stupid, and useless.
<Jeeves_> And they did it in an LTS release
<Jeeves_> which isn't supposed to be usefull at all!
<twb> And because i915 is enabled by default, my cheapo VGA-only LCD monitors chop off the leftmost column on the tty, so I have to spend five minutes every other day pissing about with their horizontal alignment.  The old 80x25 default was big enough that it wasn't noticable.
<twb> The other one that has screwed me hard so far is the race conditions in upstart/mountall when booting from NFS
<twb> To "fix" it I had to change mountall-net.conf to just "killall -USR1 mountall" every tenth of a second, forever
<MmikeDOMA> Where does one report a bug for ubuntu-server? Same place as for desktop?
<twb> MmikeDOMA: launchpad somewhere
<twb> Try "BROWSER=w3m apport-bug" or so
<twb> https://help.launchpad.net/Bugs/EmailInterface is useful
<a_ok> wat is the recomended way to add and configure a bridge at boot?
<Jeeves_> add a br0 in /etc/network/interfaces/
<Jeeves_> add a br0 in /etc/network/interfaces
<twb> Unless you're using libvirt, in which case it probably shits over that and does it internally
<Jeeves_> No it doesn't
<twb> I stand corrected
<twb> I just remember installing it somewhere and going "aah, wtf are you doing to my configuration?!" before going back to invoking qemu by hand.
<Jeeves_> Hmm, never had that
<a_ok> Jeeves_: will it also create the bridge and add the proper intefaces to it???
<twb> a_ok: brctl's package has a supplementary manpage for interfaces(5) that makes it very clear
<a_ok> twb: by default libvirt should not do anything with bridging as it is optional
<Jeeves_> If you configure it correct, yes :)
<Jeeves_> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<a_ok> twb: ah thanks!
<Jeeves_> a_ok: http://paste.ubuntu.com/470214/
<twb> apt-get install bridge-utils; man 5 bridge-utils-interfaces
<a_ok> that should teach me to prefere google over manpages
<a_ok> Jeeves_: those are some sensable defaults, verry nice
<sommer> morning all
<AndyGraybeal> morning sommer  :)
<AndyGraybeal> sommer: are you in EST?
<sommer> yeppers :-)
<AndyGraybeal> same here, just got to work.
<sommer> oh ya starting the day, heh
<AndyGraybeal> i'm gonna go find some coffee
<MmikeDOMA> twb, I did it!
<MmikeDOMA> twb, i needed to port-forward port 23 from my homebox to the ILO adapter
<MmikeDOMA> and now i have the neaty-neat graphical display of a ubuntu server install
<MmikeDOMA> stupid!
<twb> MmikeDOMA: you should post it on your blog or whatever
<twb> So that the next guy can google and work it out
<MmikeDOMA> Sure thing
<twb> Just to be clear: you're *reverse* forwarding 23 back to the ilo host?
<MmikeDOMA> twb: yes. I opened 23 on localhost and ssh-tunneled it to 23 on the ilo
<disposable> does anybody know of an isp control panel that doesn't need postfix/apache2/bind to be locally installed?
<_ruben> directadmin
<disposable> _ruben: it's for a charity so it needs to be free
<zul> morning
<smoser> kirkland, here now if are
<smoser> good morning mr zul
<kirkland> smoser: sup?
<zul> hey smoser
<smoser> responding to ping about bug 610134 which i see you fix-commited.
<uvirtbot> Launchpad bug 610134 in byobu "'byobu -S _name_' is broken" [Low,Fix committed] https://launchpad.net/bugs/610134
<kirkland> smoser: oh, i was just asking about your byobu bug
<kirkland> smoser: yeah, it's fixed, such that you can use byobu -S ... to name your sessions
<kirkland> smoser: however, byobu-select-session only looks for sessions that start with byobu*
<smoser> i think thats reasonable
<kirkland> smoser: which should only affect you if you ssh into a system with multiple running byobu sessions, and you want to choose one
<kirkland> smoser: if you name your session byobu -S smoser, it won't appear in the list
<smoser> yeah. hmm.., but one thing that would stnk about that.
<smoser> if i had byobu by default enabled
<smoser> and created a session with 'dev'. the select then wouldn't show it to me.
<smoser> and may possibly not be able to attach at all when ssh'ing in
<kirkland> smoser: away for 5minutes, in a 1:1
<smoser> i guess i could work around with ssh -t bash, then byobu -d -r
<AndyGraybeal> is it possible for me to have 3 lvm volume groups on 1 physical volume?
<qman__> AndyGraybeal, maybe, but why? you can just use one volume group and create as many volumes in it as you want
<kirkland> smoser: i could also force a byobu- in front of your "dev" when you do byobu -S dev
<kirkland> smoser: but i felt that might be rude
<smoser> yeah, i was going to suggest that.
<smoser> it may or may not be all that rude
<smoser> screen -d -r 'dev'
<smoser> would still attach
<smoser> it does matching
<mathiaz> zul: hey!
<mathiaz> zul: what's the state of https://code.launchpad.net/~mathiaz/server-sru-tracker/visual-improvements/+merge/29329?
<kirkland> smoser: oh?  cool....
<kirkland> zul: mathiaz: morning guys
<mathiaz> kirkland: o/
<mathiaz> kirkland: how is the east coast doing?
<kirkland> mathiaz: it's very, um, liberal :-)
<mathiaz> kirkland: :)
<kirkland> mathiaz: :-)
<zul> hi kik
<smoser> i'm wrong, kirkland
<zul> kirkland even
<zul> mathiaz: once i get it unbroken ill let yo know :)
<smoser> it must match to the beginning only
<smoser> which means you could change your selection to match at the end.
<smoser> and always append .byobu
<smoser> so that select would show all byobu sessions (searching by appending .byobu)
<smoser> s/appending/ending/ ^
<AndyGraybeal> qman__: thankj you for the response, i just came to the same conclusion a second ago after reading more.
<smoser> bug 574910 is getting bad.
<uvirtbot> Launchpad bug 574910 in linux-ec2 "High load averages on Lucid while idling" [Undecided,In progress] https://launchpad.net/bugs/574910
<kirkland> smoser: sweet, that sounds perfect
<smoser> you should, of course, test my assertions.
<smoser> :)
<ttx> smoser, kirkland: about bug 574910, is it EC2-specific ? Or does it also affect UEC images / classic servers ?
<uvirtbot> Launchpad bug 574910 in linux-ec2 "High load averages on Lucid while idling" [Undecided,In progress] https://launchpad.net/bugs/574910
<smoser> i was just thinking that.
<smoser> i have no idea on non-ec2
<smoser> but there is suggestion that it might be larger. i have no data at all about non-ec2.
<kirkland> ttx: unfortunately in our testing, we don't generally leave uec-instances run for very long
<kirkland> ttx: "does it respond on ssh?  if yes: terminate;  if no: mark test failed"
<ttx> kirkland: could be good to compare some idle load
<ttx> I'm pretty sure it's EC2/linux-ec2 specific
<jiboumans> sounds like something we could integrate in our tests though
<ttx> That last comment may be orthogonal to the issue, but talks about VirtualBox
<Jinxed-> what is good to use for an ftp server with ubuntu?
<smoser> ttx, yeah, its becoming a metabug
<zatricky> Hey guys. Is there an easy way to figure out when last a disk was fsck'd?
<ttx> smoser: the "virtualization sucks" metabug ?
<smoser> but there is one other bug linked there about way-too-frequent wakeups that could cause such things.
<smoser> more "performance on lucid sucks" metabug
<kirkland> jiboumans: agreed;  we could run some long tests over the weekend, when the rig isn't doing anything else
<smoser> i've just started testing something here.
<smoser> I fired up A.) lucid image B.) lucid image with karmic kernel and ramdisk
<smoser> on each, I am running
<smoser> while : ; do read r < /proc/loadavg; echo "$(date): ${r}"; sleep 10 || break; done | tee log.txt
<smoser> the goal of whic his to see if simply swapping the kernel makes the loadavg reporting go away.
<Jinxed-> What can I use for a ftp server, apparently filezilla doesn't have the server for ubuntu
<ttx> I haven't seen clues to a general lucid issue. But it might indeed be a common issue that has more visible consequences in virtualized hosts
<jiboumans> zatricky: tune2fs can set that time, so it probably has a way to read it as well
<ttx> Jinxed-: vsftpd ?
<smoser> so far, the lucid kernel is definitely showing spikes.
<zatricky> thanks, jiboumans. looking into that, will post result
<Jinxed-> ttx, will give it a try
<Jinxed-> thanks
<ScottK> SpamapS: Thanks for looking into the php5 patches for Kolab.  Please let me know if there's anything I can do to help.
<jiboumans> zatricky: yeah, tune2fs -l /dev/xxx
<jiboumans> zatricky: Last checked:             Sat May 15 00:54:20 2010 # on one of my boxes
<zatricky> cool. Just got tune2fs -l /dev/sda1 | grep Last\ checked, gives a similar result
<zatricky> thanks, jiboumans
<jiboumans> my pleasure
<Jinxed-> what is a simple GUI based ftp server I could use
<RoyK> Jinxed-: gui????
<RoyK> a server isn't gui based
<RoyK> vsftpd is a good ftp server, though, and quite simple to configure
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<RoyK> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<RoyK> ebox can probably (or possibly) help you configure vsftpd
<Jinxed-> So if I get rid of pure-ftp and pure-ftp admin and get wsftp with ebox
<Jinxed-> the pure-ftp admin only had configuration for users etc
<Jinxed-> I want to know how I can connect with a filezilla client
<Jinxed-> and it doesn't seem to work
<RoyK> vsftpd, not ws
<Jinxed-> ok
<RoyK> vs = very secure [sic]
<RoyK> it's probably the most used ftp server on the planet, so I guess it's rather secure
<RoyK> Jinxed-: just public ftp, or private users as well?
<Jinxed-> RoyK, I just want to have ftp on a private network that would allow for both public and private users
<RoyK> ok
<RoyK> out of curiosity, why use ftp on a private network?
<Jinxed-> eh... RoyK there are alot of different options for ebox
<RoyK> why not cifs or nfs?
<RoyK> Jinxed-: it's probably just as easy to configure vsftpd in the config file
<Jinxed-> 1.) I don't know what those are. 2.) I like ftp :)
<RoyK> Jinxed-: are the PCs on linux or windows?
<RoyK> or mac
<Jinxed-> linux/windows
<RoyK> for the windows machines, run samba - that'll work with linux as well
<RoyK> just install samba, configure the shares in /etc/samba/smb.conf and you're done
<Jinxed-> shares suck
<RoyK> why?
<Jinxed-> Im locked out 70% of the time
<RoyK> that shouldn't happen
<RoyK> we're running samba on a 200 user network - it works
<RoyK> for the linux machines, you might want NFS, but then, SMB/CIFS works with linux as well
<Jinxed-> yeah... it seems to work well when i use ip addresses
<Jinxed-> but not when I use the network name
<RoyK> do you have a windows server in there as well?
<Jinxed-> nope
<Jinxed-> Im just running
<Jinxed-> ubuntu (desktop edition)
<RoyK> ok, setup samba as a windows NT domain controller and it'll just work
<Jinxed-> ehhh how would i do that
<Jinxed-> :)
<RoyK> http://tinyurl.com/34fpthl
<pmatulis> he he
<Jinxed-> not very nice
<harrison> How do I install a printer via the command line?
<Jinxed-> :?
<Jinxed-> ask roy -> lmgtfy -> " How do I install a printer via the command line"
<RoyK> :)
<RoyK> harrison: I think that's covered in the CUPS docs, though I haven't done it for years
<harrison> Where would I find the CUPS docs?
<pmatulis> lmgtfy
<pmatulis> not
<ivoks> zul: do you have any idea how to solve that thing with bacula?
<ivoks> zul: predepend is what we want, but not going to do it :)
<zul> ivoks: no idea but that predepends is what i really want to do :)
<ivoks> me too
<zul> sooooo.....whats stoping us? :)
<ivoks> i doubt that someone will like that solution :)
<RoyK> harrison: this was the first hit from google http://www.linuxquestions.org/linux/answers/Networking/Setting_Up_a_Network_Printer_using_CUPS
<ivoks> network printer?
<harrison> yes
<ivoks> it's really easy
<RoyK> smb or ipp?
<ivoks> you need to change two lines in one file
<harrison> The diference?
<ivoks> in /etc/cups/cupsd.conf
<ivoks> Listen localhost:631
<ivoks> to:
<ivoks> Listen 631
<ivoks> Browsing Off
<ivoks> to:
<ivoks> Browing On
<ivoks> restart cups and that's it
<ivoks> Browsing, obviously
<ivoks> on all other mac and linux machines, printer will automagicaly apear by it self
<ivoks> no drivers, no configuring, nothing
<harrison> What is the diference betwean SMB (samba) and IPP?
<ivoks> on windows, you'll need to add them manualy
<harrison> okay.
<ivoks> IPP is printing protocol, SMB is file sharing
<ivoks> and can be misused for printing :)
<harrison> i.e exploited?
<ivoks> but whoever tells you that SMB printer is on server, he doesn't understand meaning of the expression printer server
<ivoks> harrison: no, windows use SMB for printing
<RoyK> harrison: not really, it works that way too. also, samba can be used to distribute printer drivers
<harrison> If I have Samba installed do I need anything else?
<RoyK> ivoks: a windoze or samba server can be setup as a spooler, but not really a print server
<ivoks> RoyK: right, clients do the processing
<RoyK> yeah
<RoyK> harrison: just setup a cups printer and configure samba to use that, sharing it with a samba share
<ivoks> he can use ipp on windows too
<ivoks> no need for samba
<ivoks> and to complicated
<ivoks> too
<RoyK> imho it's easier for windoze users to browse printers with smb
<RoyK> I don't think you can add IPP printers from a login script either
<RoyK> when in rome ...
<smoser> ccheney, ping
<smoser> or maybe kirkland or Daviey can help. i think i need to install a maverick uec.
<smoser> and am interested in the automation goodness.
<ivoks> zul: the only problem is...
<ivoks> zul: bacula doesn't really depend on local mysql/pgsql server :D
<zul> yeah i know..
<zul> stupd dbconfig
<ivoks> it's not dbconfig's fault
<ivoks> it's apt
<harrison> in ubuntu desktop, I have to go to system -> admin -> printing and configure the printer there, in ubuntu server is it audo detected?
<RoyK> harrison: no, you'll need to add it manually to cups
<ivoks> harrison: it's http://localhost:631
<harrison> how?
<harrison> Whats at http://localhost:631?
<RoyK> cups config
<harrison> Ahh
<harrison> if my server is at the url kylenet.dyndns.org should I subsitute localhost for the url?
<ivoks> if you replaces localhost:631 with 631 in cupsd.conf, then yes
<ivoks> replaced
<harrison> i did
<RoyK> and restarted cups?
<ivoks> well, if you are accessing from non-localhost machines
<ivoks> you'll have to allow access
<harrison> *slaps head* I forgot to restart CUPS!
<harrison> How do I do that?
<ivoks> service cups restart
<harrison> okay
<harrison> just to tell you add sudo to that command.
<harrison> still didn't work?
<harrison> *.
<ivoks> of course you'll restart services as root
<ivoks> i don't find it neccessery to tell you that
<harrison> good thing I read error meseges.
<RoyK> I just tried 'allow from 81.191.180.x' (my IP) where order deny allow was set, still can't access it.....
<harrison> How do I allow access?
<harrison> What part of /etc/cups/cupsd.conf do I add my desktop to?
<ivoks> RoyK: try Deny from none
<ivoks> harrison: just add ServerAlias *
<ivoks> harrison: at the end of the file
<harrison> it did something now I get the error 403 fobidin.
<harrison> *somewhere
<ivoks> add Allow from all
<harrison> Where?
<ivoks> to each <Location>
<ivoks> there are only 3 of them
<harrison> do I deleat the deny part?
<ivoks> you have a deny part?
<harrison> <Location /> Order allow,deny
<harrison> </Location>
<harrison> that is a copy past
<harrison> *paste
<ivoks> that's ordering
<harrison> of /etc/cups/cupsd.conf
<ivoks> don't delete it
<ivoks> have you ever configured apache?
<harrison> Not realy.
<RoyK> order allow,deny shouldn't deny anything access unless it's explicitly denied
<ivoks> RoyK: i'm not sure what defaults are
<RoyK> ivoks: order allow,deny will allow anything that's not explicitly denied
<ivoks> RoyK: maybe, if unspecified, deny is always from all
<RoyK> order deny,allow is used when you want to restrict access
<ivoks> RoyK: and allow is from localhost
<RoyK> I've only used Apache for 10 years or so, but I'm quite positive order allow,deny allows everything
<RoyK> seems they have done something 'smart' in there
<ivoks> RoyK: true, but for apache, if i don't specify anything, i want it to be available to everyone
<ivoks> RoyK: in cups, if i don't specify anything, i want it to be forbidden for everyone :)
<RoyK> sure, but then, order deny,allow should be the one used
<ivoks> RoyK: order allow,deny is just ordering
<ivoks> RoyK: what's important is what's allowed and what's denied
<ivoks> RoyK: and this could be different, by default, for cups
<RoyK> that's what I'm trying to say...
<ivoks> RoyK: in apache, default deny is none, and allow is all
<ivoks> RoyK: it could be that for cups, default is deny all, allow localhost
<ivoks> but i'm just guessing
<RoyK> that doesn't make sense - there's no default deny or allow AFAIK, just the order
<RoyK> order deny,allow says 'everything is denied unless explicitly allowed'
<harrison> I still want to know where to put allow from all. ;)
<ivoks> under location
<ivoks> i've told you that already
<ivoks> don't delete anything, just add
<harrison> above the alow deny?
<harrison> or below?
<harrison> does it matter?
<ivoks> no
<harrison> okay
<harrison> IT WORKS!
<harrison> Thank you ivoks and RoyK that helped a lot.
<trapmax> i'm trying to create an lvm-snapshot. my machine just gets stuck there. here's the kern.log http://pastebin.com/KUzVGZSQ
<RoyK> trapmax: looks bad
<RoyK> like a deadlock between lvm and ext4? is that possible?
<ttx> Daviey: are you on top of hggdh-detected UEC maverick regressions ?
<smoser> ccheney, ping
<zul> mathiaz: can you upload the fix for openldap to maverick as well?
<sommer> zul: I was looking at creating an apport hook for spamassassin, and the spec mentions to collect email headers... just wondering how to go about that?
<zul> sommer: im not sure...i didnt get that far :)
<sommer> okay, I'll do some figurin, heh
<mathiaz> zul: the openldap fix is not needed in maverick
<zul> mathiaz: k thanks
<ttx> Daviey: around ?
<kirkland> ivoks: howdy
<kirkland> ivoks: are you around?
<ivoks> kirkland: yes
<ivoks> kirkland: howdy :)
<ccheney> smoser, hello whats up?
<ccheney> smoser, i'm off today sick, fever keeps rising and is 102f so far, going in to the doctor once my father in law can take me
<smoser> was wanting maverick uec install scripts
<ccheney> smoser, its in the archive
<smoser> rock on.
<kirkland> ivoks: hey, i think mrjazzcat and hallyn
<smoser> so apt-get install uec-provisioning-*
<smoser> ?
<ccheney> yes
<ccheney> smoser, the dhcp part isn't done yet so do the dd-wrt method
<ivoks> kirkland: mrjazzcat left couple of minutes ago
<hallyn> kirkland: did you mean to finish that sentence?
<ivoks> :)
<hallyn> i'm here fwiw
<kirkland> ivoks: hallyn: sorry ... we wanted to get a chat together :-)  let me track down mrjazzcat
<smoser> kirkland, ccheney so is that availalbe anywhere for lucid ?
<smoser> i've 3 boxes : stable lucid, 2 for cloud. would like to run install server on lucid.
<AndyGraybeal> in fstab, the last two numbers in the lines, what does this mean?  i seem them being 0, 1, and 2.
<AndyGraybeal> i found it on the web, nevermind
<ccheney> smoser, not yet, i think it will probably work if force installed on lucid
<ccheney> smoser, or locally rebuild with s/maverick/lucid/
<smoser> gracias
 * ccheney bbl, going to try to make it to the doctor now
<ccheney> interesting my fever has dropped a full degree in the past hour
 * ccheney wonders wtf is going on
<hallyn> you forgot to stick the thermometer back in the boiling water :)
<picard1421> hey i had a question about the enterprise cloud... is it possible to install Windows OS's as part of the cloud or are you limited to Linux Distros?
<thesheff17> windows installs fine
<thesheff17> at least windows xp
<RoyK> picard1421: most windows OSes will install nicely
<RoyK> even win311 on DOS should work
<picard1421> the other question i had about cloud computing in general.. ... How "realisitic is it" i mean that in the sense.. if i have thinclients around the office.. how responsive will Installs be ETC?
<thesheff17> picard1421 what kind of thin clients
<thesheff17> picard1421 I have had people RDP into a virtual windows xp machine with no problem...they have no clue it is running a virtual machine
<RoyK> picard1421: on a gigabit or even 100mbps lan, you won't notice much
<picard1421> well it would be over LAN.. in the sense people would obviously on that note not know what is going on etc...
<picard1421> but what about (in theory) gaming..
<picard1421> i know the server could handle hte graphics and the processing.. but how about the "screen" transfer over the LAN
<picard1421> i have also seen products like DVI over Ethernet
<thesheff17> I don't think any good games work over any thin clients
<picard1421> are those even worth it.. or is the LAN enough?
<RoyK> gaming from a thin client isn't what you want
<RoyK> office apps will work well
<thesheff17> you will never get the same performance on video with cloud/thinclient then you will directly connected to the monitor
<android60> I have a small home server mainly for file storage, should I keep the ubuntu os on a separate drive?
<trappist> I have a rack app listening on port 8000.  after running for some time and handling a lot of traffic with no problem, suddenly port 8000 was responsive only to a small percentage of traffic...
<trappist> even nmap showed it as filtered, and even from the local machine.  restarting the app didn't help, but rebooting the server did, so I'm thinking something in the kernel
<trappist> there were no iptables rules - what else could it be?
<trappist> I have 7 other servers in the same situation, and I'd rather figure out the actual problem than just reboot them all and wait for it to happen again
<zul> sommer: i queued up your apport hook for openldap the next upload
<smoser> hallyn, ping
<sommer> zul: nice, thanks dude
<zul> sommer: i just changed the refrences from ssh to slapd :)
<sommer> oh, woops missed that one, heh
<hggdh> Daviey: feeling adventurous?
<alex88> hi guys, i'm trying to use apache with chroot, but i haven't get it working in hours..
<alex88> i'm on ubuntu 10.04, so, installed libapache2-mod-chroot, enable, restarted apache, and still on vhosts it says that the directory not exists, i've set relative the chroot..is it right?
<ivoks> alex88: have you enabled the module?
<ivoks> oh, you did
<ivoks> alex88: did you set ChrootDir in config?
<alex88> ivoks: yes, and on start it says that document root not exist, using absolute path outside chroot works (just the start)
<alex88> ivoks: yes, just under the pidfile, also linked
<skydrome> how can i make 'pgrep apache2' return only 1 pid? instead of all of them?
<ivoks> alex88: 'also linked'?
<alex88> ivoks: yup, i'm searching the how-to i've followed
<ivoks> alex88: what's your chrootdir?
<alex88> /var/www
<ivoks> and DocumentRoot?
<alex88> well, i want something like /var/www/domain.com /var/www/domain2.com etc
<alex88> so in virtualhost config i've set domain.com
<ivoks>  /domain.com
<alex88> yes sorry
<ivoks> ok
<alex88> domain.com looks in /etc/apache
<ivoks> set it as /domain.com
<alex88> it is
<alex88> let me see, un second
<ivoks> you've linked pid file and logs directory?
<alex88> i'll check again
<alex88> i've set logs inside user dir
<ivoks> k
<alex88> well, is /domain.com/www the documentroot and /domain.com/log the logs
<andreserl> ttx, ping
<alex88> ivoks: so, i've restored backup, now it has default virtualhost with fcgid for php
<alex88> http://www.alexnetwork.it/
<alex88> now, installing libapache2-mod-chroot
<ivoks> 2.6.18-028stab067.4-ent
<ivoks> ?
<ivoks> that's not ubuntu :D
<alex88> vps :)
<alex88> ubuntu 10.04, trust me
<ivoks> i know, i know
<alex88> btw, installed, enabled
<alex88> restart fine, site still works
<ivoks> add chrootdir
<ivoks> ChrootDir /var/www
<ivoks> stop apache
<alex88> edit /etc/apache2/apache2.conf under PidFile ${APACHE_PID_FILE} added that line
<ivoks> fix pid file
<alex88> mkdir -p /var/www/var/run  chown -R root.root /var/www/var/run ln -s /var/www/var/run/apache2.pid /var/run/apache2.pid ?
<ivoks> yes
<alex88> done, start?
<ivoks> yes
<alex88> done, start with no errors (strange, it has to say /var/www/ not exists)
<alex88> http://www.alexnetwork.it/ connection closed
<alex88> btw i've done chown -R root:root not root.root
<ivoks> and what's in error.log?
<alex88> now i have to set document root of 000-default as / right?
<ivoks> yes
<alex88> http://pastebin.com/tWkKu8G3 something like this would be fine?
<ivoks> yes
<ivoks> but your apache isn't working
<ivoks> at all
<ivoks> check error.log
<alex88> oh..errors on fcgid
<alex88> i'll dismod for the moment
<memoen> does anyone know what service takes care of logs?
<memoen> because I have no message logs or boot logs
<alex88> memoen: syslog
<memoen> thanks alex88 :)
<alex88> memoen: np
<alex88> ivoks: (2)No such file or directory: could not open mime types config file /etc/mime.types
<alex88> No such file or directory: Couldn't bind unix domain socket /var/run/apache2/cgisock.24464
<ivoks> fcgi and chroot need additional fixing
<ivoks> paths are different
<alex88> this is after disabling fcgid
<ivoks> disable fcgid
<ivoks> /var/run/apache2/cgisock.24464
<alex88> already done and restarted, those are message for next start
<ivoks> that stinks like fcgid
<ivoks> or cgi
<alex88> removed cgid
<alex88> http://pastebin.com/uCiagyaX
<ivoks> stop apache
<ivoks> check if apache process is running
<alex88> ps -A | grep apache nothing, also netstat -tapn nothing
<alex88> should /var/www be www-data owned?
<ivoks> nope, that's irrelevant
<ivoks> put LogLevel debug to config
<alex88> http://pastebin.com/aGhkNyNa
<matt_keys> I'm trying to set up pub key auth. I've done this hundreds of times before but never seen this. I created the pair (no password) w/ssh-keygen, then ssh-copy-id to the host i'm trying to connect to. all looks fine but when i try to use the identity file it asks for a password
<matt_keys> anybody know what the deal is?
<alex88> not much more
<alex88> matt_keys: need to change sshd config to no accept password?
<ivoks> alex88: don't know... it should work
<alex88> ivoks: damn..
<alex88> ivoks: thank you for your time
<ivoks> np
<matt_keys> alex88: RSAAuthentication yes and PubkeyAuthentication yes, AuthorizedKeysFile is commented (defaults)
<aaditya> What's a reasonable amount of swap on a high-usage production server with 16GB RAM?
<zul> whee openldap is fun
<matt_keys> aaditya: depends on what you're running on it
<alex88> ivoks: i'm asking on https, hope thay can help
<matt_keys> aaditya : oracle, for example, has requirements for swap sizing
<matt_keys> aaditya : old rule of thumb was 2x RAM. with 16gb ram I wouldn't do that though... 2048mb tops
<binBASH> re
<uvirtbot> New bug: #611005 in antlr3 (main) "Merge antlr3 3.2-3 (main) from Debian unstable (main)" [Undecided,New] https://launchpad.net/bugs/611005
<alex88> ivoks: you there?
<ivoks> alex88: yes
<alex88> ivoks: from 2.2.10 you don't need mod_chroot, everything works without mod, just add chrootdir to config.. -.-'
<ivoks> :)
<MagicFab> New question on Shapado: What's the most well-integrated monitoring solution on Ubuntu: Zenoss, Zabbix or Cacti(+nagios)?
<alex88> now i just need to found the libcc file cause it says "libgcc_s.so.1 must be installed for pthread_cancel to work"
<MagicFab> http://ubuntu.shapado.com/questions/what-s-the-most-well-integrated-monitoring-solution-on-ubuntu-zenoss-zabbix-or-cacti-+nagios
<alex88> how to find a file? O.o
<ivoks> apt-file search
<ivoks> it's libgcc1
<ivoks> that should be installed by default :)
<alex88> it is, but maybe under chroot it can't find it
<ivoks> or... more likly, it doesn't work with fcgi
<alex88> it's disabled
<alex88> now it's normal apache
<alex88> mpm_worker
<ivoks> hm
<ivoks> try prefork
<alex88> too slow for me, i'll try to leave it as is
<alex88> now is time for suexec :)
<aaditya> mattt: fair enough. So I believe it's safe to say that swap should never exceed 2GB.
<aaditya> matt_keys is gone, nevermind.
<ivoks> alex88: so
<ivoks> alex88: if chroot is now supported by apache itself
<ivoks> alex88: you don't need to fix pid file
<ivoks> alex88: remove the link
<kirkland> hallyn: how long does it take to build the eucalyptus liveiso/
<kirkland> ?
<alex88> ivoks: wait, i've added /var/www/alexnetwork/www/
<alex88> DocumentRoot [/alexnetwork/www] does not exist
<alex88> i've serious doubts about it, but apache will give errors if chrootdir option in config is rejected
<alex88> don't know what to think
<alex88> and now says "SuexecUserGroup directive requires SUEXEC wrapper."
<ivoks> that's worker, right?
<alex88> ivoks: true
<ivoks> i think this is broken
<alex88> okok, now it works..but it still says that my docroot isnt' there
<alex88> now alexnetwork.it says forbidden
<ivoks> apache is running?
<ivoks> [Wed Jul 28 21:28:53 2010] [notice] child pid 23581 exit signal Aborted (6)
<ivoks> libgcc_s.so.1 must be installed for pthread_cancel to work
<ivoks> this is bad
<alex88> yes it's running
<zul> mathiaz: ping nssov seems to be broken with a newer gcc
<alex88> ivoks: mod_fcgid: call /alexnetwork/www/index.php with wrapper /var/www/alexnetwork/php-cgi
<alex88> suexec policy violation: see suexec log for more details
<alex88> Exec format error: exec failed (php-cgi)
<ivoks> i got it working with worker
<ivoks> plain, default apache install
<ivoks> and just this in /etc/apache2/conf.d/chroot:
<ivoks> LoadFile /lib/libgcc_s.so.1
<ivoks> ChrootDir /var/www
<ivoks> edited /etc/apache2/sites-available/default
<ivoks> so that DocumentRoot points to /
<ivoks> that's it.
<alex88> sure? let me try to add LoadFile /lib/libgcc_s.so.1
<ivoks> i'm sure :)
<hallyn> kirkland: the eucalytpus liveiso took prolly 20-30 mins
<hallyn> i couldn't do it in tmpfs (at 4G it called itself full)
<alex88> ok working...
<hallyn> which slowed it down :)
<alex88> now, last thing i hope...
<alex88> /bin/sh: Can't open php-cgi
<alex88> the php-cgi is in the fcgid wrapper
<ivoks> that's something else now
<ivoks> you have working chrooted apache
<ivoks> you'll have a hard time making fcgi working with chrooted apache
<alex88> maybe it's because /usr/bin/php-cgi is unaccessible inside the chroot
<ivoks> cause apache conects on request
<ivoks> exactlly
<kirkland> hallyn: what's the URL to that again?
<ivoks> but... that's it from me for today
<ivoks> good night
<kirkland> hallyn: i think smoser might want to take a look at it
<alex88> ivoks: good night, thanks for your time
<hallyn> kirkland: people.canonical.com/~serge/binary.iso.lzma
<kirkland> smoser: ^
<smoser> what is this
<hallyn> really the lzma was worthless here :)  shaved 8M off
<kirkland> smoser: maverick live ISO with euca-everything installed
<kirkland> hallyn: yeah, i meant to tell you that
<smoser> well, id ont particularly want that. iw anted an insall to work :)
<hallyn> smoser: then stop breaking them
<hallyn> duh
<kirkland> smoser: will probably need daviey to help sort that out
<Jinxed-> How do I add a static route to something to an interface where vlan trunking is enabled
<smoser> bloody wonderful.
<hallyn> is that a subtle dig at our brittish companion?
<hallyn> kirkland: have you run into any real problems yet?
<kirkland> hallyn: well, it's not working yet, but i don't think it's due to image creation
<kirkland> hallyn: it's probably just euca-2.0 borkage
<kirkland> hallyn: but i need Daviey to confirm or deny that
<kirkland> hallyn: as far as I'm concerned, it's looking okay;  can you drop the live-helper command you used into the blueprint?
<hallyn> kirkland: yup
<kirkland> hallyn: thanks, i'm going to leave it for now;  i've verified all the bits are there, and the cloud controller is listening
<kirkland> hallyn: its friends eucalyptus-* are not yet registered and working
<kirkland> hallyn: i'll drop an email to you and dave
<hallyn> kthx
<kirkland> hallyn: would you mind lzma -d'ing that image, and renaming it to:  maverick-uec-amd64.iso
<kirkland> hallyn: just post me the updated url when you're done
<tyska> hello im having problems with CUPS Server, i cant auth and print, can someone help pme
<tyska> ?
<RudyValencia> I changed the network card in my server and the new card isn't eth0, how do I fix it?
<hallyn> kirkland: http://people.canonical.com/~serge/maverick-uec-amd64.iso
<kirkland> hallyn: thanks!
<Jinxed-> how would you add a static route with virtual interfaces
<hallyn> Jinxed-: well, you can 'route add -dev'
<hallyn> 'route add -net 10.0.2.0/24 -dev veth3' might work
<Jinxed-> i have tried this
<Jinxed-> http://pastebin.ca/1910363
<Jinxed-> i first added the up route add
<Jinxed-> that didn't work
<Jinxed-> then i tried making every virtual interfaces default gateway
<Jinxed-> what i wanted the static route to be
<Jinxed-> but that didn't work
<mathiaz> zul: you may wanna check with upstream then
<mathiaz> zul: file an ITS - they should be able to help out
<thesheff17> does anyone use vmbuilder here?  I create two instances then reboot the whole server and the first instance won't start.
<smoser> so in theory i can install this iso ?
<smoser> hallyn, kirkland
<hallyn> smoser: i suppose - i don't know if there is some 'installer' package i should ahve installed to do that
<hallyn> it's intended just as a live demo aiui
<hallyn> smoser: you should be able to just boot an ec2 node off of it though
<hallyn> presumably...
<hggdh> anyone with eucalyptus installed? If so, please confirm bug 610987 -- I will then set it to High
<uvirtbot> Launchpad bug 610987 in eucalyptus "euca-describe-availability-zones verbose incorrect output" [Undecided,New] https://launchpad.net/bugs/610987
<papertigers> does eucalyptus do kvm failover?
<failover> dunno
<hggdh> no
<papertigers> failover: haha not directed to you
<failover> :)
<papertigers> anyone else running KVM?
<thesheff17> papertigers I am
<papertigers> thesheff17: whats your setup like?
<thesheff17> papertigers it isn't that advanced....I run standalone KVM machines
<thesheff17> and slowely moving to eucalyptus
<papertigers> I want to set up eucalyptus too, I never used it before
<thesheff17> it is pretty straight forward with ubuntu 10.04
<papertigers> thesheff17: I would love to set it up
<papertigers> thesheff17: currently I have a quadcore box with 8g of ram running 3-5 vms
<thesheff17> papertigers: I have the similar setup
<thesheff17> papertigers: how do you install your virtual machines? virt-install?
<thesheff17> papertigers: what I really want to be able to do is put a SAN behind everything and run eucalyptus and use vmbuilder
<_Techie_> i need  help setting up postfix, port 25 is blocked by my ISP by default... i will request to have it unblocked at a later date... i just wish to be able to recieve mail at the moment
<_Techie_> i also have webmin as i am unable to get ssh out from my current location
<thesheff17> Techie it sounds like most of the outgoing ports are blocked.
<papertigers> thesheff17: I usually install via virt-manager
<thesheff17> papertigers: I have been using vmbuilder which can build virtual machines very quickly but I'm having some problems.
<papertigers> thesheff17: currently I have a 5.4TB raid6 shared over nfs that is trunk linked via gigabit to the kvm server, and I store all of their drives on there
<thesheff17> papertigers: so are the mounted NFS actually running the virtual machines?
<papertigers> yeah basically, they all point to something like /mnt/vmimages/dnsserver.img
<thesheff17> papertigers: have you tried virt-migrate?
<papertigers> yeah virsh migrate --live?
<papertigers> that one
<_Techie_> also, how can i redirect a virtualdomain in apache to another ip in my network, eg linksys.domain.com to get my main router and dynalink.domain.com to get my wireless repeater?
<thesheff17> papertigers: does it work good?  I have never got it to work...I think it is because I never had one central storage device.
<papertigers> thesheff17: yeah it works, you need a central storage like I have setup
<hallyn> kirkland: btw, did i ever mention that the ttylinux iso is under /srv in that liveimage?
<hallyn> (or, should be)
<kirkland> hallyn: cool, i didn't get that orginally, but thanks
<hallyn> kirkland: all right, lp:~serge-hallyn/live-helper/uec
<lowridah> _Techie_:  you can put redirect directives inside the <VirtualHost> directive
<_Techie_> lowridah: can you please provide an example?
<lowridah> <VirtualHost myRouter> RedirectPermanent / routerIP </Virtualhost> (3 lines though)
<_Techie_> lowridah: and last of all, what config file is this in?
<mathiaz> smoser: hey
<mathiaz> smoser: reading your blog post about ssh keys on EC2
<mathiaz> smoser: is there a way to automate all of that?
<mathiaz> smoser: could this part of the xc2-init project (whatever the name is)?
<_Techie_> lowridah: i couldnt seem to get it working, i added the lines into the default sites config, and then when i loaded it in webmin it reported an invalind address and wouldnt load the virtualserver
<lowridah> well then create a new blank site in apache
<lowridah> make sure you have mod_rewrite enabled
<lowridah> then create an .htaccess in each blank site you need to redirect to your router/etc
<lowridah> that should have been in your sites-available sites
<lowridah> the previous example
<hallyn> zul: the # of failed mysql install/upgrade bug reports is kind of impressive.  Do you happen to know if they are always due to pre-existing configuration file being misplaced, or if there is a real bug?
<hallyn> (seems like every week i see at least one or two)
<mathiaz> hallyn: the main problem with mysql upgrade is that the init script uses a specific user (debian-sys-maintainer IIRC) to connect to the database and shut it down
<mathiaz> hallyn: however if you take a snapshot of another mysql server and load it in your machine, either the debian-sys-maint doesn't exist
<hallyn> mathiaz: hm.  the two bugs i was just seeing today were an apparently-known bug about old_passwords.cnf not existing
<mathiaz> hallyn: or its password is different
<mathiaz> hallyn: which leads to upgrade failure
<hallyn> all just seems so fragile :)
<mathiaz> hallyn: yes - the mysql package is fragile on upgrade
<mathiaz> hallyn: which leads to tons of bugs :/
<hallyn> and there's nothing really to be done about it?
<hallyn> without fixing zul and a team of ninjas on it of course
<mathiaz> hallyn: hm - not really
<mathiaz> hallyn: https://wiki.ubuntu.com/DebuggingMySQL
<mathiaz> hallyn: ^^ has some help in debugging things
<hallyn> thanks, i'll look at that
<mathiaz> hallyn: mainly the standard reply that will ask for more information
<hallyn> (i imagine i'll be seeing more :)
<mathiaz> hallyn: part of the reporter won't provide the information, so we'll close the bug in a few weeks
<mathiaz> hallyn: and the rest will provide the daemon.log file that should have the actual error message
<hallyn> mathiaz: yeah, i've seen several bugs about non-standard install in the past weeks.  not today though
<mathiaz> hallyn: so in terms of first-list triager the standard reply is usually enough
<hallyn> anyway, figuring those out isn't particularly hard, i was just hoping we could do more than say 'yup, confirmed'
<mathiaz> hallyn: starting from lucid there should be apport hook to provide that information though
<mathiaz> hallyn: well - there can be multiple causes for an upgrade failure
<hallyn> heh, then maybe we can have a hook to not report a bug, but just auto-fix it :)
<mathiaz> hallyn: :)
<mathiaz> hallyn: usually the error message is about mysql not being able to be stopped or started at some point during the package upgrade
<mathiaz> hallyn: however there can be multiple reasons for this failure
<mathiaz> hallyn: so marking 'yup, confirmed' is not enough if there is only the dpkg terminal log
<mathiaz> hallyn: looking at daemon.log is necessary to figure out the *actual* error message
<hallyn> mathiaz: right, the ones i saw in the past have *mostly* been bc of apparmor as i recall
#ubuntu-server 2010-07-29
<MagicFab> These are good news: http://en.community.dell.com/dell-blogs/enterprise/b/tech-center/archive/2010/07/27/dell-openmanage-6-3-for-ubuntu.aspx
<arrrghhh> anyone use rtorrent here?  i'm having issues with the watch directory feature & pausing/temporarily stopping torrents...
<smoser> mathiaz, actually most of that is in uec-run-instances, which SpamapS worked on recently. it definitely needs some work, but it is there.
<smoser> its also, i tihnk, sort of part of mr.awsome
<raubvogel> Trying to learn how to create a private package repository: which directories does reprepro needs and what do they do (my google-fu has only found how-tos, but not whys)
<arrrghhh> *cough*
<uvirtbot> New bug: #611101 in mysql-dfsg-5.1 (main) "upstart config does not sleep between pings" [Undecided,New] https://launchpad.net/bugs/611101
<uvirtbot> New bug: #611102 in mysql-dfsg-5.1 (main) "mysqld does not start due to typo in upstart config" [Undecided,New] https://launchpad.net/bugs/611102
<RoAkSoAx> exit
<zul> im broken?
<jeeves_Moss> how can I force a 6.4LTS server to do a dist upgrade?  I've tried "apt-get dist-update" and it claims there is no updates
<arrrghhh> 6.04 isn't supported is it?
<arrrghhh> do-release-upgrade
<jeeves_Moss> arrrghhh, I had to install 6.04 in order to get these IBM x335 boxes to play nice with Ubuntu
<arrrghhh> are you sure it's a good idea to upgrade them then?  lol
<jeeves_Moss> arrrghhh, they're fresh installs, so if it tanks, I'll just reinstall
<arrrghhh> there's emergency broacast boxes that run redhat distro's from 1996 becuase it works.
<jeeves_Moss> arrrghhh, what's the syntax I need?
<arrrghhh> if it works, it works.
<arrrghhh> "sudo do-release-upgrade" what do you mean?
<jeeves_Moss> arrrghhh, that's what I needed to know.  I was trying "sudo apt-get do-release-upgrade" and it wasn't working.  LOL
<arrrghhh> oh... crap.  sorry haha.
<jeeves_Moss> arrrghhh, your syntax didn't work.  it just line feeds
<arrrghhh> hrm...
<arrrghhh> maybe that was an advent with 8.04
<jeeves_Moss> other ideas?
<arrrghhh> aptitude?
<arrrghhh> aptitude safe-upgrade i think
<jeeves_Moss> nana
<jeeves_Moss> *nada
<arrrghhh> http://www.ubuntu.com/desktop/get-ubuntu/upgrade
<arrrghhh> go to the "network upgrade for ubuntu servers" section
<jeeves_Moss> arrrghhh, that's desktop
<arrrghhh> c'mon now!
<arrrghhh> i know it says 8.04 -> 10.04
<jeeves_Moss> yep
<arrrghhh> but do it
<arrrghhh> apt-get install update-manager-core
<arrrghhh> edit /ect/update-manager/release-upgrades and set prompt=lts
<arrrghhh> or to =normal, whatever
<arrrghhh> and sudo do-release-upgrade --devel-release
<jeeves_Moss> sudo apt-get install update-manager-core
<jeeves_Moss> sudo do-release-upgrade
<arrrghhh> i was going to keep you in LTS trains
<arrrghhh> but whatever mang
<arrrghhh> it's all there in that doc!
<jeeves_Moss> thanks
<jeeves_Moss> ...and off to hardy we go
<arrrghhh> have fun
<lfaraone> If you don't have plymouth installed, does "splash" in the kernel parameter do antyhing?
<imyousuf> Hi
<imyousuf> I am facing some problem regarding discovering nodes in eucalyptus http://paste.ubuntu.com/470196/
<imyousuf> When it is discovering a node it is identifying with its inet6 address and not the inet4 address
<imyousuf> can someone please help resolve this issue
<Adman65> i am using the ec2 image, i added a new user via adduser, except I can't connect as that user using its password. Do I have to pass in a pem file when I ssh ?
<SpamapS> Adman65: its likely that password auth is just turned off for the EC2 images.
<smoser> Daviey, awake ?
<smoser> Adman65, password auth in ssh is disabled in ec2 images.
<smoser> to "fix":
<smoser> sed -i "s/#PasswordAuthentication/PasswordAuthentication/" /etc/ssh/sshd_config
<smoser> sudo sed -i "s/#PasswordAuthentication/PasswordAuthentication/" /etc/ssh/sshd_config
<smoser> sudo restart ssh
<imyousuf> I am facing some problem regarding discovering nodes in eucalyptus (UEC) http://paste.ubuntu.com/470196/
<imyousuf> When it is discovering a node it is identifying with its inet6 address and not the inet4 address
<twb> Do you actually use ipv6 at all?
<twb> If not, suggest turning it off at the boot prompt
<imyousuf> twb: nope
<imyousuf> twb: by boot prompt do you mean bios?
<twb> No, I mean in your bootloader: grub or pxelinux or whatever
<imyousuf> ok, I am using grub, can you plz give me a pointer to how I might go about achieving it twb?
<twb> grub2 or grub legacy
<imyousuf> twb:  the one provided with Lucid Lynx
<twb> In /etc/default/grub add ipv6.disable=1 to GRUB_CMDLINE_LINUX_DEFAULT and run "update-grub"
<imyousuf> twb: currently the value is GRUB_CMDLINE_LINUX_DEFAULT="quiet" changing it to GRUB_CMDLINE_LINUX_DEFAULT="quiet ipv6.disable=1" and running update-grub
<ttx> RoAkSoAx: pong
<RoAkSoAx> ttx: I attached a debdiff for rhcs
<RoAkSoAx> bug #600984
<uvirtbot> Launchpad bug 600984 in redhat-cluster "redhat-cluster-suite fails to build from source in maverick" [High,Confirmed] https://launchpad.net/bugs/600984
<ttx> RoAkSoAx: ok
<Daviey> smoser, o/
<smoser> hey
<smoser> que pasa senor?
<Daviey> smoser, oh joy, about ftbfs
<smoser> i've a merge for you to look at for eucalyptus.
<smoser> yeah
<smoser> once it bfs, i have some changes that i need.
<smoser> they'rre not well tested, thoguh, as i can't install
<smoser> :)
<smoser> but fairly well tested given that slight difficulty
<Daviey> HAH
<eagles0513875> i need some serious help
<eagles0513875> for some reason my server seems to be stuck in an infinite loop
<eagles0513875> it boots up gets to the login then shuts down and restarts
<smoser> if you care to review, Daviey https://code.launchpad.net/~smoser/ubuntu/maverick/eucalyptus/maverick.bug611144/+merge/31249
<Daviey> smoser, visually, it looks sane
<smoser> well, it builds.
<Daviey> smoser, in lucid or maverick?
<smoser> in maverick
<smoser> i hand installed the libjibx into an otherwise clean schroot
<smoser> the dpkg-buildpackage
<Daviey> ahh
<Daviey> sweet :)
<uvirtbot> New bug: #611177 in samba (main) "samba as pdc, w2k3 as memberserver, winxp domainclients" [Undecided,New] https://launchpad.net/bugs/611177
<eagles0513875> vhey guys i need some big time help i have a server down and its kind of in an infinite boot up and restart loop
<eagles0513875> im trying to boot onto the live cd and it wont read it for some reason and with out any networking i can login but after logging in it restarts itself
<qman__> eagles0513875, not much you can do until you get it booted to a live environment, or load the disk in another computer
<eagles0513875> sigh :(
<eagles0513875> qman__: woudl a network boot work?
<qman__> have you tried the "recovery mode" option?
<qman__> only if you have a server hosting PXE images
<eagles0513875> qman__: what do i press to get to grub and kernel selection
<qman__> for grub1, escape, for grub2, hold left shift
<eagles0513875> hold on
<qman__> recovery mode boots it into single user, and then gives you a few options besides just dropping to a root shell
<eagles0513875> i know
<eagles0513875> i think this loop has something to do with watchdog
<eagles0513875> im holding shift and im getting no response
<eagles0513875> its like its ignoring the keyboard
<qman__> USB?
<eagles0513875> ya
<eagles0513875> also the cd drive si a bit wonky
<eagles0513875> its a sata cd rom drive
<qman__> if so, try playing with the legacy USB keyboard options in the BIOS
<qman__> or try PS/2
<qman__> make sure it's in "native IDE" mode
<qman__> some things can handle AHCI, others can't
<eagles0513875> qman__: what doesnt make sense is this was working just fine yesterday
<qman__> it's a big mess, so if you don't need to hot plug your drive, just use native IDE
<eagles0513875> blarg this is a mess
<qman__> now, hard drives can really benefit from AHCI, but disc drives, not a big deal
<eagles0513875> man this is getting frustrating
<eagles0513875> i am wondering if it was the time as the time in the bios was 2 hrs behind
<qman__> eagles0513875, by default, linux sets the hardware clock to UTC
<eagles0513875> humm
<eagles0513875> ok
<eagles0513875> that didnt do it
<eagles0513875> and i cant change to legacy usb
<SuperPetRalf> Can you not trying setting your first boot device to CDROM and then putting in a recovery disk
<SuperPetRalf> just to see if you even get usb support?
<eagles0513875> SuperLag: already have that
<eagles0513875> setup like that and it still doesnt boot off the live cd
<eagles0513875> of ubuntu server
<SuperPetRalf> ahh
<SuperPetRalf> sorry couldnt scroll back that far
<eagles0513875> its ok
<eagles0513875> i am running out of ideas
<eagles0513875> i think a reinstall might be in order
<SuperPetRalf> what happens when you try to boot it up?
<eagles0513875> starts up i login and it shutdown and reboots
<SuperPetRalf> and in single user mode the same?
<qman__> his keyboard isn't working to interrupt grub and get to single
<qman__> you're going to have to fix one or the other, the CD or the keyboard, in any case
<qman__> can't exactly reinstall if you can't boot the live environment
<SuperPetRalf> ah have you tried booting from a USB device?
<eagles0513875> thing is i dont have a spare usb device on me atm
<eagles0513875> the one i have is 16 gb of data on it
<eagles0513875> actually brb
<eagles0513875> cuz the office was supposed to order some for work
<eagles0513875> hold on i might not need it
<eagles0513875> ok nm
<eagles0513875> i do need it
<SuperPetRalf> sure could it be  ahrd ware issue if the kb isnt working and its in a boot loop?
<eagles0513875> it seems like all processes are crashing from what im seeing during shutdown
<eagles0513875> the server was workign juts fine yesterday
<eagles0513875> brb
<qman__> that doesn't rule out a hardware issue
<SuperPetRalf> has anything changed? plugged in sumthink
<SuperPetRalf> Does it crash ont he same process every time?
<SuperPetRalf> on the
<eagles0513875> it seems like its something with udev
<eagles0513875> im gonna use my pendrive and create a bootable usb
<eagles0513875> using unetbootin
<eagles0513875> just have to get all my data off it first
<SuperPetRalf> Sure one other suggestion, when you do remove all the hardware you dont need, including some of the ram and the CD ROM drive if you can
<eagles0513875> SuperPetRalf: ?
<SuperPetRalf> Just incase it is a hardware issue, it maybe on the the external devices
<SuperPetRalf> or an internal device such as a broken pin in the ide cable or faulty RAM
<eagles0513875> ieverything is sata
<eagles0513875> from cd drive to hdd drives
<eagles0513875> i unplugged the network
<eagles0513875> which helped some
<eagles0513875> before with it plugged in
<eagles0513875> it was an instant reboot
<eagles0513875> without network it at least stays up for a bit then i login and it goes down
<eagles0513875> i think im getting ddosed or something
<SuperPetRalf> is it possibly 2 seperate issues, for example you cant use the kb in grub becuase USB support isnt there and there is a corrupt file cousing your system to reboot?
<eagles0513875> SuperPetRalf: all i did was modify something in the watchdog conf file and restarted watchdog
<eagles0513875> and after that thats when it was in the infinite loop
<eagles0513875> prior to that it was fine
<SuperPetRalf> can you resotre the old file
<eagles0513875> i know what i modified
<eagles0513875> just have to comment out one thing
<SuperPetRalf> idea
<SuperPetRalf> can you turn it on but not logon
<SuperPetRalf> then login remotly with ssh?
<eagles0513875> i could try that
<eagles0513875> also take a look at this
<eagles0513875> http://pastebin.com/ebmPZndP <---does that look like someone trying to hack or dos the network
<SuperPetRalf> there all outbound though
<eagles0513875> not all
<SuperPetRalf> but the majority are and I dont htink that could be anough for DOS conditions
<qman__> only one is inbound
<qman__> looks like your server's been compromised to me
<qman__> unless you're legitimately scanning those IPs yourself
<eagles0513875> im not
<eagles0513875> im protected by router firewall
<eagles0513875> only ports i have open and forwarded to the server are 22 and 80
<qman__> that's more than enough
<eagles0513875> so i need to get iptables up and running on the server as well as a proxy
<qman__> you need to fix the hole that they got in with, if they got in
<eagles0513875> ya its server side i think
<qman__> leave it off the network, and check for evidence of a break in
<eagles0513875> thing is i removed the server from the connection via router to the internet
<eagles0513875> breakin in what sense
<SuperPetRalf> yeah but the traffic is outbound
<SuperPetRalf> suggesting if it is its allready comprimised
<qman__> unauthorized SSH login, most likely
<qman__> with a subsequent rooting
<eagles0513875> qman__: i use an alpha numeric password which isnt easy to crack
<qman__> doesn't matter
<qman__> using password authentication at all is risky
<SuperPetRalf> brute force, but i still dont think its likly to be that
<eagles0513875> thing is i cant even check the logs
<eagles0513875> and most of the attacks are on closed ports
<SuperPetRalf> whats the IP address of the server?
<qman__> those are outbound connections
<SuperPetRalf> .4 or .7?
<eagles0513875> none of those
<SuperPetRalf> then its not the server
<eagles0513875> server has a static internal ip
<SuperPetRalf> look at the addresses
<qman__> blocking inbound ports has no effect on them
<eagles0513875> those i believe are wifi addresses
<SuperPetRalf> ahh but all the traffic goes no where near the server so to speak
<SuperPetRalf> look its all outbound .2.4 and 2.7
<qman__> yeah
<qman__> looks like you had a couple zombies on your wifi then
<qman__> or someone playing around with nmap
<alex88> i'm finally got working suexec with fcgid, but it uses a wrapper that contains http://pastebin.com/KCsLN1dR, now, the wrapper must be owned by the user, so he can change it and put whatever command he wants, how can i solve this?
<SuperPetRalf> try and ssh into your own server
<eagles0513875> those are wifi ips from .2 to 100
<eagles0513875> via router dhcp
<qman__> if your server is on the same subnet, you definitely need to put up a firewall
<qman__> but that's down the road
<qman__> if none of those addresses point to your server, then it's irrelevant
<SuperPetRalf> and there are time log inconsistences too
<qman__> and this is sounding more like hardware failure by the minute
<eagles0513875> ssh seems to be down
<SuperPetRalf> see no 11 then 12 and you see what i mean
<eagles0513875> cant ssh in
<SuperPetRalf> anyway ssh is down just checking are you re plugged in
<huats> morning
<SuperPetRalf> can you ping?
<SuperPetRalf> Morning
<eagles0513875> wait hold on
<qman__> are you using an onboard NIC?
<eagles0513875> no
<eagles0513875> that was faulty
<eagles0513875> its a pci nic
<eagles0513875> i was gonna get a 2nd pci nic
<SuperPetRalf> no ping reply is that?
<eagles0513875> put one on the dmz and route the traffic to the other one after content filtering etc
<qman__> well, that's even more suspect
<eagles0513875> server is offline atm
<eagles0513875> qman__: ?
<qman__> if the onboard was already dead, the motherboard is likely crapping out
<eagles0513875> qman__: thing is i had taken this server home and installed server just fine using the onboard nic
<eagles0513875> came to work and it didnt work here
<SuperPetRalf> you mean during that time you installed fisrt and powered up now its been moved!?
<eagles0513875> let me see if i can boot onto a bootable pendrive
<eagles0513875> SuperPetRalf: yes
<eagles0513875> i reinstalled with this other nic card i bought
<SuperPetRalf> ahh
<qman__> a failing southbridge chip would explain everything
<SuperPetRalf> hardware, or maybe disloged component
<qman__> udev crashing, NIC failure
<eagles0513875> O_O
<SuperPetRalf> im with qman on that
<eagles0513875> qman__: this has been online for at least 2 three weeks
<qman__> irrelevant
<qman__> all hardware fails eventually
<qman__> when is a matter of chance
<SuperPetRalf> most of the time it jsut goes
<SuperPetRalf> no warning
<SuperPetRalf> especailly if youve moved it
<eagles0513875> thing is this is only a 1 yr old machine
<qman__> also irrelevant
<SuperPetRalf> is it on a UPS?
<eagles0513875> yes
<SuperPetRalf> is the UPS rated hight enough?
<qman__> could be the power supply as well, but it's a bit too consistent
<qman__> when they go, they either usually just pop
<qman__> or fail under a heavy load
<ttx> Daviey: around ?
<qman__> which I guess booting up could case
<SuperPetRalf> not if its a 250w USP and 350 PSU
<Daviey> ttx: o/
<Daviey> ttx: Going through my back log, wanted to catch up with you.
<ttx> Daviey: I had a few questions on the status of euca 2.0 regressions wrt alpha3
<Daviey> ttx: I am ontop of hggdh's bugs.
<ttx> great
<Daviey> ttx: Well at the moment euca 2.0 FTBFS on maverick
<eagles0513875> qman__: and SuperPetRalf i have anothe rmachine here at the office i can setup if all else fails
<Daviey> (archive version)
<ttx> Daviey: smoser told me. The jibx transition was half done on our side
<SuperPetRalf> if youve got backups of the old one i would go for it
<qman__> eagles0513875, run some hardware diagnostics, boot live and put it under a heavy load
<ttx> Daviey: just wondering why it hits so late
<qman__> try taking it off the UPS or swapping the power supply, see if it fixes the problem
<qman__> if it doesn't, it's probably the motherboard
<Daviey> ttx: The old version was only removed from the archive yesterday
<ttx> arh.
<eagles0513875> qman__: making live usb of kubuntu atm
<eagles0513875> only iso i have laying around on this laptop atm
<ttx> Daviey: ok, keep me posted, and don't hasitate to ask me/Dustin for support if needed
<SuperPetRalf> sure
<Daviey> ttx: Personally, i'm not convinced it needs a MIR.. but i guess i should - but MIR's currently seem to be operating slowly
<ttx> MIR ? For jibx ?
<Daviey> ttx: yeah
<ttx> it's just a package split... so it's should be a formality
<ttx> the apckage was already reviewed, it's just a matter of promoting it
<Daviey> ttx: the new package isn't yet in Ubuntu.. There isn't ANY jibx in Maverick at the moment, i don't think
<ttx> but there was one :) Once in main, can return to main.
<Daviey> Yeah.. it was for this, i thought it could bypass a MIR.
<ttx> Daviey: I'd really much like to have the basic UEC installer work out of the box for A3, like it used to
<Daviey> ttx: Agreed.
<ttx> I don't care so much about the 10% instance fail rate
<Daviey> ttx: I need to do some investigation to the registration issue.
<ttx> that we can fix after
<Daviey> ttx: It seems it's inconsistent.. :/
<ttx> Daviey: Ideally we need to identify the upstream issues
<ttx> if any
<ttx> to push them upstream today
<Daviey> yeah.. There is a call with them today, so i'll try and make sure as much is ready for that.
<ttx> inconsistent ? I thought euca_conf --list-nodes always failed
<eagles0513875> qman__: and SuperPetRalf live usb is working booting into single user mode
<eagles0513875> what should i run
<eagles0513875> should i drop down to a root shell with networking ? or a normal root shell SuperPetRalf or qman__
<qman__> eagles0513875, with the live environment, you really should load the normal full system
<qman__> GUI and all, and load some heavy application to stress the hardware
<eagles0513875> ok
<Daviey> ttx: That does seem to, but describe-avaliability-zones verbose, sometimes returns
<eagles0513875> qman__: normal system is loaded
<SuperPetRalf> and try editing your watchdog file back to norman
<SuperPetRalf> normal
<ttx> Daviey: registration.log should leave a clear trail of what was detected and called
<SuperPetRalf> ping out see if your nic is working as it should
<ttx> Daviey: to check of the absence of reg is due to an announce issue or a reg issue
<eagles0513875> SuperPetRalf: how can i mount the partition of the cd drive cuz on the live usb its only seeing the pendrive partition
<SuperPetRalf> use the mount command
<SuperPetRalf> go to command line and type man mount
<eagles0513875> SuperPetRalf: i know how to use it but i cant seem to find the partition listed when doign fdisk -l
<SuperPetRalf> has it deteced it?
<eagles0513875> how can i tell
<SuperPetRalf> lspci it
<eagles0513875> detected the har ddrive
<SuperPetRalf> ah, qman_ maybe better at this than me
<eagles0513875> ahhh here we go
<SuperPetRalf> go it?
<eagles0513875> had to drop down to runlevel 1
<SuperPetRalf> ahh
<eagles0513875> humm but cant mount it as its not listed in the fstab
<eagles0513875> qman__: any suggestions
<eagles0513875> besides adding it to the fstab
<qman__> eagles0513875, use sudo
<eagles0513875> i did and still wasnt getting listed
<qman__> sudo mount /dev/sd?? /media/disk
<SuperPetRalf> isnt a cd "scd"?
<SuperPetRalf> ahh grep it
<qman__> a CD could be scd or sr, but I don't know why you'd be mounting a CD
<SuperPetRalf> well it gives you sumthing to do :) I think eagles needs someting off the cd
<qman__> my CD used to be hda
<qman__> changed in an update
<eagles0513875> question
<eagles0513875> how can i get to the etc of the mounted drive
<eagles0513875> wait there it is
<SuperPetRalf> lol my cd used to be /dev/null
<eagles0513875> lol
<eagles0513875> lets see if that fixes it
 * eagles0513875 crosses fingers
<eagles0513875> server is back up SuperPetRalf and qman__
 * eagles0513875 makes not to self not to modify watchdog.conf file
<SuperPetRalf> WEY!
<SuperPetRalf> congrats mate
<eagles0513875> ty
<eagles0513875> now to firewall it for extra protection
<eagles0513875> !iptables | eagles0513875
<ubottu> eagles0513875, please see my private message
<qman__> yeah, just keep in mind that there's no such thing as a secure wireless network
<qman__> if you design and configure with that in mind, you won't have any problems
<SuperPetRalf> sure there is its when you turn it off :)
<qman__> treat wireless like you treat the internet
<eagles0513875> ya
<eagles0513875> i hear ya
<eagles0513875> its encrypted but cant be too safe
<eagles0513875> :)
<eagles0513875> qman__:  and SuperPetRalf would you guys recommend me getting a 2nd nic and putting that on the dmz then routing traffic to the internal nic or no need
<eagles0513875> or can i still provide content filtering with a single nic interface
<eagles0513875> i wonder if i coudl get the onboard working
<ShadeS> eagles0513875: yes, you can.
<eagles0513875> ok cuz i want to do a lil content filtering for users of the wifi
<qman__> you shouldn't need multiple NICs anywhere but at your router
<jordanl> is there a limit to the number of IP addresses that you can associate with a NIC in /etc/network/interfaces?
<qman__> I would suggest moving your wireless to its own DMZ if you can
<eagles0513875> qman__: so you wouldnt recommend putting one nic on the dmz and then routing traffic to a nic which isn ton the dmz
<qman__> but that's not always practical
<eagles0513875> we want it secure
<ShadeS> when you saccrifice usability for security you're being too secure ;)
<eagles0513875> lol ShadeS dont get me started with this goverment fiber line we have here at this clinic
<eagles0513875> way too bloody restricted
<qman__> eagles0513875, splitting your network in multiple places isn't necessary
<qman__> you should split it at the router
<eagles0513875> qman__: ok
<jordanl> i added a second IP to /etc/network/interfaces using an "iface eth0:1 inet static" etc. line
<SuperPetRalf> second that
<ShadeS> "Those that give up essential useability for security, deserve neither useability or security!" - Benjamin franklin
<jordanl> which works
<SuperPetRalf> youd end up over complicating things
<jordanl> but adding a third IP using "iface eth0:2 inet static" doesn't seem to work
<SuperPetRalf> lol
<jordanl> i can't ping it from the outside
<qman__> jordanl, IME, if you want to use subinterfaces you have to de-configure the main interface
<jordanl> actually, i can ping it from something else on the same switch
<jordanl> but not from outside that switch
<eagles0513875> brb
<jordanl> qman__: de-configure the main interface? what do you mean by that?
<qman__> jordanl, I have never managed a working configuration where 'eth0' and 'eth0:1' both worked simultaneously, always had to change over to a 'eth0:1', 'eth0:2' setup
<jordanl> i see
<jordanl> so don't specify anything at all in the file for regular eth0?
<qman__> just `auto eth0` so it brings the hardware online
<jordanl> currently i have a section for "iface eth0 inet static"
<qman__> I would simply change the 'eth0' in that line to 'eth0:0'
 * eagles0513875 is happy that server is back online
<jordanl> qman__:  is it possible to make this change without restarting the system?
<jordanl> can i just /etc/init.d/networking restart
<qman__> jordanl, yes
<qman__> or service networking restart
<jordanl> didn't quite work as expected
<jordanl> "ip addr show" still lists an IP for eth0
<jordanl> and nothing for eth0:0, in fact, i got an error when it tried to assign an address to eth0:0
<jordanl> http://paste.pocoo.org/show/242999/
<eagles0513875> question qman__  or SuperPetRalf if i am using godaddy's dns and pointing the domain i have with them at the server ip woudl i need to have port 53 open on the server?
<jordanl> http://paste.pocoo.org/show/243000/
<qman__> eagles0513875, no
<eagles0513875> ok
<eagles0513875> qman__: would you suggest changing the port ssh uses?
<qman__> eagles0513875, no
<qman__> I would suggest using key-based authentication instead of passwords
<eagles0513875> ok will do that now gonna need some help with that but let me get the firewall up and running
<qman__> jordanl, I haven't seen that one before
<jordanl> http://paste.pocoo.org/show/243001/
<qman__> maybe they've changed some things to make it work
<jordanl> that's my conf file
<qman__> oh, I bet I know what it is
<jordanl> the ubuntu server guide made it seem so easy
<qman__> try removing the IP assigned to eth0 manually
<qman__> then restarting networking
<jordanl> ok
<jordanl> ip addr del 10.2.2.154/26 dev eth0
<jordanl> like that?
<andyltm> What is the normal amount of load on a server (dual proc) with 2gb ram and a website that has ~ 20,000 pg views/day?
<SuperPetRalf> if its a full blown server have you ever conisred sumthink like webmin
<qman__> I don't know how to do it with the ip command, I always use ifconfig, even though I guess that's the "wrong" way now
<SuperPetRalf> theres a ip command?
<jordanl> still no luck
<jordanl> very strange that i can't ping the .160 from the outside
<qman__> more IOCTL errors?
<qman__> or just the ping not working
<jordanl> no, the IOCTL errors went away
<jordanl> and it looks okay in ip show
<qman__> ok
<qman__> how smart is the switch?
<jordanl> http://paste.pocoo.org/show/243006/
<jordanl> the switch is supposed to be smart
<ShadeS> 'supposed'
<qman__> that might be what's breaking it
<jordanl> yes, it's a cisco
<qman__> if the switch is programmed to only allow X IPs per MAC
<qman__> or if it's doing something like STP and just dropping the ball
<jordanl> i've encountered this before
<jordanl> and i *think* rebooting fixed it
<imyousuf> Hi
<imyousuf> I need some help regarding eucalyptus
<jordanl> i disabled the other secondary IP
<jordanl> still not working :(
<imyousuf> I am doing $ sudo service eucalyptus-nc status and getting start/running, but if I do euca-describe-availability-zones verbose the max column shows all 0. When I try sudo euca_conf --no-rsync --discover-nodes it does not discover any nodes :( can someone please help me? output of the commands are http://paste.ubuntu.com/470622/
<jordanl> i'll try to pick up on it tomorrow
<jordanl> it's late here
<jordanl> thanks for the help
<qman__> jordanl, good luck with it
<uvirtbot> New bug: #611226 in dovecot (main) "Dovecot-common Install Error" [Undecided,New] https://launchpad.net/bugs/611226
<imyousuf> I am doing service eucalyptus-nc status and getting start/running, but if I do euca-describe-availability-zones verbose the max column shows all 0. When I try euca_conf --no-rsync --discover-nodes it does not discover any nodes :( can someone please help me? output of the commands are http://paste.ubuntu.com/470622/ (re-run)
<maxb> Anyone who uses schroot here?
<maxb> Any thoughts on why it might be running its chroot setup-stop scripts *twice* on chroot exit?
<alex88> is possible to restore database from mysql files? i mean, i have just the filesystem, not standard sql backup
<imyousuf> twb`: if you have time would you kindly have a look at http://paste.ubuntu.com/470622/ ? I set the ipv6 setting after that, discover-nodes does not even discover the node :(
<eagles0513875> !squid | eagles0513875
<ubottu> eagles0513875, please see my private message
<eagles0513875> is there a wiki page for setting up squid on the ubuntu wiki
<twb`> imyousuf: I don't provide support for eucalyptus
<imyousuf> oh ok twb`, thanks, can you please point me to someone who does, I have been sitting with this for over a week :(
<twb`> I can't, sorry.
<imyousuf> twb`: np, thanks
<eagles0513875> quick question about iptables
<eagles0513875> i have port 80 open on the inbound connection how am i able to get a webpage with the outbound port being blocked?
<twb`> What's the current best practice for doing PPPoE on lucid?
<twb`> I see that a stock install has pulled in "pppoeconf", which depends on "ppp | pppoe" -- that seems to suggest those packages are interchangable.
<eagles0513875> !pppoe
<ubottu> Setting up an ADSL/PPPoE connection? Look at https://help.ubuntu.com/community/ADSLPPPoE
<eagles0513875> twb`: is that of any help for ya
<twb`> eagles0513875: well, reading random shit on the internet is plan B.
<pmatulis> doesn't look random to me
<twb`> Plan A is to get a recommendation from a denizen here that I trust to have a clue
<twb`> (Though that recommendation could be "ubuntu-serverguide's way is the Right Way")
<twb`> pmatulis: the community part of the wiki can be pretty random :-(
<Daviey> twb`, If you are happy to follow that, and report how it works out - if it looks good, we can move it to the offical part.
<twb`> Daviey: fairy nuff.
<twb`> I can't actually do that TODAY, because manglement hasn't arranged for a spare DSL modem and account to test against.
<Daviey> :(
<twb`> I should also grovel through the C4 host that's currently doing our PPPoE
<eduardo_f> I have a shell script that writes stuff in a lofile, I want to execute the script in a way that it is restarted if nothing is written in the logfile for 30 mins, ideas?
<twb`> That concept is called a "watchdog"
<twb`> If you go through apt, there's probably a couple of tools to facilitate it
<eduardo_f> pseudo-code would be smth like this: if (not writing to logfile) then (restart process) unless (process finished)
<eduardo_f> I guess I want a software watchdog, not the kernel one, I'll look through apt, thnx twb`
<twb`> eduardo_f: right
<uvirtbot> New bug: #611272 in tomcat6 (main) "clean tomcat6 install causes load to go up" [Undecided,New] https://launchpad.net/bugs/611272
<cloakable> Of course it does, it's Java >.>
<eagles0513875> !watchdog | eagles0513875
<diogo_79> hi
<diogo_79> guys how can i see what services are running on ubuntu?
<pmatulis> diogo_79: you can look at open ports (listening) or processes running
<diogo_79> what is the command ?
<SuperPetRalf> why not just do a top?
<SuperPetRalf> thats:
<SuperPetRalf> $ top
<diogo_79> thanks
<SuperPetRalf> np hope thats what your looking for
<tangerine0469> i am having trouble installing 10.04 lts on a raid 1 can anyone help?
<diogo_79> when i do sudo mysql -e to grant privileges to a user gives me access denied dont undersand why if i execute the command with sudo
<SuperPetRalf> Doesnt MySQL have a different user database to you linux box
<nimrod10> diogo_79, why do you need to do sudo mysql ?
<SuperPetRalf> and whats the RAID issue?
<nimrod10> diogo_79, it should work fine without suda
<nimrod10> *sudo
<diogo_79> because without sudo gives me access denied
<diogo_79> where is the command
<tangerine0469> it asks me if i want to activate the raid and i say yes, then it fails to write the file system to the drive
<diogo_79> sudo mysql -e "grant all privileges on zabbix.* to zabbix@localhost identified by 'senha';"
<diogo_79> gives access denied to root
<tangerine0469> i get to the point of choosing a guided partitioning and i have chosen each of the options seperately and still get no where
<SuperPetRalf> ah afraid im not going to be much use with that sorry, but there should be someone else in the community that can have you tries the ubunut forums?
<tangerine0469> not yet, i figured i would try this place first
<tangerine0469> thanks though
<nimrod10> diogo_79, you should be able to execute the mysql command without sudo access
<nimrod10> as in mysql -e "grant ...."
<diogo_79> but gives me access denied
<nimrod10> then run it with mysql -uyouruser -p -e "command "
<thesheff17> diaog_79: mysql command has nothing to do with sudo...mysql contains its own username/password in order to manipulate mysql stuff.
<nimrod10> the user that you give to mysql should be the user you have set up in mysql and NOT a linux user
<mathiaz> ttx: howdy!
<ttx> mathiaz: yo
<mathiaz> ttx: is there a blueprint to track sponsoring work as work items?
<ttx> mathiaz: no
<mathiaz> ttx: IIRC there is a blueprint for New,Undecided bugs work
<mathiaz> ttx: what do you think about creating a server-maverick-sponsoring blueprint?
<ttx> mathiaz: as in one work item per week per core-dev/motu person ?
<mathiaz> ttx: yes
<mathiaz> ttx: modeled after the bug-triagging blueprint
<uvirtbot> New bug: #611305 in php5 (main) "No debug symbols for libapache2-mod-php5" [Undecided,New] https://launchpad.net/bugs/611305
<ttx> hmm
<mathiaz> ttx: server-maverick-dailytriage
<mathiaz> ttx: the intent is the same IMO
<ttx> I'm not totally convinced by that one tbh
<BlackZ> hey mathiaz
<mathiaz> ttx: why?
<mathiaz> ttx: it shows up on the work item list and help to burn wi down
<Daviey> ttx / mathiaz: Keep in mind package sets can also sponsor, not just motu/coredev
<ttx> mathiaz: having plenty of work items that you cannot do anything about until it's time to act on them...
<mathiaz> Daviey: right - I'd suggest the WI to be named: sponsor stuff
<ttx> mathiaz: a calendar sounds more appropriate
<Daviey> mathiaz, a BIG +1
<ttx> otherwise you'll duplicate your vacation notices
<mathiaz> ttx: right - I'd still have to mark it as completed
<ttx> completed ? or dropped ?
<mathiaz> ttx: things I've done - so that it shows on the graph
<Daviey> yeah.. and as it is supposed to be a dedicated thing - it should still show on our WI tracker
<ttx> Also at the start of a subcycle you'll end up having 50 WIs with only 10 you can actually work on
<ttx> which will make looking for them a bit counter-productive
<Daviey> ttx, But the %'s increase of comepleted would then match the milestones?
<ttx> so I wanted to try the dailytriage one for beta and see how well it flies
<mathiaz> ttx: ok
<mathiaz> ttx: my goal is to have the sponsoring work show up somehow
<ttx> I think it generates noise and duplication
<mathiaz> ttx: it seems that integrating it in the personal page is better then
<ttx> I can be convinced otherwise though :)
<mathiaz> ttx: including a calendar feed on the personal page
<Daviey> Well we could speak with dholbach about duplicating the 5 a day project to sponsoring stuff
<ttx> another way to fix it is to do "sponsor+triage" days (community role days)
<Daviey> extracting sponsorship information via the LP API isn't complex
<mathiaz> ttx: so that things that needs to be done on a specific day show up automatically
<ttx> then it does not generate so much additional wi
<mathiaz> Daviey: right - what I'd like to have is a report based on the sponsoring page but filtered for the ubuntu-server team
<ttx> another thing I fear is that if 60% of the WIs are actually things that will get burned in all cases, being late in the remaining 40% might not be easy to spot
<Daviey> mathiaz, a TODO list?
<mathiaz> Daviey: yes - it's all about generating TODO lists
<mathiaz> Daviey: which are small enough to not scare people away
<ttx> in a nutshell, I'm not sure we need work items to show recurrent work that we can skip in case of absence
<mathiaz> Daviey: and getting them small is about providing views
<Daviey> mathiaz, Getting that should be reasonably easy.. limited to packages in the packageset
<ttx> I prefer work items to be things that need to be completed
<Daviey> (but should we only be sponosring stuff in our set - or generic)?
<ttx> rather than a weekly task reminder
<mathiaz> Daviey: start with set, then go on generic
<mathiaz> Daviey: the idea is to provide multiple lists to process by order of priority
<mathiaz> ttx: fair enough
<mathiaz> Daviey: for example my sponsoring work consists of:
<mathiaz> Daviey: 1. https://code.launchpad.net/~mathiaz/+activereviews
<ttx> mathiaz: but that's just me. That's what I mean by "not entirely convinced" and wanting to try out with dailytriage first
<mathiaz> Daviey: 2. https://code.launchpad.net/~canonical-server/+activereviews
<mathiaz> Daviey: 3. https://code.launchpad.net/~ubuntu-server/+activereviews
<ttx> mathiaz: otherwise what's the next step, one work item with every weekly meeting ?
<mathiaz> Daviey: 4. https://bugs.launchpad.net/~ubuntu-server/+patches
<mathiaz> ttx: hm - I don't understand what you mean
<mathiaz> Daviey: process each queue in that order
<ttx> mathiaz: well, meetings also take time. Having one work item for each of your weekly meeting would account for that
<mathiaz> Daviey: once arrived at the end of one queue, jump to the next one
<mathiaz> Daviey: provided you still have time
<ttx> mathiaz: if you have one to remember your "sponsoring hour" why not to remember your "weekly meeting" ?
<Daviey> ahh, i see mathiaz - is your process documented?
<mathiaz> Daviey: the other part of that is that sponsoring is time-boxed
<Daviey> ttx, We don't have a problem attending meetings - it's also very obvious if people aren't there
<mathiaz> Daviey: spend 1/2 a day maximum
<Daviey> sponsorship seems to be slipping by, hence dholbach's email
<mathiaz> Daviey: nope - it's in my head - and I'm still experimenting - that's my personal workflow
<ttx> Daviey: we shouldn't have problems attending sponsoring hours. There is a schedule for them
<ttx> https://wiki.ubuntu.com/UbuntuDevelopment/CodeReviews
<ttx> Daviey: to me sponsoring time is very close to meetign time.
<ttx> it occurs at a specific time and takes one hour.
<ttx> I cannot have opther meetings conflicting with it.
<mathiaz> ttx: granted - if WI is defined as work to be done ASAP and sponosring/meeting as recurring event at a specific time/day, then meeting/sponosring should go on the calendar
<Daviey> mathiaz, Talking about last week - i really think it is awesome if people share personal workflows - doesn't need to be an "offical" one
<mathiaz> Daviey: agreed - I'm still experimenting with my workflow and improving on it
<mathiaz> Daviey: I plan to blog about it - and/or share with others
<Daviey> mathiaz, personally, i'd really appreciate it
<mathiaz> Daviey: it's just in experimentation mode now - I'd like to wait until I can report that this is working well for me
<mathiaz> ttx: how about server-maverick-isotesting
<Daviey> oh sure
<mathiaz> ttx: this is also something that can only happen at a very specific time
<ttx> mathiaz: rigth.. I like that one because it accounts for work that needs to be done on release week
<mathiaz> ttx: so having a WI also helps to calculate the workload?
<ttx> mathiaz: not the workload. An accurate completion %
<ttx> if you do 10 WI per week, you should only plan 9 on release week, since one of them is taken by ISO testing :)
<mathiaz> ttx: so how is that different from sponsoring work?
<ttx> adding 1 work item every week doesn't help in that area
<mathiaz> ttx: gotcha
<ttx> again, I'm open to experiment with it
<ttx> I just fear to dilute the % work to be done into recurring work that will get done anyway.
 * Daviey thinks about some pretty graphs!
<mathiaz> ttx: BTW when is the archive frozen for alpha3?
<mathiaz> ttx: today Thursday or next Tuesday?
<ttx> if you have 120 normal WI and 100 recurrent ones... The last 100 will get done anyway. But spotting that you'll be late on the first 120 gets harder
<ttx> soft freeze, normally today
<mathiaz> ttx: ok
<ttx> That's why I asked for papercuts to be fixed before today, btw
<nlko> hi guys, ive follwoed this tutorial here, https://help.ubuntu.com/community/Mailman, when i send an email to the new list i get the following error "pipe_transport unset in system_aliases router" in exim4 mainlog...any ideas please?
 * ttx pauses
<nlko> exim works to send email to system accounts and receives from remote addresses...
<nlko> but when i send a email to the new list, i get that error ^
<uvirtbot> New bug: #611316 in php5 (main) "Segmentation fault in php5-sybase" [Undecided,New] https://launchpad.net/bugs/611316
<Daviey> ttx, Are you free for a chat in a few mins?  Currently in a call, and would be useful to talk about some of it.
<nlko> no ideas?
<ttx> Daviey: I'm available now
<Daviey> rocking
<Daviey> ttx, mumble?
<ttx> Daviey: I'm on
<SpamapS> ScottK: looks like the kolab patches are on the radar now for PHP
<uvirtbot> New bug: #611330 in openssh (main) "ssh hangs after login when using broadcom wifi" [Undecided,New] https://launchpad.net/bugs/611330
<ScottK> SpamapS: Yes.  I've been following the discussion.  Thank you.
<SpamapS> ScottK: Hopefully the Kolab guy can help push it through when he gets back. ;)
<mathiaz> SpamapS: I've looked at the ceph package
<ScottK> SpamapS: Do we need the configure stuff they mentioned?
<mathiaz> SpamapS: and curbed LP to be able to use a merge proposal to track the discussion
<mathiaz> SpamapS: so you may have received a bunch of uncessary emails while I was experimenting with LP to get it to do what I wanted
<smoser> unnecessary emails from LP ?
<smoser> what ?
<smoser> </pretend_shock>
<SpamapS> mathiaz: I think I got one or two. :)
<mathiaz> SpamapS: let me know when you get to ceph - and I'll explain what I did to get the proposal going
<mathiaz> SpamapS: the *merge* proposal setup
<SpamapS> mathiaz: I'm looking at the proposal right now..
<mathiaz> SpamapS: ok - so I've setup a project in LP with an empty-branch, branch it and copied the content of the source package from the PPA
<SpamapS> mathiaz: http://code.launchpad.net/~clint-fewbar/+junk/ceph-packaging  this one at least fixes the lintian report W's and E's
<mathiaz> SpamapS: and then I pushed it to LP to create a merge proposal
<SpamapS> mathiaz: sage has been selectively pulling changes from that branch into his own packaging
<mathiaz> SpamapS: right - so could you rebase your +junk branch from lp:review-new-branches
<SpamapS> mathiaz: I don't know how to use rebase
<mathiaz> SpamapS: well - rebase was wrong choice
<mathiaz> SpamapS: basically restart based on lp:review-new-branches
<SpamapS> lol ok.. and cherry pick diff's in?
<mathiaz> SpamapS: so that we can create a merge proposal and keep the discussion there
<mathiaz> SpamapS: yeah - if you wanna keep the history
<mathiaz> SpamapS: this is a workaround the fact that LP doesn't support commenting on branches
<SpamapS> mathiaz: I think its appropriate that a merge proposal is where discussion goes
<SpamapS> mathiaz: but its difficult when there's nothing to merge to.. ;)
<mathiaz> SpamapS: yeah - that's the issue ;)
<mathiaz> SpamapS: if you don't base your branch from an existing branch you can't create a merge proposal
<mathiaz> SpamapS: see bug 564391
<uvirtbot> Launchpad bug 564391 in launchpad-code "Enable commenting on a branch the same way as a merge proposal" [Undecided,Won't fix] https://launchpad.net/bugs/564391
<mathiaz> SpamapS: and bug 575104
<uvirtbot> Launchpad bug 575104 in launchpad-code "No way to get review on the addition of an official branch" [Medium,Triaged] https://launchpad.net/bugs/575104
<SpamapS> mathiaz: so should I branch lp:~mathiaz/review-new-branches/ceph-new-pkg , or the trunk?
 * mathiaz thinks
<mathiaz> SpamapS: you can branch lp:~mathiaz/review-new-branches/ceph-new-pkg and push it to your own LP account
<mathiaz> SpamapS: we'll start over the merge proposal then
<SpamapS> right, and then propose to merge with yours
<SpamapS> I don't think you have to start over
<mathiaz> SpamapS: with lp:review-new-branches
<mathiaz> SpamapS: my branch doesn't have anything special
<mathiaz> SpamapS: it's just a copy of the package.
<mathiaz> SpamapS: once we get the merge proposal rolling we'll be able to track fixes in new revisions
<SpamapS> clint@ubuntu:~/pkg/ceph/bzr$ diff -ur ceph-new-pkg ceph | wc -l
<SpamapS> 74
<SpamapS> My branch doesn't exactly have a ton of changes. :)
<mathiaz> SpamapS: this whole thing is an experiment for me as well - we'll problem run into some bumps along the way
<SpamapS> mathiaz: right, we usually don't have this problem because of auto-sync from debian. ;)
<SpamapS> bzr: ERROR: Branches have no common ancestor, and no merge base revision was specified.
<SpamapS> I'm trying to remember how to resolve this.. have done so before
<ScottK> Delegate the task to someone lower in the food chain.
<SpamapS> ScottK: ++
<SpamapS> crap
<SpamapS> Only amoebas and Cucumbers below me in the food chain
<SpamapS> mathiaz: ok, pushed, merge proposed, I'm heading out for a few minutes
<Yosi123> hi all
<Yosi123> I just spoke to the ppl @ #httpd, and they are telling me that my hostname or host domain can't match the name of my apache2 virtual servers..  and that is the reason I'm getting a wierd error message when restarting apache2...  does this make sense, and if so, is there an easy way to change the host or domain name of the box?
<Yosi123> I get this message when restarting apache2 "[warn] NameVirtualHost *:80 has no VirtualHosts"
<smoser> Daviey, working euca ?
<Daviey> smoser, should be - working libjibx should be in the archive - as of a few mins ago
<SpamapS> Yosi123: your <VirtualHost xxx> sections need xxx to be *:80
<smoser> Daviey, so there is a libjibx ?
<smoser> not just a libjibx1.1 ?
<smoser> do you need to rebuild euca ?
<Daviey> smoser, I think it should just work - there is a meta package
<smoser> ah.
<smoser> ok.
<Daviey> libjibx-java
<Daviey> ^^ meta package to versioned package
<uvirtbot> Daviey: Error: "^" is not a valid command.
<Daviey> not had a chance to confirm yet.. but it should have landed within the hour
<webPragmatist> can i patch this manually http://code.google.com/p/modwsgi/issues/detail?id=197
<Yosi123> SpamapS - des this look fine this is my apache2.conf   http://pastebin.ca/1911072
<webPragmatist> is it possible to make dig show all the a records for a domain?
<SpamapS> webPragmatist: its a harmless message
<webPragmatist> SpamapS: that doesn't mean it should be allowed to fill up my logs with garbage
<SpamapS> webPragmatist: if its happening a lot, then you can most certainly patch it. ;)
<webPragmatist> yea it does
<SpamapS> webPragmatist: looks like 3.3 came out last week
<webPragmatist> http://cl.ly/48ee77b2abc8d80a11af
<webPragmatist> every second for a period of times sometimes
<webPragmatist> time*
<webPragmatist> anyway my dig question is more important
<SpamapS> webPragmatist: looks like the watch file on the mod-wsgi file is a tad broken...
<SpamapS> webPragmatist: so the debian maintainer may not know that 3.3 is available
<SpamapS> webPragmatist: you can certainly build your own 3.3 package and install it, which is what I'd suggest over manually patching
<SpamapS> webPragmatist: unless you have a patch from somebody else that you know will work.
<SpamapS> webPragmatist: dig can do an AXFR if the server allows it, but most servers do not.
<SpamapS> webPragmatist: AXFR == zone transfer == "show me all your records"
<webPragmatist> oh right
<webPragmatist> for using failover dns
<webPragmatist> or secondary dns
<webPragmatist> rather
<SpamapS> yes
<SpamapS> tho I tend to agree with Dan Bernstein on this that AXFR is stupid and rsync over ssh is probably a better method.
<webPragmatist> well it's not my dns server
<SpamapS> which is why the admin probably doesn't want to show you all the records. ;)
<webPragmatist> yeaâ¦ i mean i could setup axfrâ¦ but for some reason i was thinking i could look up all the a records
<webPragmatist> without some authoritative access
<SpamapS> well some sites still do allow axfr to anybody
<webPragmatist> well ours you have to setup and acl
<dclake_> I cant connect to my ldap server I'm a newbie
<webPragmatist> 4sure
<zul> mathiaz: ping
<mathiaz> zul: p/
<webPragmatist> SpamapS: can i not just replace python with python3 from the repo/
<SpamapS> webPragmatist: definitely not
<SpamapS> webPragmatist: python3 is not entirely compatible with python2
<zul> mathiaz; do we want smbk5pwd it looks like pulling in heimdal-dev then
<mathiaz> zul: smbk5pwd is not enabled in openldap now IIRC
<mathiaz> zul: are you looking at enabling the overlay?
<zul> mathiaz: it is
<webPragmatist> SpamapS:  ah i see
<zul> mathiaz: in debian it is
<mathiaz> zul: hm - it may have been a change in debian then
<mathiaz> zul: we'd probably have to remove that build dependency then
<mathiaz> zul: or check if it can be build with mit-dev instead
<zul> mathiaz: k ill remove it
<maek> Im trying to make a local install source for netboots from a lucid dvd I have mounted. in my apt-mirror config file I have deb file:/media/cdrom lucid main - when I run apt-mirror It says Proceed indexes: [Psh: cannot open file:/media/cdrom//dists/lucid/main/binary-i386/Packages.gz: No such file but that file exists and I can gunzip -c Packages.gz and see all the meta data for packages. any idea?
<maek> also when I copied the dvd source and shared it via http as an install source I get the same problem. corrupt maybe? but when I install from the same dvd no problems.
<papertigers> what version of ubuntu does vmbuilder use when making a VM?
<papertigers> nvm is that the suite option?
<smoser> papertigers, vmbuilder runs on the host
<smoser> you can specify the suite, and it will debootstrap a version of that suite.
<caps_lock> UEC, Eucalyptus in Static mode, do I set the cloud storage control to use the bridge interface, or the physical interface included in the bridge?
<papertigers> smoser: okay sweet, how do you give the vm a name?
<smoser> i dont know what you mean by name
<smoser> "bobby" is  a pretty good name
<papertigers> as in virsh list shows me the vm's
<papertigers> how do i set that name
<smoser> i dont know. i know its in the libvirt xml.
<smoser> but i dont' know if vmbuilder allows you to set that or not.
<papertigers> smoser: foudn it
<papertigers> in the man
<papertigers> thanks
<maek> maybe im going about this the wrong way. how do I take a dvd of lucid and convert it into a source I can use for network installs?
<SpamapS> zul: where is the daily builds PPA for php?
<zul> SpamapS: not there yet
<SpamapS> zul: oh? that would be nice. ;)
<zul> SpamapS: yes yes :)
<ChmEarl> maek, cd /var/www; mkdir ubuntu;mount /dev/sdc /mnt/iso;cp -r /mnt/iso/* /var/www/ubuntu
<ChmEarl> maek, then http://localhost/ubuntu  and bliss
<papertigers> does anyone know or smoser how to tell the vm disk where to go, example I want it to be on my nfs server
<Guest40049>  Hi, i have a pc with ubuntu server 10.04, it ran for month (before 10.04 with 8.04) but now the pc halt at the boot start. If i boot with a liveusb it just halt after selecting language and starting the installation. I'm sure the cpu temperature is right and the rams are ok. what can be the problem?
<SpamapS> ugh.. I hate when people ask and bail in < 10 minutes
<zul> SpamapS: welcome to ubuntu ;)
<zul> SpamapS: can you keep an eye on those imap patches when it goes into php's svn repo?
<zul> SpamapS: its going to be a while before debian upstream is going to accept them...they havent even though of moving to 5.3.3 yet
<SpamapS> zul: yeah, I am subscribed to the php bug
<zul> SpamapS: k....so am i
<ivoks> just one? :)
<zul> well....yeah...ubuntu-server-bugs gets all of it so I see it anyhow
 * zul goes back to fixing php....<meek>yay</meek>
<SpamapS> zul: the annotations patch is particularly sticky
<zul> well if its all imap stuff then its not going into the the proper php package anyways
<SpamapS> zul: Apparently upstream (uw-imap) won't accept annotation support until rfc5464 is ratified by the ietf
<zul> SpamapS: meh
<SpamapS> zul: no movement since 12/2008 .. This seems like Kolab's fight.. not ours.
<zul> SpamapS: indeed...we just integrate
<SpamapS> ScottK: did you see the update regarding c-client not supporting annotations?
<ScottK> SpamapS: I saw that.  Is c-client part of php?
<Daviey> SpamapS: well if we can help poke, we should - which is what you have done :)
 * ScottK mostly knows about MTAs, not IMAP.
<SpamapS> ScottK: no its the uw-imap client lib for IMAP
<ScottK> Right.
<ScottK> That patch is on kolab's list.
<SpamapS> I'm happy to poke whoever you guys think I should poke, but I don't know if I'm sexy enough for the IETF ;)
<ScottK> http://kolab.org/cgi-bin/viewcvs-kolab.cgi/server/patches/imap/
<ScottK> SpamapS: What does "ratified" mean?
<ScottK> That's not an IETF term.
<ScottK> If it's got an RFC number, then it's been published.
<SpamapS> ScottK: meaning instead of just a draft that people are working on, it is published as an official IETF RFC
<SpamapS> hm
<SpamapS> so maybe it got published and nobody told uw-imap ;)
<SpamapS> indeed it has been published
<SpamapS> http://ietfreport.isoc.org/idref/rfc5464/
<talcite> Hey guys. I'm trying to resize a 2.5tb GPT partition into a 5tb one without destroying my data. The filesystem is OCFS2, so parted blows up when I try resize. Is there another tool I can use?
<ScottK> SpamapS: It's a propsed standard, http://www.rfc-editor.org/categories/rfc-proposed.html, which in IETF terms is pretty standard.
<ScottK> SpamapS: For comparison, that's as standard as RFC 2821/22.
<SpamapS> ScottK: got a good primer on rfc procedures? i'm pretty ignorant on them
<ScottK> SpamapS: I saw comments (I think in the Kolab vcs) that uw-imap upstream is pretty dead.  If the patches are "OK" with php upstream except needing polishing for configure time check for c-client, I think it might be ~OK for us to go ahead.
<SpamapS> ScottK: agreed
<ScottK> SpamapS: Not one that reflects reality (IETF is big on theory).  Bottom line is if "proposed standard" isn't enough for uw-imap, that's just a fancy way of saying "we aren't going to do it."
<ScottK> SpamapS: The other question this brings up is, "If php needs c-client at build time for this to work, how are we going to build it in php5 without putting uw-imap in Main?"
<ScottK> That may be a lot harder.
<SpamapS> Source: php-imap
<ScottK> Ah.  In Universe.  Cool then.
<ScottK> Thanks.
<SpamapS> Hmm, I wonder if I can make a collectd-plugins package like this php-imap pakage so we don't have to have all of collectd's dependencies in main
<ScottK> SpamapS: You might also look at clamav and libclamunrar for example.
<ScottK> SpamapS: What's the next step wrt the php packages?  If I get Kolab to commit to updating the patch to provide configure time checks, is that sufficient?
<SpamapS> ScottK: I think that would go a long way to helping the developers move forward. Getting c-client's upstream to wake up and take the patch would be good too.
<SpamapS> I'm shocked to hear that uw-imap's development is that dead
<SpamapS> if so.. then it might make sense to simply fork it and suggest to PHP that they use the kolab-c-client
<ScottK> I'll let the upstream's sort that out.  I don't feel guilty about patching our uw-imap in the meantime though.
<RoyK> seems we might abandon our new 16 and 24 core machines in favour of GPUs
<RoyK> it's bad - what are we to do with that old iron :D
<Hellmark[S10e]> I'm running a couple servers with fresh installs, and having some issues with tftp-hpa
<Hellmark[S10e]> it doesn't seem to log anything
<Hellmark[S10e]> any idea?
<ivoks> it doesn't log anything
<ivoks> check /etc/default/tftpd-hpa
<ivoks> you can add options to the daemon
<ivoks> iirc, -v is for verbose loging
<ScottK> SpamapS: I sent mail to the Kolab people.  Thanks for your help in this.
<ivoks> right, -vvvv should do the trick :)
<SpamapS> ScottK: no problem its been fun. :)
<ScottK> RoyK: You can send it to me if you want.
<RoyK> hehe
<Hellmark[S10e]> invoks was helpful.
<Hellmark[S10e]> although apparently it is picky about where you place the -vvvv
<Hellmark[S10e]> have to do it right after the file name on the exec line, or else it gets ignored
<lau> hi, I want to automatically blacklist / remove a kernel module nf_nat_sip at startup
<lau> I created /etc/modprobe.d/blacklist-mylis.conf
<lau> remove nf_nat_sip /sbin/modprobe -r nf_nat_sip
<lau> is that the right way to force the kernel not to load that module ever ?
<lau> (i am running lucid)
<soren> No.
<soren> You probably want "blacklist nf_nat_sip"
<soren> What you did told modprobe to remove nf_nat_sip every time you remove nf_nat_sip :)
<lau> hello soren I already tried this one but after a reboot the module was loaded :(
<webPragmatist> is bind9 required?
<soren> required?
<soren> For what?
<pwnguin> judgement call question: i have a server running 9.10. is there much benefit from waiting for 10.04.1 vs upgrading now?
<SpamapS> pwnguin: yes :)
<pwnguin> and that would be?
<SpamapS> pwnguin: a number of bugs have been fixed mostly.
<pwnguin> dont i get them from a dist-upgrade anyways?
<SpamapS> pwnguin: If you have some project that is blocked on moving forward, then yeah you should update, but if you just want the latest crack.. I'm not sure there's a compelling reason to push forward.
<pwnguin> 10.04 is like 3 months old now
<SpamapS> pwnguin: https://launchpad.net/ubuntu/+milestone/ubuntu-10.04.1
<SpamapS> Take a look at the bugs listed there.
<mathiaz> all the bugs in the list above marked as Fix Released are already in lucid now
<mathiaz> the one marked as Fix Committed are currently sitting in lucid-proposed
<mathiaz> pwnguin: so if you're not waiting for any bugs *not* marked as Fix Released then you can update to lucid now
<mathiaz> SpamapS: 10.04.1 is just a reroll of the isos to include the current updates in lucid
<mathiaz> pwnguin: and BTW if you've kept your system already up-to-date then you'll already have all the fixes
<SpamapS> mathiaz: right, I guess my point is that the .1 release will have a number of bugs fixed, and if any of them might affect you, wait. :)
<SpamapS> mathiaz: he will?
<mathiaz> SpamapS: well - .1 will have all the fixes included *now* in lucid
<mathiaz> SpamapS: yes - we don't publish new fixes on 10.04.1
<SpamapS> SRU's go back to all releases?
<mathiaz> SpamapS: Point releases are just an iso respin that include all updates published in lucid
<SpamapS> I guess it makes sense.
<mathiaz> SpamapS: when 10.04.1 is released there aren't any new updates that show up from nowhere
<mathiaz> SpamapS: if you've installed 10.04 and upgrades as security/SRU have been rolled out, your system will be at 10.04.1 automatically
<SpamapS> no
<SpamapS> he has 9.10
<mathiaz> SpamapS: point releases are really about iso (ie insallation media)
<SpamapS> I was offering an opinion that may not be shared by all..
<mathiaz> SpamapS: well - upgrades from 9.10 to lucid include SRU and updates IIRC
<SpamapS> I guess to me, point releases are rallying points for bugs to be fixed by.
<SpamapS> But I concede the point that ultimately, you can upgrade at any time and get *at least* the bugs that have been released up until now.
<mathiaz> SpamapS: right.
<SpamapS> I think we should probably *brace* for the impact of bugs from people rolling out 10.04.1
<mathiaz> SpamapS: a point release in Ubuntu LTS is a rallying points for new installation
<mathiaz> SpamapS: what will also happen at 10.04.1 is that upgrades from Hardy the last LTS will be enabled
<SpamapS> does that mean that hardy users who do dist-upgrade will get moved up to lucid?
<mathiaz> SpamapS: not dist-upgrade - via do-release-upgrade/update-manager
<mathiaz> SpamapS: dist-upgrade is not recommended to perform an upgrade in Ubuntu
<mathiaz> SpamapS: and dist-upgrade doesn't know about new releases
<mathiaz> SpamapS: (ie sources.list won't be automatically modified)
<SpamapS> thats what I thought.. wasn't sure. :)
<SpamapS> have never used 'do-release-upgrade'
<pwnguin> mathiaz: thanks. i thought as much but figured theres an angle i havent considered
<SpamapS> In Debian land we always had to go into sources.list and change "slink" to "potato" and dist-upgrade. ;)
<mathiaz> SpamapS: right - that's what do-release-upgrade does
<pwnguin> and a few other things
<mathiaz> SpamapS: it also has code to handle upgrade issues that are not supported by dist-upgrade
<mathiaz> SpamapS: do-release-upgrade (and update-manager) can be thought as "executable release notes"
<pwnguin> theres a pool of scripts it runs for no obvious place scripts
<SpamapS> ah cool
<SpamapS> somewhere during my webops experience I let go of ever upgrading a server again
<SpamapS> current OS not doing what you want? Spin up latest stable OS that does do what you want, update config-mgmt to adapt to any changes, deploy onto new server, deprecate or reuse old server.
<mathiaz> SpamapS: Velcoume 2 Ze Kloud...
<SpamapS> came up with a server naming scheme that supported it too.... clustername-revname-id ... so  static-b-04 meant static cluster, OS rev b (CentOS 5.3 in this case), number 4
<SpamapS> mathiaz: I was doing this with throw-away 1U's .. but yes.. ze kloud ist der makink it fashter
<SpamapS> mathiaz: so .. collectd plugins.. what would you say to splitting it into its own source package, much like php-imap does?
<SpamapS> mathiaz: at issue is the list of MIR-needing libs .. if we can just leave the plugins that need those libs out of main .. *win*
<maccam94> i'm having trouble with nfs shares that mount at boot causing my system to hang
<maccam94> they are mounted at /home and /usr/local, and it looks like mountall stops the boot process when they fail to mount
<uvirtbot> New bug: #607665 in libaio "Invalid test case on ARM" [Medium,Confirmed] https://launchpad.net/bugs/607665
<pwnguin> mathiaz: https://bugs.edge.launchpad.net/ubuntu/+source/mysql-dfsg-5.1/+bug/551130
<uvirtbot> Launchpad bug 551130 in mysql-dfsg-5.1 "[SRU] infinite loop in /etc/init/mysql.conf if mysqld is not running." [High,Fix committed]
<pwnguin> you know if that one's due to customization, or does it include default installs?
<bogeyd6> Can someone recommend a better guide than https://help.ubuntu.com/community/UbuntuBonding for ethernet bonding in ubuntu
<doronba> hello, anyobody has experience with installing ubuntu 9.10 on vmware esx?
<doronba> performance is rather slow and i wonder if anybody encountred an issue
<ChmEarl> doronba, I run it paravirtual in Xen 4.0 with good results
<doronba> ChmEarl , there are probably big enough differences that it wont compare, but did you tweak any setting on it? specifically Apache is running really slow, and cant get why.
<ChmEarl> doronba, what choices in tasksel? I only run lamp+ubuntu server
<lowridah> can you run an pv kernel in esxi?
<doronba> ChmEarl basic, lamp, openssh
<doronba> lowridah i dont actually know
<lowridah> i prefer xen or xenserver since i can run most linuxes in pv
<lowridah> xenserver is crazy slick
<doronba> lowridah i should try it, however our production farm is vmware based.
<doronba> and generally it rocks, i just cant figure if the problem is lamp based or host based
<ScottK> SpamapS: I've never had an Ubuntu Server upgrade go bad where I used do-release-upgrade.
<ChmEarl> doronba, create this file in your www root and run apache bench http://paste.ubuntu.com/470847/
<ChmEarl> doronba,  $ab -n 2000 http://localhost/test.php
<ChmEarl> doronba, once it runs redirect results to a file and pastebin.ubuntu.com
<doronba> ChmEarl http://paste.ubuntu.com/470848/
<ChmEarl> doronba, I get this http://paste.ubuntu.com/470850/ on a C2D 3.0 Ghz with LVM on Sata
<ChmEarl> doronba, your document length should be 90kB, not 280b
<doronba> ChmEarl where does it get this value then?
<ChmEarl> doronba, if the doc length is 280b, then you are getting 404
<doronba> right :)
<papertigers> doronba: running in KVM runs fine
<doronba> sorry one sec
<doronba> ChmEarl http://paste.ubuntu.com/470853/
<ChmEarl> doronba, the transfer rate is on par with 100Mb network and # of requests is OK
<doronba> but it doesnt engage the network device right?
<ChmEarl> doronba, but that ran on localhost... across the network will be lower
<SpamapS> ScottK: Yeah, I'm not saying upgrades are bad for servers. I'm saying, in a high churn webops environment, where I've spent a large amount of my time managing servers, upgrades are sort of pointless.
<doronba> ChmEarl i should test it via network see what kind of result i get
<ScottK> SpamapS: I think it tends to go better in Ubuntu than other distros.  For most I wouldn't even attempt it.
<ChmEarl> doronba, next you can run apache bench on another VM
<doronba> i think once it passes through the NIC all kinds of weird stuff happens
<SpamapS> ScottK: yes, every debian shop I ever managed, (ubuntu server didn't exist back then) would always just upgrade when the stable releases arrived.
<ChmEarl> doronba, run ab on another VM and point it back to your target VM
<doronba> ChmEarl, yup trying to set this up
<SpamapS> ScottK: but when you're scaling up and out.. and moores law means leaving a 3 year old server on *costs* you money.. upgrades are pointless.
<ScottK> Right.  Generally with servers as long as what you have is still supported for security, unless you need something new, staying with what's working is best.
<SpamapS> ScottK: case in point, last company bought a pair of $30kUS servers for MySQL in 2005, and then in 2008, a pair of $30kUS servers for mysql.. that had *6 times the RAM* and CPU's that were 3x faster, and 2x the drive bays.. oh, and that used about 10% less power.
<ScottK> Right.
<SpamapS> But, if you have a flat load and are more focused around having a stable server that never goes away.. upgrades that go well are as sweet as honey.
<ScottK> I have a development server that I upgrade every 6 months.  The rest I just run on LTS (I have already upgraded to Lucid though).
<SpamapS> yeah, traditional shops will upgrade. especially if they do something like install 6 - 9 months before LTS..
<SpamapS> If I had been evaluationg Ubuntu Server this time last year, I'd have chosen Karmic, not Hardy
<SpamapS> figuring that an upgrade would be smooth and I could get the newer features that it already had.
<doronba> ChmEarl  http://paste.ubuntu.com/470855
<doronba> these are results from a machine on the same lan
<doronba> its a jump on Timeper request
<ChmEarl> doronba,  3.4 MB/s transfer is poor, but thee are no errors
<doronba> yes, so my hunch is with the negotiation with the switch where the problem is
<ChmEarl> doronba, for pv to pv VM I get about 28MB/s on a gb network
<ChmEarl> doronba, apache2 is not the problem if a straight file transfer speed is similar
<doronba> ChmEarl it is on a gb network, something is wrong with network engotiation, ill look deeper. thank you for all the help
<ChmEarl> doronba, np
<ChmEarl> doronba, can you tell what ethernel driver karmic uses? lsmod
<Nwallins> Hi, I used the alternate install disc for meerkat to get a minimal install
<doronba> ChmEarl http://paste.ubuntu.com/470859/ results
<Nwallins> but it is installing a bunch of stuff.  i wasn't asked for a software selection
<Nwallins> i am getting compiz, erlang, a bunch of stuff i don't want
<ChmEarl> doronba, pcnet32
<Nwallins> is that the way the alternate install disc is supposed to work?
<Nwallins> i really just want miminal + xorg + lxde
<ChmEarl> doronba, sometimes there are other drivers which work better in karmic
<doronba> ChmEarl nay tips how do i go testing this?
<lowridah> Nwalins:  why not install server+ubuntu-desktop?
<lowridah> oh
<lowridah> lxde
<ChmEarl> doronba, if you can specify a driver in esx, then as long as karmic supports it, try it
<wizardslovak> hello people
<doronba> will give it a try
<wizardslovak> is there any GUI for managing apache and samba ?
<fluvvell> gidday, I'm just doing some maintenance on friends dead pc and thought I'd boot a live  10.04 cd.  It brings up a 10.04 login prompt, username of ubuntu and nothing does not log it in. Anyone seen this before?
<lau> identify quiky*
<ChmEarl> doronba, see post #7 here: http://newyork.ubuntuforums.org/showthread.php?t=1421399 they got vmxnet3 driver working
#ubuntu-server 2010-07-30
<Doonz> dksad
<zul> mathiaz: fyi i got an updated version of openldap with ufw profile and apport ready to go
<brando753> hello everyone I have set up my server I have installed ISPConfig but now I would like to know how to get it live so my three diffrent domains point to my diffrent sights how would i do this? How would i get a domain to point to my ip?
<mathiaz> zul: great!
<uvirtbot> New bug: #611526 in openldap (main) "package slapd 2.4.21-0ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 143" [Undecided,New] https://launchpad.net/bugs/611526
<chewbranca> what applications do you guys use for server monitoring? looking for something much simpler than nagios and that has an android app or rest api to allow for mobile monitoring and notifications
<ball> ping? :-)
<chewbranca> ping doesn't help you get notifications about load average or service availability
<ball> I know, I was just being facetious.  I'll be interested to see what other people suggest though.
<chewbranca> hahahha yeah wasn't sure, legitimate point though
<chewbranca> I've been playing with zenoss and its still rather complicated, I would also need to build custom solutions for monitoring my applications and an android app, plus I would need to run it on a dedicated box
<kimi_> Good Night
<kimi_> Does anybody has experience setting up a Radius server in Ubuntu?
<Shapeshiftr> Hey, what's the package for Mono again?
<Shapeshiftr> I installed it on my other Ubuntu server, just forgot how.
<processroute> can someone help me with my ubuntu-server issue: http://ubuntuforums.org/showthread.php?p=9655540 ?
<processroute> can someone help me with my ubuntu-server issue: http://ubuntuforums.org/showthread.php?p=9655540 ?
<processroute> can someone help me with my ubuntu-server issue: http://ubuntuforums.org/showthread.php?p=9655540 ?
<twb`> !repeat
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. You can search https://help.ubuntu.com or http://ubuntuforums.org while you wait.
<processroute> twb': i should wait more than 15 min?
<twb`> Yes.
<twb`> More like an hour or three.
<processroute> IRC is live chat?
<processroute> email/forums are 1 - 3 hrs
<twb`> Kids these days
<processroute> yep, we want everything faster
<twb`> If an email arrives the same day it's sent, you should consider yourself lucky
<processroute> when i email people, i expect to hear back within hours
<processroute> i almost always do too
<sweetpi> thats because they want to talk to you
<processroute> sweet3.1418: that could well be it
<processroute> guampa's writing a semi-solution to it on ubuntuforums, and i've posted ideas to fix it on brainstorm.ubuntu.com
<twb`> Is this your question? "Is there a way to bind specific programs to specific network devices (not IPs, since I have dynamic IPs)?"
<processroute> twb`: affirmative
<twb`> You should have just posted that, rather than linking to a page that contains it.
<twb`> To answer your question: no, there's no generic way to achieve that.
<processroute> twb`: i couldn't find it on the internet, so i thought others might have the same question and want it on the internet
<processroute> twb`: its in the kernel?
<processroute> the restriction to do that
<twb`> Best practice is to bind to all addresses, and set up a firewall.
<processroute> twb`: like change the route and use iptables to route programs (though iptables will not route PIDs)
<processroute> twb`: also having dynamic ips makes it difficult to bind to addresses instead of network interfaces
<twb`> Are you making a statement, or asking a question?
<processroute> twb`: making a statement, re-affirming its not possible to do that
<processroute> twb: what are users supposed to do that have two vpn services with their vpn services having different ip addresses, or users with two isps?
<twb> processroute: er, assign different ports?
<twb> I have two OpenVPNs and one vpnc terminating on my laptop, and it Just Works
<processroute> twb: you never have the urge to run one program through the vpnc device tun0 and others through the VPN apps?
<twb> Er, no.
<twb> Even if I did, it's still just be a matter of writing firewall rules.
<jefimenko> i'm in the middle of an ubuntu install at a point where it's asking me which partition to install grub on. no matter what i select, the following page tells me that i haven't chosen any partitions to install grub to and asks me to confirm. is there any way that i can manually install grub from here to ensure that my system reboots properly?
<kim0> jefimenko: dont really know .. but u can try installing on /dev/sda itself .. not on a partition
<PlainFlavored> what is ubuntu enterprise cloud?
<jefimenko> kim0: i tried selecting that too
<jefimenko> is there a way to escape into a shell and manually do it?
<jefimenko> it's very important that this server reboots properly since i am doing the install remotely
<jefimenko> it will be 10x as much work if it doesn't :(
<kim0> jefimenko: r u in text installer ?
<jefimenko> i think it's freaking out because i chose manual package selection during the install process
<jefimenko> kim0: yes
<kim0> jefimenko: wouldn't ALT+F2 or other Function numbers, get u on a shell
<jefimenko> because i've done other remote installs just like this one
<jefimenko> never had this problem... but i was stupid to try selecting extra packages to install now
<jefimenko> kim0: yes, i can get instal a shell that way
<jefimenko> kim0: but i'm not familiar with the install environment
<jefimenko> i'm a little disoriented in this sehll
<kim0> jefimenko: check this out https://help.ubuntu.com/community/RecoveringUbuntuAfterInstallingWindows
<kim0> relevant commands
<jefimenko> the shell environment only has the grub-installer command
<jefimenko> i wonder if the installation is mounted somewhere else
<jefimenko> i don't have the grub or grub-install commands
<RudyValencia> Why does the onboard Ethernet on my server perform worse than a PCI card?
<RudyValencia> (internal Ethernet is an Intel e100-series Ethernet card, and the PCI card is a tulip-compatible Network Everywhere NE100.
<RudyValencia> oops, NC100
<RudyValencia> Why would an onboard Intel Ethernet port be slower than a PCI tulip-compatible NIC in my server?
<lau> hi, do you know how to blacklist nf_nat_sip module ?
<lau> I tried through /etc/modprobe.d/blacklist.conf in lucid but it is not blacklisted
<lau> I though I could rename the .ko but does not look like a clean soluce
<lau> any idea ?
<_Techie_> i have postfix and dovecot installed and working, but postfix doesnt seem to be accepting smtp from other IP's
<huats> morning
<RoyK> happy sysadmin day everyone :)
<a_ok> I'm working on a dell server with an idrac, when I use the virtualcd drive on the idrac it gets /dev/sda and the other disks are shifted accordingly so root is /dev/sdb all the sudden etc. Where (and how) should I confiugre udev so the virtual drive is always /dev/sdz?
<twb> a_ok: if you are referring to drives by letter, you have already lost
<twb> dynamic drive letter assignment is something that is only going to increase in the next decade
<RoyK> a_ok: use the UUID
<a_ok> does kvm support UUID?
<RoyK> are you using raw disks with kvm?
<a_ok> yes
<a_ok> i'm going to anyway
<RoyK> google says it should work ...
<RoyK> I don't have kvm with raw disks, so I can't test from here...
<RoyK> man kvm
<RoyK> :)
<a_ok> and its bloody annoying anyway. one time when using fd i need to look at /dev/sda and the other time I have to look at /dev/sdc
<diogo_79> hi
<a_ok> RoyK: I only see you can assign an uuid to a image not boot from it by uuid
<diogo_79> how can i import gpg key to ubuntu server?
<a_ok> twb: It seems that I really need to be referring to drives by letter. perhaps in the future I will resolve the uuid to device file but for now I don't have a choice. so where do I put them rules?
<RoyK> a_ok: ok
<RoyK> I'm not sure, but perhaps it's possible to use udev to assign device names for sdx, like with network cards
<skydrome> Happy Sysadmin Day #ubuntu :)
<a_ok> I don't get why drive letter asignment should dissapear in the future
<NightDragon> hello all, is there a good place to head for apache info?
<_ruben> http://httpd.apache.org
<binBASH> NightDragon: #httpd
<NightDragon> httpd == apache2?
<binBASH> nope
<NightDragon> i can never get them straight... httpd, apache, apache 2.. prefork, postfork, @__@
<binBASH> all the same ;)
<binBASH> I dunno postfork though
<binBASH> just prefork, peruser, worker, event
<a_ok> how can I get info by devicefile?
<a_ok> like bus type etc
<a_ok> RoyK: this is rediculous. I can change the device file name of that disk with udev rules. Problem is that the kernel makes sr0 out of it but also makes sda... so the blody thing has two device files
<RoyK> a_ok2: is it a drive or a cdrom?
<a_ok2> RoyK: it's a virtual cdrom drive
<RoyK> then forget about sda
<a_ok2> RoyK if it was that easy I would. problem is that it is active one time and not active the other time. so we have stuff moving around
<kaushal> hi
<kaushal> is there a way to backport php5.3 to Hardy 8.04 server ?
<pmatulis> kaushal: probably, but it wouldn't be an easy task.  try https://launchpad.net/~bd808/+archive/php5.3
<pmatulis> kaushal: otherwise, https://launchpad.net/ubuntu/+ppas?name_filter=php5
<RoyK> kaushal: it'll be quite easy, really. just apt-get source php5, extract the php5.3 source somewhere, copy the debian/ directory from the ubuntu php5.2.4 source, cd into the 5.3 source and dpkg-buildpackage
<RoyK> that should probably do it
<kaushal> ok
<kaushal> is that a recommended method ?
<kaushal> RoyK: let me check
<floown> hello
<floown> to have Json, should I just install php5-json on a Jaunty server ?
<NightDragon> hello all
<NightDragon> would apreciate some help, i can not seem to connect to my ubuntu server from a mac
<NightDragon> PC works just fine... and so does netatalk
<NightDragon> (AFP
<NightDragon> but when i try to do CMD+K, and do SMB://server, it does not work
<NightDragon> connection failed
<NightDragon> any suggestions?
<sommer> morning all
 * NightDragon swears he hears crickets
<Daviey> hey sommer !
<Daviey> sommer: How are the doc's today? :)
<sommer> cruisin, cruisin ;-)
<Daviey> sommer: \o/
 * NightDragon pokes someone
<NightDragon> bump
<Pici> NightDragon: Do you have a samba server running?
<silentwhisper> i was able to run
<silentwhisper> http server and mail server
<silentwhisper> which server should i learn to setup
<silentwhisper> i want to learn all
<silentwhisper> server setup
<cloakable> all?
<Pici> I don't understand the question.
<silentwhisper> i mean what are the things i need to learn in ubuntu server?
<cloakable> That's... quite a task
<Pici> !serverguide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<silentwhisper> like http server
<silentwhisper> or mail server
<silentwhisper> thats a long long list to learn
<silentwhisper> in do you apply all of those in your company?
<Pici> silentwhisper: I only use what I need to use.
<silentwhisper> i want to learn what i need to learn and get a job
<ttx> mathiaz, smoser, spamaps, zul: ping me when you are around
<smoser> here
<Pici> silentwhisper: I can't give you a list of what companies need you to learn. Start with httpd and some mail server, look at job listings to see what skills they require and learn those.
<smoser> ttx,
<ttx> smoser: yo, pm ?
<blackstar256> #uscc
<NightDragon> silentwhisper: what you need is a book
<NightDragon> preferably from oreily
<NightDragon> that gets into server administration
<NightDragon> the best advice that i can give
<NightDragon> is to install a linux distro (like Ubuntu ^_^), get _very_ comfortable with it, and then try to teach yourself server administration
<NightDragon> silentwhisper: if your bash kung foo is not at least moderately strong, you wont be able to pass yourself off as a good sysadmin at interview, and even if you do... you wont be a good one and thats just not cool.
<NightDragon> unix is something you need to gain expereince with, you cant just "read a webpage" and know it, like it was skype or something
<NightDragon> i mean i cant say "you cant read the book"... because you kinda can, but if there was a singular book about *everything* you needed to know about unix administration, well it would be freaking huge. Like comically huge.
<NightDragon> i've been using ubuntu/debian linux for 4+ years, and have done server administration for 1+ years, and i'm still learning a lot
<TheJ3ckyl> 20+ with Solaris, Irix, BSD, SCO, Redhat, etc.. etc.. etc.. and still don't know everything
<TheJ3ckyl> ohh how could I leave out HPUX still have systems out there running on it
 * NightDragon shudders at the thought of redhat
<NightDragon> seriously, i've been playing in debian land too long
<NightDragon> i do need to learn redhat
<thesheff17> NightDragon: why RHEL ...stick with debian/ubuntu :)
<TheJ3ckyl> Well, for small business use it's good that you can put customers on their support license
<TheJ3ckyl> Of course Solaris IMHO is still the most stable with the best support.
<NightDragon> thesheff17: well aptitude is my homeboy, but it seems like a lot of jobs out there pretty much use RHEL/Solaris/Centos/Fedora
<TheJ3ckyl> and hardware is nice.
<qman__> solaris is great if you're into self-torture
<qman__> personally I just stay away
<TheJ3ckyl> Fedora-Core is nice
<thesheff17> NightDragon: true...though get the job and then switch to all ubuntu/debian...that is what I did :)
<TheJ3ckyl> Self-Torture?
<TheJ3ckyl> I like ubuntu for personal use
<TheJ3ckyl> My home network is 100% ubuntu
<thesheff17> if you use the terminal most of the time RHEL and ubuntu are really not all the different.  I also feel like the support RHEL provides just a database of fixes....basically ubuntu and google accomplish the same thing.
<TheJ3ckyl> Well, but they also have phone support for $$$. I have a day job already, but do consulting on the side so I don't have time to do support
<thesheff17> true have you used Canonical support?
<TheJ3ckyl> No, I haven't any good?
<thesheff17> hehe I haven't either.....I'm guessing they are pretty good
<thesheff17> also I hate how RHEL has ES, AS, and all these different version and support contracts....
<TheJ3ckyl> Yeah, but the more corporate you get, the more your going to have to have that type of stuff
<TheJ3ckyl> Hell, my primary vendor is Cisco.
<TheJ3ckyl> and Sun
<TheJ3ckyl> Talk about your different levels of support
<thesheff17> hehe
<TheJ3ckyl> Juniper is going the way of Cisco now
<TheJ3ckyl> They are really getting some more market share
<thesheff17> yea most of the data centers my company looked at used juniper over cisco
<TheJ3ckyl> Who knows is Juniper can compete with Cisco (Not talking technical mind you)
<TheJ3ckyl> Maybe someone someday will topple Microsoft :)
<thesheff17> functionality & price are def on Juniper side
<TheJ3ckyl> Yeah, their IOS IMO has always been more mature along with their hardware
<TheJ3ckyl> They just didn't offer the same support Cisco did which turns off the big enterprises
<TheJ3ckyl> For a long time Juniper didn't even have a proper lab for good regression testing and support testing
<TheJ3ckyl> They have definately overcome that now
<thesheff17> yea I work for a startup so paychecks come first technology comes second so I have to deal with what my budget is...basically 0 dollars :)
<TheJ3ckyl> but they need to show the larger enterprises they are ready to play on the same level Cisco can
<TheJ3ckyl> heh yeah
<TheJ3ckyl> I got it nice, I work for AT&T Labs
<thesheff17> nice
<TheJ3ckyl> We get a couple buck here and there :)
<thesheff17> hehe yea I'm sure ATT is huge
<thesheff17> hehe need a linux admin ? :)
<TheJ3ckyl> Not in labs, but I think corporate is hiring, but they are primary of HPUX and Sun shop
<TheJ3ckyl> We have a lot of Linux, but Labs doesn't hire without a network engineer background
<TheJ3ckyl> Mobility does a lot of Linux as well
<thesheff17> well I'm not looking now but I will have a masters in March for information system security....so I'm sure I will be looking then.
<TheJ3ckyl> heh, my degree was in Civil Engineering
<thesheff17> You guys runs lots of virtual machines?
<TheJ3ckyl> that was back in 89 though when CS degrees were IPX, SCO, and pretty much worthless
<TheJ3ckyl> by 1995
<thesheff17> yea my old company has sco boxes
<TheJ3ckyl> When I came to LABs in 97 we had a lot of SCO and HPUX
<TheJ3ckyl> sucked
<thesheff17> haha yea
<TheJ3ckyl> We still have a lot of UX, I can't stand it
<thesheff17> we had a sco box with an NTFS share mounted on a novel box...or the other way around...either way it broke and basically brought the business to a halt....spent 3 straight days fixing it.
<thesheff17> and had to try to deal with sco getting a new version and it was a nightmware
<TheJ3ckyl> I requested screen for a hopoff box that I use so when my VPN dies I can regain my session
<thesheff17> haha
<TheJ3ckyl> The admin told me it would be too much of a pain in the arse to install screen???
<TheJ3ckyl> really ???
<thesheff17> jeeze
<TheJ3ckyl> That's UX for ya
<Pici> Hey guys, I know this channel isn't getting a lot of questions right now, but its really not a discussion channel. Feel free to join #ubuntu-offtopic if you want to chat.
<thesheff17> k
<TheJ3ckyl> he ok
<TheJ3ckyl> sorry got carried away
<Pici> Its okay :)
<kimi_> Good morning. Does anybody know how to setup a radius server in Ubuntu?
<NightDragon> oooh
<NightDragon> "Good morning all, i want to build a space shuttle today. Can anyone help?"
<ssureshot>  might want to /join #nasa lol
<thesheff17> lol
<TheJ3ckyl> kimi_,  in terms of??  Configuring the flat file or integrating it with PAM or something?
<kimi_> I want to receive the authentication of WPA clientes (wireless devices)
<TheJ3ckyl> kimi_ it's been awhile, but essentially after you download radiusd, you will have a flatfile where you can point it to /etc/passwd or you can create the account with the flat file
<kimi_> the idea is that every client that connects to my wifi routers, do the authentication (using RADIUS) to a server in internet
<NightDragon> kimi: what kind of network are you trying to set up?
<TheJ3ckyl> Do you WIFI router support radius?
<kimi_> the network layout will be like this
<NightDragon> the likely scenerio here is a dedicated RADIUS Server is _VERY_ overkill for anything less then enterprise setup
<kimi_> I will have 4 routers, all configures with wireless security WPA Enterprise (where you MUST specify a Radius)
<NightDragon> not nessicarily
<kimi_> all the routers will connect to this Radius, and the radius will receive and handle autenthication
<NightDragon> but yes with WPA2, you can use Radius
<NightDragon> how many users are you planning on having connect to this net?
<kimi_> with WPA and WPA2 Enterprise (not Personal) y can use radius
<NightDragon> yes, i know you can. How many users will be using this net?
<kimi_> I don't have now that number of users
<NightDragon> ballpark it for me
<kimi_> but up to now I'm have if it works for 5 or 10 users
<NightDragon> is this for a buissness? around 50 users or so?
<TheJ3ckyl> kimi_ Best thing to do is go google some radius confiration example, there are a lot of ways to setup a radius configuration, as you can include access lists, times of access, type of auth etc..
<NightDragon> 5 or 10 users? man, for only 5 or 10 users you probably _REALLY_ dont need radius unless you really want it... i guess
<kimi_> I have downloaded using apt "xtradius" but it doesn't not handle WPA authentication and the wireless clients can not login
<kimi_> I want a prototype of 10 users, but it will have (I hope) thounsands
<TheJ3ckyl> other then that just download and install radiusd and point your routers to it
<NightDragon> thats because theres a lot more to it then that, kimi if you really want to go for it i can help you with it
<NightDragon> your best way is probably router--> radius --> kerberos --> /etc/passwd (or mySQL DB, whatever)
<TheJ3ckyl> kimi_ your router will not pass WPA to the radius server
<kimi_> thanks, It will be grate if you can help me
<NightDragon> but first, what is this network going to be used for/
<TheJ3ckyl> LDAP, it good with radius as well
<qman__> yeah, for thousands of users, LDAP would probably be best
<NightDragon> well hold on guys
<NightDragon> we have literally no idea what he's trying to do
<kimi_> In the end, my idea is not only to obtain authentication using MySQL. I would like that the radius server calls  a process passing information about the client that is connected. I want to know MAC address os the router, and mac address of the client . And I know that information gets into the server
<NightDragon> LDAP could be a _really_ bad idea if he's trying to set up like a home or small buissness setup
<qman__> NightDragon, he said thousands of users
<kimi_> what I know up to now
<TheJ3ckyl> kimi_ you can pass that information is radius options
<NightDragon> yeah
<NightDragon> radius will handle that
<kimi_> yes, I know. what I could successfully do is setup XTRadius
<kimi_> to call a process when a Wifi clients wants to connect
<uvirtbot> New bug: #611695 in mysql-dfsg-5.1 (main) "mysqlhotcopy produces error about log tables" [Undecided,New] https://launchpad.net/bugs/611695
<kimi_> but then I said "login incorrect"
<kimi_> and I think that is because xtradius cannot handle WPA authentication
<TheJ3ckyl> Ok, so you want radius to hit up a shell script?
<qman__> kimi_, radius simply handles the authenticating process and such, you still need a backend database of users and passwords to authenticate against, and radius supports tons of them
<TheJ3ckyl> yeah, wait a second
<TheJ3ckyl> Not sure what WPA has to do with Radius.....
<kimi_> ok, I will ahve a backend, but not directly to MySQL, it will call a process first
<TheJ3ckyl> here me out
<qman__> anything from flat file and PAM to LDAP and mysql
<TheJ3ckyl> Your router is either going to support radius for WPA or it's not
<TheJ3ckyl> radius is radius
<smoser> Daviey, ping
<TheJ3ckyl> Your router is either going to send out a radius request for WPA auth or it's not
<kimi_> my router has a wireless authentication feature that is WPA Enterprise, where I must configure a RADIUS server
<TheJ3ckyl> The router might just perform radius for console, aux, term, auth
<kimi_> what I found is that when I setup that, every client that wants to authenticate makes a call to the radius server
<TheJ3ckyl> ok, yeah that make sense
<kimi_> but my actual radius server cannot authenticate wireless clients, only wired ones
<TheJ3ckyl> radius, should not care
<TheJ3ckyl> unless it's passing something that is not compliant to the server?
<kimi_> I have tested radtest from machines connected to LAN
<kimi_> and radius worked perfect
<kimi_> but from a wireless network it wont
<kimi_> it says "login incorrect"
<qman__> yeah, the radius server won't care about that, so it must be an issue with the configuration/implementation of the clients requesting authentication
<TheJ3ckyl> What radius server does your router vendor recommend?
<kimi_> and the same information (user, pass) from a lan machine works great.
<Daviey> smoser: o/
<TheJ3ckyl> not all radius servers are ==
<qman__> plenty of vendors use broken implementations
<kimi_> linksys (I have one with dd-wrt, another with the original firmware, and another with CoovaAP( and Apple Airport
<kimi_> all of them the same problem
<TheJ3ckyl> I have had vendors that are compliant only with x radius server
<kimi_> I would be happy if it only works with linksys and cisco.
<cloakable> What are you encrypting the passwords with?
<TheJ3ckyl> Yeah, could be a cleartext thing
<TheJ3ckyl> or perhaps it on;y will do PAP/CHAP
<qman__> with that much variation in hardware, you're going to want to set your radius server to accept pretty much any handshake method
<cloakable> yeah
<cloakable> Which needs cleartext backend
<kimi_> sorry
<TheJ3ckyl> Yeah, but some router clients will only send pap/chap
<kimi_> I closed the wrong chat room
<thesheff17> anyone really good with vmbuilder here? I have some weird things going on with it?
<TheJ3ckyl> and depending on your radius server, some radius servers will only do cleartext or encryption
<kimi_> yes
<kimi_> I think that's the problem
<kimi_> xtradius is doing only cleartext and not handling the encryptation
<kimi_> that may be why I cannot connect wirelessclients correcly but yes using radtest
<cloakable> mmmm
<TheJ3ckyl> Did the router vendor recommend a particular radius server?
<kimi_> I didn't found any recommend vendor. In the setup I only have the IP and port
<kimi_> and If I want WPA Enterprise or WP2 Enterprise
<qman__> dd-wrt should support most anything
<qman__> but a stock linksys is going to be much more limited
<qman__> I don't know what they use
<kimi_> I could connect to radius with a stock linksys
<kimi_> I have tested 4 routers with different firmwares, all of them do the same
<TheJ3ckyl> cleartext auth?
<TheJ3ckyl> with the linksys?
<qman__> in this case, a packet capture might be in order, to figure out exactly what's going on
<TheJ3ckyl> Yeah, that would at least tell you if the radius request is sent in using cleartext or not
<kimi_> I have tested linksys with dd-wrt, coovaap, and stock firmware. all of them with WPA2 Enterprise to the same radius
<kimi_> neither of them could authenticate
<TheJ3ckyl> Just because it's WPA doesn't mean radius is sending it encrypted
<qman__> WPA is only encrypting the over-the-air communication
<kimi_> mm using wireshark and capturing what arrives to the radius port?
<qman__> the radius authentication could be in cleartext or any number of handshake/encryption methods
<kimi_> oh I see
<qman__> the first step is figuring out what method the router is attempting to use
<qman__> and a packet capture might tell you, or would at least tell you cleartext versus encrypted
<kimi_> ok
<TheJ3ckyl> exactly
<kimi_> I will do that with wireless and wired clients in order to compare
<TheJ3ckyl> Sometime on the router, you can specify the method in the radius config as well
<TheJ3ckyl> I know Cisco and Juniper you can
<TheJ3ckyl> not sur eon Linksys
<kimi_> in the router when  I select WPA2 Enterprise I can configure these parameters: radius ip, radius port, secret key, passfrhase and key 1
<TheJ3ckyl> yeah, sounds like it doesn't have the cleartext, or encryption option then
<TheJ3ckyl> So you will need to sniff it as found out what it defaults to
<TheJ3ckyl> Like we mentioned earlier at least you will know whether or not your dealing with cleartext or not
<ttx> mathiaz_: yo
<kimi_> yes.and I will have to change the radius server in order to handle the encriptation or not
<TheJ3ckyl> yup
<kimi_> how can I change that in radius?
<ttx> mathiaz_: I'd need updated status on server-maverick-hadoop-pig and server-maverick-uds-seed-review for the release meeting
<ttx> mathiaz_: looks like they are in bad shape
<kimi_> thanks to all of you. I will do the testing when energy come back to my office
<romanoff> Hello, I am using EC2 service and have installed Ubuntu Server 10.04 as described on https://help.ubuntu.com/community/EC2StartersGuide page. I have allowed users to go to port 80 outside in EC2 panel. But I just can't start web app on port 80. I get this - http://pastie.org/1067075. Seems like some process is running on port 80. But I couldn't see any using 'sudo netstat -anp | grep 80' command. Any ideas?
<kimi_> now I'm connected to a 3G modem with the laptop
<mathiaz_> ttx: updating the BP now
<TheJ3ckyl> Well, there are a couple places
<TheJ3ckyl> for auth, lemme, see
<TheJ3ckyl> If your doing for example
<TheJ3ckyl> MSCHAP
<TheJ3ckyl> authenticate {
<TheJ3ckyl>          
<TheJ3ckyl>          #
<TheJ3ckyl>          #  MSCHAP authentication.
<TheJ3ckyl>          Auth-Type MS-CHAP {
<TheJ3ckyl>                mschap
<TheJ3ckyl>           }
<TheJ3ckyl> 	
<TheJ3ckyl> or Auth-Type cleartext {
<smoser> ttx, do you know what kernel is used on the isos ?
<smoser> ie, what does netboot/ubuntu-installer/amd64/{kernel,initrd.gz} on an iso come from "?
<rasengan> Is it safe to upgrade Ubuntu 9.10 to 10.* whilest ISPConfig is installed?
<ChmEarl> smoser,  2.6.32-21-generic
<ttx> smoser: I think it's linux-server
<ttx> hm
<mathiaz_> ttx: both specs updated
<ttx> mathiaz_: looking
<kimi_> oh look at that
<ttx> mathiaz: about hadoop, you think you are still on track ?
<smoser> hm..
<smoser> so any idea how i would get a initrd.gz given a linux-server package from the archive ?
<mathiaz> ttx: yes - the WI defined for alpha3 are not impacted by any Freeze
<smoser> i'm guessing its not the same as i'd get if i plucked it from /boot/ after installing package
<ttx> mathiaz: same for seed-review ?
<mathiaz> ttx: the seed-review discussion will probably spill over in the beta cycle
<ttx> ah
<mathiaz> ttx: I'm going to update the BP
<ttx> mathiaz: ok POSTPONED / copy to beta as TODO
<ttx> for the last two, I think
<ChmEarl> smoser, what are you trying to do?
<smoser> netboot a maverick install.
<smoser> using kernel/ramdisk from iso is too old, as that package is no longer in archive.
<ChmEarl> smoser, sorry - maverick is older than hardy?
<smoser> :)
<smoser> maverick is 10.10
<kimi_> thanks to everybody, I will come back later
<kimi_> and let you know how I'm doing
<kimi_> thanks TheJ3ckyl
<ChmEarl> smoser, now I know ;)  - here is the netboot pair for maverick http://archive.ubuntu.com/ubuntu/dists/maverick/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/
<ChmEarl> smoser, also there is xen aware boot set
<smoser> yeah, thats too old
<smoser> :-(
<smoser> do you know how that is created ?
<ChmEarl> smoser, whats missing or wrong with it?
<smoser> the kernel that is there is not in the archive. so if you boot off of it, the installer says "i can't find modules for this kernel"
<smoser> which goes badly
<ChmEarl> smoser, version is 2.6.35-10-generic
<smoser> which is not available in archive.
 * Daviey screams
<jpds> Yo.
<pmatulis> "in (cyber)space, no one can hear you scream"
<ChmEarl> smoser, yes same thing happens with the xen boot files
<ChmEarl> smoser, I tried it a second ago
<RoyK> pmatulis: - In space, loud sounds, like explosions, are even louder because there is no air to get in the way
<jpds> pmatulis: You'd hear Daviey.
<pmatulis> jpds: but i didn't
<a_ok2> RoyK so you need to scream explosive?
<RoyK> :)
<a_ok2> RoyK: I solved my problem by the way, based on Lun number I made udev rules that make some nice symlinks(very descriptive names this time)
<uvirtbot> New bug: #611721 in tomcat6 (main) "postinst fails if group exists" [Undecided,New] https://launchpad.net/bugs/611721
<uvirtbot> New bug: #611722 in apache2 (main) "package apache2.2-common 2.2.14-5ubuntu8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/611722
<ccheney> mathiaz, did you see my email from a few days ago? i've been out sick but didn't see a response
<mathiaz> ccheney: yes - I should get to it today
<ccheney> mathiaz, ok
<mathiaz> ttx: how is usually JAVA_HOME handled?
<mathiaz> ttx: do you always have to set it manually?
<mathiaz> ttx: or is there a central place where this is set automatically
<mathiaz> ttx: ?
<ttx> mathiaz: hm
<ttx> mathiaz: in tomcat6 there is a bit of code to pick the right JVM
<ttx> see http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/lucid/tomcat6/lucid/annotate/head%3A/debian/tomcat6.init
<ttx> lines 54-65
<ttx> and then an /etc/default.tomcat6 settings lets you overwrite that
<ttx> /etc/default/tomcat6
<ttx> that's what I reproduced in terracotta's packaging
<Daviey> Ahh.. i was wondering that myself yesterday
<ttx> if you strongly depend on default-jre-headless you can hardcode /usr/lib/jvm/default-java
<ttx> the tomcat6 technique lets you specify a default preference order, basically
<raubvogel> When you use ubumirror with reprepro, how do you make the later check in the directory created by the former for new/removed packages?
<mathiaz> ttx: it seems like JAVA_HOME should be centralized
<mathiaz> ttx: isn't there an alternative system already in place?
<mathiaz> ttx: for managing which version of java is the default one?
<mathiaz> ttx: if tomcat6, hadoop, terracotta are all doing the same...
<ttx> mathiaz: the problem is you need to set JAVA_HOME, not just the path to the java executable
<ttx> but maybe that can be done
<thesheff17> I run tomcat, jboss and terracotta at my company and I use the java service wrapper. http://wrapper.tanukisoftware.com/doc/english/download.jsp
<thesheff17> it has a bunch of advanced features for java
<SpamapS> ttx: seems like the solution there is to make the alternative point at a shell script that sets JAVA_HOME and then runs the real jvm
<SpamapS> thesheff17: I've heard good things about that too.
<thesheff17> yea I do like it allot...it is a little hard to setup but once is working correctly it is very easy to adjust ram, configuration, and when always shutdowns tomcat correctly
<SpamapS> I think my buddies who maintain a large SOLR cluster use it too
<Misterio> In ubuntu server, what is necessary to do to make a process to autostart? For example, ssh, apache, samba...
<cloakable> nothing
<thesheff17> Misterio: update-rc.d apache2 defaults is what I used to use.
<cloakable> install it from apt and it will start on boot
<thesheff17> I believe it is still valid with 10.04
<cloakable> apache2 has always started automatically for me
<Misterio> It says that file already exists, and nothing happens
<a_ok2> it seems that kvm does not work without etherboot yet it is not dependency???
<thesheff17> if it already exists then it should be starting
<thesheff17> if it isn't there is something wrong with your setup
<thesheff17> a_ok2: I use kvm without etherboot without any problems
<thesheff17> a_ok2: are you trying to create a bridge for KVM?
<a_ok2> thesheff17: I wonder why it insists on loading optrom than
<a_ok2> thesheff17: I already have
<a_ok2> will check out the bloody scripts
<a_ok2> thesheff17: I have created a bridge and a tap. however non of the parameters I gave sugests it should use pxe. (I let it boot from cdrom to be exact)
<smoser> kirkland, intended behavior ?
<smoser> byobu-installer
<smoser> ssh system where 1 session is open. i don't get a prompt for selection ?
<a_ok2> thesheff17: sorry it was just a warning kind of error, the reason it broke of was that it apparently can not when ommiting host in -vnc
<thesheff17> ah ok
<papertigers> Does anyone know if you can directly connect two VM's in kvm
<lolufail> hi!
<thesheff17> papertigers: what do you mean directly connect?
<papertigers> thesheff17: link a crossover cable trunk linking to physical boxes
<papertigers> like8
<papertigers> thesheff17: say I had two VM's , vm1 and vm2 they each have one nic bridged to the physical network, can I somehow also give them another nic directly connecting them
<lolufail> I'm having the weirdest problem: ubuntu lucid server 64 on a debian host.
<lolufail> the VM stops booting after "Begin: Running /scripts/init-bottom ... Done.", verbose says he hangs at mountall.
<lolufail> when I append "init=/bin/bash" to the kernel line, remount the filesystem rw, remount it ro again, and reboot, the VM boots!
<lolufail> if I shut it down again, mount it on the host, unmount it again and boot it again, it hangs -.- wtf?
<lolufail> doesnt make any sense to me.
<lolufail> xen btw
<thesheff17> papertigers: that is a good question...is it possible to bridge two adapters and then just have the second adapter with a cross over cable.
<qman__> papertigers, I would think you could create a new bridge between the two virtual adapters and not include a physical one
<qman__> to get the same effect
<papertigers> qman__: interesting, can you create a bridge not linked to a physical nic?
<papertigers> thesheff17 and qman__ the reason I question is sometimes at school we use VMware and we have the ability to give x nics and connect them wherever for example a virtual vyatta router, I dont see why kvm wouldnt be able to do this because vmware can also be based on linux
<qman__> I don't see why not
<qman__> of course, the last time I messed with any of that extensively was with vmware 1.x
<lolufail> aany clues?
<qman__> lolufail, sorry, I don't know anything about xen
<papertigers> qman__: I can create a bridge using brctl addbr testbridge
<papertigers> however virt-manger wont let me select it because it is not bridged to any actual devices
<qman__> papertigers, ah
<a_ok2> papertigers: can't you just add a tap?
<a_ok2> i mean qman
<papertigers> a_ok2: ive never worked with taps directly how do you do that
<a_ok2> papertigers: first install uml-utilities
<papertigers> doing that as we speak already haha
<papertigers> a_ok2: okay got it
<a_ok2> than create a tap with tunctl -b -u <username that needs access (can be ommited)>
<a_ok2> it should say what tab it made
<a_ok2> than do brctl addif <bridgename> tap0
<a_ok2> papertigers: nothing to it really
<papertigers> ahh okay so basically i can create a bridge called trunklink
<papertigers> and add say tap1 and tap2 and assign tap1 to vm1 and tap2 to vm2?
<a_ok2> brctl addbr trunklink
<a_ok2> yes exactly
<a_ok2> that is what I do
<papertigers> a_ok2: okay thanks a lot I will have to play with this, I recntly saw that openswitch project too
<papertigers> http://linux-kvm.com/content/openvswitch-reaches-100
<a_ok2> do note that you need to assign MAC adresses, by default it pics the same for every VM in this setup you will have conflitcs
<a_ok2> papertigers: bridges work fine with me. can even use iptables on them
<a_ok2> papertigers: I was really amazed with that (never had a firewall on a switch before)
<papertigers> a_ok2: yea I need to get some iptables going on my kvm machine
<papertigers> did it get complex?
<thesheff17> yea another question is say I have a box running two VM.  if one is communicating with the other does the traffic actually flow out of the cat5 to the switch and back in?  Or is KVM smart enough to know to route traffic internally?
<a_ok2> no, you just need to know that you have to put the rules in the forwarding table instead of input
<papertigers> thesheff17: should hit the bridge device which is actually a switch
<papertigers> and it should not go out
<thesheff17> ah ok
<thesheff17> cool
<papertigers> brctl showmac vr0
<papertigers> brctl showmac br0
<papertigers> its showmacs
<mathiaz> ttx: how about having a standard directory for JAVA_HOME
<mathiaz> ttx: and then manage the standard directory as a symlink to the actual jvm used
<a_ok2> papertigers: the nice thing of putting firewall rules on the bridge is that you only have to define them onces and firewall all the machines on it (one of my bridges is connected directly to the internet)
<ttx> mathiaz: whatever solution would need to be discussed on debian-java
<papertigers> thesheff17: that work? it should show a local field too
<mathiaz> ttx: agreed
<ttx> mathiaz: since most of the action happens there
<mathiaz> ttx: it just seems that could be improved
<ttx> (even I do my commits in debian first)
<papertigers> a_ok2: are you doing the bridge device or the interfaces on it like vnet0
<ttx> mathiaz: definitely, but there may have been prior art
 * ttx eows
<mathiaz> ttx: any examples of JAVA_HOME in debian/rules?
<papertigers> a_ok2: would you mind sending me your iptables script and striping out anything you dont want me to see?
<ttx> in debian/rules you set it to whatever you build-dep points to
<ttx> mathiaz: JAVA_HOME=/usr/lib/jvm/default-java
<ttx> mathiaz: since you bd on default-jdk
<a_ok2> papertigers: no you set the rules on the bridge, and use the Ip adresses or mac adresses that are used in the VM host if you need to need to filter based on that
<ttx> mathiaz: gtg
<mathiaz> ttx: ok - thanks
<papertigers> a_ok2: ahh okay
<mathiaz> ttx: have a nice weekend!
<papertigers> a_ok2: what kind of hardware is your KVM box
<a_ok2> papertigers: dell poweredge something, has two Xeon E5520, and 8GB ram
<a_ok2> disks are in a san (also a poweredge, running on openfiler)
<papertigers> a_ok2: jealous haha, I have a box I built with a phenom quad core and 8gig of ram
<papertigers> a_ok2: my disks are on my 5.4tb raid6 shared via nfs
<thesheff17> hehe I have a dell desktop running KVM :)
<a_ok2> thesheff17: well I have a laptop running kvm (on a 1.2 Ghz low voltage C2D) runs just fine
<papertigers> thesheff17: all my money goes into my computers :( why do i even work
<papertigers> a_ok2: how do you like openfiler
<thesheff17> I feel the same way
<thesheff17> I just bought a new i7 laptop
<thesheff17> is it possible to bridge a wlan0 to br0?
<a_ok2> thesheff17: we only have 900GB effectively (also raid 6) but they are those new SAS 6GB/s
<papertigers> a_ok2: I would love to have sas based storage, but for now I will stick with sata for cost reasons
<a_ok2> papertigers: it works greath if you have 2.3, unfortuanatly I have a bit to new hardware to run the stable version (perc h700 is not supported yet)
<a_ok2> papertigers: actually they are not that expensive anymore
<papertigers> my 1tb black WD drives never do me wrong
<papertigers> a_ok2: how much is a typical drive
<a_ok2> 300Gb 230 euro's
<a_ok2> ours where much cheaper though
<a_ok2> let me see if I can find what we paid
<papertigers> okay thanks
<a_ok2> papertigers: its not specified, unfortunatly. we have 5 300GB 6gb/s 15k Hot swappable disks. for about 1000 euros I think
<papertigers> a_ok2: great thanks for showing me tap haha now I am going to set up a bridge with a bunch of taps and vyatta and play with its routing
<a_ok2> papertigers: you can actually use iptable rulles on the interface i forgot (you just have to specify it diferently) check this out: http://www.sjdjweis.com/linux/bridging/
<a_ok2> gtg later
<papertigers> thesheff17: ahh kvm is so nice
<thesheff17> yea I really do like it...it works very well.  I have been fighting a little with vmbuilder.
<thesheff17> but I have been running kvm since 9.04 and never looked back at vmware
<papertigers> thesheff17: I am going to try vmbuilder today
<papertigers> hey do you know if there are any rules of thumb based on number of vms to processors
<thesheff17> papertigers I have a small python wrapper for vmbuilder if you want it. Nothing special and it is a work in progress but works well.
<thesheff17> vms per proc is tough...if most of the time the vm sits there and does nothing you can create a bunch....I try to limit 2-3 per CPU
<papertigers> thesheff17: per cpu core?
<thesheff17> papertigers: yes
<papertigers> thesheff17: I love python, sure id love to have a look at it
<papertigers> are you doing cpu pinning or just letting kvm controll that
<thesheff17> I'm letting kvm control that.  most linux machines just sit idle all day and then spike during a specific event cronjob usually....so I just make sure that I stagger cronjobs
<thesheff17> http://ubuntu.pastebin.com/Ayxrcqn5
<papertigers> thesheff17: hmm I am gonna set up a mini network in kvm maybe ill give them all like 128mb of ram and 1cpu
<papertigers> thesheff17: thanks I downloaded it.  What do you have your VMs doing, currently I have dns, web, and ubuntu mirror as my always up running vms
<thesheff17> basically I have been prepping moving my production env to KVM and want to be able to build VM on the fly for load balancing.  We are a big Java shop so we run tomcat, jboss, terracotta.
<thesheff17> so in the script I just basically concatenate a string to build the packages I want per machine
<papertigers> thesheff17: ahh nice, I need to find a company that will let me do their network and run ubuntu and VM's
<papertigers> thesheff17: how do you plan on doing load balancing?
<thesheff17> well I eventually want to get VM's running squid
<thesheff17> but for now we use an hardware F5 that is super expensive
<thesheff17> :(
<thesheff17> also you may have to adjust the script a little...it accounts for a local ubuntu repository
<papertigers> I have a local ubuntu repository, one of my VMs :P
<thesheff17> hehe nice
<papertigers> thesheff17: how do you plan on spawning vms based on load?
<thesheff17> that is a good question...I haven't gotten that far yet but plan on monitoring the load on the current VM's and put some zabbix threshhold on CPU & time and if that trigger happens spawn more
<papertigers> thesheff17: ive never used zabbix
<papertigers> what kind of vms do you want to spawn? webservers?
<thesheff17> basically just a monitoring tool..I'm sure most can do it
<thesheff17> yea web servers
<thesheff17> and jboss
<smoser> Daviey, ping
<smoser> instances go from pending to terminated.  /var/log/libvirt/qemu/i-37430731.log shows:
<smoser> libvir: Security Labeling error : internal error error calling aa_change_profile()
<thesheff17> there is also a bug right now for tmpfs param which builds it in RAM for testing and is very quick.  You have to get the latest package from here https://launchpad.net/~vmbuilder/+archive/daily/+packages
<papertigers> thesheff17: so basically you would need to set up a load balancer and dynamically add the ip's of the newly added vm's to the list of servers
<thesheff17> yes or just have a range already in there
<thesheff17> like 192.168.1.50-192.168.1.75 will be my web server range
<papertigers> thesheff17: but if you had the range in there and a vm was off, wouldnt it still try to send the connection to it
<thesheff17> and they do active checks on apache
<thesheff17> they won't serve boxes not running apache
<papertigers> thesheff17: ahh okay, what load balancer is that?
<thesheff17> I'm using pound for our dev env and an F5 for production
<thesheff17> papertigers: hehe I even run the pound server on the KVM server
<papertigers> thesheff17: I am looking into doing this too now haha
<smoser> above, i found bug 599450, trying hally's work around. to disable.
<uvirtbot> Launchpad bug 599450 in linux "[apparmor] getattr handled incorrectly in 2.6.35-6.7" [High,Fix committed] https://launchpad.net/bugs/599450
<papertigers> thesheff17: I was playing around with migrate, I had it working perfectly, distributing load would be awesome too
<thesheff17> papertigers that is such a good idea to migrate them around too :) Here is my config file for pound: http://ubuntu.pastebin.com/dyTjeV9Y
<thesheff17> papertigers: it is setup to just load balance two machines but can easily have more
<papertigers> thesheff17: thanks I have so much to play with now haha
<thesheff17> papertigers: you can also do SSL with pound which I really like...not all load balancers have support for SSL.
<papertigers> yeah moving them accross kvm servers is cool.  I could write a python script to monitor load and then migrate to the other kvm based upon load
<thesheff17> papertigers: np I have been working on KVM and vmbuilder for a while now and would love to see more people use it and bounce ideas off each other. vmbuilder is so promising I can really build a lucid apache server in about 5 min.
<papertigers> thesheff17: yeah i need to use vmbuilder, going through virt-manager and doing a full install sucks
<papertigers> thesheff17: do you plan on building vms or having them built and turning them on when needed
<thesheff17> papertigers: for production I would have them built and off.  Chances are I will spin up manually until I get all this working.  Eventually though I want my entire env build from vmbuilder.  Auditors are climbing up my back all the time telling me my servers are not the same
<thesheff17> papertiger: I would love to just send the auditors my python script and say this is what our servers is running and nothing else.
<papertigers> thesheff17: haha nice, yeah I am doing this all in my home lab for now.  What company do you work for
<thesheff17> papertigers: ticketreserve.com
<thesheff17> papertigers: hopefully no one gets offended...it has had some problems in the past :)
<papertigers> thesheff17: what has?
<thesheff17> papertigers: the company
<thesheff17> papertigers: I do allot of consulting work though also
<papertigers> thesheff17: ahh okay
<papertigers> tell them you yourself are opensource haha
<thesheff17> papertigers: I wish it was that easy :)
<papertigers> thesheff17: I hate that on most of my vm's shutdown doesnt work :(
<thesheff17> papertigers: are you running them from virt-manager or are you running shutdown -h now within the vm?
<papertigers> virt-manager or virsh shutdown vm
<papertigers> in the vm i can do a halt just fine
<thesheff17> papertigers: ok yea I can't say I have had a vm not work with shutdown -h now inside the vm
<RoyK> papertigers: I've seen that - I can't shutdown my VMs from virt-manager either
<RoyK> 'halt' or similar from inside the VM works, though
<papertigers> RoyK: yeah same
<papertigers> thesheff17: interesting, I am looking at that tap stuff, looks like i cant assign it directly to a device, needs to be a part of a vm
<thesheff17> papertigers: yea I'm having some weird results from vmbuilder...I'm emailing back and fourth with the developer for that project.
 * RoyK reads up on Fortran
<Daviey> smoser: Yeah.. i think that is apparmour playing it's magic - i think a fix is landing soon!
<Daviey> that isn't our bug to solve, sadly.
<SpamapS> Daviey: http://ceph.newdream.net/wiki/RADOS_Gateway
<SpamapS> Daviey: ever seen that?
<SpamapS> Daviey: its an S3 store.
<mullerk> ]
<mullerk>  i have a hp server, proliant dl120. I'm trying to install ubuntu 8.04, but the sata hard drive is not being detected in the installation. how can I discover the correct driver for that?
<remix_tj> mullerk: maybe depends on the contoller
<remix_tj> lspci maybe can help
<mullerk> the problem is that I don't have the driver for that
<mullerk> accordgin to hp website, it's a "HP Proliant Smart Array Controller". Anyway, I'm not using RAID
<au> hello, I followed https://help.ubuntu.com/10.04/serverguide/C/postfix.html but when I do ehlo mail.mydomain.com, it has everything else but 250-AUTH LOGIN PLAIN
<au> how can I get it to show 250-AUTH LOGIN PLAIN
<au> brr, missing those question marks :)
<Daviey> SpamapS: I hadn't.. looks interesting
<soren> SpamapS, Daviey: S3 really isn't rocket science. It took me a day or so to implement in OpenStack.
<soren> I'm surprised there isn't of them out there :)
<au> hmm so any postfix gurus around?
<RoyK> au: I'm not a guru, but I've used it for some years...
<au> hmm would you be able to tell me what I am doing wrong? please
<RoyK> au: what are you trying to achive?
<RoyK> simple smtp?
<RoyK> or authenticated smtp?
<au> setup a simple smtp server
<au> where yes I have to authenticate to send emails
<RoyK> au: isn't that 250 ok, then, if you want auth?
<au> hmm found a smtpd_tls_auth_only = yes in main.cf, one moment
<RoyK> sounds reasonable :)
<RoyK> TLS is a wee bit more secure than plaintext
<au> I would like it to have both options
<RoyK> au: if it's on a private LAN, just define the IPs from whom you want to allow relay
<au> nope, not private lan
<au> RoyK: thanks for help :)
<RoyK> :)
<thesheff17> au: yes I just checked mine and I have relayhost = ip  I also don't have to authentication.  I know this doesn't help but know it works...have you checked that you make sure you can get to port 25 on that smtp server?
<SpamapS> soren: backed by CEPH, this RADOS should be really damn scalable.
<au> thesheff17: yep it works fine :) now just to see why it's giving me a wrong ssl certificate :)
<cablop> i need some help to setup a https apache server
<Pici> What part of the setup is causing issues?
<cablop> in one step i'll need to create certificates and other things and i don't know how to setup the server name... i mean the domain name that i need to create the certificates for, how can i?
<cablop> an old guide says i need to go to "System->Administration->Networking:General" butr that menu does not exist here
<mullerk> hey guys, i'm still looking for how to install the ubuntu server in a hp server with sata driver.. the hd is not being reconized... somebody help me!
<cablop> or maybe i can sklip that hostname part and go ahead?
<Pici> !hostname
<ubottu> Use hostname <somehostname> to set the hostname, or to do it permanently: edit /etc/hostname and /etc/hosts . WARNING! Make sure that your current hostname and /etc/hosts match, otherwise sudo may not work properly.
<cablop> wait a second can i set up a domain.name as a hostname?
<RoyK> mullerk: what sort of SATA controller do you have on that one?
<soren> SpamapS: I guess I didn't look too closely. Is it actually bound to ceph in any way, or is it just a frontend to an arbitrary filesystem?
<thesheff17> cablop: I think the new 10.04 has an certificate built in if you install openssl
<thesheff17> cablop: look under /etc/apache2/sites-available/ dir
<thesheff17> cablop: that will be the location for config stuff.
<cablop> thanks thesheff17
<papertigers> thesheff17: this setup took me a bit to think about, going through with the vyatta install haha i stress my kvm box so much
<thesheff17> cablop: check this out http://ubuntu.pastebin.com/mrjDZw2y
<thesheff17> cablop: it is a little outdated that first link but still works.  If you are going to get your cert signed you have to run it through that process as well and put the right files in the right place.  /etc/apache2/auth/ is an directory I just created.
<SpamapS> soren: as I understand it, RADOS is CEPH's lower level
<soren> SpamapS: Oh, I see.
<SpamapS> soren: so CEPH is really just an interface to RADOS, as is the RADOS Gateway which speaks S3
<thesheff17> papertigers: nice...have you used virt-clone?
<papertigers> thesheff17: yeah ive used it like once
<thesheff17> papertigers: I haven't used it in a long time but there was a problem that you had to edit /etc/udev/rules.d/70-persitent-net.rules and adjust the network.  which was a pain.  I think I have started cloning a vm that had the script on the box and when you logged in as root it did a reboot and then the network was fixed.
<papertigers> but then you have to set the hostname again and change the nic
<RoyK> anyone that knows where I can get an affordable SSL certificate?
<thesheff17> godaddy
<RoyK> g'day
<thesheff17> 3 years 24 dollars
<cablop> thanks thesheff17
<cablop> RoyK try comodo too, they have certificates too
<RoyK> seems godaddy is a good place to start - thanks :)
<thesheff17> papertigers: what are you trying to do with vyatta?
<thesheff17> RoyK: I sound a like a godaddy rep but they have cheap ssl certs and there turn around time on them are quick.  Others take time to review bs thinking there is some type of extra security built into delaying you your cert.  If it is isn't production self signed certs are always a good way to go.
<thesheff17> Royk: hell have the govt certs are self signed.
<RoyK> thesheff17: what would you recommend?
<cablop> thanks for the help
<cablop> i have to go for a while
<RoyK> I don't want self-signed certs
<cablop> see ya
<thesheff17> RoyK: just the cheapest one for as long a you want...the crap that makes it green in the title bar is over kill :)
<mullerk> Roy: it's a HP Proliant Smart Array COntroller
<smoser> kirkland, Daviey one of you able to anwer
<smoser> http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu/maverick/eucalyptus/devel/annotate/head:/debian/eucalyptus.conf
<smoser> for VIRTIO, i put that on the CC or the NC
<smoser> i tried CC and restart with CLEAN=1, but no affect it seems.
<smoser> node controller. verified (i think).
<raubvogel> which user does ngnix run as?
<Daviey> o/
<Daviey> smoser: I think we are carrying the force virtio patch, which might be causing that.
<smoser> no
<Daviey> smoser: Is the problem that, you can't get virtio, or you can't disable it?
<smoser> without that stuff, it does virtio root
<smoser> s/virtio root/scsi root/
<smoser> adding it to eucalyptus.conf on the node changes it to virtio root
<smoser> it seems broken to me that that setting would be on the node
<Daviey> where would you expect it to be?
<Daviey> surely it's the node that does the magic
<smoser> yes, but surely it has to be configured on a per-cloud basis
<Daviey> per *node* basis
<smoser> it would be bonkers to have an image get one set of hardware on one node, and one set on another node.
<smoser> because 2 nodes /etc/eucalpytus.conf settings differed.
<Daviey> smoser: whilst i agree, it does seem to be logical to have the setting on the nc
<smoser> no.
<smoser> :)
<Daviey> It reasonable to assume that if an end user changes the defaults, they need to have a plan to make it migrate themselves
<Daviey> smoser: patches welcome if you disagree enough :)
<SpamapS> Daviey: so , do we have any idea if eucalyptus will be able to display any graphs we produce?
 * Daviey makes a call.
<Daviey> SpamapS: Yes... just clarifying how now..
<smoser> of course it will.
 * smoser is feeling a bit snarky after dealing with instability all day
<SpamapS> BTW does anybody know who moderates ubuntu-devel@lists ?
<Daviey> SpamapS: check mailman]
<benedikt> shouldnt libivirt store the virtual disk images somewhere in /var?
<benedikt> it has been placing my images in my ~ for some reason
<smoser> SpamapS, i've pinged cjwatson in your position before, and it got fixed.
<smoser> he's probably overkill for that, but i'm fairly certain he has acl
<benedikt> more specificly, how do i control where libvirt will store teh image for a guest i create
<tyska> hi guys, im having problems with CUPS + WIN, cant print on authentication required printers, can someone help me?
<tyska> im stucked very much time on this =/
<thesheff17> ping benedikt
<thesheff17> benedikt: ping
<mustelo> I've got a lab running lucid (desktop) connecting via kerberos to a server. authentication works great, and I can login via the console on the desktop machines, but graphical login hangs. has anyone seen this issue?
<benedikt> thesheff17: pong
<thesheff17> benedikt: how are you building your vm?
<thesheff17> virt-install?
<benedikt> ubuntu-vm-builder
<thesheff17> haha funny...ok I was creating multiple vm with a script
<thesheff17> and they where overwriting each other
<thesheff17> I talked to the developer and he just said what ever directory you are in they will build in there.
<benedikt> ah, cool.
<benedikt> then its pretty easy to decide where they go
<thesheff17> At least here on lucid, the vm gets placed inside $CWD/ubuntu.kvm.
<thesheff17> it used to be /var/ something...I was also very confused
<thesheff17> I haven't tested it yet but I bet that is it.
<benedikt> im gonna try later
<benedikt> ill let you know
<thesheff17> k sound good ttyl
<papertigers> thesheff17: I messaged you if you are still around
<kimi_> HEllo to everybody. Does anybody ever configured a freeradius in Ubuntu?
#ubuntu-server 2010-07-31
<benedikt> thesheff17: it creates the guest in the pwd
<benedikt> wd*
<papertigers> ubun
<blackstar256> f
<papertigers> anyone here using vmbuilder besides thesheff17
<papertigers> unless your around
<newz2000> hi, using ubuntu server 8.04 when I can't seem to disable php5 on certain virtualhosts
<newz2000> using LoadModule php5_module ... even without the accompanied AddType ...php stuff automatically enables it for all my sites
<newz2000> Can anyone suggest a way to stop this? It's messing up my webdav configuration
<kimi__> hello
<kimi__> I have problems getting freeradius running in Ubuntu in order to authenticate wireless users , can anybody help me?
 * newz2000 got his prob resolved. php_admin_value engine off
<ExpertOfBust> anyone tell me if there's a webhosting control panel for ubuntu LTS
<EvilPhoenix> question about iptables and how it processes the rules and references to user defined chains
<EvilPhoenix> if anyone is experienced with iptables please highlight me because the question is too long to post here without getting smacked by flood limits
<Psi-Jack> Is anyone here familiar with Ubuntu 10.04 server and openldap? I'm having issues I'm trying to resolve with not being able to get anonymous access to the ldap server after basic configuration from https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
<Psi-Jack> When I try as a regular user (not as root), I just get No such object (32), for anything.
<cshong> I hope someone can help me with pure-ftpd on Ubuntu Server.
<uvirtbot> New bug: #611974 in mailman (main) "Sync mailman 1:2.1.13-4 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/611974
<thesheff17> benedikt: thanks for letting me know
<thesheff17> papertigers, benedikt, I updated my vmbuilder script to reflect creating the directories when creating the vm.  I haven't tested it yet but I'm pretty sure it works. http://pastebin.com/XqZf4nKU  I will test it later today when I have time.
<matt_keys> for some reason pork doesn't want to connect to irc.freenode.net. I install ircii, then run the /server irc.freenode.net and it works... wtf?
<benedikt> thesheff17: the script looks good
<ChmEarl> nothing here today: http://cdimage.ubuntu.com/ubuntu-server/daily/
<ChmEarl> CD daily build
<uvirtbot> New bug: #612124 in tomcat6 (main) "Sync tomcat6 6.0.28-2 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/612124
<incorrect_> hi, i am looking at freenas, openfiler and then i thought ubuntu-server must do a nas setup with a pretty ui?
<chilicuil> incorrect_: I've found openfiler to be the best option, easy to manage and with support for custom cifs conf, obviosly that's just my opinion
<incorrect_> i noticed openfiler doesn't do ext4
<incorrect_> i think i am just going to use ubuntu-server 10.04 in a kvm guest
<Jason1> Where can I get the default sshd_config file for 10.04?
<thebwt> Jason1: /etc/default/ssh ?
<thebwt> or /etc/init.d/ssh ?
<Jason1> no default config file in those directories.  just an ssh file
<thebwt> ah then I am not sure
<thebwt> is it /etc/ssh/sshd_config ?
<Jason1> yes.  somehow i've done something to it.  when I do a restart I get this
<Jason1> Could not load host key: /etc/ssh/ssh_host_rsa_key
<Jason1> Could not load host key: /etc/ssh/ssh_host_dsa_key
<Jason1>  * Restarting OpenBSD Secure Shell server sshd                                         start-stop-daemon: warning: failed to kill 29796: Operation not permitted
<Jason1> Could not load host key: /etc/ssh/ssh_host_rsa_key
<Jason1> Could not load host key: /etc/ssh/ssh_host_dsa_key
<thebwt> ah gotcha, they key mande when yuo install openssh server
<thebwt> would `dpkg-reconfigure openssh-server` fix that?
<thebwt> (sudo of course)
<thebwt> though
<thebwt> all your prior connection will complain about key mismatch
<Jason1> (not sudo, but same error anyway I just failed to put sudo just now to get the error message)
<Jason1> I don't want to knock out any of my users keys either.
<thebwt> hmm well if you don't have the ssh_host_rsa/dsa_key files you may be SOL?
<Jason1> the files are actually in the ssh folder though
#ubuntu-server 2010-08-01
<Jason1> ok I think I've fixed the issues.  I got it to restart now.  But it would help to know how I can get an original sshd_config file without doing a reinstall
<thebwt> hmm, you could download the .deb and extract it from that
<pmatulis> Jason1: the file obtained from downloading the source package is the same as /usr/share/doc/openssh-client/examples/sshd_config
<ivo_> guys do you think this will make a good swap devise: OCZ Vertex2 2,5" SSD 40 GB ??
<pmatulis> Jason1: but i can't say whether this file is what you get when you install openssh-server
<pmatulis> Jason1: it seems rather different from the one on my system
<qman__> ivo_, I don't have personal experience, but what I've read and heard suggests that SSDs aren't great for constant writing/rewriting, in that they wear out quickly
<qman__> I'd go for something like a raptor or 10/15k SCSI disk instead
<qman__> higher RPM disks will get access times down, which is the main advantage of SSD
<qman__> performance wise
<uvirtbot> New bug: #612180 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/612180
<mike1> Setting up a server/transparent proxy/web filter.  Can't get the relationship Modem-> Server ->Router ->  Network  working.   I think the PPPOE on the router is a major problem.  Can't get it to work from server.  Should I have PPPOE left on modem serving an address to server and server serving on ita 2nd NIC?
<mike1> The modem only assigns 1 address.
<diffra_home> hey all -- i've set the console resolution on my ubuntu server laptop (yeah...) and the resolution is correct, but it's only using the upper let 1/4 of the screen.  How do I configure this?
<giovani> diffra_home: how did you set the resolution?
<giovani> diffra_home: also, when you open your BIOS does it use up the whole screen?
<frith> is it possible to loopback mount a cow2 file?
<waheedi> hello
<waheedi> i have a 10.0 4 server running on 8 GIG of ram and two cpus
<waheedi> a large ec2 instance from amazon
<waheedi> and the average load is always above 3/0
<waheedi> somtimes its 4.4
<cloakable> Then you're loading it up too much
<waheedi> but i cant see any process using cpu
<cloakable> load isn't just cpu...
<cloakable> It's all the system resources
<waheedi> nop cloakable
<waheedi> average load, is the load for the processes waiting their turn to be processed on cpu
<cloakable> hmm
<waheedi> so apparently you need to know what is average load before answering me
<cloakable> Well, thank you for your highly diplomatic answer
<waheedi> you most welcome, mate
<waheedi> still i need someone help
<waheedi> i need to know what is the normal average load for a busy server
<cloakable> Linux includes processes in uninterruptible sleep states, typically waiting for some I/O activity to complete. This can markedly increase the load average on Linux systems.
<cloakable> According to a little basic googling
<cloakable> In that case, I'd look at your I/O
<TuxSax> waheedi: the best is that no process is waiting in queue for it's CPU turn, so the recommended load average should be always below 1
<TuxSax> but I have a server that is most of the time on 2 and it's working fine, mysql queries are loading it up, I'm running around 2700 queries every minute and that's what loads my server up
<waheedi> TuxSax: cloakable  according to this  https://bugs.launchpad.net/ubuntu-on-ec2/+bug/574910  i think i have the same bug
<uvirtbot> Launchpad bug 574910 in linux-ec2 "High load averages on Lucid while idling" [Undecided,In progress]
<TuxSax> waheedi: well, I can't help with solving those bugs... I only know I never like to see my servers going higher than 1 second in their load avg
<TuxSax> 1 second in CPU time terms is an eternity!
<waheedi> :(
<waheedi> it 2-4 on my server
<waheedi> im gonna switch bakc to a previous release
<TuxSax> but as I said, 2 sec on one of the servers and still responding well
<TuxSax> so it all depends on the platform I guess
<waheedi> yeah true TuxSax
<waheedi> now if i want to upgrade my server kernel
<waheedi> is it safe to do it on production
<waheedi> while its serving some users
<TuxSax> waheedi: preferably not as it may have to be reloaded, but I'm not an EC2 expert, you may better contact Amazon support for that
<waheedi> hmm
<waheedi> im running ubuntu
<TuxSax> Can't you better temporarily load another instance with an upgraded kernel and then move the service to there, then stop the "older" instance?
<waheedi> hmm
<waheedi> sounds better actually but it needs so many work
<TuxSax> I don't recommend this kind of upgrades on "live" serving systems... what if it went wrong?
<waheedi> many new installations, moving DB
<waheedi> yeah that would be a killer :)
<TuxSax> waheedi: there is always two ways, the short way and the right way, you choose... ;-)
<waheedi> hahaha 1000% true
<waheedi> btw i would love to share my new service with you check it out, http://dakwak.com
<Jason3> Im deploying linux on my server and I have just set the hostname for my machine "blah"  When I am setting up the FQDN should it be:
<Jason3> myip  www.mysite.com (hostname here)
<bogeyd6> probably not
<bogeyd6> Jason3, www should be an a record for the machines ip address
<bogeyd6> the fqdn for the machine should be blah.domain.com
<bogeyd6> then www as an A record
<bogeyd6> or cname, your choice
<Jason3> so the hostname i have set for my machine is NOT equal to the alias of the machine?
<uvirtbot> New bug: #612184 in mysql-5.1 (main) "package libmysqlclient16 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/libmysqlclient.so.16.0.0', which is also in package xplico 0:0.5.6-bt1" [Undecided,New] https://launchpad.net/bugs/612184
<Jason3> still having a slight problem.  i get this error sudo: unable to resolve host "gatorade" after I do sudo -i
<TuxSax> Jason3: paste the output of <<hostname -f>> please
<TuxSax> Jason3: and also the relevant line on your /etc/hosts
<AndyGraybeal> does anyone have a guide or website handy that explaines how to setup a seperate home partition during install with ubuntu 10.04?
<AndyGraybeal> something that is step by step
<klaas> mnaual partitioning during installation
<klaas> or you just do it by hand later:)
<AndyGraybeal> klaas: i've tried to manually do it during the installation.  for some reason, it doesn't automatically mount it.
<AndyGraybeal> or maybe there is something i'm not understanding.
<klaas> use fstab
<AndyGraybeal> okay then that's what i'll try; i thought the installer would handle that for me
<rdw200169> during the manual partitioning step you have to specify the mount points for all the drives you want in fstab.  if you specify a particular partition to be for /home, for example, then you're done
<uvirtbot> New bug: #612284 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.1 failed to install/upgrade: ErrorMessage: el paquete mysql-server-5.1 ya estÃ¡ instalado y configurado" [Undecided,New] https://launchpad.net/bugs/612284
<jeremyn> does anyone have any tips for this ssh error? "debug2: ssh_connect: needpriv 0"
<jeremyn> received using ssh -vvv <hostname> while attempting to ssh to a server
<jeremyn> it's just from one system, i can ssh to the server from another server no problem
<Jason3> just installed apache, mysql, and php on my server.  i have a test index.php file but when I enter it in the URL it tries to download the file rather than opening it.  ?????
<jeremyn> also, other communication between the "bad" client and the server works fine, it's just ssh with the problem
<Jason3> normal html files are fine.  PHP files don't want to open
<jeremyn> Jason3: be sure to enable php for apache, like "sudo a2enmod php5" or whatever else
<Jason3> says its already enabled
<jeremyn> Jason3: not sure man, sounds like the problem is that apache doesn't think php files are something that can be executed
<Jason3> can root own the index.php file and it run in the webbrowser?
<jeremyn> Jason3: that's not how it works. apache runs the php file on the server and sends you output
<jeremyn> Jason3: php files do not run in your browser
<jeremyn> i figured out my ssh problem btw if anyone is interested, i was trying to ssh <hostname> but hostname wasn't identified in /etc/hosts
<funkyHat> jeremyn: you need to install libapache2-mod-php5
<jeremyn> funkyHat: i think you meant that for Jason3
<funkyHat> jeremyn: sorry, yeah
<Jason3> i understand.  i think it might be permissions.  root owns the file
<funkyHat> jeremyn: if it's just something you want to define for ssh you could use ~/.ssh/config instead
<jeremyn> funkyHat: nah, i want it generally known but thanks for the tip
<funkyHat> that's also quite good if you want to define a username so you don't have to type it each time (of course if you have the same username as on the client that's irrelevant)
<funkyHat> Jason3: if apache was trying to serve the php file as text then it can read the file, so that's not the issue
<Jason3> ok
<Jason3> i've seen others in some foroumns that have the same problem but their solutions aren't working for me.
<Hilikus> i'm trying to configure bind9 to solve loopback problems with clients in the LAN, but my dns is dynip.com. if i define a zone dynip.com will it try to resolve X.dynip.com? i want to limit my dns server to a specific subdomain
<Hilikus> and have everything else forwarded
<Jason3> it was the browsers cache that was the problem.  I cleared the cache and all is ok
<Jason3> I've got my server running great at the moment.  What is the best way to do a full backup of it?
<thebwt> Jason3: what specifically? many people keep /etc under version controll
<Jason3> I'm running a server remotely, I dont have access to the physical box.   I've just setup ubuntu and have it working smoothly.  Im not very familiar with any type of linux and I want to backup everything so that rather than doing a fresh install and then going through and apt-get etc all the packages, and installing apache, mysql and php all over again is there a way to just copy files
<thebwt> I guess you could clone drives.. but thats inneffecient. installing thsoe things is easy, it's conmfiguring them thats the pain right?
<Jason3> yes that would be true
<thebwt> off on a hike bbl
<Jason3> thebwt: so the best thing to do is be prepared to do the full install and just keep my config files backed up?
<Jason3> (and mysql databases? websites, etc?
<Jason3> how do I turn it off so that browsers don't list the files in a folder if it goes there and there is no index file?
<Adri2000> Jason3: depends on the web server
<Jason3> apcahe2
<alex_joni> any folder or just one?
<Jason3> for a specific site in the www folder
<alex_joni> first google hit: http://blog.taragana.com/index.php/archive/apache-httpd-how-to-turn-off-index-listing-in-directory-protect-wordpress-wp-content/
<alex_joni> Options -Indexes
<kinygos> hi all...apologies for the n00b question.  i'm running ubuntu server 10.04 lts, and changing the keyboard layout to uk qwerty using console-data.  when i reboot, the layout is back to us.  how do i get it to default to uk?
<kinygos> if it's a lengthy answer, can anyone give me a hint as to where to look for an answer?
<sherr> kinygos: I have the following in /etc/default/console-setup :
<sherr> XKBLAYOUT="gb"
<sherr> Maybe relevant to your problem.
<kinygos> thank you :) i'll have a look
<MTecknology> So.. I added a PPA but apt-get update then apt-cache policy won't show the new version.. Any ideas why?
<kinygos> sherr: i made that change, but it hasn't made a difference...i've been hunting round for hints online but failing miserably...any other ideas?
<kinygos> does anyone know how to change the default keyboard layout and mappings in ubuntu server 10.04 lts?
<kinygos> different question, how do i get the following command to run at startup >sudo loadkeys --default
<kinygos> i'm going for a brute force solution to my problem...
<kinygos> i've copied /usr/share/keymaps/i386/qwerty/uk.kmap.gz to /usr/share/keymaps/i386/qwerty/defkeymap.kmap.gz
<ChmEarl> kinygos, sudo dpkg-reconfigure locales
<kinygos> ChmEarl: that sounds promising..thanks, brb :)
<kinygos> ChmEarl: that generated a bunch of locales...saying they were up to date...
<kinygos> rebooting...
<kinygos> ChmEarl: unfortunately, it's back to US again :(
<kinygos> at risk of spamming my question: how do i get ubuntu server 10.04 to remember the keyboard layout i specify with dkpg-reconfigure console-setup?
<kinygos> (clearly i meant dpkg-reconfigure console-setup)
<zhobbs> I'm trying to install an ubuntu-server KVM guest via SSH, how can I disable framebuffer support in the installer?
<MTecknology> zul: you around?
<MTecknology> !info passenger
<ubottu> Package passenger does not exist in lucid
<kinygos> apologies for repeating my question...does anyone know how to configure ubuntu server 10.04 to remember the keyboard layout/mapping/locale that i specify using console-data?
<kinygos> it reverts to US when i reboot the server :(
#ubuntu-server 2011-07-25
<airtonix> love driveby
<MrUnagi> I need a little help setting up a mail server with ubuntu, it seems i can log with telnet but not with a mail client, did i skip over a step?
<airtonix> depends
<airtonix> MrUnagi: what steps did you follow
<MrUnagi> to be honest i have tried several including in the ubuntu docu
<MrUnagi> https://help.ubuntu.com/community/MailServer
<MrUnagi> so basically my current state is i can telnet 143 and log in wit success
<MrUnagi> when setting up my client, i get the certificate error as expected, but the account remains offline
<twb> MrUnagi: https://help.ubuntu.com/10.04/serverguide/C/email-services.html is the official documentation.
<twb> AFAIK community/ stuff is unofficial
<MrUnagi> I've tried that guide as well
<MrUnagi> i know that i am at least communicating with dovecot because i get the certificate error
<twb> Are you testing this with "mutt -f imaps://MrUnagi@127.0.0.1/" on the server itself?
<MrUnagi> i tested telnet locally and remotely
<MrUnagi> i am not sure what mutt is
<MrUnagi> is it a mail client?
<twb> An MUA
<twb> Yes.
<MrUnagi> i have not tried it with mutt i was trying it with mail.app on os x
<twb> Please reproduce the problem with mutt on the server.
<MrUnagi> installing now
<twb> Also, unless you're doing STARTTLS, there should be no TLS (a.k.a. SSL) at all on 143.
<MrUnagi> well that was something that popped up in my mind as well
<MrUnagi> some error occurred and mutt quit
<MrUnagi> i have to locate the mutt log
<twb> You ran the command I gave you initially?
<twb> 12:41 <twb> Are you testing this with "mutt -f imaps://MrUnagi@127.0.0.1/" on the server itself?
<MrUnagi> yes
<twb> The error should sit around for a few seconds unless you hit a key, so it should be easy to transcribe
<MrUnagi> internal error occurred
<twb> Well that's bizarre
<MrUnagi> server bug referr to server log for more information
<twb> OK, that's more reasonable
<twb> SO now open another window and do "tail -fn0 /var/log/syslog /var/log/auth.log"
<twb> Then when you try mutt again, it'll show you what the server-side error was
<MrUnagi> well thats too easy
<MrUnagi> directory doesn't exist
<twb> As in /var/mail/MrUnagi doesn't exist?
<MrUnagi> i have reverted this snapshot so many times, i am having trouble keeping track
<MrUnagi> well Maildir
<MrUnagi> interesting
<twb> I should've had you check the logs first, I just didn't trust that it was a server-side problem at first
<MrUnagi> i can fix this no prob 1 sec
<MrUnagi> ok it appears i am logged in with mutt
<MrUnagi> and I'm sure i don't have postfix set up right because i have not received the test email i just sent
<MrUnagi> but being able to log in server side means dovecot is good right?
<philipballew> would anybody know anything about a linux network install
<twb> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<twb> MrUnagi: yes re dovecot is good; re postfix, have you told it to deliver to Maildir?
<philipballew> twb, i neet to install ubuntu over a network.
<philipballew> better
<twb> philipballew: OK, so what isn't working?
<philipballew> well. i have a laptop without a cd drive and to old to boot from usb
<philipballew> and i need to remove microsoft and install linux, like i always do.
<philipballew> this time i cant use a cd
<twb> You're sure it can't boot from USB?  And you can't easily remove its HDD and put it in another box to do the install?
<philipballew> i brobably could, if i get a case and some screws yeah.
<philipballew> *pobably
<philipballew> when did computers start to boot from usb?
<twb> I don't know.  Maybe you should, you know, test USB bootin.
<twb> I ask because if you have to PXE boot then you will need to set up a PXE server which is fiddly
<philipballew> and i am kinda lazy
<qman__> expensive computers started booting from USB around 2000
<qman__> it became a fairly standard feature around 04
<philipballew> # 3 on boot order is removeable devices twb
<philipballew> hum. this is like 2001
<ejv> evening everyone, i just installed ubuntu server 10.04 LTS on an old dell dimension desktop; I have two PCI ethernet cards, both recognized by Ubuntu, an Accton SMC2-1211TX and a 3Com Corporation 3c905B, i'm not getting an IP address (via DHCP) from my router, is there something that needs enabling?
<twb> ejv: pastebin your interfaces(5) file
<ejv> nevermind fellas, it appears a `dhclient -r` and then a `dhclient` fixed that right up as sudoer. thank you
<twb> Righto
<ejv> very weird that it wouldn't work "out of the box"
<ejv> brand spanking fresh installation -_-
<ejv> ok i rebooted, interfaces are gone again
<ejv> how do I tell dhclient to run at boot?
<qman__> configure your interfaces to use DHCP in /etc/network/interfaces
<qman__> see man interfaces for details
<ejv> i have auto dhcp and iface eth0 inet dhcp
<ejv> in /etc/network/interfaces
<ejv> (seperate lines)
<ejv> pardon me auto eth0
<qman__> well, if eth0 is the one that's plugged in, it's correct
<qman__> but since you have two, it's possible the one you're using is actually eth1
<ejv> ahh
<ejv> ok i will add a second identical line
<ejv> there's two because i was thinking one card was faulty, if i can get this working i'll pluck it right out
<ejv> qman__: if you're still around, im not familiar with this new version of grub, how do I tell the boot sequence to not be "quiet" but "verbose" ? :)
<qman__> short answer is, you don't
<qman__> it's possible to get the verbose kernel messages back but not without hacking up plymouth
<qman__> since that's what suppresses them, not grub
<ejv> hmm alright, thx for the input
<U256> Hello everyone
<U256> I need some help from anyone who is bored and might want to help
<lickalott> ask
<twb> Offtopic: is there a channel where I can ask about forcing lucid gvfs to mount FAT floppies with different mount options, and actually get a useful response?  Note: this rules out #ubuntu and irc.gnome.org
<twb> (Yes, 3.5" floppies.  One of my prisons still uses them because, unlike USB keys, they can't be smuggled through checkpoints up your arse.  Sigh.)
<twb> Scratch that, I'm not even sure it's gvfs.  Whatever nautilus is running.  Apparently gvfs is a nest of ELF binaries and no documentation or configuration or --help.  Sigh.
 * twb RTFS's
<kural> hello would linux-image-virtual contain XEN privileged guest support ?
<twb> IIRC Xen isn't supported as at Lucid
<smb> One can run Lucid generic-pae / server kernels as pv guest in Xen. Though it has not been the main target. There are linux-ec2 kernels which are maintained for running under xen.
<twb> smb: well, sure, domU is mainline
<uvirtbot`> New bug: #815760 in nut (main) "2.6.1-2ubuntu1 FTBFS on i386" [Medium,In progress] https://launchpad.net/bugs/815760
<uvirtbot`> New bug: #815776 in php5 (main) "Unit tests inside PEAR packages need to go into /usr/share/php-test, not /usr/share/php/tests" [Undecided,New] https://launchpad.net/bugs/815776
<alaing> how can i check what character set my server is using?
<photon> env | grep LANG
<alaing> I'm trying to setup zenphoto on my server and it says the following message
<alaing> If your server filesystem character set is different from ISOâ8859â1 and you create album or image filenames names containing characters with diacritical marks you may have problems displaying the names.
<alaing> Currently my server is reporting back that its using utf8
<photon> Well, the message is pretty much self-explanatory
<alaing> could my web server be setup to use ISO?
<photon> I guess, but that would be like asking if you could install Windows 95 instead. Unicode is pretty much the standard these days. I'd rather figure out how to install zenphoto with utf8.
<alaing> setup i meant reporting thats its ISO instead of UTF8
<alaing> after that message it says "Change the filesystem character set define to" followed by a drop down list of character sets and an apply button and then goes on to say "If you do not know the character set try "UTF-8""
<alaing> I selected UTF-8 and clicked apply but it doesn't work it just reports the same error message. Perhaps its a permissions on the php script that runs
<alaing> or could it be somethign else?
<photon> I don't know, sorry, I never used zenphoto.
<photon> maybe there's a chat room for that, or a forum?
<alaing> thanks anyway
<alaing> much appreciated
<CatFish> see him walking
<CatFish> kraak mie dan
<CatFish> ie crack ue head boy
<CatFish> effuh put friend
<CatFish> ut need n
<CatFish> heur hem kraake dan gek
<_ruben> aww .. clusterstack stuff in the servergu.. err .. better check the most recent version of it before i finish that sentence
<_ruben> doh, and forgot the "no" part as well
<_ruben> ah, only drbd under the clustering part :/
<hallyn> can anyone who is using multipath under lucid test the proposed fix for bug 690387, just to verify that it doesn't break your setup?
<uvirtbot`> Launchpad bug 690387 in multipath-tools "udev block naming breaks failover and sd kref release cycle" [High,Fix committed] https://launchpad.net/bugs/690387
<uvirtbot`> New bug: #815865 in apache2 (main) "Cookie variable in Apache LogFormat outputs incorrect value" [Undecided,New] https://launchpad.net/bugs/815865
<hallyn> jdstrand: on bug 524447, it sits for 7 days, but as it's been verified, you can push your security changes on top of it right?
<uvirtbot`> Launchpad bug 524447 in qemu-kvm "virsh save is very slow" [Medium,In progress] https://launchpad.net/bugs/524447
<jdstrand> hallyn: can you poke pitti or SpamapS to process it?
<hallyn> jdstrand: what do you mean by process it?
<hallyn> SpamapS' last comment was that it has to wait 7 days in quarantine, now that it is verified.
<jits> hi guys .. i have a ubuntu gateway which is allowing only google and some other sites to go thru .. everything else keeps waiting ... need help on how to go about digging it ..
<SpamapS> jdstrand: needs 5 more days
<jdstrand> hallyn: if it is verification-done, and past 7 days, then it should move to -updates
<jdstrand> hallyn: based on SpamapS' comment, I'm confused though
<jdstrand> (7 days vs 5 days left)
<hallyn> jdstrand: it was pushed to -proposed on the 22nd
<hallyn> supposed to sit there for 7 days
<jdstrand> hallyn: I am preparing for a phone call atm. can we talk about this a bit later?
<hallyn> jdstrand: absolutely
<jits> hi guys .. i have a ubuntu gateway which is allowing only google and some other sites to go thru .. everything else keeps waiting ... need help on how to go about digging it ..
<hallyn> jits: what were you wanting it to do, and how did you go about it?
<jits> hallyn: i expect all sites to be accessible from client machines which have ubuntu server as gateway
<jits> if i set the gateway to a router then everything works fine :-|
<hallyn> jits: we'll need more information about how you set it and the network up.  but if you can get to the sites from the gateway itself, but not the clients, then I'd look at iptables output and the resolv.conf you're sending to the clients
<jits> hallyn: I can get to any site from the gateway ..
<jits> iptables output here http://paste.ubuntu.com/651802/
<jits> the clients are all static ip .. configured to use gateway as dns .. the lookup works fine.. traceroute is also fine :-s ..
<hallyn> iptables -t nat -L
<jits> hallyn: http://paste.ubuntu.com/651804/ .. here it is
<jits> anything ?
<hallyn> jits: nope.  i don't see any forwarding rules.  but since you say google works, i dunno.
<hallyn> jits: how is it set up?  When I do this to share wireless, I use a custom networking.conf entry with a post-up job that runs dnsmasq and iptables.  what are you using?
<RoAkSoAx> smoser: howdy
<smoser> hey
<RoAkSoAx> smoser: ready for the presentation...anything I should know ?
<jits> hallyn: no wireless .. its all physical connection ... has 50 odd clients in the vlan with one dhcp server cum gateway for other clients... one particular client is on this ubuntu gateway ..
<smoser> RoAkSoAx, well... i'm going to get started on putting together what i want to say
<smoser> i' think i'm going to basically just introduce what "cobbler-devenv" is
<smoser> basically covering how it sets up a secluded network and builds a cobbler server to run in it.
<RoAkSoAx> smoser: ok, cool. Will it install the webdav and stuff?
<smoser> does it ?
<smoser> i will check that...
<RoAkSoAx> smoser: no I mean if it already does
<hallyn> jits: maybe vlan is segragating traffic?  anyway, hopefully someone else will see your info and have an idea
<jits> hallyn: yeah hope so .. thanks..
<smoser> RoAkSoAx, i think it does...
<smoser> but i haven't verified that it works
<RoAkSoAx> smoser: ok I'll go over allk that stuff
<RoAkSoAx> smoser: as well as the preseed your devenv installs
<RoAkSoAx> to get it to work with ensemble
<smoser> hm..
<smoser> so what should i talk about ?
<smoser> :)
<RoAkSoAx> smoser: though you were gonna explain how the cobbler devenv works :)
<smoser> yeah.
<RoAkSoAx> smoser: ok so I will explain how ensemble works with orchestra and how your devenv is used to test "hardware" deployments
 * kirkland listens to RoAkSoAx's explanation :-)
<RoAkSoAx> kirkland: hehe will also send an email on how to do it later today
<kirkland> RoAkSoAx: cool -- to where?  ubuntu-server maybe?
<RoAkSoAx> kirkland: to our private ML, cc'ing you if you are not there anymore
<zul> wouldnt ubuntu-server be a better idea?
<RoAkSoAx> zul: Idk... it is stil a proof of concept that hasn't really been tested on real hw yet and I think it should probably be officially announced past the sprint in Austin, where I expect to have it working
<RoAkSoAx> fully
<zul> RoAkSoAx: ah ok
<uvirtbot`> New bug: #815968 in samba (main) "SWAT doesn't allow admin login after install" [Undecided,New] https://launchpad.net/bugs/815968
<zul> who in the hell still uses swat
<RoAkSoAx> lol
<xibalba> hey folks, i wwas wondering if anyone here is familiar with nic-bonding and could help me out with my config ? http://paste.ubuntu.com/651826/
<ppetraki> xibalba, looks plausible :) what's the outcome?
<ppetraki> xibalba, oh, you need to define an alias for bond1 too upfront
<xibalba> ppetraki , mmm taking a look
<xibalba> ppetraki , i believe i did define one in bonding.conf for bond1 too, but i see i made it netdev instead. i will set them the same and reboot
<ppetraki> xibalba, so it would be: alias bond0 bonding alias bond1 bonding
<xibalba> ppetraki , in one line or two?
<ppetraki> what really matters is the max bonding,
<ppetraki> separate lines
<ppetraki> options bonding max_bonds=5
<xibalba> max bonding ? i heard about that before but i can't find a doc on configing it
<ppetraki> will let you create up to 5 bonds
<xibalba> ppetraki , does that go into bonding.conf ?
<ppetraki> xibalba, no, modprobe
<ppetraki> xibalba, http://lxr.linux.no/linux+v3.0/Documentation/networking/bonding.txt
<ppetraki> xibalba, its all there
<xibalba> ppetraki , forgive me if this is newbish, but i put it under bonding.conf under modprobe.d
<xibalba> oh ok i will take a look
<uvirtbot`> New bug: #798878 in nova "nova.conf should not be world-readable" [High,Confirmed] https://launchpad.net/bugs/798878
<xibalba> ppetraki , i owe you a beer if this works
<ppetraki> xibalba, bonding is pretty easy, just remove and install the module again
<xibalba> i guess going forward i should search linux specific, not ubunut specific information
<kim0> Howdy folks, Ubuntu cloud days starting in #ubuntu-classroom on the hour .. see you there
<xibalba> i'm not familiar with removing/installing modules in ubuntu. i come from BSD, use to maintaining freebsd mostly, just getting into ubunutu
<ppetraki> xibalba, modprobe -r bonding && modprobe bonding
<ppetraki> xibalba, :)
<jamiemill> For PCI compliance I need to update to latest PHP/Apache on my Ubuntu Lucid - but apt has only updated to 2.2.14 - does that mean I have to update to Natty to get latest apache?
<jamespage> jamiemill: you might want to challenge on 'latest' - my experience of PCI compliance was that you needed to prove that your software install is secure rather than at the latest version
<jamespage> you should be getting updates for security vulnerabilities on lucid which should be enough IMHO
<xibalba> ppetraki , hey are you still around?
<jamiemill> jamespage: The scan report requests at least version php 5.3.6 and apache 2.2.17, both newer than in the Lucid repositories according to this page http://distrowatch.com/table.php?distribution=ubuntu
<jamespage> jamiemill: does you scan provide reasons for these minimum version numbers? its normally todo with security vulnerabilities that have been found in lesser versions
<jamiemill> jamespage, yes it is. 72 failures individually itemised with the version of php and/or apache they say fixed it. That was before i updated today, so some will go away on the next scan, but some need newer versions that I can get from lucid repos.
<jamiemill> jamespage. But I'm going to disable sending the server signature in apache, so once I've done that I don't know how they'll know the version ...
<jamespage> jamiemill: there are other ways....
<jamiemill> jamespage Like adding other repos ?
<jamiemill> jamespage or building from src
<jamespage> sorry - I mean't of detecting which apache version you are running
<jamiemill> jamespage Oh! how?
<jamespage> jamiemill: so I would go back again to which specific vulnerabilities they are looking for version upgrades to fix
<jamespage> jamiemill: http://tinyurl.com/6ferf8p details the updates to 2.2.14 since Lucid was released.
<jamespage> that might help
<jamiemill> jamespage: one example: "Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities" CVE: CVE-2010-1452 NVD: CVE-2010-1452 -> "Apache addressed these issues in 2.2.16. Upgrade to the latest supported version of Apache."
<uvirtbot`> jamiemill: The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452)
<uvirtbot`> jamiemill: The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452)
<jamiemill> oh! thanks uvirtbot`
<jamiemill> clever bot
<jamespage> fixed in 2.2.14-5ubuntu8.4
<jamespage> jamiemill: Upgrade to the latest supported version of xxx
<jamespage> is a standard response - however most linux distros don't upgrade the version - they backport security fixes plus critical bugs
<jamiemill> jamespage - OK that's what I was assuming actually. So I wonder how I get to pass this damn test
<jamespage> jamiemill: do you have a human to talk to or is it the automated test?
<jamiemill> jamespage I'm not sure, I was just passed the results. It's "Trustwave", recommended by PayPal I believe
<jamespage> jamiemill: so it is acceptable to identify false positives during PCI scanning - it covers this exact scenario
<jamespage> where the scan says something bad - but you can prove otherwise
<jamespage> however you will need to get whomever has to accepted the test results to agree
<jamiemill> jamespage - OK I need to get in touch with them because I don't want to run around trying to prove this to them. There must be a process.
<jamespage> normally its about having a sensible conversation about what you are running your infrastructure on
<jamiemill> On another note, I'm perfectly happy to update to natty actually, so might just do that.
<jamespage> jamiemill: OK - but please be aware that its not an LTS release
<jamespage> jamiemill: you may still have to prove that your software is up-to-date and addresses the required security vulnerabilities
<jamespage> however if you have a handy IT Security guy around he might help out with that :-)
<jamiemill> jamespage - yes I am aware of that, LTS sounded nice at the beginning when they released it, but now I'm not sure what the advantage is knowing that packages lag behind (in terms of version numbers, even if not security)
<jamiemill> jamespage - we're a small team and like to be on the latest, only using apache, php and git on AWS so I don't imagine much will break on a newer version
<dori922> setting up a UEC front end server can i run another cloud OS type  the nodes? (ie Xen or debian or the like?)
<jamespage> jamiemill: well its not for everybody
<jamespage> jamespage: good luck with PCI certification on AWS :-)
<jamiemill> jamespage: hmm - thanks - well we don't store CC data, only transfer it, so I hope we'll be ok
<jamespage> jamiemill: exempts you from a few parts of the spec then
<jamespage> jamiemill: but its still a PITA
<jamespage> hmm - just realised I wished myself goodluck rather than jamiemill - doh!
<jamiemill> ha ha - didn't notice
<xibalba> hey folks, would any of you have a moment to help me out with a bonding issue?
<xibalba> my bonds are finally showing in ifconfig thanks to ppetraki , however the status is showing down.
<ppetraki> xibalba, well, what does ifenslave say about it?
<xibalba> you know i haven't installed that yet, let me reconfig eth3 and install that
<xibalba> ppetraki , ok time to figure out how to use this
<xibalba> resetting the box , since i reconfigured eth3 to have a WAN ip so i can route out
<xibalba> i'm hitting this box via ipmi only right now
<ppetraki> xibalba, you need that to make bonding function....
<xibalba> hey ppetraki , sorry i just lost internet. had to run downstairs and fix it
<xibalba> ppetraki , oh i wans't aware you actually needed ifenslave to make the bonding work, i thought it was only for admining, and was required on version of ubuntu older than 10.0.4
<xibalba> hey ppetraki , where can i ship a case of beer to you "?
<ppetraki> xibalba, it's really nothing.
<xibalba> not to me buddy :)
<xibalba> thank you thank you, many times
<xibalba> been at this for a week
<MrUnagi> when sending mail to an account on my server i get mail undeliverable, how do i troubleshoot this
<CrazyGir> hello!
<CrazyGir> I have a vm server I would like to forward certain ports to specific vms sitting on an internal subnet. would this be donw with ufw? or ufw & iptables?
<patdk-wk> ufw is nothing more than a simple iptables rule maker
<CrazyGir> sure, so I guess my question is.. can ufw be used for NAT definitions, or do you have to get dirty with IP Tables?
<alamar> iptables are dirty?
<CrazyGir> alamar: have you ever used pf?
<alamar> yes
<CrazyGir> so you should know what I'm referring to :)
<jdstrand> CrazyGir: ufw can be used for NAT, just not with the cli command, so you need iptables knwledge. see 'man ufw-framework' for details
<alamar> I still don't think of iptables as dirty
<CrazyGir> ufw exists for the same reason :P
<alamar> I do not care about strange abstractions I have no use for :p
<CrazyGir> sure, masochism is acceptable, I have no issue with that, but not my choice ;)
<CrazyGir> I'll take a read jdstrand, thanks
<CrazyGir> alamar: these conversations usually include some element of straight up opinion, but I don't think there is an interface/system in linux that is as complex and UNREADABLE as iptables (with the same breadth of use)
<alamar> well I do not think of it as unreadable
<alamar> and I think everything about desktops today is way more complex
<alamar> (at least for me)
<CrazyGir> hah
<CrazyGir> I would prescribe OpenBSD to you for a good year ;)
<CrazyGir> that'd fix you right up :)
<alamar> I don't have any use for openbsd
<CrazyGir> sure, you are probably being paid to keep things complex
<alamar> openbsd just lacks a lot of commonly used things
<alamar> and as I mentioned desktops are complicated - iptables is easy
<alamar> and layering ufw above iptables just causes problems when the setups gets more complicated and you have to manually intervene
<CrazyGir> alamar: really? like what?
<alamar> like virtualization?
<CrazyGir> sounds like you are going along with what folks "say"
<CrazyGir> I would agree with you there, but I agree with their reasons for doing so, and honestly, not using virtualization keeps life simple
<CrazyGir> anything other than virtualization?
<alamar> it does not. it keeps the costs high and causes more complexity for keeping things separated
<CrazyGir> sure, so you have setup VM clusters, more than 2 node? on a budget without FC?
<CrazyGir> and you would agree that is simple?
<CrazyGir> and again, anything other than virtualization?
<alamar> CrazyGir: yes I have setup virtualization clusters with more than 2 nodes. and yes it is simple
<alamar> and I was not talking about clustering
<CrazyGir> *vm clustering
<alamar> (I don't know if openbsd has any clustering capabilities)
<CrazyGir> what did you do for storage?
<alamar> depends
<CrazyGir> I would be thrilled to hear about your "simple" setup :)
<CrazyGir> as I was beginning to believe there wasn't one :)
<CrazyGir> back to ubuntu for a moment: if you update /etc/ufw/before.rules, how do you make them take effect?
<jdstrand> sudo ufw reload
<CrazyGir> w00t
<CrazyGir> alamar: no? I'm really not being feticious, I am really looking for something simple there
<CrazyGir> honestly, I have yet to find an OS that was as simple to setup, as clean and uniform to admin, and a joy to work with, all while being truly open, free, and secure, as OpenBSD
<CrazyGir> so I don't try to incite rioting, but I am really left scratching my head when someone says iptables is simple or readable
<alamar> CrazyGir: simple for what? distributed storage? iscsi or fc - clustering? pacemaker - virtualization? depends. And yes most of this stuff is easy to deal with.
<zul> SpamapS: can you accept the landscape-client sitting in proposed for lucid
<SpamapS> zul: will take a look shortly
<zul> SpamapS: thanks
<alamar> CrazyGir: other things openbsd lacks are besides the very minimal amount of software in the base system, the limited maintained amount of ports and things like long support cycles (5 to 9 years) - technically there are things missing like drbd, i don't know how the situation is with fc or iscsi or how good the capabilities of a logical volume manager are, high availability clustering and of course virtualization - which really is a big deal, ...
<alamar> ... virtualization is really necessary for a whole lot of reasons (saving space, power, hardware ressources(or using them more effeiciently), reduced managing costs, security considerations among many many others). openbsd does not even have a good os-level virtualiziation which is a really nice thing if you want to really separate services on your system.
<CrazyGir> alamar: that would be because the devs know the inherent security risks virtualization poses, see their write ups for details
<CrazyGir> and I'd be curious what storage clustering tech (low-budget, no FC) you found so simple
<alamar> CrazyGir: why low budget? you can use drbd for example. you conveniently dismiss other points. and why openbsd does not have any virtualization is none of my interest. it does not offer any capabilities for virtualization which is what counts.
<CrazyGir> I don't have 20k for FC :)
<alamar> change your job then. use iscsi, drbd or nfs or whatever fits your usecase
<CrazyGir> i didn't find drdb reliable or easy to configure
<alamar> it really is easy to configure
<alamar> and depending on the protocol you use it IS reliable
<CrazyGir> again, my "standards" for these things are set from having used BSD for so long
<alamar> you can use it with etherchannel/trunking
<CrazyGir> alamar: split brains are too easy to trip
<alamar> with multiple links it is very unlikely
<CrazyGir> and you are correct about iSCSI in OpenBSD, but that is because no one has really forked up the hardware to make it happen
<alamar> also you can use drbd with pacemaker to deal with split brain situations
<CrazyGir> we were
<alamar> CrazyGir: the reasons do not matter. what matters is the lack of something.
<CrazyGir> the lack of something?
<CrazyGir> I'm not sure I'm following you there
<alamar> lack of virtualization for example.
<CrazyGir> overall I think we agree, except on what we consider simple or reliable
<CrazyGir> eg, I imagine you consider the linux kernel as something reliable
<alamar> CrazyGir: what is unreliable about it
<CrazyGir> alamar: I could list off quite a few things I imagine all of us have faced, but it is like asking a windows guy if windows is reliable, they'll tell you either yes or mostly. But until their perspective has been broadened to include experience with systems that are more reliable, they won't see it otherwise
<alamar> CrazyGir: I ran openbsd for many years
<CrazyGir> I would not consider the linux kernel something I want to rely on (which makes virtualization all the better)
<alamar> linux even longer
<alamar> I really do not know what you mean by unreliable
<alamar> I experienced the environments rhel or sles give me as very reliable
<CrazyGir> that was my point, we have different concepts of these things (reliability & simplicity)
<alamar> so please elaborate what you mean by reliability
<alamar> and why or what part of linux kernel is not
<CrazyGir> I do not trust the linux development cycle, eg look at the number (and severity) of bugs that come out on a new release
<CrazyGir> this even spills over into distro's dev cycles and practices
<alamar> CrazyGir: do you use -current on a server?
<alamar> (production)
<CrazyGir> no, release + patches
<alamar> CrazyGir: so does nobody with linux
<CrazyGir> I have _no_ idea how a ubuntu system can be automatically updated, reboot, and reliable break grub
<alamar> rhel has 5-7 years support time and stays with the same kernel
<alamar> (it backports a lot of stuff of course but it remains the same kernel)
<CrazyGir> I'm not talking about distros, we were talking about the reliability of the linux kernel itself
<alamar> well then again openbsd-current is not reliable
<CrazyGir> it is far more reliable than linux dev trees, but AGAIN, we're considering kernel RELEASES
<CrazyGir> not rc or betas
<CrazyGir> in anycase, we're seeing these things differently
<CrazyGir> it has been good talking, and I agree with many of your points, but I think we give a different level of care to these things. I must get back to work
<alamar> CrazyGir: nobody uses all the new releases on a production server. (just because they pump out a new version once in a while does not mean everybody runs and uses them - after a considerable amount of time though distributors will consider them for a release after they have proven reliable and stable)
<alamar> it's like -current but from time to time they take snapshots and call them 2.6.xy or 3.x in the future
<alamar> (actually one might argue that this is actually providing better reliability because after a kernel was released it will be used by millions of people who run rollingrelease or desktop distributions before it will ever get into server-distributions ;) with openbsd you are more or less forced after 1(!) year (IIRC) to use a newer release (or run without security updates))
<alamar> CrazyGir: I enjoyed it too, but I still don'T consider openbsd fit as serversystem. I like it as a router though (when I have to use softwarerouter)
<astrostl> openbsd is still my favorite unix-like os.  i don't care about it not being a vm hypervisor, as the 'real' ones (vmware, xenserver, etc.) bring their own along.
<alamar> astrostl: short support periods also suck and I mentioned a few other things
<astrostl> i can understand not wanting to constantly feel behind the 8-ball in terms of upgrades.
<astrostl> BUT, i ran a production server from 2.x through 3.x without ever rebuilding it.  years and years of the same system.
<astrostl> RHEL 3 to 4 is basically a gut rebuild, so is 4 to 5, so is 5 to 6.
<astrostl> ubuntu LTS has in-place and very manual major version upgrades, but i found it painful and that it left a lot of cruft.
<alamar> astrostl: this is something I also do not like (having practically to do a new install when moving from X to Y) but the long support time remedies this
<astrostl> all my obsd upgrades were done with a trivial shell script that fetched tarballs and extracted them live on the fs.
<astrostl> and it's easy to diff the tarball contents against present fs contents to detect cruft.
<astrostl> so in practice, running a supported system for years on end was something i found easier with obsd than rhel.
<astrostl> (and ubuntu, although the last in-place upgrade i did was 6 to 8 so it may have improved)
<alamar> I didn't do any real lts->lts upgrades as of yet (lots will happen next year) (so I'm excited how that will go)
<astrostl> if my experience was any guide, get ready for about 1000 interactive prompts :)
<alamar> it will be a fun year.. or NOT ;)
<astrostl> current org did an 8 -> 10 migration and it was a straight up reload
<astrostl> we have hundreds of ubuntu LTS workstations/servers
<ScottK> You can use preseeding to avoid most of the prompts. If you have a lot of systems, it's worth it to invest in figuring out how to do this up front.
<RoAkSoAx> zul: writing the email now
<Guest59162> hello everyone, could someone help me with a combining NAT and SOCKS?
<RoAkSoAx> zul: email sent
<RoAkSoAx> have fun
<zul> RoAkSoAx: cool beans...
<CrazyGir> am i correct in my understanding that the following line added to /etc/ufw/before.rules would forward tcp traffic received on br0:9000 --> 192.168.1.10? -A PREROUTING -i br0 -p tcp --dport 9000 -j DNAT --to-destination 192.168.1.10
<CrazyGir> maybe?
<xibalba> what is UFW ?
<xibalba> i only use pf
<CrazyGir> xibalba: yea, I sometimes wish pf were available on linux
<xibalba> what're you trying to do?
<CrazyGir> but that would conflict with too much
<xibalba> pf > iptables in my opinion
<CrazyGir> xibalba: forward port X from a VM server to VM Y
<xibalba> is this passing on a bridge or router or ....
<CrazyGir> it wouldn't be fair to compare pf & iptables
<xibalba> no, but i started in the bsd world so to me anything bsd > linux =P
<CrazyGir> xibalba: no, it's port X on the VM SERVER to one of its VMs
<xibalba> except the driver devleopment1
<CrazyGir> hah
<CrazyGir> xibalba: sure, that would be due to corporate investment though
<xibalba> CrazyGir , i think you should take a look at virtualizing pfSense on your VMWARE box
<CrazyGir> and yea, I would agree, though I started with linux and then went to BSD
<xibalba> and using that to control the natting to your VM environment
<xibalba> i've seen alot of peopledo it and have had good luck with it
<CrazyGir> I didn't say VMWare at all
<CrazyGir> that isn't what I'm trying to do
<CrazyGir> I'm simply trying to ensure specific ports on the vm server go to specific IPs (the server's vms)
<CrazyGir> it doesn't need to be more complicated than that
<xibalba> hmm after i write tihs email i can pay attention
<xibalba> hang on
<CrazyGir> ha :)
<CrazyGir> I'll be here
<xibalba> so you have a VM box, running some sort of hyper-visor and virtual mahcines under neath the hyper-visor
<xibalba> yeah?
<xibalba> forgive me if i'm delayed, i'm at work too
<CrazyGir> don't worry
<CrazyGir> this is really a more simple question, you can easily ignore the VM bits
<CrazyGir> the VM bits mean that doing something like pfsense is unnecessary
<CrazyGir> what I need to do is forward tcp from port X on an interface (on a ubuntu server) to another ubuntu server (specific IP)
<xibalba> oh like Redirect ?
<xibalba> you know to be honest with you i'm thinking pf syntax when you're describing this, i wont be of any help w/iptables
<CrazyGir> :P
<CrazyGir> I'm asking mostly for confirmation (to any gurus who would know) as what I'm seeing is not what I would expect
<CrazyGir> but I'm unsure, it could be something else
<quentusrex> Anyone know where mdadm logs to?
<qman__> it doesn't log, that I'm aware
<qman__> the current status is always in /proc/mdstat
<qman__> and it will email root on failures
<quentusrex> I have what appears to be a device failing, and resyncing
<quentusrex> but I am getting no messages from mdadm.
<qman__> then root's mail is probably not set up to mail to you
<qman__> or you may not have an MTA installed
<qman__> personally, I don't wait on mdadm to fail a disk, I have smartmontools mail me whenever bad sectors show up
<quentusrex> qman__, I'm trying to track down a high load on idle issue
<quentusrex> and it seems I'm getting millions of ahci interrupts
<quentusrex> and the only thing I can think of that causes that many interrupts in a short span is a drive resyncing.
<qman__> cat /proc/mdstat
<qman__> it will tell you if it is
<qman__> and if it has failed any disks
<quentusrex> it reports everything is fine, but the disk order on a raid 1 array has changed.
<xibalba> adios ppz, and thanks for the help ppetraki
<qman__> disk order isn't important, that's just whatever order it happened to load them in
<qman__> though it is possible you have a failing disk
<qman__> mdadm doesn't fail a disk until it simply can't write to it anymore
<quentusrex> I'm getting about an 8 load on idle, with the only thing I can track down as active are the disk interrupts.
<qman__> install smartmontools if you haven't already and do a smartctl -a on each disk to check for bad sectors
<qman__> also check dmesg for disks doing weird stuff on a kernel level
<quentusrex> yeah, nothing in that file after boot
<quentusrex> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/815540
<uvirtbot`> Launchpad bug 815540 in linux "Server becomes unresponsive after spawning 16 ksoftirqd processes" [Undecided,Confirmed]
<quentusrex> I have two servers nearly identical setup. One works great the other... doesn't.
<quentusrex> The only difference hardware wise is the size of the partitions, and the failing one has a seagate drive and two WD drives, where the working on has 3 WD drives.
<quentusrex> qman__, http://paste.ubuntu.com/652024/
<qman__> brand really isn't important, all the manufacturers make crap these days
<quentusrex> Raw Read Error rate seems a bit worrisome.
<qman__> if my seagate is any indication, you have nothing to worry about there
<qman__> 1 Raw_Read_Error_Rate     0x000f   047   045   006    Pre-fail  Always       -       70516587
<fluvvell> Its the interpretation of the figures that is important. The Desktop Disk Utility has a nice page for a clear view of smart data.
<qman__> said drive has a power on time of ~3.9 years
<fluvvell> qman__, I've yet to really figure out the significance of normalised and worst. e.g. One of my drives has 3.7 years of on time, normalized and worst are both 56. Is that years??
<samuelkadolph> Anyone familiar with upstart? I'm wondering when exactly startup is emitted because I'm writing a script and it works until I add >>/var/log/foo.log to the exec line. My guess is that the fs isn't ready yet but I doubt that.
#ubuntu-server 2011-07-26
<qman__> upstart, by design, fires everything up simultaneously as soon as it can, unless configured dependencies preclude it
<qman__> so if you depend on something having already been done, you need to configure that in your script
<SpamapS> samuelkadolph: startup is emitted at the very very very beginning of pid 1's existence
<SpamapS> samuelkadolph: you need to 'start on filesystem' .. not startup
<samuelkadolph> That fixed it, thanks qman__ and SpamapS. I am curious about why trying to redirect the io breaks it but not launching the server itself.
<minashokry> hello everyone, my box has many domains and subdomains on it, I have jenkins running on port 8081. I want jenkins to be accessible only using jenkins.domain.com so that I can set up authentication on this subdomain. I am using apache proxy module for this. now I want to disable accessing it using any other domain by using 8081 port. how can I do this?
<samuelkadolph> If you are using ProxyPass then just block 8081 with your firewall or bind jenkins to 127.0.0.1 so only apache can access it
<minashokry> how can I do any of these? I tried many things but still failing
<samuelkadolph> Stop unblocking the port with your firewall and if you don't have a firewall, get one.
<minashokry> I prefer the second solution
<minashokry> when I bound jenkins to 127.0.0.1, it became not-accessible even from apache
<samuelkadolph> Then you are using the wrong url
<samuelkadolph> If it's http://localhost:8081/ change it to http://127.0.0.1:8081/
<minashokry> this isn't what I want to do. I want it to be accessible only by using subdomain.domain1.com and not by anything else like domain2.com:8081
<samuelkadolph> Then you have to block external access to 8081 and ProxyPass to localhost:8081 from that domain only
<minashokry> in my virtual host file of subdomain.domain1.com, I have PassProxy / http://127.0.0.1:8081, and jenkins is bound to 127.0.0.1. now, I see a blank page when requesting subdomain.domain1.com
<minashokry> the good news is domain2.com:8081 is giving nothing
<samuelkadolph> Having a trailing slash with ProxyPass is very important
<minashokry> I have it on file, sorry for forgetting it here
<samuelkadolph> What does the error_log say?
<twb> Is it possible to have mlocate scan the local filesystems daily, but only scan remote (i.e. NFS) filesystems on a Sunday, when the bandwidth spike won't be noticed?
<philipballew> i was unable to configure my dchp during the install as i was offline. how can i do that now that i am connected?
<Diee> hi
<jits> hi guys . i have a dual nic system .. one nic is connected to a network with multiple vlans, and other nic is the internet connection .. when the request comes without vlan then it gets to intenret fine, but requests from vlan are not working on most sites..
<jits> i believe most sites are not responding to requests with vlan id .. so we need to strip it for requests going out to internet .. how do i do that ?
<jits> where do i set vlan=no for internet connection ?
<greppy> c
<uvirtbot`> New bug: #816313 in openssh (main) ""ssh -b x.x.x.x" or "ssh -o BindAddress=x.x.x.x" does not work." [Undecided,New] https://launchpad.net/bugs/816313
 * twb bets triangle routing
<twb> Oh, or he's just not untagging correctly..
<tixo5> hi, just wondering if anybody has used iRedMail? have any opinions on it ?
<tixo5> as i am struggling to setup mailserver a little, i mean its running fine but i want virtual users etc
<tixo5> anyone around that can help with taking a server snapshot ?
<alamar> tixo5: what do you mean by that?
<tixo5> like some shared hosting providers, allow a server snapshot, like a full image of the server
<tixo5> im setting up a VPS for first time, and would like to do something similar
<tixo5> possible to take a full image via shell ?
<overrider_> I am going to install a minimal x server with fluxbox on my server - is there any way i can prevent apt-get from pulling all the xorg-drivers except the one i really need (intel)? Is that even benefitial in order to keep thinks as light as possible or should i just do the old sudo apt-get install xserver-xorg xserver-xorg-core fluxbox
<smb> zul, Whenever you get online, could you ping me?
<zul> smb: ping i saw the depwait for ipxe i just added it to the seeds
<smb> zul, Ah ok, then that get sorted already. The other thing I wanted to chat about is your thoughts on the grub config idea
<zul> smb: sure
<zul> smb: what was the idea again
<tixo5> whats the best packaged backup solution for ubuntu ?
<smb> Well basically to have two distinct sets of command line arguments for dom0 kernels and "normal" kernels
<smb> an not the same being used for both as currently
<zul> ok..
<smb> At least I (not sure that is common though) have the problem of using two different console definitions for both
<smb> When I start a normal kernels console=ttyS1 and for xen dom0 its console=hvc0
<zul> oh this is the serial console stuff?
<zul> right
<smb> right
<zul> yeah im all for it, if you can give me a debdiff for it :)
<smb> zul, That should be possible. :-P
<smb> Have not prepared one yet. But basically running it in locally modified environment
<zul> smb: sweet....go for it then
<tixo5> best backup solution for ubuntu server?
<tixo5> rsnapshot?
<WinstonSmith> http://duplicity.nongnu.org/
<tixo5> ok thanks ill take a look
<tixo5> beta software?
<tixo5> ideally i would like to take the backup via SSH to my local machine
<WinstonSmith> they have a stable release
<WinstonSmith> and it supports ssh, ftp, DAV, etc
<tixo5> ok
<alamar> tixo5: you want a snapshot of the vps?
<WinstonSmith> you can also use it with duply http://duply.net/ which is a console frontend
<tixo5> yes basically
<alamar> you could just use lvm snapshots or depending on the vps technology you use vzdump/vzsnapshot for example if it is openvz
<tixo5> before i wipe it and start again, incase i mess up etc
<tixo5> yes its openvz
<tixo5> doesnt my provider need to support that ?
<jane-> my router says Primary DNS Server 	119.159.255.37 Secondary DNS Server 	203.99.163.240 ,    how can i know which public dns the ip refers, whats the name of that dns 2. how can i make my own dns and get the list of all the websites of the world?
<alamar> tixo5: .. I thought you were the provider
<tixo5> jane-: #dns
<jpds> jane-: A list of all the websites in the world?
<tixo5> no alamar i have a VPS container, i have setup everything else myself
<tixo5> but being the first time i am worried i have done a few things a little messy, so want to start from scratch
<tixo5> i am unable to take a snapshot or  use the snapshot without my provider supporting that right ?
<jane-> jpds yes. webs and ips, thats what dns do.
<jpds> jane-: Why would you want that?
<WinstonSmith> JanC:
<WinstonSmith> ermm
<jane-> i want to make my own dns
<tixo5> jane, you need BIND DNS running
<tixo5> with a master zone
<WinstonSmith> jane-: whois  119.159.255.37 for ex. ?
<tixo5> then add A records and such
<jpds> jane-: But you want your own DNS records for every website in the world?
<jane-> jpds yes.
<tixo5> what are you on about
<tixo5> lol
<shauno> that's "you're crazy" territory.  usually for sites you don't handle, your dns server would query upstream & cache.  trying to take a snapshot of every site in existance would be exceptionally difficult (even if you're google)
<tixo5> WinstonSmith: that duplicity is meant to backup local systems to another server?
<jane-> how public dns work then. they have a list. dont they?
<tixo5> not sure if im right, but all zones are hosted by many servers all over the work
<tixo5> so com will be hosted
<jpds> jane-: No, they query other DNS servers.
<WinstonSmith> tixo5: not the whole system ( well not partitions) only files. and it can backup locally or remotely (ssh, ftp, dav, etc)
<tixo5> then the (.)
<tixo5> WinstonSmith: i sort of want to take a snapshot, is this impossible without support from the VPS provider?
<WinstonSmith> tixo5: can't help you there, never used VPS.
<jpds> jane-: They don't have their own copies for every DNS record in existance.
<jane-> jpds then who does
<jpds> jane-: Noone.
<jamespage> Daviey: ack a sync for me? (https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/816393)
<uvirtbot`> Launchpad bug 816393 in tomcat7 "Sync tomcat7 7.0.19-1 (universe) from Debian unstable (main)" [Wishlist,New]
<jane-> if my router states pri dns and sec dns. that means it goes to that ip and fetchs ips of websites according to their names.... doesnt it ?
<jpds> jane-: Yes.
<GreenDance> Hi
<jpds> jane-: And those DNS servers, will forward requests they don't know the answers to, to other DNS servers.
<tixo5> ya
<tixo5> each zone jane- is hosted by another server
<tixo5> (www)(.)(domain)(.)(com)
<tixo5> not always but u get the idea
<jane-> jpds ok. and those others dns servers can be any in world.. ? isnt there a main   one         dns serveR that has all ?
<jpds> jane-: No, they send DNS requests down the chain.
<jane-> jpds how many are there any way. any gues?
<jpds> jane-: . nameservers, go to .com nameservers, which go down to ubuntu.com nameservers, etc.
<GreenDance> Hi, I have a server which is shared between me and others, (my server), I allow them http://mydomain/theirsite, but how can I stop the users from looking at eachothers files, uploading a php directory listings allows access to others files /site1/ /site2/ etc.
<jpds> jane-: What exactly are you trying to accomplish?
<tixo5> GreenDance: are you using virtualhosts?
<GreenDance> tixo5 yes
<tixo5> each user is a unix system user?
<tixo5> or all the same user
<tixo5> as thats probably your issue
<jane-> jpds just studing, and may be ill make my own dns
<jane-> small one
<GreenDance> tixo5, same users
<jane-> are they all legitimate dns servers, and what if i want to make my own, bind dns resolver ?  ill need a list of ip names and corresponding names , how can i get it ?
<GreenDance> tixo5, same user*
<jane-> jpds ^
<GreenDance> apache:apache
<GreenDance> i think
<GreenDance> tixo5: if I create a unique linux user for each person, would that work?
<tixo5> well if you want different permissions i would use different users per/site
<tixo5> yes, there is probaably other ways
<tixo5> you could create virtual users using a mysql backend
<GreenDance> really?
<GreenDance> :o
<GreenDance> :D
<tixo5> well my mailserver's users are stored in a database
<tixo5> so i dont see why not
<jpds> jane-: Install bind9 on a machine somewhere?
<tixo5> jpds that was my original reply
<jpds> jane-: https://help.ubuntu.com/10.04/serverguide/C/dns.html
<tixo5> jane-: #dns will me more help
<jane-> hm
<tixo5> jane-, i am running BIND on my server
<tixo5> i host my own DNS records
<tixo5> somebody else hosts the (.) and (com)
<tixo5> you may need your domain registrar to add a 'glue record' to the (.)
<Kurisutian> Hey guys! Maybe somebody in here can help me with this: When logging in to my ubuntu server, the appearing statistics summary page shows the /home directory instead of the root directory... unfortunately I have no clue how to change that... does anyone know where I can do that?
<jane-> tixo5 is it possible to make a new domain , e.g not .com  but .moc  ?
<tixo5> no
<tixo5> as far as i am aware
<tixo5> there are 'bodies' that govern things like that
<tixo5> the internet would become a crazy place is that was possible
<Pici> ICANN has allowed generic TLDs to be registered, but it costs a prohibitive amount of money to do so.
<tixo5> money is the solution to most things, in this context ill stick with it not being possible
<jane-> tixo5 if i make a list of .moc and supose some people make my server as their pri dns. then they can see a different google.moc   ?
<tixo5> again jane, for 5th time your better off asking in #dns
<jane-> k
<Kurisutian> nobody knows where to change the information on the login summary page?
<smoser> lynxman, around ?
<adac> guys, how to add a system user on command line?
<j3roth> Kurisutian, you want to change th motd that displays on login?
<WinstonSmith> adac: man adduser
<j3roth> adac: Correction: man useradd
<WinstonSmith> both should work
<uvirtbot`> New bug: #816414 in nut (main) "[MIR] nut (nut-doc, nut-client, nut-server)" [Undecided,New] https://launchpad.net/bugs/816414
<lynxman> smoser: here
<tixo5> rsync'ing / root is a bad idea?
<smoser> lynxman, i put one question in the merge proposal, but then i had some others.
<lynxman> smoser: shoot
<lynxman> tixo5: it normally is
<smoser> tixo5, rsyncing it to another system, or carefully to another drive will work, though capturing the state of a live filesystem is less than ideal.
<smoser> lynxman, i had intended that "include_once" would be really just "download_once"
<tixo5> i was trying to backup to my local machine over ssh but obviously cant use root as ive disabled login, so need to setup the daemon
<smoser> but you implemented as "include_once".
<tixo5> is there any other better backup solutions to images the partition of my VPS
<tixo5> guess that impossible
<lynxman> smoser: it is download once as far as I see it
<lynxman> smoser: yeah, wasn't that what we agreed the naming convention would be? :)
<smoser> tixo5, rsync is probably reasonable. you *can* still use rsync as root.
<Daviey> smoser: wait what.. you are advocating using rsync as root?
<tixo5> can from the system
<tixo5> but not remotely
<smoser> in order to read files that are root-protected that is generally required.
<tixo5> i was looking more for a VPS snapshot
<tixo5> this cant be done from within the system right ?
<smoser> tixo5, you can do it, you just have to have rsync client tell the server to use a different "rsync client"
<smoser> see man page
<smoser> --rsync-path=/home/smoser/my-rsync
<tixo5> rsync is totally different to snapshot though
<smoser> where my-rsync has something like: exec sudo rsync "$@"
<tixo5> i want an image of my VPS ideally
<Daviey> smoser: i think we need a rsync-rootwrap.
<smoser> we do indeed.
<smoser> we need more setuid executables i think
<smoser> lynxman, hold on
<lynxman> smoser: holding on :)
<tixo5> smoser: if i rsync'ed /,   installed fresh OS and restored
<tixo5> everything wouldnt work right ?
<smoser> tixo5, well, probably would. or very close.
<smoser> but i would be surprised if there werent some issues.
<tixo5> so, i am looking for a solution like VPS snapshot
<smoser> or at least would not be surprised if there were some issues
<tixo5> is that impossible without admining the dedicated server my VPS is on ?
<smoser> tixo5, you'd run into the same sets of issues (at least some of them) with block level
<smoser> some would be different
<smoser> you need to sync the filesystem to the block device (fs_freeze) before you snapshot
<tixo5> most VPS providers alllow snapshot images to be created, and restored
<smoser> but then, you still get a "live" filesystem.
<tixo5> hmm
<smoser> when you start form that live filesystem, at very least that volume will be dirty and need fsck (maybe fs_freeze woudl handle that... id don't know)
<smoser> its the same as if you lost power
<smoser> which *normally* is fine
<tixo5> so your basically saying theres not much different between using rsync, and a VPs providers snapshot of the system
<tixo5> wish my provider allowed for offsite images to be taken
<tixo5> dont see why that would be so difficult
<smoser> lynxman, if os.path.isfile(includeonce_filename): continue
<tixo5> thanks for help anyway
<smoser> block level snapshots are more complete than filesytem level
<smoser> more complete == safer
<tixo5> and its impossible for me to do that from my VPS?
<smoser> for instance, some things that rsync would not pick up are your filesystem UUID or LABEL
<smoser> which may exist in /boot/grub/grub.cfg
<smoser> if not restored, your system might not reboot.
<tixo5> leaving it pretty painful to backup/restore
<lynxman> smoser: that's what I do, I just name it a bit differently
<smoser> block level is going to be safer. filesystem level is going to be smaller.
<smoser> neither are perfect.
<smoser> perfect is shutdown, snapshot, start
<tixo5> i can do block level?
<smoser> (imo)
<smoser> well, you can...
<tixo5> shutdown, snapshot is what i want to do
<smoser> dd if=/dev/sda of=- | ssh system 'dd > disk.img'
<tixo5> but i have not got those features in my client panel so i cant do it right?
<smoser> i'm really not very familiar witih vps's, but it sounds reasonable that they do not hvae block level snapshots exposed to you.
<tixo5> most do, but mine is cheap :)
<smoser> lynxman, ^
<lynxman> smoser: replied to you in the middle of the rsync thread :D
<smoser> lynxman, right. you 'continue'
<smoser> so you never process that include again
<lynxman> smoser: hence include-once
<smoser> right.
<smoser> i would have preferred "download-once"
<smoser> to suffice for the one time url
<smoser> i dont see a real-need for process-once
<smoser> as most things are 'per-instance' anyway
<smoser> (ie, your mcollective stuff is per-instance)
<lynxman> smoser: for certs for example makes sense, that's what I had in mind
<smoser> why does it make sense?
<smoser> you have other controls over whether or not to act on the data more than once.
<smoser> i think the data should be present to cloud-init so it *could* act on it
<smoser> if it was a module or soemthing that should be acted on every time
<lynxman> smoser: hm okay let me paint you an scenario
<lynxman> smoser: you get temporary certs, which mcollective uses to connect to a provisioning collective, then it gets fed new certs for the "global" collective once its authenticated and properly provisioned
<lynxman> smoser: that is actually the scenario I had in mind, in this scenario I just need these certificates once, and that data should not be acted upon ever again, if so it'll reset the machine status
<smoser> lynxman, thats fine
<smoser> that situation works fine
<smoser> you can process that hunk multiple times
<smoser> because mcollective module only runs per_instance
<smoser> which means once (the first boot)
<smoser> no side effects will occur the second time
<robbiew> zul: ping...I got 10 pandaboards...how many you need for OpenStack on ARM testing :P
<zul> robbiew: one would be good
 * RoAkSoAx would like one if there's one to spare :)
<robbiew> zul
<robbiew> cool
<robbiew> RoAkSoAx: yeah...I think I can swing that
<smoser> lynxman, i have this suggested change: http://paste.ubuntu.com/652442/
<RoAkSoAx> robbiew: cool thanks ;)
<robbiew> zul: so is it possible to have OpenStack installed across multiple pandaboards...with only LXC
<robbiew> i.e. multiple compute nodes
<zul> robbiew: it should be able...maybe two then
<robbiew> zul: ;)
<lynxman> smoser: well if you wish that feature instead of mine, sounds good :)
<lynxman> robbiew: can I have one? I promise to feed it nicely
<smoser> i think its generally a superset of function
<lynxman> robbiew: :D
<lynxman> smoser: fair enough :)
<smoser> the other question i had, lynxman
<smoser> the private key should be 0600 right?
<lynxman> smoser: hm I think so, wasn't sure so I didn't implement it yet
<lynxman> smoser: wanted to test it first once merged and then make the change if needed
<lynxman> smoser: but it makes sense
<smoser> lynxman, you know, you are allowed to test things *before* i merge them
<smoser> its even generally smiled apon
<lynxman> smoser: lol ;) I normally do
<lynxman> smoser: this one is highly experimental though
<smoser> lynxman,
<smoser> well, can yo udo 2 things for me
<smoser> i will push a brnach with some changes to your code
<smoser> can you build it and test it?
<smoser> lynxman, lp:~smoser/cloud-init/include_once_and_mc_cert
<lynxman> smoser: will give it a shoot
<robbiew> RoAkSoAx: hey...interested in getting cobbler to work with ARM images?
<RoAkSoAx> robbiew: though that zul already had that working..
<RoAkSoAx> zul: ^^
<robbiew> RoAkSoAx: nope
<RoAkSoAx> robbiew: yeah why not
<zul> RoAkSoAx: the ground work is there already just needs to be followed through
<RoAkSoAx> zul: cool ;)
 * smoser re-reads above, and for the 4.23e8'th time he realizes he may have sounded rude.
<smoser> sorry, lynxman
<lynxman> smoser: no worries, really
<robbiew> RoAkSoAx: cool, thx...then will send you 2 boards ;)
<RoAkSoAx> robbiew: hehe ok ;)
<Daviey> zul / RoAkSoAx: they need to work with u-boot PXE loader, and be as ready as possible to work with native PXE booting.
<zul> Daviey: agreed
<Daviey> (might need to use NCommander for support on that)
<hggdh> oh, NCommander has been package for Ubuntu?
<hggdh> :-)
<robbiew> RoAkSoAx: send me an email with your mailing address and phone, and I'll handle the rest
<robbiew> smoser: interested in a panda board?
 * NCommander apt-get instakk's himself
<hggdh> heh. BTW, NCommander, thank you for rooting my android, works perfectly :-)
<RoAkSoAx> robbiew: will do
<smoser> RoAkSoAx, i'm not un-interested.
<smoser> i would plug one in and give it a try.
<robbiew> smoser: cool
<robbiew> smoser: can you shoot me an email with your address and phone...I can take care of the rest
 * robbiew notes he should have this...but won't "go there"
<fullstop> The heartbeat + pacemaker in ubuntu-server 10.04.. is this a long-term cluster plan for ubuntu or are they moving elsewhere?
<smoser> utlemming, https://gist.github.com/1100458
<utlemming> smoser: nice :)
<apw> kirkland, hey ... i have an external usb drive on a server that i'd like to be a luks encrypted volume, got any experience of monting those during boot ? and i'd like to have it
<kirkland> apw: I don't, but kees does
<kirkland> apw: kees uses a usb drive just like that
<lsheeba> Kind attention please , im getting shell booters and host booters hitting my server , how can i trace whos doing it and how can i stop them
<lsheeba> and is their some kind of special support for such problems , that im willing to be greatful in paying the sum of hes help knowledge
<alamar> lsheeba: what are shell and host booters?
<lsheeba> It consists of some php flooding shells and a gui.
<lsheeba> the gui pings the shells and gives them a command to flood a certain IP
<lsheeba> since the shells can be on servers with high bandwidth connections, it can be a powerful flooding method.
<lsheeba> it hurts my servers badly , all of my local network cant ping the server then
<zul> er...turn it off then?
<alamar> so block their ips and try to get upstream to nullroute them
<lsheeba> their offline
<lsheeba> im on my personal pc running ubuntu 11.04 desktop
<kim0> Howdy folks, Ubuntu cloud days (day-2) starting in #ubuntu-classroom on the hour .. see you there
<lsheeba> ive blocked all oversea's ip's and allowed local ip's only and still how do they get access ?
<alamar> (and in addition contact the hoster's abuse department of the infected servers)
<lsheeba> im running a small GSP
<lsheeba> with a static ip that i have purchased
<tixo5> booters
<tixo5> arent meant not to be tracked
<tixo5> they use shells hosted on other servers that have been hacked
 * tixo5 shows his blackhat side :(
<lsheeba> cyber crime department  didnt help much , well didnt help at all
<tixo5> i gave you your answer
<lsheeba> any solution?
<lsheeba> tixo5,
<tixo5> a WAF?
<tixo5> or ddos module for apache
<thisismygame> Hello, is anyone here familiar with mdadm raid arrays? I just got the mdadm alert email saying a drive was removed from the array. It is now marked as faulty. I was curious if there is any way to see a log of when/where/how this happened?
<lsheeba> do u know of any specialized guru who will accept a payment to perform our security liabilities for this GSP , personal-aid not an organizational request because then we couldve gone for expensive firewall hardwares
<thisismygame> Further, I am curious if anyone can help with replacing the failed drive with a new drive. The new drive will be a new model and likely new make. Which specs are necessary to be consistent among hard drives across mdadm raid arrays?
<tixo5> i do penetration testing, securing servers it not my area, although i know a decent amount
<tixo5> i have work shortly but i will add you incase i can help
<lsheeba> Thanks a bunch
<StevenR> thisismygame: one thing at a time. Review the system logs at the time of the alert
<jpds> lsheeba: Rate-limit network traffic on a per-IP basis?
<lsheeba> i theory the problem of other gsp's here attacking me because of my price range in cost per slot
<lsheeba> jpds, ive tried that , and it puts pressure in hogging the router's cpu " 100% "
<thisismygame> StevenR: I just looked at dmesg and /var/log/messages. dmesg has nothing related, and /var/log/messages, is, from what I can tell, empty. :o
<StevenR> thisismygame: /var/log/syslog
<RoyK> tixo5: what do you use? openvas?
<tixo5> for pentests?
<RoyK> yep
<tixo5> many many many tools
<tixo5> i specialise in web app security
<RoyK> ok
<tixo5> trying to go for a niche :)
<RoyK> any tool in particular?
<tixo5> not being a large company i cant afford the larger tools like webinspect
 * RoyK has a scan running with openvas against his office computers
<tixo5> openvas and such are only good for finding outdated packages rly,
<tixo5> thats all it really does
<tixo5> compares versions
<RoyK> I know
<RoyK> that's why I wondered about other tools, specifically for probing webapps
<tixo5> webapps, opensource like w3af
<tixo5> not a bad framework, quite buggy atm though
<RoyK> k
<RoAkSoAx> Daviey: ping
<tixo5> there is a distro called 'Samurai' that has some really nice tools, just waiting on their 11.04 ubuntu update, as jaunty is  pain for me
<RoAkSoAx> Daviey: /win 22
<RoAkSoAx> argh
<tiphares> how can i merge 2 folders in ubuntu?
<RoyK> tiphares: rsync?
<RoyK> or what do you mean 'merge'?
<Daviey> RoAkSoAx: o/
<RoyK> unison perhaps
<RoAkSoAx> Daviey: i'll ping you again after the meeting ;)
<tiphares> i have 2 folders, 1 contains a,b,d, folder 2 contains b,c,d, and i want to marge them into ONE folder, containing a,b,c,d
<Daviey> RoAkSoAx: cool
<RoyK> tiphares: rsync -avP folder1/ folder2/ newfolder
<RoyK> iirc
<RoyK> tiphares: that won't help you with collisions, though, the data from folder2 will overwrite whatever came from folder1 (or was it the other way around?)
<tiphares> doesn't matter which ones overwrite the other
<thisismygame> StevenR: oh, they moved it. yea this has some relevant info. Buffer I/O error, dev sda, sector 0
<tiphares> as they both contain some of the identical files
<tixo5> why cant you just copy
<tixo5> move* sorry
<RoyK> tiphares: then just rsync, or as tixo5 said, copy or move - but rsync may be easier
<tixo5> depending on size rsync will be better
<RoyK> tiphares: if you have f1 and f2 and you want all in f2, cd f2; rsync -avP ../f1/. .
<tiphares> hm
<tiphares> oke, never used rsync, i'll check it out thanks
<tixo5> tiphares: it sounds like your over compicating somwething :P
<tixo5> somethign*
<tixo5> o god
<tiphares> yeah i don't know
<tiphares> i'm a noob
<RoyK> tixo5: rsync isn't really complicated, though :)
<tiphares> coming from windows; when i have 2 folders named pictures, with some of the same files in them, i can just drag and drop either folder and "merge" it with the other one
<tiphares> that's what i want to do
<tiphares> though, using a shell, of course
<RoyK> tiphares: mv f1/somedir f2
<tiphares> what happens when some files conflict then?
<RoyK> just use rsync
<RoyK> it's the easy way
<tiphares> i'm confused :(
<RoyK> or cp -R f1/* f2
<RoyK> tiphares: the unix way: There's More Than One Way To Do It
<tiphares> copying files wont really merge though
<RoyK> tiphares: cd f2; rsync -a ../f1/. .; cd ..
<thisismygame> StevenR: I think we can call this drive deceased.   http://pastebin.com/4JW5qT4j
<RoyK> tiphares: then remove f1
<RoyK> or something
<tiphares> thing is i have limited space, and the folders i want to merge are pretty big
<tiphares> but ye
<tiphares> trying out some of the stuff now
<tiphares> :p
<tiphares> kind of overwhelmed with alternatives
<tiphares> rsync man page is like a book though
<RoyK> just use -a
<RoyK> that'll cover most of what you need
<RoyK> add -v to make it verbose
<tiphares> i'd like to know what it does before i use it:p
<RoyK> -P isn't needed
<RoyK> -a == --archive => keeps all sorts of attributes, ownership etc
<tiphares> ah i see
<tiphares> -v = verbose = ?
<RoyK> yes
<RoyK> -P is --partial --progress
<tiphares> dno what verbose means :(
<RoyK> --partial won't be needed unless working with BIG files locally, but -P is short and adds verbosity :P
<RoyK> verbose == noisy
<RoyK> verbose != quiet
<tiphares> yeah alright now you lost me completelyt
<Pici> verbose means it is going to tell you about every action it does.
<tiphares> ah like logging
<StevenR> thisismygame: looks kinda that way, yes.
<StevenR> thisismygame: I think you need to tell mdraid to remove it, and then add another drive.
<tiphares> rsync man page is 2642 lines
<tiphares> that's madness
<StevenR> tiphares: why is it madness?
<RoyK> Dora:~ roy$ man rsync | wc -l 3562
<RoyK> that is - wc -l returned 3562...
<RoyK> tiphares: there's no need to read it all
<tiphares> no that's why i'm here
<tiphares> heh
<RoyK> again, -avP will be quite sufficient
<tiphares> yeah
<tiphares> i get you
<RoyK> cd /target/dir/whereever/it/is and rsync -avP /source/dir/ .
<tiphares> just trying to figure out what it's actually doing
<RoyK> make sure you add the / at the end of source dir - otherwise it'll create the sourcedir in your dir
<RoyK> you can move that out later, of course...
<RoyK> so /source/dir/ means /source/dir/* (except /source/dir/* won't move 'hidden' files starting with .)
<RoAkSoAx> Daviey: ok
<Daviey> RoAkSoAx: Hey!
<RoAkSoAx> Daviey: howdy ;)
<Daviey> RoAkSoAx: What is the status of redhat-cluster?
<RoAkSoAx> Daviey: as in?
<RoAkSoAx> Daviey: redhat-cluster is soon to be dead
<Daviey> It seems it might uninstallabale
<RoAkSoAx> Daviey: is there a bug #
<RoAkSoAx> Daviey: cause last time I check it was
<Daviey> RoAkSoAx: no, i litterally just checked the REPORT
<RoAkSoAx> Daviey: link
<Daviey> wow, i can't spell today
<Daviey> http://cdimages.ubuntu.com/ubuntu-server/daily/current/report.html
<RoAkSoAx> Daviey: will take a look at it
<RoAkSoAx> Daviey: just installed it and didn't receive any failures
<Daviey> RoAkSoAx: same here, best i can think is main/universe mistmatch?
<RoAkSoAx> kages could not be authenticated
<RoAkSoAx> Daviey: maybe it is a sources mistmatch as when I first tried to update it showed something that some packages couldnot be authenticte
<RoAkSoAx> Daviey: but was resolved by sudo apt-ge tupdate
<Daviey> interesting
<Daviey> RoAkSoAx: lets spend no more time on it, and see what the cdimage shows tomorrow
<RoAkSoAx> Daviey: yeah
<RoAkSoAx> Daviey: anyways, I wanted to talk about bug #789266
<uvirtbot`> Launchpad bug 789266 in cobbler "Cobbler: Missing yum-utils & other cobbler related utils" [Wishlist,Triaged] https://launchpad.net/bugs/789266
<RoAkSoAx> Daviey: according to what I can see, yum-utils Depends on yum
<RoAkSoAx> Daviey: do we really want to install yum in our systems?
<Daviey> RoAkSoAx: ok
<RoAkSoAx> Daviey: when deploying cobbler?
<RoAkSoAx> Daviey: (note that for reference I'm checking the spec file for yum-utils which depends on yum)
<Daviey> makes sense
<RoAkSoAx> Daviey: do we really want that?
<RoAkSoAx> do we really need yum to be installed?
<RoAkSoAx> Daviey: and packaging yum-utils will also mean packaging python-kitchen
<Daviey> RoAkSoAx: oh golly.
<Daviey> RoAkSoAx: Do we really need yum to be entirely installed for this basic support of it?
<RoAkSoAx> Daviey: as I can see in the "reposync" binary, yes we do:
<RoAkSoAx> from yum.misc import getCacheDir
<RoAkSoAx> from yum.constants import *
<RoAkSoAx> from yum.packageSack import ListPackageSack
<RoAkSoAx> import rpmUtils.arch
<Daviey> RoAkSoAx: Have you taken a sniff to see how much effort is involved in just the python bindings?
<Daviey> I suspect they will suck without the world() avaliable, but i wonder if they provide enough just for basic support?
<RoAkSoAx> Daviey: no I havent but from what I can see, there's lots of stuff that access yum modules
<RoAkSoAx> and databases and stuff
<RoAkSoAx> Daviey: so my wild guess is that it would need a great deal of tweaking for basic support
<Daviey> RoAkSoAx: I'm hessitant to suggest just ripping out the rpm support.
<RoAkSoAx> Daviey: I can just go ahead and finish packaging yum-utils to have it on archives
<RoAkSoAx> Daviey: make it depend on yum
<Daviey> I don't think Orchestra should just provide ubuntu/debian support :(
<RoAkSoAx> Daviey: and then see what happens
<Daviey> RoAkSoAx: sounds good to me.
<Daviey> I think time investigating viablity is worth it.
<Daviey> at least we've tried to support it that way
<RoAkSoAx> Daviey: yeah and it doesn't really hurt having yum-utils in the archives, since we have yum already
<Daviey> RoAkSoAx: GPWM
<kirkland> Daviey: for our first rev, i think we need to get ubuntu/debian support "right" and working well
<Daviey> kirkland: totally agreed.
<kirkland> Daviey: and i think we can do that without being evil or hostile toward other distros
<kirkland> Daviey: s/can/should/ :-)
<Daviey> kirkland: which is what we are doing :)
<kirkland> Daviey: \o/
<altice> anyone using TACACS+?
<altice> I am having trouble compiling from source
<altice> and also it has long been since removed from the Repos
<fullstop> altice: I am.
<fullstop> altice: ftp://ftp.shrubbery.net/pub/tac_plus/tacacs%2B-F4.0.4.19.tar.gz
<fullstop> and I just did ./configure to prepare it for install.. but this was a long time ago -- there is a chance that I slightly changed the source and do not remember.
<altice> yea that's what someone suggested
<altice> I saw someone elses insights on that
<altice> however, they did not apply to the errors I was getting
<altice> I'm talking now with developers to see about getting this put into the repo after I get it figured out and working
<fullstop> altice: what errors?
<fullstop> errors building or running?
<altice> building
<altice> I upgraded some in house servers to ubuntu 10.04 LTS
<altice> and I have to compile from source again for TACACS
<altice> fullstop: here's a pastebin of the output from makefile
<altice> http://pastebin.com/rsqRMefT
<fullstop> altice: one moment.. let me see if mine still builds.
<fullstop> altice: here is my full build output: http://pastebin.com/dEebuV4k
<fullstop> I am x86_64
<fullstop> Also 10.04 LTS
<altice> I believe mine are xenon cores, i686
<altice> what version of tacacs did you use?
<fullstop> The same version I sent in the link above..
<fullstop> tac_plus version F4.0.4.19
<fullstop> You are not trying to make -j 4 or anything, right?
<altice> you sent a link?
<altice> or you mean my link?
<fullstop> no, I sent a link to the tac_plus source
<fullstop> that's the one I am using
<altice> ohhh, psht gah, completely missed that
<altice> yea I'm using the same ver
<fullstop> can you make clean and pastebin the output from a fresh make?
<altice> from the same source (shrubbery)
<altice> sure thing
<fullstop> I went through the trouble of setting up tac_plus purely so I could restrict access to the ASA for the rancid process.
<fullstop> Other than that, I just have to trust myself with the ASA.  ;-)
<altice> lol, to be honest with you fullstop
<altice> I have no idea what you just said ;)
<altice> I know tacacs+ purly from a AAA standpoint and cisco gear
<altice> authorization, access, accounting
<altice> (authentication)
<fullstop> I wanted to set up RANCID (also from shrubbery), but I wanted to restrict the rights of the RANCID user.
<altice> never read into that, what is it used for?
<fullstop> rancid periodically pulls the running configuration of network equipment and puts them in version control.
<altice> mine is all based on access to network equipment. Who can log in, what commands they can use, and keeping a record of what config changes were done
<fullstop> It lets you keep track of changes
<altice> o0o0o really?
<altice> :) I might want to look into that
<fullstop> Yes, that's what I use tac_plus for as well, but just to restrict access for the process that gets the configurations.
<altice> I'll write that down, RANCID might be useful in the future.
<fullstop> There's a fork of RANCID which will let you use git as your backend if that's your thing.
<altice> my punch list is starting to get huge.......
<fullstop> http://www.shrubbery.net/rancid/
<altice> honestly, I don't do enough development work to be sold on using git
<altice> fullstop: okay I have the make file pasted, the whole ong
<altice> one(
<altice> fullstop : http://pastebin.com/DRFmEbjt
<fullstop> altice: try just "make" instead of "make tac_plus"
<fullstop> df
<fullstop> whoops
<altice> okay
<altice> ;) no way it was really that simple
<altice> hahaha
<fullstop> hahaha
<altice> wtf mate
<fullstop> cheers
<altice> thanks for your help
<fullstop> no problem.  Have fun!
<altice> I'm still going to push to have this included in the repos
<fullstop> It wouldn't be a bad idea.  It took me a while to find the source.
<tiphares> can rsync only copy stuff from a to b, and not move stuff?
<CrazyGir> it "syncronizes"
<genii-around> If you're moving stuff thats not really synchronising....
<altice> tiphares: have you read through the man pages and examples for rsync?
<altice> it should explain it
<tiphares> man pages for rsync are massive, so i thought i'd ask
<altice> it's kind of like updating backups of files, you only care about recent stuff
<altice> sure sure
<tiphares> what's the point of this channel if people can't ask about stuff
<altice> hey hey, don't get offended
<altice> just wanted to mention that the resource was available
<tiphares> i'm not, just sayin :>
<tiphares> i found the mv tool insufficient
<tiphares> so looking for alternatives
<CrazyGir> tiphares: I generally start with questions, get them answered in the manpages, get new questions from reading the manpage, then experiment and ask for hlep
<CrazyGir> tiphares: what are you doing that mv is not sufficient?
<tiphares> i'd like the option to exclude stuff from moving
<tiphares> couldnt' figure out how to do that with mv
<CrazyGir> I am trying to forward several ports on a VM server to specific VMs (running ubuntu 10.4). I found some IPTables notes and came up with the following, but ufw seems to fail when I put this in before.rules and restart ufw: -A PREROUTING -i br0 -p tcp --dport 9000 -j DNAT --to-destination 192.168.1.20
<CrazyGir> tiphares: this is unix, you combine tools
<CrazyGir> so use find or something (to create the list you want) and then run through xargs with mv
<altice> or write a script to do your dirty work
<CrazyGir> OR, create a list of files in txt, and cat this to xargs
<altice> true
<altice> you can use grep to filter out things you want
<CrazyGir> eg, you can do all sorts of things here :)
<altice> also true
<CrazyGir> small utilities to do specific things, combined in the ways that you need
<altice> power of unix tools
<CrazyGir> amen
<tiphares> yeah i'm aware of that i can make this happen with scripts
<CrazyGir> you don't need scripts
<tiphares> but i'm sorta new to nix, and wondered if there's pre defined tools to do this
<CrazyGir> cat list.txt | xargs mv ...
<CrazyGir> done.
<CrazyGir> create that list however you need to
<altice> yep, listen to Gir, that's a good method to approach this
<tiphares> hm
<tiphares> i'm confused :(
<altice> make a list of the file names your trying to move
<tiphares> manually?
<altice> hehe yes that or do it a more elegant way
<tiphares> may i ask for some input there
<altice> okay so.......first things first where are the files located
<altice> all in one folder?
<tiphares> yeah
<altice> k good
<altice> we can generate a list
<altice> easier since it's in one folder
<altice> are there similar strings of letters that you want to move and some you dont?
<tiphares> yeah
<altice> i.e.........all the files that begin with 'erg'?
<altice> give me an example?
<tiphares> T*R* is the stuff i want to move into another folder
<altice> so begin with T<anything>R<anything> ?
<tiphares> or actually, i want to move anything but T*s.A*
<tiphares> but yeah, can start off simple
<altice> okay so are you using regular expressions? do you understand those character combinations?
<tiphares> not using regex, just using * for wildcard
<tiphares> i'm awfully worthless at regex
<altice> if you do an "ls T*R*" does it give you what you want?
<altice> regex is powerful, ESPECIALLY for what your trying to do now
<altice> I'd highly suggest reading up on it, even though there is a steep learning curve at first
<tiphares> yeah i know, i have it on my bucket list:P
<tiphares> i am familiar with it
<altice> haha, should be a little more important than a "kick the bucket" list
<tiphares> heh
<altice> so basically you can use "ls" and wildcards
<tiphares> ls -lad T*R*
<tiphares> gets me the dirs
<tiphares> i want
<altice> perfect
<altice> now pipe that into a txt file
<tiphares> can i do all of that with a command
<altice> ls -lad T*R* > output.txt
<altice> yep
<alamar> what is it you want to achieve?
<altice> now you have a new file named output.txt right?
<altice> everything in there you need?
<tiphares> cool that worked out nicely altice
<altice> excellent
<altice> now use Gir's method
<altice> cat list.txt | xargs mv
<tiphares> linux 101 for dummies atm alamar :P
<tiphares> xargs = ?
<altice> and then mv where you want
<altice> http://www.cyberciti.biz/faq/linux-unix-bsd-xargs-construct-argument-lists-utility/
<alamar> you could just use find for folder(-type d) and -exec mv the {} to the destination
<altice> I'm not familiar with that, alamar, go ahead and walk through that
<alamar> find searchpath/ -type d -iname *matchme* -exec mv "{}" destination/ \;
<alamar> or -name if it shall be case sensitive
<tiphares> so many things in there i have absolutely no clue what is
<tiphares> :D
<alamar> or -regex if you want to use regular expressions for matching
<alamar> well OR you just stick to what you've just been told by altice ;)
<tiphares> i'll write your version down in my notes:p
<CrazyGir> I am trying to forward several ports on a VM server to specific VMs (running ubuntu 10.4). I found some IPTables notes and came up with the following, but ufw seems to fail when I put this in before.rules and restart ufw: -A PREROUTING -i br0 -p tcp --dport 9000 -j DNAT --to-destination 192.168.1.20
<jdstrand> CrazyGir: can you paste your before.rules file?
<alamar> what is this rule supposed to do?
<CrazyGir> sorry, got kicked
<CrazyGir> jdstrand: it's got a lot more in it than I understand
<alamar> then I'll ask again. what is this rule supposed to do?
<CrazyGir> alamar: all I want to do is forward tcp to port X on the br0 interface to a specific IP
<alamar> I do not see any destination nor that you are using the nat table
<CrazyGir> isn't that the DNAT --to-destination <IP> part?
<CrazyGir> I could also rephrase my question..
<alamar> oh sorry I didn't see it when scrolling in my backlog
<CrazyGir> what should my iptables entry look like to ensure port X does to a specific IP?
<alamar> but -t nat is missing
<CrazyGir> is what I have correct
<CrazyGir> ok, so I should add -t nat
<CrazyGir> anything else?
<alamar> iptables -t nat -A PREROUTING -i br0 -p tcp --dport 9000 -j DNAT --to-destination 1.2.3.4
<CrazyGir> I'm adding this to before.rules,  from what I have read this is the place to do so?
<alamar> 1.2.3.4:9000
<alamar> if you want to work with ufw it probably is
<alamar> (but I don't know what format/syntax/whatever works in there)
<alamar> as I said... layering something above iptables shoots yourself in the foot when you want something more than "port open/closed" ;p
<kirkland> jamespage: ping
<jamespage> kirkland: pong
<kirkland> jamespage: just wanted to touch base with you one more time on hadoop/cdh
<jamespage> kirkland: sure
<kirkland> jamespage: I was asked earlier today if we should target our hadoop packages for Canonical Partner instead of the Ubuntu Archive
<kirkland> jamespage: I didn't know if you had any plans to improve upon the latest state of packages from iamfuzz and negronjl, and try to push them to Universe ...?
<kirkland> jamespage: if not, we're going to be religated to pushing them to Partner
<kirkland> jamespage: I'd like to think that Ubuntu users would benefit from them in Universe
<kirkland> jamespage: but at this point, we'd need a Platform champion to help push that
<jamespage> kirkland: so I want to pickup hadoop/cdh longer term but we need to sort out how we work with upstream first
<jamespage> kirkland: so I think that for this release partner is really the only realistic choice
<kirkland> jamespage: is that attainable for Oneiric?
<kirkland> jamespage: okay
<kirkland> jamespage: that gives me something I can work against, schedule wise
<kirkland> jamespage: we'll target Partner and/or a PPA for Oneiric
<jamespage> kirkland: I think that is the only choice ATM
<jamespage> kirkland: are you going to go with the packages your team has produced or use the upstream distribution packages?
<jamespage> from CDH
<kirkland> jamespage: we haven't made a firm decision yet, but I think we were leaning toward our packaging
<jdstrand> alamar: fyi, ufw uses plain iptables-restore syntax in its rules files
<kirkland> jamespage: do you have an opinion or information to add?
<alamar> jdstrand: from what it looks like there are also different things going on in the files
<jamespage> kirkland: I think working with the upstream CDH packages will give you a smoother line for support/bugs etc...
<jamespage> kirkland: but I have not looked at that packaging
<kirkland> jamespage: interesting, okay
<jdstrand> no. these are just fed into iptables-restore. granted, various chains are setup, etc, but the rules files are no more than straight iptables
<kirkland> jamespage: yeah, i was looking for specific information why one might be better than another
<jamespage> kirkland: well you get better support for older releases but nothing newer than maverick ATM
<jamespage> kirkland: so that might actually answer your question
<kirkland> jamespage: ah, yeah
<jamespage> kirkland: that said they do publish a full suite of hadoop plus friends - http://tinyurl.com/3mkyqtw
<tiphares> so, can someone tell me where i screwed up the syntax here; cat filename | xargs mv TARGET
<alamar> tiphares: try mv -t TARGET
<alamar> xargs appends the input to the command string and mv, without specifying it further, treats the last input word as destination
<tiphares> didn't change much
<alamar> tiphares: what's the exact problem?
<tiphares> still working on my previous problem
<tiphares> moving certain stuff into a specific folder
<alamar> I meant with the cat X | xargs mv -t Y
<tiphares> right
<tiphares> it returns this
<tiphares> mv: invalid option -- 'r'
<tiphares> Try `mv --help' for more information.
<alamar> tiphares: try cat foo | xargs mv -t TARGETDIR --
<Guest62894> when adding the iptables line to before.rules, and then stopping/starting ufw, it freaks with: ERROR: problem running ufw-init
<jdstrand> Guest62894: can you use paste.ubuntu.com and paste your before.rules file?
<Guest62894> bah. I should be CrazyGir..
<alamar> Guest62894: do logs tell you anything more specific? also it wouild be recommendable to paste your before.rules file somewhere
<tiphares> that worked alamar
<tiphares> :S
<tiphares> that seems confusingly random
<alamar> tiphares: pardon me?
<tiphares> adding '--' worked
<Guest62894> there we go :)
<Guest62894> bah!
<alamar> tiphares: "--" prevents anything afterwards from being interpreted as commandline argumeents
<alamar> this works with every command
<alamar> more or less
<alamar> let's say most commands
<tiphares> oh
<alamar> probably with all commands using getops*
<CrazyGir> there we go :)
<tiphares> i learn something new everytime im here :P
<tiphares> awesome
<Pici> more, less, and most all support that.
<Pici> <.<
<CrazyGir> jdstrand: my before.rules (written by someone else) is quite long, and works fine by itself
<jdstrand> CrazyGir: well, I need to see what you added and where to see what the problem is
<CrazyGir> when I add this line, it fails: -A PREROUTING -i br0 -p tcp -t nat --dport 9000 -j DNAT --to-destination 192.168.1.20:9000
<jdstrand> CrazyGir: a diff of before and after is likely good enough
<CrazyGir> I added it at the end
<CrazyGir> before COMMIT
<alamar> Pici: well as I said most do. but it's probably related to the use of the getopt-family of functions for commandline parsing
<jdstrand> CrazyGir: that is your problem. the before.rules only has the *filter table
<Pici> alamar: I know, was just playing with the words you chose to use to describe that.
<CrazyGir> jdstrand: ah, so I'm a bit confused
<jdstrand> CrazyGir: see 'man ufw-framework', the 'Port Redirections' section
<alamar> CrazyGir: as I understand there are different sections like *nat and *filter
<CrazyGir> where should I be putting port redirections?
<alamar> within the *nat section
<CrazyGir> okies
<CrazyGir> okies
<alamar> jdstrand: this is by the way what I meant with other stuff in the file ;)
<jdstrand> alamar: it is still all iptables-restore
<jdstrand> you can't mix and match rules for different tables
<alamar> CrazyGir: when you put it in the nat section you will probably not need to refer to the nat table
<CrazyGir> and this is why I love pf
<jdstrand> you need a *filter table, and a *nat table and the right rules need to go in the right places
<alamar> CrazyGir: you could use iptables directly
<CrazyGir> it's iptables that is nuts :)
<alamar> no it isn't
<CrazyGir> alamar: the 'nat seciton' you are referring to.. is this in before.rules?
<jdstrand> CrazyGir: read the ufw-framework man page like I said :) it has what you need, I promise :)
<jdstrand> EXAMPLES, then Port Redirections
<CrazyGir> jdstrand: yea, I'm ther
<CrazyGir> I see there are 2 things i need for this to work
<CrazyGir> not just the one line I had
 * jdstrand nods
<CrazyGir> :)
<jdstrand> well, this is an example
<jdstrand> it is assuming the firewall is mostly closed, which is why the filter table part is there (ie, as documented, it will work with ufw)
<jdstrand> anyhoo, gotta run
<CrazyGir> not sure I follw you there, but thanks
<CrazyGir> I would call this "mostly closed"
<alamar> before.rules could be added to man 5
<alamar> jdstrand: TIL about iptables-save & iptables-restore; thank you
<hallyn> kirkland: ooh, qemu v0.15.0-rc0 was tagged
<hallyn> updating my main virt laptop to onieric today, then i'll try a sync and see hwo it goes
<CrazyGir> when starting ufw, and it fails, is there a way to get a specific line number that it errored on?
<CrazyGir> ERROR: problem running ufw-init <--- not helpful
<jdstrand> unfortunately, no
<CrazyGir> seriously?
<jdstrand> you can run ufw-init manually
<CrazyGir> ufw disable; ufw-init ?
<jdstrand> /lib/ufw/ufw-init reload
<CrazyGir> kks
<jdstrand> CrazyGir: yes, disable fine. then you will want to update /etc/ufw/ufw.conf manually to 'enable' it, then use ufw-init manually
<hallyn> doh', tehre i ago again, confusing the trees
<hallyn> 0.14.1 it is
<alamar> ah so now I understand why you did not like me badmouthing ufw :)
<jdstrand> hallyn: fyi, I uploaded a new qemu-kvm today
<CrazyGir> jdstrand: what do you mean by this? then you will want to update /etc/ufw/ufw.conf manually to 'enable' it
<hallyn> i saw the push.
<jdstrand> hallyn: not sure if 0.14.1 has the fixes or not...
<hallyn> yeah, not sure, but i'll be checking of course
<jdstrand> CrazyGir: ufw-init will short circuit if the firewall is disabled
<hallyn> still hoping 0.15.0 comes out before freeze :)
<jdstrand> CrazyGir: since 'ufw enable' is not working for you, you need to stop the short circuit. that is done by setting ENABLED=yes in /etc/ufw/ufw.conf
<CrazyGir> ah, yes, I have that
<CrazyGir> hrm, ufw-init doesn't like the *nat I included per the manpage
<CrazyGir> before COMMIT
<alamar> you probably really should paste it somewhere
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<jdstrand> CrazyGir: the *nat is after COMMIT
<jdstrand> CrazyGir: see, each table starts with:
<jdstrand> *<table name>
<jdstrand> rules for the table
<jdstrand> COMMIT
<jdstrand> so, you need:
<jdstrand> *filter
<jdstrand> your regular rules
<jdstrand> COMMIT
<jdstrand> *nat
<CrazyGir> ah
<CrazyGir> ok
<jdstrand> your new rules from ufw-framwork for PREOUTING
<jdstrand> COMMIT
<RoyK> does ufw have NAT in recent versions of ubuntu?
<jdstrand> RoyK: not via the cli, no
<RoyK> imho the lack of nat in ufw is a major drawback
<hallyn> only via the gui? :)
<CrazyGir> hah
<jdstrand> hallyn: hah, uuh, no :)
<RoyK> adding nat support to ufw must be a rather tough task - I guess an hour or three for a decent programmer :P
<kirkland> hallyn: neat
<kirkland> hallyn: you merging?
<jdstrand> RoyK: the feature is planned, and I hear what you are saying. it is something I would like myself. that said, the primary audience is for bastion hosts/desktops/server, not for routing firewalls
<hallyn> kirkland: i'll take 0.14.1 tomorrow at least
<jdstrand> RoyK: patches welcome and all that :)
<RoyK> jdstrand: still, quite a lot of people would like to use a server for NATing
<jdstrand> yep
<RoyK> jdstrand: I don't have that need atm, so I don't think I'll spend much time on it
<jdstrand> :)
<CrazyGir> jdstrand: this is going better, but iptables is not happy with the following, is there a way to get more specifics on what it doesn't like? -A PREROUTING -p tcp -i br0 -t nat --dport 9000 -j DNAT --to-destination 192.168.1.20:9000
<alamar> CrazyGir: the "-t nat" is not necessary in this setup
<jdstrand> CrazyGir: get rid of the '-t nat'
<CrazyGir> didn't you tell me to put it in there alamar ?
<CrazyGir> :P
<alamar> CrazyGir: for iptables yes
<jdstrand> CrazyGir: you already specified the table via '*nat'
<alamar> I said iptables ....
<CrazyGir> hah
<CrazyGir> :)
<CrazyGir> ok, much better
<CrazyGir> jdstrand: that makes more sense _now_ ;)
<CrazyGir> slowly piecing together my understanding with iptables here
<CrazyGir> I appreciate the patience
<jdstrand> CrazyGir: if you are going to be fiddling a lot with before.rules, I recommend reading the iptables man page
<CrazyGir> I'm hoping to limit it to this one set of port forwards
 * jdstrand nods
<CrazyGir> these servers are all setup (and actually someone else's responsibility)
<alamar> so stop messing with his fw setup1!!!! ;)
<CrazyGir> I'm responsible for the VMs running on these servers
<CrazyGir> but I'm responsible for the VMs, and he's floating somewhere in some water somewhere in greece
<alamar> CrazyGir: I wasn't serious ;)
<kirkland> hallyn: FYI, I just turned off my email subscription to ~ubuntu-virt's monitored packages (kvm, libvirt, and friends)
<kirkland> hallyn: please explicitly subscribe me to any bug that you'd like my attention to
<kirkland> hallyn: it's been ages since I've needed to do anything on any of those bugs beyond the excellent work that you, mdeslaur, and jdstrand already do
<kirkland> hallyn: so I turned off that swath of bugmail (so I can focus on other swaths of bugmail) :-)
<kirkland> Daviey: ^
<Daviey> kirkland: Yeah, i think we have it covered in ~ubuntu-server, thanks for letting us know.
<kirkland> Daviey: np;  never hesitate to subscribe me, if I can help
 * Daviey subscribes kirkland to all bugs :)
 * kirkland runs for cover
<CrazyGir> hah
<hallyn> kirkland: thx for the heads-up.  (just left the faraday cage^W^Wporch for a minute :)
<kirkland> hallyn: heh, cool
<kirkland> hallyn: i think my airstream is a faraday cage
<martyn> kirkland : Close to it .. Aluminum isn't known for being radio-transparent
<martyn> kirkland: What's got you in an airstream?
<kirkland> martyn: fun thing to have sometimes
<martyn> Well, sure :)  I was wondering if you were travelling...
<martyn> I've gone to various Burning Man related events in an airstream ... it was 60's retro fun :)
<kirkland> martyn: ah, no, not at the moment
<kirkland> martyn: nice;  mine's a 1968
<martyn> Hoo .. that's nice
<martyn> Hard to keep the aluminum skins in perfect condition.. but they are wonderful trailers
<martyn> Got a kitchen in yours?
<martyn> (some had 'em, many didn't .. beautiful mini kitchenettes though)
<kirkland> martyn: yup
<kirkland> martyn: it's pretty nice
<hallyn> oh ffs, i go to all the trouble to instal lwindows so i can install firmware update, and the update fails to install
 * hallyn hates firmware junk
#ubuntu-server 2011-07-27
<uvirtbot`> New bug: #816754 in nova (universe) "add ovs-vsctl to sudoers file" [Undecided,New] https://launchpad.net/bugs/816754
<uvirtbot`> New bug: #816758 in php5 (main) "Cant type some characters in readline()" [Undecided,New] https://launchpad.net/bugs/816758
<DanaG> Say, what's the difference between the generic kernel and the server kernel?
<DanaG> And how do I get my server to automatically enable the tweaks powertop usually suggests?
<DanaG> hmm, seems like laptop_mode may do part of it.
<DanaG> Now if only I could tie laptop_mode ac/battery into apcupsd...
<twb> DanaG: if you install both, you can just diff /boot/config-*
<twb> apcupsd (or nut?) probably has event hooks similar to acpid
<DanaG> The tweaks laptop-mode does are the runtime-PM and the ALPM and all that.
<twb> laptop-mode does a whole bunch of shit
<twb> like spinning down idle disks
<DanaG> Yeah, I want it to do write-clumping on AC, but drop back to failsafe on battery.
<DanaG> Oh, I can have apcupsd call laptop-mode
<DanaG> I'm trying to figure out why my microserver is taking 28% of the capacity of my APC ES 550.
<DanaG> Newegg states the capacity is 330 watts; 28% of that is 92 watts.
<DanaG> Oh wait.... I have my laptop on it, too.  Silly me.
<twb> DanaG: and the LCD monitor too, probably
<twb> And the switch
<twb> Not much point having all your servers on the UPS if the switch isn't -- the server runnign nut won't be able to tell the other servers to shut down
<DanaG> I only have the one microserver, anyway.
<DanaG> I run it headless, or use the HP IPMI card.
<DanaG> hmm, it's still saying 28% load.
<DanaG> I'll bet that's bogus.
<DanaG> That's after taking my laptop out from behind it.
 * DanaG wishes AMD would make an ES1000 IPMI chip.
<DanaG> That way you could have native-res framebuffer on IPMI.
<twb> Fuck that shit
<twb> Give me a ttyS0 any day
<DanaG> Yeah, that's even better.
<twb> Good luck getting it these days, tho :-/
<DanaG> Do any of you guys have contacts at HP, who would take firmware issues seriously?
<twb> It's all "just browse to this totally broken web management UI" crap
<DanaG> The Microserver has a couple of issues: ACPI declares wrong KCS base address, and their IPMI firmware doesn't give the serial-over-LAN support the IPMI chip itself supports.
<DanaG> Oh, and no option to have external graphics as default while still leaving internal GPU enabled.
<lifeless> SpamapS: your lxc branch needs an update ;)
<DanaG> So anyway, if any of you guys have real liaison with HP, please try to get them to fix those things!
<DanaG> oh, and I had to install a modded BIOS to be able to use AHCI (and hotplug mode) on all ports.
<ttx> Daviey: Crowbar open sourced at https://github.com/dellcloudedge/crowbar
<twb> What is it?
<ttx> twb: Dell's solution to deploy OpenStack on bare metal, somehow competition to Ubuntu's Orchestra
<ttx> Dell promised to open source it but it took months
<twb> Out of curiosity, how well do (either) deal with heterogeneous hardware?
<ttx> twb: no clue. I suspect Orchestra is pretty agnostic, and Crowbar has a reliance on some Dell stuff
<SpamapS> lifeless: my LXC branch is effectively dead unless niemeyer decides to reverse his position 180 degrees. :-(
<twb> SpamapS: what branch is this?  I'm seriously invested in LXC on lucid.
<SpamapS> twb: its for Ensemble
<SpamapS> wow.. ifupdown has 106 normal open bugs
<SpamapS> wtf!
 * SpamapS wonders why nobody has taken it upon themselves to rid us of this "literate programming" monstronsity. :-P
<SpamapS> twb: are you switching to the natty backport kernel then?
<lifeless> SpamapS: surely something is better than nothing ?
<SpamapS> lifeless: its apparently just a trivial thing for somebody to do it the "right" way.
<lifeless> bitter much ?
<lifeless> SpamapS: is there anything I can do ?
<twb> SpamapS: no, currently I am just not touching the kernel at all
<twb> SpamapS: I will probably have to switch to the backport kernel at some point, or just reroll the normal lucid one to remove that clusterfuck vsftpd "fix"
<SpamapS> lifeless: hazmat and flacoste and myself have all presented compelling cases for having both. The "I don't want to maintain two ways of doing it" argument seems to have set and cured.
<twb> SpamapS: re ifupdown, there's "ipcfg"
<lifeless> that presumes one is  asuperset of the other
<lifeless> how will one bring up lxc in dev mode ?
<SpamapS> using the "local" provider
<lifeless> does that touch your host OS ?
<SpamapS> which says you have one machine, that can provide infinite LXC containers... whereas ec2 will be able to provide only one "null" containier
<SpamapS> lifeless: its 6 and 1/2 dozen IMO.. but apparently we have to lay the foundation for the future work now.
<SpamapS> (a trap I've seen nearly every purist fall into)
<twb> There's also "netscript", but I think that's old and abandoned
<lifeless> SpamapS: so how much work is it to update the branch ?
<SpamapS> twb: I like /etc/network/interfaces, and all that it provides.. but god save me if I ever have to patch ifupdown.
<SpamapS> lifeless: couple hours probably.
<lifeless> SpamapS: I suspect it will take me longer...
<lifeless> SpamapS: I can't wait for the real-deal, whatever it is, to get experimenting with lxc
 * SpamapS sees those big blue (blue?) eyes givign him a watery anime stare...
<lifeless> SpamapS: so either I need to can the experiment; do it myself, or hopefully some kind soul familiar with the code will do it ;)
<lifeless> SpamapS: btw, lxc - and 'public' ips is easy
<SpamapS> lifeless: let me see if I can find a gnome on my laptop to do that..
<lifeless> set the interface to br0, and setup a br0 with eth0 in it
<SpamapS> lifeless: yeah, public IP is simple... assign elastic IP.. nat.. done.
<lifeless> of course, this fails horribly on non-AP mode wifi, but thats broken-by-design anyhow.
<lifeless> SpamapS: no nat, no elastic IP :)
<twb> SpamapS: also the lack of iproute2
<SpamapS> oh you mean for local dev.. for local dev .. virbr0 should be fine
<lifeless> SpamapS: thats local machine only; I mean for LAN accessibility to the brought up services
<SpamapS> lifeless: yeah, for that its the exact same problem space that libvirt lives in
<lifeless> yah
<SpamapS> lifeless: yeah, public IP is simple... assign elastic IP.. nat.. done.Warning: criss-cross merge encountered.  See bzr help criss-cross.
<SpamapS> oops
<SpamapS> lifeless: Warning: criss-cross merge encountered.  See bzr help criss-cross.
<SpamapS> lifeless: 8 conflicts.. not the end of the world
<lifeless> I saw a ref to vnet as a bridge interface, but in my libvirt vnet isn't a bridge of its own
<lifeless> but an interface connected to virbr0
<SpamapS> lifeless: my lxc branch plays dumb and just feeds in these three lines as the lxc config
<SpamapS> lxc.network.type=veth
<SpamapS> lxc.network.link=virbr0
<SpamapS> lxc.network.flags=up
<SpamapS> of course, that should be configurable
<lifeless> yeah, but thats a different discussion :>
<SpamapS> 1 conflict(s) resolved, 5 remaining
<SpamapS> die conflicts die
<SpamapS> ok.. trunk merged.. but.. does it work? :-P
<twb> FFS, my patch panel's wonky or something; wiggling the RJ11 socket fixed the 40% packet loss / 800ms latency
<SpamapS> ugh.. they've gone and abstracted everything to kingdom come
<twb> I hate that
<SpamapS> "We might need another value for booleans.."
<SpamapS> ;)
<twb> Naming everything that might ever need to vary
<alamar> SpamapS: this is why they made ternary ram ;)
 * SpamapS now understands why they had to rip out his "don't start a machine if you don't have to code" .. because they've painted themselves into a corner w/ assumptions. tsk tsk.
 * SpamapS will play along
<lynxman> Daviey: ping
<Daviey> lynxman: o/
<lynxman> :)
<_johnny> anyone know which system is used for www git view on, say, git.videolan.org?
<_johnny> ah, gitweb
<SpamapS> lifeless: progress!
<SpamapS> 2011-07-27 03:32:09,967 INFO Bootstrapping environment 'lxc' (type: lxc)...
<SpamapS> 2011-07-27 03:32:09,970 DEBUG Launching Ensemble bootstrap instance.
<lifeless> woo
<lifeless> SpamapS: ship it!
<SpamapS> hrm.. lxc may be broken on my machine
<SpamapS> hmm.. maybe cgroup-bin isn't working..
 * SpamapS puts the mount back
<SpamapS> lifeless: ok, lp:~clint-fewbar/ensemble/lxc-container seems to at least try to start an LXC container properly. Unfortunately, my LXC is broke so will have to monkey with that tomorrow.
<SpamapS> lifeless: I think I've finally reached the end of my insomnia.. ttyl
<borat> hi
<borat> i have an apparmor related question
<borat> since apparmor is path based, is there a way to ensure that the file the path points to is actually the file it's supposed to be?
<jdstrand> borat: I'm assuming you are referring to symlinks?
<pmatulis> http://manpages.ubuntu.com/ seems braindead today
<borat> eg ensure that /usr/bin/firefox is actually the executable of firefox and not a link to /tmp/funny-little-script
<borat> jdstrand: yes, mainly
<jdstrand> borat: apparmor resolves symlinks, so that is not a problem. hard links are treated like any other path, so the hard linked path would need a separate access rule to allow access
<jdstrand> (or a separate profile, if you are referring to attachment)
<jdstrand> (or alias)
<borat> jdstrand: what happens if I just replace the executable? will apparmor detect that or could i place a checksum in the profile or something?
<uvirtbot`> New bug: #816934 in samba (main) "package samba-common-bin 2:3.5.8~dfsg-1ubuntu2 failed to install/upgrade: subprocess dpkg-deb --fsys-tarfile returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/816934
<jdstrand> borat: if the executable is in the same path, then access is allowed. that said, you would not typically give a confined application write access to binaries it is allow to execute (or itself)
<jdstrand> borat: well, 'access is allowed'-- I should say 'access is the same as the profile previously allowed'
<zul> ttx: i had a look at crowbar yesterday *giggle*
<borat> jdstrand: okay, thanks for the enlightenment :)
<skeuds> Hello everyone,
<skeuds> I am a beginner on Ubuntu server, i have a dedicated server with ubuntu 10.04 installed and today when i try to login on my server with ssh, i get this error message and the connection is closed :
<skeuds> "/bin/bash: Exec format error"
<skeuds> If someone have an idea it will be very cool
<twb> skeuds: what's the exit status?
<skeuds> I have this message :
<skeuds> Last login: Wed Jul 27 13:55:18 2011 from xxxxxxxxxxxxxxx.fbx.proxad.net
<skeuds> Connection to xx.xxx.xxx.xxx closed.
<skeuds> oups
<skeuds> Last login: Wed Jul 27 13:55:18 2011 from xxxxxxxxxxxxxxx.fbx.proxad.net
<skeuds> "/bin/bash: Exec format error"
<skeuds> Connection to xx.xxx.xxx.xxx closed.
<twb> That is not the exit status
<skeuds> How can i get the exit status ?
<twb> echo $?
<skeuds> ok i get it : 1
<twb> Not helpful.  Try "ssh foo -t pwd", where "foo" is the destination.
<skeuds> Ok i try
<skeuds> Same error :
<skeuds> "/bin/bash: Exec format error"
<skeuds> Connection to xx.xxx.xxx.xxx closed.
<skeuds> Exit status 1
<twb> OK, I don't know, that system is totally fucked.
<twb> It sounds like you have managed to boot an x86 kernel with an x86-64 userspace or something
<twb> Have you been messing with your kernel?
<skeuds> I have juste installed a clean copy of ubuntu 10.04. No manual modification
<Pici> When did you install it?
<skeuds> 1 year ago
<Japje> ssh user@xxxxxxxxxxxxxxx.fbx.proxad.net -c "/bin/sh uptime"
<Japje> see is sh is broken
<Japje> or /bin/dash
<twb> Uh, it's not -c
<Pici> skeuds: You just installed Ubuntu 10.04, or you installed it a year ago?
<skeuds> I installed it 1 year ago
<twb> Japje: "/bin/sh uptime" is not a cipher spec
<Japje> twb: the -c flag was command right?
<Pici> I wonder if the server was comprimised
<twb> No
<Japje> damn
<Japje> my memory needs an upgrade
<Japje> didnt need the -c :P
<skeuds> With : ssh mailto:user@xxxxxxxxxxxxxxx.fbx.proxad.net "/bin/sh uptime"
<twb> Sadly sshd still uses system(3) instead of execvp :-/
<skeuds> i have the same error
<skeuds> "/bin/bash: Exec format error"
<twb> skeuds: that's because uptime is not a program
<twb> Er, not a sh script in the working dir
<twb> skeuds: you should just reinstall the thing
<ewook> so how about you point out the full path to uptime
<twb> ewook: it'll still use system
<twb> You *can't* opt out of system()
<skeuds> So i must reinstall all the system ?
<twb> skeuds: unless you can work out why bash is pissed off
<skeuds> Ok thank you for your help
<skeuds> :)
<_ruben> no physical/kvm/whatever access to the box?
<ewook> errr
<ewook> just go ssh whatever@something "/usr/bin/uptime"
<ewook> if your user has a default shell, that is
<_ruben> but if that default shell happens to be broken....
<ewook> true, then you do have an issue.
<skeuds> I have a rescue system
<skeuds> boot on a network operating system
<skeuds> To make maintenance operation
<skeuds> perhaps i will try it before reinstall
<ewook> but, ssh whatever@something "/bin/sh" should get you another (in a crazy way) shell.
<skeuds> Nop ewook, i have always "/bin/bash: Exec format error" error message
<ewook> skeuds: well, don't do bash then
<_ruben> if bash is the default shell, any other shell would be spawned by bash, and if bash is broken...
<ewook> doh..
<ewook> didn't think of that ofcourse.. but scp should still work? so replacing whatever "default" you have should be doable, right?
<_ruben> if you allow root logins to overwrite /etc/paswd ... :)
<_ruben> +s
<ewook> lul
<twb> This is why sashroot
<ewook> try to think in 30 degrees C ... naah..
<ewook> physical access?
<skeuds> No physical access
<ewook> *_*
<ewook> bleh
<ewook> glhf, since I'm just running around in circles due to the heat, I'll do no good here.
<skeuds> ^^
<uvirtbot`> skeuds: Error: "^" is not a valid command.
<jamespage> zul: I need an opinion on how todo something - around?
<zul> almost always
<zul> but if its a bad opinon i will deny that i said it
<jamespage> zul: great
<jamespage> zul: so this is with respect to jenkins plugins - some of which I aim to package
<jamespage> when a plugin is installed it requires a restart of jenkins to get it noticed
<zul> right
<jamespage> however it would be possible to install a number of plugins all in one go; and I don't really want to restart jenkins after each  - I want todo it after they are all installed
<jamespage> is this posible? or should I leave it up to the admin to schedule the restart?
<jamespage> I've left it as the second option ATM - mainly because it means you can install the plugin(s) and then enable them at a later date when the jenkins instance is not busy
<zul> jamespage: well you can do a trigger a restart of jenkins when you do a package install but that might be a bit hairy
<zul> right with my admin hat on i would do the second part
<jamespage> that was my thinking as well - did not want to get to clever with the package
<jamespage> I'll add some notes into the README.Debian to state that a restart of jenkins is required
<jamespage> that should keep folks happy.
<zul> cool beans
<raubvogel> In https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html, under Consumer Configuration,  olcRootPW should match the same one in the master/provider ldap server, right?
<mendel_> guys how do I reinstall a pci card
<mendel_> I've added some drivers to the blacklist and want to reinstall it
<uvirtbot`> New bug: #817034 in php5 (main) "PHP SOAP Extension Not Working" [Undecided,New] https://launchpad.net/bugs/817034
<dori922> is UEC 11.04 compatible with unupdated UEC10.10 nodes?
<jamey-uk> I've just installed 11.04 server on my new machine, upgraded all the packages and then noticed the kernel images were being held back. So I did a dist-upgrade, which sorted it out but it reinstalled GRUBâ¦ seemingly incorrectly as I now get the GRUB rescue screen on boot. I've tried using the Rescue mode of the CD but it seems that my UEFI machine has meant the disk was formatted with GPT which it doesn't seem to support. Wha
<RoyK> jamespage: I thought ubuntu/grub was supposed to support GPT
<RoyK> jamespage: big disk?
<uvirtbot`> New bug: #817074 in etckeeper (main) "Please merge etckeeper 0.56 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/817074
<uvirtbot> New bug: #795089 in python-xattr (universe) "[MIR] python-xattr" [Undecided,Fix released] https://launchpad.net/bugs/795089
<Daviey> uhoh
<hallyn> kirkland: getting ready to push qemu-kvm0.14.1 merge.  Tests fine here.  (I almost, once AGAIN, pushed with the roms!)  It's a pretty trivial merge, but if you want to take a look first gimme a shout
<kirkland> hallyn: dude, I trust you -- if you want *me* to look at it, though, I'd be glad to
<kirkland> hallyn: as for the roms problem, add a check in debian/rules
<hallyn> good idea, think i'll do that before pushing.  thx
<kirkland> hallyn: or, rather, add rules in the clean target to prune them *every* time
<hallyn> btw, there is a tests/pi_10.com program in there (binary)
<kirkland> hallyn: actually, a check is probably good, since it's the tarball
<kirkland> hallyn: wtf is that?
<hallyn> dunno. windows executable?
<hallyn> it's tiny
<hallyn> lemme see where it's used
<hallyn> hm, i'd previouslyi removed it (for 0.14.0), but it had shown back up somehow
<hallyn> it's used by tests/qruncom.c
<kirkland> hallyn: hmmf;  remove it
<kirkland> hallyn: and poke aligouri and figure out how to build it
<kirkland> hallyn: i'm always surprise how/why he ships all these binaries with the upstream source
<hallyn> kirkland: dont' blame him    http://repo.or.cz/w/qemu.git/history/HEAD:/tests/pi_10.com
<hallyn> added in 2004  by bellard, never changed since :)
<kirkland> heh
<robbiew> Daviey: hey...did we ever do the flip with ntpd and ntpdate?
<Daviey> robbiew: no, not happend yet
<Daviey> still TODO
<robbiew> cool deal
<uvirtbot> New bug: #817135 in bind9 (main) "package bind9 (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/817135
<Daviey> robbiew: i was concerned ntpdate (via ubuntu-minimal) and ntp would conflict, but it seems both can be installed safely.
<zul> SpamapS: can you ack landscape-client in the SRU queueu
<SpamapS> zul: i didn't see it there
<zul> but i uploaded it
<SpamapS> oh, only lucid
<SpamapS> I was looking in natty :p
<zul> oh...
<Daviey> robbiew: so, seems ntp binds to 0.0.0.0 .. we need to make the default only bind to localhost to instal it by default.
<robbiew> RoAkSoAx: ever been to Boston?
<RoAkSoAx> robbiew: nope but wanted to go there for quite a while :)
<robbiew> RoAkSoAx: well...the week of August 29th, you'll get your wish...talk to kirkland ;)
<kirkland> robbiew: ;-)
<kirkland> RoAkSoAx: we'll take the plans private
<kirkland> robbiew: thanks!
<RoAkSoAx> robbiew: hehe cool, will do ;)
<zul> RoAkSoAx: its not actually boston btw ;)
<RoAkSoAx> zul: lexington ? :)?
<zul> yep
<Daviey> RoAkSoAx: make sure you take some tea with you, there is a shortage there.
<RoAkSoAx> zul: close enough, just 30 mins :)
<patdk-wk> stop dumping it into the bay
<RoAkSoAx> Daviey: hehe will do.. I;m a tea drinker
<Daviey> good stuff!
<aleperalta> Hello all, I'm using hardy in a server and I've just installed the postgresql-8.4 backports, and it's running fine, but now I need postgresql-8.4-postgis but that isn't supplied by the backports. I've also checked out the ppa UbuntuGis but postgresql-8.4-postgis isn't supplied by the ppa. What choices do I have besides compiling?
<Daviey> aleperalta: consider backporting it yourself?  Others might appreciate it :)
<patdk-wk> aleperalta, beg, plead, file a backport request
<aleperalta> Daviey: nope, I can try... any how-tos on that?
<aleperalta> patdk-wk: hehe :-D I don't think they'll listen to prayers.. :-)
<SpamapS> zul: done
<zul> SpamapS: thanks
<uvirtbot> New bug: #817155 in postfix (main) "package postfix-mysql 2.8.2-1ubuntu2.1 failed to install/upgrade: problemas de dependÃªncia - deixando desconfigurado" [Undecided,New] https://launchpad.net/bugs/817155
<dkn> anyone know how to make the /var/log/auth.log longer? i can only see a couple days back, when i want to see a couple months back
<dkn> duh... got it.... auth.log.1
<ahasenack> hi, does anybody know why a kvm natty guest would have the directory /sys/bus/xen ?
<ahasenack> and not always, I don't know yet what happened, we are still investigating it
<ahasenack> as we used that directory to report the vm as being of type xen, but in fact it's kvm
<uvirtbot> New bug: #817167 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.10 failed to install/upgrade: sous-processus script post-installation installÃ© tuÃ© par le signal (Processus arrÃªtÃ©)" [Undecided,New] https://launchpad.net/bugs/817167
<Slyboots> I've got an absoluty bewildering problem with Ubuntu-server and using iSCSI
<Slyboots> If I try to access the same iscsi lun from two locations at once.. the server resets the network connection.  But instead of going back to its static IP it pulls an address from the DHCP pool
<Slyboots> ... *why*
<Slyboots> This is seriously pulling a kibosh on its usage as a server, I've already set it as a static interface in /etc/networks/interfaces
<Slyboots> So I dont get it
<hallyn> kirkland: do you think a check for binaries should be done from the clean: or the build: rule?
<kirkland> hallyn: hmm, clean, probably
<hallyn> eh, the clean rule already forcibly removes them
<Slyboots> Might it be worthwhile to strip out the dhclient totally?
<Slyboots> But I would like to *solve* the problem, and sto pit crashing when I access iSCSI at all x.x
<hallyn> I'm going to stop it removng them
 * Slyboots headscratches
<Slyboots> Im really strugglign to also find out why iscsi is causing the network card to crash
<Slyboots> I've been throught eh logs but.. Im not seeing anything usful
<Slyboots> And I cant bloody remove dhclient "Virtual packages like dhclient can not be removed"
<Slyboots> wtf
<uvirtbot> New bug: #817187 in linux (main) "libvirt FTBFS on 2.6.39 and later kernels" [Undecided,Invalid] https://launchpad.net/bugs/817187
<raubvogel> I am installing slapd and it is not asking me for the admin password I want it to use. How can I enter it or force it to be asked? FYI, I can completely wipe the ldap thing if needs to be (and I know which directories need to go).
<oCean> !google | oCean
<ubottu> oCean, please see my private message
<g0t> Results for | oCean on Google:
<g0t> --
<oCean> g0t: you should disable that script
<jcastro> kirkland: where do you keep all those nifty preseed config files? the ones for automating installs
<kirkland> jcastro: i mostly use http://bit.ly/uquick
<kirkland> jcastro: it's under bzr control in lp:bikeshed and lp:orchestra
<kirkland> jcastro: you can do a quick/dirty/unattended install by a) booting a server cd and b) adding the following to the kernel command line "local=en_US priority=critical url=http://bit.ly/uquick"
<jcastro> ah that URL is what I was missing, thanks.
<zroysch> hello
<zroysch> I have an mdadm raid-0 that recently had a drive fail, or at least marked as faulty. I just want to replace it.
<zroysch> does anyone know of a resource that will specify what exactly I need to match on the existing drive to make it work properly?
<zroysch> rpm? cas? cache?
<zroysch> sorry I meant raid1. it is a mirror
<qman__> zroysch, mdadm doesn't care about any of that
<qman__> just create a raid partition at least as large as your existing one, and add it to the array
<qman__> performance is determined by the least common denominator
<qman__> so you want a drive equally as large or larger than the one it's replacing, and equally fast or faster
<zroysch> qman__: ok, thank you
<LeChacal> hi, question my isp has port 80 blocked for incoming connections (like for a web server), I know that I can change the port that apache looks for but then to get to the web site you have to type example.com:88 if the port was changed to 88. Is there something I can do to get around my ISP blocking 80 but not have to include the port number at the end of the url? googling isn't coming up with much thank you
<qman__> you can't get around having the port number on your URL
<qman__> what you can do, though, is sign up for something like dyndns, and create a redirect
<qman__> and have your.website.com redirect the user to 1.2.3.4:88
<qman__> or other.website.com:88
<LeChacal> i didn't think that DNS held port data
<qman__> it doesn't
<qman__> but dyndns.com and some other sites offer that service
<qman__> for free
<qman__> so, your site is still :88, but you have a URL that will redirect users without the port number
<LeChacal> hmm didn't know that, thank you, i am reading the dyndns site now
#ubuntu-server 2011-07-28
<minashokry> hello guys, I have subdomain.domain.com and svn running on http://www.domain.com/svn, the subdomain is being redirected to another service with mod_proxy like "ProxyPass / http://localhost:xxxx" now, when I try to access the svn I see the request is sent to this other service and I get 404 error. any help?
<zroysch> can I not mount and use a mdadm raid1 drive partition when the other drive failed?
<SpamapS> you can
<SpamapS> zroysch: you should have received a warning on bootup that the array was degraded
<zroysch> SpamapS: server has yet to be rebooted. i was actually alerted of it with the md email telling me the one drive has been removed from the array and marked faulty
<SpamapS> zroysch: that shouldn't prevent you from using it.
<zroysch> well here's what it's looking like md0 : active raid1 sdb[1] sda[2](F)
<zroysch>       1953514496 blocks [2/1] [_U]
<zroysch> sdb still apparently ok
<SpamapS> Yeah, thats a degraded array
<SpamapS> it should still be working
<zroysch> the scary/weird thing is sda and sdb dont even show up in fdisk -l anymore
<zroysch> sudo mdadm -E /dev/sdb
<zroysch> mdadm: No md superblock detected on /dev/sdb
<zroysch> ah got something with sudo mdadm --detail /dev/md0
<zroysch> http://pastebin.com/26T0xh4M
<SpamapS> zroysch: shouldn't be anything scary at all.. you have backups right?
<zroysch> nope
<SpamapS> many have made this mistake, so do not feel bad baout it. RAID is not a backup solution. :)
<zroysch> i already know this
<zroysch> lost data a few months ago on a raid5 failure
<zroysch> i have more hard drive failures than anyone i know
<zroysch> i really don't know how or why
<zroysch> pissing me off
<SpamapS> Hard drives were made to fail
<Daviey> SpamapS: you are buying the wrong brand then :)
<SpamapS> Daviey: my brother in mac hardware arms.. any ideas on how to get Natty onto a mac book air? ;)
<SpamapS> Its failing miserably for me at the moment. :(
<Daviey> funny you say that
<SpamapS> About to d/l vmware fusion
<Daviey> https://help.ubuntu.com/community/MacBookAir :)
<SpamapS> no
<SpamapS> thats useless
<Daviey> bah
<Daviey> SpamapS: you have a new laptop then?
<SpamapS> Yeah
<Daviey> pass.. i had to spin my own iso with my kernel patch to get Maverick on this one.. :)
<SpamapS> thats what I'm afraid of
<SpamapS> why can't anything be easy?
<SpamapS> >:
<Daviey> life is a ...
<SpamapS> when you look at it
 * SpamapS heads off to run errands "IRL"
 * Daviey heads to bed.
<Daviey> nn peeps
<T3rm> I've a small issue, I changed my default gateway, the route is correct, however, traffic is still going to the old default gateway. >.<
<Daviey> T3rm: renew your dhcp lease or change your /etc/network/interfaces gateway
<T3rm> well, it's statically defined.
<Daviey> i assume you are using a different IP address, as your arp table might also need blating.
 * Daviey really heads out of the door now. nn
<T3rm> How would I restart all of that without a reboot?
<qman__> new connections should use the new gateway
<qman__> while persisting ones should use the old one
<qman__> if new connections are not using the new gateway, the setting hasn't stuck or been done right
<qman__> there's no way to change persisting connections over, they must be closed and reopened
<qman__> so each program which has such a connection will need to reconnect or restart
<T3rm> aha
<T3rm> Next question... I'm a noob with sendmail, what quick commands can I use to delete mail from a particular sender email?
<uvirtbot> New bug: #817283 in open-vm-tools (multiverse) "package open-vm-dkms 2011.03.28-387002-0ubuntu1.1 failed to install/upgrade: open-vm-tools kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/817283
<DanaG> hmm, I'm pondering removing that Intel nic, after all.
<DanaG> Any of you have lots of experience with Intel and Broadcom NICs, to know if there's any real worthwhile difference between Broadcom 5723 and this Intel?
<DanaG> lemme' dig up link.
<DanaG> http://www.newegg.com/Product/Product.aspx?Item=N82E16833106033&Tpk=intel%20nic%20expi9301ctblk
<DanaG> If anything, powertop shows just slightly higher wakeups with the Intel.
<DanaG> okay, for now I'm leaving the Intel in place.
<hellonew> is there anyone working on xen virtualization?
<hellonew> really need some guide in ubuntu 10.4 para-virtalization
<DanaG> heh, about the only thing I can think of putting in that PCIe slot, is a serial card.
<hellonew> I have tried many appraoches, it still doesn't wok
<hellonew> tried to upgrade from 8.04 to 10.04, install an compiled xen domU kernel and modules then replace that in an HVM ubuntu, all doesn't work
<hellonew> no one answer....
<hellonew> Oh,,, nopes
<DanaG> har, this usb3.0 card has a SATA power connector:
<DanaG> http://www.newegg.com/Product/ImageGallery.aspx?CurImage=15-644-001-02.jpg&Image=15-644-001-02.jpg&S7ImageFlag=0&WaterMark=0&Item=N82E16815644001&Depa=0&Description=HP%20USB%203.0%20SuperSpeed%20PCIe%20x1%20Card%20Model%20BM867AA
<DanaG> Random and somewhat off-topic, but still nifty.
<hellonew> newegg....
<hellonew> eggache
<SpamapS> lifeless: so, the Oneiric version of the lxc tools and templates is far superior to the natty version.. its taking a lot less time to create/start containers on oneiric...
<lifeless> SpamapS: yeah, serge + upstream == win
<SpamapS> lifeless: unfortunately, cloud-init is broken in natty, and pretty much everything is broken in oneiric.. so spawning containers that can be booted w/ cloud-init data is proving.. tricky
<SpamapS> I'm toying with converting the cloud-init stuff to rc.local
<Tommy_nmw> hello everybody
<Tommy_nmw> hi
<trapmax_> is it safe to edit olcDatabase\=\{1\}hdb.ldif while slapd is running? i need to add some not indexed olcDbIndex -parameters
<iclebyte-work> I run about 20 servers now and I'd like to enable the automatic security updates however I want to be notified of each package before it's installed. My idea is to run a local apt-repo and then having a staging repo which comes from the live one. However I want to manually 'sign off' on packages for promotion into the local repo from the staging one. I can then point all servers to the main local cache. Are any tools avail
<iclebyte-work> able to do this? I don't want to write it myself if it's already been done!
<blinkiz> Hello. Where can I get help about failover with ISC DHCP?
<blinkiz> It seems like the failover is not true failover. If one of two server goes down, after a couple of hours, the server that is working will start to complain about "peer holds all free leases". It should know that the other server is down and it can use all available IP addresses
<cwillu_at_work> I don't suppose anyone has noticed if a recent update slightly broke samba?
<zul> wha?
 * cwillu_at_work would like to be more specific, but hasn't narrowed it down yet beyond "word 2003 won't save new files" and some unsuccessful-looking messages in /var/log/samba/log.winbindd-idmap
<cwillu_at_work> lots of http://pastebin.com/QAWjthU7
<cwillu_at_work> (smb.conf hasn't changed in months, this only started a couple days ago)
<pmatulis> cwillu_at_work: what version of samba are you running?
<twb> So what *did* change a couple of days ago?
<cwillu_at_work> pmatulis, whatever is in lucid
<cwillu_at_work> twb, I installed updates :p
<pmatulis> cwillu_at_work: look at the changelog
<cwillu_at_work> nothing is jumping out at me
<cwillu_at_work> hence my asking
<glycoknob> hi
<glycoknob> I'm fighting with a strange bug in 10.4 lts server.
<glycoknob> apt-get / lograte / grpconv all have permissions set to 000 after doing a apt-get dist-upgrade
<glycoknob> I suspect webmin-virtualmin packages but I'm not sure. There has to be a bug in some post-install script
<greppy> glycoknob: I think that may be one reason that webmin isn't really supported on ubuntu.
<Pici> Or on Debian.
<glycoknob> so the bug is known and related to webmin? I'm really not sure, this apparead just now after upting apt, logrotate and webmin. So I'm not sure wether it is webmin
<greppy> not saying it's known, just that webmin isn't really supported due to some of the things it does to permissions and the contents of config files.
<glycoknob> ok. I'd like to sort that bug out. Where can I look? It must appear in the post-install scripts of the packages? What else could create permissions 0000 after updating?
<glycoknob> ok I can reproce this: apt-get --reinstall apt
<glycoknob> after doing this:
<glycoknob> ls -al /usr/bin/apt-get
<glycoknob> ---------- 1 root root 122640 2011-07-13 13:11 /usr/bin/apt-get
<Ursinha> bom dia amiguinhos
 * cwillu_at_work blames a windows update
<pyasi> has anyone successully upgrade a 6.06 server to 8.04 after the EOL date?  I'm getting errors about prerequisites missing running do-release-upgrade.
<patdk-wk>  yep
<patdk-wk> it's cause the 6.06 branch doesn't exist anymore, do-release-upgrade doesn't work
<pyasi> I am using the old-release.subuntu.com as the URL in my sources.list
<pyasi> er. old-releases.ubuntu.com
<patdk-wk> I have never done that
<patdk-wk> but to upgrade, I just edit sources to what I want, 8.04 in this case
<patdk-wk> and to an upgrade, dist-upgrade
<patdk-wk> normally works without any issues
<patdk-wk> on my friends though he had an issue, but easy enough to fix
<patdk-wk> defently not the recommended upgrade method
<CrazyGir> pyasi: how has that server gone so long without an update?
<pyasi> it's only a month after the EOL for 6.06
<CrazyGir> so
<patdk-wk> I normally start planning upgrades after 3years, so 2years before EOL
<CrazyGir> exactly
<CrazyGir> eg, not waiting until the last minute
<patdk-wk> 1.6years till planned upgrade to 12.04 :)
<pyasi> I would have rather upgraded it earlier too, but there was a business reason that was out of my hand to keep it the way it was, in any case I thought do-release-upgrade should work
<patdk-wk> nope, never has for me, on the machines I forgot about
<patdk-wk> those rarely touched machines that just do their job you never look at :)
<patdk-wk> mainly cause they where installed with non-lts for some reason, so needed more constant updating
<patdk-wk> but so far, just changing the source.list file and doing an update worked pretty good
<pyasi> ok, i'll try the sources file, I can go right from dapper to hardy, not have to do gutsy, feisty in order?
<oCean> pyasi: I think it is archive.ubuntu.com
<patdk-wk> gutsy and feisty haven't existed for a long time
<oCean> pyasi: https://help.ubuntu.com/community/EOLUpgrades/Dapper
<patdk-wk> oh nice :)
<pyasi> oCean, those instructions don't work anymore, 6.06 is not on archive.ubuntu.com now
<oCean> pyasi: the packages are there
<pyasi> but dapper isn't there afaik
<oCean> pyasi: oh wait, right
<oCean> but at old-releases they are?
<oCean> so it seems
<CrazyGir> pyasi: could you not just build a new system and migrate services?
<CrazyGir> wouldn't that make more sense?
<CrazyGir> I definitely don't know what other constraints you have going on
<CrazyGir> but that seems to be a more sensible option
<shan> hello! I have a ubuntu 8.04 lts server with Raid1 with 2 x 250GB Sata HDD
<shan> I have ltsp server also running on it.
<shan> All of a sudden today, the users were not able to log into the server through the terminals.
<shan> I rebooted the server and while rebooting the server said ext3: no journal on filesystem on md2
<shan> any idea as to how I could resolve this situation?
<davros> why is server being a pain, somehow KDE was installed cant boot from usb anymore i wanna redo the install ugh
<shan> any one who could help me out with pointers to the server booting problem? It would be great!
<SpamapS> shan: are you booting into a recovery console then?
<smoser> Ursinha, is http://people.canonical.com/~ursula/server/triage-report/ the right location for that report now?
<shan> spamaps: yes, it says it that there is some error in the filesystem and to run fsck manually.
<Ursinha> hi smoser! I managed to add it in http://status.qa.ubuntu.com/reports/ubuntu-server/triage-report.html
<Ursinha> more obvious to everyone :)
<shan> I did that too..
<shan> but still the problem persists
<Ursinha> smoser: it's update every 10 minutes, so it's pretty fresh
<SpamapS> shan: are you certain your RAID is running ok? maybe look in /proc/mdstat
<Ursinha> updated, even
<Ursinha> Daviey: hola
<shan> I did that and it says all the drives are working.
<smoser> Ursinha, cool. i have http://ubuntu-server-new-bugs.notlong.com pointing to it. had to update that.
<shan> for all the partitions it says active and [ _U]
<shan> I guess it would be a F if the partition had failed?
<jpds> shan: No, it's _ if it failed.
<Ursinha> ah, sorry smoser, I'm working on setting things up yet
<shan> jpds: so what does the U stand for?
<shan> and its says active for all the partitions?
<jpds> shan: And it's drives it's showing, not partitions.
<shan> ok
<shan> md2:active raid1 sdb6[1]
<guhcampos> Is there a big difference between the KVM versions from Kernel 2.6.32 to 2.6.38? I plan to deploy a virtual host and I can't decide between CentOS 6 and Ubuntu 11.04
<smoser> Ursinha, ah. i see. we're set now. http://ubuntu-server-new-bugs.notlong.com -> http://status.qa.ubuntu.com/reports/ubuntu-server/triage-report.html
<shan> 29294400 blocks [2/1] [ _U]
<smoser> there isnt as much need for my link as there was before as yours has tokens in its path that my awesome bar will find.
<shan> this is a sample of what I get when I do a cat /proc/mdstat
<Daviey> Ursinha: hola
<shan> md2:active raid1 sdb6[1]
<shan> 29294400 blocks [2/1] [ _U]
<shan> jpds: ?
<shan> spamaps: ?
<shan> unused devices: <none>
<PrickelPit> shan, whats so difficult? just read...your raid has a defect. your md2 raid1 is missing the second partition amongst /dev/sdb6.
<jpds> shan: You have a dead drive, go and replace it?
<shan> ok, thanks for the help guys!
<SpamapS> to be clear though, that shouldn't cause FS corruption
<SpamapS> so you should also consider verifying your data integrity against backups if at all possible
<shan> ok
<jo-erlend> I have an mdadm raid5 array with lvm partitions on it. I would like to mount these on a blank system. How do I do that?
<jo-erlend> I thought it should be sufficient to use mdadm --assemble --scan and then just mount the partitions as usual, but only md0 shows up in /dev and md1 contains my data.
<smoser> zul, does the 'apache -v' output at https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/815865 make sense to you?
<uvirtbot> Launchpad bug 815865 in apache2 "Cookie variable in Apache LogFormat outputs incorrect value" [Medium,Fix released]
<zul> looking
<smoser> it reports 2.2.12 but https://launchpad.net/ubuntu/+source/apache2 shows nothing like that...
<smoser> oh.. i guess he's running karmic?
<smoser> is there somewhere where i could ssee what versions were in karmic?
<jo-erlend> smoser, rmadison
<zul> smoser: yeah that looks sane but clint already commented on that bug
<smoser> verified
<smoser> https://launchpad.net/ubuntu/+source/apache2
<jo-erlend> I wish I could figure out how to mount my partitions. :(
<jo-erlend> all help appreciated. This is becoming really frustrating.
<PrickelPit> jo-erlend, lvm2 installed? vgdisplay -v saying anything?
<smoser> zul, SpamapS was digging same time i was.
<zul> ah
<zul> ok
<jo-erlend> PrickelPit, it was not. It is now and what lvdisplay shows seems correct. But I still can't find the partitions in  /dev
<PrickelPit> jo-erlend, reboot.
<jo-erlend> oh, ok. I'll give it a whirl. :)
<DormantOden> Hey, I've just setup a raid 5 with 4 disks, but whenever I copy ISO files and exe files over to it they become corrupted. Anyone have any ideas why that might be happening?
<uvirtbot> New bug: #817606 in lxc (main) "lxc-ps breaks with cgroup-bin" [Medium,Fix committed] https://launchpad.net/bugs/817606
<Daviey> hallyn: You might want to set bzr whoami ?
<hallyn> Daviey: feh, i had done a bzr launchpad-login...
<hallyn> Daviey: there
<hallyn> zul: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/817606  the tree linked to there, can you push that?  (Or I can upload a debdiff if you prefer)
<uvirtbot> Launchpad bug 817606 in lxc "lxc-ps breaks with cgroup-bin" [Medium,Fix committed]
<zul> debdiff please
<uvirtbot> New bug: #566827 in lxc (main) "[lucid] 0.6.5 cannot umount /var properly if it is on a separate partition - container does not start" [Medium,Fix released] https://launchpad.net/bugs/566827
 * hallyn wonders about uvirbot sometimes
<hallyn> zul: http://people.canonical.com/~serge/lxc-fix-lxc-ps.debdiff
<zul> hallyn: done
<hallyn> zul: thx.  now back to the shutdown issue.  Though I'm tempted to wait on that in the hopes that we push the full fix into kernel at the sprint...
<zul> hallyn: okie dokie
<hallyn> but yeah, the problem with oneiric is that /var/run is a symlink to /run, and the lxc monitor opens /proc/<init-pid>/root/var/run/utmp, but ends up opening /run/utmp on the host :)
<zul> ewww...couldnt you check to see if the path exists or soemthing
<hallyn> zul: yeah, that's what i'm gonna do - check for /run/utmp first
<hallyn> the whole process is so hacky from the start that it makes you not want to keep it working :)
<zul> heh
<uvirtbot> New bug: #817565 in lxc (main) "containers will not shutdown" [High,In progress] https://launchpad.net/bugs/817565
<hallyn> kirkland: man, the hangs on t1.micro - it must just depend on who you're sharing with.  usually i haven't noticed trouble, but today it's horrible
<kirkland> hallyn: yeah, agreed, me too
<kirkland> hallyn: today seems really bad
<kirkland> hallyn: i upgraded to a m1.small to share with iamfuzz earlier
<kirkland> hallyn: i took byobu out of the equation, and it was the same thing
<kirkland> hallyn: ssh -t <hostname> screen
<hallyn> SpamapS: so how do i find a list of open high-priority sru-nominated bugs against qemu?  (so i can roll them all into one -proposed push)
<hallyn> zul: http://people.canonical.com/~serge/lxc-fix-shutdown.debdiff  (last one for today :)  this fixes the shutdown hack for me
<zul> done
<hallyn> zul: thanks!
<hallyn> now to send these upstream
<zul> hallyn: no worries
<SpamapS> hallyn: you should ask Ursinha
<Ursinha> me
<Ursinha> just a moment, link on the way
<davros> should i use dynamic dhcp or static dchp for a set up of, modem>server>wirelessrouter>terminals ? giving the wireless router a static ip?
<cloakable> I'd use static personally
<davros> eth0 is modem the eth1 to the wireless giving the wireless a static ip
<SpamapS> adam_g: hey are you here at oscon today?
<dkn> can i increase the max number of /var/log/auth.log files so i can see even further back in time, or increase the file size limit?
<SpamapS> dkn: yes look in /etc/logrotate*
<dkn> @SpamapS thanks
<Pici> dkn: It's in the rsyslog file
<Ursinha> hallyn: sorry, the nominated report wasn't working due to a lp hiccup, and it's taking a while to be generated, but it's on its way
<Ursinha> hallyn: it should be here: http://people.canonical.com/~ursula/server/sru-report/sru-accepted.html
<Ursinha> in a few minutes, I believe
<hallyn> Ursinha: cool, thanks.  Is that going to be regularly generated?
<Ursinha> hallyn: yes, every ten minutes for the index, and every half an hour for the nominated
<hallyn> Ursinha: awesome!  thanks, that could make a huge difference
<hallyn> (in getting srus more organized for qemu and libvirt)
<Ursinha> hallyn: cool, that's nice to know :) anything else you find useful, let me know
<hallyn> Ursinha: though, mind you, i was going based on the url itself.  the page is not yet loading for me
<Ursinha> hallyn: it's not because it's wrong, but because it's taking long for the script to finish
<Ursinha> I'm trying some optimizations here
<hallyn> ok
<hallyn> no hurry then :)
<Ursinha> hallyn: is qemu-kvm the package you're interested in?
<hallyn> yeah
<hallyn> well, and libvirt too
<Ursinha> ok, just checking
<Ursinha> because I check the packages ubuntu-server team is subscribed to
<Ursinha> and the only qemu package on the list is qemu-kvm
 * hallyn off to take the car in.  be back in awhile
<robbiew> Ursinha: ping
<Daviey> Ursinha: the next thing we need to do is smoke test SRU's :)
<Aison> where can I register my own oid for ldap?
<joren> Does anyone know how to track down which /dev/sdx device "ata1.00:" is referring to in dmesg?
<uvirtbot> New bug: #739815 in nova "euca-authorize and euca-revoke throws unknown error for invalid port range" [Low,Confirmed] https://launchpad.net/bugs/739815
#ubuntu-server 2011-07-29
<pdtpatrick> Question .. im trying to connect through openvpn but for some reason it wont see my user.keys file. It exists but when u go to add it through network manager it just doesn't see it
<iceflatline> pdtpatrick: when you say it doesn't see it you mean you navigate to the file's location?
<iceflatline> *can't navigate
<pdtpatrick> i can navigate to it
<pdtpatrick> but it just sees the .crt files
<pdtpatrick> and nothing else
<shan> I have installed ubuntu 10.04 server and installed ubuntu desktop to use it as a ltsp server
<shan> When I rebooted it after the desktop installation the monitor shows unsupported input
<shan> the graphics chipset is ati es1000
<shan> could some one help me with this.
<shan> It was working find with ubuntu 8.04 lts
<twb> shan: what's happening is that 10.04 defaults to using native resolution, even on the console
<twb> shan: but your monitor reports it supports a resolution, that it actually doesn't
<shan> twb: so how do I resolve this situation?
<twb> shan: this is called "Kernel Mode Setting (KMS)", or the "nomodeset" option.  How you turn it off depends on some stuff I can't remember.
<twb> Or, of course, you can just use a different monitor
<twb> One way that works reliably for me is to 1) lsmod , find the framebuffer driver; 2) write "blacklist foo" into /etc/modprobe.d/blacklist-framebuffers.conf; and 3) update-initramfs -u -k all and reboot
<twb> That way turns off the high-res console entirely, putting you back to traditional 80x25 console
<shan> how do I find the frabebuffer driver from the list in lsmod?
<twb> It'll be i915, i915fb, radeonfb, nvidiafb, or something like that
<twb> Probably it will be using or used by the fbcon module
<shan> fbcon is 71
<twb> shan: just pastebin the whole thing
<shan> vgastate is vga16fb
<twb> OK, vga16fb is the one to blacklist
<twb> http://paste.debian.net/124439/
<hallyn> Ursinha: SpamapS: I think what I really want is just this: https://bugs.launchpad.net/~ubuntu-sru/+subscribedbugs?orderby=-importance&search=Search&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.searchtext=qemu-kvm   (varying the last arg)
 * Ursinha looks
<Ursinha> hallyn: hmmm.
<shan> rebooting...
<shan> its the same
<shan> twb: any clue?
<twb> shan: did you follow ALL my instructions?
<hallyn> Ursinha: really it shouldn't be necessary :)  but sru stuff in -proposed is often getting kicked out before it gets verified (and some older ones just got held up bc of my old misunderstandings regarding SRU)
<hallyn> Ursinha: but now (tomorrow) i can roll all the pending SRU fixes into one upload
<Ursinha> hallyn: that's easy to do, the report you want
<hallyn> Ursinha: the search pretty much does it I think
<hallyn> I wasn't sure if it'd do quite what i want, but it seems to
<shan> yes, I blacklisted the framebuffer and then did a update-initf.. and the rebooted
<Ursinha> hallyn: I mean, if you need any other info that's not in the list
<Ursinha> hallyn: but if launchpad does the job, that's even better :)
<hallyn> Ursinha: \o/
<hallyn> Ursinha: i do hope you'll keep the other page up too, it is useful
<Ursinha> hallyn: I will :) It's a bit broken right now, but it's in my todo list to fix thaqt
<Ursinha> that, even
<shan> twb: any other clue?
<twb> shan: when was /boot/initrd.img* modified
<shan> it is giving me todays date
<shan> about a few minutes back
<twb> OK, then instead of "blacklist module", try changing it to "install module /bin/false"
<twb> That is a kind of stronger blacklisting
<twb> But it should've already worked...
<shan> should I do it in the blacklist-fram... file
<shan> I have removed the entry in the blacklist-framebuffer file.
<shan> where should I make the install module /bin/false?
<shan> twb: ?
<philipballew> can someone help me mount my flash drive
<shan> twb: could you please let me know where I should put the install module /bin/false?
<shan> i am sorry if this is too dumb a question :(
<hallyn> smoser: hey, your cobbler-dev build-image script lies :)  help says -s is shortopt for preseed, but code says -p
<hallyn> smoser: trying it out now.  it looks sweet.  very sweet
<twb> shan: in the blacklist file, instead of the line you already put in there
<twb> shan: and then update-initramfs -u -k all again, of course
<shan> ok
<shan> twb: I have put "install vga16fb /bin/false" in the blacklist file
<shan> done, rebooting...
<uvirtbot> New bug: #817843 in mysql-5.1 (main) "package mysql-server-5.1 5.1.54-1ubuntu4 [modified: usr/share/doc/mysql-server-5.1/examples/my-large.cnf.gz] failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/817843
<StrangeCharm> i have a gpg key which is well-known, and i want visitors to my personal website to be able to use ssl if they wish, but i don't want to pay for an ssl cert. is there a useful way for me to use my gpg key so that visitors can verify the authenticity of their ssl session?
<e_t_> Those are different technologies. If your users trust you, you can generate your own self-signed SSL cert and have them trust it.
<uvirtbot> New bug: #817854 in clamav (main) "package clamav-freshclam 0.97 dfsg-2ubuntu1.1 failed to install/upgrade: el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 2" [Undecided,New] https://launchpad.net/bugs/817854
<Dravekx> is there anyway to send a message cross server about downtime if people are logged in via SFTP or SSH?
<jmarsden> Dravekx: rwall might do what you need?
<Dravekx> jmarsden, maybe. looking now. thanks.
<jmarsden> Dravekx: You're welcome.
<TRK> Can anyone help me figure out why I get a lot of "Cannot adopt OID in..." errors when I enter "php" in the prompt like this:
<TRK> :~$ php | less
<TRK> Cannot adopt OID in NET-SNMP-MONITOR-MIB: nsDisk ::= { netSnmpObjects 22 }
<TRK> Cannot adopt OID in NET-SNMP-MONITOR-MIB: nsProcess ::= { netSnmpObjects 21 }
<TRK> Cannot adopt OID in NET-SNMP-VACM-MIB: netSnmpVacmMIB ::= { netSnmpObjects 9 }
<TRK> Cannot adopt OID in NET-SNMP-TC: netSnmpCallbackDomain ::= { netSnmpDomains 6 }
<TRK> and the list just continues with "cannot adopt" errors
<_ruben> sounds like a snmp module within php going beserk or something
<Tommy_nmw> hi
<Tommy_nmw> can anyone help me set up webserver?
<_ruben> install apache/lighttp/nginx/your-webserver-app-of-your-choice, done
<Tommy_nmw> ruben: hi
<Tommy_nmw> It is not that easy. I dont want to access webserver with IP . I want to access with domain name
<Tommy_nmw> can I change localhost to one specific name to be accessible with domain name instead of IP
<greppy> Tommy_nmw: do you have a dns server setup to translate the name to an IP address?
<Tommy_nmw> greppy: no
<greppy> if you want people to be able to go to a name instead of an IP, you are going to need DNS setup as well.
<Tommy_nmw> greppy: we have DNS server but we can't touch it
<Tommy_nmw> greppy: we are not supposed to configure it
<greppy> someone is going to have to point the dns name to the IP of the webserver.
<Tommy_nmw> greppy: so...........
<greppy> so you are going to need whoever controls the dns server to setup the domain and point the name for the website to your IP address.
<mark105> have a mild problem, i have an old ibm Xserver 440 and i need to disable lapic at boot to get it to boot and not hang
<mark105> now it has 8 cpus but its only initing one, would lapic be the cause of this
<Leen151> Hi! somebody can help me about install mod_proxy_html vers.3.1?
<uvirtbot> New bug: #782291 in lxc (main) "reboot in a container gets somehow stuck" [Medium,Incomplete] https://launchpad.net/bugs/782291
<jamespage> Daviey: are the work items on https://blueprints.launchpad.net/ubuntu/+spec/server-o-syslog-information still high priority
<jamespage> though I might pickup octopussy
<Daviey> jamespage: It's probably now a medium.. but still worth doing if you wanna tackle it!
<jamespage> OK - I'll pickup the work items related to packaging octopussy
<Daviey> \o/
<uvirtbot> New bug: #817985 in setserial (main) "package setserial 2.17-45.3ubuntu1 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/817985
<max06|work> Good evening :)
<max06|work> Just a little question: Is it possible to modify the installation-image of ubuntu 10.04 LTS Server?
<max06|work> I need to add a script, it must be executed at the first boot after installation
<max06|work> (I don't use ubuntu as my working system, so I can't use Remastersys...
<IdleOne> Pici: the ip changes I believe
<IdleOne> might need something a little wider
<Pici> oh
<IdleOne> oCean: ^^
<oCean> IdleOne: I can't :(
<IdleOne> oCean: I know but what ban did you set to keep it out?
<IdleOne> that should work
<Pici> IdleOne: it was nhandler's.
<patrickmw> jamespage: just trying up some documentation loose ends.  Could you quickly finish ec2 doc when you get a chance? thanks https://wiki.canonical.com/UbuntuEngineering/QA/sprints/QAAutomationSprintJun2011/EC2TestingSetup
<jamespage> zul: around? I have a question re octopussy and init scripts I need some help with
<zul> jamespage: yep
<jamespage> zul: coolio
<jamespage> zul: so I have a basic package working; however octopussy kinda ships its own init script - which is also the main control program
<zul> okie dokie
<jamespage> 'octopussy' spawns a whole load of other processes - web server, dispatches, parsers and a whole load of other stuff
<zul> ewwwwww
<jamespage> so upstart can't really track it
<zul> right
<jamespage> octopussy start - spins everything up
<jamespage> octopussy stop - shutsdown everything
<jamespage> so I could package it with a standard init script rather than upstart
<jamespage> but that feels like the easy option
<uvirtbot> New bug: #750782 in nova "Include python-routes 1.12 in Lucid PPA (openstack api doesn't work with lucid one)" [High,Confirmed] https://launchpad.net/bugs/750782
<zul> jamespage: correct its probably the best option for now
<jamespage> ack: I'll re-jig it then
<cupcakeone> hey
<cupcakeone> i have a quick question
<cupcakeone> if you take the bootable flag off from a partition during installation, do you loose the data on it?
<uvirtbot> New bug: #740475 in nova "ajaxterm support missing from 2011.1.1 ubuntu packages" [Medium,Fix released] https://launchpad.net/bugs/740475
<Daviey> soren: Do i understand correctly that bug #740475 should be fixed in the packages uploaded today?
<uvirtbot> Launchpad bug 740475 in nova "ajaxterm support missing from 2011.1.1 ubuntu packages" [Medium,Fix released] https://launchpad.net/bugs/740475
<Ursinha> robbiew: hello, you there? are we having that call?
<robbiew> Ursinha: heh...yep, I'm here
<robbiew> just wrapping up some things beforehand...sorry
<robbiew> need a minute
<mterry> jamespage, hello!  Got a sec to talk about nut?
<jamespage> mterry: sure
<jamespage> what do you need to know?
<mterry> jamespage, so it split into multiple packages?  Is that just a packaging change or was there new code that required the split?
<jamespage> mterry: its just a packaging change from what I understand to separate the client and server components from each other
<mterry> Meh, not even sure if that needs a MIR then.  I'll rubber stamp it after a cursory look
<jamespage> mterry: I was a little unsure so erred on the side of caution in this instance
<jamespage> zul: is it possible to install the apache2 binaries without actually installing the init scripts?
<zul> jamespage: what do you mean?
<jamespage> zul: so octopussy runs an apache instance; is has its own config and runs as the octopussy user so it can interact with the daemons etc...
<zul> jamespage: wha..?
<jamespage> however it likes to used the apache2 binaries - but if I just dep on apache2 I end up with two running instances....
<zul> pastebin?
<jamespage> branch
<zul> branch is better
<jamespage> Â lp:~james-page/+junk/octopussy
<jamespage> all of the sin is in usr/sbin/octopussy
<zul> k
<smb> Daviey, just out of interest... what would be the difference between server-o-rs and ...-ro?
<Daviey> smb: You really want the magic of the secret sauce?
<Daviey> I *would* have to kill you.
<smb> Daviey, Oh only to decide whether I need to care or worry. :-P
<RoAkSoAx> zul: ping
<Daviey> .
<RoAkSoAx> Daviey: \o/
<Daviey> oh hai RoAkSoAx
<RoAkSoAx> Daviey: how's it going today man?
<Daviey> jamespage: How did your pass at Octopussy look?
<Daviey> RoAkSoAx: Pretty good!
<Daviey> It's Fridat!
<Daviey> :()
<jamespage> Daviey: OK - I have it working - just sorting out the upstart/init script mess
<Daviey> jamespage: *rocking*
<jamespage> Daviey: its startup is not elegant and it does some stuff with apache2 I don't like much
<Daviey> eek
<jamespage> but other than that hope to have it ready by EOD
<Daviey> awesome!
<Daviey> I wanna try it myself.. so looking forward to that
<Daviey> RoAkSoAx: how did the sniff at yum support go?
<RoAkSoAx> Daviey: I've already uploaded yum-utils and it is in the new queue
<RoAkSoAx>  Daviey: though, I'm not installing *everything* tjhat comes with the source as at the moment it doesn't really seem necessary for just needing "reposync"
<RoAkSoAx> Daviey: i';ve also uploaded python-kitchen, which will be a dependency of yum-utils in the next releases we get as itis not the latest upstream release because yum is not either
<Daviey> RoAkSoAx: that is GREAT news
<Daviey> i feared we'd have to drop that support for Oneiric
<Daviey> nice one
<RoAkSoAx> Daviey: I have just packaged it, and yet to test it with cobbler, but should be working as expected, since it didn't fial when I manually tested it
<RoAkSoAx> Daviey: so we are definitely not gonna have to remove the support
<Daviey> \o/
 * Daviey celebrates to the on hold music.
<RoAkSoAx> Daviey: just want it to hit the archives first, so after a3 i can concentrate on fixing it in cobbler if there's something to fix
<Daviey> ack
<CrazyGir> hello! I have a whole bunch of VMs running on a few servers. the servers were setup by another admin, and by default, the VMs are connected to their own network. this is great, as most VMs should not be directly accessible from the internet, but I have a few VMs which need "real" (internet routable) IP addresses. I have the static information I need, and I tried configuring a test VM, but am unable to get to the VM from the IP I have assigned
<photon> which VM software, CrazyGir?
<CrazyGir> to hone in on a question: am I going about this the right way? I have configured the VMs with a bridge interface, sourcing from the VM server's br0 (this is setup just like other VMs with ext. IPs - setup by the other admin), and on the VM I have an eth0 with the static configuration
<CrazyGir> photon: kvm and libvirt
<CrazyGir> I feel like I
<CrazyGir> I feel like there is something I am overlooking with how this _should_ work
<CrazyGir> there isn't any IPTable stuff I need to do on the VM servers?
<zul> RoAkSoAx: pong
<RoAkSoAx> zul: hey, did you start working on the pandaboard yet?
<zul> RoAkSoAx: nah im missing some bits and peices
<RoAkSoAx> zul: same here
<zul> RoAkSoAx: hopefully by sunday
<RoAkSoAx> zul: is there any standard pieces needed., or are you just gonna go do some  "grocery" shopping
<airtonix> what's pandaboard?
<pmatulis> CrazyGir: maybe paste the guest's xml file
<RoAkSoAx> airtonix: www.pandaboard.org
<zul> RoAkSoAx:  im missing some power stuff and some serial stuff
<RoAkSoAx> zul: im missing everything :) but I meant, are there any standard powersupply or a known supply to be used with it
<RoAkSoAx> zul: or you are jusyt gonna go get whatever you find in the store
<zul> RoAkSoAx:  5v power supply basically
<zul> RoAkSoAx: http://www.pandaboard.org/content/resources/getting-started
<RoAkSoAx> zul: ah I see.. i thought there was a place to "buy accessory bundle for your pandaboard here"
<pmatulis> CrazyGir: pastebin that is
<zul> RoAkSoAx: not in ottawa ;)
<CrazyGir> am I missing anything on a logical note?
<orudie> Error in configuration file /etc/dovecot/dovecot.conf line 691: Unknown setting: sieve
<orudie> any ideas ?
<jamespage> RoAkSoAx: ebay was my friend for pandaboard accessories.... - BTW needs a 5V 4A supply - quite a few are only 2A
<RoAkSoAx> jamespage: cool thanks for the tip
<RoAkSoAx> any that you'd recommend?
<philipballew> does ubuntu server come with things like alsa and sound stuff installed?
<hallyn> zul: dude, the 'list of required accessories' is quite long
<zul> hallyn: yeah i think i can get away with a usb serial cable and plug
<hallyn> that'd be nice
<hallyn> that's what i did for gumstix
<hallyn> but it came with power supply and everything else :)
<hallyn> wonder if that one will work with the pandaboards
<maccam94> is there a way to prevent fsck from running from grub?
<ikonia> maccam94: please don't cross post issues
<ikonia> maccam94: are you using the desktop or the server ?
<maccam94> server
<maccam94> ikonia: i only crossposted since it appeared dead in here.
<ikonia> maccam94: if fsck runs, it's because it's needed, why do you want to stop it ?
<maccam94> ikonia: it dies, and then i can't get to a shell to fix anything
<ikonia> what do you mean it dies ?
<maccam94> i mean, it has a fatal error and dies. i can't really investigate any further without a shell
<ikonia> fatal error and dies ? please try to be exact
<ikonia> what do you mean by "dies"
<ikonia> what is the fatal error warning
<maccam94> just a minute, getting console access is a pain (have to vpn, use a vmware plugin)
<maccam94> ikonia: /dev/sda1 was not cleanly unmounted, check forced.\n /dev/mapper/eubuntu10x64-root: clean, 94906/229680 files, 597462/918528 blocks.\n /dev/sda1: 204/124496 files (2.9% non-contiguous), 38875/248832 blocks \n mountall: fsck /boot [364] terminated with status 1
<maccam94> (\n's are newlines)
<ikonia> maccam94: is this on a raid disk
<maccam94> ikonia: no, the root is on lvm by default
<ikonia> ahhhh it's root
<ikonia> sorry, lvm
<maccam94> it's a virtual machine running at a private cloud host
<maccam94> but in any case, i want to prevent fsck from running so i can get a shell
<ikonia> what's /dev/sda1 ?
<maccam94> that should be the raw lvm partition
<maccam94> iirc
<ikonia> so why is /dev/sda1 being mounted outside of lvm
<maccam94> i don't know, mountall is grabbing it somehow
<maccam94> but it doesn't help if i can't get a shell
<maccam94> (booting in rescue mode doesn't help)
<ikonia> maccam94: I would boot from a livecd to repair this
<ikonia> no it won't if your file system is damaged
<maccam94> ikonia: it's a virtual machine, that's not possible
<ikonia> use a livecd
<ikonia> you can boot a virtual machine from cd/iso media
<maccam94> it's at a remote private cloud, i don't have the ability to connect an iso to it
<ikonia> maccam94: then contact the people who manage it and ask them to do it
<maccam94> i am the person who manages it. it's infeasible to mount an iso over our WAN connection
<ikonia> mount it locally on the cloud site
<maccam94> they don't support that
<ikonia> who is they ?
<maccam94> Terremark
<ikonia> just calling them now
<maccam94> huh?
<ikonia> they fully suppor that and will allow that
<ikonia> support
<ikonia> I've just spoke to Derek
<maccam94> i can mount an image, but it's not feasible to do that over the wan
<ikonia> you don't have to
<ikonia> they have local storage you that holds ISO for booting
<ikonia> they will even mostly have an image already there if it's a common supported OS
<maccam94> again, not feasible with my WAN to upload that
<maccam94> we are on the enterprise cloud, not their vcloud, so things are a bit different
<ikonia> they already have an image for common supported OS's
<maccam94> there is no option to use an ubuntu livecd, they only have VMware Tools or upload
<ikonia> maccam94: I've just spoken to Derek, if you ask them, they will do it
<ikonia> if you don't want to do this, then your machine is dead and ruined
<maccam94> it's honestly easier for me to spin up another, but i wanted to debug why this happened
<ikonia> ok, I suggest you do another then
<md5> Hi there.  I'm a programmer and SA in need of some advice
<md5> been running ubuntu-server in our prod environments for 3 years now.
<md5> fantastic experience.  Lately I ran into a problem though
<md5> one stipulation of running ubuntu on prod is that we stick with LTS, so we're on 10.04
<md5> recently, a project required us to make libcurl requests over SSL
<md5> platform is stock LAMP from the repos
<md5> the bug that I'm fighting now is in openssl-0.9.8k
<md5> SSL3_GET_RECORD:bad decompression
<md5> My exact question is -- is it possible to upgrade to a later openssl version while preserving the OS version at LTS 10.04
<md5> (my desktop is running kubuntu 10.10 which uses openssl 0.9.8o-1ubuntu4.4 -- this version does not have the bug I experience)
<md5> would it be as simple as building a new openssl from source, then having an apt rule that prevents downgrades below 0.9.8o-1ubuntu4.4 ?
<ikonia> md5: I'd personally advise against that
<ikonia> md5: I'd suggest logging a bug to get the issue resolved.
<mdeslaur> md5: are you able to reproduce that issue reliably?
<robbiew> Ursinha: ready to go this time :)
<Ursinha> robbiew: all right, mumble?
<md5> mdeslaur: I am.  The primary problem I believe has been logged as a Debian bug for that package version
<mdeslaur> md5: could you please file an ubuntu bug and link the debian bug to it?
<md5> ikonia: I tend to agree.  I don't want to get into a dependency hell when it comes time to manage updates
<md5> mdeslaur: of course.  thank you
<RoAkSoAx> zul: what SD card will you use?
<zul> i have one 4 and one 8 GB sd card
<RoAkSoAx> zul: http://www.omappedia.com/wiki/PandaBoard_Accessories_%26_Peripherals#SD_cards
<RoAkSoAx> zul: pretty much saying that class 4 sucks
<zul> meh its not my day to day computer :)
<RoAkSoAx> zul: lol yeah but installations would take forever :)
<zul> RoAkSoAx: im just doing the pre-installed images im not doing the cobbler stuff ;)
<RoAkSoAx> zul: lucky you :P
<uvirtbot> New bug: #817665 in samba (main) "cannot print to a printer shared from a windows 7 host" [Undecided,New] https://launchpad.net/bugs/817665
<lifeless> SpamapS: woo - lucene/solr projects merged upstream
<lifeless> SpamapS: finally clarity about which front-end is blessed
<SpamapS> lifeless: sweet!
<hallyn> zul: hey, i'd like to pound on one of the uec systems to try and reproduce jdstrand's kvm corruption bug.  any particular systems you're nto suing right now?
<hallyn> adam_g: hggdh: Daviey ^
<adam_g> hallyn: im not using anythinhg now
<hallyn> adam_g: thx
<hallyn> (gotta recover my sshconfig first anyhow :)
<sw0rdfish> hey
<sw0rdfish> anyone know anything about mysql
<SpamapS> sw0rdfish: yes.. what do you need to know?
<sw0rdfish> SpamapS,  if I use --skip-grant-tables ....it wont require authentication by users as long as mysqld is running right? so if I restart mysqld that should solve the problem then? :D
<sw0rdfish> use that to start mysql I mean
<sw0rdfish> I just need to reset my passwd
<SpamapS> sw0rdfish: yes
<sw0rdfish> "mysql --skip-grant-tables" says unknown option
<sw0rdfish> wait....I gotta use mysqld
<sw0rdfish> SpamapS?
<SpamapS> sw0rdfish: you can just add skip-grant to /etc/my.cnf I think
<SpamapS> sw0rdfish: then when you're done remove it and restart again
<sw0rdfish> oh I see
<hallyn> adam_g: is there any list of which ones are in use, that you know of?
<sw0rdfish> sounds good man thanks will do it now :D
<adam_g> hallyn: as far as i know, no. its all handled here between zul and hggdh
<hallyn> feh
<hallyn> all the systems are on, so i'm afraid of touching them :)
<CrazyGir> does ufw know about interfaces?
<sw0rdfish> SpamapS, when it comes to web servers which one is better/easier do you think for ppl knew to these things nginx or apache2
<CrazyGir> like, can I say, allow any port on lo but default deny on eth0
<SpamapS> sw0rdfish: to do what things?
<sw0rdfish> well I'm just learning php
<sw0rdfish> so not big things obviously
<SpamapS> CrazyGir: man ufw, it discusses how to bind rules using 'in on eth0' or 'out on eth0' .. search for the word interface
<sw0rdfish> SpamapS? :)
<sw0rdfish> wait a minute how do I even set that option
<CrazyGir> ah, I was looking for specific examples, did not read closely enough
<CrazyGir> is there anything wrong with: ufw allow all in on lo ?
<jdstrand> CrazyGir: not needed
<jdstrand> CrazyGir: ufw already handles lo by default (see /etc/ufw/before.rules)
<CrazyGir> jdstrand: how do you mean? lo is implicitly allowed?
<CrazyGir> ah
<CrazyGir> odd, something else must be wrong then :P (I thought my default deny was causing too many problems for lo)
<jdstrand> CrazyGir: sudo ufw allow OpenSSH ; sudo ufw enable <- (or similar) is typically all you need. ufw makes several decisions for you to makes sure reasonable things just work
 * jdstrand heads out
<WG1337> Hi! I have ubuntu x64 server, but one server plugin requires GLIBCXX_3.4.14, but gcc -v shows I have 4.4.3. What can I do?
<chrislabeard> hey guys, I just got a full db dump from one of my servers how can I now import that into dev server?
<chrislabeard> The file is a little too big to use phpmyadmin too
<chrislabeard> so I was gonna try and do it using the terminal
<PrickelPit> mysql -u<dbuser> -p <dbname> < dump.sql
<chrislabeard> Its a ton of databases though
<chrislabeard> so do I jsut take out dbname
<PrickelPit> you got to manage tons of dbs without knowing such simple basic stuff?
<chrislabeard> yep
<chrislabeard> google
<chrislabeard> lol
<chrislabeard> I know I'm an idiot
<sw0rdfish> hey guys
<sw0rdfish> how do I completely kill mysqld
<CrummyGummy> pkill -9 -f mysql
<CrummyGummy> well -9 is only if it's being stubborn. You should just be able to usr stop mysql
<CrummyGummy> any ideas if/how it is still possible to boot to root user from grub in ubuntu without a password?
<CrummyGummy> rescue still asks for one.
<photon> CrummyGummy: there should be a root rescue mode. at least there is for me.
<CrummyGummy> photon: yes, its still asks for a password.
<photon> weird.
<CrummyGummy> After some googling it seems that editing the boot line and adding single would do it.
<CrummyGummy> I can't really test atm though.
<CrummyGummy> meh
#ubuntu-server 2011-07-30
<WeisseWaschbaer> hey... I opened visudo and it came out with a nano interface.... how do i make it use the vi's or vim's interface?
<shauno> WeisseWaschbaer: it should honor the VISUAL envar
<WeisseWaschbaer> shauno: i feel helpless on nano
<shauno> WeisseWaschbaer: heh, I understand.  if you do something like sudo EDITOR=vim visudo, it should wise up
<shauno> (and may be worth adding EDITOR to your environment, so that everything knows you're not at home in nano)
<WeisseWaschbaer> shauno: thanks
<yakster> hello all...
<yakster> anyone here good with /var/www?
<yakster> seem to have an issue with case sensitive URL's
<yakster> ok....... quiet...
<yakster> ok....gone...
<yakster> guess everyone is sleeping...
<chrislabeard> how can I remove zentyal?
<DormantOden> Hello, when I transfer large files (1GB) to my raid 5 they become slightly corrupted. Does anyone have ANY ideas as to why this might be happening?
<DormantOden> Its stressing me out...
<qman__> DormantOden, if your drives are 1TB+, you could be getting silent data corruption
<qman__> it simply happens, you have to deal with it in other ways
<qman__> make sure your drives check out first with the SMART data
<Martyn> qman: Silent data corruption?  That's pretty rare...
<Martyn> qman : Unless there's a known firmware defect in a specific drive...?
<qman__> with today's drive sizes, it's actually pretty common
<qman__> most people just don't notice
<qman__> I've had a few video files suffer by it
<qman__> though a consistent, reproduceable result would mean something else is going on
<FernandoTertiary> hola, it appears since the recent update the destop environment has reverted to a more aged version
<bazhang> FernandoTertiary, on a server?
<FernandoTertiary> bazhang: the machine is operating Ubuntu 11.10
<bazhang> FernandoTertiary, server has no desktop
<FernandoTertiary> bazhang: the machine is using gnome 3
<bazhang> FernandoTertiary, support for 11.10 is in #ubuntu+1 , at any rate.
<FernandoTertiary> bazhang: it appears the to be operating 11.04 Natty Narwhal
<bazhang> FernandoTertiary, not with gnome3 its not.
<FernandoTertiary> though there was a recent update & the desktop reverted
<bazhang> FernandoTertiary, unless you used the unsupported PPA.
<FernandoTertiary> Natty Narwhal is not gnome 3 yet?
<bazhang> nope
<FernandoTertiary> what is the desktop environment specification for Natty Narwhal
<FernandoTertiary> ?
<bazhang> unity / classic  /  for server ---> nothing
<FernandoTertiary> perhaps the unity was reverted to classic?
<bazhang> FernandoTertiary, you installed server?
<FernandoTertiary> just Natty Narwhal & the updates. The machine has been operating for months
<bazhang> FernandoTertiary, so why ask in the -server channel?
<FernandoTertiary> ah, forgive. was to the impression the server channel pertained the repository information
<bazhang> FernandoTertiary, what does lsb_release -a say in the terminal
<FernandoTertiary> No LSB modules are available.
<FernandoTertiary> Distributor ID:	Ubuntu
<FernandoTertiary> Description:	Ubuntu 11.04
<FernandoTertiary> Release:	11.04
<FernandoTertiary> Codename:	natty
<bazhang> FernandoTertiary, and you installed gnome3?
<FernandoTertiary> rather have researched gnome environments & supposed Ubuntu was using gnome 3
<bazhang> okay, it's not. stay clear of the PPA for it.
<xibalba> does anyone use ubuntu for opensips?
<FernandoTertiary> xibalba: you mean "OpenSims"?
<xibalba> negative, opensips, the call routing platform
<FernandoTertiary> ah, comprehended *smiles*
<xibalba> whats opensims?
<xibalba> a video game?
<FernandoTertiary> xibalba: kinda video gaming. OpenSims is a interactive metaverse community platform
<FernandoTertiary> OpenSims is the opensource version for SecondLife type communities
<xibalba> oh
<xibalba> opensips is for voip stuff
<FernandoTertiary> xibalba: phone service specifically, or phone line communications similar dsl, etc.?
<FernandoTertiary> is voip specifically for just "voice" or potentially more?
<xibalba> i want to use it for doing some call routing infront of freeswitch boxes and media relaying, so i can vitualize the freeswitch boxes.
<Guest75493> Can you please help me setting up wifi on ubuntu server?
<Dr4g> He guys, please help: root@AllTheBestBuys:/etc# mysql --user=root -p
<Dr4g> ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
<Dr4g> root@AllTheBestBuys:/etc# service mysql start
<Dr4g> start: Job failed to start
<Dr4g> mysql.sock doesn't exist
<oCean> Dr4g: what  does dpkg -l | grep mysql  output?
<Dr4g> oCean: yeah i sorted it
<Dr4g> i deleted that server from rackspace cloud and made a new one :P
<oCean> ah, ok.
<Dr4g> the apt-get install messed something up
<Dr4g> its ok this time
<oCean> happy mysql'ing then
<Dr4g> :) ty
<koolhead17> kim0:
<shan> I have installed ubuntu-server-10.04
<shan> I have installed ubuntu-desktop in it.
<shan> When the login screen is displayed it says mode not supported.
<shan> I need to change the resolution of the login screen, how do i do it?
<KGB_plague> hi all , is their a way to host a VPN service for a friend whos living in a city near by ? , he ping me 10ms , but when he tries to ping the game server i play in , he pings it 150ms which i ping it 30 , i want him to connect through me with a VPN connection so he can ping 30+10 = 40ms to that server. any idea?'s im using Ubuntu Gnome Desktop , is it compulsory to use ubuntu server for such situtation?
<shauno> KGB_plague: nothing's compulsory.  you can install server components on desktop if you wish, and desktop components on server.  which you pick mostly changes what you get out of the box, not what you can do with it
<KGB_plague> is their an APP to help me out shauno or should this be done by the hard way
<shauno> KGB_plague: there may be an easy way.  I haven't found it yet :(
<KGB_plague> shauno, then il idle here , if some1 may help , please PM me thanks , im off for some work il be back home in2hours
<JamesG> hey guys
<JamesG> looking for a little help?
<JamesG> Where would the HDD be mounted in an openvz set up?
<JamesG> I can't find it anywhere
<Stava> I already asked this in #debian but im actually on a ubuntu server so i'll paste it here
<Stava> I want to append the output of "df -h" to syslog in my cron job, so that it will be sent to my mail by logwatch (i have zz-disk_space disabled). How should I do this?
<Stava> I tried "df -h | logger" but then each line will appear as a separate entry in /var/log/syslog
<RoyK> Stava: I'd recommend using something like nagios/icinga instead, so that you don't need to read the logs all the time, but rather get an alert if something's wrong
<RoyK> there are several tools out there to alert you when something goes wrong, reading daily emails to sort out server health was something people did in the ninetees
<Stava> :O
<Stava> I'll check those out then
<RoyK> we're using icinga
<RoyK> a nagios fork
<Stava> How does it work?
<RoyK> it schedules checks for all sorts of services and if one fails, it sends you an email
<RoyK> basically
<Stava> Kind of like tiger?
<Stava> http://www.nongnu.org/tiger/
<RoyK> that seems more like a security tool
<RoyK> icinga/nagios has checks like check_disk to check for fill, check_tcp to probe tcp ports, check_http to check a webserver etc
<RoyK> Stava: https://www.icinga.org/ <-- check the demo page
<Stava> I will
<RoyK> it also kees track on statistics, so that you can show your boss 99,lots% uptime etc :)
<Stava> awesome
<Stava> so this demo page is a web interface, thats a part of icinga i assume
<RoyK> yes
<Stava> which could run on apache?
<RoyK> configuration is done in text files, the web gui is for viewing and some tweaks
<RoyK> I think standard install is for apache, yes, but it could run on anything, really
<Stava> could several servers share the same icinga interface?
<RoyK> we have ~140 servers in our icinga install
<Stava> impressive
<Stava> i'll definitely try this out
<RoyK> check out #icinga if you have specific questions about it - the standard install (apt-get ...) should give you a basic overview
<RoyK> erm - seems icinga isn't in Lucid
<RoyK> so either use nagios (same thing, only looks a bit crappier), or use a newer distro version, or build icinga from source (a bit more hassle, but it should work)
<RoyK> I'd recommend using a dedicated machine for this, if you can spare one (an old pc should do fine). that way, the monitoring machine won't be affected if others die, so that it can monitor everything
<Stava> Will I need some sort of client software on the other servers?
<RoyK> depends what you want to check - for windows machines, nsclient++ is a good choice
<RoyK> btw, seems there are packages here http://security.ubuntu.com/ubuntu/pool/universe/i/icinga/
<RoyK> for unix machines, I ususally just use ssh-based checks
<RoyK> create a user 'icinga' (or something) on each machine, create ssh keys on the icinga box, copy those so you can ssh from the icinga user on the monitoring machine to the clients without a password, and then setup ssh-based checks
<RoyK> otherwise, use NRPE - it's lighter and better for large setups with thousands of machines, but then again, it's another piece of software and ssh-based checks aren't that heavy - our icinga box sits spending about 3% cpu (on two cores)
<RoyK> and that's with about 140 hosts and a total of 500 services
<Stava> there are only 3 servers for now, but its supposed to be scalable
<RoyK> for <= 100 servers, even an 5YO PC should do well
<RoyK> it's rather light
<uvirtbot> New bug: #605871 in rrdtool (main) "[needs-packaging] rrdtool 1.4.4" [Wishlist,In progress] https://launchpad.net/bugs/605871
<RoyK> damn - I made an error on the wiki - isn't there a rollback possibility?
<tmcneal> Hey all, question about the ubuntu server ec2 images.. was wondering how you all configure new ubuntu instances once you bring them online.. I know some other AMIs allow you to pass a script via the 'user-data' param when you start the instance, but it seems ubuntu AMIs don't support this
<Daviey> tmcneal: they do.. you probably want to use cloud-init
<Daviey> tmcneal: https://help.ubuntu.com/community/CloudInit
<tmcneal> cool thanks
<Daviey> np
<Weisse> .part
<TuxBrother> what is so special about UEC?
<TuxBrother> what is it? A web interface? Application Virtualisation? VDI?
<Shapeshifter> How do I configure a new daemon to be run at boot? In my case it's vmware. start vmware says start: Unknown job: vmware although /etc/init.d/vmware exists and works. Any help?
<StevenR> Shapeshifter: the vmware service isn't an upstart job, so the start/stop commands won't work. You can still add it to start on boot using update-rc.d
<Shapeshifter> StevenR: mhh, I just realized that it does work. it was an unrelated problem
<StevenR> ok
<uvirtbot> New bug: #753308 in lxc (main) "Restart containers on upgrade" [High,Incomplete] https://launchpad.net/bugs/753308
<uvirtbot> New bug: #818617 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/818617
<JoeCoder> I'm using the open source cloudfuse project to mount rackspace cloudfiles into a folder on my machine.  But after every reboot I must run "modprobe fuse" and "cloudfuse /mount/point".  What is the proper way of making these happen automatically?
<KGB_plague> please PM me if theirs an APP to host a VPN server guys , my friend pings the game server that we play in 150ms , but I ping the game server 30ms , however my friend pings me 10ms from hes home to my home , so i would like to host a VPN server for him so he can be routed to me to join the game server with 40ms instead of 150ms ( 10ms to me + 30ms from me to game server = 40ms for him )
<Devo-Kun> JoeCoder: /etc/modules has the names of modules to load at boot time. You can add fuse to there and then add a line to /etc/rc.local with your cloudfuse command
<bhook> anyone around?
<pmatulis> bhook: yes, there are 292 people in this channel
<guntbert> pmatulis: after  3/4 hours that was not very convincing :-))
<bhook> yeah... been a while since I heavily used IRC... I forgot the standard was to ask a question then check the logs a day later
<Myrtti> lol
<bhook> it seems that the official image in the UEC store is requiring a fsck run on first boot because the image was created so long ago. Would there be a way to get this corrected in the official image in the store?
<Daviey> bhook: What image are you using?
<bhook> 10.04 LTS out of the store
<Daviey> bhook: what is the serial number?
<bhook> hrm... let me check
<bhook> grrr.... I hate this
<Daviey> bhook: you probably want: https://cloud-images.ubuntu.com/lucid/current/lucid-server-uec-amd64.tar.gz
<bhook> I'm running Ubuntu in a VM rather than native on this laptop... everything is so much more difficult to do
<bhook> Daviey: yeah, I know I can get more recent images
<Daviey> bhook: I fear the image store isn't up to date.
<bhook> Daviey: but... why?
<bhook> I guess if the store is controlled by the Eucalyptus team then it isn't really ubuntu's problem
<bhook> but it just seems silly to have everything out-of-date
<Daviey> bhook: It's not controlled by euca, it's controlled by canonical.
<bhook> The store is?
<Daviey> yah
<bhook> okay, then it makes even less sense why it is out of date
<Daviey> bhook: The team that maintained the store was not the server team.  Raising a bug would help. :)
 * Daviey afk's
<yakster> hello all
<yakster> anyone here good with /var/www?
<jmarsden> yakster: /var/www/ is a directory -- how can anyone be good or bad with a directory?
<yakster> referencing the capatalization of URL's so it dosent matter, ie www.mysite.com/Welcome.html or /welcome.HTML....
<yakster> if I don't type the URL in exactly, including case, i get 404 errors
<yakster> anyone?
<yakster> ok, guess not... thanks
#ubuntu-server 2011-07-31
<pukeko> hi all - i want to tunnel an rdesktop over ssh but my sshd runs on a non standard port whats the syntax for this please ?
<jmarsden> pukeko: add -p YOURPORT  to the ssh command that will do it for an sshd on the standard port.
<Delerium_> pukeko, check this: http://www2.informatik.hu-berlin.de/~jbirkhol/rdesktop-math.html
<Delerium_> pukeko, and add the -p swtich for your sshd port
<pukeko> hmm ok cool ... what if the rdesktop is also on the sshd ( example a VM host ) ?
<Delerium_> pukeko, can you describe the network flow please? (ie: Client -> sshd (port?!) -> where the rdesktop server is / where the rdesktop client is...
<pukeko> brb
<pukeko> ok...server which is a VM-Host runs sshd -p 8165, i want to connect to a VM running in the same box via rdesktop port 3389  ( over the ssh connection/tunnel )
<Coder7> ssh -p 8165 -D 8080 <user>@<vm-host-IP-address>
<Coder7> if your rdesktop supports a socks proxy
<Coder7> otherwise: ssh -p 8165 -L 8080:<vm-host-IP-address>:3389 <user>@<vm-host-IP-address>
<Coder7> first one sets up a socks proxy on local port 8080. Second sets up a local tunneled port forward on 8080
<pukeko> 2nd looks good to me...
<pukeko> brb
<pukeko> coder7: think i'll have to check my sshd_config  : )
<Coder7> why?
<Coder7> pukeko: if you can ssh into it, then your config should be fine
<pukeko> may have some things turned off
<pukeko> BBL
<owen1> I use alternate cd (rescue mode) to install ubuntu. here is the error i get: 'An error occured while mounting the device you entered for your root file system(/dev/sda1) on /target. please check the syslog for more information'.  here is the last part of my syslog: http://pastebin.com/iAqPQRjG
<owen1> here are some errors I see there: FATAL: Module ext2 not found. and this one: umount: can't umount /target: Invalid argument
<Coder7> owen1: you used rescue mode to install? huh?
<owen1> Coder7: i tried rugular cd but it just froze
<Coder7> owen1: okay, but you still can't use rescue mode to install
<Coder7> owen1: you use the alternate CD, that's fine, but you use it in install mode
<Coder7> owen1: it has been a while, but iirc the alternate cd just runs the install without loading the Gnome desktop
<Coder7> owen1: rescue mode will not work on a machine that has never had ubuntu successfully installed
<owen1> Coder7: oh.
<owen1> Coder7: every time i try regular install. the cd rom spinns for a minute but than stopps
<Coder7> owen1: there are probably some boot options you can pass to get the disk to boot on your hardware
<Coder7> owen1: what version of ubuntu
<Coder7> ?
<Coder7> owen1: and what kind of hardware?
<owen1> Coder7: it's a an old sharp - http://pastebin.com/8A6urLcw
<Coder7> owen1: and which version of ubuntu?
<owen1> Coder7: your advice was great. i tried the regular install option and it works. i guess i had to be patient.
<owen1> it's not the latest so i might need to slowly upgrade, or burn the latest cd.
<owen1> i guess when it's done i should install xubuntu-desktop or whatever desktop environment i want.
<owen1> i wonder if it comes with xorg.
<Coder7> owen1: I was actually going to recommend you NOT run the 11 series
<Coder7> I've had a horrible time with it... 10.04 LTS seems better supported
<owen1> Coder7: ok. thanks!
<Coder7> I just downgraded my cloud after a week of having absolutely no luck with 11.04
<owen1> Coder7: xubuntu or ubuntu, server or desktop?
<Coder7> owen1: for me? ubuntu server
<owen1> Coder7: what issues did u have with 11.04
<bkerensa> Hi All
<bkerensa> :)
<erichammond> bkerensa: 'lo
<bkerensa> erichammond: Hi :)
<KGB_plague> please PM me if theirs an APP to host a VPN server guys , my friend pings the game server that we play in 150ms , but I ping the game server 30ms , however my friend pings me 10ms from hes home to my home , so i would like to host a VPN server for him so he can be routed to me to join the game server with 40ms instead of 150ms ( 10ms to me + 30ms from me to game server = 40ms for him )
<bkerensa> KGB_plague: Did you need some help? There are quite a few VPN solutions available depending on your needs and preference
<KGB_plague> bkerensa, im in the UAE , i have VPN solutions for Europe , but the case is not for Europe ,  the case is for joining a game server to india , its a diffrent story , theirs no VPN solution to india , luckily the game server provider have made dedicated routing to my ip address and thats why i ping it 30ms from my home , sadly Dubai pings it 150 , im in Abu Dhabi , however Dubai pings Abu Dhabi 10ms , so the only solution is if i host a VPN serve
<KGB_plague> r for my friend to connect through me to join the game server , i know how VPN works because i have purevpn to play WOW in European servers with 150ms instead of 350ms , this case is not the issue , the case i need is the question i mentioned above
<nickmoeck_> KGB_plague: OpenVPN might be suitable for your needs
<KGB_plague> i need a GUI app for Gnome Desktop ubuntu which i can make a use of in an easy environment , like running a dedicated server of Quake3 forinstantce or Counterstrike , so people can use the service easily by opening a VPN client connection from their windows and connect through me when i enter the settings from the GUI server VPN like user abc pass abc then < my ip >
<KGB_plague> nickmoeck_, i have tried Teamviewer VPN GUI which is built in the software sadly it uses a VPN server from Teamviewer then to me instead of me being the server for the client
<nickmoeck_> KGB_plague: OpenVPN is my recommendation.  It's secure, reliable, and pretty easy to set up. Unfortunately, I don't think there's actually a GUI for it - I know I've never used a GUI for it.
<bkerensa> KGB_plague: I concur with nickmoeck_'s suggestion OpenVPN is a good choice.
<KGB_plague> nickmoeck_, if i do a VPN server with OPEN VPN software , will it let my friend connect to OPEN VPN server < IP > then from their to my < server > ? that adds extra ping dont u think?
<bkerensa> KGB_plague: Yeah the way your explaining things it would seem VPN would potentially add latency to the equation unless I'm misreading
<KGB_plague> sorry coz i used teamviewer and it have put my homes down in understanding how the system works
<KGB_plague> hopes*
<KGB_plague> i mean when i host OPENvpn server , my computer must connect to the OPENVPN corporation  server? and when clients like my friend trying to connect through me , they have to bypass through OPENvpn corporation server then to my openVPN server?
<nickmoeck_> KGB_plague: OpenVPN is a VPN program that you run on a computer that you own/operate. You install OpenVPN, and they install OpenVPN, and they connect from their computer directly to yours
<KGB_plague> <3
<bkerensa> KGB_plague: OpenVPN is a application which you run and then a client connects via the VPN
<nickmoeck_> There's no central server that they have to go through like with Teamviewer
<bkerensa> yep
<KGB_plague> nickmoeck_, thanks , i got brainwashed abit from my phobia and stressing nerves when trying softwares that all failed to correspond my idealogy which is logical as you mentioned thankyou =)
<bkerensa> KGB_plague: I honestly thing you will add more latency to the equation unless you reduce hops and latency somehow by using the VPN? My experience has been that bandwidth is pretty low quality in India so it could just worsen the latency you are already encountering
<KGB_plague> il test it out =) and Thanks alot , btw i am from UAE and from time to time ,i have small tasks for my HUBANME? community theirs no site right now , HUBANME? means HUB-Asia)_N_(MiddleEast , if your interested please add me , the tasks are some programming / game scanners etc..
<KGB_plague> bkerensa,  i ping india game server 30ms from my home im on fibreoptics 50MB line , my friend is on Fibreoptics 16mb and hes a city beside Abu Dhabi which he ping me 10ms , however my friend pings india server 150ms , so if he pings me 10ms he goes throguh me then gets my 30ms that i ping to that server which is 10 + 30 = 40ms
<bkerensa> KGB_plague: In that case VPN could/should reduce latency for you
<KGB_plague> u get my point , i am paying 200$ a month for dedicated routing from the game server GSP to my ip
<bkerensa> yeah
<KGB_plague> and whenever my ip changes i just sms them my new ip and they update it for me=)
<KGB_plague> thanks bkerensa
<bkerensa> KGB_plague: No problem
<bkerensa> Good night all
<KGB_plague> gn
<proliant> ehy anyone stay on line ossia cÃ¬Ã¨ qualcuno ?????
<Corey> !it | proliant
<ubottu> proliant: Vai su #ubuntu-it se vuoi parlare in italiano, in questo canale usiamo solo l'inglese. Grazie! (per entrare, scrivi Â« /join #ubuntu-it Â» senza virgolette)
<proliant> I speack english also I need support about linux ubuntu server edition 8.04 lts I install the OS now I have the command line at the start-up... The question is which is the command for install a graphic user interface ?????  for example gnome
<Corey> That's not really a part of Ubuntu server; ask in #ubuntu
<IdleOne> sudo apt-get install ubuntu-desktop
<IdleOne> Corey: he is banned in #ubuntu
<IdleOne> for ban evasion no less
<Corey> IdleOne: Ban status in other channels doesn't change the purpose of this one. :-)
<IdleOne> Corey: true
<IdleOne> so now that he has the command to install a GUI he should be all set and not have any other questions in here
<oCean> !google | oCean
<ubottu> oCean, please see my private message
<g0t_> Results for | oCean on Google:
<g0t_> --
<bugbrains> i am getting 502 gateway time-out when installing any packages using ubuntu 10.04 server
<bugbrains> both apt-get and aptitute
<johndoe273> hello
<johndoe273> folks
<johndoe273> kurze frage
<johndoe273> kann man durch apt oder aptitude die quelle eines bestimmten pakets ermitteln
<johndoe273> hab kurz gegugelt, jedoch nichts gescheites gefunden
<bugbrains> ubuntu 10.04 server lucid
<bugbrains> error when installing any packages using aptitute or sudo apt-get
<johndoe273> what kinda error?
<bugbrains> 504 gatway time -out
<johndoe273> have you checked your connection
<johndoe273> does pinging work
<johndoe273> ping google.com or whatever works?
<bugbrains> yes i can access server from my room remotely
<bugbrains> and server is also up
<johndoe273> so lan is okey
<johndoe273> but have you tried ping from your server
<bugbrains> yes
<johndoe273> and its ok?
<bugbrains> ping google.com is working
<johndoe273> aptitude update?
<bugbrains> 1 min
<bugbrains> it s saying waiting for headers and finally same error
<johndoe273> and both of them do have the same issue?
<johndoe273> apt-get and aptitude?
<bugbrains> yes
<johndoe273> hmmm
<johndoe273> any firewall running somewhere
<johndoe273> on the machine or on the lan?
<bugbrains> not in my server
<bugbrains> lan may be i am not sure
<bugbrains> but before i installed packages using apt-get from server
<bugbrains> but it was karmic
<johndoe273> ok
<bugbrains> after upgrading to lucid i cant install any..
<johndoe273> do you have iptables running on your server?
<bugbrains> yes
<johndoe273> did alleady disable it for a check?
<bugbrains> can you tell me how
<johndoe273> #/etc/init.d/iptables stop
<bugbrains> done
<johndoe273> and now aptitude update
<bugbrains> sudo: /etc/init.d/iptables: command not found
<johndoe273> it seems to work different on debian/ubuntu
<johndoe273> try the following
<johndoe273> http://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-linux/
<johndoe273> look for other systems
<johndoe273> there you have debian/ubuntu
<johndoe273> do the steps one after another
<johndoe273> hey guys
<johndoe273> anyone knows how i can find out the source of a specific package in ubuntu
<bugbrains> jhondoe273: did u mean dpkg -L gedit
<bugbrains> i stopped iptables and done aptitude update but same error
<bugbrains> hey johndoe273: i solved it changed the proxy settings in /etc/apt/apt.conf
<bugbrains> you quick and nice help is appreciated
<args[0]> Hi, I have a VPS server running ubuntu 10.04, having some problems with PHP.. i installed it but doesnt seem to run from /var/www, no idea why, hope somoneone can help, thanks!
<dyingprism> is there a website other than browsershots.org that i can use to quickly check if my site is working externally?
<StevenR> args[0]: what did you install?
<args[0]> StevenR: LAMP server
<args[0]> LAMP*
<ChmEarl> args[0], pastebin grep -ir php /etc/apache2/*
<args[0]> ChmEarl: http://pastebin.com/XPS9dDbd
<ChmEarl> args[0], you have no default site configured here: /etc/apache2/sites-available/default
<ChmEarl> args[0], you have php turned on for ssl and https
<args[0]> ChmEarl: actually it just worked, created a test.php file and it did output the phpinfo()
<args[0]> what do you mean by default site? isn't var/www the default location?
<oCean> args[0]: don't crosspost in multiple channels
<args[0]> oCean: no one answered here at first
<oCean> you took a whole of 4 minutes to wait for an answer.
<oCean> don't crosspost, it's simple
<args[0]> Maybe minding your own business is simpler for both you and me
<args[0]> I'd like to stream my own music from my VPS, any software recommendations? thanks
<Jare> args[0]: ampache
<StevenR> args[0]: I use MPD
<args[0]> Jare: does ampache play FLAC?
<args[0]> MPD does
<bkerensa> args[0]: Did you get your apache issue sorted?
<args[0]> bkerensa: yes, I did thanks for asking
<bkerensa> Excellent :)
<args[0]> StevenR: does MPD work fully from CLI?
<args[0]> StevenR: I just have ubuntu server cli installed on my vps
<StevenR> args[0]: I think there are CLI control programs, though you can run the control program on your desktop
<args[0]> StevenR: what is a good control program for MPD?
<StevenR> args[0]: I use GMPC
<StevenR> and vlc to listen to the http stream on my laptop
<args[0]> StevenR: thank you
<Jare> args[0]: yes it does and it can do realtime transcoding too. The web-ui flashplayer supports only mp3 though..
<args[0]> I have a 256MB RAM VPS, can it handle it? Jare StevenR
<StevenR> you'll have to try it :) (it's really quite simple to set up).... make sure you look at how much bandwidth you're using (I only use it over LAN, so I haven't looked to closely at how much BW is used)
<Jare> dunno. Why not just try it? It's only a package of PHP scripts
<qman__> if it's all php, then it will
<qman__> because by default PHP only has 16MB to work with
<args[0]> qman__: oh ok, thanks for your input
<args[0]> im already over 70% of RAM, will try it out
<StevenR> args[0]: I don't think mpd is php
<qman__> yeah, it probably isn't
<qman__> wasn't following the whole conversation
<Jare> well i was talking about Ampache, mpd is a totally different thing
<qman__> still, decoding music isn't exactly a memory heavy operation
<args[0]> qman__: but I will be working with FLAC files which are huge and have high bitrates
<qman__> yes, but it doesn't load the whole file into memory to decode
<qman__> it buffers it
<args[0]> StevenR: qman__: Jare: can I use just mpd and grab stream with VLC?
<StevenR> you'll need a control application too
<args[0]> StevenR: to control the stream..
<StevenR> to control playback, like pausing, etc.
<StevenR> changing track
<args[0]> FLAC files will be saved on server but can be seen using the control to choose what to play on buffer, is that it?
<yann_> Hello! I've got a server whose clock appears to be "stuck", it litteraly goes from 19h08m36s to 19h08m42s and then back to 19h08m36s in some sort of eternal loop (turned ntp off to make sure that wasnt making it crazy)  http://pastealacon.com/28212
<yann_> any idea warmly welcome, this won't work too well with samba&ad integration :(
<RoyK> yann_: a VM?
<yann_> not even
<RoyK> is ntp installed and setup correctly?
<yann_> had ntpd yeah, actually noticed the error when nagios suddenly notived me of a 1300sec clock drift...
<RoyK> which check did you use for that?
<yann_> uh, can't remember
<yann_> but even an inappropriate check won t make the clock go backwards will it... :/
<JanC> sounds like multiple things trying to set the time?
<RoyK> no, just curious
<yann_> mmh restarted the box now it's stuck, great
<yann_> RoyK, give me 2secs I ll find out
<RoyK> yann_: what does hwclock have to say?
<yann_> check_ntp_time
<RoyK> k
<RoyK> thanks
<RoyK> didn't know that one
 * RoyK reconfigures Icinga
<yann_> RoyK, > I'm afraid we'll have to guess blind now :( machine down, won't come up again, and got no ilom on this, so will have to wait for tomorrow and someone nice enough to press the button :(
<RoyK> what happened?
<yann_> stupid windowsy reflex I guess, tried to reboot it to see if that would fix it :/
<yann_> I ll keep that as a proof that usually in unix world, rebooting actually makes things worse
<RoyK> usually it doesn't
<RoyK> if the box didn't come up, then it smells to me like hardware failure
<RoyK> at least if you didn't change anything
<RoyK>  20:21:53 up 573 days,  3:38,  1 user,  load average: 0.09, 0.11, 0.04
<skx> hey, are there any decent irc services (anope, atheme...) available in the repositories or from a trusted ppa for maverick and up? atheme was available for lucid but now it's gone
<yann_> oh well at least it'll make a point to my argument that boxes over 10 years should be replaced...
<RoyK> heh
<yann_> although this one might not be that old :)
<RoyK> yeah
<RoyK> we had an old SPARC machine from 1999 or so, dual 360MHz CPUs
<RoyK> when it eventually died after a power failure, we were quite happy to replace it :)
<yann_> got servers from 2001 with win2k powering our active directory :/
<RoyK> hehe
<qman__> yeah, something like that, I'd definitely say hardware failure
<qman__> clocks don't just do that for no reason
<qman__> might be some weird hardware bug too
<qman__> time overflow
<RoyK> huh?
<RoyK> it's not 2037 yet
<dominicdinada> quick question, where in mysql is the settings to allow remote hosts to access the server.... i have a laptop and i had it set to the old laptop IP but since then my laptop ip has changed and i am unable to login
<RoyK> bind-address in /etc/mysql/my.cnf
<RoyK> and then you need to grant blah to blah@somehost identified by 'password';
<RoyK> for a developer/admin, grant all to blah...
<RoyK> that is, for a developer, grant all... for an admin grant all to user@somehost identified by 'password' with grant option;
<dominicdinada> RoyK:  All my confs are gone
<dominicdinada> i cant login from any of the machines, this is a headless server :/
<RoyK> dominicdinada: erm - what happened?
<dominicdinada> RoyK: nothing really
<dominicdinada> just havent logged in in along time hmm
<dominicdinada> RoyK: it must be to do with phpmyadmin
<draik> Hello everyone. I installed apache and php on my desktop so I can test something, but now want to remove it. I went through the process of removing and purging the apache2, apache2.2-common libapache2-mod-php5 packages, but I still have the configs.
<draik> How do I completely remove apache2 and PHP?
<RoyK> dominicdinada: phpmyadmin doesn't have rights to touch what's under /etc/mysql
<RoyK> draik: the usual way is apt-get remove --purge
<RoyK> draven: but it may leave some config files behind - those won't hurt much, though, and you can just delete them manually
<draik> RoyK: I did that with apt-get and aptitude. Says it is removed, but configs are still lingering.
<RoyK> they probably won't fill up your disk :P
<draik> Oh, OK. I will just remove them
<draik> I didn't want to brick the desktop in removing a crucial library or something of the sort.
<RoyK> draik: check if you have packages like mysql-common installed
<RoyK> -common packages may contain those config files
<dominicdinada> RoyK: right but i have no access to phpmyadmin
 * RoyK has no idea
<RoyK> nite, guys
<lifeless> SpamapS: in your lxc branch...
<lifeless> +N  ensemble/providers/common.py.THIS.THIS
<lifeless> +N  ensemble/providers/lxc.py
<lifeless> +N  ensemble/providers/tests/test_common.py.THIS.THIS
<lifeless> SpamapS: I think that that is unintentional :P
<draik> Any issue with nuking /etc/apache2 and /etc/php5 ?
<ikonia> yes
<ikonia> draik: they are important
<draik> This is on my desktop and I'm not using them. It was just to test something.
<ikonia> draik: why don't you just remove the packages
<draik> I did
<Daviey> draik: try purging
<draik> Did that, too
<draik> apt-get and aptitude
<nigelb> then nuke away (after taking a backup of course)
<Daviey> draik: apt-get remove --purge apache2 (or variant) )should remove the confs.
<draik> Daviey: Keyword there is "should"
<draik> But it didn't :(
<draik> I also just removed apache2 from rc.d
<draik> update-rc.d -f apache2 remove
<nigelb> wait, did you install those with apt-get ?
<draik> Yes
<Daviey> draik: If it didn't, then it's a bug. :)
<lifeless> SpamapS: ping
<lifeless> SpamapS: the storage-directory param to lxc probably wants a sane-default.
<lifeless> SpamapS: (or to be listed in optional)
<uvirtbot> New bug: #819040 in lxc (main) "cannot find archive-keyring making onieric guest" [Undecided,New] https://launchpad.net/bugs/819040
<uvirtbot> New bug: #819044 in puppet (main) "puppet in natty can't enable services" [Undecided,New] https://launchpad.net/bugs/819044
#ubuntu-server 2012-07-23
<halvors2> I have a problem with "iface eth1 inet6 dhcp" in my config. It's not getting an IPv6 address. How can i figure out what's wrong?
<patdk-lap> log files :)
<halvors2> What log files?
<halvors2> /var/log/syslog?
<qman__> dmesg, probably
<halvors2> hmm.
<halvors2> Can't find anything wrong...
<halvors2> ''
<qman__> try ifup -v eth1
<halvors2> What does -v?
<qman__> verbose
<halvors2> Got IPv6 address on my lan using "iface eth1 inet6 auto". Now i'm trying to get one from my isp (dhcp) with "iface eth1 inet6 dhcp" but can't obtain one...
<halvors2> qman_: Any ideas?
<halvors2> qman_: When i do "ifup eth1" i get the error message: error: "net.ipv6.conf.eth1.accpet_ra" is an unknown key
<halvors2> Anyone knows what's wrong?
<uvirtbot> New bug: #1003305 in postfix (main) "package postfix (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Medium,Expired] https://launchpad.net/bugs/1003305
<halvors> I run a dhcp server (isc-dhcp-server) on eth0, this works fine, when plugging in a pc, it obtain an ip address. But now i'm trying to implement vlans.
<halvors> I have the vlan10 interface, wich have the ip address 172.16.10.1, my problem now is then i not set an ip address on eth0 but use vlan10 for this instead, and changing the listen interface for isc-dhcp-server to vlan10. I no longer obtain an ip address. :( Anyone knows why?
<redactd> anybody had problems with postfix not sending emails that are digitally signed in thunderbird?
<redactd> if i send a signed email it just sits in the queue if i send one thats not signed it gets sent (and received) straight away
<redactd> this is to a test email address the server is also running postfix
<uvirtbot> New bug: #1027764 in nova (main) "API 'v1.1/{tenant_id}/os-hosts' does not return a list of hosts " [Undecided,New] https://launchpad.net/bugs/1027764
<uvirtbot> New bug: #1027765 in php5 (main) "package php5-mysqlnd 5.4.4-1ubuntu1 failed to install/upgrade" [Undecided,New] https://launchpad.net/bugs/1027765
<wizonesolutions> Hmm, if I run a cloud image locally with KVM (https://help.ubuntu.com/community/UEC/Images#Ubuntu_Cloud_Guest_images_on_Local_Hypervisor_Natty_onward), how do I control the hard drive space allocated to each? I'm basically just virtualizing a couple other boxes, so I don't need it to be flexible or cloud-like.
<wizonesolutions> Oh, I see, I can pass <size> in qemu-img create
<wizonesolutions> Maaaaaan, this bridged networking thing for VMs. I still don't get how to actually get the VM to see the host. I've got the bridge on the host set up. It gets hazy from there. Anyone know any good resources with clear use cases and the commands to run for those?
<wizonesolutions> huh. the cloud images want me to have a physical display, and just sorta disappear into nothing when I pass -curses and I can't SSH into them.
<wizonesolutions> oh, I guess maybe they take a bit to provision or something
<uvirtbot> New bug: #1027823 in nagios3 (main) "defining a service with parameters leads to errors is service is remote" [Undecided,New] https://launchpad.net/bugs/1027823
<eagles0513875_> hey guys im working with a virtualbox vm of 12.04 and i added a new hard disk and i need to have it mount on start up and im having one hell of a time getting it setup :( how do i determine the disk's uuid
<SimonUK> Hi everyone.  I have a quick question about the difference between tasksel and apt-get install ItemName^  -  what's the correct procedure here - just go ahead and ask in the open channel ?
<halvors> I installed dibbler-client, now i don't need it anymore. But the configuration files is still there...
<halvors> What should i do?
<kaney> hi, could anyone point me in the right direction with a stupid network problem please ?
<SimonUK> kaney I'll try...
<kaney> thanks, 2 servers with 2 bonds working correctly, bond0 = 192.168.0.x, bond1 = 10.0.0.x.  I can ping the internet and each 192 addr but can not get it to route across bond1 for internal :(
<SimonUK> that's not really a stupid question, it's an advanced one!  Out of my league, but hopefully someone here will respond !
<kaney> ok thanks, centos 6.3 just does it, for some reason ubuntu doesn't
<kaney> i'll ask in #ubuntu as well
<SimonUK> yeah I've found it very quiet in this forum for some reason.  Am asking my own questions in #ubuntu too.
<redactd> kaney, are you trying to setup internet connection sharing?
<redactd> does anyone know a fix for postfix and openssl 1.0.1 in precise? getting heaps of tls errors
<kaney> no it will be an active/active samba
<redactd> hmm sorry i can't help you with that
<kaney> i have no idea why it wont do it, centos 6.3 just works :(
<zul> good morning
<stgraber> hallyn: around?
<hallyn> stgraber: yup
<stgraber> hallyn: one little inconsistency I just noticed is that you need to set_config_item("lxc.network.type") but get_config_item("lxc.network"). Would it make sense to instead change that to set_config_item("lxc.network")?
<cybermarce> hola
<hallyn> stgraber: sure  (yeah that one did look odd to me before)
<hallyn> stgraber: i will leave lxc.network.type as working (bc that works through the generic parsing code)
<hallyn> and just special case 'lxc.network' in set as an alias to lxc.network.type
<stgraber> hallyn: cool. That'll make my Container.network implemention a bit less hackish :)
<stgraber> hallyn: ok, no problem with keeping lxc.network.type working
<hallyn> does get_item(lxc.network.type) work?
<stgraber> hallyn: nope
<stgraber> hallyn: getting False
<hallyn> stgraber: oh wait
<hallyn> stgraber: 'get_config_item("lxc.network") ' shows all the nics...
<hallyn> stgraber: 'get_config_item("lxc.network.0.type") gives veth
<hallyn> and you set 'set_config_item("lxc.network.0.type") right?
<hallyn> so a 'set_config_item('lxc.network") would only make sense if it created a new array of nics
<hallyn> i think i'm confused about what you want
<hallyn> can you give me a pastebin of what you want (vs what you currently get)?
<stgraber> hallyn: oh, I see... for some reason I assumed I couldn't use "lxc.network.X" until X was first defined (by adding it to .type)
<hallyn> you mean network had been defined in config, but lxc.network.0 didn't work?
<hallyn> or was network empty?
<hallyn> stgraber: (just checked, yeah that works for me)
<stgraber> hallyn: nope, there's nothing to fix, it was just me assuming I would be able to do set_config_item("lxc.network.1.type", "veth") as I only had one entry in lxc.network
<hallyn> cool
<hallyn> maybe it would seem semantically cleaner to add a 'add_nic('veth')' wrapper to the api
<stgraber> the python API will have that
<stgraber> that's what I'm implementing now
<stgraber> container.network.add(type), then container.network[index].property = value
<alex88> what's the equivalent of /etc/ld.so.preload in ubuntu?
<stgraber> hallyn: hmm, how do I remove a network? :)
<stgraber> I vaguely expected clear_config_item("lxc.network.X") to work, but that's not the case here.
<xnox> stgraber: just switch off the router
 * xnox hides
<hallyn> stgraber: i'ts supposed to.  lxc.network.X should call the lxc_clear_nic() fn.  what actually happens?
<hallyn> oh i think i see
<hallyn> stgraber: do the nic settings get cleared?
<hallyn> but the nic sticks around?
<stgraber> hallyn: I don't have settings on the nic yet (working on that), but the nic is still listed in lxc.network at least
<hallyn> right
<hallyn> oh wait
<hallyn> stgraber: heh, yes i was only supporting 'lxc.network.0.ipv4' (and ipv6)
<hallyn> stgraber: you wanted to only 'clear' lists right?
<hallyn> it's not hard for me to make that work, but will we make it semantically inconsistent with what you originally wanted?
<stgraber> hallyn: I can't remember asking for clear to only clear lists explicitly, so I'm definitely happy with it clearing whatever key it's being passed (whatever the type)
<hallyn> stgraber: pushed.  untested atm
<stgraber> hallyn: cool. I'll test in a few minutes/hours
<stgraber> hallyn: http://paste.ubuntu.com/1106744/
<uvirtbot> New bug: #1027719 in glance (main) "glance-client package has incorrect description" [Undecided,Confirmed] https://launchpad.net/bugs/1027719
<hallyn> stgraber: looks good
<adam_g> zul: what did you use to generate the git commit list thats in the changelog for first batch of openstack SRUs? do you have any easy way to re-generate based on the current delta between our package and tip of stable/essex?
<zul> adam_g: i stuck something in debian/bin to make life a bit easier
<jcastro> smoser: hey did you know you can configure gsutil for both s3 and the google thing? I didn't know it did s3
<zul> adam_g: for nova at least
<adam_g> zul: oh cool
<smoser> jcastro, google storage provides s3 compatible api
<smoser> but i guess i didn't realize that that was what gsutil would have been using.
<jcastro> yeah but I was like, using the tool to copy things back and forth from s3 to GS
<jcastro> it's just nice, one tool for 2 storage solutions
<hallyn> hm, i'm confused.  an m1.medium amazon instance should have a 400G vdb right?
<RoyK> hallyn: heh - ask amazon ;)
<hallyn> smoser: ^
<smoser> hallyn, whats in a name?
<smoser> it wont be named vdb
<smoser> but you should have a second disk attached that is ~ 400G, yes.
<hallyn> i can't find it ;)
<hallyn> udisks can't find it
<hallyn> lemme try blindling mknod'ing
<smoser> cat /proc/partitions?
<smoser> hallyn, i suspect you're seeing this
<smoser> http://ubuntu-smoser.blogspot.com/2011/02/getting-ephemeral-devices-on-ebs-images.html
<hallyn> smoser: http://paste.ubuntu.com/1106804/
<hallyn> smoser: i've never had this happen before (but i dn't usually use sid either)
<smoser> sid?
<smoser> rad that article.
<smoser> the ami is probably not registered to get you that.
<RoyK> btw, xvda - isn't that xen?
<smoser> xvdX is xen, yes.
<hallyn> feh
<hallyn> ok thanks
<smoser> hallyn, you do point out a bug/assumption in ubuntu-ec2-run
<smoser> it assumes you get the first one, so it doesn't explicitly add '--block-device-mapping' for ephemeral0
<hallyn> smoser: ok, i jsut created an hand-attached a volume :)  thanks.
<smoser> hallyn, you could have just re-launched with --block-device-mapping
<smoser> the difference is the one you get "for free" is not EBS backed.
<smoser> which means faster (likely)
<jibel> jamespage, did you change the configuration of precise-server-ec2-daily on the internal jenkins recently ?
<jibel> like Friday ?
<uvirtbot> New bug: #1028074 in maas-enlist (main) "Duplicate MAC address in enlist command if multiple NIC's on the server" [Undecided,New] https://launchpad.net/bugs/1028074
<uvirtbot> New bug: #1028068 in maas "Enlistment failure leaves node in cobbler, not in MAAS" [Undecided,New] https://launchpad.net/bugs/1028068
<r3dLunchb0x_> using ubuntu server 11.04, server was rebooted, no default route came up with network. I checked /etc/network/interfaces and the "gateway 192.168.1.1" line is there
<r3dLunchb0x_> anything else I need to chekc
<jamespage> jibel - yes I did - I added the proposed testing
<jamespage> it checks stuff in proposed as part of the daily tests - we had a kernel regression that I'm sure you are aware of
<r3dLunchb0x_>  using ubuntu server 11.04, server was rebooted, no default route came up with network. I checked /etc/network/interfaces and the "gateway 192.168.1.1" line is there anything else I need to check?
<patdk-wk> that is the whole file look like?
<patdk-wk> what does :)
 * patdk-wk can't think and type at the same time
<r3dLunchb0x_> patdk-wk: it has the l0 and eth0 interfaces.
<r3dLunchb0x_> read somewhere that file shouldn't be touched.
<patdk-wk> yes, believe everything you read on the internet
<r3dLunchb0x_> lol
<r3dLunchb0x_> just wondering why after a reboot that my default route didn't show up. I am scheduling a reboot tonight to make sure it does, yet I wanna make sure everything is there for it to work.
<patdk-wk> like I said, I can't see your interfaces file, so I dunno
<r3dLunchb0x_> where should I put it? pastebin.org?
<patdk-wk> if yo uwant
<r3dLunchb0x_> patdk-wk: here it is http://pastebin.com/8ueKWUpz
<patdk-wk> odd
<jibel> jamespage, that'd be it; the publisher is going mad again. It really dislike changes to matrix jobs and returns 404 for some ec2 builds during publication. I'll fix it. thanks!
<jamespage> jibel, ah - sorry
<jamespage> feel free to disable the matrix plugin if that is the case
<r3dLunchb0x_> patdk-wk: what's odd?
<patdk-wk> nothing is wrong with it
<r3dLunchb0x_> is there something else I could check. Don't want to stay late to perform a reboot and it NOT work... ;-)
<jibel> jamespage, the problem is not the matrix plugin but publisher. I think I'll replace it with some rsync+inotify and everyone will be happy.
<hallyn> ahs3: got a working package for netcf 0.2.0 for sid.  Still doing some testing, hoping to get you a package by tonight
<hallyn> (building libvirt with it atm)
<ahs3> hallyn: sweet.  thx, dude
<K4k> Hey, I've been banging my head against this for a few hours now and I'm about to throw it out (the web application, not Ubuntu). I've got php5, apache2 and mysql-server all installed. I've setup the database for the web application and given the relevant information to the db config file for the application. It's still just displaying a blank page when I enter the URL, however. Permissions appear to be fine as well. Is there anything you have to do (su
<uvirtbot> New bug: #1020267 in python-pytyrant (universe) "[MIR] celery, pyparsing, python-cl, python-gevent, python-mailer, python-pytyrant, python-redis" [High,In progress] https://launchpad.net/bugs/1020267
<ewook> K4k: have you verified that the account you assigned your webapp has the correct permissions?
<RoyK> K4k: possibly not an ubuntu thing - probably a thing for the web app you're using ;)
<K4k> granted all on the database
<K4k> RoyK: I'm thinking you might be right. It's Lessn, if you're familiar with it, a basic url shortener
<K4k> the Readme seemed straight forward enough, but it keep presenting a blank page
<ewook> K4k: how did you create the user?
<K4k> CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
<K4k> GRANT ALL PRIVILEGES ON db.* TO 'user'@'localhost';
<ewook> K4k: cool. then yes, I'd blame Lessn :)
<K4k> :(
<K4k> boo
<ewook> K4k: just verify that you've set the correct configs.
<K4k> got a really neat domain name today to use as my personal url shortener.
<K4k> ewook: well, the interesting thing is that I've had to go through the php code and re-write some of it :/
<K4k> the config dir is "-/"
<K4k> which was giving me issues
<K4k> so I changed it to "c/"
<K4k> and had to go find all calls to "-/" and change to "c/"
<K4k> I'm thinking it's just shoddy code anyway
<Skaag> weird issue here. I run apachetop -f access.log but the interface is unresponsive. I have to ctrl-c out of it.
<Skaag> usually the keys respond, such as ? and "f", but nothing is happening. The time at the top does increase, but it's like it's choking on somehting...
<uvirtbot> New bug: #1028130 in python-pytyrant (universe) "should use Architecture: all" [Undecided,New] https://launchpad.net/bugs/1028130
<r3dLunchb0x_> how do i install firefox on a server for users to access?
<ewook> K4k: looking at it myself atm. it's ... messy.
<ewook> r3dLunchb0x_: apt-get install firefox and allow X11-forwarding.
<r3dLunchb0x_> ewook: as supuser or as the user who wants to use it?
<ewook> r3dLunchb0x_: the installation needs to be performed as a superuser.
<ewook> r3dLunchb0x_: as does the X11-forwarding for SSH in the sshd config.
<K4k> ewook: yea, I've re-read the README and found that I somehow nuked the .htaccess file but after re-extracting the zip it's still failing
<r3dLunchb0x_> ewook: I think I already have the X-11 forwarding, just wanted to make sure about the user installation. Thank you, I'll give it a shot really quick and let you know how it goes.
<ewook> r3dLunchb0x_: no worries. gl.
<ewook> K4k: mhm. I'm going through the code atm :p.
<K4k> well, let me know if you see anything glaring that I'm not seeing which would cause an issue. I don't claim to be a php expert but from what little I know it all seemed in working order
<r3dLunchb0x_> ewook: worked like a charm. thank you. thought it would be that simple but been surprised before with Ubuntu! lol
<ewook> r3dLunchb0x_: I know, it's very nice when it just works ;)
<r3dLunchb0x_> ewook: yeah.
<ewook> K4k: I'm no php expert either, but just the thing with his "-" causes me headache.
<K4k> yea
<K4k> anytime I wnt into that dir I have to change the name because I can mv it but I can't cd
<xr1rr> trying to generate a CSR cert with OpenSSL but its only giving me a private key not a private rsa key.. any ideas or help
<K4k> and it's not permissions related. I just 777'd the whole thing, same results
<hallyn> ahs3: well, libvirt seems broken on sid, i can't run it even on stock updated sid, so i couldn't test with that.
<hallyn> ahs3: but http://people.canonical.com/~serge/netcf3/netcf_0.2.0-1.dsc  is testing nicely for me
<kuul> Hi, Iam trying to install ubuntu 12.04 server onto microSD card but the installer cannot find the disk.. how ever when i try desktop version it install on microSD card just fine. Is there some driver i should load for the server from desktop?
<hallyn> jamespage: ping
<jamespage> hey hallyn
<hallyn> jamespage: sorry, i know you've explained it before,
<hallyn> but what does "Provide a test to check the status of the VM after upgrade (nested VM's): TODO" mean?  :)
<jamespage> hallyn, I think it relates to nested KVM testing
<jamespage> hmm now I'm thinking about it I can't remember
<jamespage> if it was that
<jamespage> must have been
<hallyn> so we set up a vm,
<hallyn> we do an upgrade,
<hallyn> and we want a way to verify that it was successful?
<K4k> ewook: are you kidding me? I think it was simply related to missing php5-mysql... grrr
<ewook> K4k: hahahaha
<ewook> K4k: you're right! I don't have that on the server I tested it on either :p
<ewook> *_*
<K4k> @_@
<hallyn> jamespage: unfortunately i don't think i was at that session, so the only thing i remember is asking before during team mtg...
<jamespage> hallyn, I ran it and I can't remember specifically what we discussed
<ewook> K4k: good spot, thanks :p
<K4k> 4 hours well spend @_@
<jamespage> hallyn, it relates to "- Upgrade of server running existing VM's to latest development release"
<jamespage> so its actually a - run a server; create some vm's, upgrade the server and prove the VM's  are still working
<jamespage> if that makes sense
<hallyn> jamespage: solve the halting problem?
<hallyn> :)
<hallyn> but ok, so we don't run upgradein the guests, rather we upgrade the host and check whether vms still run?
<jamespage> hallyn, I think so - do you think it adds value?
<hallyn> yeah...  the things i'd most want checked may not be feasible,
<hallyn> but we coudl at least set up a guest which just shuts itself down;  if it doesn't halt after 1 min we call it bad
<jamespage> hallyn, its probably worth checking in with jibel as I think he has the other part of that test setup
<jamespage> "[jibel] Add a profile to auto upgrade testing  to support VM upgrade testing (nested VMs)"
<hallyn> although it almost seems like i'td be better to add this as a funky nested testcase to the qa-regression-testing for libvirt
<hallyn> I assume you mean not just kvm, but a full libvirt-qemu setup
<hallyn> jamespage: ok, maybe in august i need to take a week or half-week to dive deeper into both this and the lxc-testsuite junit xml output (translated: but the bejeezus out of you about howto)
<jamespage> hallyn, sounds good
<jamespage> it might be a good idea to agree some overall objectives for automated testing and engage the QA team as well
<jamespage> so everything hangs together...
<ahs3> hallyn: cool.  i've picked up the netcf bits.  i'll see if i can get them uploaded in the next couple of days
<hallyn> ahs3: one upcoming update:  I'm re-doing the manpage.
<hallyn> (which currently isn't there)
<ahs3> hallyn: nod.  good idea.
<hallyn> ahs3: i'll send it uptream for comment before I put it in the package (unless you want to see now what it'll look like)
<ahs3> hallyn: hrm.  nah, if you and upstream agree, that's the key point for me
<hallyn> ahs3: ok do you want me to wait to upload the package with the manpage until I hear back from upstream?
<hallyn> ahs3: well, i've pushed it to http://people.canonical.com/~serge/netcf4/netcf_0.2.0-1.dsc, so you have your pick :)
<hallyn> gnight
<glosoli> hey, I am checking if x11-common should be installed by default or shouldnt ? I tryed installing some dependencies for OpenERP and it f*** up all the server for me, init.d scripts are mad and not working
<glosoli> :/
<glosoli> http://dpaste.org/Jx03V/ anyone had similar problem ? I get that error always even trying to install any package and etc
<pmatulis> glosoli: what does this give you?  'apt-get -f install'
<glosoli> http://dpaste.org/uSt8v/
<pmatulis> glosoli: how did you get like this?  provide some *detailed* history/context
<glosoli> pmatulis: I got into installing some dependencies for my OpenERP, probably there was some dependencie mismatch and I stupidly rant something like autoremove which removed x11-common at first place and from that on I seem like having no solution for fixing up things and couple of websites down on my fault :/
<glosoli> tbh I think it was python-pydot package which rant me into the conflicts at first
<pmatulis> glosoli: i don't understand 'got into installing some dependencies for my OpenERP'.  what command(s) did you use?
<pmatulis> glosoli: apt should take case of dependencies
<pmatulis> *care
<glosoli> pmatulis:  http://www.theopensourcerer.com/2012/02/how-to-install-openerp-6-1-on-ubuntu-10-04-lts/ this tutorial shows all the commands I used, but as I said installing some packages gave me error and I probably rant carelessly apt-get autoremove
<glosoli> pmatulis: it all started from something like this: http://dpaste.org/wqYCt/
<pmatulis> glosoli: so you never got to step #5?
<pmatulis> glosoli: everything installed was a genuine ubuntu package?
<glosoli> pmatulis: there were things installed from PyPi
<pmatulis> glosoli: well
<glosoli> pmatulis: So probably not, I got into all steps, just went back when I got errors from OpenERP whcih were likely of some package missing so I started checking
<pmatulis> glosoli: i don't know then, you are using non-standard python libraries and you downloaded something with wget.  it's hard to get help on these kinds of blunders
<glosoli> pmatulis: yeah, understandable, thanks anyway :)
<pmatulis> glosoli: if you just started out i recommend re-thinking your approach
<glosoli> pmatulis:  nah I had setupped same system on older ubuntu versions before using same tutorial
<glosoli> :)
<pmatulis> glosoli: ok, guess you finally got bit
<genii-around> glosoli: Does the /tmp directory exist on your machine?
<glosoli> genii-around: what theâ¦ hmmm strangely no
<glosoli> genii-around: how could I get it back ?
<genii-around> glosoli: mkdir /tmp
<genii-around> ( since you're already using root anyways )
<pmatulis> glosoli: you removed your /tmp directory?
<glosoli> pmatulis: nooo...
<glosoli> genii-around: still same problem
<glosoli> :)
<genii-around> Hm
<glosoli> yeah big hmm :/
<uvirtbot> New bug: #1028182 in openssh (main) "ssh connection failure error message confusing when talking to dual IPv4/6 host" [Undecided,New] https://launchpad.net/bugs/1028182
<genii-around> glosoli: The tempnam manpage says it looks for TMPDIR value. I would suggest to try: TMPDIR=/tmp && export TMPDIR   .. then see if -f install completes
<glosoli> same error
<genii-around> glosoli: I'm out of immediate ideas on it then.
<glosoli> doh probably I will save some time if I start reinstalling server...
#ubuntu-server 2012-07-24
<glosoli> oh I reinstalled server one thing I releasied
<glosoli> what can be wrong with not getting auto complete ?
<ewook> glosoli: ie no tab completion with bash?
<glosoli> yes
<ewook> type bash
<ewook> and try again
<ewook> if it doesn't work, somehow your default bash-settings doesn't contain auto completion.
<glosoli> it kinda works, but won't autocomplete for words like apt-get install for install exactly
<glosoli> probably because of root ?
<ewook> install shouldn't be covered by completion. it's part of input to the command, not a command.
<ewook> I might be wrong.
<ewook> I am wrong
<ewook> that's plain weird.
<ewook> (not being wrong, but the completion not working)
<glosoli> ewook: hah ok
<uvirtbot> New bug: #1028204 in apache2 (main) "/etc/apache2/sites-available/default-ssl contain a regex error at line 169" [Undecided,New] https://launchpad.net/bugs/1028204
<uvirtbot> New bug: #1028207 in openssh (main) ""launcher icon size is fixed":" [Undecided,New] https://launchpad.net/bugs/1028207
<edgy> hi, how can I tell whether the installed OS is ubuntu server or ubuntu desktop?
<glosoli> dpkg -l | grep gnome
<glosoli> :)
<edgy> glosoli: but may be whoever installed it, didn't install gnome or just removed it, can't I tell from the kernel or something?
<glosoli> edgy: sorry might be not :)
<glosoli> not sure
<edgy> ok let me explain my problem
<edgy> I noticed in my desktop when a kernel update is available, a file /var/run/reboot... is created, now in my server I don't get that file so I don't know when to reboot, I thought may be the server does it in a different way
<glosoli> wha can be the problem that apache won't start after reboot
<qman__> edgy, if you installed a kernel update, you need a reboot
<qman__> by default, a simple apt-get upgrade will not update the kernel
<edgy> qman__: there unattended-upgrades that can boot and i am going to try it
<redactd> fyi, the problem i was experiencing yesterday with signed mail not being sent and the tls errors etc was due to our cisco firewall. changed this to be less restrictive and mail is flowing smoothly now :_)
<patdk-lap> oh, the evil dns and smtp *fixup*
<uvirtbot> New bug: #1003230 in vmbuilder "--version causes type error" [Medium,Confirmed] https://launchpad.net/bugs/1003230
<uvirtbot> New bug: #994843 in openldap (main) "package slapd 2.4.25-1.1ubuntu4.1 failed to install/upgrade: ErrorMessage: subprocess new pre-installation script returned error exit status 1" [Undecided,Expired] https://launchpad.net/bugs/994843
<uvirtbot> New bug: #994992 in samba (main) "Samba not working in Nautilus" [Undecided,Expired] https://launchpad.net/bugs/994992
<uvirtbot> New bug: #996294 in openssh (main) "package ssh-askpass-gnome 1:5.9p1-5ubuntu1 failed to install/upgrade: ErrorMessage: dependency problems - leaving unconfigured" [Undecided,Expired] https://launchpad.net/bugs/996294
<uvirtbot> New bug: #997159 in samba (main) "package samba 2:3.6.3-2ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Low,Expired] https://launchpad.net/bugs/997159
<uvirtbot> New bug: #999153 in openldap (main) "package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,Expired] https://launchpad.net/bugs/999153
<uvirtbot> New bug: #999485 in openldap (main) "package slapd 2.4.25-1.1ubuntu4.1 failed to install/upgrade: ErrorMessage: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ Ð½Ð¾Ð²ÑÐ¹ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ pre-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,Expired] https://launchpad.net/bugs/999485
<uvirtbot> New bug: #1000090 in cyrus-sasl2 (main) "package libsasl2-2 2.1.25.dfsg1-3ubuntu0.1 failed to install/upgrade: libsasl2-2:amd64 2.1.25.dfsg1-3ubuntu0.1 cannot be configured because libsasl2-2" [Undecided,Expired] https://launchpad.net/bugs/1000090
<uvirtbot> New bug: #1000362 in samba (main) "package winbind 2:3.6.3-2ubuntu2.1 failed to install/upgrade: aliprosessi installed post-installation script palautti virhetilakoodin 1" [Undecided,Expired] https://launchpad.net/bugs/1000362
<uvirtbot> New bug: #1001420 in samba (main) "package samba 2:3.6.3-2ubuntu2.1 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurÃ¼ck" [Low,Expired] https://launchpad.net/bugs/1001420
<uvirtbot> New bug: #1001645 in samba (main) "package samba 2:3.6.3-2ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Low,Expired] https://launchpad.net/bugs/1001645
<uvirtbot> New bug: #1001792 in backuppc (main) "didn't upgrade properly -package backuppc 3.2.1-2ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Expired] https://launchpad.net/bugs/1001792
<uvirtbot> New bug: #1002521 in samba (main) "package samba 2:3.6.3-2ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Expired] https://launchpad.net/bugs/1002521
<uvirtbot> New bug: #1002658 in samba (main) "package samba 2:3.6.3-2ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Low,Expired] https://launchpad.net/bugs/1002658
<uvirtbot> New bug: #1003113 in samba (main) "package samba 2:3.6.3-2ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Low,Expired] https://launchpad.net/bugs/1003113
<uvirtbot> New bug: #993394 in samba (main) "package samba-common 2:3.6.3-2ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,Expired] https://launchpad.net/bugs/993394
<uvirtbot> New bug: #993581 in samba (main) "package samba 2:3.6.3-2ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Low,Expired] https://launchpad.net/bugs/993581
<uvirtbot> New bug: #993957 in samba (main) "package winbind 2:3.6.3-2ubuntu2.1 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,Expired] https://launchpad.net/bugs/993957
<uvirtbot> New bug: #994830 in php5 (main) "package libapache2-mod-php5 5.3.10-1ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,Expired] https://launchpad.net/bugs/994830
<genii-around> Holy crap bug-bot!
<uvirtbot> New bug: #1024010 in maas-enlist (main) "[SRU] After Commission Action 2 no longer exists" [Critical,Fix released] https://launchpad.net/bugs/1024010
<uvirtbot> New bug: #1028268 in facter (main) "Bareword dns domain makes facter return incorrect info" [Undecided,New] https://launchpad.net/bugs/1028268
<jibel> jamespage, do you mind if I kill the job natty-server-ec2-daily ? it's been running for 22h
<jamespage> jibel, not at all
<jibel> ta
<uvirtbot> New bug: #1028280 in openssh (main) "sftp remoteserver "ls -l" error" [Undecided,New] https://launchpad.net/bugs/1028280
<jibel> jamespage, there is a problem with automated tests of the latest server images. I filed bug 1028301
<uvirtbot> Launchpad bug 1028301 in debian-installer "Quantal Ubuntu Server - sources.list only contains cdrom entries after a preseeded installation" [Undecided,New] https://launchpad.net/bugs/1028301
<jibel> manual installation works fine
<jamespage> jibel, thanks for letting me know
<jamespage> jibel, I normally do a 'call for testing' email to ubuntu-server around about now - are the server ISO images in a good state for testing?
<jamespage> manual testing that is....
<jibel> jamespage, I did a couple of manual installations on amd64 (default install, LVM) and excepted this bug the new squashfs install seems to be working
<jamespage> jibel, is there a good source of information about the squashfs install that I could reference - it will be of interest to people testing.
<jibel> jamespage, the best place would be thetech overview but there is nothing there. Daviey would know
<jamespage> Daviey, ^^  info re squashfs install for call for testing alpha3?
<Daviey> I will add something to that
<Daviey> But really, people shouldn't need to notice the difference
<Daviey> other than slightly faster install
<Daviey> One think roaksoax will be best tasked to do i think, is provide a preseed for netinstall that uses squashes
<jamespage> Daviey, do the existing automated test cases which use preseeding need to be updated then?
<Daviey> jamespage: Should be unimpacted
<Daviey> jamespage: but seems not
<Daviey> jibel / jamespage: do you have capacity to look into failing jenkins?
<jamespage> Daviey, jibel already raised a flag about that - see backlog
<jibel> Daviey, [11:05] <jibel> jamespage, there is a problem with automated tests of the latest server images. I filed bug 1028301
<uvirtbot> Launchpad bug 1028301 in pkgsel "Quantal Ubuntu Server - sources.list only contains cdrom entries after a preseeded installation" [High,Fix released] https://launchpad.net/bugs/1028301
<jamespage> 'Copying data to disk' - nice
<jamespage> jibel, are we waiting on a re-spin to resolve that then?
<koolhead17> hello all
<jamespage> hey koolhead17
<jibel> jamespage, we are
 * koolhead17 bows to jamespage 
<koolhead17> Daviey: i need my cookies
<jibel> right after next publisher run which should happen in less than 15 minutes
<koolhead17> jamespage: howdy?  that hadoop charm was for presentation by mark i guess at oscon
<jamespage> koolhead17, I think m_3 used the stock hadoop charm from the charm store - not sure would have to check
<jamespage> its the one we used for scale testing during UDS Q
<koolhead17> jamespage: well juju is awesome
<koolhead17> :)
<jamespage> jibel, I'll do the call for testing once thats working again
<koolhead17> BTW i missed all folks during OSCON
<glosoli> how to  make directory writable by webserver ?
<Jeeves_> chown www-data:www-data ${dir}
<glosoli> Jeeves_: thanks
<Jeeves_> Please not that that's not very smart, security wise.
<Jeeves_> But there are no other options
<glosoli> Jeeves_: I understand, it's likely to happen when using something build up on php
<glosoli> :)
<zul> good morning
<glosoli> As far as I understand Devcot is the most proper way of getting IMAP running on Ubuntu Server
<glosoli>  ?
<mardraum> dovecot? it's fine software, but there are a lot of mature imap solutions out there.
<glosoli> mardraum: can you name some ?
<mardraum> nope, use google
<glosoli> mardraum: I did already, checking by priority in Google Search results, Dovecot seems to be the most widely used one
<mardraum> sure, if that's important to you, use it?
<glosoli> ah ok..
<pmatulis> glosoli: dovecot is well liked in the ubuntu community, as is postfix
<glosoli> pmatulis: ok, I like things which are widely used even though sometimes they are not the most proper ones, but it helps getting support more quickly than trying to build  bike from group up
<glosoli> from ground up"
<pmatulis> glosoli: dovecot is a perfectly proper IMAP server and postfix is a perfectly proper MTA
<glosoli> I am not sure what's MTA
<Pici> !mta
<ubottu> A Mail Transfer Agent (MTA) is the server software that sends and queues mail. The default MTA (and !MDA) on Ubuntu is !postfix ("exim" is also officially supported). See also !MailServer and !MUA
<glosoli> Pici: thanks, I always forget there are bots who can answer with proper commands typed
<jibel_> jamespage, quantal server builds are back to normal
<zul> jamespage:  ping so i was thinking about the openstack database migration qa stuff..
<zul> jamespage: so i was thinking something like the following
<zul> jamespage:  compare the database to a previous run of the test, with the current test, if there is changes, restore the old database, update the database and then run the devstack exercises
<m_3> koolhead17: yes, the hadoop charm was the one from the charmstore... lp:charms/hadoop
<koolhead17> m_3: awesome :)
<koolhead17> https://bugs.launchpad.net/openstack-manuals/+bug/1028365
<uvirtbot> Launchpad bug 1028365 in openstackbook "guestmount installation not mentioned" [Undecided,New]
<koolhead17> can anyone tell me if its new dep inside 12.04/essex
<koolhead17> or more about what "guestmount" is meant for
<jamespage> jibel_, \o/
<jamespage> right - everyone test now!
<jamespage> ...
<jamespage> lol
<zul> jamespage: but i am testing! :)
<zul> koolhead17:  its like nbd
<koolhead17> zul: so is it needed as dep with nova ? someone reported sayining nova needed it
<koolhead17> i have asked him about his env
<zul> koolhead17:  no its another option
<koolhead17> https://bugs.launchpad.net/openstack-manuals/+bug/1028365
<uvirtbot> Launchpad bug 1028365 in openstackbook "guestmount installation not mentioned" [Undecided,New]
<koolhead17> i have asked him 4 his env
<jamespage> zul, lemme just send this email and I'll be with you
<zul> jamespage:  no now! :)
<jibel_> jamespage, ouch, minimal server install pulled ubuntu-standard
<jamespage> jibel_: side effect of the installer changes?
<jibel_> likely
<jamespage> Daviey, ^^ poke minimal virtual is very broken....
<Daviey> jamespage: How so?
<Daviey> oh
<Daviey> i see
<jamespage> wrong kernel, wrong modules, wrong base - in fact all wrong!
<Daviey> jibel_: that is something that is reasonable to release note.. i'm not going to bust a gut over that i think
<patdk-wk> *release note* minimal installs have been supersized
<jamespage> disk space is overrated anyway
<patdk-wk> it's more the cron jobs and other stuff though :)
<jamespage> if anyone in channel would like to help with testing ISO images for ubuntu quantal alpha 3
<jamespage> please see https://lists.ubuntu.com/archives/ubuntu-server/2012-July/006359.html
<jamespage> zul: OK - now
 * jamespage reads backscroll
<zul> jamespage: okies
<patdk-wk> getting great speeds right now, no one else download the iso :)
<patdk-wk> ok I'm done :)
<patdk-wk> that was a fast two iso's
<jamespage> zul, that would infer that we care about database migrations on every package update/commit during the dev release?
<zul> jamespage: kind of..i think it more infers that we care if the database schema changes than we care because the database schema doesnt change on every packages commit/update
<jamespage> zul, OK - I think I get it
<jamespage> so we test upgrades *when* a fresh schema is different from the previous tests schema snapshot?
<zul> jamespage:  yeah
<zul> jamespage:  i think that database schema tests can be done on a kvm thingy
<jamespage> zul, how where you thinking of handling creation of the image to then upgrade?
<zul> jamespage:  i was thinking of keeping a sql dump in a bzr branch
<jamespage> ah - one sec - I see - we just install the data snapshot before we try to upgrade
<zul> right
<jamespage> install rather
<jamespage> zul, it works for me
<koolhead17> .0
<zul> jamespage: good because i started writing this up yesterday :)
<jamespage> zul, \o/
<zul> jamespage: just have to do the all in one scripted kvm install
<jamespage> I still need to work on that jenkins/auto package build test stuff
<zul> i totally forgot about that
<koolhead17> zul: so if one runs qemu he needs guestmount i suspect not incase of KVM
<zul> koolhead17: no if nbd fails, it will try using guestmount and if libguestfs is not installed then it will just fail
<jamespage> zul, yeah - I 'forgot' to
<zul> jamespage: heh
<koolhead17> ooh. so running openstack in Qemu will need one of them. i just closed making it invalid for doc as we tested it on KVM :(
<zul> how convient
<jamespage> but I promised I would do it - tracking down test failures in glibc + google-perftools killed my time for a few days....
<uvirtbot> New bug: #1028470 in apache2 (main) "apache2+ssl hangs on high load" [Undecided,New] https://launchpad.net/bugs/1028470
<pmatulis> jamespage: it would be nice if the columns on [1] could be explained.  what do these mean, for the 'amd64 server' row:
<pmatulis> 4/18 (1)2/4 (4)1/1 (1)
<pmatulis> [1]: http://iso.qa.ubuntu.com/qatracker/milestones/226/builds
<jamespage> pmatulis, so 4/18 (1)
<jamespage> 4 tests completed
<jamespage> out of 18 tests in total
<jamespage> with 1 failure
<pmatulis> ah ok
<pmatulis> and the 3 bugs cover those 6 failures?  ideally?
<jamespage> pmatulis, yes - patdk-wk and I overlapped and confirmed each others iscsi test failures
<pmatulis> jamespage: i see, good.  btw, i just fired up a normal and preseed install.  so far so good
<jamespage> pmatulis, +1 and thanks for helping out! much appreciated
<uvirtbot> New bug: #1002111 in nova "iptables being run on a nova-api server" [High,In progress] https://launchpad.net/bugs/1002111
<uvirtbot> New bug: #1028501 in cloud-init "cloud-init selects wrong mirrors for arm" [Undecided,New] https://launchpad.net/bugs/1028501
<uvirtbot> New bug: #1028509 in nova (main) "'nova rescue' fails if an instance image does not have a kernel_id" [Undecided,New] https://launchpad.net/bugs/1028509
<a1fa> has anyone played with vlan trunks to vbox  via ubuntu server?
<gitesh> Hi. I just install ubuntu server 12.04LTS Two days back, here.
<gitesh> The first thing that I wanted to start Internet , I am trying but I couldn't .
<gitesh> Can someone please help me?
<zul> just ask the question
<gitesh> How do I connect ubuntu server to Internet ?
<gitesh> I have wired connection.
<RoyK> gitesh: do you have an ip address set? run ifconfig - then check if you have a default gateway - netstat -rn
<RoyK> check dns config - cat /etc/resolv.conf
<gitesh> Royk. ok, I collect that info. brb.
<RoyK> if all looks well, try to resolv something, like "ping bbc.com" (
<RoyK> not all hosts answer to ping requests - I tried cnn.com first, it doesn't, bbc.com does
<gitesh> I should be master in  server internet configuration. Coz it's first of all thing should be done, i guess.
<Threshold460> hello
<Threshold460> guys what is the server address so i can connect via my client please?
<Thresholder> hello guys i am trying to install ubuntu server and got stuck..anyone could help me out please?
<patdk-wk> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<gitesh> RoyK, I found nothing.
<gitesh> also, for default gateway, netstat -rn : I found an empty table.
<Thresholder> ok sorry...i was trying to install vnc in ubuntu server 12.04 but i didn't exit root as per the guide i'm following and now I get - mkdir: cannot create directory `.vnc': File exists - error
<gitesh> RoyK, also dng config was an emty file.
<Thresholder> This is the guide I am following http://www.torrent-invites.com/seedbox-tutorials/181210-ubuntu-server-w-gui-permenant-auto-connecting-ssh-tunnel-fail2ban-etc.html
<RoyK> gitesh: what do you have in /etc/network/interfaces?
<gitesh> RoyK, just a minute :)
<gitesh> RoyK: about etc/network/interfaces There were two lines : 1>auto lo 2> iface lo inet loopback
<RoyK> og
<RoyK> oh
<RoyK> try adding 'auto eth0' and 'iface eth0 inet static' or with 'inet dhcp' - google for ubuntu network config
<RoyK> gitesh: also - check with ifconfig -a that ubuntu actually sees your nic
<gitesh> Can someone point me somewhere?, I want to learn. gateway , router , etc/
<RoyK> !network
<ubottu> Wireless documentation, including how-to guides and troubleshooting information, can be found at https://help.ubuntu.com/community/WifiDocs
<RoyK> erm
<RoyK> wrong
<RoyK> !interfaces
<gitesh> RoyK: Okay, i do auto eth0.
<RoyK> gitesh: does ifconfig -a show it
<RoyK> ?
<rdw200169> gitesh Linux Routers by Tony Mancill, if you can survive that, you'll never need help again
<RoyK> gitesh: http://kurl.no/XvO7
<gitesh> rdw200169, RoyK. Thanks for your supports.
<gitesh> I will have to check ifconfig -a
<gitesh> rdw200169: 450 pages of pdf  :)
<rdw200169> gitesh aw, c'mon its a good book, Mancill deserves a little cash ;)
<RoyK> you don't need that book to make networking work on ubuntu
<RoyK> a quick google goes a long way
<gitesh> rdw200169: pain, pain. I will read and try directly. need days. Thanks for the link :p
<rdw200169> gitesh all things worth doing are generally difficult
<gitesh> RoyK, ok. Yet.I want for ubuntu only.brb
<gitesh> RoyK: about ifconfig -a , eth0      Link encap:Ethernet  HWaddr 00:15:c5:4a:16:5a
<gitesh> Rx and Tx errors
<RoyK> well, just set a static ip address on that
<RoyK> then test
<gitesh> RoyK: ok. How do I get my static IP?
<RoyK> see above
<RoyK> or google it
<RoyK> like I said
<RoyK> you won't get a tutorial on irc - you might get some good hints, and you may as well get some kicking if you ask too many stupid questions
<gitesh> ok, sorry.
<savid> Is there a way to install third-party nginx modules without rebuilding nginx from source?  Anyone know of any PPA's that include optional third-party modules?
<RoyK> savid: any module in particular?
<savid> RoyK, fancyindex
<RoyK> hm... perhaps http://bit.ly/MUMu8c
<glosoli> I checked webmin isn't in the repos should I use deb package provided by webmin team or use tar gz ?
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<pdtpatrick> Question - anyone having problems with precise using PXE  + preseeding? I have a Dell R410 server with onboard RAID controller. I'm then setting LVM on the mirrored drive via preseed. However, after server finishes and restart, it never boots and gets stuck at initramfs, complaining that it cannot find root filesystem.
<glosoli> !panel
<glosoli> !webpanel
<RoyK> glosoli: hint number one: Learn the commandline - it's not hard, and it will take you a long way, far longer than any web-based admin tool
<glosoli> RoyK: I am not sys admin :) and doing this job not because I want to...
<RoyK> !ebox
<ubottu> zentyal is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/Zentyal (Project formally known as eBox - including in Lucid/10.04).
<genii-around> !ebox
<genii-around> Heh, too slow
<RoyK> :)
<glosoli> can it work with dovecot mess ?
<RoyK> no idea
<RoyK> if you want something easy to manage for email, try zimbra
<RoyK> not supported officially by ubuntu, but works fine if on a separate machine or vm
<glosoli> ah..
<RoyK> just don't mix zimbra with an existing ubuntu install with apache and postfix and all - it's not easy...
<RoyK> glosoli: but then - if you have an ubuntu server, setting up a vm is a no-brainer
<glosoli> RoyK: yeah, well the only thing I am lost at now is dovecot nto being able to find proper documentation of how to create an user, as the project itself of dovecot is bad docummented (I am in risk to be called stupid)
<RoyK> glosoli: the only "hard" part, is to setup a bridge to allow for direct routing, but then again, it's not that hard, just a little fiddling with /etc/network/interfaces
<RoyK> glosoli: dovecot isn't badly documented, but it's documented for sysadmins, which is the bad part
<RoyK> glosoli: do you have a spare ip address on this server?
<glosoli> RoyK: ah yes, it your comment makes more sense, and doesn't hurt them too much :)
<RoyK> glosoli: all sysadmins have been non-sysadmins at some time ;)
<glosoli> RoyK: nah it's container, virtual dedicated server
<RoyK> for use with most stuff, or just the email sever?
<glosoli> well I am studying Software Engineering, sys admining is not meant to be my job, but some experience is good proba ly
<glosoli> RoyK: OpenERP, PHP Webs, Email Server
<RoyK> it definetely won't hurt you...
<rdw200169> glosoli some?  I work with 'developers' all day every day; i write software too, but the sysadmin part is what makes me indispensable
<RoyK> glosoli: ok - setting up a vm on that thing may be a bit hard :P
<RoyK> rdw200169++
<lamont> what zimbra does to the unpublished internals of postfix should never be done
 * RoyK has been a sysadmin for 15+ years
<rdw200169> glosoli just look at the median income for a Senior Linux SysAdmin in the NYC market and compare that with a Java Developer
<glosoli> rdw200169: well depends on company probably, if serious projects I prefer having serious sys admin who does it for life :)
<RoyK> lamont: erm - have they patched it and not released sources?
<bac> hallyn: i have a question about https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/924281 when you have a moment.
<uvirtbot> Launchpad bug 924281 in lxc "cgroup-lite not installable inside 'lxc create -t ubuntu' container" [High,Fix released]
<glosoli> rdw200169: and how does it compare
<rdw200169> glosoli my income is â¦ nice.  very nice.  I have recruiters banging down my door frequently.  I have job security.  Java Developers?  They churn those out by the thousands at every university in the country.  Linux?  Nobody teaches that anymore...
<glosoli> rdw200169: in my college people has linux lectures to be honest
<glosoli> :)
<RoyK> rdw200169: nice as in what?
<rdw200169> glosoli And when I say 'Linux' I really mean 'Unix' and all that.
<lamont> RoyK: ISTR that they just called internal functions in ways that were not nice, and subject to breaking on any point release.
<glosoli> in btw, your income is nice as in what ?
<lamont> though maybe they stopped doing that
<rdw200169> glosoli don't bash the benefits of SystemsAdmin experience; even for a developer its a very very nice bonus
<hallyn> bac: ask away.  (running tests elsewhere, will answer soon)
<glosoli> rdw200169: I don't :) as I said the experience itself is good, but you hadn't said yet how does it compare to java dev salary
<bac> hallyn: the bug is marked fixed release from back around march.  i'm still seeing the exact symptoms and need clarification/advice from you as to if it should be expected to work.
<bac> hallyn: this is with a precise host and a precise container
<rdw200169> glosoli i leave that to your research; the internets are filled with statistical data per region on income and cost of living adjustments
<glosoli> rdw200169: Sys Admin salary median in usa is 72 000  year, for medium developer its 86000 :)
<glosoli> talking about median for medium developer ,not for senior
<rdw200169> glosoli and you're throwing in the regular Sys Admins.  Windows Admins are a dime a dozen.  Focus on Senior Linux Systems Administrator please
<skrite> hey all, i have some quick questions about mysql-cluster. we want to start with three machines, and if one crashes, how difficult is it to set up it's replacement?
<rdw200169> skrite: 1) specify a master with the best write performance. 2) the other two servers should be slaves 3) don't even think about master-master replication scenarios
<skrite> rdw200169: right, but what about mysql-cluster ?
<rdw200169> skrite: ah right
<skrite> rdw200169: i found that master-master was going to create headaches and early graves
<skrite> :)
<rdw200169> skrite: personally i despise MySQL with the passion of a thousand suns; but I digress, Paying Oracle is a mortal sin
<glosoli> rdw200169: still Senior Java developer gets more compared to Senior Linux Admin :)
<rdw200169> skrite: as such, i have no idea
<rdw200169> glosoli: then go be a java developer.
<glosoli> rdw200169: meanwhile doesn't differ to much and I understand your point :)
<hallyn> bac: it's possible that you need to use the apparmor policy taht supports nesting
<hallyn> bac: but, i'd say open up a bug
<skrite> rdw200169: yes, i just have 5 years of code that rely on mysql
<glosoli> rdw200169: I don't do Java lol.. :)  and I don't live in USA :)
<hallyn> bac: oh, yes.  you definately need to use the nesting policy
<rdw200169> glosoli one thing to consider is this new thing called 'DevOps', which is like both in one
<glosoli> rdw200169: I understand your point, don't count me for these who don't value, I value the experience :) But people here in Lithuania where I live thinks sys admining is some easy fun.. so you got paid little for it :)
<bac> hallyn: i'm not sure what that entails.  hint?
<rdw200169> skrite: yeah, i know where you're coming from with that.  MySQL in the Lamp days was an epidemic that has survived into a plague for many operations.  Hence, the whole NoSQL movement to handle massive amounts of overly-relational MySQL data to ease the relational burden
<gary_poster> bac, googled: http://www.stgraber.org/2012/05/04/lxc-in-ubuntu-12-04-lts/
<gary_poster> look for "Container nesting"
<skrite> rdw200169: he he. yeah. i have lots of ideas if i were to build this system again.
<hallyn> bac: sorry, i'm waiting for my laptop to finish updating to see if the new lxc ships with teh policy you need or not
<hallyn> just another min
<stgraber> hallyn: quantal does
<hallyn> stgraber: precise-updates?
<rdw200169> skrite: all things considered, though, since you're using MySQL-Cluster, i've been reading up on the data sheet, and its obvious you get some sort of replicable redundancy, both within the cluster and to another cluster off-site
<gary_poster> stgraber, is the one from your blog post the one we should use in lucid?
<gary_poster> or should we steal from quantal?
<gary_poster> oh
<gary_poster> precise-updates would be cool
<stgraber> we can't really justify introducing a completely new apparmor policy as an SRU
<stgraber> and quantal has a completely different structure for the apparmor profiles
<hallyn> drat, yeah, not in precise-updates
<stgraber> I'm kind of planning to start maintaining an lxc backport in precise-backports once we have the API changes landed in quantal
<hallyn> stgraber: that reminds me, i'm hoping wed night to upload some quantal bugfixes;  if you have anything small you want to queue up in the bzr tree i'll look for that before merging
<gary_poster> ah ok stgraber, hallyn.  So stgraber's blog post is the best source?
<hallyn> gary_poster: yeah
<skrite> rdw200169: mysql and mysql-cluster use the same query language, right? so if there was an ultimate failure, restoring from a mysqldump (or similar) would be possible. This is good. just wondering what goes into recovery because i know that a minimum of three machines are required
<gary_poster> cool, thank you hallyn
<stgraber> so then you'll have the packages in precise-proposed for the fixes without any new feature, and precise-backports for the new cool stuff
<hallyn> stgraber: i suspect most ppl would use backports :)
<hallyn> also might be worth considering a store for container policies
<stgraber> hallyn: make sure to upload to -proposed (alpha3 freeze)
<rdw200169> skrite: one would assume so, but i haven't used it, so i don't know ;)
<skrite> rdw200169: i see, ok, thanks
<patdk-wk> I used to, but too many times it would break me, so I use my own ppa, that I backport to
<hallyn> stgraber: yup
<stgraber> hallyn: yeah, I'm expecting most people will want the new cool stuff, though I know at least some want no risk of regression and stability, so having both -updates and -backports should cover that.
<patdk-wk> also means I keep up with security updates correctly, as backports don't
<hallyn> stgraber's backport will :)
<micahg> well, backports is on by default now, but pinned lower, so it's not all or nothing, you can choose which apps you want from -backports
<hallyn> stgraber: how will you handle the versioning?
<micahg> starting in natty it's pinned lower and oneiric it's on by default
<stgraber> yeah, I'd probably be pushing to -backports instead of my PPA once we start doing that. Currently my PPA is usually 30min or so behind what we push to quantal, so we should be fine for any security/bugfix ;)
<patdk-wk> I'm still on lucid, as precise .1 isn't out yet, and still have upgrade issues
<micahg> stgraber: I think you know enough backporters to push things through quickly if need be :)
<stgraber> hallyn: I'd have to check the backport policies again as it's been a while since I last read them, my guess is <quantal version>~12.04.x or something similar (so much higher than precise but lower than quantal)
<hallyn> ah yeah
<micahg> yep, that's the current versioning scheme
<hallyn> of course you'll have to disable seccomp (and such).  assuming i get that enabled
<micahg> err...~ubuntu12.04.X
<stgraber> hallyn: well, we might be able to backport libseccomp too. Precise's kernel supports seccomp2 right?
<hallyn> no
<hallyn> or if it does, a different api.
<stgraber> ah, that's annoying :)
<hallyn> i *think*.  could be wrong
<stgraber> is libseccomp clever enough to detect kernels that don't support it and deal with that?
<micahg> hrm?  I think it does
<hallyn> well it'll at least return -1 on seccomp_init(0.
<stgraber> if so, we probably should backport libseccomp too, so that when the quantal kernel is backport to precise (as part of the LTS hardware enablement), we get the feature to work for free
<stgraber> *backported
<hallyn> then users just can't enable seccomp through the config.  yeah maybe it's no big deal.
<hallyn> i'm sick of bisecting, btw
<Dulcin> do i have to reboot ufw somehow for ports to become open?
<Dulcin> after adding rules*
<hallyn> Dulcin: did you add rules with the ufw command?  then no, i don't think so
<hallyn> you can confirm with 'iptables -L' which will show the active rules
<hallyn> i'm pretty sure ufw is active as soon as you commit
<uvirtbot> New bug: #1028585 in ipvsadm (main) "Memory allocation problem with ipvsadm" [Undecided,New] https://launchpad.net/bugs/1028585
<jdstrand> Dulcin: 'sudo ufw enable'
<jdstrand> that's it. do that before or after adding commands
<jdstrand> err
<jdstrand> adding rules
<jdstrand> Dulcin: if you edited /etc/ufw/*rules, then you will want to do 'sudo ufw reload'
<Dulcin> hallyn jdstrand, apparently it wasn't ufw acting up, but my mysql my.cnf which only allowed localhost connections
<Dulcin> but thanks for the tips
<jdstrand> np
<jdstrand> gotta listen to connect :)
<skrite> hey all, still reading up on and trying to decide some things about mysql-cluster. what forum would be good to post some basic questions to? i want to know a couple of things before i get started.
<Daviey> adam_g: Happen to have a screenshot of Ubuntu's Horizon handy?
<adam_g> Daviey: i do not off hand
<adam_g> Daviey: one sec, i can get one
<Daviey> adam_g: thanks!
<skaet> jamespage - what's the lastest on https://bugs.launchpad.net/ubuntu/+bug/1028458 ?   valid bug or not?
<uvirtbot> Launchpad bug 1028458 in ubuntu "iSCSI root based servers appear to fail to boot completely" [Undecided,Confirmed]
<smoser> hallyn, kvm in precise seems to have broken mouse grab?
<jamespage> skaet, its a bug but I don't think it should block anything
<patdk-wk> skaet, it seems me and jamespage where hitting two different bugs, but thought we where hitting the same :)
<jamespage> skaet, its def not critical as I first thought
<hallyn> smoser: with the latest update?
<skaet> jamespage,  ok.   I'll remove it from the respin consideration list.    Is it worth a release note?
<jamespage> skaet, I would say so
<skaet> patdk-wk,  do I need to worry about yours?  ;)
<jamespage> skaet, the server looks like it failed to boot
<cyclicflux> Yooooo whats happening?!?
<patdk-wk> skaet, defently :)
<patdk-wk> mine just errors to initrd, and won't boot
<skaet> patdk-wk,  number?
<smoser> hallyn, i don tknow when that would have been
<hallyn> smoser: works for me
<patdk-wk> skaet, same
<hallyn> are you using SDL?
<skaet> lol,  misread the earlier comment.  gotcha.
<skaet> ok,  release note it is.
<patdk-wk> more though, I think it might have more to do with /run not being mounted or something
<patdk-wk> based on that line 505 error
<smoser> hallyn, you're sure?
<patdk-wk> but it does mount, just takes longer than expected
<smoser> i just ran kvm from a desktop iso
<adam_g> Daviey: is there a specific panel you want?
<patdk-wk> atleast my guess
<smoser> if i click in the window, it does not capture my mouse at all.
<smoser> mouse moves freely inside and out, and 'ctrl-alt-f1' goes to desktop rather than vm
<hallyn> smoser: does it grab the mouse, but clicks don't go through?
<cyclicflux> I had a quick question, this application menu crap is driving me nuts on the ubuntu11.10, and I want to upgrade to pangolin(I think) 12.04, to get the Unity HUD going. However, in my particular case it wants to remove MySQL, etc... some major components on my development machine.  This is technically not a server install however I over time have installed a number of components via apt. I know that there is an addi
<cyclicflux> tional upgrade utility for Ubuntu servers, which I will install, I just was seeing the best way to do it and get a few perspectives on it.
<hallyn> smoser: which desktop iso?
<smoser> precise
<hallyn> depending on the guest graphics driver it certainly can be that it doesn't grab.  suse guests for instance do that
<hallyn> precise-what?
<smoser> release
<hallyn> precise-desktop-amd64.iso?
<smoser> yes
<cyclicflux> hallyn, I believe the only precise is pangolin
<hallyn> cyclicflux: yes but there are multiple isos, different installers
<hallyn> smoser: yes, this is not new.  that's just what the graphics driver is doing.  it's 'advanced'.  (at least that's my understanding - and it's definately not new)
<smoser> hm..
<smoser> ok
<hallyn> smoser: hm.  then again,
<cyclicflux> hallyn, I just saw that in the prior messages
<hallyn> i can't tell if mine is being very slow,
<cyclicflux> lol!!
<hallyn> smoser: are you able to click on things in the guest at all?
<adam_g> Daviey: http://ubuntuone.com/4eWrBIDcedrpo0Q37Pn45v http://ubuntuone.com/1ysNFB5UD7c6rzu7pVFRwl
<cyclicflux> smoser, you may try to make a manual xorg.conf, and put in mouse settings for it. But its likely due to an intel-graphics
<smoser> hallyn, yes. clicking works fine.
<hallyn> smoser: ok  (i realized i gave it 300M ram :)
<Daviey> thanks adam_g
<cyclicflux> smoser, I read that there are problems with the intel-based graphics cards and ubuntu12.04, as I was reading on conflicts when one upgrades or installs it.  Don't quote me on it, but I believe that a few of the articles stated that if using intel graphics card that it is best to stick with 11.10. I however would not know first hand.
<hallyn> smoser: note that so long as i'm careful to click (to grab) and leave the mouse inside the sdl window, ctrl-alt-f1 does go to the guest for me
<kyle__> I apt-get installed ubuntu-desktop, and now when I go to remove it, it's not removing all of it automatically.  Is that expected?
<smoser> kyle__, yes
<smoser> but you may be able to 'apt-get autoremove'
<smoser> to get rid of all the rest
<kyle__> Doesn't look like it's getting everything, but I'll see what it's done.
<kyle__> Wow.  Lots and lots of stuff to remove still.  May be faster to just reinstall.
<smoser> ah. yeah, it wouldn't work.
<smoser> when you isntall something, its dependencies get installed. then when you remove it, only it gets removed.
<kyle__> For a lot of packages it removes them, or apt-get autoremove will remove them. Ah well.
<kyle__> I'm trying to get displaylink video to work, I thought maybe the desktop config stuff would do it automatically.
<kyle__> Silly me, didn't do a thing.
<Daviey> i would have expected it to work aswell
<Daviey> IIRC, DisplayPort only works with non-free drivers.. but i could be wrong.
<kyle__> Daviey: The idea of hot-plug video cards is not well supported.
<Daviey> pass.. not much desktop expertise here.. :)
<kyle__> displaylink == USB video adapter.  There are open source drivers, and they're all similar enough to work with that driver.
<kyle__> Daviey: I'm making "Fear Of God" machines for my labs.  They pose as informational displays, but occasionally show a live feed of the security cameras
<kyle__> It keeps the students from slacking off, and others from vandalising.
<Daviey> kyle__: sounds like a nice project
<kyle__> It is.  And buying an atom box with 1 head + 1 displaylink adapter was much cheaper than buying the cheapest dual head option.
<kyle__> At least through my vendors.
<miceiken> hi per is mad
<jparker> anyone have a recommendation for installing a light gui?
<kyle__> jparker: xfce4 is pretty full featured, and light.  Lighter would be oroborus, fluxbox, blackbox.
<jparker> i basically just need to run firefox on it
<genii-around> You can even just go with twm and xterm in your .xsession , then manually run firefox from there, etc
<jparker> tried the xterm route but was getting errors with "DISPLAY is not set"
<jparker> i even enabled xforwarding in sshd_config
<genii-around> Ah, so forwarded x
<genii-around> jparker: Probably need something like export DISPLAY=host-ip-here:0:0
<genii-around> work, afk
<trimeta> What's the best way to restart a possibly crashed sftp-server process? I was messing around with things and it seems the processes are zombies now, but sudo killall -9 sftp-server doesn't work.
<trimeta> I've tried service ssh restart, but the processes are still there.
<kyle__> Lure the processes with brains.
<kyle__> trimeta: You probably need to find the process ids, and kill -9 them manually.  killall needs a pretty exact match iirc.
<trimeta> kyle__: Nope, sudo kill -9 <PID> has no effect.
<genii-around> Can't kill zombified processes
<kyle__> Oh yea.
<kyle__> humm.
<kyle__> genii-around: Poke through /proc/<PID>, see what it's parent process is.
<trimeta> Hmm, good idea.
<trimeta> ...How do I do that?
<trimeta> There's no /proc/<PID>/parent file...
<guntbert> trimeta: zombie processes are dead already, does sudo service ssh start help?
<trimeta> It doesn't. Although, maybe they're not really zombies? top doesn't say I have any.
<trimeta> All I know is they can't be killed...and kill/killall don't return any sort of error message.
<trimeta> Also, looks like sshd is the parent process...but I've done "sudo service ssh restart" multiple times.
<genii-around> Maybe try both upstart and init.d
<trimeta> The parent sshd process seems to persist regardless.
<kyle__> trimeta: Look in /proc/<PID>/status, or ppid.
<uvirtbot> New bug: #1028638 in python-novaclient (main) "Nova client depends on newer version of python-prettytable 0.6" [Undecided,New] https://launchpad.net/bugs/1028638
<uvirtbot> New bug: #1028645 in python-tx-tftp (main) "should use Architecture: all" [Undecided,New] https://launchpad.net/bugs/1028645
<glosoli> hey folks I really came to an end after two hours trying to figure out, I got roundcube running on my ubuntu server, everything seems to be fine dovecot doesn't output any errors in logs, the main problem is I can send mail easily but can't get the mail sent to me it s like inbox not working, tryed to add it as account to some mail clients to check if problem is not roundcube so it isn't , also dovecote says everything fine, any ideas ?
<uvirtbot> New bug: #1028673 in cloud-init (main) "Quantal Alpha-3 cloud images tested as unstable for multi-part-ud" [High,Confirmed] https://launchpad.net/bugs/1028673
<uvirtbot> New bug: #1028674 in cloud-init (main) "Quantal Alpha-3 cloud images tested as unstable for multi-part-ud" [High,Confirmed] https://launchpad.net/bugs/1028674
#ubuntu-server 2012-07-25
<yaboo> Hi all trying to redirect ports on my ubuntu server to a machine on my lag, using ufw, followed the ubuntu howto
<yaboo> o
<xr1rr> how do you add subdomain wildcards
<uvirtbot> New bug: #1028718 in nova (main) "nova volumes are inappropriately clingy for ceph" [Undecided,New] https://launchpad.net/bugs/1028718
<uvirtbot> New bug: #994194 in php5 (main) "Unable to load dynamic library pdo_pgsql.so" [Undecided,Expired] https://launchpad.net/bugs/994194
<uvirtbot> New bug: #1002141 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.4 failed to install/upgrade: subprocess new post-removal script returned error exit status 1" [Undecided,Expired] https://launchpad.net/bugs/1002141
<jstephan> good morning, just a short question, i see that my systems, which should only do security updates, upgraded kernel headers and images this night, i dont see the reason
<RoyK> http://paste.ubuntu.com/1109711/ <-- any idea what might have caused this?
<Ng> hmm
<Ng> how come asterisk-sounds-extra isn't in precise?
<Ng> interesting, this was a deliberate deletion coming from debian
<Ng> this seems like a very odd choice, asterisk itself is expecting some of the sounds in that package
<Ng> actually that may not be true, I've modified configs
<sbeattie> jamespage: any chance you can peek at bug 1027122? I've poked at it for a while and can't figure out what might be going wrong.
<uvirtbot> Launchpad bug 1027122 in openjdk-6 "JNI applications fail because shared libraries cannot be found" [High,Incomplete] https://launchpad.net/bugs/1027122
<eagles0513875> hey guys i have a virtualbox vm with a new disk i added i need to be able to determine the uuid and what im finding with the command is the existing two partitions which already have mount points any help would greatly be appreciated as to what im missing
<jamespage> sbeattie: looking now
<jamespage> sbeattie, I think that should be automatically added to the java.library.path - should be easy to check
 * jamespage writes a test case
<_nix_> hey everyone
<hallyn> jamespage: hey, are you around?
<hallyn> vde2 is not seeded.  But I don't have upload rights to it.  (prolly cause it's in universe)  Could you (review, for your own sake  :) and push http://people.canonical.com/~serge/vde-term.debdiff ?
<zul> good morning
<yml> I have just discovered https://try.cloud.ubuntu.com/ and I find it very useful to test my app on ubuntu. Is this offer limited to 55 min per day ?
<gitesh> !network
<ubottu> Wireless documentation, including how-to guides and troubleshooting information, can be found at https://help.ubuntu.com/community/WifiDocs
<yml> I have used one instance for 55min and I would like to try again after some changes but I can create a new instance
<hallyn> stgraber: you probably got this through some mailing list, but http://wiki.linuxplumbersconf.org/2012:containers  there's an agenda for the containers mini-conf
<stgraber> hallyn: yeah, I saw that page before, good to see more stuff adding to it. I actually have a todo list item that matches the /proc entry, basically adding a meminfo file to the memory cgroup and cpuinfo file to the cpu cgroup, these two could then be bind mounted over /proc/cpuinfo and /proc/meminfo by lxc so the container "sees" what it actually has access to
<tgm4883> I've setup a MAAS server and got a few nodes to PXE boot from it and install an OS. What is the user/pass for the OS that is installed?
<hallyn> stgraber: I"ve always left alone the status field for SRU bugs, figuring it has meaning to the SRU team.  Should I be leaving it new as a sign the sru team hasn't looked at it, or markign it triaged or in progress after i upload?  or does it not matter?
<stgraber> hallyn: In progress after upload is what makes my reports happy ;)
<stgraber> hallyn: I usually use "Triaged + assigned" == "on someone's todo list", "In progress" == "uploaded, waiting for approval", "Fix commited" == "in -proposed waiting for testing", "Fix released" == "in -updates"
<hallyn> stgraber: sounds reasonable, thx
<xnox> stgraber: thanks for changing all of my bugs....
<uvirtbot> New bug: #778636 in open-vm-tools (multiverse) "open-vm-toolbox no longer configures user X session services (unity, DnD, window resize) (dup-of: 772837)" [Undecided,Confirmed] https://launchpad.net/bugs/778636
<stgraber> xnox: hehe, np, you know I like to spam you ;)
<stgraber> xnox: (and it's making the foundation team report a lot less scary without all the mdadm bugs ;))
<xnox> stgraber: I love spiced ham =) thanks a lot ;-)
<uvirtbot> New bug: #1028981 in ceph (main) "ceph should Recommend xfsprogs" [Undecided,New] https://launchpad.net/bugs/1028981
<pworld> alo
<pworld> anyone here?
<tgm4883> pworld, better to ask your question and wait, than ask if anyone is here
<pworld> i see..my first time using irc
<tgm4883> no worries
<pworld> im having trouble of setting up private ubuntu cloud 12.04 so im not sure if this is the right place to ask
<genii-around> pworld: Can you give a more specific description of the problem?
<pworld> sure
<xomp> hello, looking for some help in cloning one ubuntu server (same OS version) to another box running the same OS version. I was told of rysnc but I know nothing of it. Could someone help?
<xnox> xomp: have you tried googling " ubuntu server backup restore rsync "
<xnox> ?
<pworld> basically im attempting to deploy 1 MAAS physical server and add 2 more physical nodes. I get MAAS installed great as in the tutorial https://help.ubuntu.com/community/UbuntuCloudInfrastructure
<pworld> and then when i get to https://wiki.ubuntu.com/ServerTeam/MAAS/Juju
<xomp> I did try google first but nothing very helpful in regards of doing this from the terminal (mostly GUI stuff is mentioned from what I seen)
<pworld> juju -v status -> this gives me error invalid SSH keys
<pworld> i fixed this using some technquies that ppl posted on askubuntu but then again, shouldn't it work by just using pxe booting?
<pworld> and second problem I encounter after fixing invalid SSH keys is that right after I deployed mysql in https://wiki.ubuntu.com/ServerTeam/MAAS/Juju , one of my MAAS node has turned into ready state instead of Allocated to root
<pworld> and that's where I stuck
<pworld> if you know any video that show how to install ubuntu cloud 12.04 that would be really helpful to me as well
<pworld> does anyone here have experience in ubuntu MAAS?
<tgm4883> pworld, I think logs of people do. I'm just starting to set one up
<tgm4883> looking at the backlog, thats almost exactly what I'm doing
<pworld> i see
<pworld> i basically stuck there
<tgm4883> pworld, not sure what you did to fix the invalid SSH keys issue, but it sounds like you removed the juju server. Do any of the servers say they are allocated?
<pworld> the official tutorial doesn't work well
<pworld> ah
<pworld> only 1 of the 2
<tgm4883> pworld, what does 'juju status' say?
<pworld> i fixed invalid ssh key by going to each node and go to ubuntu recovery node and set up the MAAS public key for each of the node
<pworld> juju status says server refused to accept the client
<tgm4883> pworld, odd
<pworld> this is after i fixed the invalid ssh key
<pworld> 00:30:67:db:3b:09 (node09)	Ready
<pworld> 00:30:67:e4:73:b5 (nodeb5)	Allocated to root
<pworld> heres my 2 machines
<pworld> i still dont know why only one of them is allocated to root
<pworld> b4 i could make 2 of them allocated but now i tried many times, only 1 of them went allocated
<tgm4883> IDK, the guide worked pretty well for me
<tgm4883> the only issues I had were because of my test network setup
<tgm4883> pworld, you shouldn't need to do the stuff that you have had to do
<pworld> hmm
<pworld> did you get the invalid ssh key?
<pworld> how did you boot and add a node to MAAS?
<tgm4883> pworld, once. I deleted the node from MAAS and re-pxebooted and imaged it
<tgm4883> pworld, I use pxeboot to enlist and image the nodes
<pworld> oh so it meant that you didn't manually add the node Mac address into MAAS web interface b4 re-pxebooted it?
<tgm4883> I've reset the entire environment a few times since starting to learn this
<tgm4883> pworld, nope, the pxeboot takes care of all that
<pworld> ok
<tgm4883> all I did was go in and set the correct hostname in MAAS after it was enlisted
<pworld> so what image did you pick?
<tgm4883> it defaults to the MAC address
<tgm4883> I didn't pick an image. I let MAAS do all the work
<pworld> i see
<pworld> so the image was local i believe
<pworld> as it's the default option in the enlist
<tgm4883> local to the MAAS server
<pworld> i see
<pworld> i'll try this path again then
<pworld> also
<pworld> what do you mean by setting correct hostname?
<pworld> as you say and it's set default to the node-mac address
<tgm4883> pworld, I needed to set it to a specific name because of my test network setup
<tgm4883> my DHCP server doesn't register the names in DNS
<pworld> i see
<pworld> thats good to know
<pworld> i'll just leave it as default hostname then since my router has a default dhcp
<tgm4883> pworld, yea I ran into some DNS issues that I had to work out
<pworld> i'll give it a shot. thx for your insight tgm4883
<tgm4883> pworld, yw. Let me know if you have more questions. It sounds like we're at about the same place in this process
<pworld> for sure. i'll keep you posted
<ssvss> Hello, I changed the ip address of few machines, is there a way I can find what the old ip address was before the change.
<Seveas> ssvss, ntpd will have logged them to syslog
<ceege> if have ufw running, you might get the IP from those logs. or the kern log if you have any sysctl.conf settings turned on
<ssvss> Thanks, syslog had it.
<RoyK> seems mdadm is fine unless something is messed up...
<RoyK> the drives are all there, but md doesn't seem to want to see the drives
<silver_star_iri> netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n  I have IP with more than 100 conection is it normal ?
<silver_star_iri> how many connection is normal form an IP ?!
<tgm4883> somewhere between 1 and infinity
<tgm4883> silver_star_iri, this is IRC, you might want to wait longer than 2 minutes for an answer
<tgm4883> and also, you might want to specify a little more about what your server does
<silver_star_iri> tgm4883: It a an web base game
<silver_star_iri> How I could find out it is not DDOS attack ?
<tgm4883> silver_star_iri, being that it is from a single IP, I think that would be the definitions of not a DDOS
<tgm4883> "Distributed" being the key part of DDOS there
<silver_star_iri> netstat -nt | grep :80 | wc -l
<Geemili> Does anyone here have experience with Poweredge servers?
<silver_star_iri> with this command , 2200 is normal also :D?
<tgm4883> Geemili, some
<Geemili> I ask because I am having trouble installing Ubuntu 12.04 onto a poweredge 2800
<tgm4883> Geemili, actually, now that I think about it, none of our servers run Ubuntu directly
<Geemili> *Ubuntu server
<tgm4883> I think all of our poweredge servers run ESX
<tgm4883> silver_star_iri, IDK if either of those figures is normal.
<tgm4883> For the second, I guess it would depend on how popular your game is
<silver_star_iri> tgm4883: my last QS , some times the server goes slow , how I can find out it is not apache problem ? (in mytop I have not any slow query)
<_ruben> 2800 sounds quite old :)
<_ruben> got some 1850 and 2850 running around, haven't tried 12.04 on any tho
<Geemili> I'm not sure how old it is. I have never worked with servers before
<Geemili> Anyway, I don't think that it is Ubuntu that is causing the problem
<Geemili> The poweredge just doesn't seem to boot from the usb drive or the cd-rom
<_ruben> press F11 (i think) during boot to get to the boot media menu .. if that route fails as well, then it's likely the media you use aint bootable
<patdk-wk> on all mine, it's f12
<Geemili> I think mine is F12 as well.
<Geemili> F12 is something called PXE boot
<_ruben> could be .. i tend to just use my eyes to see the proper key to use :)
<_ruben> ah, that could be, lately i've been doing pxe installs mostly :)
<Geemili> I don't think that worked.
<Geemili> Do you know how to make a cd bootable? I've just been burning the .iso image onto a cd with FreeISOBurner and then putting it into the cd-rom.
<smoser> utlemming, JamesJRH what do you see is failing at https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1028674 ?
<uvirtbot> Launchpad bug 1028674 in cloud-init "Quantal Alpha-3 cloud images tested as unstable for multi-part-ud" [High,Confirmed]
<smoser> i'm confused.
<smoser> https://jenkins.qa.ubuntu.com/view/ec2%20AMI%20Testing/view/Overview/job/quantal-server-ec2/5/
<smoser> shows all the multi-part-ud tests as "unstalbe' (but that means they ran successfully, doesn't it?)
<smoser> utlemming, jamespage this is what i see: http://paste.ubuntu.com/1110766/
<jsquared> new irc user - question about drivers/firmware for Ubuntu 12.04 Server on HP ProLiant DL380p Gen8 - do they exist?
<smoser> utlemming, jamespage http://paste.ubuntu.com/1110791/ are the build 4 failures.
<smoser> again, i'm confused about what bug you're seeing in the multipart-ud tests
<smoser> utlemming, jamespage ok, i just populated iso tracker with lp:~smoser/+junk/jenkins2isotracker/
<Morten_> Hello
<adam_g> roaksoax: AFAICS, nova cleans its lock files okay unless of course it crashes or its gets SIGKILL'd
<adam_g> roaksoax: is there any indication that the nova process stopped abnormally? any upstart output?
<Garbee> Does anyone know how to make it so a normal user can read/write files that are owned by the www-data user and group?  I have my user in that group but it still can't create files in my webroot folder.  Here is a pastebin of my user and the folder permissions: http://pastebin.com/AWbdAVKi   .  Please let me know if you need anymore information to try and help.
<tgm4883> Garbee, did you logout and back in after adding yourself to that group?
<Garbee> tgm4883, yes.  I even rebooted the whole server.  Let me do it again just to be completely sure.
<tgm4883> Garbee, well actually
<tgm4883> you don't have write permission because the group doesn't have write permission
<roaksoax> adam_g: let me check
<tgm4883> drwxr-xr-x  2 www-data www-data  4096 Jul 25 20:15 webroot
<Garbee> Oh, just read and execute...
<tgm4883> yea
<Garbee> *facepalm*  I have been staring at that for 3 hours and never noticed it.
<tgm4883> Garbee, no worries, always helps to have a fresh set of eyes on it :)
<Garbee> Perfect tgm4883!
<tgm4883> glad I could help. Don't forget to pay it forward
<Garbee> I messed up this morning setting up fastCGI on this VPS, so needed to rebuild.  This time I'm keeping www-data as the user/group so hopefully that will make one less thing that can get in the way.
<Garbee> ls
<Garbee> Oops, wrong window sorry.
<roaksoax> adam_g: no other than the amqp which seems to e befcause of not having relations
<adam_g> roaksoax: can you pastebin nova-api.log prior to the deadlock
<roaksoax> adam_g: https://pastebin.canonical.com/70970/
<adam_g> roaksoax: i mean , the entire ogfile
<adam_g> logfile
<Garbee> Anyone know any good tutorials for install fastcgi with Apache?  All the ones I see are for nginx.
<roaksoax> adam_g: https://pastebin.canonical.com/70972/
<ScottK> roaksoax: Please us public resources.
<ScottK> us/use
<roaksoax> ScottK: will do :)
<bernardo> hello!! i need use trafic control in my network
<bernardo> i have a unbuntu server, with 2 ethernet pci
<bernardo> anyone can help me?
<bernardo> i need a package like http://www.bandwidtharbitrator.com/
<bernardo> http://www.bandwidtharbitrator.com/ is a program but i dont know if it works in ubuntu server
<bernardo> please help me
<bernardo> hi?
<tgm4883> bernardo, do you have a support contract?
<bernardo> no! i use linux becouse i like it
<tgm4883> then you might want to wait longer than 4 minutes for a volunteer to respond on IRC
<bernardo> i use linux since 2001
<adam_g> roaksoax: can you also toss me nova-network.log
<bernardo> sorry!!!,
<tgm4883> bernardo, no worries, but it's best to ask you question and then wait. People check back from time to time
<bernardo> I HAVE IT, sorry, verry sorry!! i wait!!
<bernardo> im sorry! i wait
<ScottK> bernardo: There are often many applications that might serve your needs.  In general, it's best to choose from those packaged in the Ubuntu archive.  The following search result might be useful to you: http://packages.ubuntu.com/search?keywords=bandwidth&searchon=all&suite=precise&section=all
<pmatulis_> roaksoax: hey there.  do we have some decent docs for high availability (failover)?
<bernardo> thanks
<roaksoax> pmatulis_: https://wiki.ubuntu.com/ClusterStack/Natty
<roaksoax> that still applies
<roaksoax> pmatulis_: https://wiki.ubuntu.com/ClusterStack/Precise
<roaksoax> that's what changed for GFS2 etc
 * roaksoax off for the day
<bernardo> how can i configure the package iperf?
<ScottK> bernardo: You install it with sudo apt-get install iperf and then there should either be a man page (man iperf) or documentation on /usr/share/doc/iperf on how to use it.
<bernardo> thanks!! but is a command no a program with gui, i have a bad choice!! thanks again
<bernardo> i continue with search program
<bernardo> thanks
#ubuntu-server 2012-07-26
<jsquared11> Does anybody know if HP has released drivers/firmware for Ubuntu 12.04 on ProLiant DL380p Gen8 hardware (with RAID p420 controllers)?
<adam_g> roaksoax: funny enough, looks like the bug you've been hitting was finxed just today: https://bugs.launchpad.net/ubuntu/+bug/1018586
<uvirtbot> Launchpad bug 1018586 in ubuntu "cleanup_file_locks does not remove stale sentinel files" [High,Confirmed]
<bernardo> hello i need  Enable High Resolution Timer, No Dynamic ticks, Low Latency Desktop in the kernel menuconfig
<bernardo> can i try this without recompile kernel?
<pmatulis_> hallyn: hi, i just got bit by bug #931350 , not sure if you're still following that
<uvirtbot> Launchpad bug 931350 in libvirt "vms missing after upgrade from Lucid to Precise" [Medium,Triaged] https://launchpad.net/bugs/931350
<pmatulis_> hallyn: is bad IMO, every one of my ~30 guests have "vanished"
<anomaly> what would be the best option for encrypting a folder at one location, that I can sshfs mount at home?  this is a commandline only box, so xorg solutions would not be valid.
<hallyn> pmatulis_: I see your comments on the bug, thanks
<hallyn> of course since libvirt detects the duplicate entry, it could just ignore it rather than failing
<uvirtbot> New bug: #997222 in openldap (main) "package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Expired] https://launchpad.net/bugs/997222
<platoxia> can anyone confirm a major libmono update?
<platoxia> nevermind, I guess it doesn't matter since it is just web fonts
<platoxia> quit
<drakkan1000> Hi, today a new openssl version hit the main repo the changes was made by mdeslaur, however another bug that has a patch ready was not fixed: https://bugs.launchpad.net/ubuntu/+source/s3cmd/+bug/973741 this issue make segfault several applications that use openssl (dovecot on my server), any eta? For now I need to apply that one line patch and rebuild openssl, please note that the bug is already fixed in debian w
<drakkan1000> ould be useful to fix it in ubuntu too, thanks
<uvirtbot> Launchpad bug 973741 in openssl "s3cmd: segmentation fault for all https operations in libcrypto.so.1.0.0" [Undecided,Confirmed]
<ScottK> SpamapS: ^^^ is there some server team person that can look at that.  Sounds important.
<ScottK> drakkan1000: mdeslaur is on the Ubuntu security team, so I'm not surprised he didn't include non-security fixes.
<drakkan1000> ScottK, ok thanks, I'll wait some more time and if no new openssl package will be available I'll apply the patch and recompile the last one as done until now
<adam_g> drakkan1000: which legacy intel CPU are you using? i apparently can't reproduce myself, but im happy to prepare a patched package that you might be able to verify
<drakkan1000> adam_g, Intel(R) Xeon(TM) CPU 3.40GHz and you are right the bugs affect only cpu family	: 15
<drakkan1000> adam_g, I can already confirm that applying this patch http://cvs.openssl.org/chngview?cn=22415 solve the issue
<adam_g> drakkan1000: i've applied that to openssl_1.0.1-4ubuntu5.4 which should hopefully be building soon in ppa:gandelman-a/ppa. i'll propose an update on that bug, please subscribe and help verify when it hits precise-proposed
<drakkan1000> adam_g, thanks
<Jeeves_> Morning
<Jeeves_> Where do installer-bugs go again?
<_ruben> /dev/null
<Jeeves_> _ruben: :)
<RoyK> http://www.youtube.com/watch?v=n3wPBcmSb2U <-- I don't think you can install Ubuntu on this one...
<lordievader> Good morning
<blinkiz> Hi. I have problem that VLAN traffic is passed to virtual machines. I have a bridge interface (br0) that has eth0 and a couple of vnetX interfaces. All vnetX interfaces see all traffic on eth0, including tagged traffic. I do not want vnetX interfaces to see tagged vlan packages. How can I fix this?
<blinkiz> Is this controlled within iptables (ebtables) now days? bridge-nf-filter-vlan-tagged??
<mardraum> blinkiz: create a new bridge just to the vlan interface you want the vm on.
<blinkiz> mardraum, I do not understand
<blinkiz> mardraum, I want the virtual machine on the network coming in untagged (eth0) on the host machine. To make my problem more simple, let's say I do not want any vlan to any virtual machine
<blinkiz> mardraum, I can currently do a tcpdump and see all traffic, including tagged frames, in the virtual machines.
<blinkiz> Not something I would like to have
<mardraum> so stop bridging on eth0
<blinkiz> mardraum, yeah, but how do I bridge eth0 untagged traffic to the virtual machines?
<mardraum> it's the native vlan
<blinkiz> native.. oh.. explain more :)
<mardraum> I assume that's what you mean by "untagged"?
<blinkiz> How do I bridge native vlan with virtual machines interface (vnetX)?  Yes, untagged is.. well... native.. nothing..
<blinkiz> Back in ubuntu 9.10, bridging eth0 and virtual machine interface did not pass vlan frames. But that has changed in 12.04..
<blinkiz> Probably changed 10.04 or 10.10 I guess
<blinkiz> mardraum, Do you understand my problem or do I need to explain more?
<mardraum> I think most people who choose to use an "untagged" vlan don't want to present it
<blinkiz> mardraum, yeah, maybe
<mardraum> and it's used for host management
<RoyK> vnetX - is that a variant of eth0.X?
<blinkiz> vnetX is something kvm is creating under 12.04. Like vnet0, vnet1
<blinkiz> virtual interfaces for the machines
<pmatulis_> hallyn: ok
<RoyK> ohic
<RoyK> vnet0     Link encap:Ethernet  HWaddr fe:54:00:79:33:e7
<blinkiz> mardraum, yeah, I can solve this by sending my network as tagged to the host file. Just curious if there was some other way
<blinkiz> host file = host machine
<blinkiz> mardraum, ever worked with ebtables? Maybe this is another solution? There I can (I think) control VLAN tag on or off depending how I want to send the traffic between interfaces
<mardraum> I used it until openvswitch got into mainline
<blinkiz> mardraum, openvswitch sounds cool.
<blinkiz> mardraum, maybe I should just run a openstack framework or something.
<mardraum> I think you should just modify your vlan tagging :P
<blinkiz> mardraum, yeah, probably..
<blinkiz> :)
<mardraum> blinkiz: http://www.rackspace.com/blog/vms-vlans-and-bridges-oh-my-part-2/
<mardraum> not quite what you want, but perhaps a start
<blinkiz> mardraum, Well, my goal is to have a more efficient network stack on my host. Currently it looks like this and it is not pretty: http://pastebin.com/BXXGsB50
<blinkiz> ipv4 addresses.. is.. anonymized :)
<hggdh> zul: why is this tan person emailing us?
<zul> hggdh: i have no idea....im just ignoring it now
<hggdh> same here
<ogra_> you dont like tanned people ?
<hggdh> ogra_: heh, nothing against tanned people, just against Tan
<ogra_> heh
<mardraum> blinkiz: 404?
<blinkiz> mardraum, no, learning ebtables :)
<blinkiz> mardraum, think I have found something.. need to test..
<mardraum> blinkiz: I mean your pastebin doesn't exist
<blinkiz> mardraum, oh, let me put it up again
<blinkiz> mardraum, xxx.xxx.xxx.xx
<blinkiz> oh, http://pastebin.com/nDh6yAmc
<blinkiz> mardraum, "ebtables -t broute -A BROUTING -i eth0 -p 802_1Q -j DROP" makes bridging eth0 and vnetX interface not pass vlan traffic. :)
<blinkiz> mardraum, And I guess I can now control which virtual machine (vnetX) get which vlan. This way I do not need to have such ugly network interface file that I have now.
<blinkiz> Hmm, ebtables (my lines) is not virtual machine aware. Meaning vnetX interfaces can change when the host machine restarts. Darn..
<hallyn> pmatulis_: how did you create the guests in 10.04 originally?  When I just 'virsh define cdboot.xml' on lucid, I get a proper serial and console entry
<hallyn> (this is re bug 931350)
<uvirtbot> Launchpad bug 931350 in ubuntu-release-notes "vms missing after upgrade from Lucid to Precise" [Undecided,Fix released] https://launchpad.net/bugs/931350
<pmatulis_> hallyn: typically virt-manager is always used
<pmatulis_> hallyn: every one of my ~30 guests were in the same state, and my script fixed them all
<hallyn> pmatulis_: (trying with virt-manager...)
<pmatulis_> hallyn: dunno if it matters but we also typically run virt-manager locally (ssh -X host virt-manager) to gain access to the host's bridge
<hallyn> pmatulis_: any chance you have a lucid box around so you could create one and check (before the upgrade) for two console entries?
<pmatulis_> hallyn: both my kvm hosts are no longer running lucid
<pmatulis_> hallyn: but they were there.  i'm not sure what another test would do
<hallyn> they were there before you upgraded them from lucid?
<hallyn> that would be the only test :)
<SpamapS> ScottK: looks like adam_g is on it for bug 973741 .. I'll look at sponsoring his debdiff in
<uvirtbot> Launchpad bug 973741 in openssl "[SRU] segmentation fault for all https operations in libcrypto.so.1.0.0" [High,Confirmed] https://launchpad.net/bugs/973741
<ScottK> SpamapS: Yes.  He jumped in last night.  That sounds great.  It sounded like an issue that really ought to be dealt with before the point release.
<SpamapS> agreed I'm targetting it as such
<pmatulis_> hallyn: actually, you made me realize that i did not inspect the xml files before upgrade.  i assumed they were not modified by the upgrade.  but now i recall that there is the thing with image formats and how non-raw formats must be explicitly defined.  that, in turn, brought in an automated conversion during upgrade (from 10.04 to 10.10 i believe).  maybe that conversion process modified the console stuff?
<hallyn> pmatulis_: it's possible
<uvirtbot> New bug: #353835 in vlan (main) "NetworkManager lacks 802.1Q/VLAN tagging support" [Undecided,New] https://launchpad.net/bugs/353835
<smoser> jamespage, so why does jenkins show yellow for multi-part tests?
<smoser> i'm looking at https://jenkins.qa.ubuntu.com/view/Quantal/view/All%20Quantal/job/quantal-server-ec2/6/
<jamespage> smoser, because one of the tests that runs in-instance fails
<jamespage> smoser, https://jenkins.qa.ubuntu.com/view/Quantal/view/All%20Quantal/job/quantal-server-ec2/6/ARCH=amd64,REGION=eu-west-1,STORAGE=ebs,TEST=multi-part-ud,label=ubuntu-server-ec2-testing/testReport/
<smoser> ah. i see.
<jamespage> I think I made a comment in the bug report
<smoser> i kept thinking that yellow was "passed today, but historically has not been very stable"
<smoser> ok. that makes so much more sense.
<smoser> hm.. jamespage i really dont unerstand how that can be failing.
<jamespage> smoser, the jobs get installed
<smoser> as that message is getting to the screen
<smoser> (the ocnsole log)
<jamespage> but something used to get written to /root/OUTPUT-<upstart-name>
<jamespage> which no longer does
<smoser> right
<smoser> but look at what you pointed at
<smoser> https://jenkins.qa.ubuntu.com/view/ec2%20AMI%20Testing/view/Overview/job/quantal-server-ec2/ARCH=amd64,REGION=ap-northeast-1,STORAGE=ebs,TEST=multi-part-ud,label=ubuntu-server-ec2-testing/4/artifact/tests/multi-part-ud/upstartjob1.txt/*view*/
<smoser> how could the message get to the console and the file not get created.
<smoser> outside of tee failing  :)
<smoser> ah. i see. i'll dig a bit
<jamespage> coolio
<pmatulis_> hallyn: a related problem to my upgrade is that virt-manager can no longer by invoked on the server
<pmatulis_> hallyn: i should get:
<pmatulis_> ERROR:root:Unable to initialize GTK: could not open display
<pmatulis_> but i just get the prompt back
<pmatulis_> strace is not telling me anything yet
<smoser> Daviey, https://bugs.launchpad.net/ubuntu-release-notes/+bug/978963 should be fix-released or at least committed?
<uvirtbot> Launchpad bug 978963 in ubuntu-release-notes "add release note that OpenStack should be used on a protected network" [Undecided,Fix released]
<hallyn> pmatulis_: and this is ssh'ing into the server with -X and running virt-manager with remote display?
<pmatulis_> hallyn: no, directly on the server
<pmatulis_> hallyn: 'strace -f virt-manager' gives some of what i expected however
<smoser> ivoks, you're marked assigned on https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/850960
<uvirtbot> Launchpad bug 850960 in open-iscsi "iscsid tries to reconnect existing session at startup, failing to do so and hanging the system" [Undecided,In progress]
<smoser> are you expecting to try to get that by 12.04.1 (which deadline is next week)
<smoser> zul, ping wrt https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1006898
<uvirtbot> Launchpad bug 1006898 in dnsmasq "[SRU] dnsmasq fails at leasing issues when using vlan mode" [Medium,Fix released]
<zul> smoser: if dnsmasq is used that much then im not sure about pushing that SRU
<zul> smoser: since i dont really have a way to test it
<smoser> zul, ok. stgraber ^ do you have thoughts on zul's hesitation above?
<stgraber> smoser: if that bug doesn't affect a significant amount of users and you don't have a clear way of testing it, I'd prefer for us to wait or just not fix it rather than risk regressing DNS on the desktops
<stgraber> we don't use dnsmasq for DHCP on the desktops, so in theory these are two different code paths, but without a clear way of testing it, we can't be 100% sure
<smoser> well, a clear  way of testing it wouldn't really help.
<smoser> as we'd only be testing that it fixed an issue, not that it did not regress others.
<ScottK> We'd need both.
<ScottK> Test for the fix and a regression test.
 * SpamapS really doesn't like the way dnsmasq was jiggered into network manager
<ivoks> smoser: yes, plan is to work on it this weekend
<ivoks> smoser: weekend is the only part of the week when i can actually work on ubuntu :)
<smoser> ivoks, maybe you could get a new job with an employer that would allow you to work on ubuntu
<smoser> :)
<smoser> thanks.
<ivoks> excellent idea :D
<slhsen> Hi, I have a problem: I have a Dell r510 server and Intel 520 SSD drive. Problem is I can find ssd on ubuntu-server 12.04
<slhsen> it doesn't apper lsblk
<slhsen> and I couldn't find it under /dev
<slhsen> does anybody have an idea? I'm sure disk works since i've formatted it on a ubuntu 11.10 desktop
<genii-around> slhsen: Is it being seen in bios?
<slhsen> genii-around, i  can see it on the raid configuration
<slhsen> it appears as unconfigured device
<slhsen> i couldn't find much configuration though, only option was global hot spare which isn't my goal
<genii-around> slhsen: Yeah, looks like it wants to make it part of the raid array. I'm not familiar with the r510.. perhaps there is some hd controller you can use which is not part of the raid ?
<uvirtbot> New bug: #1029355 in euca2ools (main) "euca-add-keypair could overwrite key files if the key is already added" [Wishlist,Incomplete] https://launchpad.net/bugs/1029355
<slhsen> genii-around: hmm it could be, I'm not really familiar with it either. Looking into it, thanks
<SpamapS> drakkan1000: fyi, I uploaded adam_g's fix to the precise-proposed queue today. It should be reviwed and available for testing by next Wednesday.
<drakkan1000> SpamapS, thanks I'll use that packages instead of the mine this weekend, so if something go wrong on my mail server I have less traffic, I'll report back the results thanks
<slhsen> genii-around: no luck, there are only two hd ports that I can plug ssd in (12, 13) and both of them are connected to raid controller, but in raid configuration ssd shows up as unconfigured. I guess that's how  Perc h700 raid controller handles disk.
<genii-around> slhsen: Bleh
<slhsen> genii-around: somewhere it says PERC doesn't support JBOD, I hope there is a way to create a raid array with only one disk :|
<genii-around> Might need to get some low-profile SATA controller
<hallyn> zul: any objections to adding pm-utils to Suggests for libvirt?
<hallyn> (re bug 994476)
<uvirtbot> Launchpad bug 994476 in libvirt "libvirt-bin : error : virExecWithHook:328 : Cannot find 'pm-is-supported' in path: No such file or directory" [Low,Invalid] https://launchpad.net/bugs/994476
<zul> hallyn: nope it would get rid of the warnings/errors in the log file
<hallyn> zul: ok. are you planning any updates soon-ish?
<zul> hallyn: nope im done for now
<hallyn> ok, i'll add that, and look into the udevadm settle timeout workaround for servers with lvm
<hallyn> thx
<adam_g> SpamapS: im assuming the PPC FTBFS is blocking https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1021530 from hitting proposed?
<uvirtbot> Launchpad bug 1021530 in openvswitch "[SRU] update to include stable fixes for OVS 1.4" [Medium,Fix committed]
<uvirtbot> New bug: #1029415 in openldap (main) "package libldap-2.4-2 2.4.28-1.1ubuntu4 [modified: usr/share/doc/libldap-2.4-2/changelog.Debian.gz] failed to install/upgrade: libldap-2.4-2:amd64 2.4.28-1.1ubuntu4 cannot be configured because libldap-2.4-2" [Undecided,New] https://launchpad.net/bugs/1029415
<gitesh> Hi, I am having dynamic IP. Can I configure it for using Internet connection on Ubuntu-server 12.04 LTS ?
<spajderix> hi
<Josua> Hey everyone, does anyone here have experience with very slow responses when benchmarking on Ubuntu 12.04? We did ab -n 10000 -c 1000 -r and the domain and the mean time is up to 20 secs
<Josua> We are using php-cgi but the server is fast enough when just accessing static HTML pages
<Josua> But all pages in Magento, Drupal or Joomla are excessively slow
<Josua> anyone ?
<Daviey> smoser: is it fixed?
<smoser> >
<smoser> ?
<stgraber> hallyn: I have a pretty nasty lxc bug for quantal + precise, I'll give you the diff to include in your quantal upload
<stgraber> hallyn: currently prevents building quantal containers on precise or quantal and will soon prevent building precise containers too
<hallyn> stgraber: ok, i haven't yet started on a quantal update (the bugs i was giong to address were all low prio)
<hallyn> stgraber: ok.  i'll aim to queue something up tonight
<hallyn> stgraber: feel free to apply it to ubuntu:lxc, else sling me a debdiff
<stgraber> hallyn: ok. Basically the check in lxc for bug 974584
<uvirtbot> Launchpad bug 974584 in sysvinit "Semaphores cannot be created in lxc container" [High,In progress] https://launchpad.net/bugs/974584
<stgraber> hallyn: it's doing an rmdir if [ -d $rootfs/dev/shm ]
<stgraber> hallyn: but [ -d ] returns true when it's a symlink to a directory
<stgraber> making rmdir fail and making the lxc-create fail
<hallyn> should be [ -d && ! -h ] then?
<SpamapS> Josua: there's an issue with having more than 1000 concurrent php processes in precise's apache
<stgraber> hallyn: [ -d ] && [ ! -L ] was what I was going to go with
<Josua> But when I do the exact same command to one of our VPS'es it takes max 3 seconds
<smoser> Daviey, is what fixed?
<SpamapS> Josua: it has something to do with mod_ssl
<SpamapS> Josua: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1028470
<uvirtbot> Launchpad bug 1028470 in apache2 "apache2+ssl hangs on high load" [Medium,Confirmed]
<SpamapS> Josua: that may not be what you're hitting...
<SpamapS> Josua: but its worth looking at
<stgraber> hallyn: but yeah, that's an identical check ;) I just tend to prefer -L as my brain better parses it :)
<Josua> Right, and this would be an issue even if we use php-fastcgi ?
<Josua> just did a test with ab -n 100 -c 100 -r http://server.dk with an even worse result 50 secs mean
<stgraber> hallyn: http://paste.ubuntu.com/1112277/
<stgraber> hallyn: pushed to the branch. Let me know if you can't upload today and I'll get that uploaded individually. Not being able to create quantal container is kind of critical ;)
<hallyn> stgraber: i still need to write to of the patches (looking at bugs 1013549 1019290 and 1020179) and want to test quite a bit.  and i won't start for a few hours.  so if you're rushed and want to push, go ahead.
<uvirtbot> Launchpad bug 1013549 in lxc "lxc-clone fails for xfs fs on lvm" [Medium,Triaged] https://launchpad.net/bugs/1013549
<stgraber> hallyn: hmm, my patch is wrong, I forgot -cloud ...
<hallyn> heh i'll do mine as debdiffs for now and push them into bzr later
<stgraber> hallyn: updated my fix in bzr now, should be fine. Will prepare the sru now
<uvirtbot> New bug: #1025544 in sqlalchemy "[SRU] schema changes using sqlalchemy's sqlite dialect can fail when using reflection" [High,In progress] https://launchpad.net/bugs/1025544
<hallyn> stgraber: ok, tests are running.  wasn't as bad as i'd thought.  (i should probably wait until the tests pass to say that though)
<hallyn> stgraber: ok, and pushed to ubuntu:lxc for now.
<hallyn> (still waiting for tests as well as of course a3 freeze)
<adam_g> zul: glanceclient already has python-warlock added. re: horizon there is a bug, upstream mentioned we can optionally include static CSS files in package to avoid the dependency on django-compressor
<zul> ok
<zul> python-warlock made it in to the archive?
<adam_g> zul: but im not sure what is easier
<adam_g> zul: i dont know that it has, but its in our build environment and PPAs so that we're not blocked there
<zul> adam_g: yeah im not worried about the PPAs im worried about people not able to use openstack on quantal right now because of it
<adam_g> zul: well considering how backed up everything is atm dependency-wise...
<adam_g> zul: its probably going to be a while before any of it usable straight out of the archive
<zul> adam_g: right
<hallyn> stgraber: all tests passed here.  so i'll push when i get back or when archive is open, whatever comes later
<stgraber> hallyn: ok. you can also push to -proposed and I'll pocket copy (or an AA will)
<hallyn> stgraber: hm, since i have lxc, libvirt, and qemu queued, i didn't wnat to make extra work for admins
<hallyn> please feel free to if you want.  otherwise i'll push when i get back
<adam_g> jamespage: ive proposed https://code.launchpad.net/~gandelman-a/ubuntu/precise/openvswitch/update_key_bytes/+merge/116945 to precise-proposed/openvswitch, not sure if you can help move along
<CounterPillow> Hi there. I'm trying to set up smtp using postfix and dovecot for sasl as described here: https://help.ubuntu.com/12.04/serverguide/postfix.html
<jamespage> adam_g, hmm - 4 conflicts....
<CounterPillow> the documentation seems to be inaccurate though, since there's no "socket listen" option anywhere in dovecot.conf
<CounterPillow> and not in any files within conf.d either
<CounterPillow> Basically, I'm stuck right now. Can anyone help me?
<adam_g> jamespage: interesting, one sec ill fix
<CounterPillow> right now I can recieve emails, but how should I tell all my friends about the cool viagra offers I've found online when I can't send emails? :(
<adam_g> jamespage: https://code.launchpad.net/~gandelman-a/ubuntu/precise/openvswitch/ovs-ppc-ftbfs/+merge/116948 should be clean. .pc stuff still confuses me
<jamespage> adam_g, OK _ leave it with me - I'll check it builds on powerpc as well
<adam_g> jamespage: all tests seem good on the ppc porter box
<jamespage> adam_g, great
 * jamespage skips that then
<jamespage> adam_g, one tweak precise->precise-proposed for target pocket - uploaded
<adam_g> jamespage: doh, figures. i even asked you about that :)
<jdstrand> adam_g: hi!
<jdstrand> adam_g: so I cloned my openstack vm, gave it a new ip and hostname and rebooted
<jdstrand> adam_g: this new vm is not working well with these commands hanging: 'nova floating-ip-list', 'euca-describe-addresses' and http://<host>/nova/access_and_security/
<jdstrand> that last one eventually times out and says "Error: Error fetching floating ips: n/a (HTTP 400)"
<jdstrand> adam_g: I'm wondering what I need to change to make it work again. All I did was adjust /etc/hostname, /etc/hosts for the new hostname and /etc/network/interfaces for the new ip. everything else seems to work like before
<adam_g> jdstrand: oh jeez, yea. your old IP address is probably all over the database? did you setup originally using hostname or IP for all of the keystone endpoints?
<jdstrand> adam_g: I followed https://wiki.ubuntu.com/SecurityTeam/TestingOpenStack
<jdstrand> adam_g: everything in there uses 127.0.0.1
<jdstrand> or 'localhost'
<jdstrand> I guess I can stop everything, dump the db and examine it
<adam_g> jdstrand: honestly i have no idea what could be broken. really a  needle in a haystack.  guess first make sure all services are running/listening on their ports, the file containing your credentials lists the correct location for the endpoints. nova-api.log is a good entry point for debugging, as most (all?) requests go there first and backend breakage is sometimes reported there first
<jdstrand> adam_g: ok, I did all that. if I undo the hostname and ip changes, it all works again. I'll look at the db
<adam_g> jdstrand: IIRC there is some state that is held in the db that is dependent on hostnames of the nodes
<jdstrand> hmm
<jdstrand> I don't have any running nodes
<jdstrand> but, I'm sure a db dump will tell me something
<jdstrand> if I have to I can recreate from scratch. I am trying to avoid that
<adam_g> jdstrand: nova.compute_nodes + nova.services tables might be of interest
<adam_g> jdstrand: but im not sure those being wrong would break api requests in general
<jdstrand> hrm, dumping glance, keystone and nova doesn't show anything wrt the old hostname or ip
<adam_g> jdstrand: anything wrong in the file containing the environment variables are set to your cloud crendentials
<adam_g> ?
<jdstrand> nah, all 127.0.0.1
<jdstrand> nova-api.log makes me think it might be rabbitmq
<jdstrand> so I am looking there
 * adam_g runs to lunch
<jdstrand> adam_g: thanks
<adam_g> jdstrand: not sure how rabbitmq manages its ACL, might want to regrant access to the nova user ?
<adam_g> back in a bit
 * jdstrand tries
<adam_g> jdstrand: actually this reminds me of https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/653405
<uvirtbot> Launchpad bug 653405 in rabbitmq-server "rabbitmq-server fails to start if hostname is unresolvable or has changed since first starting" [Undecided,Confirmed]
<jdstrand> interesting
<jiboumans_> smoser: hey, http://cloud.ubuntu.com/ami doesn't seem to have new AMIs since april. Am I looking at the wrong spot or have monthly updates stopped?
<zastaph> hmm i did unlink .bashrc by accident but didnt close the terminal, can I access it somehow?
<smoser> jiboumans_, hm.. it would appear that that is broken then. i'll ping and see if i can't get it at least fixed.
<smoser> but fwiw, http://ubuntu-smoser.blogspot.com/2011/07/how-to-find-right-ubuntu-ami-with-tools.html?showComment=1314973035116#c6911610322933341116
<smoser> explains how you can get that data
<smoser> and https://cloud-images.ubuntu.com/query/ is being updated correctly
<jiboumans_> smoser: thanks
<smoser> the ami page you listed is supposed to just be a client of /query
<AlphaWolf> I've got an external USB HDD with 3 partitions (2 NTFS, the other HFS+). When I plug the drive in it appears to mount (I have mountusb installed), but then I see no files in the /media/usb[0-9] directories. I'm using Server 12.04. Any ideas/help (I'm still new to this all!)
<jiboumans_> smoser: the last 'released' of lucid is april as well: https://cloud-images.ubuntu.com/query/lucid/server/released.txt
<smoser> ah. then for lucid it might be right
<smoser> utlemming, ^ i think you can consider that a request to get a new 10.04 release out :)
<jiboumans_> smoser: do you intend to keep releasing them on a monthly basis?
<jiboumans_> smoser: yeah, many of us are on 10.04, and will be for some time
<smoser> well, the ultimate goal was on the same 3 week cadence as the kernel.
<jiboumans_> that'd be awesome.
<smoser> so you'd get one with a new kernel every time one came out
<utlemming> smoser: soon
<utlemming> smoser: I'll get that out shortly
<smoser> but we've just never gotten it so streamline/integrated.
<smoser> i would love to have that.
<jiboumans_> smoser: same here
<smoser> utlemming, we could have something that just watches daily manifests and notices a change in kernel packages.
<smoser> as a start.
<smoser> there is just still too much manual involved
<jiboumans_> smoser: have you blogged/published anywhere on how you're building the amis as well?
<smoser> its mostly described at https://wiki.ubuntu.com/UbuntuCloud/Images/Publishing?action=show&redirect=UEC%2FImages%2FPublishing
<jiboumans_> smoser: thanks
<smoser> although it appears that htat should be updated for live-build (which we use now)
<utlemming> smoser: I'm planning on adding that ability to the new build service
<AlphaWolf> I've got an external USB HDD with 3 partitions (2 NTFS, the other HFS+). When I plug the drive in it appears to mount (I have mountusb installed), but then I see no files in the /media/usb[0-9] directories. I'm using Server 12.04. Any ideas/help?
<monolive> AlphaWolf, what do you see when you type mount ?
<AlphaWolf> I can copy/paste it ?
<AlphaWolf> http://paste.ubuntu.com/1112641/
<AlphaWolf> It doesn't look like it's mounted, going by that?
<genii-around> AlphaWolf: Do you have hfsplus and hfsutils installed?
<AlphaWolf> No, I will install them
<AlphaWolf> Will it just ignore that whole drive without those installed?
<AlphaWolf> That seems to have mounted the HFS+ partition to /media/usb0. But no others are mounted. I have ntfs-3g installed, so what could be causing the NTFS partitions from mounting?
<genii-around> AlphaWolf: Does /sbin/mount.ntfs  exist?
<AlphaWolf> Yes
<genii-around> AlphaWolf: If the partitons have an oddball partition type for instance, the mounter cannot deduce which filesystem to try. What does sudo fdisk -l  report as their types?
<genii-around> ( under the Id and System fields )
<jdstrand> adam_g: fyi, I think I am hitting http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2011-April/012407.html, so this is a no go
 * jdstrand regenerates it
<AlphaWolf> That command returns nothing for me
<genii-around> AlphaWolf: Was this drive  GPT or so?
<AlphaWolf> I'm afraid I have no idea. I know that NTFS partitions were made using Windows, and HFS+ was made using Mac OS X. I'm afraid that's where my knowledge ends
<genii-around> AlphaWolf: Does sudo parted -l            list it?
<AlphaWolf> Yes!
<AlphaWolf> It shows all 3 partitions, and HFS+ is marked as "boot"
<AlphaWolf> Also: Partition Table: msdos
<genii-around> AlphaWolf: Does it show ntfs for the "File system" of the partitions currently not mounting?
<genii-around> work, afk
<AlphaWolf> np, thank you for the help
<AlphaWolf> Yes, it does show ntfs
<zastaph> when I have an error in one of my nanorc syntax color files it renders them all invalid, but I dont get an error message
<tonyyarusso> I see php5-gd is still compiled without support for image rotation in 12.04.  What's the recommended source for a working package?
<ScottK> You realize you said php and working in the same sentence, right?
<tonyyarusso> Yes
<tonyyarusso> I remember a couple of years ago I just build the package myself with the flag changed, but obviously then I miss out on security updates and the lick
<tonyyarusso> *like
<genii-around> AlphaWolf: If you try to mount manually and specify -t ntfs    does it work?
<tonyyarusso> Wow, this bug was opened in 2005.  Awesome.
<AlphaWolf> "sudo mount -t ntfs-3g /dev/sdb1 /media/usb1" worked
<genii-around> AlphaWolf: OK. So looks like some issue with the automounter someplace then
<AlphaWolf> as did "sudo mount -t ntfs-3g /dev/sdb2 /media/usb2", which yes, seems like an issue with the automounter :(
<genii-around> AlphaWolf: Anyhow, I have to leave ... good luck with the rest of it, at least you can access the data there now.
<AlphaWolf> genii-around, Thank you very much for your help. I have learnt something today!
<ScottK> tonyyarusso: I think the way you get that added back to the package is off $WILDLY_INAPPROPRIATE_FAVOR to SpamapS.
<tonyyarusso> On the other hand, I might be totally full of crap and it could be a permissions issue.  Hrm.  /me investigates further
<tonyyarusso> Yup, that was it.  Ignore me.....
<SpamapS> tonyyarusso: if only your "please ignore me" would have retroactively deleted those lines.. I'd have those 45 seconds back
<ScottK> SpamapS: You should write an RFC to update the IRC protocol for that.  It'd be totally useful.
<SpamapS> RFC37337 A system for removing stupidity from IRC via self edit.
<ScottK> Excellent.
<ScottK> I'll be glad to help you with the submission process.
<uvirtbot> New bug: #1029682 in python-greenlet (main) "python-greenlet-dbg does not contain required debug symbols" [Undecided,New] https://launchpad.net/bugs/1029682
<hoover_damm> question, preseeding ubuntu and I would prefer to not have the hostname of dummy... I configure the hostname via dhcp
<hoover_damm> looking around either i've missed it in google or would love a pointer on how I can have it accept the dhcp hostname?
<hoover_damm> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586360 i get the feelign it's this bug
<uvirtbot> Debian bug 586360 in debian-installer "preseed/url: netcfg/get_hostname value is ignored even if DHCP was disabled" [Normal,Open]
<hoover_damm> but damn that's annoying
#ubuntu-server 2012-07-27
<uvirtbot> New bug: #1029716 in lxc (universe) "package lxc (not installed) failed to install/upgrade: subprocess installed post-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1029716
<koolhead17> hi adam_g
<KingKatari> what is the IPtables command to allow any and all traffic to and from an IP
<KingKatari> i want to be able to allow my system to accept any connection from 97.96.233.45 and to be allowed to make any connection to the same IP and have nothing blocked ( related to that IP ) on my machines end
<SteevB2> Anyone have a suggestion to a good setup for a server for a business. It is used pretty much to save, update, and search for invoices.
<xion-db> hello guys, im sick now i had set ubuntu 10 IPTABLES to block all port except DHCP, DNS and HTTP, but first at all i can not get any DHCP responde from at0... so i cant test the nexts rules .... there is my rules http://pastebin.com/Lc9DhnCw
<ren0thing> hi all, I'm using ubuntu12.04 server x86, for kvm host. but the guests always "shut off", here is error I got:
<ren0thing> 3311: error : qemuMonitorIO:603 : internal error End of file from monitor
<ren0thing> anybody know this?
<hallyn> ren0thing: best would be to open a bug, but can you pastebin your guest xml file and 'dpkg -l | grep kvm' output?
<hallyn> ren0thing: if you just 'qemu-img create x.img 1G; kvm -hda x.img', does it come up and bios try to boot?
<stgraber> hallyn: interesting that nobody tried to purge lxc before ;) (just saw the bug report)
<hallyn> stgraber: guess we should feel good about that :)
<uvirtbot> New bug: #1029766 in keystone (main) "keystone logrotate has output when restarting keystone" [Undecided,New] https://launchpad.net/bugs/1029766
<hallyn> bleh.  seccomp isn't letting me exec.
<uvirtbot> New bug: #1029769 in net-snmp (main) "package snmpd 5.4.3~dfsg-2ubuntu1.1 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 127 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/1029769
<uvirtbot> New bug: #1029777 in lxc (universe) "Use overlayfs in lxc-clone" [Undecided,New] https://launchpad.net/bugs/1029777
<frukust> iv got this weird problem.. iv set up apache2 and motion.. i can access apache2 at port 80.. nmap says it is open.. i can not access motion port 8080 .. but nmap says it is open..
<melmoth> what about netstat -apn and fuser ?
<uvirtbot> New bug: #1029793 in bind9 (main) "package bind9 1:9.8.1.dfsg.P1-4ubuntu0.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1029793
<frukust> anyone?
<_ruben> frukust: how are you testing? if you're testing with a browser for isntance, it could be that motion (dunno what it is actually) is closing the connection right away, which nmap doesn't care about
<frukust> _ruben: itÂ´s the hostname i just found out. if i nmap my ip.. 192.168.. the 8080 is closed.. but.. if i nmap my hostnames.. localhost and obonto, the 8080 port is open..
<frukust> i think iÂ´v enterd the correct lines in hosts but i can not remember how to reload it :)
<_ruben> editing /etc/hosts doesn't require reloading of anything
<frukust> oO, ok
<_ruben> it seems motion is only listening on localhost, not your external ip
<_ruben> external being the 192.168. ones
<frukust> exacly
<_ruben> so fix the motion config
<frukust> oO
<frukust> ill look at it
<frukust> _ruben: thanks :)
<uvirtbot> New bug: #996569 in amavisd-new (main) "unused parameter: spf-policyd_time_limit in amavisd-new-postfix" [Medium,Triaged] https://launchpad.net/bugs/996569
<uvirtbot> New bug: #1029817 in python-novaclient (main) "Please enable bash completion" [Undecided,New] https://launchpad.net/bugs/1029817
<reisi> should it be possible to set spare devices of an md array to idle? (hdparm -y)
<uvirtbot> New bug: #1029896 in nova (main) "package nova-common 2012.1+stable~20120612-3ee026e-0ubuntu1.2 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/1029896
<reisi> hmm apparently there's a bug in my hba/ata code probihiting my standby drives from waking up
<hallyn> ahs3: good morning.  Have you had any time to look at the netcf debian package?  (Note the day after I pinged you last I updated http://people.canonical.com/~serge/netcf4 with minor manpage update)
<zul> Daviey: http://paste.ubuntu.com/1113734/
<henkjan> hmm, again a new nsd3 release, but no signs of a updated nsd in precise
<_ruben> henkjan: no security fixes in it probably :)
<henkjan> _ruben: only 2 CVE's http://www.nlnetlabs.nl/labs/news/
<_ruben> only 2.. ;)
<smoser> jamespage, perhaps i should have asked earlier if you had a way of doing this already.
<smoser> but if not, then i think i'll merge http://bazaar.launchpad.net/~smoser/+junk/ec2-automated-tests-get-user-data/revision/64 into lp:~ubuntu-server-ec2-testing-dev/+junk/ec2-automated-tests
<ScottK> ivoks: Can you look at Bug 996569?  Seems like an easy/important fix, but I'm kind of swamped.
<uvirtbot> Launchpad bug 996569 in amavisd-new "unused parameter: spf-policyd_time_limit in amavisd-new-postfix" [Medium,Triaged] https://launchpad.net/bugs/996569
<feisar> hi, I have done something really silly and removed the 'initrd.img -> ...', 'initrd.img.old -> ...', 'vmlinuz -> ...' and 'vmlinuz.old -> ...' from my /directory. How should I re-create them?
<ogra_> sudo apt-get install --reinstall linux-image-$(uname -r)
<smoser> jamespage, well, i pushed.
<feisar> ogra_: thank you, I was surprised the machine booted with out those there, what are they used for?
<jamespage> sorry smoser
<gitesh> Should I/Can I install GUI for ubuntu-server 12.04 ?
<jamespage> gitesh, why?
<jamespage> is probably the question you need to ask yourself
<smoser> jamespage, no worries. please feel free to tell me i did it wrong.
<gitesh> ah....right.
<jamespage> smoser, I think thats OK
<jamespage> thats the stuff that runs inthe instances right?
 * jamespage tries to remember - the rrd overwrote that bit
<gitesh> jamespage, to surf Internet, to watch video.
<smoser> jamespage, i added a README to help with that
<jamespage> gitesh, from a server?
<jamespage> smoser, looks great - really useful
<smoser> jamespage, http://bazaar.launchpad.net/~ubuntu-server-ec2-testing-dev/+junk/ec2-automated-tests/view/head:/README.txt
<jamespage> for reproducing test failures +1000
<gitesh> jamespage, ok. no problem. I have windows7 alongside with server. Thanks for given direction:-)
<smoser> gitesh, you can most certainly install a desktop on server (apt-get install ubuntu-desktop)
<smoser> but if you want a desktop, the easier path is probably just the desktop install.
<ahs3> hallyn: no, i haven't had a chance yet to look at netcf.  still the 0.2.0-1 version?
<hallyn> ahs3: yup.  i'm going to look at the ubuntu one today hopefully.
<hallyn> (but won't push that until after the debian one is pushed, i just wanted to get it tested)
<ahs3> hallyn: nod.  i may have some time today.  will let you know if i do the push
<hallyn> ahs3: thanks
<ivoks> ScottK: same situation over here too :/
<ivoks> ScottK: but, i'll take a look at it at some point in the feature (hopefully near future)
<ivoks> actually, this looks critical
<ScottK> Yeah.  I wouldn't have bugged you otherwise.
<besideyou> Bom Dia a todos.. alguÃ©m do Rio Grande do Sul???
<roasted> hello!
<roasted> when running htop, is there any relevance to "/usr/bin/console-kit-daemon --no-daemon" ???
<besideyou> sorry, anyone from Brazil?
<hallyn> ahs3: i just noticed i have libnl1 in Depends for libnetcf1.  But that should be added automatically by the builder during linking right?
<hallyn> yay.  one-line debian->ubuntu diff (to switch libnl1->libnl3).  that's waht i like to see
<ahs3> hallyn: yup, the shlibs dependency checking should take care of that automagically.
<jamespage> Daviey, I've uploaded floodlight to the quantal NEW queue - just got confirmation from upstream that it all looked OK.
<Daviey> jamespage: cool!
<maplesoft>  who is the top most authority for domain registrars?
<gitesh> Is there any way not to start network configuration automatically while booting up?
<gitesh> I am using pppoeconf. that's my username and password.
<med_> adios lynxman.
<jacobwg> Does anyone know how to debug a server install (12.04) that will not boot?  Last message given was Begin: Running /scripts/init-bottom ... done, then it hangs
<uvirtbot> New bug: #997465 in amavisd-new (main) "amavisd-new init script does not work cleanly (dup-of: 930916)" [Undecided,Confirmed] https://launchpad.net/bugs/997465
<uvirtbot> New bug: #1030040 in multipath-tools (main) "multipath-tools create duplicate device" [Undecided,New] https://launchpad.net/bugs/1030040
<uvirtbot> New bug: #1017765 in nova "jsonutils.py is incompatible with anyjson from 3.3.2 onwards" [Undecided,Fix committed] https://launchpad.net/bugs/1017765
<jdstrand> Daviey: fyi ^ 1017765 makes openstack uninstallable
<billybob000> i'm running 11.10.. i have 3 NICs inside my system, yet /etc/network/interfaces only contains one.  however, i still have addresses for all my cards
<billybob000> how is this possible?
<uvirtbot> New bug: #988394 in autofs5 (main) "Reboot hangs because /etc/rc6.d/S40umountfs chokes on non-existent mounts" [High,Confirmed] https://launchpad.net/bugs/988394
<Daviey> jdstrand: thanks
<RoyK> billybob000: pastebin ifconfig -a and your /etc/network/interfaces file, please
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<billybob000> RoyK: http://pastebin.com/5ynaGWJS
<_ruben> something else is configuring those interfaces (quagga/networkmanager/whatever)
<RoyK> _ruben++
<RoyK> billybob000: NICs don't configure themselvese
<hallyn> smb: not sure you're the one to ask, but would it be any problem to have pci_hotplug autoloaded in virt guests?
<RoyK> billybob000: NICs don't configure themselves
<billybob000> hmm.. its possible someone ran dhclient
<uvirtbot> New bug: #1026991 in amavisd-new (main) "package amavisd-new-postfix 1:2.6.5-0ubuntu3.1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1026991
<uvirtbot> New bug: #1029506 in clamav (main) "package clamav-milter 0.97.3+dfsg-2.1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1029506
<uvirtbot> New bug: #1026797 in apache2 (main) "Default /usr/share/doc serving should be removed (CVE-2012-0216)" [Low,Triaged] https://launchpad.net/bugs/1026797
<uvirtbot> New bug: #1027061 in postfix (main) "Postfix upgrade to 2.9.3-2~12.04.1 changes configuration files" [Undecided,New] https://launchpad.net/bugs/1027061
<uvirtbot> New bug: #1028064 in php5 (main) "potential overflow in _php_stream_scandir" [Undecided,Triaged] https://launchpad.net/bugs/1028064
<JonEdney> Anyone familiar with setting up DNS on Ubuntu 12.04 LT Server, using ISPConfig 3?
<ScottK> You'll probably have more luck on an ISPConfig3 related channel.
<JonEdney> I assumed as much, but figured I'd ask :)
<hallyn> stgraber: yay, i've got seccomp in lxc.
<JonEdney> Well, this is going well.  Issued the good ol 'reboot' to my VPS, and it hasn't come back online yet.  How's everyone else today? lol
<stgraber> hallyn: yay!
<hallyn> stgraber: they'll be making a change to the API so the patch will have to change, but I'll push it to a bzr tree for now to stash it
<stgraber> hallyn: I suppose you implemented it similarly to lxc.cap.drop?
<hallyn> stgraber: no, i used a configuration file
<hallyn> i've got hundreds of syscalls enabled (haven't worked on a minimal policy yet)
<hallyn> stgraber: lp:~serge-hallyn/ubuntu/quantal/lxc/lxc-seccomp
<koolhead17> Yo Daviey
<koolhead17> i see your name too!!
<JonEdney> Hey - I'm getting an error "[warn] NameVirtualHost IPADDY#2:80 has no VirtualHosts" when I reload Apache.  I've cheched all .vhost files in /sites-available and can't locate the problem.  Would anyone know where else vhost files would be where I could look?
<JonEdney> The warning references ports 80 & 443, so I assumed it had to do with the webmail client i installed, but no dice.
<grendal> ok i found a package for s3fs (amazon s3 buckets)  but it is only for luscid..
<grendal> im using 12.04  is it ok to add this ppa to my source files?
<thesheff17> anyone know how to set the ulimit in ubuntu 12.04...10.04 I could just modify /etc/security/limits.conf
<thesheff17> but now that won't work
#ubuntu-server 2012-07-28
<uvirtbot> New bug: #1030192 in cinder (universe) "cinder-common.postinst shell syntax error shows "/var/lib/dpkg/info/cinder-common.postinst: 3: [: missing ]"" [Undecided,New] https://launchpad.net/bugs/1030192
<uvirtbot> New bug: #1022641 in lintian (universe) "not lintian clean" [Undecided,Invalid] https://launchpad.net/bugs/1022641
<uvirtbot> New bug: #1030197 in cinder (universe) "upstart jobs will start services before all network interfaces are up and will not restart on runlevel 1->2" [Undecided,New] https://launchpad.net/bugs/1030197
<azert> hello
<azert> i m working in a small company where they manage 120 server
<azert> i m looking for a software able to stock server component  the location, the position, the connexion etc ....
<azert> is there any opensource web based are there ?
<uvirtbot> New bug: #1003654 in apr (main) "package libapr1 1.4.6-1 failed to install/upgrade: Ð¾ÑÐ¸Ð±ÐºÐ° Ð·Ð°Ð¿Ð¸ÑÐ¸ Ð² Â«<ÑÑÐ°Ð½Ð´Ð°ÑÑÐ½ÑÐ¹ Ð²ÑÐ²Ð¾Ð´>Â»: ÐÐ¾Ð±ÐµÐ´Ð°" [Low,Expired] https://launchpad.net/bugs/1003654
<uvirtbot> New bug: #1005310 in postfix (main) "Cant build package with default rules" [Low,Expired] https://launchpad.net/bugs/1005310
<uvirtbot> New bug: #1004927 in samba (main) "package winbind 2:3.6.3-2ubuntu2.1 failed to install/upgrade: Unterprozess neues pre-removal-Skript gab den Fehlerwert 2 zurÃ¼ck" [Undecided,Expired] https://launchpad.net/bugs/1004927
<sarthor> Hi, "Consider me non expert" I have dyndns paid pro account, 20$/year, In my home i have 8 mb/sec DSL line, and also i have some 8core of AMD machine with proxmox installed, I have virtual ubuntu-server 12.04 installed on that proxmox. I have one domain www.xyz.com without hosting with some registrar, My question is that is it possible to host my website on my home machine and also mail and dns servers? If yes so I will need some guidance in
<sarthor>  shape of some Internet links of How to's, Thanks waiting.
<Venom> do most ubuntu servers use command line only?
<sarthor> Hi, "Consider me non expert" I have dyndns paid pro account, 20$/year, In my home i have 8 mb/sec DSL line, and also i have some 8core of AMD machine with proxmox installed, I have virtual ubuntu-server 12.04 installed on that proxmox. I have one domain www.xyz.com without hosting with some registrar, My question is that is it possible to host my website on my home machine and also mail and dns servers without spending more money? If yes so
<sarthor> I will need some guidance in shape of some Internet links of How to's, Thanks waiting.
<ScottK> sarthor: There's really nothing Ubuntu specific about your question.
<sarthor> ScottK: Which will be the appropriate channel to ask such question? Really brother I do not know,
<ScottK> The general answer to your question is, "It's possible, but there are some inherent limits to how reliable it'll be.  That may be good enough for you.  However, you're almost certainly violating the terms of service with your ISP to do it."
<ScottK> If you look at the Ubuntu server guide it tells you how to set up an Ubuntu server to the things you mentioned.
<sarthor> ScottK: I am just learning, I do want to do it as permanant bases. I am a learner.
<ScottK> The one part that's different is the dyndns part and they probably have documentation.
<ScottK> I'm not judging if you should or not, just making sure you know.
<sarthor> I do not want to do it as permanent*
<ScottK> In any case use the Ubuntu Server guide and dyndns documentation to get started.
<uvirtbot> New bug: #1030238 in samba (main) "samba not installing in 11.04" [Undecided,New] https://launchpad.net/bugs/1030238
<AlphaWolf> I've got a HFS+ (non-journaled) and I've been trying to get write permissions. I followed a lot of things from Google, but I've only gotten so far. I have chown-ed myself to the folder, but I thill can't write to it, despite the message "warning <drive> has been mounted read-only" not appearing after I chown-ed myself. ls -a shows "drwxrwxr-x 1 joseph   99     7 Jul 28 13:58 TimeMachine". Any ideas, anyone?
<maxagaz> hi
<maxagaz> how to check that mysql is open on a distant server and on which port (I didn't change it, so it chould be the default one)
<SpamapS> maxagaz: mysql -h thehost -uyouruser -pyourpass
<maxagaz> SpamapS: I have seen with nmap that it's filtered, so not open
<maxagaz> 3306/tcp filtered mysql
<maxagaz> how can I open it ?
<SpamapS> maxagaz: probably with a firewall rule
<maxagaz> SpamapS: I didn't set my firewall
<albert23> maxagaz: by default mysql only listens on localhost
<maxagaz> albert23: how to make it listen to external addresses ?
<maxagaz> albert23: or just 2 or 3 addresses
<albert23> you can change it in /etc/mysql/my.cnf
<albert23> change this line: bind-address           = 127.0.0.1
<qman__> remember, mysql connections are in the clear, so only do that on a trusted network or tunnel over SSL
<maxagaz> albert23: to what should I change it ?
<maxagaz> can I change it to: bind-address = ip1, ip2, ip3 ?
<albert23> you van try. Using one address may also be enough?
<albert23> and 0.0.0.0 would listen on any address
<maxagaz> albert23: 0.0.0.0 sounds dangerous
<albert23> I would prefer to use just one address indeed
<maxagaz> albert23: I tried 0.0.0.0, but nmap still shows it as "filtered"
<albert23> maxagaz: did you restart mysql?
<maxagaz> albert23: yes I did
<albert23> you can check on the remote server if mysql is indeed listening on all addresses
<albert23> otherwise I guess there is some firewall between you and the server
<maxagaz> I have also opened the firewall
<maxagaz> with: sudo /sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
<albert23> and there is no rule that could drop mysql before that line?
<maxagaz> albert23: it's the only time I changed rules on this server
<albert23> you may want to check all rules with sudo iptables -L -v. That will also show which rules are being used for traffic
<maxagaz> albert23: https://gist.github.com/3193838
<albert23> that shows 0 hits for the mysql rule
<maxagaz> albert23: amazon must be blocking somewhere
<albert23> maxagaz: that's the first thing to check. As long as you don't see hits in your fw rule, mysql itself is not relevant yet
<uvirtbot> New bug: #1030332 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.63-0ubuntu0.10.04.1 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1030332
<maxagaz> albert23: I understand, thanks a lot for your help!
<albert23> no problem
<TheLordOfTime> Bug 1030332 which was just announced here appears Incomplete btw
<uvirtbot> Launchpad bug 1030332 in mysql-dfsg-5.1 "package mysql-server-5.1 5.1.63-0ubuntu0.10.04.1 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1030332
<TheLordOfTime> in case the server team's wondering
<uvirtbot> New bug: #1030345 in mysql-5.5 (main) "debconf failed to configure phpmyadmin for mysql" [Undecided,New] https://launchpad.net/bugs/1030345
<AlphaWolf> I've a samba share setup, and in /etc/samba/smb.conf I have http://paste.ubuntu.com/1116214/ at the bottom of my file. I have have "security = user". However, when I try and access the files (under Ubuntu Desktop or Windows 7), it does not accept my username/password (e.g. the one I would use when logging in through ssh). Do I need to add my user in the samba config somewhere?
<genii-around> sudo smbpasswd -a username && smbpasswd -e username   ( -a is add, -e is enable )
<AlphaWolf> is it a good idea to use the same username/password as my "main" user?
<genii-around> I missed putting sudo there in the second command, apologies
<AlphaWolf> Oh, sorry, I read that wrong
<genii-around> AlphaWolf: There are different ideas on the subject. I have here a user and group which is only for smb users and use that, mapping bad usernames or passwords to guest user instead.
<AlphaWolf> I guess I'm lucky that security isn't much of an issue
<AlphaWolf> I was more thinking about if it would cause issues within the system, rather than logically.
<henkjan> has anyone seen excessive slab cache growth in ubuntu precise?
<henkjan> we are using ubuntu precise as a fileserver
<henkjan> server iscsi and nfs
<henkjan> oom killer kills the host every few days
<henkjan> looking back with atop show slab cache growing 'till al memory is gone
<PatrickDK> well, check to see what is using all your slab memory
<henkjan> hmm, i guess ext4 inode cache
<henkjan> but guessing is not enough
<henkjan> time to measure
#ubuntu-server 2012-07-29
<ChaoPeng> hi there
<ChaoPeng> I'm a new comer
<uvirtbot> New bug: #1004465 in krb5 (main) "heimdal and mit kinit doesn't handle expired credentials" [Undecided,Confirmed] https://launchpad.net/bugs/1004465
<uvirtbot> New bug: #1005821 in memcached (main) "Can't use #  as the delimiter between key prefixes and IDs." [Wishlist,Expired] https://launchpad.net/bugs/1005821
<_johnny> so, in mysqld, i have InnoDB disabled, because "skip-innodb" is defined. however, i don't have it in what i believe is my.cnf. any way to tell which conf it uses? (i tried putting it in the basedir)
<Bert_2> Hi, while doing an upgrade from 8.04 to 10.04 we had a small problem, our boot LVM was slightly to small, we fixed this and had the boot continue but something's missing (probably the kernel modules) which makes it impossible to boot (the root filesystem is an LVM, so it needs that module), now the odd thing is that when we chroot from a live environment with root and boot lvm mounted properly we are not able to run apt-get or dpkg,
<Bert_2> even though the path is correct and /usr/bin contains other binaries, does anyone know why we cannot use apt-get, aptitude, dpkg, etc. ?
<uvirtbot> New bug: #1030520 in logwatch (main) "logwatch: Makes use of $^X, broken under overlayfs." [Undecided,New] https://launchpad.net/bugs/1030520
<uvirtbot> New bug: #1030534 in openssh (main) ""sftp -r remotedir ." creates directories with wrong permissions" [Undecided,New] https://launchpad.net/bugs/1030534
<lunaphyte> hi.  i'm using 12.04.  i want to not install recommended software by default.  i'm able to do this by passing --no-install-recommends to apt-get install, but how can i set this as the default, so i don't have to pass that option every time?
<RoyK> lunaphyte: what sort of software do you want to not install?
<RoyK> btw, recommended software usually isn't installed during apt-get install - only required bits are installed (AFAIK)
<RoyK> recommended bits are listed, but not installed
<lunaphyte> it's not a specific case, i just want the default to install only depends, not recommended.
<RoyK> I don't think recommended packages are autoinstalled
<lunaphyte> i'm not so sure of that.  some time ago the policy changed to installing recommends be default.  i've just done a 12.04 installation, and the behavior is still present
<lunaphyte> *by default
<RoyK> lemme check
<lunaphyte> as an example, compare the two operations:
<lunaphyte> apt-get install qemu-kvm and apt-get install --no-install-recommends qemu-kvm
<RoyK> no, you're quite right
<lunaphyte> the former wants to install 31 packages, the latter 28
<RoyK> I was thinking of "suggested packages"
<lunaphyte> in that particular example, it's not such a huge deal, but unfortunately, because of the brain dead choices some packagers make, there are some packages that are downright absurd.
<lunaphyte> ah, i think i've figured it out.
<lunaphyte> in /etc/apt/apt.conf.d/ - create a file [for example 00DisableInstallRecommendsSuggests], and put in it APT::Install-Recommends "0";
<lunaphyte> for the sake of being thorough, you can also put APT::Install-Suggests "0"; in there as well.
<RoyK> now, that's intuitive...
<lunaphyte> obviously it won't make a difference at the moment, but when those of infinite wisdom decide to make the same change with suggests that they made with recommends, you might avoid some pain.
<RoyK> wouldn't a config file be a bit better? ;)
<lunaphyte> heh, well, that's another funny ubuntu-ism/debian-ism.
<lunaphyte> that *is* the config file.  it actually goes in apt.conf, but because it's chopped up into tiny bits like most config files in ubuntu, you get the config directory instead.
<lunaphyte> it gets really nasty when things like x or video/audio stuff starts getting dragged in.  the cascading you end up with is devastating.
<lunaphyte> here's a really illustrative example:  add the virtualbox repository to your sources, and then compare apt-get install virtualbox-4.1 with apt-get install --no-install-recommends virtualbox-4.1
<lunaphyte> without recommends: 55 packages, 190mb.  with recommends, 398 packages, 701 mb.
<Kuggi> hi, do you want to hear a fun story (well, fun is maybe not the right word.. ) ? :)
<Kuggi> I have a problem :( .. I have installed Ubuntu Server 12.04 and played around with some FTP servers, mostly vsftpd, which i never got to work as i wanted to (due to config problems i think), but i followed a guide on the Internet.. which i never should have read, i should add an ftp user, with the home directory of /var/www/ which i did, and then things got crasy, while working on some user groups and permissions, i dis
<Kuggi> abled the root account (so i could not login as root), changed my administrator accounts primary usergroup to ftp and somehow changed the users shell to /bin/false and LOST any chance to get it back, beside that, i logged out...ooops... and now i have lost ANY contact to the server..
<Kuggi> time for a reinstall :(
<_ruben> Kuggi: or boot into recovery mode, or use a live cd to fix your group membership
<qman__> 1. Don't use FTP, for anything, ever
<qman__> 2. Everything you've broken can be fixed from recovery mode / live CD
<_ruben> oh, if life only were that simple (regarding 1.)
<_ruben> but yes, it's a nasty protocol
<Kuggi> _ruben & qman__ i wanted to use ftp to transfer some php files to the /var/ww folder, what else could be used ?, i will try to run the recovery mode from a live cd.. but most guides online is only about how to recover a lost password, well i have the password, but no group access :)
<qman__> SFTP
<Kuggi> qman__ secure ftp ?
<qman__> it's built into openssh
<qman__> so, more than likely, you already have it
<qman__> and it's already set up
<Kuggi> qman__ but my php editor (Dreamweaver) want an ftp server :(.. i can of cause connect to ssh (openssh-server) but still have no access hehe..
<_ruben> tho i'd still prefer ftp over ftps (with my firewall admin hat on that is)
<Kuggi> _ruben running local with no inet access on the server the security is not so important for me :) (my ufw firewall blocks everything ecept local network & ubuntu updates )
<lunaphyte> surely dreamweaver can do sftp...
<patdk-lap> according to dreamweaver, they support sftp
<Kuggi> lunaphyte i have to test if of cause :) when i gets the server back..
<patdk-lap> atleast if you have a version newer than or equal to 2004 :)
<Kuggi> patdk-lap running CS6 from adobe cloud :)
<patdk-lap> in that case, it's already compromised :)
<lunaphyte> gah.  this whole thing just seems like it has bad news written all over it.
<patdk-lap> but that defently supports sftp
<patdk-lap> ftp sftp or webdav
<Kuggi> should i drop using vsftpd and just make a share on the server and add the share to my work pc ? (seens like the best solution)
<qman__> yeah, I certaily hope you're a better coder than you are a server admin
<Kuggi> seems*
<Kuggi> qman__ a lot ;) running ubuntu server for 5 month ... coding for 11 years ;)
<Kuggi> but my other world has windows on every wall :P
<patdk-lap> I bricked up mine
<qman__> you should use SFTP, because it's probably already there, it's extremely simple to set up (apt-get install openssh), and it's more secure than any of the other mentioned options
<patdk-lap> sunlight is bad
<Kuggi> qman__ i will then :)
<Kuggi> patdk-lap i know.. but have not taken the steps to remove windows for Ubuntu desktop jet.. just playing around with my private server.. skipping windows 2008 Web Edition...
<Kuggi> (i would have been fucked in gentoo :P )
<Kuggi> well.. back to the server.. thanks for the talk here :)
<phantasy> ukpe.exe
<phantasy> me.com
<phantasy> leow9!
 * phantasy -eolwkc
<phantasy> ANOOOOS VISTA ARABIC SP2 part18 rar
 * phantasy |
 * phantasy computer
 * phantasy #define LEVELS		0xd50 #define MIBBIM		0xd51 #define MUCOOL		0xd52 #define REMOTE		0xd53 #define SERBAL		0xd54 #define SHOTPB		0xd55 #define SHOTPR		0xd56 #define TESTZY		0xd58 #define TEVCAL		0xd59 #define TEVCRG		0xd5a #define TEVMTN		0xd5b #define TEVSKY		0xd5c #define TIMEAV		0xd5d #define TOR910		0xd5e
 * phantasy NUM101
 * phantasy $0@p
<phantasy> ukpe4lo921 $0@p = x d&d Dr3@m
 * phantasy ukp.exe
 * phantasy leiw9!.exe
 * phantasy computer.exe
 * phantasy uklki9ic;, $0@p
 * phantasy |ukp347*!k=.c0m;elwo9.exe
 * phantasy leko9cl@u$3r
<phantasy> lewq-9cz-NUM101.exe
<phantasy> ukp.t3chn0.com.exe
<lifeless> Myrtti: thanks
<patdk-lap> what the?
<technicsss> hi
<technicsss> i'm trying to get two raid1 arrays using a preseed file
<technicsss> one for /boot and the other for swap and /
<technicsss> this is using 2TB drives
<technicsss> could someone please help me figure out what i'm doing wrong here? http://pastie.org/4355573
<technicsss> i'm trying to get the / partition to use the maximum space left in the volume group
<technicsss> instead i end up with a ~200GB partition
<patdk-lap> set to reserve 10%?
#ubuntu-server 2013-07-22
<atpa8a> hello
<atpa8a> just tried installing 13.04 with kvm, openvswitch and pci passthrough of a SAS controller using kvm managed mode
<atpa8a> no luck on the last part tho
<martisj> morning
<martisj> Is there a good way to clone ubuntu server instances?
<martisj> moving from us servers to aus servers and provider doesn't have a way to clone instances across datacenters
<guzzlefry> can the installer for Ubuntu Server 12.04 walk me through setting up a mirrored RAID?
<termant> I've got Ubuntu 12.04.2 and while startign drbd service I get "DRBD module version: 8.3.13
<termant>    userland version: 8.3.11
<termant> you should upgrade your drbd tools!" multiple times.
<termant> I found out that variable DRBD_DONT_WARN_ON_VERSION_MISMATCH= might help on this, but how should I use it?
<termant> I solved it.
<xnox> guzzlefry: yes, see serverguide advanced installation.
<lperry65> I'm added myself to the www:data group which owns /var/www but i'm unable to change file permissions on a style sheet in a subdirectory of /var/www. i've checked and all directories in www are owned by www:data with g+w please help!
<maxb> Um you can't have a colon in a group name - what do you actually mean?
<rbasak> lperry65: check the ownership on the files as well.
<lperry65> sorry should have said  www-data
<lperry65> file permissions are -rwxrwxr--
<lperry65> file is owned by  www-data: www-data
<maxb> Also, being in the group associated with a file does not grant you permissions to change permissions
<maxb> Only the owning user can do that
<lperry65> ah i see, so I could edit the file but not change the permissions? ok
<lperry65> thank you :)
<jamespage> zul, http://pad.ubuntu.com/havana-2-problems
<jamespage> when you start :-)
<zul> jamespage:  what if i never want to start? :)
 * jamespage digs zul out of his hole
<jamespage> zul, hey!
<zul> ill take a look at cinder first...the nova one is easier
<jamespage> zul, we have a mismatched novnc/websockify causing the nova issue
<jamespage> zul, I think that is just a sync
<zul> jamespage:  yeah cjwatson pointed that out last night
<jamespage> zul, the cinder issue is i386 only - but I've no idea bout greenlet
<zul> jamespage:  ack
<zul> jamespage:  i think its a sqlalchemy issue
<jamespage> zul, probably
 * zul shakes his fist
<jamespage> zul, python-ceilometerclient is holding up the keystone client migration - looking at that now
<zul> er?
<jamespage> zul, pkg_resources.DistributionNotFound: python-keystoneclient>=0.2,<0.3
<zul> jamespage:  fudge
<jamespage> zul, python-keystoneclient - 1:0.3.1-0ubuntu1
<jamespage> #bang
<jamespage> zul, trunk is OK - we might need to push a snapshot
<zul> nah just bump the requirements.txt file
<jamespage> zul, can you push your uploaded package changelog to the branch please
<zul> jamespage:  sure
<zul> jamespage:  lemme finish breakfast first
<jamespage> zul, sure
<jamespage> :-)
<jamespage> zul, nm - I see your branch - I'll merge in and update
<zul> cool
<jamespage> zul: https://code.launchpad.net/~james-page/python-ceilometerclient/fixup-keystone/+merge/176173
<zul> jamespage:  +1
<zul> jamespage:  just starting to fix cinder
<jamespage> zul, coolio
<jamespage> zul, taking a break for lunch
<zul> jamespage:  ok hopefully i will have something cinder related for you after lunch
<Beatstreet> Hi
<Beatstreet> when installing Ubuntu Server on a drive other then sda do I need to tell the master boot record to install to the drive (sde1) I have setup to mount at / or should installer do it automatically?
<xnox> Beatstreet: it will ask you later, the default will be auto-detected and should be pre-set correctly to /dev/sde, but you can change it to something else, if you want to.
<Beatstreet> do I point it to /dev/sde1 (the partition) or /dev/sde (the drive)?
<koolhead11> hi all
<zul> jamespage:  we should be able to sync novnc
<StathisA> i'm updating a server with "apt-get update" and 2 packages are kept "back"...i know i can manually update that but why they arent done along with the rest?
<Pici> StathisA: You'd need to use apt-get dist-upgrade
<Pici> !dist-upgrade
<ubottu> A dist-upgrade will install new dependencies for packages already installed and may remove packages if they are no longer needed. This will not bring you to a new release of Ubuntu, see !upgrade if that is your intention.
<StathisA> ah thanks a lot!
<zul> jamespage:  interesting...
 * zul shakes his fist at sqlalchemy
 * koolhead11 watches zul dancing :P
<zul> jamespage:  fixed locally...need new greenlet
<jamespage> zul, most excellent!
<jamespage> zul, thought it might be something todo with that version bump
<zul> jamespage:  i need to add a patch that bumps the sqlalchemy in the requirements.txt though
<zul> jamespage:  http://pastebin.ubuntu.com/5900633/
<joe____> Would it be ok to ask configuration questions on this channel?
<patdk-wk> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<zul> jamespage:  ping greenlet has been uploaded can you +1 https://code.launchpad.net/~zulcss/cinder/cinder-alchemy/+merge/176202 please
<joe1234> Anyone know how to configure forward commerce to work on apache?
<zul> jamespage:  fyi horizon needed a new compressor version i think have it working now
<joe1234> Or if no one knows forward commerce, then how would one go about making a site accessible to the world rather than accessing it locally (this is for testing purposes BTW)?
<zul> Daviey: ping
<Daviey> zul: hey
<zul> Daviey: mind promoting heatclient https://bugs.launchpad.net/ubuntu/+source/python-heatclient/+bug/1203122
<zul> jamespage:  before you go https://code.launchpad.net/~zulcss/horizon/2013.2.b2/+merge/176230
<jamespage> zul, not got just yet - looking now
<zul> jamespage:  thanks
<jamespage> zul: + - Add python-neatclient
<jamespage> are you sure :-)
<zul> jamespage:  but it was neat ;)
<jamespage> zul, I think some of the generated assets are also missing
<zul> jamespage:  really?
<hedin_> Hi, how do I add the 12.04 repos in this link to sources.list?http://repo.zabbix.com/zabbix/2.0/ubuntu/
<zul> how can you tell?
<Ahti333> would you guys recommend additional backups before updating linux-image-generic? (no fancy stuff on the server, just postfix/dovecot, mysql, apache, php , ruby on rails)
<lamont> I recommend regular backups for anything you care about
<jamespage> zul,  how are well looking now?
<zul> jamespage:  pretty good...just need to work on ceilometer and heat
<zul> jamespage:  for heat im just going to get it to build im not going to rip out the dbconfig-common parts  (yet)
<jamespage> zul, ah - cinder is ftbfs
<jamespage> lemme look at that
<zul> jamespage:  arrgh
<jamespage> zul, builds fine locally on i386 and amd64
 * jamespage hits the button of despair in LP
<zul> interesting
<jamespage> zul, meh - built this time
<zul> jamespage:  lovely
<roaksoax> Madkiss: howdy!
<roaksoax> Madkiss: do the tests for libqb pass in debian?
<zul> jamespage:  ill just upload horizon
<vedic> Hey guys, I am running on 12.04 64bit. I want to install Apache 2.4.x which is the latest but 12.04 LTS repository provides 2.2.x version. Is there ready package for Ubuntu for apache 2.4.x? I don't want to recompile Apache if there is any security fix release.
<ScottK> No.  If you install 2.4 on 12.04 you're on your own.
<ScottK> The Ubuntu packages will get security updates.
<pmatulis> vedic: not in the official archive, 2.2.22 only
<sarnold> vedic: 2.4 apache transition involves a lot of different moving pieces. afaik there's nothing ready to download and try; 13.10 will be the first with apache 2.4, and backports feel unlikely.
<ScottK> pmatulis: 2.2.22 + patches.
<jamespage> zul, ack
<pmatulis> ScottK: for sure, yeah
<vedic> sarnold: I see. Then in that case, how do people who use production server manage security or bug fix release of apache? Do they remove source install and then recompile it?
<sarnold> vedic: most will be content to run apache 2.2 until 14.04 LTS is released.
<ScottK> Absolutely.
<vedic> sarnold: Ah, thats long wait?
<sarnold> vedic: you would not believe how close it feels. :)
<vedic> sarnold: any expected dates yet?
<zul> sarnold:  LTS is coming....LTS is coming...
<sarnold> vedic: april 2014? :)
 * zul shakes 
<sarnold> zul: that's right out of some horror film, right? :)
<zul> sarnold:  simpsons..
<zul> sarnold:  cant sleep...clown will eat me
<sarnold> lol
<vedic> Waiting for 14.04. Supporting phones, tv etc
<smoser> jamespage, i'm sure you know this..
<smoser> a .config script.
<smoser> am i allowed to assume dependencies are installed ?
<ScottK> No.  Unpacked, not fully installed.
<smoser> ScottK, so ... if i want to read a yaml config file.
<smoser> i have to do that with sed and awk ?
<smoser> that sucks.
<smoser> (or some other 'essential' i guess)
<ScottK> Does the config run during package install (I was assuming that was the case)?
<smoser> ScottK, please excuse my grave ignorance.
<smoser> thi sis something i've never really fully grokced
<ScottK> No problem.  What are you trying to do?
<smoser> the postinst does handle $1 == configure
<smoser> and uses db-get
<smoser> so is that a yes to "does the config run during a package install"
<ScottK> Yes, so you can only assume depends are unpacked, not fully installed.
<smoser> so cannot use python then at that point ?
<smoser> ScottK, i was wanting to read a yaml config file "correctly" 9not depending on formatting
<smoser> like this
<smoser> http://paste.ubuntu.com/5901317/
<saban> hi. i want to make vpn server to connect to other sites via vpn (cisco, microsoft vpn..) can someone point me to the right direction for google? im a bit lost. basicly what i need is that i could connect to 5 vpns at same time?
<NomadJim> anyone know when the next LTS release after 12.04 will be?
<NomadJim> guessing 2014
<sarnold> NomadJim: afaik the plan is still for 14.04
<NomadJim> cool
<sarnold> saban: some of the VPN implementations I've seen are very poor.. I wouldn't be at all surprised if at least one of them throws a complete fit with the others installed and running.
<sarnold> saban: ideally, you could just configure them all and have everything Just Work, but some people try to be too clever for their own good..
<ScottK> smoser: I think you'd need to pre-depend on python-yaml.
<saban> sarnold: the only way that our nagios server can control sites is true vpn. everything else is blocked. but there are so many vpn (no site has the same vpn...) so i was tinking about dedicated "vpn server" to connect to all vpns and put in on esxi. im googleing about this and just cant find any good article about this :P
<sarnold> saban: hah, that's a clever idea. :)
<Ahti333> can anyone recommend a good tool for scheduled backups to a ftp backup space?
<blkperl> people seem to like bacula
<sarnold> Ahti333: also investigate duplicity
<sarnold> Ahti333: here we are: http://duplicity.nongnu.org/
<Ahti333> bacula looks pretty complicated, i really only need something like "back everything except /tmp up to this ftp host, full backup every weekend, incremental on weekdays or sth like that
<Ahti333> sarnold how does duplicity handle cross device directories? (/ is one volume, /home is another one)
<sarnold> Ahti333: I've not set it up myself, it's still on my todo list :) hehe
<Ahti333> oh okay :) it loos just like what i need though :D
<jdstrand> hallyn: hi! does kvm work well for you on a saucy host?
<jdstrand> hallyn: with the 3.10 kernel on my x201s, it hard locks my system as soon as I fire up a vm
<jdstrand> 3.8.0-26 and earlier are fine
<hallyn> jdstrand: I'm using it nested - saucy vm is running kvm with no problems
<hallyn> (my saucy laptop can't very well run kvm - or anything - without overheating and shutting down so i haven't tested that yet)
<jdstrand> hallyn: well, it totally hard locks here
<jdstrand> I have to use 3.8
<hallyn> jdstrand: so you boot a 3.8 kernel, and run newest qemu-kvm, and it works?
<jdstrand> yes
<hallyn> please do file a bug (kernel also affecting qemu...)  no idea what htat would be
<jdstrand> hallyn: I also downgraded qemu-kvm and tried with the 3.10 kernel, and same issue
<hallyn> Subject: commit f8f559422b (KVM: MMU: fast invalidate all mmio sptes) causes hang
<hallyn> (on lkml this weekend)
<jdstrand> the problem is that it crashes so hard I don't get a trace. I do get NUL in the kern.log though
<jdstrand> so at least there's that :\
<hallyn> hm, that thread says it's amd-only - you don't roll low-rent like that
<jdstrand> hallyn: this is a host lockup btw, not guest
<jdstrand> heh, this is an i7
<hallyn> wowzers
<jdstrand> hallyn: also, fyi, appears 3.10 doesn't support nested=1
<hallyn> ???
<jdstrand> I had to remove that from /etc/modprobe.d/qemu* to load the kvm_intel module
<jdstrand> weird, modinfo /lib/modules/3.10.0-4-generic/kernel/arch/x86/kvm/kvm-intel.ko says it is supported
<hallyn> jdstrand: any chance you have some weird case of module not matching kernel?
<jdstrand> not sure how that would happen
<jdstrand> I updated today
<jdstrand> (note the host lockup issue happened with 3.10.0-2 too)
<jdstrand> let me reboot into 3.10.0-4 so I can report the lockup and see what it says again
<jdstrand> hallyn:
<jdstrand> $ cat /proc/version_signature
<jdstrand> Ubuntu 3.10.0-4.13-generic 3.10.1
<jdstrand> $ sudo modprobe kvm_intel
<jdstrand> ERROR: could not insert 'kvm_intel': Unknown symbol in module, or unknown parameter (see dmesg)
<DYSW> 3.10.2 is out btw
<jdstrand> [  106.814382] kvm_intel: Unknown parameter `nested'
<jdstrand> DYSW: ah, in 3.10.0-5.14 I see "rebase to v3.10.2"
 * jdstrand tries
<hallyn> jdstrand: nested= definately still exists in arch/x86/kvm/vmx.c...
<jdstrand> yeah, modinfo says it is supported too
<jdstrand> filename:       /lib/modules/3.10.0-4-generic/kernel/arch/x86/kvm/kvm-intel.ko
<jdstrand> parm:           nested:bool
<jdstrand> I have an older kernel though, let me update
<DWSR> Hey all, can someone help me troubleshoot a fresh install of Precise amd64 that won't boot after a kernel upgrade?
<DWSR> Additionally, can someone help me with why my grub is completely fscked up when displaying?
<DYSW> DWSR: on hardware or vps ? did you use a non standard kernel and updated grub when done ?
<DWSR> DYSW: I did a dist-upgrade off of a fresh install, so it would have been using the standard ubuntu kernel.
<DWSR> And I assume that a dist-upgrade deals with all of the neccessary changes to GRUB.
<DYSW> sure it would do that itself
<DWSR> So basically.
<DYSW> If its on hardware, a log could help
<DWSR> lol.
<DWSR> I guess that whole "I can't boot" thing doesn't really mean much to you?
<DYSW> Xen, vps can be killed with apt-get dist-upgrade so, its important we know if its virtual or not
<DYSW> lol. it does, but ubuntu boot menu has the option of using an earlier kernel or recue etc. from there you can get in and see the logs
<DWSR> I can't actually SEE the options.
<DWSR> Sec, I'll post a pic.
<DYSW> But first thing i would do, is check iso hashes, reburn and try, or reinstall to usb and boot.
<sarnold> DWSR: I think some releases require you to hold down left shift or something while booting to get grub menu :/
<DWSR> I have the grub menu.
<DWSR> Again, I'll show you in a second with a picture.
<DWSR> Since, a thousand words and all that.
<DWSR> https://www.dropbox.com/sc/labf5h6z4evioxj/OZ6G0MKNRp
<DWSR> I will note that the BIOS menu displays correctly.
<DWSR> And that Ubuntu didn't have display issues when I was in the install originally, and the LiveUSB didn't have an issue either.
<DWSR> So, NOT HARDWARE RELATEd.
<DYSW> Your screen is off. I would try all the options. the one with (mode) in it first
<DWSR> No, it's not.
<sarnold> DWSR: hah, that's a good one, never seen that..
<sarnold> well, I haven't seen that since CRT days..
<DYSW> i cant see any words on the screen just (mode) at the ned of a line, all to the left is black.
<DWSR> Assuming that the hardware is at fault is quite frankly, ignorant.
<DWSR> The panel is completely fine and displays correctly EVERYTHING ELSE from this computer AND from another.
<DYSW> just looks like the screen is not centered. Doesnt matter. just try all the 4 options. It wont take much time
<DWSR> The panel is fine.
<DWSR> Ok, getting a bunch of spew regarding my drives.
<DYSW> not hardware related, your setup is fine, but the screen can still be offcentered
<DWSR> Which is a change from before.
<DWSR> There we go, it's mounting /.
<DWSR> Ok, that (mode) line was the recovery option.
<DYSW> i know
<DWSR> So I'm in the recovery menu.
<DWSR> It wouldn't actually make it here before.
<DWSR> So, yay progress.
<DYSW> see hope
<DWSR> I guess first order of business is unbreak system.
<DWSR> Should I just try the dpkg option?
<DYSW> Not sure, i have never needed to use the recovery option.
<DWSR> welp, I'm trying a fsck first.
<DWSR> And after that I'll try the dpkg option.
<DWSR> The reboot was graceful, but I've done a couple of hard poweroffs (presumably) in the middle of the boot process, so the FS might be asploded.
<DWSR> And the fsck just....froze?
<DWSR> how long should a 300GB fsck take?
<DWSR> also, can I just say that fsck is such a hilarious shortening.
<bekks> DWSR: Depends on the filesystem, and even more on the content, it can take several hours.
<DWSR> bekks: Mostly empty space.
<DWSR> It's kind of fine though
<bekks> DWSR: Then just let the fsck run until it finishes.
<DWSR> I sent a ^C and now the system boots just fine.
<bekks> You cancelled the fsck run.
<DWSR> yeah.
<bekks> So you have to run it again.
<DWSR> You're assuming, of course, that it's required.
<bekks> It is, in fact.
<DWSR> Why?
<DWSR> The system's booted currently.
<bekks> Because your filesystem still may be corrupted.
<DWSR> Yeah, acceptable risk until I figure out my display issues.
<bekks> Booting does not tell you anything about the health status of a filesystem. The only thing thats obvious now is, that it isnt corrupted that severe that it wont boot anymore.
<DWSR> Yep.
<DWSR> Let's just take it as read that I understand and accept the risks, ok?
<DWSR> I'm now having display issues in GRUB and Ubuntu. The panel I'm connected to is a 1080p panel, but doesn't appear to be detected as such
<sarnold> DWSR: search for 'gfxmode' in the grub info documentation; you might be able to force a graphics mode that does work with your display
<DWSR> sarnold: What about inside of Ubuntu?
<sarnold> DWSR: that'll require fiddling with X configuration, either xrandr or Xorg.conf...
<DWSR> nox.
<DWSR> sarnold: No X installed.
<sarnold> DWSR: ah, then the kernel's Documentation/kernel-parameters.txt file may have some guidance, the vga= or video= options may help
<DWSR> sarnold: The panel is detecting the video signal as 1400x1050.
<sarnold> DWSR: oh, yes, the kernel does fancier things these days.. you can also try adding 'nomodeset' to the kernel command line. Or, force the kernel mode setting as described https://wiki.archlinux.org/index.php/Kernel_Mode_Setting
<jsonperl> Patrickdk you around? http://pastebin.com/YPA7X0Ym
<patdk-wk> dunno what I'm looking at
<jsonperl> Some data during another "blip".
<jsonperl> Run queue spikes, load is low, cpus accross the board drop in usage....
<jsonperl> Even systat had problems collecting the data, as you can see by the timestamps. One is 39 SECONDS late
<jsonperl> It's like the machine decides to take a lil breather
<patdk-wk> jsonperl, note the cpu usage during those spikes?
<patdk-wk> whree cpu usage is normally spread out, with >10% usage over many cores
<patdk-wk> in the spikes, it's limited to one core
<jsonperl> Then it's all in the single dig
<jsonperl> yea
<patdk-wk> defently a locking/mutex issue
<jsonperl> Could you explain w a small example?
<patdk-wk> something is holding a lock around stuff, while it works, and is keeping it for an extended period of time
<patdk-wk> where normally it wouldn't
<jsonperl> At the os level
<patdk-wk> don't know
<jsonperl> What types of things lock like that?
<patdk-wk> but since you said you have like 10-20 of the program running
<patdk-wk> I would have to say so
<jsonperl> Yep 14
<jsonperl> me2
<jsonperl> It's definitely not overheating? That wouldn't act like that?
<DWSR> jsonperl: No.
<patdk-wk> oiwait doesn't go up, so not a disk
<DWSR> Thermal throttling acts much differently.
<DWSR> From a hardware perspective, it just clocks down the processor until the processor stops overheating.
<DWSR> Which means that you wouldn't see a sudden shift from 4 cores to 1.
<DWSR> Advantages to using an LVM for a single disk?
<patdk-wk> many :)
<patdk-wk> dynamic repartition, snapshotting
<patdk-wk> reasons to not use it, the same :)
<jsonperl> I've had very very good experience with LVM
<jsonperl> even with hardware raid
<patdk-wk> lvm can be ok, but it can get in the way also
<DWSR> Ick hardware raid.
<patdk-wk> well, they haven't started making bbwc for soft-raid yet
<DWSR> Unless you're dropping a few bills for good cards, you might as well be using soft-raid.
<jsonperl> HW raid gets a bad rap from crap onboard controllers
<patdk-wk> onboard controllers is not hw-raid
<DWSR> Anyone in here want to buy 8x4GB DDR2 ECC RAM?
<DWSR> I really haven't a clue where I would list something like this.
<patdk-wk> ebay
<jsonperl> Yea I can vouch for ebay
<DWSR> patdk-wk: No, but HW raid requires controllers. Hence why HW-raid gets the bad rep.
<patdk-wk> heh?
<DWSR> s/requires controllers/requires good controllers/
<DWSR> You don't get good controllers for <$100.
<patdk-wk> hardware raid gets a bad rap, cause of the people making it keep producing incompatable firmware and randomly adding/removing features from the firmware
<patdk-wk> I'm talking >$700
<DWSR> patdk-wk: Never been so flush with cash as to be playing with that kind of hardware.
<patdk-wk> crap raid cards are <$400
<DWSR> patdk-wk: No, crap is <$200. Cheap is <$400.
<patdk-wk> <$100 has to be software raid
<Beatstreet> I thought hardware raid mostly exsisted because more computers couldnt handle the load of a software raid but over the eyears as power increase software became more reliable
<patdk-wk> hardware raid exists for two reasons
<jsonperl> I think I got LSI's in the 300 range and they've been completely fine
<DWSR> Beatstreet: That's certainly been part of it. Hardware, done right, is better.
<patdk-wk> you need it to boot
<patdk-wk> or you need it for bbwc
<DWSR> patdk-wk: You can boot from softraid. =\
<patdk-wk> DWSR, you can? on every os? on every motherboard?
<jsonperl> patdk-wk: Can you think of an example that you could demonstrate server level locking
<patdk-wk> what happens when grub gets screwed up on your drive?
<Beatstreet> I agree that hardware done right is better but the money involved to get it right is a lot
<patdk-wk> the bios booted the first disk and won't try the second
<patdk-wk> system won't boot
<DWSR> patdk-wk: can is binary. It doesn't have to work in every case, only 1 to disprove your statement.
<DWSR> patdk-wk: I never claimed it was a good idea. Merely that it was possible.
<patdk-wk> yes, but hardware raid is known to work :)
<patdk-wk> software is more of a, make sure you test it good
<DWSR> patdk-wk: Back to my, it does work, but isn't recommended.
<DWSR> Also, ~$200 LSIs are great for home use.
<DWSR> Cheap != crap.
<patdk-wk> $200 lsi's don't support bbwc
<DWSR> You don't need BBWC if you configure your RAID correctly.
<patdk-wk> yes you do
<DWSR> Won't argue it's better to have, but you don't need it.
<DWSR> No, you don't.
<pmatulis> anyone set up or maintain ipsec tunnels between ubuntu and pfsense?
<DWSR> Better? Yes. Neccessary, no.
<patdk-wk> if I wasn't going use a bbwc, I would just use softraid
<patdk-wk> then I have complete flexability over moving my raid to any other system
<DWSR> patdk-wk: That's a personal choice. You can configure LSI cards to always flush cache.
<DWSR> It's not neccessary to have a WC at all.
<patdk-wk> the lsi card your talking about has no cache
<patdk-wk> you need a real raid card for cache, and those support bbwc
<DWSR> patdk-wk: Correct. I'm talking about disk cache.
<DWSR> patdk-wk: You seem to be confusing neccessary with optimal.
<DWSR> These things work, and work just fine, in the manner in which I've specified.
<DWSR> Whether or not performance levels are to your personal definition of satisfactory are a COMPLETELY different subject.
<patdk-wk> not with the latency requirements I need, therefor required :)
<DWSR> patdk-wk: Since you mentioned $700 cards, that's probably true.
<DWSR> But just remember "This doesn't work" is a very binary statement.
<DWSR> And that this is a channel for server support and that covers all manner of use cases.
<DWSR> For example, like home servers such as the one I'm currently reinstalling because, for the love of all things digital, I don't understand why dist-upgrade should BREAK an installation.
<patdk-wk> it doesn't
<DWSR> It does.
<DWSR> Because I just had it happy.
<DWSR> happen*
<patdk-wk> no, something else broke it
<patdk-wk> dist-upgrade just caused you to notice it
<Beatstreet> running a RAID 5 on 3 drives. Is it better to create a small partition on each drive and RAID that for an OS partition then just putting the OS on a partition on the first drive? I've lost sda before and box wont boot with OS RAID'd across all 3
<DWSR> Oh god no.
<DWSR> You should get a small drive and have /boot on it.
<DWSR> Even use a flash drive if that's all you have laying around.
<DWSR> RAID, in whatever form you're using it, should always have access to the entire disk.
<Beatstreet> flash drive would be a really slow running OS would it not?
<DWSR> Hence why I said /boot.
<Beatstreet> I guess I need to read up on the /boot thing
<DWSR> Beatstreet: Basically, you can have your boot partition (/boot) installed on a seperate device from your root partition.
<DWSR> Meaning you can pull fun shenanigans like make your system unbootable unless you have your flash drive in.
<Beatstreet> so the /boot on the flash drive just boots it and it not accessed after that?
<DWSR> Beatstreet: Not unless you're changing the contents of it for some reason.
<DWSR> Which would be only during a kernel upgrade, or a GRUB upgrade, or something similar.
<Beatstreet> which you dont do that ofter
<DWSR> Yeah.
<DWSR> Beatstreet: I'm not recommending you use a flash drive, mind you.
<DWSR> Just saying it's a last resort kind of thing.
<Beatstreet> the servers I have
<Beatstreet> all are full of drives
<Beatstreet> so the usb drive would have to be
<DWSR> I can guarentee you that you can put more in.
<DWSR> assuming you're talking of desktop cases.
<Beatstreet> I know I can add controller cards
<DWSR> https://www.dropbox.com/sc/mb1stsgiaj1b2h6/j0ATKr0yrE <-- this is my home server that has 14 drives in it.
<DWSR> I ran out of bays so I literally mounted a 5.25"->3.5" converter to the bottom using a 120mm fan as an "adapter"
<DWSR> That's only a mid tower. I guarentee you you can add more drivers.
<patdk-wk> hmm, I don't have any pics of mine, 45 in it
<DWSR> s/vers/es/
<DWSR> patdk-wk: You use the Storage Pod design from Backblaze?
<Beatstreet> you have sata controoler cards?
<patdk-wk> no
<DWSR> Beatstreet: I have 1.
<patdk-wk> 17 internal sata, and 28 fc drives
<jsonperl> soâ¦ system mutex
<jsonperl> :)
<jsonperl> how would one create one of those
<tdao> hi all.  ive installed a raid array in my home server.  dmraid shows 3 disks but no array.  in my bios the array shows functional.  any direction would be helpful and appreciated.  the forums are down still from being hacked :P
<DWSR> tdao: I'm assuming that you have created an array in the BIOS?
<tdao> yes DWSR
<DWSR> tdao: dmraid won't detect anything then.
<tdao> ok, so how do i find what i need to mount?
<DWSR> tdao: What RAID controller are you using?
<tdao> built in on the mobo
<DWSR> yeah, that's why dmraid doesn't detect anything.
<tdao> ah, i misunderstood the package
<DWSR> Yes.
<DWSR> And no.
<DWSR> It does what you're thinking it does, it doesn't support what you're using, almost certainly.
<tdao> dmraid or ubuntu server?
<DWSR> tdao: dmraid/.
<DWSR> tdao: What does dmraid -r output?
<tdao> http://pastebin.com/qByp2EPu
<DWSR> Have you tried deactivating your onboard raid?
<DWSR> And just using md?
<tdao> no, i was hoping to use my hardware for the raid
<DWSR> Why?
<tdao> part of my mobo, wanting to use it
<DWSR> tdao: Why?
<tdao> ive done the software raid before
<DWSR> ok.
<DWSR> And?
<tdao> on this server, ive not used the soft raid
<tdao> forums are down, so i was looking for something i might have missed.  the install is older than the array
<Beatstreet> DWSR, so this server I am running has 3 serial ports and they are all full. You dont recommend a flash drive /boot. What would you do?
<Beatstreet> add a controller card and 1 drive just for OS?
<DWSR> Beatstreet: Yeah. Even if the controller card is crap, it's better than USB.
<Beatstreet> they dont make a controller card that has a small drive built in do they?
<patdk-wk> no internal usb ports/headers?
<Gugoies> hello peeps
<Pici> hi
<Gugoies> are pyton better for script then bash (newb here)
<Madkiss> roaksoax: sure they do
<DWSR> Can someone please explain to me why a fresh install of precise amd64 won't actually boot?
<patdk-wk> did you use 12.04? 12.04.1? 12.04.2?
<roaksoax> Madkiss: interesting, libqb is failing in our builders
<roaksoax> Madkiss: tests are failing
<roaksoax> Madkiss: https://launchpadlibrarian.net/145612225/buildlog_ubuntu-saucy-amd64.libqb_0.14.4-1ubuntu1~ppa2_FAILEDTOBUILD.txt.gz
<Madkiss> don't jniwm sirry
<Madkiss> gna
<Madkiss> don't know, sorry.
<Madkiss> let me have a look tomorrow, it is late oer here already
<DWSR> patdk-wk: 12.04.2
<patdk-wk> try 12.04.1
<patdk-wk> .2 has the enablement stack on it
<DWSR> huh?
<rtoyzer> hi
<rtoyzer> anyone there ?
<DWSR> patdk-wk: Doesn't the 12.04.2 media come with a pre-enablement kernel on it?
<patdk-wk> I didn't think so, not sure
<patdk-wk> thought it didn't cause there wasn't enough space
<rtoyzer> anyone ?
<rtoyzer> i can't access to ubuntu channel ? do you know whY  ?
<sarnold> rtoyzer: I didn't see any obvious bans that would prevent you from joining.. (but wow there are a -lot- of them...)
<rtoyzer> == #ubuntu Cannot join channel (+b) - you are banned
<rtoyzer> why baned ?
<sarnold> rtoyzer: I suggesst asking in #ubuntu-ops if someone can look into it for you
<rtoyzer> welll
<rtoyzer> i m looking something equivalent of windows illuminate room
<rtoyzer> who knows ?
<rtoyzer> in opensource
<oops_im_a_sysadm> Hi all. I'm having trouble getting the nginx repository working for an Ubuntu Precise server. I download the key, added it to apt, apt-add-repository, apt-get update, and when I apt-get install nginx, it says it's already newest, but nginx -v reports 1.2.9. How can I debug this issue?
<rtoyzer> oh my god ubuntu forum get hacked lollllllll
<rtoyzer> this is showing how ubuntu is vunerable
<rtoyzer> for security issue
<DWSR> oops_im_a_sysadm: Is 1.2.9 the latest in the nginx PPA?
<sarnold> oops_im_a_sysadm: can you pastebin your "apt-cache policy nginx" somewhere?
<ScottK> rtoyzer: Every web content management service has security vulnerabilities of some kind.  Until you know how they got hacked, you don't know if it says anything about Ubuntu the distro or not.
<oops_im_a_sysadm> DWSR no, that's the problem. sarnold: ah, yes, it knows of the later version, but decides this older version is the newest. Maybe it's because of the crazy '1:version' naming scheme which I don't understand. Here's the output: http://pastebin.com/LBKGhpE2
<DWSR> oops_im_a_sysadm: Just checking. Had that happen to me a few times before.
<sarnold> oops_im_a_sysadm: hrm, I don't see any 1: epochs in the nginx installed on my laptop, nor in the ppa...
<oops_im_a_sysadm> DWSR: thanks, always worth a double check
<DWSR> oops_im_a_sysadm: Can you install the package by specifying the version number?
<oops_im_a_sysadm> sarnold: I have another repository enabled (for ruby) that has these 1:1.2.9 nginx versions
<sarnold> oops_im_a_sysadm: ah!
<sarnold> oops_im_a_sysadm: ah, so you do, sitting right there in the output.
<oops_im_a_sysadm> DWSR: that may work, but I need to be able to launch new instances of the server without first manually checking the latest version in the repo
<oops_im_a_sysadm> can I specify >=version with apt-get?
<DWSR> Don't think so. I think apt only allows specific versions
<oops_im_a_sysadm> and will this even count as >=, given the crazy 1: prefix?
<sarnold> oops_im_a_sysadm: probably better would be to specify which repository you want to supply your nginx
<DWSR> Also, ^^
<oops_im_a_sysadm> sarnold: yes, that would be nice. I didn't know if I could do that
<DWSR> Was just wondering if you needed 1.2.9 specifically or just "latest"
<oops_im_a_sysadm> sarnold: can I do that?
<sarnold> oops_im_a_sysadm: look for the text "Default Priority Assignments" in apt_preferences(5) manpage
<sarnold> (I have to look it up every time I want to use it.. heh.)
<DWSR> http://serverfault.com/questions/247708/specify-ubuntu-repository-from-which-a-package-is-installed <-- I believe this might also help.
<oops_im_a_sysadm> Thanks very much sarnold and DWSR
<sarnold> nice, short and sweet. :)
<DWSR> Can you pin repositories at higher priorities?
<DWSR> OR can you only pin packages?
<oops_im_a_sysadm> It looks like you can specify the package as "*"
<DWSR> So it would seem
<DWSR> Anyone know of a way to provide a multi-platform AD-equivalent?
<sarnold> DWSR: I believe that is a claimed feature of Samba4
<DWSR> I'll believe it when I see it
<DWSR> Is there a Samba PPA?\
<hallyn> stgraber: bleh.  i've got the changes all implemented, but am seeing inexplicable subtle regression :(  no patchset going out tonight probably
<sarnold> DWSR: samba4 is packaged in the archive for all releases -- though it is in universe in all releases
<DWSR> sarnold: IT's in universe?
<DWSR> Ah, that makes sense, I'm only searching precise main
<sarnold> DWSR: yeah, it might make sense to promote samba4 for saucy, but as far as I know, no one has asked..
<DWSR> What a *puts on shades* saucy suggestion.
<sarnold> lol
<DWSR> patdk-wk: ty for the suggestion on precise .1. Seems to work MUCH better.
<DWSR> patdk-wk: Will a dist-upgrade at this point give me the enablement stack, or no?
<hallyn> hm, maybe it's not so bad.
<hallyn> eh i'm gonna look at it after dinner.  mind numb.  going afk.
<TheLordOfTime> anyone here an expert with PPTPd and PPTP VPN setups?
<TheLordOfTime> anyone on the server team want to lend me their time for, oh, about 30 minutes so they can comment on a discussion on the -quality mailing list? (I'm going to CC the -server ML shortly)
<ScottK> Please don't.
<ScottK> Dual posted ML discussions are a nightmare.
<ScottK> He should formulate his thoughts and post to the ubuntu-server ML.
<TheLordOfTime> ScottK:  then may I just give you a link to the discussion on the archives of the mailing lists so I can get your comments before I respond to the latest email in the chain?
<ScottK> I've been reading it.
<TheLordOfTime> ah so you're already there
<TheLordOfTime> you can give opinions on the latest one :p
<ScottK> I think he should write the server ML.
<TheLordOfTime> ScottK:  and ask the server mailing list about it before the discussion gets any further?
<ScottK> I think the sooner he talks on the server ML the better, but kind of up to him when his thoughts are fully formed enough to feel comfortable with it.
<ScottK> He also ought to look over the existing server test cases, because I think they kind of do what he's saying already.
<TheLordOfTime> I think he's trying to have a group that goes beyond the testcases
<TheLordOfTime> ScottK:  i couldn't convince you to reply to their latest email and suggest they take a look at the existing server testcases, could I?
<ScottK> No.
<ScottK> But feel free to say I said it in a mail you write.
#ubuntu-server 2013-07-23
<TheLordOfTime> OK
<adam_g> zul, how are we meant to handle this? jsonpatch 1.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('jsonpatch>=0.10,<=0.12'))
<zul> adam_g:  run the tests locally with updated requirements.txt and then patch the requests
<zul> which package is this?
<adam_g> zul, this isn't the test suite, post-install service not working because VersionConflict
<adam_g> zul, cinder, but nova is an issue as well
<adam_g> zul, i was backporting to PPA to match UCA versions, and noticed in cinder as well as nova
<adam_g> zul, i'm looking around for the reqiurements.txt that specifies the range, its not in requirements.txt according to github.com/openstack/requirements.git
<adam_g> zul, im trying to get a good dep8 test going for this. stevedore catches these exceptions and lets the serices start up anyway, which is why our current dep8s are passing fine
<zul> adam_g:  could it be one of the clients that is doing it?
<adam_g> zul, agh, its python-warlock
<zul> adam_g:  oh....bullocks
<adam_g> zul, well, actually i've still got an older warlock in the repo
<zul> adam_g:  ah that might be it then
<adam_g> zul, im having trouble building the backport, tho
<zul> adam_g:  buildlog?
<adam_g> zul, http://paste.ubuntu.com/5902397/
<zul> adam_g:  thats weird
<adam_g> zul, i see it built fine in the havana PPA
<adam_g> havana-staging, that is
<zul> adam_g:  im not sure whats going there but line 476 is definently weird
<adam_g> zul, oh, nvm. thats still outdated there too. 	1.0.0-1~cloud0, we want 	1.0.1-1ubuntu1
<zul> right
<adam_g> zul, how did you handle other python3 backports to precise?
<adam_g> i know we were hitting this in the past with something else
<adam_g> 1.0.1-1ubuntu1 added python3-warlock
<zul> adam_g:  i think it might have been testtools i cant remember...or subunit...actually i think it was subunit
<adam_g> zul, any idea what the solution was?
<zul> adam_g:  it was not to build for python3
<adam_g> zul, whatcu talkin about willis?
<zul> adam_g:  not to build the python3 package if i remember correctly
<adam_g> zul, we have both python3-subunit_0.0.12-0ubuntu1~cloud0_all.deb +  python3-testscenarios_0.3-0ubuntu2~cloud0_all.deb
<adam_g> in havana-staging ATM
<sarnold> jdstrand,hallyn: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1203211
<uvirtbot> Launchpad bug 1203211 in linux "Modprobe doesn't recognize any parameters on 3.10.0-4" [Critical,Fix committed]
<adam_g> zul, FWIW subunit fails to rebuild there, as well, so maybe its something with the locla build env. and python3.
 * adam_g EOD
<jdstrand> sarnold: hah! that would do it :)
<jdstrand> -5 fixes it fwiw
<sarnold> jdstrand: woot :)
<med_> adam_g, OpenStack question: any idea of status on LBAAS?
<methods2> is there an upstart event that fires before normal daemons launch ?
<vikashla> My httpd.conf file is blank how can I configure Apache(2.2)
<vikashla> Can Anyone help
<vikashla> ???
<vikashla> ?????????????????????????????????
<mrgate_> hey
<mrgate_> im having a issue trying to run codeigniter on my ubuntu server
<mrgate_> and i dont want to have to reinstall my entire os ):
<mrgate_> apache error log http://pastebin.com/S5FeVd7p
<mrgate_> anyone ):
<rbasak> !patience | mrgate_
<ubottu> mrgate_: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com/ or http://ubuntuforums.org/ or http://askubuntu.com/
<greppy> mrgate_: does the file it is looking for exist?
<mrgate_> yes
<greppy> do the permissions of all of the directories and the end file, allow your apache user to read it?
<greppy> a common issue is that /home/user is set to 0700 permissions.
<greppy> or that a directory in the path is.
<mrgate_> how do you check
<mrgate_> kinda new to ubuntu sorr
<mrgate_> y
<greppy> by default apache shouled be running as www-data
<greppy> meh s/shouled/should/
<greppy> so check the permissions of each directory in the path to make sure that it is set to 755 permissions, or rw rx rx.
<greppy> ls -ld /home/mrgate should give the permissions of your home directory.
<mrgate_> the issue is fixed since i chmod the entire thing with 0777
<greppy> don't do that.
<greppy> 777 == evil.
<mrgate_> its just my web folder ?
<greppy> any user on the system can edit or delete files that are 777
<greppy> try 755
<greppy> that gives the owner rwx but limits everyone else to rx
<greppy> 777 on a folder exposed to the outside world has caused no end of issues.
<mrgate_> fixed
<greppy> mrgate_: a rule of thumb: use 755 for directories, use 644 for files if you need other users on the system to be able to read them.
<StathisA> i've installed Deluge on my headless server...manually works ok, but how do i make the services start with the server?
<hachre> StathisA: are you running it as root?
<StathisA> yes but nvm, its not as easy at it looks...
<StathisA> need to make some scritps as described on http://dev.deluge-torrent.org/wiki/UserGuide/InitScript/Ubuntu%2011.04%2B%20%28Upstart%20Job%29#StartingandstoppingUpstartScripts
<hachre> StathisA: you gotta make a upstart job
<StathisA> yeah thats what the link is about
<StathisA> thanks for the answer thought :-)
<hachre> np ;)
<koolhead17> hi all
<g105b> Can someone point me in the right direction? I want to have 3 staging servers and keep their installed packages and config files in sync - what tools are available?
<ikonia> rsync ?
<g105b> ikonia: I'm actually using scp at the moment, but the problem I'm facing is that when I install a package, say 'php', and I make a change in the php.ini, along with some timezone settings, then the other servers need to be set up like that too.
<andol> g105b: puppet/chef/cfengine?
<ikonia> g105b: is this a production config and 3 servers part of it, or is this just 3 stand alone servers and thats all you've got
<g105b> only got 3 servers.
<ikonia> ok, so puppet or something like that is probably overkill
<ikonia> just setup rsync to push out config/content on regular basis from one server to the other 3
<g105b> yeah I'm aware of puppet, and that's what I thought.
<g105b> ikonia: Alright, thanks I'll look into rsync ... not used it before.
<ikonia> g105b: should tick %99 of what you need and want out of the box
<g105b> Thanks.
<g105b> ikonia: but what about installed packages? When I install something on one server, how can I keep all servers on the same version?
<jamespage> jdstrand: ping re mongodb MIR - I'd like to discuss what you need re libv8 and upstream management to address security concerns
<ikonia> g105b: you can script that with ssh pretty easy
<StathisA_> if i install dropbox by downloading it through WGET ("wget -O dropbox.tar.gz "http://www.dropbox.com/download/?plat=lnx.x86"" will it be updated when i run sudo apt-get update?
<StathisA_> or any other software installed like this
<ikonia> StathisA_: no
<StathisA_> :-(
<g105b> StathisA_: to use a package manager to manage packages, the packages need to first be installed by that said package manager.
<jamespage> zul, these all build OK with the staging PPA - http://people.canonical.com/~jamespage/ca/havana/
<jamespage> aside from warlock which has a python3/dh tantrum
<jamespage> looking that that now
<zul> jamespage:  +1
<zul> jamespage:  we need to add heatclient as well (for horizon)
<jamespage> zul, agreed
<zul> jamespage:  heh good thing we are not rgb colorblind ;)
<jamespage> zul, ?
<zul> jamespage:  just thinking about the ca report
<jamespage> yeah - right
<jamespage> :-)
<greppy> g105b: salt or ansible may be an option.
<jamespage> zul, can you ack the python-*client packages I just uploaded to the same location please
<jamespage> zul, scp sulked about them the first time
<jamespage> all three build fine against staging
<jamespage> ls
<zul> jamespage:  +1 can you pick up ceilometerclient and heatclient as well
<jamespage> zul, ack
<zul> jamespage: ok they are backported locally i just have to do a build test, almost forgot about python-greenlet
<zul> jamespage:  do we want iscsitarget in there as well (trawling saucy-changes for the past month)
<jamespage> no
<jamespage> zul, its not really worth the delta TBH
<zul> jamespage:  ack
<sudormrf> Hey guys. Does anyone here have experience with iredmail? I am hosting multiple virtual domains on a single 12.04 LTS server and the webhosting is fine, but I can only seem to get one domain working with the iredmail email. :-/
<jamespage> zul, I did heat and ceilometer clients as well
<zul> jamespage:  cool...ill do heat as well
<jamespage> zul, heat itself?
<jamespage> ok
<zul> jamespage:  yeah
<jamespage> we should get it into the CI then
<jamespage> is the branch under ~ubuntu-server-dev yet?
<jamespage> zul, ^^
<zul> jamespage:  it is. i did it yesterday
<jamespage> zul, its in the branch right?
<jamespage> still needs creating in the lab then
<zul> lp:~ubuntu-server-dev/heat/havana
<jamespage> zul, right - understand now!
<jamespage> zul, I'll get that CI'ed
<zul> i didnt get heatclient its own branch i think
<jamespage> zul, added
<jamespage> ugh
<jamespage> OK
<jamespage> that will fail for the moment then
<jamespage> lemme sort that out
<jamespage> zul, nope - its there
<zul> jamespage:  ok
<StathisA_> hmmm i got a router which with "http://192.168.0.1/setup.cgi?todo=debug" in a browser enables its debug mode. is there a way to do this from a cli?
<hallyn> jdstrand: still will be interesting to see if modprobe not accepting parameters becomes the reason for your host lockup when starting a kvm vm (bug 1203211)
<uvirtbot> Launchpad bug 1203211 in linux "Modprobe doesn't recognize any parameters on 3.10.0-4" [Critical,Fix committed] https://launchpad.net/bugs/1203211
<jdstrand> hallyn: it isn't. that bug is fixed in -5 and I still have lockups with it
<hallyn> drat
<jdstrand> hallyn: apw filed bug #1204005 (he sees it too)
<uvirtbot> Launchpad bug 1204005 in linux "[saucy] kvm host hangs of guest boot with 3.10.0-5" [Critical,Triaged] https://launchpad.net/bugs/1204005
<apw> no indeed, it is utterly broken and has been for all of the v3.10 kernels i have tested
<apw> clearly noone is using that combination
<jamespage> zul, meh
<jamespage> python-warlock is not currently cleanly backportable
<zul> jamespage:  python3?
<jamespage> zul, yeah - the test rules are a bit sucky - gonna fix in saucy to make backporting easier
<zul> jamespage:  ack
<jdstrand> jamespage: pong re mongodb
<jamespage> jdstrand, hey
<hachre> StathisA: you just want to access that url? use curl
<jdstrand> hey
<jamespage> jdstrand, I was about to get in contact with MongoDB upstream about how they are managing their embedded version of libv8 re security issues etc..
<StathisA> hachre: Yes, but oh well i thought i could use something already installed...
<hachre> StathisA: I guess wget would also work
<StathisA> it does, but ends up downloading it as well..:-S
<jamespage> jdstrand,  but I wanted to checkin with you first on whether libv8 in mongodb was going to be acceptable for MIR in any form
<jamespage> and if so what sort of thing you are looking for re active management of libv8 from mongodb upstream
<jamespage> (try to avoiding security -> me -> upstream -> me -> security ping-pong)
<jdstrand> jamespage: it would be acceptable if it didn't provide an attack surface, but I don't think the design and intent would allow for that
<hachre> StathisA: wget url -O /dev/null
<jdstrand> jamespage: which means someone has to update it
<jdstrand> jamespage: how long has mongodb been around? will the MREs last through to the April 2019?
<jamespage> jdstrand, I would suspect not
<jdstrand> I'm very hesitant to allow it, even with upstream saying 'sure we'll do it'
<jdstrand> nothing against them (I don't know them at all), but past experience tells me that upstreams quickly lose interest in old software and we are left holding the bag and our users lose
<jdstrand> libv8 will literally be unmaintainable within a few months
<jamespage> jdstrand, as in I would expect the LTS support period to exceed the active point release schedule from upstream by years
<jdstrand> so unless someone is shoving in new upstream versions as security issues are fixed, we are in a bad spot
<jamespage> jdstrand, there is another option instead of libv8 but I'm not sure its any better
<jamespage> 2.2 series defaults to spidermonkey; the switch to libv8 was made 2.4  but the support is still their for spidermonkey
<jamespage> but again I expect that will disappear in 2.6 of suchlike
<jdstrand> libv8 changes so much that it would require significant effor to do it ourselves (we went through all this when reviewing the sdk)
<jdstrand> spidermonkey is not any better-- we've actively tried to avoid it. iirc, it is less and less interesting to mozilla
<jamespage> yeah - that was my guess :-)
<jdstrand> of course, that means it doesn't change very much
<jamespage> but I guess its not getting much active maintenance either...
<jdstrand> (attempt at bad joke-- we would then have to write our own fixes)
<jamespage> yeah
<zul> jamespage:  http://people.canonical.com/~chucks/ca/
<jdstrand> jamespage: an alternative would be to have the package that provides the attack surface in universe
<jamespage> jdstrand, so only enabling the scripting engine if that is installed on the server component?
<jdstrand> I'm not sure how feasible that is, but it would at least allow mongodb to move forward and give libv8 to users that want it who could control their environment
<jdstrand> well, I don't know how the packaging is
<jamespage> jdstrand, I'd need to look - I'm not sure that separation exists in the upstream codebase
<jdstrand> but you said "libv8 is used to provide the scriptable shell in mongodb; access to the
<jdstrand> shell is via the mongo client application"
<jdstrand> I don't know where the script interpretation happens, but if it is in the client, you could put the client in universe, or have a client in main without it, and one in universe with it
<jamespage> jdstrand, no - its in the server side
<jdstrand> if that isn't supported by upstream, you could compile twice: once with scripting and once without
<jdstrand> without -> main, with -> univers
<jdstrand> e
<jamespage> jdstrand, hmm - there is a '--noshell' build option
<jamespage> lemme check that out
<jamespage> jdstrand, my concern would be that mongodb without the shell for admin is pretty useless
<jamespage> but lemme check
<zul> jamespage:  ping http://people.canonical.com/~chucks/ca/
<jamespage> zul, looking right now
<zul> jamespage:  thanks
<jamespage> zul, all done using cloud-archive-backport?
<zul> jamespage:  except for heat
<jamespage> zul, why not heat?
<jamespage> oh - I expect you hit the same bug I did with heatclient...
<zul> jamespage:  because i got a traceback when i ran it
<jamespage> I have a fix for that
<zul> jamespage:  cool
<jamespage> zul, OK - they look fine
<jamespage> zul, I already did eventlet btw
<zul> jamespage:  oh
<zul> ill get rid of that then
<jamespage> zul, did you build test them all first?
<zul> jamespage:  i couldnt build the openstack packages because of a newer clients
<zul> but they all build
<jamespage> zul, hmm
<jamespage> ok
<jamespage> zul, OK - python-warlock fixed up in saucy
<zul> jamespage:  cool have you reviewed rest of the CA stuff prepped
<jamespage> zul, yeah - all your stuff looked OK to me
<jamespage> +1
<zul> jamespage:  cool thanks
<jamespage> (don't upload eventlet - I already did)
<zul> now to make my internet connection cry
<zul> jamespage: ack
<jamespage> zul, we still have a kombu ftbfs in staging
<jamespage> looking right now - might need an anyjson backport
<zul> i have it queued up
<zul> jamespage:  im missing something here http://pastebin.ubuntu.com/5904291/
<micahg> jamespage: when you get a minute, can you forward the python-warlock fixes to Debian? debian 717469
<uvirtbot> Debian bug 717469 in python-warlock "python-warlock: Please add python3 package" [Wishlist,Open] http://bugs.debian.org/717469
<jamespage> micahg, will do
<micahg> thanks
<jamespage> zul, urm
<jamespage> zul, can you run with -d and --simulate please
<zul> http://pastebin.ubuntu.com/5904340/
<jamespage> zul, switch back to dput for the time being
<jamespage> zul, I think dput-ng has a few problem right now (that I think I fixed locally but negelected to upload - my bad)
<zul> jamespage:  ack
<zul> jamespage:  btw the new python-warlock will have python3 support upstream (ie: we can drop the patch when a new version is cut)
<jamespage> right
<jamespage> ok
<jamespage> micahg, done
<jamespage> zul, http://people.canonical.com/~jamespage/ca/havana/ python-anyjson please
<zul> jamespage:  +1
<zul> ok uploading finished
<adam_g> jamespage, is there a trick to getting python3 stuff backported to precise? i noticed they seem to build fine on buildds in the trunk and CA staging PPAs, but fail for various reasons when trying to do it locally using the backport-package job
<jamespage> adam_g, anything specific causing you an issue?
<adam_g> jamespage, http://paste.ubuntu.com/5902397/
<jamespage> adam_g, oh - I fixed that already in saucy
<jamespage> precise has 3.2, saucy has 3.3 so the targets don't work like that for the backport
<jamespage> adam_g, the fix is in saucy - just needs a fresh backport
<adam_g> jamespage, oh, i see the upload. was trying to get that built last night.
<adam_g> awesome :)
<zul> jamespage:  http://people.canonical.com/~chucks/ca/
<jamespage> zul: +1
<zul> adam_g: https://code.launchpad.net/~zulcss/nova/h3-patch-refresh/+merge/176440
<jamespage> zul, obvious really but we missed neutron/neutronclient
 * jamespage faceplants
<zul> jamespage:  DOH!
<jamespage> zul, sweeping up right now
<zul> jamespage: ack...
<adam_g> zul, can you please add some patch header info to that sqlalchemy patch? its still a mystery to me
<zul> adam_g:  right
<adam_g> https://code.launchpad.net/~gandelman-a/ubuntu/saucy/cinder/dependency_dep8_test/+merge/176441
<adam_g> jamespage, yolanda: my first dep8 test, could use some feedback
<jamespage> zul: http://people.canonical.com/~jamespage/ca/havana/
<zul> jamespage:  why glance?
<jamespage> zul, http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/havana_versions.html
<jamespage> still out of date
<jamespage> and not showing in the PPA either so its valid
<zul> jamespage:  doh
<zul> jamespage:  +1
<zul> adam_g:  pushed
<jamespage> zul, I think we need a backport of python-migrate as well for heat
<zul> jamespage:  probably
<jamespage> zul, ok that lot is all uploaded
<zul> cool
 * zul goes have lunch
<zul> jamespage:  new rule we should upload to the cloud archive relevant stuff when we upload to the regular archive
<zul> adam_g:  pushed again
<Shogoot> hi people. im a linux newbie so be nice :) im installing u server 12.04. i want to make a upgrade. I f i fo apt-get upgrade, will it install u server 13.04?
<cwillu_at_work> apt-get update applies 12.04 updates; it doesn't change the release
<Shogoot> update im ok with, but upGrade?
<cwillu_at_work> I meant upgrade
<Shogoot> ah. ok so it safe then
<cwillu_at_work> (update just gets an updated list of packages)
<cwillu_at_work> do-release-upgrade will upgrade to the next full release (man do-release-upgrade for basic documentation)
<Shogoot> how then do install 13.04 from 12.04? just to know... :)
<cwillu_at_work> <cwillu_at_work> do-release-upgrade will upgrade to the next full release (man do-release-upgrade for basic documentation)
<Shogoot> ah. sorry i didnt quite read
<Shogoot> cwillu_at_work, THANKS!
<sarnold> Shogoot: note the --mode setting especially
<cwillu_at_work> and makes backups if this matters
<Shogoot> rgr
<cwillu_at_work> (you should of course already have backups if it matters :p)
<Shogoot> its a fresh install
<cwillu_at_work> Shogoot, if it's a fresh install, I'd tend towards just installing the new version fresh in the first place
<skrite> hey all
<sarnold> indeed
<genii> Is there some reason the -n of dhclient doesn't work?
<jsonperl_> Would you consider 15 servers writing a lot (more than 1k a second) to rsyslog a problem?
<sarnold> jsonperl_: that's roughly 15 packets per second of network IO, and most disks can handle ~50MB/s or more.. it feels like a very slow trickle.
<sarnold> jsonperl_: I had a firewall system logging at roughly that kind of level, not much, but the drive died after just two years or so. There were some nice grooves worn in the drive platters. :)
<sarnold> but that was 12, 13 years back, I hope newer drives are less likely to act like farmers plowing fields.. hehe
<jsonperl_> rsyslogd kinda handles file contention though right
<jsonperl_> like they're not all writing to the file, their hitting rsyslog, and he takes care of business
<thumper> hallyn: you around?
<hallyn> thumper: I'm about to run off to dinner
<thumper> hallyn: ok, I'll email
<sarnold> jsonperl_: right, I'd expect messages to be properly interleaved without scrambling
<hallyn> thumper: thanks
<jsonperl_> Can anyone think of a situation which would kinda totally bork networking on a machine? I've been trying to figure out an issue on my servers where at some undetermined threshold the machine becomes VERY hard to connect to.
<sarnold> jsonperl_: swapping itself to death? too much disk IO swamping usual traffic? unhappy drives? unhappy NICs?
<jsonperl_> I've been pouring through sysstat data and I don't see anything of real note
<jsonperl_> The only clues that I have so far are, the runq-sz gets much higher than norm, and the load average and cpu usage drops a lot (because people are unable to connect)
<sarnold> jsonperl_: maybe look for the wait channel of sleeping processes? I'm not sure that'd lead to high run queue, but if everything is asleep on the same resource, you might have an idea what to work with
<jsonperl_> hmm, wait channel?
<jsonperl_> what tool would you use to inspect that
<sarnold> top or ps, I think..
<cwillu_at_work> what's the question?
<jsonperl_> Who's question?
<cwillu_at_work> to which "top or ps, I think.." was the answer
<sarnold> cwillu_at_work: which programs will show the wchan of stalled processes
<cwillu_at_work> alt-sysrq-w
<sarnold> I know top can do it, but it's not very friendly when servers are slowly dying
<cwillu_at_work> then check dmesg
<sarnold> oh nice, better for when things are very nearly toast
<cwillu_at_work> (note: other sysrq keys are dangerous)
<sarnold> I think ps can dump wchan, but it's been ages since I've needed it..
<cwillu_at_work> alt-sysrq-w will give you the whole kernel stack trace though
<jsonperl_> dmesg will give me the wchan?
<cwillu_at_work> alt-sysrq-w, followed by dmesg, will give you more than wchan
<sarnold> after hitting that sysrq key, yes
<sarnold> if you want to script it up, you can echo w > /proc/sysrq-trigger ; dmesg > /path/to/file
<cwillu_at_work> a bit better to cat /dev/ksmg > /path/to/file & echo w > /proc/sysrq-trigger
<cwillu_at_work> as that will capture the whole output even if it's bigger than the ring buffer that dmesg is stored in
<sarnold> ooh? that'll work even with a running syslog?
<cwillu_at_work> I _think_ so
<cwillu_at_work> yep, works fine
<cwillu_at_work> cat /dev/kmsg | nc cwillu.com 10101 is a trick I use for getting troubleshooting info in #btrfs all the time
<sarnold> hahaha, that's clever. :)
<cwillu_at_work> it's like netconsole, but not annoying to set up :)
<sarnold> probably more reliable too
<thumper> hmm...
<jsonperl_> cwillu_at_work: so I want to look at "runnable tasks" and see what they're waiting on?
<thumper> lets say I have a remote machine... say the precise server in my office
<cwillu_at_work> jsonperl_, if you're looking for blocked tasks, you're looking at the ones that aren't runnable
<cwillu_at_work> there's one big stack trace for each one
<thumper> is there a way I can run something as root on that machine over ssh with one command?
<cwillu_at_work> the wchan is the top function in that trace (I believe)
<sarnold> thumper: ssh root@remote.machine "uname -a"   :)
<cwillu_at_work> thumper, not really, unless you add an ssh key to /root/.ssh/authorized_keys
<thumper> does that work with sudo stuff?
<thumper> ok...
<thumper> next question then
<thumper> if I just use ssh as normal
<jsonperl_> I'm a little confused on to analyze this: http://pastebin.com/5d83kp1b
<thumper> but then execute a script that runs sudo
<thumper> will I be prompted nicely?
<jsonperl_> Not that i'm seeing my issue, but so I'm prepared when I do :)
<thumper> I suppose I can test this pretty trivially
 * thumper goes to test
<cwillu_at_work> scripts shouldn't call sudo
<jsonperl_> I see stats about wait_max, wait_time etc... but not WHAT they're waiting on
<cwillu_at_work> jsonperl_, doesn't appear that there's anything blocked
<jsonperl_> so I would see diff output if there were blocked processes?
<jsonperl_> and what they are blocked from?
<cwillu_at_work> yeah; do you know what a kernel oops looks like?
<cwillu_at_work> (with the registers and the call trace?)
<jsonperl_> nope
<sarnold> lucky :)
<cwillu_at_work> http://permalink.gmane.org/gmane.comp.file-systems.btrfs/20592 is what you'd see
<jsonperl_> So it will show me a trace of every blocked process
<cwillu_at_work> yes
<cwillu_at_work> you can tell it to give you a trace for _every_ process, but that's mostly just noise
<jsonperl_> yea i'm only interested in the ones making my machine unhappy
<jsonperl_> and in turn myself (and my girlfriend)
#ubuntu-server 2013-07-24
<jsonperl_> cwill_at_work... does a system with high run q and low load indicate that it's I/O bound to you?
<jsonperl_> cwillu_at_work, sorry
<Patrickdk> iowait% is i/o bound
<Patrickdk> you have 0% iowait
<jsonperl_> That post was of a healthy system... I was just trying to figure out how to interpret
<jsonperl_> I logged some netstat numbers during the issue... I see some high send and recv Q, this may be somethin here
<Patrickdk> that would likely be a nic driver issue, I would think
<Patrickdk> do all your machines have the same driver/nic?
<Patrickdk> been a long time since I attempted to diagnose or work on something at that level
<jsonperl_> Yep every machine is identical
<jsonperl_> Most are in LAST_ACK
<Patrickdk> e1000e?
<jsonperl_> but some ESTABLISHED
<jsonperl_> like almost 200k in some queues
<Patrickdk> it might just be the result of the issue, but it might be a cause
<jsonperl_> the card?
<jsonperl_> it's a broadcom hangom
<Patrickdk> not sure what to tell you to figure it out
<jsonperl_> Broadcom 5720
<jsonperl_> That queue size seems pretty unhealthy right?
<Patrickdk> what do you get for ethtool -k eth0
<jsonperl_> I don't have a currently borked system
<Patrickdk> doesn't matter
<jsonperl_> http://pastebin.com/ARwR2W6K
<Patrickdk> but atleast till someone has an idea how to diagnose this somemore, I can atleast throw you some things to see if they have any effect
<Patrickdk> if they do, it's likely the cause, of not, just an effect
<jsonperl_> Yea totally. You've been reallllly helpful
<jsonperl_> This stuff is all fairly new to me
<Patrickdk> give a try: ethtool -K rx off tx off sg off tso off gso off rso off rxvlan off txvlan off eth0
<Patrickdk> maybe again for eth1 if you use it
<Patrickdk> opps
<Patrickdk> ethtool -K eth0 rx off tx off sg off tso off gso off rso off rxvlan off txvlan off
<Patrickdk> I am not sure about the broadcoms, but I know the intel driver has gone back and forth on it working and not working
<Patrickdk> my older intel ones, I had to disable a few of those, to make it work correctly
<Patrickdk> this will cause higher cpu usage
<Patrickdk> I doubt it will be enough for you to notice though
<jsonperl_> so basically turning everything off
<Patrickdk> yep
<jsonperl_> any potential for badness here?
<jsonperl_> besides cpu usage
<Patrickdk> no
<Patrickdk> the chcksums just lower cpu usage
<jsonperl_> But in your experience they gunk up the works sometimes?
<Patrickdk> the rest mainly cause the nic and linux to move around 64k of data at a time, instead of one packet at a time
<Patrickdk> gro sometimes, rxvlan on one of mine here at home
<Patrickdk> tso I think I had an issue with on some too
<Patrickdk> this system I am using now needs: ethtool -K eth0 rxvlan off tx off
<Patrickdk> that leaves only gso turned on
<Patrickdk> forget about the tx on it, but it doesn't support rxvlan, but the driver thinks it does
<jsonperl_> Its a gigabit card, it's speed is set at 100Mb... likely the network its on
<Patrickdk> oh, at 100mbit you will never see the increased cpu usage :)
<jsonperl_> I'm wondering if I need to upgrade the network... I've never seen us go beyond maybe 15Mb though
<jsonperl_> Seems like a lot of data in queue in LAST_ACK state indicates a problem with our code no?
<jsonperl_> Basically the connection has been severed on their end, but we haven't gotten rid of it
<jsonperl_> TCP:   458 (estab 50, closed 96, orphaned 63, synrecv 0, timewait 1/0), ports 0
<jsonperl_> Lotta orphans
<Patrickdk> dunno what a LAST_ACK is
<jsonperl_> Right before the tcp connection closes
<Patrickdk> oh, that is actually a state
<Patrickdk> I never see those
<jsonperl_> I've got a bunch... perhaps thats an issue
<Patrickdk> na, normally that for me is TIME_WAIT, where the connection was closed, but not properly
<sarnold> "The remote end has shut down, and the socket is closed. Waiting for acknowledgement."
<Patrickdk> ya, sounds like your sending it data, but it's not responding
<Patrickdk> oh
<sarnold> is there a funny firewall in the way preventing those packets?
<jsonperl_> just iptalbes
<Patrickdk> hmm, odd though, never seen them, just the FIN_WAIT TIME_WAIT mainly
<jsonperl_> Here so you have some idea what I'm looking at: http://pastebin.com/9RNzEbb9
<jsonperl_> ips jiggled to protect the innocent :)
<jsonperl_> I wonder if we're just shipping data to a "almost closed" socket, and filling up the tcp queue
<sarnold> jsonperl_: the 'slabtop' utility ought to be able to show you if TCP is eating too much of your memory
<jsonperl_> I'll check it out
<jsonperl_> though memory utilization is quite good now
<jsonperl_> (with a little help from my buddy PatrickDK)
<jsonperl_> gotta head home... thanks folks, back later
<sarnold> have fun :)
<jsonperl> back for more!
<jsonperl> PatrickDK
<jsonperl> I just had a system flake outâ¦ I hit those networking settings live, and it seems to have fixed it?
<jsonperl> (super super anecdotally)
<Patrickdk> dunno :)
<jsonperl> so your theory there is that there is a driver issue with the card?
<Patrickdk> personally, I would put those on like 3 or so, and see
<Patrickdk> well, driver or firmware
<jsonperl> yea the whole "it didn't explode" thing is a really frustrating way to prove stuff :)
<Patrickdk> more likely driver, but firmware could affect the drivers actions
<jsonperl> so by turning all of that off, we reduce the load on the card essentially?
<jsonperl> and let the os take care of stuff
<Patrickdk> well, it puts the card into normal dumb mode basically
<Patrickdk> instead of attempting to limit interrupts, and queue up requests and stuff
<Patrickdk> and offloading some of the work
<Patrickdk> it might be there is some kind of buffer overrun happening on the nic, causing the issue
<Patrickdk> but I'm totally random guessing
<jsonperl> me2
<jsonperl> :D
<Patrickdk> but now since that is off, nothing is really getting buffered
<jsonperl> oh man, if this fixes the problem
<Patrickdk> I have had issues with broadcom drivers before, but not on linux
<Patrickdk> but then, I really have not used broadcom on linux so :)
<jsonperl> I use what they rent me :)
<jsonperl> (peer1 / serverbeach)
<sarnold> jsonperl: was that an ethtool command that seems to be fixing it?
<jsonperl> yep
<jsonperl> ethtool -K eth0 rx off tx off sg off tso off gso off rxvlan off txvlan off
<jsonperl> 'seems' being the operative word
<Patrickdk> if your really interested, start knocking one off at a time, till it acts up again :)
<jsonperl> hahahaha
<jsonperl> oh man, the fact that thats a reasonable thing to do kinda of makes me ill :)
<sarnold> :)
 * Patrickdk bets on the tso or gso
<jsonperl> im gonna turn everything off on all machines
<Patrickdk> could be tx, but normally not
<jsonperl> then i'll pull those on one of them
<jsonperl> so do tso, gso, and tx in that order huh :)
<Patrickdk> or, pull a different one per machine? :)
<sarnold> yeah, I'm also suspicious of tso and gso
<jsonperl> ahahha
<sarnold> and it feels like 'sg' would be nice to have back
<Patrickdk> I have no idea what sg is, never bothered by it before :)
<sarnold> (at least I assume it means Scatter/Gather)
<Patrickdk> it does
<jsonperl> oh man, im excited
 * Patrickdk locates a bed
<jsonperl> I MAY BE ABLE TO SLEEP
<sarnold> g'night :)
<jsonperl> cya Patrick, thanks again
<jsonperl> allright, all machines updated
<jsonperl> now I wait :)
<jsonperl> sarnold/Patrickdk, it makes sense those settings kick in live right?
<jsonperl> no networking restart or anything
<sarnold> jsonperl: right
<jsonperl> goodâ¦ because if it didn't that would disprove that it fixed it ;)
<jamespage> yolanda, https://code.launchpad.net/~james-page/glance/sqlalchemy-bump/+merge/176613 if you are around :-)
<jamespage> zul, ^^
<yolanda> morning
<jamespage> I'm gonna review all packages today
<yolanda> great
<jamespage> yolanda, morning!
<yolanda> jamespage, bad news, since this branch is on ubuntu-server-dev, i don't have permissions
<jamespage> yolanda, just need a review
<jamespage> not a merge
<jamespage> I'll do that myself
<yolanda> jamespage, assign me as a reviewer
<yolanda> otherwise i can't
<yolanda> i don't have the permissions to "Request review"
<jamespage> yolanda, dog
<jamespage> doh rather
<jamespage> yolanda, done
<yolanda> ok, reviewed, i cannot change the main status anyway
<jamespage> ack
<jamespage> thanks
<ThothCastel> how to check if ssh server is running?
<mardraum> ThothCastel: service ssh status
<greppy> ps -ef | grep ssh
<ThothCastel> greppy: mardraum: thanks, it's running, however I am unable to connect to it via ssh :S
<mardraum> what exactly happens? use pastebin if you must
<jamespage> zul, when you start review needed please - https://code.launchpad.net/~james-page/neutron/fixup-h2/+merge/176650
<cwillu_at_work> greppy, "sshd"
<jamespage> zul, you might wanna take a look at the python-greenlet upload you did yesterday
<jamespage> it blasted all of the python3 work that you did in the previous two ubuntu versions
<jamespage> (which is why its block in proposed right now)
<zul> jamespage:  fuuuuuu
<ikonia> zul: ?
<streulma> hello, I can upgrade my kernel on Ubuntu Server 12.04, but when I reboot, the server don't boot and hangs, it's KVM virtualisation
<jamespage> zul, hey - I also uploaded trivial fixes for keystone and glance autopkgtest failures
<jamespage> I'm stuffing them into havana staging as well
<zul> jamespage:  ack
<jamespage> streulma, anything on the console?
<streulma> there is on the moment a problem with console, the isp upgraded to new version of OnApp
<streulma> but before I had the problem
<streulma> it boots the kernel
<streulma> and then hangs after keyboard...
<streulma> before the services loads
<zul> jamespage:  http://people.canonical.com/~chucks/ca/
<jamespage> zul, ceilometer?
<zul> jamespage:  yep
<jamespage> zul, why does simplejson need "     - Build for python 3.2 as well."
<jamespage> I know precise has python 3.2
<jamespage> but can't a generic fix be applied in saucy which makes it a no-change backport again?
<zul> jamespage:  because it explicity dependeon on python 3.3
<jamespage> zul, +1 for msgpack-python
<zul> jamespage:   python3-all-dev (>= 3.3.0-3) in the debian/control
<jamespage> zul, ack
<jamespage> reviewing now
<zul> jamespage:  ill fix the saucy version
<jamespage> zul, does it work with python3.2
<zul> jamespage:  yeah
<jamespage> just wondering if that why the min-versions are specced
<zul> nothing in the changelog
<jamespage> zul, nope
<jamespage> and it looks OK - maybe poke piotr in #debian-python on OFTC and see if there are any gotchas
<zul> jamespage:  nope im not uploading it, i just noticed a bug
<jamespage> zul, do we really need the new webtest?
<jamespage> is 1.3.3 -> 1.3.4
<jamespage> its rather
<zul> jamespage:  im not sure, nack it please
<zul> jamespage:  chuck@homer:~/pbuilder/precise_result$ dpkg -c python3-simplejson_3.3.0-2ubuntu1~cloud0_amd64.deb
<zul> drwxr-xr-x root/root         0 2013-07-24 09:14 ./
<zul> drwxr-xr-x root/root         0 2013-07-24 09:14 ./usr/
<zul> drwxr-xr-x root/root         0 2013-07-24 09:14 ./usr/share/
<zul> drwxr-xr-x root/root         0 2013-07-24 09:14 ./usr/share/doc/
<zul> drwxr-xr-x root/root         0 2013-07-24 09:14 ./usr/share/doc/python3-simplejson/
<zul> -rw-r--r-- root/root      3160 2013-07-24 09:06 ./usr/share/doc/python3-simplejson/changelog.Debian.gz
<jamespage> zul, -1
<zul> -rw-r--r-- root/root      1645 2011-02-15 15:56 ./usr/share/doc/python3-simplejson/copyright
<zul> chuck@homer:~/pbuilder/precise_result$ dpkg -c python-simplejson_3.3.0-2ubuntu1~cloud0_amd64.deb
<zul> drwxr-xr-x root/root         0 2013-07-24 09:14 ./
<zul> drwxr-xr-x root/root         0 2013-07-24 09:14 ./usr/
<zul> drwxr-xr-x root/root         0 2013-07-24 09:14 ./usr/share/
<jamespage> \o/
<zul> drwxr-xr-x root/root         0 2013-07-24 09:14 ./usr/share/doc/
<zul> drwxr-xr-x root/root         0 2013-07-24 09:14 ./usr/share/doc/python-simplejson/
<zul> -rw-r--r-- root/root      7062 2013-05-01 16:01 ./usr/share/doc/python-simplejson/index.rst.gz
<zul> -rw-r--r-- root/root      3160 2013-07-24 09:06 ./usr/share/doc/python-simplejson/changelog.Debian.gz
<Pici> nice
<zul> -rw-r--r-- root/root      1645 2011-02-15 15:56 ./usr/share/doc/python-simplejson/copyright
<zul> shit!
<Pici> its zul, so I'll let it slide... this time ;)
 * jamespage drowns in irc
<zul> jamespage:  tests are not enabled in that package either
<dranix> hi everyone
<dranix> i need some help with ldap integration with packetfence
<dranix> anyone has any idea how to go about doing this?
<Monotoko> if I connect to an openvpn server in the office... should it not tunnel all my internet connection through it?
<Monotoko> I have the same IP as before...
<rbasak> Depends on how you have it configured.
<Monotoko> rbasak, it was configured by my predecessor - where can I check?
<rbasak> I don't recall, sorry. Check the docs for mentions of your default gateway. I think it's a client-side setting, but you can also configure the client to accept the server's settings and then configure it on the server (IIRC).
<rbasak> Or may default route, rather than default gateway.
<rbasak> maybe
<Monotoko> lots of mention of bridging...
<raub> Trivial question: how do I upgrade a kernel module that is in use? By in use it is module for raid controller but I am booting using a live CD
<oozbooz> Monotoko: check your routing, is default route via VPN or your ISP?
<oozbooz> command "ip  r sh"
<oozbooz> usually, server pushed routes to the client, but client can overwrite it or do some other tricks w/out getting server involved
<oozbooz> pushed=pushes
<Monotoko> oozbooz, http://pastebin.com/65vcRqk7
<Monotoko> I tried to remove the comment in the config here: ;push "redirect-gateway def1 bypass-dhcp"
<Monotoko> however then the client wouldn't load anything
<oozbooz> I assume 5.10.152.225 is your ISP GW
<oozbooz> then your internet traffic should go over it
<Monotoko> yeah, we have a /29 I believe
<Monotoko> when I'm connected from outside the office
<Monotoko> I want it to still use the office IP
<oozbooz> use office IP for ... ?
<oozbooz> you mean send your ALL traffic via the tunnel?
<Monotoko> yeah - it's static - a lot of people who work here work from homes etc, with dynamic IP's
<Monotoko> I'd rather they all used our network to make it easier to firewall the servers and not keep punching random holes in the FW
<oozbooz> I don't get your last statement ...
<oozbooz> usually, you want to only relevant traffic to send to your office via the tunnel,
<oozbooz> rest of the stuff, they should use their ISP
<oozbooz> why would you want them to download youtube videos using office bandwidth
<rbasak> I'd say it depends. Road warriors might prefer everything to go via the office if they don't trust the connections they're using (coffee shops, hotels, etc)
<Monotoko> oozbooz, we have a "cloud" provider off site that I need to give developers access to, and certain things that they can log into through the web browser but only from this IP
<oozbooz> aha
<oozbooz> 3rd party mess..
<Monotoko> aye - obviously I need a static IP I can trust for that, so I'd rather tunnel everyone through our office network
<oozbooz> well... you can create a new route that only traffic for cloud provider goes via the tunnel
<Monotoko> hmm, what route would I be adding for that? route add 1.2.3.4 gw 5.10.152.227 eth0 ?
<oozbooz> but, if you decide to divert all traffic, you will have to change routing rules on the server, that will be pushed to the client
<oozbooz> which VPN server do you use
<Monotoko> openvpn
<zul> jamespage:  simplejson fixed locally ill upload to the regular archive and get it for the cloud archive as well
<oozbooz> openvpn or openvpn-AS?
<Monotoko> regular openvpn AFAIK
<Monotoko> yeah
<Monotoko> just checked with dpkg
<oozbooz> ok, first my advice to upgrade to openvpn-AS - much easier to manage
<oozbooz> there is IRC channel "openvpn", you should confirm with them... but it should be not difficult
<Monotoko> cheers oozbooz
<oozbooz> have fun
<zul> jamespage:  http://people.canonical.com/~chucks/ca/
<zul> smb: ping i was wondering if you could offer some insight on it https://launchpadlibrarian.net/145685953/buildlog_ubuntu-precise-amd64.xen_4.2.2-1ubuntu1~cloud0_FAILEDTOBUILD.txt.gz
<smb> zul, maybe, let me read
<zul> smb: this is on precise
<smb> zul, Looks like the known problem of passing LDFLAGS in gcc format -Wl but don't we work around that
<zul> smb: yeah seems to ignore that for some reason
<smb> And why do you compile xen 4.2.2 on Precise?
<smb> :-P
<smb> Still have not cleared theat MRE
<smb> Actually I would not aim 4.2.2 immediately but 4.1.5... or .6 but anyway
<jamespage> zul, +!
<jamespage> +!
<jamespage> +1 rather
<zul> jamespage:  cool thanks
<smb> zul, "LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS|sed -e 's/-Wl,//g')" in debian/rules?
<jamespage> zul, https://code.launchpad.net/~james-page/neutron/fixup-rootwrap-conf/+merge/176708
<soahccc> I'm more the nginx kind of guy so what did I missed here? Installed apache, changed port (so that it won't conflict with nginx), getting this nestat "tcp    0     0 0.0.0.0:8080     0.0.0.0:*       LISTEN      0      185527477   18552/apache2" but it just reacts to local requests. There is no iptable rule... Any ideas, I'm desperate :(
<smb> zul, Just out of curiosity is that the 4.2.2 version from current Saucy?
<zul> yeah
<smb> zul, Hm, so it has that line... but for some reason I vaguely remember something going wrong with something like this (but I believe that was another package)
<smb> zul, Oh wait maybe because in P LDFLAGS is exported by the build system...
<zul> hmm...interesting ill try it out
<smb> zul, Is that LDFLAGS := instead of LDFLAGS =
<smb> zul, Oh I think I can imagine what is going on: we do not set LDFLAGS at all by default in newer releases. So when compiling in S I did not notice none of them being used and setting LDFLAGS in debian/rules being useless
<smb> But in P when they are set by default it fails...
<zul> smb:  so disable it?
<smb> zul, I'd probably try either an export in debian/rules or move the definition into debian/rules.real for a moment
<zul> smb:  ok ill try that
<smb> zul, And I need to make sure I really use those flags in the Xen 4.3 I am preparing
<smb> for S that is
<zul> smb:  when are you doing 4.3?
<smb> zul, I am just about to think I got all pieces together. Testing it on my boxes
<zul> smb: ok cool
<med_> zul, a user asked me if there will be any quantum-> neutron renaming in raring or earlier (and similarly, anything before havana)
<med_> my answer was "NO, but I'll check with zul"
<zul> med: no quantum in raring was quantum
<med_> nod.
 * med_ was pretty sure it was only a cease and desist not a "go undo the world"
<roaksoax> Madkiss: howdy! have you looked into packaging dlm?
<zul> smb:  nope neither worked
<smb> zul, Hm, ok need to figure out how to modify it correctly for the actual compile. Seems the more recent releases just don't use any
<smb> I mean it does not get passed in and fails because where we change it somehow does not replace the default of the system
<smb> zul, Doing the export did break the build in the same way on S though... So maybe := is the second missing piece
<smb> zul, having LDFLAGS= and export LDFLAGS both in rules.real seems to make the compile run longer (not finished yet)
<zul> smb:  can i see a snippet your rules.real please?
<Daviey> rbasak: BTW, merges.py won't work right now - until egress firewall is more relaxed.  Have raised RT
<rbasak> Daviey: OK, thanks.
<Daviey> roaksoax: Hey, does Openstack / Kombu support Rabbit Active/Active in Havana?
<rbasak> I'll try and keep people.canonical.com/~rbasak/delta.py updated in the mean time, though note that I'm doing it manually.
<roaksoax> Daviey: I haven't check yet, sorry! I'm doing the whole upgrade process of the clustering tools, whcih is not as easy as syncing packages from debian
<adam_g> Daviey, the issue wasn't active/active its the lack of any type of heartbeating support, so that the rpc layer (quickly) detects failure and migrates to a new server
<jsonperl> Patrick, I still got the issue, but I think I'm getting closer
<jsonperl> Patrickdk that is
<jsonperl> Would a BUNCH of connections in CLOSE_WAIT stop up the tcp pipeline at some point?
<zul> jamespage:  still around?
<jamespage> zul, yes
<zul> jamespage:  one more for you today http://people.canonical.com/~chucks/ca/
<jamespage> zul, does that one build against the havana-staging PPA?
<zul> jamespage:  just finished building
<jamespage> zul, +1 then
<zul> jamespage:  thanks
<patdk-wk> jsonperl, if that is the case, a couple of issues could be the case
<patdk-wk> open file handles?
<patdk-wk> or just exaustion of resources
<patdk-wk> maybe look here, it seems to have an ok description of the sysctl's involved
<patdk-wk> http://www.ufirsttech.com/content/linux-kernel-settings-related-tcp-connections-68
<jsonperl> Awesome thanks
<patdk-wk> normally there are several sysctls that need to be adjusted for any kind of high performance server
<patdk-wk> expecially when handling lots of connections
<jsonperl> In this case it's actually a library i use to hit amazon s3
<patdk-wk> don't think any of this would cause that single cpu usage issue though
<jsonperl> which is the least often used connection i got
<jsonperl> I think all of what we were seeing is a RESULT of connectivity issues
<jsonperl> no players = no processing
<patdk-wk> oh, that page uses proc, I normally do it via sysctl instead
<jsonperl> I think the ethtool command to change stuff maybe reset the stuck connections?
<patdk-wk> jsonperl, still :)
<jsonperl> making it look fixed
<patdk-wk> setup a ping
<patdk-wk> see if you start missing, or get delayed pings
<patdk-wk> if your running tcpdump on the server at the time too, watching just for icmp
<jsonperl> ok, we use pingdomâ¦ that sufficient you think?
<patdk-wk> you should be able to easily tell
<jsonperl> I actually try tcp to the server every minute
<patdk-wk> isn't that like once a minute?
<jsonperl> yea
<jsonperl> You're thinking more often?
<patdk-wk> ya, I would go second, and watch delays
<patdk-wk> you want to know how long it takes, you know it gets there ,and responds
<patdk-wk> you want to know if it gets lost, or delayed
<patdk-wk> well, tcp would get lost and retried
<patdk-wk> but ping would just get lost
<jsonperl> Any service you can recommend? or you just do it from another box
<patdk-wk> I normally just do it from my home box
<jsonperl> gotcha
<patdk-wk> or a work computer
<patdk-wk> not like ping uses much traffic
<jsonperl> Doesn't feel very enterprisey :D
<patdk-wk> now if you want to take it a step more, use mtr :)
<patdk-wk> so you can see where the issue actually happens, if it's network related
<jsonperl> It's not
<jsonperl> this is my boxes
<jsonperl> I wish it were somebody elses fault!
<patdk-wk> no, if you think the issue was you aren't receiving the players traffic
<patdk-wk> that would be network issue :)
<patdk-wk> ping would easily show that
<jsonperl> But I see the same issue cross machines, cross facilities
<jsonperl> different parts of the US
<jsonperl> same issue
<patdk-wk> not likely then
<patdk-wk> I really don't know where to go
<patdk-wk> unless I actually get on it and dig around and maybe setup my own stuff to monitor it
<jsonperl> I feel like i need to get rid of those orphaned connections
<patdk-wk> but not even sure how good I could do that
<jsonperl> Want a consulting job? :D
<patdk-wk> I have enough of those :)
<jsonperl> haha
<jsonperl> But we're a super entertaining indie game company
<jsonperl> like on the tv :D
<jsonperl> So real quickly...
<jsonperl> Do you believe it's possible that piling up of CLOSE_WAIT connections eventually can lead to connectivity issues in the tcp stack?
<jsonperl> or am I going up the wrong road here
<patdk-wk> it can, I doubt your anywhere near that though
<patdk-wk> I doubt your even >5% of the limit
<jsonperl> Does the OS limit per process?
<patdk-wk> check ulimit for that
<jsonperl> k
<patdk-wk> remember, tcp connections are file handles, and count with open files
<jsonperl> So what seems like a clue to me is
<jsonperl> Turning everything off with ethtools fixed "the glitch"
<jsonperl> Temporarily
<jsonperl> No questionâ¦ went from "very borked" to normal the moment I changed the settings
<patdk-wk> what kernel you running on these?
<jsonperl> 3.2.0-38-generic-pae #61-Ubuntu SMP Tue Feb 19 12:39:51 UTC 2013 i686 i686 i386 GNU/Linux
<patdk-wk> hmm, 32bit
<patdk-wk> why not 64?
<jsonperl> actually waitâ¦ that box is an oddball
<jsonperl> the rest are 64
<patdk-wk> :)
<patdk-wk> using any dkms modules?
<patdk-wk> I doubt you are
<jsonperl> 32 was to save memory
<jsonperl> these are the rest 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
<jsonperl> dkms? I donno what that is
<patdk-wk> addon modules for the kernels
<jsonperl> ahâ¦ can I list em?
<jsonperl> it's pretty stock 12.04
<patdk-wk> like, vmware drivers, xtables, ....
<patdk-wk> nvidia
<jsonperl> ah, i doubt
<jsonperl> no video
<patdk-wk> normally should show up in dpkg -l | grep dkms
<jsonperl> no virtualization
<jsonperl> nothin
<patdk-wk> since I still believe it's a kernel issue
<patdk-wk> might be worth giving a 3.8 kernel test on it
<patdk-wk> though, on all my servers I haven't hit this issue, but then, I likely wouldn't have noticed either
<patdk-wk> I'm using 3.8 on my firewall machines for the newer firewall stuff in it
<patdk-wk> to install it, apt-get install linux-generic-lts-raring linux-tools-lts-raring
<patdk-wk> then reboot
<patdk-wk> you can always uninstall it too
<jsonperl> Was just looking into that?
<jsonperl> How do you downgrade?
<patdk-wk> it's just a new grub kernel option
<patdk-wk> just select a different one
<patdk-wk> then once it's booted apt-get remove those two
<patdk-wk> I had all kinds of dkms issues with it
<patdk-wk> cause I needed both vmware and xtables dkms modules
<jsonperl> Makes senseâ¦ That's why i like to stay 2 steps behind bleeeeeding edge
<patdk-wk> I really wanted the bufferbloat stuff in 3.8 though :)
<patdk-wk> for the firewall, and firewall needs xtables :)
<patdk-wk> all my other machines are normal 64bit 12.04 though
<patdk-wk> but I wonder if the issue your having got fixed in the kernel already
<patdk-wk> and there is a LOT of changelogs to read to find out easily
<patdk-wk> without just testing it
<jsonperl> Or testing that it doesn't happen to explode
<jsonperl> over a period of days :)
<patdk-wk> I guess we could always setup an ice, and test it there :)
<jsonperl> ice?
<patdk-wk> http://en.wikipedia.org/wiki/In-circuit_emulator
<patdk-wk> when you go there, it's not pretty
<patdk-wk> I guess these days people would just use a vm
<patdk-wk> but oldschool it was using an ice
<jsonperl> gotchaâ¦ yep that's before my time!
<jsonperl> mtr is cool
<jsonperl> cept allll my packets are lost on the way to my server
<jsonperl> Must be clipping all but the first
<jsonperl1> whoops
<jsonperl> btw I would be HAPPY to give you access to the box :)
<jpds> jsonperl: Sounds like a dreadful idea from a security point-of-view.
<jsonperl> haha
<jsonperl> Truth
<rizzuh> Hey guys. I want to install Redis on a 12.04 Azure Extra Small VM. It has only 768MB of RAM available. How can I find the RAM usage and what steps should I follow to minimize memory usage, so Redis can have the lion's share?
<sarnold> rizzuh: measuring memory use is a bit complicated; 'free' will give you a very quick overview of free memory on the system, the -/+ buffers/cache line is probably most important summary of the summary..
<sarnold> rizzuh: ps auxw or top (sorted with M), look for the highest RSS numbers, that's what's actually resident in RAM for those programs..
<sarnold> rizzuh: ut sometimes shared libraries take a pile, the 'smem' tool can help you find out wihch processes have which shared libraries loaded, and apportions to each of them a certain amout of the fault for the memory used by those shared libraries
<rizzuh> sarnold, well ATM top shows 554478k free - if that isn't woefully inaccurate it's pretty good
<sarnold> rizzuh: well, "free" is a funny thing. the kernel keeps some memory around, free, to handle spikes of allocations. but it tries to minimize the amount of free memory because free memory is wasted memory. :)
<rizzuh> sarnold, ahh, sure, free as in not reserved by an app. If it's full of cache that ain't an issue.
<sarnold> rizzuh: that's where the -/+ buffers/cache line comes in -- that includes memory that is currently being used for storing in ram copies of files but _could_ be thrown away under pressure
<sarnold> rizzuh: *nod* *nod*
<rizzuh> sarnold, that said, 500 MB RAM to use is good, but damn this thing is slow. Good that Redis doesn't need much processing power. It's taking a while to update a few apt packages.
<sarnold> rizzuh: at least the amazon micro instances are very heavily penalized in much the same way.. not bad for slight spikes in a mostly-idle environment, but installing a few hundred packages is -painful-
<jsonperl1> yea those micros
<jsonperl1> i'm fairly sure they arbitrarily throttle you...
<rizzuh> sarnold, yeah these are pretty much the same as AWS micro. 5 Mbit network as well, not great.
<sarnold> if the azure storage can be moved among instances, it might even make sense to turn it off, attach to a good instance, upgrade, and move back to cheap again.. heh.
<sarnold> rizzuh: 5MBit? wow!
<rizzuh> The next one is small at $50 a month, with 1.5GB RAM and a dedicated core. Oh and 100 Mbit network or something like that.
<rizzuh> But then through BizSpark we pay 33% less. "Pay", as we have $150 credit / dev, with production usage rights, so it's pretty good for the money :P
<jsonperl> Patrickdk, so running simulators at a boxâ¦ I'm able to REALLLLLY pile up on LAST_ACK state connections
<jsonperl> Over about 20 minutes, I'm able to get to a count of 450 or so
<patdk-wk> nice
<jsonperl> Seems odd right?
<patdk-wk> something isn't closing the connection correctly
<patdk-wk> might just be normal for ios, no idea though
<jsonperl> Our server was trying to "close a connection after writing remaining data"
<jsonperl> I changed it to just close the connection, seems to fix that at least
<jsonperl> sarnold: Ive dumped some dmesg output from blocked processes, but still unclear how to read it
<hallyn> jdstrand: would adding AUDIT_WRITE to libvirtd apparmor policy be acceptable?
<jdstrand> hallyn: usr.sbin.libvirtd?
<hallyn> yes
<jdstrand> hallyn: that's fine, libvirtd is not really confined anyway (the VMs it launches are)
<jdstrand> hallyn: let me point you at a bug though
<jdstrand> hallyn: actually, nm, you should be ok
<hallyn> jdstrand: ok, thanks.  (i consider this ultra-low priority)
<hallyn> zul: ^ if you happen to be merging libvirt soon-ish, we should toss that in i guess (there is an open bug requesting it)
<jsonperl> netstat -s outputâ¦ does anything here look overly concerning? http://pastebin.com/bnzEFRPh
<thumper> hi hallyn
<thumper> hallyn: thanks for the comprehensive email
<thumper> it has me thinking...
<thumper> hallyn: also, lxc-device isn't available in the precise lxc that we are limited to
<sarnold> jsonperl: 10878 invalid SYN cookies received
<sarnold> jsonperl: that seems steep.
<jsonperl> take the system down steep
<jsonperl> ?
<sarnold> maybe it's normal on the internet now, but .. it'd be worth asking your host if you're under attack..
<sarnold> jsonperl: what's this machine -do-?
<jsonperl> serves a game via a persistent tcp connection to a bunch of users
<jsonperl> at this time only about 50-100 concurrent on that machine
<jsonperl> distributed amongst 14 servers on that machine
<hallyn> thumper: are you actually limited to the stock precise lxc, or could you use lxc from the ubuntu-lxc ppa for precise?  AFAIUI you're using ppas anyway....  but in any case lxc-device is just a nicety, you do NOT need it :)
<thumper> hallyn: possibly not necessarily limited to stock lxc
<thumper> but I've not considered extra ppas
<thumper> managed to not really need it at this stage
<thumper> hallyn: this would be on every machine, and I don't think we install ppas on every machine
<hallyn> thumper: well lxc-device itself isn't enough of a reason to switch to ppa i don't think
 * thumper nods
<thumper> I need to find someone who knows maas
<thumper> to work out how to do the "gimmie a nic" thing
<hallyn> thumper: is it acceptable to simply start up the container after getting the nic from <whatever hands it to you> ?
<thumper> yes, I think we can do that
<hallyn> cool, that'll be easiest
<thumper> as long as the getting a nic doesn't take too long
<thumper> < 10s would be ok I think
<thumper> longer than that and we might need to work out something else
<thumper> by something else
<thumper> just a better work flow
<jsonperl> sarnold: Any ideas for further investigation into the invalid syn cookies?
<thumper> hallyn: I wish I knew about the "no network conf" bit to use the host
<thumper> that would have been a good enough setting by default I think
<jsonperl> an attack certainly could explain the very random connectivity issues we've seen
<thumper> I need to consider the implications for the local provider
<hallyn> thumper: i don't follow.  you mean lxc.network.empty ?
<thumper> no, the number 2
<thumper> no network entry
<sarnold> jsonperl: syn packets tie up kernel memory; syn cookies are one way to tyr to avoid the worst of the kernel memory use. for some good backgroud information, see http://lwn.net/Articles/277146/
<sarnold> jsonperl: /etc/sysctl.conf has a configuration you can set to turn on syn cookies
<thumper> also I need to work out how to have a nice api to our internal providers, and how to handle that config with the containers
<jsonperl> ok, thanks for the read
<thumper> the brain is busy handling this with a background process :)
<thumper> I think I almost have it :)
<jsonperl> sarnold: if netstat is reporting invalid syn cookies, doesn't that mean they're on?
<sarnold> jsonperl: maybe? :)
<jsonperl> sarnold is that the only thing of concern that popped out at ya?
<sarnold> jsonperl: the high connection counts made me wonder, but the use makes sense, hehe
<jsonperl> Kids jumping in and out of the game
<sarnold> sorry nothing just stands out to me ;(
<jsonperl> worlds exist on one server on one machine, and they can "teleport" between them
<jsonperl> haha ok :)
<jsonperl> sarnold: good reading on syncookies thanks
<thumper> hallyn: still around?
<hallyn> thumper: yup
<thumper> hallyn: thinking about number four, where we create a veth pair
<thumper> hallyn: if the container hasn't been started, there is no network namespace right?
<thumper> or is there?
<hallyn> nope.
<thumper> also, this "sudo lxc-unshare -s NETWORK -- /bin/bash" seems like it does something intersting I don't quite grok
<hallyn> thumper: that's just doing the same thing as creating a container.
<hallyn> it starts a task inside a new, private network ns
<hallyn> as for veth - if MAAS/openstack/ec2 will hand you a nic, then ignore veths
<hallyn> lxc.network.type = veth will always create a new veth pair and attach the one end to lxc.network.link.
<thumper> well openstack won't
<thumper> ah, I was going to ask what the link bit was
<thumper> hallyn: can I run my idea past you?
<hallyn> so if you *were* going to use veth, which my feeling is you won't, then you would bridge whatever you get <handwaving> from openstack to br0, then say lxc.network.type = veth lxc.network.link=br0
<hallyn> sure
<thumper> hallyn: although #juju-dev might be better
#ubuntu-server 2013-07-25
<MrHeavy> I'm having an issue with cloud-init+AWS on 12.04 where #include doesn't seem to be working the way I expect
<MrHeavy> user-data.txt contains the #include directive I put there, but the resulting cloud-config.txt is empty
<MrHeavy> No errors in cloud-init.log
<MrHeavy> Any ideas on how I can get some kind of useful output?
<Zhenjin>  I am getting ic2 ic2-3: sendbytes: NAK bailout. messages, is this a serious issue or something i can ignore?
<sarnold> Zhenjin: I don't know if it'll help you understand it better or not :) but the comment near that error in the kernel source code says "A slave NAKing the master means the slave didn't like something about the data it saw.  For example, maybe the SMBus PEC was wrong."
<sarnold> (at least, I assume you mean i2c, not ic2)
<Zhenjin> Hmm, well it doesnt appear to cause any trouble besides showing that message every once in a while, does it cause damage behind the scenes that stops other things from working?
<Zhenjin> and yea its i2c not ic2
<sarnold> Zhenjin: i2c is often used for things like temperature reporting.. maybe keep an eye on those numbers, some might not always make sense?
<Zhenjin> check the temparatures? alright, from google i find that i need to download something for it sudo apt-get, havent got to work yet tough DNS issue, is there another way to do that?
<sarnold> the 'sensors' program from 'lm-sensors' package is definitely the easiest way... I'd get your DNS working first. :)
<Zhenjin> http://imgur.com/YQOwgPU Here is some info on what a tried for the dns
<Zhenjin> maybe you can see what i did wrong :)?
<sarnold> Zhenjin: you don't want 'search google.com' unless you're actually on google's network and want to refer to hosts in the google.com domain without specifying their FQDN :)
<sarnold> Zhenjin: but that doesn't seem like it would give you the errors you've got
<Zhenjin> should i delete the search google.com or change it to something else?
<sarnold> I'd just delete it, I haven't used 'search' in 15 years and don't miss it much :)
<Zhenjin> done, what would likely be the issue besides that? something in particular i should look for?
<sarnold> Zhenjin: can you contact 8.8.8.8?
<sarnold> does ping work? how about host www.google.com 8.8.8.8 ?
<Zhenjin> zhenjin@ZhenServer:~$ ping 8.8.8.8
<Zhenjin> PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
<Zhenjin> after that it doesnt give zhenjin@ZhenServer:~$ anymore
<Zhenjin> just empty chat
<Zhenjin> is it just me being impratient?
<sarnold> Zhenjin: no, you should see ping responses near immediately
<sarnold> (just hit ^C to kill ping)
<Zhenjin> --- 8.8.8.8 ping statistics ---
<Zhenjin> 174 packets transmitted, 0 received, 100% packet loss, time 174384ms
<sarnold> Zhenjin: there's your next project :) figure out why you can't do UDP or ICMP packets with 8.8.8.8
<sarnold> Zhenjin: try also 4.2.2.1, that's another publicly available DNS recursor
<Zhenjin> replace it in resolv.config?
<sarnold> Zhenjin: try pinging it first
<Zhenjin> Nope, whats the ^C key?
<sarnold> Zhenjin: it's a terminal interrupt key -- it sends a the SIGINT signal, which often kills a program
<Zhenjin> which key on my keyboard? :p
<sarnold> Zhenjin: hold down the control key while pressing the C key
<Zhenjin> ty
<Zhenjin> --- 4.2.2.1 ping statistics ---
<Zhenjin> 303 packets transmitted, 0 received, 100% packet loss, time 304141ms
<Zhenjin> so ill try changing it in the resolv.conf?
<sarnold> darn.
<sarnold> no, it probably wouldnt work either.
<sarnold> do you control the 192.168.2.1 gateway? it might be the problem..
<Zhenjin> shall i send a screenshot of cmd ipconfig?
<sarnold> sure
<Patrickdk> on windows now?
<sarnold> hehe, I assumed it was a typo :)
<Patrickdk> unlikely :)
<Zhenjin> http://imgur.com/Mb0P0ai
 * sarnold owes Patrickdk another beer :)
<Patrickdk> hehe
<Patrickdk> that was just too funny
<sarnold> Patrickdk: I ohpe you're keeping track of how many beers I owe you :P
<rubberneck> Zhenjin: you have a differnet gateway in your linux box
<Patrickdk> that is a lot of gateways
<Patrickdk> I wonder what one is being used
<sarnold> Zhenjin: it looks like you're trying to use the windows box as a gateway; if that is correct, you'll need to configure it to perform Network Address Translation while forwarding packets
<sarnold> (hey, what's the point of "default gateway" on each NIC??)
<Patrickdk> and it  has too much gateways :)
 * Patrickdk wonders what route print, shows
<sarnold> I think windows forgets what "default gateway" actually means.
<Patrickdk> na, it depends what is actually pluged in and working
<Patrickdk> but if both are, that isn't really defined and windows warns about it
<Zhenjin> so i need to put the gateway my cmd shows 192.168.2.254 into /etc/network/interfaces?
<sarnold> Zhenjin: probably not
<sarnold> I don't think that would work, unless you actually -do- get your internet from 192.168.2.254, rather than 25.96.34.38, which feels far more likely to me
<Zhenjin> the hamachi 1p4 address?
<sarnold> yes
<Zhenjin> alright ill try it
<appleguru> Any network gurus online?
<sarnold> Zhenjin: good luck :) I'm off to dinner
<appleguru> I have an ubuntu server box setup with 2 NICs. eth0 and eth1...
<Zhenjin> alright, have fun eating
<appleguru> I have eth0 with a 10.1.2.50 address, 255.255.255.0 subnet mask...
<Zhenjin> nope hamachi ip4 didnt work
<appleguru> And eth1 with a 10.1.75.20 address, 255.255.255.0 subnet mask
<appleguru> if I plug my computer into either port, with appropriate similar settings... I can reach servers running in my Ubuntu box at either IP address
<appleguru> Any idea why?
<appleguru> (I'd expect to only be able to reach the box on the correct subnet for a given port, but that's not what I'm seeing)
<martisj> morning
<martisj> how do i get a list of the versions that will be installed when updating php-apc
<martisj> through apt-get
<martisj> is it possible to see when a package was updated last?
<ScottK> martisj: Use -V with apt-get to see the versions.
<sarnold> martisj: /var/log/dpkg.log
<babinlonston> Hi any one there to help me about ubuntu linux server backup
<sarnold> babinlonston: I'm headed to bed, so just some quick pointers: duplicity and bacula
<babinlonston> ok fine
<sarnold> babinlonston: I use rsnapshot from one drive to another on my laptop, it's nice, but not off-site. off-site is on my todo list.
<babinlonston> me to gone through rsnapshots  its nice but , one question , only its possible to take backup by root user ? can i add a separate user as backup-user and can i get the privilege of root to take backups of configuration files and User's files is it possible ?
<andol> babinlonston: rsnapshot can run as any user, even if some parts of the default config might assume the root user.
<babinlonston> Will rsnapshot take the backup of files which have root ownership from sysadmin user ?
<babinlonston> or did i need to add the sysadmin user to sudo group ?
<andol> babinlonston: That really depends on how the rest of the ownership settings for a file looks like.
<babinlonston> ok ill try
<sarnold> babinlonston: if you want to run rsnapshot from a user's crontab and back up just that user's files, that's fine, but the configuration file may need some .. configuration :)
<andol> babinlonston: I guess the most flexible thing to do would be to use acl:s and expcitly give read rights, and only read rights, for your backup user.
<babinlonston> good point u given ill try and let u know
<dreibaume> hi, aa-logprof always tells me "Log contains unknown mode  apparmor=. ". anyone had this problem before?
<jdstrand> dreibaume: can you file a bug at https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug (ideally using 'ubuntu-bug apparmor')
<roboto_> on fresh install trying to figure out why after setting up Samba the folders in my network look like servers?? sorry if this is a crosspost, couldn't find a #ubuntu-network. Other computer with same config. works fine 99% of the time
<reuf> hello anyone worked with hsphere?
<rbasak> hallyn: if I use lxc-start-ephemeral, is there any way to see the root filesystem of the container from the host? I see eg. /var/lib/lxc/.../delta0, but this is only have of it; I want to see the whole thing as the guest sees it. This is so that the host can wait for /var/lib/cloud/instance/boot-finished without having to interpret the overlay in an overlayfs-specific way. If this isn't available right now, would you entertain a wishlist item to bind
<rbasak> only half of it
<rbasak> !anyone | reuf
<ubottu> reuf: A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<hallyn> rbasak: we could come up with other ways, but I would think that lxc-attach would be the simplest way - is there any reason that wouldn't work?
<hallyn> sigh, not sure what's going on, but spamassassin doesn't seem to be doing as good a job as it used to in filtering binary-looking spam.  i keep sa-learning it every morning, but the same amount keeps coming through
<rbasak> hallyn: it's a bit awkward programatically. I have to come up with a shell rune to get what I want. I suppose I could keep calling stat(1) until I get what I want, but I'm currently calling lstat(2) which I feel gives me more control. But in this case, it would work, yes. It's nice to be able to get to the container filesystem from the host though, for example I can copy and examine stuff directly from my own environment, instead of having to work in
<rbasak> hallyn: it's the text scraping I don't like, IYSWIM.
<hallyn> rbasak: we can add a 'container.rootfs_mount(target)' api which would be only a few lines (based on the existing bdev stuff)
<rbasak> hallyn: I already hit /var/lib/lxc/.../rootfs quite a lot - that's what I lose with epehemeral containers
<hallyn> rbasak: then you could watch under target.  The problem with that,
<hallyn> is that users doing what you're doing - with containers which are using tmpfss mounted at boot - would get results they didn't expect
<rbasak> The engineering perfection way would be to inotify on /var/lib/lxc/.../var/lib/cloud/instance/boot-finished, and that's awkward without having inotify-tools in the guest.
<hallyn> rbasak: it's not engineering perfection for a few reasons:
<hallyn> 1. fs may not support inotify,
<rbasak> OK, so fall back to poll in that case
<hallyn> 2. container's /var/lib/lxc may be mounted by container userspace
<hallyn> so just mounting the container's root would not suffice
<rbasak> The container's /var/lib/lxc?
<hallyn> yes
<hallyn> ok, the container's /var/lib/cloud
<rbasak> I'm not nesting here.
<rbasak> Oh OK
<rbasak> Yeah it does require that the host has knowledge of what the guest is doing here.
<hallyn> rbasak: is there any reason not to just look at /proc/$(container-init-pid)/root/var/lib/cloud/instance/boot-finished?
<rbasak> It didn't occur to me to do that!
<rbasak> I just wanted the host to get access to the guest's fs. If I can do it that way, then great!
<hallyn> it's usually my go-to-way to inspect a running containre's rootfs
<rbasak> How do I get the container-init-pid?
<hallyn> lxc-info -p -n $name
<rbasak> OK, thanks. It still feels a bit ugly having to scrape the output of that. Two requests for enhancement. 1) an option to print the pid only, without the field name; 2) a symlink to /proc/$(container-init-pid)/root available in /var/lib/lxc/.../something :-)
<rbasak> But that'll do great for now. Thank you!
<hallyn> lxc-info -p -n $name | awk -F: '{ print $2 }' :)
<hallyn> but i agree
<hallyn> rbasak: if you wanna open bugs for each of those, they both sound reasonable - but wishlist - items.
<rbasak> It's fine from shell but feels particularly ugly in Python, even though I just need to do .split()[1]
<rbasak> hallyn: OK - thanks. I understand they're wishlist. Wouldn't expect anythign else.
<hallyn> \o
<rbasak> hallyn: interesting. I was interpreting /var/lib/lxc/$name/delta0/var/lib/cloud/instance/boot-finished as a normal user. I can't do that via /proc. Though that's reasonable, I was using sudo to call all the lxc- commands, so I'll need to think about how to get to boot-finished now. If I have to call out to sudo and parse the output, I might as well write a shell snippet to do the test, and call sudo lxc-attach -- $snippet.
<hallyn> rbasak: well the downside to lxc-attach is that the snippet then needs to exist inside the container's rootfs
<rbasak> That's true, but here I just need a shell and stat(1) so I should be OK I think.
<rbasak> What do you think about /var/lib/lxc/$name/rootfs not being 0700?
<hallyn> rbasak: as I say, I also don't mind adding a 'container.mount_root(target)' api bit, I just fear people will misunderstand/misuse it
<hallyn> rbasak: /var/lib/lxc/$name/rootfs being 0700 is not the problem
<hallyn> the problem is it's not unconditionally the rootfs :)  actually lxc doesn't make it 0700
<rbasak> It's not 0700. It's 0755.
<rbasak> Right. I'm just observing that it's 0755 and wondering if it's an issue that unprivileged users can get there in the first place.
<hallyn> Eh, if you wanna keep that stuff secret you can also use /usr/share/lxc/hooks/mountecryptfs :)
<rbasak> :)
<hallyn> stgraber: do you think a 'container.mount_rootfs(target)' would be a useful api extension, or lead us to trouble with people who expect the container's mountall to also have run?
<stgraber> hallyn: hmm, I can think of a lot of corner cases and relatively few use cases for it, do you (or someone else) actually have a need for it?
<hallyn> stgraber: rbasak wants to watch for a file to be created in the container that shows the container is booted
<stgraber> hallyn: and he wants to double-mount the rootfs for that? won't that cause possible fs corruption?
<rbasak> stgraber: I was proposing a bind mount. I don't mind how to achieve this, but I need to bring up an lxc container and then do stuff in it automatically (and then tear it down). I'm working on adt-virt-lxc.
<rbasak> I was having problems with /tmp being cleaned after I was already using it.
<stgraber> rbasak: /proc/<pid>/root/...
<stgraber> rbasak: note that lxc-attach should also be working now (if your kernel is >= 3.8)
<rbasak> Yeah, hallyn pointed me to that, and I'll use it now. Though awkwardly I need to be root for that, and I was calling sudo lxc-* as a normal user, so I can't do it without calling sudo, which means that I can't reach /proc/<pid>/root programmatically.
<rbasak> Using lxc-attach heavily, thanks :)
<hallyn> stgraber: not sure about fs corruption...  i wouldn't think so.  But with overlayfs I'm actually not sure, it just may :)
<rbasak> hallyn: AIUI, a bind mount will be fine, but perhaps trying to mount everything again won't. There should be no problem doing a bind mount though, right?
<hallyn> bind mount of what?  You actually can't cleanly bind mount from the /proc/$pid/root, unfortunately.
<hallyn> rbasak: at this point you might be better off setting up a rshared directory and doing an lxc-attach mount into there...  not sure if that would work or not
<hallyn> well, at least you could set up the rshared dir before starting up the container, use /var/lib/lxc/$container/fstab to mount it into the container, lxc-attach into the container to bin-dmount /var/lib/cloud into it, and then watch there.  that *should* work
<hallyn> but not sure you're willing to do that :)
<hallyn> (and if you are, i'd have to play a bit to see about making it work)
<hallyn> biab
<rbasak> hallyn: bind mount of whatever you're mounting with container.mount_rootfs(target)!
<rbasak> Anyway, I have a path forward now, so I'll get on with that. Thanks very much for the help and the discussion.
<meh3> hey guys, i have a little issue with my ipv6 on my server, im still learning about iptables and so on, if someone check this out http://paste.ubuntu.com/5911219/
<meh3> is this blocking ipv6 connections?
<andol> meh3: ip6tables is the command you are looking for.
<rbasak> meh3: probably not, though I'm not certain. iptables happens at layer 3 and only for IPv4, AFAIK. If you want to block IPv6 by MAC address, then as andol says you want ip6tables.
<hallyn> rbasak: stgraber: mind you other people are doing things like that to watch for container 'boot finished' state.  I don't recall offhand how they do it.
<stgraber> hallyn: one solution I discussed on the mailing list a while back was bind-mounting a socket over /dev/lxc and then writing to that
<hallyn> yeah if rbasak actually has a specific use case for it this might be a good time to work on whatever support we need to solve it generally
<hallyn> i guess all we'd need for that is mknod + an added entry to /var/lib/lxc/$c/fstab
<rbasak> For the boot-finished case, how about the lxc package provides a tool for that? Or something added to lxc-wait? I realise this is specific to containers running cloud-init, but I think that's a common enough case.
<hallyn> we can't "just add" something to lxc-wait, we'd need conventions respected by distro userspaces
<hallyn> to use stgraber's suggestion,
<hallyn> the template could be asked to create /var/lib/lxc/$c/bootsock, and add an entry to mount that onto container's /dev/lxc,
<hallyn> then user is responsible for having userspace write 'booted' to /dev/lxc when done
<hallyn> if we go that far then i suppose we could hack lxc-wait to watch that file
<hallyn> s@file@file/sock@
<rbasak> That sounds good
<hallyn> rbasak: the /proc/$pid/root one, i'm not sure that's actually reasonable after all.  But I"ll keep it open as we think about it.
<rbasak> hallyn: I don't follow. What aspect isn't reasonable? As a means of accessing the rootfs of a container from the host? Its permissions? Or something else?
<rbasak> hallyn: oh, just seen the bug. You mean the symlink proposal?
<hallyn> yeah
<hallyn> it's sort of institutionalizing a hack.
<rbasak> I see. Fair enough. As long as we can access it somehow.
<rbasak> The hack could be replaced without changing the interface in the future, perhaps?
<hallyn> i just wanna let it sink in for a bit :)  please do keep prodding me on it from time to time (both this and the /dev/lxc boot completion detection)
<rbasak> It is really useful to be able to get to the container fs. Not just for boot-finished, but for vim/less and other tools as well.
<rbasak> Will do - thanks.
<rbasak> I appreciate that we want to think about it. No problem - it's not blocking me.
<rbasak> Don't want to introduce an interface that we later regret and get stuck with it.
<hallyn> especially now that we're approaching 1.0 and won't feel as free to abuse the users :)
<hallyn> cool - tty
<rbasak> BTW, whatever the solution is, I'd really like it to be available (mounted, symlink, whatever) by default, or have a tool to make it available using just the container name. That way tools that use lxc can make use of it and all the user has to do is provide an lxc container name to clone (or start-ephemeral) from. Without having to arrange it in a special way.
<rbasak> (without having the *user* from having to arrange it in a special way)
<theazman> Hey, anyone here familiar with amanda backup? I am trying to restrict the program from reaching hosts connected via wifi, haven't found a way to do it in the program. Is there a way to restrict that program from reaching hosts via wifi, while still allowing users connected via wifi to reach the server?
<hallyn> zul: pushing a libvirt package based on 1.1.0 hourly tarball to ppa:serge-hallyn/libvirt-mav, fwiw.  Was quite trivial, just some patch wrangling to do.  Might save you 30 minutes on 1.1.0 merge (when that's released in 1-2 weeks)
<hallyn> hm, i didn't add the apparmor fix for audit_write.
<hallyn> anyway hopefully it fixes the memleak.
<zul> hallyn:  ok ill have a look monday (tearing down a house today)
<hallyn> KABOOM
<Siebjee> Hi all, i'm wondering where ubuntu is storing its old installation if you have re-installed ubuntu but stated that you didn't want a format while leaving the old data intact
<jsonperl> PatrickDK: tried some more stuff that seemed to make senseâ¦ I set open file limits to 999999 since it seemed maybe hanging connections + current connections might use up the 1024
<patdk-wk> I didn't break it
<jsonperl> then I changed these sysctl settings http://pastebin.com/4CgcDgT8
<jsonperl> Then I STILL saw the issue with pretty low connection count last night SAD FACE
<jsonperl> SysRq show blocked state outputâ¦ Am I correct that nothing is blocked here? http://pastebin.com/NJ44MKrh
<pagec> ubuntu 12.04 trying to install smbldap, i download and ran the script smbldap-config.pl and i get this error: "Can't exec @PERL_CMD@ at ./smbldap-config.pl line 1." Perl is installed, anyone know what to do to fix it?
<jsonperl_> Does anybody know what the * (asterisk) line is in "ss -s" output
<jsonperl> Like what is the 1600 line up top?? http://pastebin.com/4tbVzG9v
<RoyK> jsonperl: not sure, but I guess it's whatever's not listed in the other categories
<patdk-wk> dunno, for unix sockets, I get 138
<patdk-wk> for ALL I get 223
<jsonperl> It's strage, it's always 0 for me except in my "I'm having a problem" snapshots
<patdk-wk> but for * it lists 285
<jsonperl> hmm
<patdk-wk> Total: 221 (kernel 285)
<patdk-wk> that first line is more important than *
<jsonperl> Yep, which is low(ish)â¦ It just seems like a clue
<jsonperl> since it's really high on problem servers
<patdk-wk> this is from an ftp server
<jsonperl> Gotca
<patdk-wk> web server: Total: 218 (kernel 233)
<patdk-wk> syslog server: Total: 289 (kernel 395)
<sarnold> patdk-wk: he's got a fairly popular game server running
<patdk-wk> I know
<sarnold> okay :) hehe
<patdk-wk> so should be likely kindof like a webserver
<jsonperl> wow kernel 1600 in that paste
<jsonperl> It is and isn't
<jsonperl> connections are persistent
<patdk-wk> well, long keepalive :)
<jsonperl> No reverse proxy :(
<patdk-wk> no idea how you got so many kernel sockets
<patdk-wk> that sounds like an issue
<jsonperl> It does
<jsonperl> :D
<patdk-wk> or maybe that is just all your threads
<jsonperl> 294 threads from the games servers totalâ¦ no more no less
<patdk-wk> I don't have anything that does a lot of threads, other than apache
<patdk-wk> and even there, it's not insane
<jsonperl> Main thread, + 20 workers
<jsonperl> 14 servers
<patdk-wk> hmm
<jsonperl> This looks suspicious though right??
<jsonperl> Now i wanna dig into the source of ssâ¦ i doubt i'd understand it
<patdk-wk> kernel is slabstat.socks
<patdk-wk> Total: 1141 (kernel 1265) (my desktop machine)
<jsonperl> Hmmâ¦
<jsonperl> oh yea: printf("*	  %-9d %-9s %-9s\n", slabstat.socks, "-", "-");
<jsonperl> what the crap is slabstat
<patdk-wk> using nfs?
<jsonperl> negative
<patdk-wk> slab is kernel memory allocator
<patdk-wk> not sure what socks are for slab
<sarnold> the kernel memory allocator tries to know the exact sizes of kernel memory objects, so it can keep tightly-packed ranges of memory available for use for those specific objects again
<jsonperl> btw, using jemalloc now
<patdk-wk> that doesn't affect kernel
<sarnold> when a new memory object is required, the kernel can re-use old objects that are the right size and perhaps even partially constructed already..
<patdk-wk> dump an output of /proc/slabinfo
<patdk-wk> a broken one would be interesting
<jsonperl> Servers are fine now
<jsonperl> k, just cat the whole thing to a file?
<sarnold> slabtop output might be more readable
<patdk-wk> ya
<patdk-wk> :)
<jsonperl> ya slabtop?
<jsonperl> aiight, added to my oh shit script
<patdk-wk> not slabtop I hope
<jsonperl> nope
<patdk-wk> it's not very scriptable :)
<jsonperl> that puppy looks interactive
<patdk-wk> ya
<patdk-wk> not sure I have ever had a slab issue
<patdk-wk> I know I have had issues before the kernel added slab into it
<jsonperl> I'm still teetering on upgrading to 3.8 kernel
<jsonperl> i feel like that's kinda last ditch
<sarnold> heh, pre-slab is -ancient- :)
<jsonperl> this feels like a networking issues (settings or something)
<patdk-wk> yes, my active kernel hacking was ancient
<patdk-wk> I was big into hacking on 2.0
<patdk-wk> alittle less on 2.2
<patdk-wk> and pretty much died on 2.4
<sarnold> man things were easier in 2.0 :)
<patdk-wk> I loved using that qnx scheduler back then
<patdk-wk> still wish I could use it today
<patdk-wk> not motivated enough to hack it in though
<jsonperl> Patrick did you look at those sysctl settings i changed?
<patdk-wk> yep
<jsonperl> Seem aiight?
<jsonperl> I feel like we might be hitting the open file limit stillâ¦ the numbers just look about right
<patdk-wk> did you add ulimit to the script startup?
<jsonperl> added soft  nofile  999999, hard  nofile  999999 to a conf file in limits.d
<patdk-wk> oh, I never touch that
<jsonperl> should accomplish the same goal right?
<patdk-wk> dunno, I don't know enough about limits.d
<patdk-wk> I don't even have a limits.d
<jsonperl> ulimit -a => open files                      (-n) 999999
<jsonperl> it's in security
<sarnold> The limits.d stuff will only be applied if pam_limits is somewhere in the PAM stack used to start those processes...
<jsonperl> So maybe that's the issueâ¦ it's still seeming to hit it
<patdk-wk> using ubuntu startup scripts, I'll just add ulimit into /etc/default/x
<patdk-wk> if you own startupscript, just add it right before you launch your app
<sarnold> jsonperl: check lsof or fuser output, I strongly doubt you're hitting nearly-a-million in a single process...
<patdk-wk> sarnold, he means hitting the default of 10254
<patdk-wk> 1024
<jsonperl> Not a milionâ¦ but certainly the default
<sarnold> patdk-wk: ah, okay
<sarnold> note upstart has nice limit stuff built-in too, no need to do the shell approach: http://upstart.ubuntu.com/cookbook/#limit
<jsonperl> hmm i'll do that
<jsonperl> i LOVE upstart btw
<jsonperl> so awesome
<sarnold> once I found the .override files, my opinion of upstart improved drastically :)
<jsonperl> I tried to install it on debian a while backâ¦ what a fiasco
<patdk-wk> oh? .override?
<sarnold> it should be better now
<patdk-wk> in my upstart, I added ulimit to pre-start
<sarnold> patdk-wk: an easy way to keep tasks from starting, or changing their start conditions.. http://upstart.ubuntu.com/cookbook/#override-files
<sarnold> way easier than managing the huge pile of sysv-init symlinks :)
<patdk-wk> no fun, I liked, mv /etc/init/x /etc/init/.disabled/x
<jsonperl> so i run the game as the deepworld user
<jsonperl> if i "sudo su - deepworld -c 'ulimit -a'" and it report 999999, shouldn't that mean I'm good
<sarnold> IF whatever mechanism you use to start the deepworld applications also runs through the PAM stack, and the pam.d/whatever file in question calls on pam_limits, yes
 * patdk-wk notes sudo uses the pam stack
<jsonperl> Hmm, ok. I gotta go read about the PAM stack
<patdk-wk> or well, su does
<patdk-wk> easier test
<patdk-wk> add ulimit -a to your startup script :)
<jsonperl> haha
<patdk-wk> and see what it says
<jsonperl> ok good idea
<sarnold> .. but upstart may not. start-stop-daemon or whatever you use to start the program from initscripts may not. cron will, but it may not include pam_limits ...
<patdk-wk> guess when the packages upgrade, I'll roll over to .override files
<jsonperl> KICK ASS: open files                      (-n) 1024
<jsonperl> Good idea patdk (about adding ulimit -a to startup script)
<patdk-wk> there are bug reports about limit being broken in upstart for 12.04, can't tell if it was fixed for 12.04 or what
<jsonperl> one way to find out :)
<patdk-wk> hmm, next dovecot/postfix releases, I'll have to rework my init scripts some
<jsonperl> didn't even run
<jsonperl> init: Failed to spawn deepworld-game-5000 main process: unable to set "nofile" resource limit: Operation not permitted
<jsonperl> ah no perms
<patdk-wk> if this fixes it, you know what the real issue is? :)
<jsonperl> Too many hanging connections
<jsonperl> A noob trying to run an MMO?
<patdk-wk> na
<patdk-wk> programmers ignoring error codes when calling functions
<jsonperl> How so
<sarnold> argh bane of my exisitence
<patdk-wk> it would be helpful if they loged the error when attempting to open a file, and failed
<patdk-wk> your log would say, UNABLE TO OPEN FILE XXXX: ....
<jsonperl> To be fair, i've had a hard time parsing my logsâ¦ we jam way too much garbage into syslog
<jsonperl> A problem I aim to fix shortly
<patdk-wk> I have a syslog server
<patdk-wk> it collects all the logs from everything and shoves them into mysql
<jsonperl> We do that to loggly
<jsonperl> That would be nice to have our own though
<patdk-wk> then I just have different things trigger email alerts, or browse the logs via webpage
<jsonperl> Do you use any packages for that?
<patdk-wk> well, a long long time ago :)
<patdk-wk> there was php-syslog-ng
<patdk-wk> now it went commercial to be named logzilla
<jsonperl> upstart script run as root right?
<jsonperl> by default
<patdk-wk> I have been updating and maintaining it myself for a long time now
<jsonperl> Gotcha
<patdk-wk> should be yes
<jsonperl> Publish it :)
<patdk-wk> while I have no issue making my customizations public
<patdk-wk> it has no *installer*
<patdk-wk> so isn't much fun to setup
<jsonperl> Wonder why it would have issues setting ulimits
<patdk-wk> but as I don't really set it up :)
<jsonperl> Ha, true
<patdk-wk> setup does take some work
<jsonperl> unable to set "nofile" resource limit: Operation not permitted, is that the bug you were talking about?
<patdk-wk> don't think so
<patdk-wk> I couldn't track down the bug specifically
<patdk-wk> just saw people talking about it
<patdk-wk> and it was reported
<jsonperl> There's a couple nice services on the market for centralized syslogsâ¦ loggly is <i>pretty</i> good, as is papertrail
<patdk-wk> but my search kept failing to locate it
<jsonperl> With the amount of moving parts I'm managing nowadays, I'm happy to let other people do the lifting on stuff like that
<patdk-wk> ya
<patdk-wk> I'm doing a few gigs of logs a day
<jsonperl> yep, same
<jsonperl> well maybe 2
<jsonperl> jeez thats a lot of logs
<patdk-wk> mine is all email traffic
<jsonperl> wow
<sarnold> wow :)
<patdk-wk> ya, there wasn't too many solutions back in 2005 :)
<patdk-wk> and it needed to be fast, for the day
<patdk-wk> today, it's not hard to log that much
<sarnold> logging it isn't hard
<sarnold> doing something intelligent with the logs -is- hard :)
<patdk-wk> well,
<patdk-wk> logging it in a way, that was more useful to use than *grep*
<jsonperl> It'd be nice to throw it at elasticsearch or some REALLY fast full text engine
<patdk-wk> and for back then, attempting not to overflow diskspace
<patdk-wk> well, the commerical one, supports sphinx
<patdk-wk> I haven't added sphinx support in yet
<jsonperl> yea, sphinx is good enough i spose
<jsonperl> near realtime fulltext search on logs, that'd be cool
<jsonperl> https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/938669
<uvirtbot> Launchpad bug 938669 in upstart "upstart jobs do not respect /etc/security/limits.conf" [Undecided,Invalid]
<jsonperl> I'll drop the limits in cups.conf
<sarnold> jsonperl: oof, yeah, I can see how that'd be confusing. but what that bug report 'wants' is fundementally not how things work :) hehe
<jsonperl> yep, makes senseâ¦ just thought it interesting
<jsonperl> patrickdk/sarnold: i just slapped ulimit -n 999999 in the upstart file
<jsonperl> works like a chaaam, now we wait
<sarnold> jsonperl: how very odd. I'd have xpected the limit command to Just Work..
<patdk-wk> :)
<jsonperl> lolz
<jsonperl> you forgot the TM
<sarnold> hehe
<jsonperl> upstart has its rough spots
<jsonperl> but i like it a lot mostly
<jsonperl> the devil you know...
<patdk-wk> ya, upstart got a lot better for me when I started adjusting all the start/stop on commands
<patdk-wk> postfix depends on dovecot being started (can't use lmtp/auth without it)
<jsonperl> yep, the whole chained startup thing is great
<jsonperl> Our architecture relies on it a lot
<patdk-wk> oh wait, that machine is still 10.04
<patdk-wk> it probably doesn't have any limit support, let alone broken suppport :)
<sarnold> haha
<patdk-wk> all other machines have been upgraded
<patdk-wk> but highly used mailservers are always last and most scary
<sarnold> *nod*
<patdk-wk> not scary cause it will break, just people get pissy it's down
<jsonperl> sarnold: bout the "Just Working" I was getting permission issues, which didn't make sense, I punted
<sarnold> jsonperl: were those user jobs? or system jobs?
<sarnold> (with the knowledge that I might be butchering the terminology)
<jsonperl> system, meaning run as root?
<sarnold> I think so
<jsonperl> then yep
<sarnold> or at least started as root initially
<jsonperl> I actualy sudo to the user in the script to run
<jsonperl> su rather
<jsonperl> the run as user stuff in upstart always seems to be more hassle than it's worth
<sarnold> aha, did you uncomment the limits stuff in /etc/pam.d/su ? that might have been another acceptable approach
<patdk-wk> still feel that is ugly way to do it
<patdk-wk> most likely to get forgetten about
<jsonperl> it's less files to touch for me for sure
<sarnold> yeah
<jsonperl> but na, i'm just doing it in the server scripts i think
<jsonperl> it works
<jsonperl> now to update a bajillion servers :/
<patdk-wk> I really don't touch that stuff, unless I'm making a shell server
<sidnei> hallyn: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1205086 i think this might be up your alley
<uvirtbot> Launchpad bug 1205086 in lxc "lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver" [Undecided,New]
<hallyn> or over my head :)
<hallyn> stgraber: ^ is the strict-order there (for lxc dnsmasq0 for a reason?
<hallyn> sidnei: would it be possible for you to post some sample configs?
<sidnei> hallyn: ok, let me fish out some snippets
<hallyn> sidnei: thanks.
<sidnei> hallyn: there, hope it helps
<streulma> it's quiet here...
<jsonperl> tis
<RobHaz> Hello
<RobHaz> What kinds of srvers can i have?
<RobHaz> Im having now, ssh, and samba + webserver
<RobHaz> what more can i have?
<streulma> RobHaz: mailserver ;)
<RobHaz> streulma: Is there a doc how to set ip up?
<streulma> for Ubuntu Server 12.04 ? yes
<streulma> RobHaz:https://www.exratione.com/2012/05/a-mailserver-on-ubuntu-1204-postfix-dovecot-mysql/
<streulma> RobHaz: https://www.exratione.com/2012/05/a-mailserver-on-ubuntu-1204-postfix-dovecot-mysql/
#ubuntu-server 2013-07-26
<Rayfloyd> Hi everyone, I'm trying to install 12.04.2 LTS, however after the install finishes configuring DHCP, the install gui closes... Are the servers down and it doesn't tell me or is it something else? Thanks for the ehlp.
<Patrickdk> gui?
<Rayfloyd> well the install screen
<sarnold> Rayfloyd: are there error messages that you can find anywhere? try looking through all the virtual consoles..
<Rayfloyd> I had left the pc open since it disappeared, just checked back and it's back
<Rayfloyd> odd
<dassouki> what do you guys recommend to add an opensource application that helps me share documents with my staff as well as assign them task (online interface)
<delinquentme> Ok so lets say i'm staring to build out prototype devices
<delinquentme> and I want to automate configuration and setup ... includes sshing in, downloading files via github, specificiying branches
<delinquentme> would this be a better use of puppet or just a shell script
<delinquentme> I guess depends on the scale ?
<nate15329> 13.04 64x server had powerloss & memory damage, hangs on pci_bus resource mem x28-xfcffffffffff; any ideas?
<nate15329> i removed the damaged memory as well
<nate15329> ok...i have a pci_root PNP0A03:00: fail to add MMConfig information and then it hangs on pci_bus resource mem
<thomasbiege> hi
<morph> can someon eplease help me with my body
<morph> ive been taking vicodin for 1 56 year
<morph> todayi started laughing outso ba
<morph> but they were good
<morph> i havent been asleep ainsce 10. slept for 1 hrs. got up at 12:30
<babinlonston> morph:
<morph> yo
<morph> oh woops
<morph> chatted that in the wrong channel
<morph> sry
<babinlonston> lol
<lotia> greetings all. in upstart (specifally the version on 12.04 LTS), is it possible for the job to have a "reload" action that sends a specific signal to the process?
<sgran> reload sends HUP
<sgran> if you need something else, I don't see a way to change it
<lotia> I'm looking at haproxy, which has a "reload" command
<lotia> @sgran thanks
<Koheleth> hardly surprising mysql updates this morning
<banzounet> Hey guys to update phpmyadmin, what else should  I do besides moving the new folder?
<pehden-> what should the server 12.04 kernel be?
<andol> pehden-: That depends :) If you did a fresh install from a point you might have a backported kernel installed
<andol> pehden-: Otherwise the regular 12.04 kernel would now be something like 3.2.0-49*
<pehden-> 3.2.0-48-generic
<pehden-> hmm
<pehden-> it wont go past this one
<pehden-> every update says its keeping this one back
<ogra_> pehden-, do you use dist-upgrade (as you should for kernel upgrades) ?
<ogra_> just "ugrade" wont work ...
<ogra_> *up
<pehden-> eee
<pehden-> see i want to only use LTS
<ogra_> (see the description of upgrade ad dist-upgrade in the apt manpage)
<ogra_> nobody will stop you :)
<JanC> somebody should give dist-upgrade another name  :)
<ogra_> ++
<ogra_> :)
<Pici> !dist-upgrade
<JanC> maybe an alias
<ubottu> A dist-upgrade will install new dependencies for packages already installed and may remove packages if they are no longer needed. This will not bring you to a new release of Ubuntu, see !upgrade if that is your intention.
<pehden-> ahh ok
<pehden-> apt-get dist-upgrade?
<ogra_> yes
<pehden-> ok
<pehden-> wait is there a list of things removed before I do this
<JanC> yes
<pehden-> 3.2.0-48-generic #74-Ubuntu SMP Thu Jun 6 19:43:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
<pehden-> is what I have now...
<pehden-> anyone know the link right off?
<JanC> link for what?
<pehden-> the list
<JanC> apt-get will show you
<pehden-> ok
<JanC> just like it shows what it's about to install, upgrade or hold back
<pehden-> i only have ssh access to this server so I dont want to screw it up
<JanC> most likely it will remove nothing
<andol> pehden-: Feels like you could use a dev environment, where you can do a bit of safe testing :)
<andol> pehden-: Something like a local virtual machine or something.
<pehden-> maybe, but this server is live
<pehden-> looks like its only upgradeing the kernel
<JanC> you already upgraded the other packages with 'upgrade'
<pehden-> exactly
<JanC> which is a good idea BTW, to always do upgrade before dist-upgrade
<pehden-> i made a script that i use to update everything at once but this command is not on there
<JanC> best to check the results of every upgrade command anyway
<pehden-> oh yea, figured that out the hard way  a year ago
<pehden-> ran upgrade and it removed programs i used and replaced them with alternatives I was furious
<pehden-> until i learned how to use the alternatives
<JanC> what programs were that?
<pehden-> i dont remember that much
<pehden-> it just removed nvidia driver i think
<pehden-> and virtualbox
<JanC> that wasn't on a server, I suppose  :)
<pehden-> it was
<pehden-> both were
<pehden-> from the original install
<pehden-> its a desktop converted to a server
<bobz_zg> anyone can help please. I have installed wordpress on nginx, user group www-data, and have created new ftp user and added user to group, but when I upload files over FTP client my wordpress cannot read files?
<roaksoax> Daviey: o/! if you have a second could you please process the crmsh binary from the NEW queue?
<Daviey> roaksoax: done
<roaksoax> Daviey: awesome, thanks!!
<smb> zul, hallyn: In case one of you feeling adventurous... chinstrap:~smb/4review/qemu+xen.debdiff (for Saucy) ;)
<hallyn> smb: looking
<smb> hallyn, It is a cherry-pick of three supposedly stable worthy changes on top of qemu to avoid it segfaulting when used for a PV Xen guest and libxl.
<hallyn> smb: the cp of commit 62fc403f11523169eb4264de31279745f48e3ecc drops a lot of the original commit
<hallyn> how come?
<hallyn> oh no
<hallyn> lol.  weird formatting on my screen confused me
<hallyn> smb: +1
<smb> Ah ok... I was not sure I had done something like this
<smb> :)
<thafreak> So, I upgraded my test lxc box to the newer 3.8 kernel from raring
<thafreak> and now it's saying the memory controller cgroup is missing
<thafreak> is there a work around? or should i go back to the quantal kernel?
<jsonperl> Patrickdk/sarnold: I declare the issue fixed!
<jsonperl> open files limit was the problem
<redderhs> Hi, the link in this message is in regards to an Open Source Computing to further the developments of hardware for the mobile industry. It's time for Linux to be the #1 Consumer Operating System, Ubuntu Edge movement! http://pastebin.com/j57Dc29E  We can all make a difference for as little as One Dollar! Thank You for your time.
<genii> Hm.
<sarnold> jsonperl: great success!
<jsonperl> totallyâ¦ the relief I am feeling this friday is magical
<jsonperl> thanks so much for the help
<patdk-wk> :)
<sarnold> man, I'm both glad and embarrassed it was something so much simpler than I feared..
<jsonperl> same
<patdk-wk> ya, normally that issue is easily solved, cause of error logging
<jsonperl> I'm actually digging through logs some more to make sure I didn't miss anything
<patdk-wk> atleast the memory *leak* was fixed though too
<patdk-wk> and a few other scalability issues that haven't hit yet :)
<jsonperl> Yea some great stuff happened hereâ¦
<jsonperl> We're just getting rolling tooâ¦ This is just the beginning of scaling issues ;)
<jsonperl> I switched all machines to 64 bit after jemalloc magically fixed "the leak"
<jsonperl> Alsoâ¦ btwâ¦ jemalloc NO LIKE 32 bit
<patdk-wk> I have never used jemalloc on 32bit
<patdk-wk> no wonder I never hit that issue
<jsonperl> And you should not :D
<jsonperl> I got random segfaults after running for a while
<jsonperl> Yea reallyâ¦ NOTHING in the logs
<patdk-wk> not suprised
<patdk-wk> normally issues like this is what drive poeple to worry about spending time to add them
<jsonperl> Found some good articles about tweaks for scaling
<jsonperl> One from urban airship about 500,000 concurrents! http://urbanairship.com/blog/2010/09/29/linux-kernel-tuning-for-c500k/
<sarnold> hah, nice, when c10k is just too damned cute :)
<jsonperl> now THAT is some serious scale
<sarnold> wow, their guide has -way- less in it than used to be necessary for scaling out to even 1/100th that load.
<sarnold> and their advice for limits is just plain wrong ;) hehe
<jsonperl> which ones do you feel are wrong
<sarnold> jsonperl: you found out the other day that limits.conf is only used if the user's processes are started via the PAM stack somehow, which isn't terribly likely for production servers..
<sarnold> granted, I think they knew that they didn't know what they were doing with the caveat about "look at the manpage" but not say -which- of the myriad manpages would be enlightening. :)
<jsonperl> correctâ¦ so obviously that one was way off!
<sarnold> jsonperl: did you set your maximum socket buffers to 16MB as well?
<jsonperl> yep :/
<sarnold> jsonperl: give this a skim and then consider dropping it :)  http://en.wikipedia.org/wiki/Buffer_bloat
<jsonperl> net.ipv4.tcp_rmem = 4096 4096 16777216; net.ipv4.tcp_wmem = 4096 4096 16777216
<jsonperl> k
<jsonperl> what do you think are more sain levels?
<jsonperl> sane
<sarnold> 16M might be fair enough for locally connected gigabit or huge latency fat pipes (transatlantic? transpacific?)
<sarnold> jsonperl: probably 512K or so.
<jsonperl> We certainly get some pretty latent connectionsâ¦ but not THAT much data
<jsonperl> maybe 2k/s
<jsonperl> so more like 4096 4096 524288
<jsonperl> Looks like the default is 4096	87380	6291456
<sarnold> that seems pretty sane. how many connections will you have? multiply that by the middle number and hopefully it'll still be reasonable..
<jsonperl> We're really not looking for more tha 400 or so concurrent per machine
<jsonperl> At that point we'll start to see cpus chuggin
<patdk-wk> ya, I only use 256 to 1meg on mine
<sarnold> patdk-wk: maximum or default?
<patdk-wk> max
<sarnold> cool, thanks :)
<patdk-wk> now, I did adjust my tc rules for outgoing though :)
<patdk-wk> if more than 10 packets are waiting to go out, 11+ get dropped
<patdk-wk> so doubt I ever hit that limit anymore :)
<sarnold> haha
<patdk-wk> ya, used to really annoy me
<sarnold> tc has been on my todo list for a decade now..
<patdk-wk> scp transfer done, and then wait 5min for the buffer to flish
<patdk-wk> flush
<patdk-wk> it's limited 10 per class
<patdk-wk> also figured out how to proplerly match my *prenat* ip's so they match correctly in outgoing
<patdk-wk> that really fixed my ruleset I had made
<soren> Does anyone happen to know if restarting iscsid will cause existing connections to be dropped?
<patdk-wk> defently, why wouldn't it?
<pdevine> users love it when storage goes away
<patdk-wk> well, that shouldn't cause a user an issue
<soren> patdk-wk: Because the iscsi daemon is just provides the control plane.
<patdk-wk> as it should auto-reconnect
<soren> patdk-wk: The kernel itself provides the data plane.
<streulma> hello what is errors=remount-ro in /etc/fstab?
<soren> patdk-wk: So it should necessarily cause the connections to be dropped.
<patdk-wk> soren, never been my experience
<patdk-wk> always dropped when I restarted
<soren> patdk-wk: Ok, thanks.
<patdk-wk> had to use the command thing to adjust it, if I didn't want to restart to drop it
<patdk-wk> but this might have changed
<soren> patdk-wk: I'm not saying they won't, I'm just responding to your "why wouldn't it".
<patdk-wk> considering the this is from 8.04 :)
<soren> streulma: It tells the kernel what to do in case of errors.
<soren> streulma: remount-ro means "remount the filesystem as read-only".
<streulma> soren: on boot or on running?
<patdk-wk> as in, disk went missing, unable to read from disk, writes failing to disk, ...
<patdk-wk> anytime
<patdk-wk> if you yank the disk out, it will take 30seconds, then go ro mode
<soren> streulma: Other options: "continue" (pretend like nothing happened) and "panic" (make the entire system fall over)
<soren> streulma: Running.
<pdevine> what is /var/lib/dpkg/cmethopt used for?
<pdevine> s/^/does anyone know/
<pdevine> I'm going through debootstrap and was just curious
<soren> pdevine: IIRC, it's a config file for dselect.
<pdevine> I love peeling the onion back on this stuff.  it's like an archeological expedition
<pdevine> I discovered the other day that dpkg can't handle pre-depends correctly.. and today discovered a comment in debootstrap complaining about how dpkg doesn't handle pre-depends
<pdevine> I wish I'd known that last week.  :-D
<nate15329> my server gets stuck at here time to time any ideas? http://pastebin.ubuntu.com/5916517/
<mic_> nate15329: did you do the usual suspect removal?
<mic_> nate15329: aka noacpi acpi=off
<mic_> ?
<mic_> also which kernel is there?
<nate15329> 3.8.0-26-generic; i tried removing my pci-x sata card recently; but no change...weird part is that it hangs there even in recovery mode, but in normal mode this sometimes happens
<nate15329> ill try the noacpi & acpi=off on next boot; i got it up temporary for a quick backup
<mic_> another option would be to go for a different kernel
<mic_> pick something from the lower shelf.
<nate15329> tried that as well...the one below it
<mic_> is it some ancient hardware?
<nate15329> which i think is 3.8.0-18 or so
<mic_> commodity or server?
<mic_> nate15329: by lower shelf I was thinking like reaaaaally lower ;)
<nate15329> server 13.04 hp dl385 g1...old hardware indeed
<mic_> nate15329: 3.x & 2.6.x
<mic_> G1?
<mic_> a bit old, indeed.
<nate15329> lol yep g1
<mic_> acpi and HPET if available
<mic_> disable and check
<mic_> and with such hardware - go lower with kernels
<mic_> and as I wrote - seriously lower ;)
<nate15329> does older kernels support sata II drives?
<mic_> no problem
<nate15329> ok how would i install 2.6.x kernels on 13.04 xD
<mic_> I haven't tried 13.04
<mic_> I did downgrade 12.04.02 once from 3.5 to 3.2
<sarnold> nate15329: try booting a lucid livecd on it first or something similar, make sure it works at all..
<mic_> yes, that's a sane suggstion
<mic_> (sorry, I am up at work for 14 hours now ;)
<sarnold> oh that's trouble :)
<sarnold> ;q
<nate15329> ah yeah i will...mostly i perfer running the latest though xD
#ubuntu-server 2013-07-27
<joshu> hi I'm trying to use ubuntu check install with the following string I have the following command string: "sudo checkinstall -fstrans=no -install=no -pkgversion="1.1.0-beta1" -pkgname=freerdp -y -requires=libavcodec53"
<joshu> when I copy this package to another machine and install it with sudo dpkg -i *.deb I get an error that the dependency libavcodec53 is not met. I thought that the package would install this automatically?
<Senor> esp changee unexpectly
<Senor> esp changed unexpectly
<Senor> after this instruction : mov    %eax,(%esp)
<zahja> I've got an iscsi target that's acting up on me.  It's been fine since I set it up, about a year ago.  Two days ago, I lost 3 disks in a 4 disk raid 10 and had to rebuild the array.  These bad disks are not part of the iscsi, but it's the only change that has occured.  I can login to the node, and login reports successful, however, no new devices show up in /dev on the initiator side.  dmesg...
<zahja> ...and syslog output from both the target and initiator can be found here.  http://paste.ubuntu.com/5918611/  Any ideas what would cause the disk to not show up on the initiator side?
<zahja> Sorry, I should also probably include the command used to login and the output from the command.  Can be found here  http://paste.ubuntu.com/5918628/
<zahja> I just got it working!  I've done this probably a half dozen times already, but restarting the target service and logging back in, now the new disk is showing up on the initiator!  I have no idea why it worked this time and not any of the others, but I won't argue with it.
<brendan-> hello.. im looking at setting up a dkim key for a postfix/dovecot mail server running 12.04.2 LTSâ¦ i see there is an opendkim package as well as an dkim-filer package that some tutorials reference.. which is the preferred package?
<brendan-> sorry, dkim-filter*
<chris|> brendan-, there is no dkim-filter package in 12.04, so that should make it pretty clear
<brendan-> lol ty chris|
<brendan-> didnt actually attempt to download was going off of the tuts
<brendan-> thanks again
<nate15329> ok i have tried quite a bit of testing for acpi issues i've been having with server x64 13.04 on hp dl385 g1 just recently...worked before fine; "noapci", "acpi=noirq", "pnpacpi=off" = boots, but no external pci-x sata drives; "pci=use_crs", "pci=nocrs","nolapic"  ends up with acpi error; soon ill be testing 10.04 since its older hardware
<Monotoko> is there any way to start the apache server without its error log folders being there? (so it can either create them or ignore errors...)
<Monotoko> I need to get this server up ASAP, will deal with error logging later...
<nate15329> ErrorLog /dev/null
<Monotoko> nate15329, how would I apply that to every file?
<Monotoko> there's hundreds of sites... each with their own folder that's currently non-existant
<nate15329> place that into the main apache config file
<Monotoko> nate15329, apache2.conf?
<nate15329> monotoko yes apache2.conf
<Monotoko> it's failed to start still
<Monotoko> nate15329, it's still requesting all these folders...
<nate15329> monotoko, does each of the virtualhosts have an errorlog setting customized? try commenting out this line while still having errorlog /dev/null in apache2.conf
<nate15329> i gotta go srry
<joshu> what's the best practice for saving passwords on an ubuntu server for use my scripts?
<Patrickdk> don't?
<Patrickdk> why would a script need a password?
<mojtaba> Hi, I was in thunderbird and suddenly the display become black and showed a message, Kernel Panic - not syncing: Attempt to kill init! and after I restarted my computer it gave me I/O error, but it asked me to press f to fix the problem. I almost many times restarted my computer, but the problem still remains. Does anybody know what should I do? I cannot do almost anything, e.g. I printed screen, but it did not allow me to save the file. Also I can n
<patdk-lap> I would suggest trying #ubuntu
<patdk-lap> thunderbird doesn't run on ubuntu-server
<patdk-lap> but sounds like your disk is bad
<ikonia> already cross-post spamming it in #ubuntu
<RoyK> or your memory
<patdk-lap> what? my memory is bad?
<patdk-lap> pretty sure the doctor checked it
<patdk-lap> get hit in the head often though
<RoyK> patdk-lap: thinking more about the computer memory of mojtaba's
<shauno> is there a current guide for an all-in-one openstack install on raring?  devstack is asking for 12.04, and the serverguide appears to be out of date
#ubuntu-server 2013-07-28
<SunStar> im playing around with a cms script and it needs an ftp account with access to /var/www/xyz   how do i do this? im seeing stuff on how to install vsftp and proftpd, but nothing about how to create a new user and give it access to a subdirectory in my webroot
<omkar_> How to configure LAMP on ubuntu server 13.04 ?
<omkar_> help
<andol> omkar_: https://help.ubuntu.com/13.04/serverguide/mysql.html, https://help.ubuntu.com/13.04/serverguide/httpd.html, https://help.ubuntu.com/13.04/serverguide/php5.html
<omkar_> thanx andol
<omkar_> :)
<codepython777> why does one need 1GB RAM for running a mail server?
<andol> codepython777: Well, that depends. You can easily get away with less for a low traffic mail server, but once you add spam/virus filtering, and get some more volume that quickly requires more RAM.
<airtonix> yeah mail server can get pretty nuts when your users can't stop signing themselves up to surveys and free porn
<airtonix> at which point, you'll wish you had storage with a really high access speed when those users decide to check their mail from fresh clients
<fooman2011> hello
<fooman2011> I'm using ubuntu server 11.04. I have a strange problem when I'm trying to use Wake On Lan. It works most of the time, but sometimes the server freeze during the boot. I don't have any other information, I just have a black screen... I have to reboot it manually and then it works well again... Any idea ?
<on5sl> hi guys, can anybody tell me what to do when i want samba4 just for sharing files=,
<andol> on5sl: If you just want to share files, any particular reason you can't stick with stable samba3?
<andol> That is, unless samba4 is good and stable now of course :)
<andol> Nah, the default Samba in Ubuntu still appear to be Samba3.
<on5sl> andol: samba 4 is fully async, and uses smb2 protocol which gives a performance boost
<on5sl> i will use samba4 on a different os but this is  question in general
<andol> on5sl: Ahh, guess I am as out of the Windows loop as I was afraid I might be :) Sorry
<bibi23> If I configure an NFC tag to open a specific URL, how can I be sure that people going to this URL did use the NFC tag?
<andol> bibi23: You can't.
<andol> bibi23: What you can do is bet on the odds.
<andol> bibi23: Consider different way those url:s can leak, etc
<bibi23> andol: ok, and what if I the server is near the nfc tag, and there is a wifi router, is there a way to somehow put some credentials in the NFC tag, so that when a connexion etablishes with the device I know  I can be sure it has been put on the nfc tag?
<Patrickdk> anything an nfc does can be spoofed
<Patrickdk> if this wasn't the case, people wouldn't have been spoofing the ones people use to get gas
<Patrickdk> you need to use something more secure, with full certificate encryption
<fooman2011> hi
<fooman2011> anyone here ?
<fooman2011> I have a Wake On Lan problem on my ubuntu server 11.04
<fooman2011> Sometimes (not always) when I start my server using WOL magic packet, the server start boot but then it is blocked. I just have a black screen and nothing else. Any idea ?
<bekks> !eolupgrades | fooman2011
<ubottu> fooman2011: End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
<JoshUK> If I am FXP'ing from a friends server to my server and he is using SSL does that mean I need to enable SSL for FXP to work?
<Shogoot> Hi people. I got a seedbox with a rutorrent and webgui trough apache2 (the guide and instalationscript from torrent invite site). Im also wanting to have ANOTHER server on my nertwork to hoste my private website, would that be possible?
<Shogoot> Im quite unsure how to achive it, as how would my machines know wich webser ver is called upon behind my static ip
<SunStar> MySQL server was upgraded to 5.5.32-0ubuntu0.13.04.1 by software updates yesterday and now server monitoring through phpMyAdmin is broken
<Patrickdk> nice
<nate15329> how do i get a hotplug esata drive to be recognized from a pci-x esata expansion card on server 13.04 x64?
<Patrickdk> you hope the pcix esata card supports hotplug
<Patrickdk> then you do a scsi rescan of the pci-x esata card
#ubuntu-server 2014-07-21
<Impulse__> Evening y'all
<Impulse__> anyone that can help me with a question?
<Patrickdk> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<Patrickdk> so, no, I don't think anyone can
<Impulse__> ow, okay then :-)
<brrr> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<Impulse__> Eurhm, i'm looking for a web gui based interface for my server/ main functionality is to monitor my disks, add disks, copy files etc
<Patrickdk> good luck on that
<Patrickdk> !ebox
<ubottu> zentyal is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/Zentyal (Project formally known as eBox - including in Lucid/10.04).
<Patrickdk> forget the others
<Patrickdk> is extreemly rare, if those work at all
<Impulse__> is it that good? because i've read and tryed Webmin but not what i need
<Patrickdk> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<Impulse__> mhm... well, the problem with webmin was to add a new fysical disk, can it be done with zentyal without any prob or?
<Patrickdk> I wouldn't know
<Patrickdk> it's pretty simple to just add a disk, via cli
<Patrickdk> no need for some web based program to do it for you
<Impulse__> true, the other thing i need is a samba server so that my laptop can acces the files, most of it only 2 VM's and my xbmc need to acces the files. The prob i have is that i come from a windows server, so the disks are NTFS formated. Only 1 is new, so that i can copy everything to the new disk, and then format the old one
<jonascj> Hi all. I am trying to rename my ethernet cards so they will have persistent meaningful names. I am trying to name them based on bus position. This is what I've done to get the bus positions and what my /etc/udev/rules.d/70-persistent-net.rules looks like: http://paste.linuxassist.net/view/f0087a7e
<jonascj> Done with inspiration from here: http://www.linuxfromscratch.org/blfs/view/development/chapter07/network.html
<jonascj> but upon reboot my nics are still not named "onboard" and "pci"
<jonascj> What can cause the rules not to apply? The rules-file have the execute bit set...
<henkjan> https://lists.ubuntu.com/archives/ubuntu-server/2014-July/006934.html
<henkjan> al those 3.13 issues :'(
<cfhowlett> henkjan roll back to an earlier kernel ...
<henkjan> cfhowlett: i installed newer kernels
<cfhowlett> henkjan or that :)
<henkjan> just amazing that 3.13 passed qualite assurance
<lordievader> It's strange Trusty doesn't get 3.14, since that one got a longterm status now.
<jonascj> Where should I expect to see udev log output?
<jonascj> in /var/log/syslog or /var/log/dmesg?
<jonascj> I have the level to debug in /etc/udev/udev.conf, rebuild initramfs (like udev.conf says I need to) with "update-initramfs -u", but upon reboot /var/log/syslog conatains not a single occurence of 'udev' and /var/log/dmesg only contains 'udev' four times (for renaming two nics). I would have expected more from debug log level
<jonascj> hmm the log is apparently /var/log/udev :$
<hxm> exists something like git but simpler?
<Pici> err... there are a number of different version control systems out there.  git is pretty simple imo.
<Chris_hubu> hxm, there is subversion too, but git is the most popular/democratized, you might want to learn how to use it, it's pretty powerful
<gnuoy> stgraber,hi, I'm looking at merging  2.15-1 of nagios-nrpe from debian and I see we're carrying a patch to remove the use of urandom ( http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/utopic/nagios-nrpe/utopic/view/head:/debian/patches/01_nodevrandom-and-docoptions.dpatch ). Do you happen to know why that is?
<stgraber> gnuoy: nope
<gnuoy> stgraber, ok, thanks
<ashd> can someone tell my what re-creates ldap.conf file on reboot?
<pmatulis> ashd: by default, nothing
<gnuoy> rbasak, I've raised a bug with debian for the lack of vcs fields in the debian/control file for nagios-nrpe. I'm now looking at why we carry this patch to remove the use of urandom. I've found some discussion on the subject. The patch was introduced by the debian maintainers in response to Bug 333552 . Why it was removed again is a bit of a mystery, I see discussion on the subject for Bug 660585 but the conclusion seems to be a rejection of the re
<gnuoy> quest to remove the patch. I'm not sure what I should do from here
<uvirtbot> Launchpad bug 660585 in polipo "package polipo 1.0.4-3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Medium,Invalid] https://launchpad.net/bugs/660585
<rbasak> gnuoy: thank you for finding those! It seems to me that this change affects behaviour but no other interface to the user, so there wouldn't be any regression to the user (eg. break scripts) whatever we chose to do. Does this seem accurate to you?
<gnuoy> rbasak, yes, thats my understanding, it only changes the way the seed is generated
<rbasak> gnuoy: IMHO, for the issue itself, I don't think it's for a package maintainer to change the behaviour like this. The original bug should have been forwarded upstream.
<gnuoy> that makes sense
<gnuoy> that would suggest we should loose the patch then ?
<rbasak> gnuoy: and I don't buy the /dev/random running out of entropy thing. There has been much news recently about packages that should use urandom; using /dev/random over /dev/urandom at any time apart from boot time is purely academic, AIUI.
<rbasak> gnuoy: so yes - I'd do whatever Debian do here to minimize our maintenance burden and so that users are less confused about any difference in behaviour.
<rbasak> gnuoy: best to document this rationale in the changelog message thoughl.
<gnuoy> rbasak, absolutely. Thanks for the advice, that makes sense to me
<rbasak> gnuoy: no problem. It may be that there's some case that consequently breaks because something new blocks for entropy, but if that happens we can deal with that when we have more data. Especially as we can make a change without impacting the user at all.
<gnuoy> kk
<blopxop> any idea how to run bash command ~/.profile with root privilege without giving the user full right to said command?
<hallyn_> anyone hanging out here who is a part of openvswitch upstream?
<yossarianuk> hi - is anyone aware what I need to do to get ipv4+ipv6 working in a KVM bridge ?
<patdk-wk> absolutely nothing :)
<yossarianuk> patdk-wk: i.e out the box (as long as you have ipv6 connection) it should be enabled ?
<patdk-wk> yes
<patdk-wk> even if you don't have an ipv6 connection
<yossarianuk> i.e br0 should show the inet6 address with ifconfig , etc ?
<yossarianuk> patdk-wk: thanks
<patdk-wk> heh?
<patdk-wk> br0?
<bitfury> !info icinga
<patdk-wk> only if your host machine uses ipv6, had nothing to do with the kvm bridge or the kvm guest
<ubottu> icinga (source: icinga): host and network monitoring system - metapackage. In component universe, is optional. Version 1.10.3-1 (trusty), package size 1 kB, installed size 29 kB
<bitfury> hi, if I wanted to install a package from the universe repo how would I specify this with apt-get?
<lordievader> bitfury: Is the universe repo enabled?
<bitfury> yep
<bitfury> reading through the apt-get manual, looks like I could just specify a package's version
<bitfury> thinking that would yield the same result
<lordievader> bitfury: sudo apt-get install <package-name>, or alternatively, if you want more info about the package: sudo apt-cache show <package-name>
<bitfury> lordievader: wouldn't that download and install the one in main?
<bitfury> I remember you could specify a repo to use
<lordievader> bitfury: For as far as I know, packages can be in one repo only. What package are we talking about here?
<bitfury> lordievader: icinga
<lordievader> !info incinga
<ubottu> Package incinga does not exist in trusty
<lordievader> !info icinga
<ubottu> icinga (source: icinga): host and network monitoring system - metapackage. In component universe, is optional. Version 1.10.3-1 (trusty), package size 1 kB, installed size 29 kB
<lordievader> bitfury: That lives in universe, like you said. It is not in other repos.
<bitfury> lordievader: https://launchpad.net/ubuntu/+source/icinga/1.11.5-1
<bitfury> that's universe as well no?
<lordievader> bitfury: That is the source of the package. And there is mention of Utopic's Universe.
<bitfury> lordievader: Ok got it. So If I add a maintainers PPA and do a apt-get install <package-name> it will get it from there?
<lordievader> bitfury: If they have a newer version and equal priority is given to the repos, yes.
<bitfury> that is if the package name is the same as in main
<bitfury> lordievader: got it, thanks for clarifying
<lordievader> bitfury: No problem ;)
<bitfury> !info munin
<ubottu> munin (source: munin): network-wide graphing framework (grapher/gatherer). In component main, is optional. Version 2.0.19-3 (trusty), package size 103 kB, installed size 649 kB
#ubuntu-server 2014-07-22
<prgCoder> hi guys, is there any way to disable / postphone the messages to upgrade from 12.04 to 14.04  - need samba sorted out before I upgrade...
<ruben23> hi guys any help - i tried autofs and set the config for the auto mount of an smb share from an samba server - but when i restart and commited the config nothing happens nothing is ever mounted - any idea..?
<pds> is a dhcp range necessary for pxe boot or is pointing to pxelinux.0 sufficient?
<sarnold> pds: I was under the impression that pxebooting always required dhcp/bootp
<sarnold> pds: but I've never tried not setting a range :)
<maxb> The machine needs an IP to download the pxelinux.0 ....
<Abhijit> pds, it is
<maxb> Well, I suppose you could do without a range if you gave each machine a fixed allocation
<pds> i'm trying to prompt the user to do the netwerkconfig during installation, i tried d-i netcfg/disable_autoconfig boolean true but then you probably setting up for static configuration in preseeding file itself
<jotterbot1234> hey guys, I need apache on ubuntu server to accept large php file uploads
<pds> edit the php.ini file
<jotterbot1234> i have an .htaccess file in my dir with contents: http://pastebin.com/KV2ggynm
<jotterbot1234> can i not override the php.ini settings with the .htaccess?
<pds> don't know about that i always use the .php ini file for that
<pds> cfr. http://www.sitepoint.com/upload-large-files-in-php/
<jotterbot1234> pds: thanks will have a look
<pds> google :)
<pds> any way what setting whould i have to do in the preseed file to ask for network config during install
<pds> can't seem to find anything usefull in http://www.debian.org/releases/stable/example-preseed.txt
<jotterbot1234> pds: I was turning to here *after* googling :) haha it usually doesn't fail me
<pds> jotterbot1234: literally googled php upload large files
<pds> this may be even a better link: http://forum.owncloud.org/viewtopic.php?f=8&t=1809
<YamakasY> what do I need to add to my apt sources when I want to have the net installer available ?
<ogra_> can you re-phrase that somehow ?
<ogra_> (usually you would download the net installer to install .... instead of the iso ... and the installer comes with a pre-defined sources.list setup)
<ogra_> i.e. you either use the mini.iso or the single PXE files for a netboot/netinst install http://de.archive.ubuntu.com/ubuntu/dists/precise-updates/main/installer-amd64/current/images/netboot/
<pds> test
<Abhijit> fail
<YamakasY> what is the difference between debian-installer and installer-amd64 ?
<YamakasY> ogra_: oh ping me next time :)
<YamakasY> ogra_: I use now debian-installer which doesn't give me the right packages
<pds> debian installer is probably 32 bit and installer-amd64 - 64 bit, just an educated guess
<pds> any way anyone around here using otrs
<ogra_> erm, no
<ogra_> there is no "debian-installer" binary package (well, there is one that contans some docs but nothing else afaik)
<ogra_> the files at the url above are essentially the output of a debian-installer build
<ogra_> (if you go one level up there are also the boot files for the isos and so on)
<YamakasY> ogra_: yes but what do I need to sync my mirror with, most people have debian-installer in their apt kist, which is not going to work
<ogra_> i dont get what youz are asking ... there is no debian-installer package you can use for anything but building the above installer files
<YamakasY> I'm always struggeling with mirrors
<YamakasY> ogra_: I need the initrd.gz packages and so on synced into my mirror
<ogra_> do you mean the default sources.list is wrong when you try to run an install ?
<ogra_> aha !
<ogra_> now it starts to make sense :)
<YamakasY> ogra_: haha :)
<jonascj> On 14.04 I've just done update-grub and it takes like 5 minutes where it just spams messages from libudev. Is that to be expected?
<YamakasY> ogra_: I have a mirror of 147GB but no initrd.gz :)
<ogra_> i think you need to explicitly tell debmirror (or whatever you use) to specifically sync the installer files
<bekks> YamakasY: the initrd is compiled on your system, it isnt shipped by a package.
<YamakasY> bekks: oh yes it is
<ogra_> i.e. something like: --adddir=main/debian-installer and --include=m/*udeb/ .... and probably for that specific dir also --nosource
<bekks> YamakasY: whats the package name?
<YamakasY> bekks: http://nl.archive.ubuntu.com/ubuntu/dists/trusty/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/
<ogra_> bekks, debian-installer is essentically an initrd.gz
<bekks> YamakasY: thats the netboot image, not a package.
<ogra_> well, that is what a debian-installer package build spits out :)
<bekks> YamakasY: http://packages.ubuntu.com/search?searchon=contents&keywords=initrd.gz&mode=exactfilename&suite=trusty&arch=any
<YamakasY> indeed, and I need to have that synced into my mirror
<jonascj> and in the end update-grub failed, os-proper being unable to deal with a linux-iso-usb insterted :S
<ogra_> well in fact *this* is what building the package spits out: http://nl.archive.ubuntu.com/ubuntu/dists/trusty/main/installer-amd64/current/images/
<ogra_> (the initrd.gz is then used on the specific install media)
<YamakasY> ogra_: yes, but I need to have that repo synced into my mirror... foreman wants to wget it
<ogra_> but bekks is right, there is no binary deb (which was whjat confused me first as well)
<ogra_> YamakasY, right, there must be an option for this in whatever mirroring tool you use
<ogra_> i know for sure debmirror has a set of options that schieves that (see above)
<YamakasY> it's just too confusing what to mirror and don't have too much which is not needed... I use apt-mirror
<jonascj> the osproper error went away when I removed the iso-usb. I have to learn how to make osproper ignore that usb drives. But it still goes on forever with libudev (~3 minute to do update-grub)
<ogra_> YamakasY, http://hcmc.uvic.ca/blogs/index.php?blog=11&p=11929&more=1&c=1&tb=1&pb=1 ... see the "installer" section there
<YamakasY> ogra_: yes I see that, but I don't have that in my postmirror.sh
<YamakasY> not any of those lines
<ogra_> so add it :)
<YamakasY> ogra_: all of it ?
<ogra_> try it :)
<YamakasY> ogra_: first time is always scary :D
<ogra_> :)
<YamakasY> ogra_: postmirror.sh: 43: postmirror.sh: rsync://nl.archive.ubuntu.com/ubuntu/dists/trusty-backports/main/dist-upgrader-all/: not found
<YamakasY> and so on....
<ogra_> drop dist-upgrader from the list then
<ogra_> (especially for -backports you surely wont find one)
<YamakasY> ogra_: but what I don't get... why do I use postmirror for this and does apt-mirror not handle this actually ?
<ogra_> that i dont know ...
<YamakasY> but it doesn't work :)
<YamakasY> mhh this is odd
<YamakasY> is debmirror better ?
<pds> hmmm preseeding an ubuntu server, installed ansible through it, however want to run the ansible script after that but the problem is that is requires input from the user. Is there a way to run it when the user logins for the first time
<pds> hmmm preseeding an ubuntu server, installed ansible through it, however want to run the ansible script after that but the problem is that is requires input from the user. Is there a way to run it when the user logins for the first time
<yoyo09kh3> looking to create a write only shared folder on my ubuntu server.  The idea being other network users can save but not read / execute / list files written to the share... any advice on how to do this securely?
<pds> this is not a technical question but i'm looking for the exchange rate of chf to euro at 7.06 (so previous month), what was the value of 1 CHF to euro
<zetheroo1> how do you cancel a command that is hanging?
<zetheroo1> CTRL+C is not working
<pds> CTRL+Z
<zetheroo1> pds: and if that doesn't work?
<pds> CTRL + D?
<pmatulis> morning
<pds> how about opening a seperate shell ps aux it :)
<pds> and kill it
<pds> kill -9 <pid>
<zetheroo1> pds: I have 3 shells open ... 2 are hanging and 1 is usable
<zetheroo1> tty1 and tty2 are hanging ... tty3 is usable
<pds> http://stackoverflow.com/questions/15195470/how-to-kill-the-tty-in-unix
<pds> or ps aux | grep "tty1" - gets pid      kill -9 <thatpid>
<zetheroo1> ok will give that a whirl
<zetheroo1> is there a command which tells you which terminal you are currently working in?
<zetheroo1> pds: cool - that worked great!
<pds> zetheroo1: zetheroo1: tty will print the current tty ;)
<zetheroo1> ok
<lordievader> I'll just leave this here: http://www.reddit.com/r/linux/comments/1xvr25/linux_tip_dont_use_kill_9/
<zetheroo1> I desperately need to unmount a NFS share on this machine ... but even "umount -f -l" is not unmounting it
<zetheroo1> Is there another super-duper command or method for unmounting an NFS share which is no longer working?
<pds> this is not a technical question but i'm looking for the exchange rate of chf to euro at 7.06 (so previous month), what was the value of 1 CHF to euro
<pds> hmmm preseeding an ubuntu server, installed ansible through it, however want to run the ansible script after that but the problem is that is requires input from the user. Is there a way to run it when the user logins for the first time
<pds> disregard the message from 13.37.41
<zetheroo1> pds: 0.82 Euro = 1 CHF on the 07th of June 2014
<pds> yeah found that :)
<zetheroo1> 0.82037 to be more precise ... :D
<pds> that is 0.82 rounded :)
<pds> Abhijit: hmmm preseeding an ubuntu server, installed ansible through it, however want to run the ansible script after that but the problem is that is requires input from the user. Is there a way to run it when the user logins for the first time
<lobxop>  ExecStart=-/usr/bin/agetty --autologin username --noclear %I 38400 linux; Can any one tell me what does '-' in front of tpath and --noclear %I 38400  mean?
<arcanus> hello im going to install a ubuntu server soon and i wonder where i do the encrption of the whole harddrive installation, ist under installation or after ?
<caribou> gaughen: around ?
<pds> you can encrypt the drive during install
<pds> any one around here that  has knowledge of boot/login scripts
<zetheroo1> Is it ok to setup LVM on RAID?
<zetheroo1> I thought having read somewhere a few months back that there were problems with doing this ...
<cal2010> hey folks. I just want to install desktop ubuntu (and I'll end up putting various server things on it anyways), but I only have the ubuntu server cd. since its not going to be a server (so forget some of the various reasons not to put gui on server instance), is there any problem / issue with me just installing ubuntu server and then adding the desktop / gui packages afterwards via network?
<cfhowlett> cal2010 no problem.
<cal2010> cfhowlett: thought so, thank you. time to rock n roll
<cfhowlett> cal2010 happy2help
<gaughen> caribou, I am now.
<cal2010> wonderful. machine's cd drive doesn't open / work. fail.
<caribou> gaughen: just wanted to let you know that I will be absent for the few upcoming weeks
<caribou> gaughen: tinoco will attend for CTS
<cfhowlett> cal2010 not a good sign.  USB boot supported?
<cal2010> cfhowlett: yea. cdrom wasn't listed in boot when i had first checked anyways so that was the first warning, but didn't hurt to try.
<peetaur2> zetheroo1: it is good to put LVM on raid. What is wrong is to use the LVM built in raid instead of md raid.
<gaughen> caribou, thanks! hope you are doing something fun!
<zetheroo1> peetaur2: ah ok
<zetheroo1> I am going to do a RAID 1 across 2 disks .. but I am wondering if the Swap partition should be on the RAID or outside of it ...
<zetheroo1> I am thinking outside ... no!?
<jhobbs> up to you zetheroo1
<jhobbs> http://tldp.org/HOWTO/Software-RAID-HOWTO-2.html <-- talks some about swap here, but might be kind of old
<zetheroo1> I just thought that placing the Swap on the RAID might affect performance ... but maybe I am wrong ...
<jhobbs> zetheroo1: if it gets used, and its on the same drives as the raid, it will affect performance, whether or not its part of the raid
<zetheroo1> I see
<jhobbs> if you're actually using swap you're probably screwed anyhow
<jhobbs> if a server has enough memory for its workload it will never hit swap
<zetheroo1> well I do change the swappiness to use it as little as possible .. but it still manages to use it a bit
<peetaur2> zetheroo1: put swap on raid if you want to be sure it will survive if it's degraded... if there is something important on swap when the disk dies, the system might die with it
<peetaur2> zetheroo1: raid is not a backup... its purpose is for easy maintenance, and live repairs, so that means in the normal case, you put your swap on raid
<peetaur2> (or at least "scheduled repairs" rather than live or unplanned due to a crash)
<peetaur2> zetheroo1: oh and related to your previous question... another thing that is not wrong but sometimes error prone is to have /boot in the lvm+raid too. It is very reliable with raid1 without lvm though, with metadata 0.90 or 1.0 (which the ubuntu installer will not set for you).
<zetheroo1> peetaur2: so do I understand you correctly that /boot should be outside the RAID/LVM setup?
<peetaur2> boot should be in a raid1 with metadata 0.90 or 1.0    (I know for sure 0.90 works as expected in Ubuntu, degraded or not)
<peetaur2> (and 1.0 works in openSUSE with grub2... ubuntu 12.04 used grub 1.99)
<peetaur2> and I didn't test 14.04 degraded
<zetheroo1> peetaur2: wow, ok, this is a bit new to me I must admit ...
<peetaur2> well actually I have lots of machines with 14.04 degraded (first disk now, 2nd disk planned in the future when old 2nd disk dies, a requirement was to do it without repartitioning) ... but didn't really test them
<peetaur2> it's new to mostly everyone for some reason... people don't always test things. And they just read the docs which clearly say that raid and lvm are supported, and only clearly in some warning does it say that 1.2 is not supported (says something like "1.2 has metadata at the end of the disk. make sure the bootloader supports this")
<peetaur2> I even bug reported it in some ubuntu docs and they ignored me. heh
<zetheroo1> So after I create my RAID 1 array I should make a /boot partition on there before setting up the LVM on the rest of the disk (I am doing this all in the 14.04 server install wizard thingy)
<zetheroo1> is that correct?
<peetaur2> and in openSUSE I created a similar degraded boot bug (with some hackery) and reported it, and they couldn't find the bug in the version I tested but found it in the next release and fixed it. (a systemd issue apparently)
<peetaur2> unfortunately, if you want to full out and do my recommendation, the gui won't let you set specific metadata on /boot.
<peetaur2> so one way to do it is to do it in a TTY and then just tell it to install there, but not create the raid in the TUI
<peetaur2> and other is just set it up, and then check and change it later (changing /boot is easy... you can umount and reformat while booted)
<peetaur2> openSUSE also won't let you change it in the gui, but it uses 1.0 metadata by default on the boot, so it works fine.
<peetaur2> I don't know what 14.04 does since I always do my partitioning in a text tty :D
<zetheroo1> hmmm
<lordievader> Good afternoon.
<pmatulis> afternoon
<zanzacar> can anyone help me with this error? http://pastebin.com/Mb8wdGTH
<zanzacar> I am not sure what the setuid helper is or how to change its permissions or what needs to happen.
<zanzacar> It doesn't appear I can really install/update anything with this error going on.
<zanzacar> I tried sudo apt-get -f autoremove, but it failed as well.
<stemid> in isc-dhcp-server does anyone know if I need failover peer declarations in every single pool or can I use a global failover peer statement? the manual says I need it in every pool I want to failover but if I want to failover all pools can't I use it globally?
<stemid> 12.04
<miceiken> I have a question. Sometimes I do a 'sudo reboot now', it will give me the notice, but not actually reboot. Are there any logs for what's obstructing?
<pmatulis> miceiken: i guess b/c reboot does not take an argument
<pmatulis> miceiken: there was a bug about this
<pmatulis> bug #1174272
<uvirtbot> Launchpad bug 1174272 in upstart "'reboot now' reverting to maintenance mode, instead of rebooting" [Critical,Fix released] https://launchpad.net/bugs/1174272
<miceiken> thanks pmatulis
<KiCKiN> how do I change the shell resolution to a lower one before I reboot so my monitor will not show unable to display chosen resolution?
<sarnold> KiCKiN: are you sure your video card is sending a signal at all at that point?
<bekks> The ATI Rage2 is just too old.
<pmatulis> eww, i remember that one
<KiCKiN> pmatulis... I am trying to find a couple dual xeon quad core servers to replace my 11 year old dual xeon single core servers with at a low price...
<KiCKiN> gonna try to ssh the configuration after install
<Impulse__> anyone knows a good NAS OS?
<ashd> Impulse__: FreeNAS
<Impulse__> tried that...
<Impulse__> to much rubisch
<Impulse__> i don't need enterprise stuff, just some filesharing
<sarnold> with drives as large as they are these days, checksumming and redundancy is hardly just for enterprises
<patdk-wk> define enterprise
<ashleyd> Impulse__: so just use iSCSI/SMB/NFS/Netatalk
<ashleyd> Impulse__: on a roll-your-own
<patdk-wk> atleast I wouldn't put freenas as enterprise, cause it hardly supports HA
<sarnold> *snort*
<Impulse__> maybe my knowledge of freenas is too little :-)
<patdk-wk> heh, plugged some very nice ssd's into the server just now
<patdk-wk> suprised I was only going 200MB/sec
<patdk-wk> forgot, that server only had sata 3g :(
<Impulse__> bassicly, i have an esxi with 2 VM's that need to acces the NAS to put files on it, and read from it, and i have a mediacenter that plays movies/music from the NAS.
<Impulse__> before is used Win server, but damn, it used all my resources, and my VM's got problems with authentication to the windows... even with guest acces
<sarnold> patdk-wk: sata 3g seemed so bonkers when it first came out.. :)
<patdk-wk> na, 3g was good when it came out, as disks where almost to the sata 1 limit
<patdk-wk> but 6g coming out so soon after that, seemed insane for awhile
<sarnold> now 12g..
<patdk-wk> ya, but you can get a single ssd that can fill 12g
<sarnold> ooo
<patdk-wk> nvme :)
<patdk-wk> you do need dual channel pcie right?
<sarnold> who doesn't? :)
<patdk-wk> probably wait a year or two before I jump into that
<patdk-wk> give it some time to debug
<bananapie> Any idea what might cause tcpdump to see packets coming in on eth1 when I know the packets are coming in on eth0 ?
<bananapie> I don't see any bonded adapters or bridges on the server using ifconfig
<ikonia> brianblaze420: if tcpdump sees them on eth1 - there is traffic on eth1
<brianblaze420> i see ;)
<bananapie> but how can there by *incoming* traffic on eth1 if I disconnect the wire ?
<bananapie> can tc move packets between interfaces?
<ikonia> brianblaze420: there will be internal traffic
<brianblaze420> ikonia: u r talking to bananapie ;)
<bananapie> but the "internal" traffic that tcpdump is seeing on eth1 disappears when I disconnect the wire for eth0. What's more, the traffic on eth0 is coming from all my devices on the network. If I setup a crossover between my laptop and eth1 and ping the IP on eth0, it replies,  but it shoudln't
<ikonia> brianblaze420: I am, sorry
<brianblaze420> no worries haha
<KiCKiN> how do I add a pair of 500GB drives during install to server 14.04 for srv storage?
<bitfury> anyone know why when I remove munin server and install it again, some configuration files are missing and plugins directory /etc/munin/plugins is empty?
<bitfury> this is ubuntu server 14.04
<bitfury> how do I get it to install exactly the same way as it did when I first install it?
<patdk-wk> bitfury, cause remove doesn't do cleanup
<patdk-wk> you want purge
<patdk-wk> and munin server WILL NOT install plugins
<patdk-wk> the server has nothing to do with plugins
<bitfury> patdk-wk: that's what it was, thanks for clarifying
<patdk-wk> ya, remove is, remove the binaries, but keep my configs and custom stuff
<patdk-wk> purge is, kill it all
<patdk-wk> why you normally don't want purge :)
<bitfury> patdk-wk: weird, installing munin-node still doesn't populate the plugins directory
<bananapie> so it turns out the guy who asked me to look at his server messed with /etc/udev/rules.d/net-persistent.
<bananapie> hehehe
<bananapie> troubleshooting is easier when people are honest
<bananapie> what's worse if they have a loop in their switches..
<massimodecimome> thor
<massimodecimome> Ã¹
<massimodecimome> bye
<pmatulis> what the?
#ubuntu-server 2014-07-23
<blaaa> Are the nosuid, nodev and noexec permissions generally safe to use for the /tmp filesystem on a server? I have found some daemons which write executable files to /tmp...
<yoyo09kh3> is there a way to set upstart log size limits?
<jamespage> jodh, do you know the answer to yoyo09kh3's question?
<jamespage> ^^
<pmatulis> morning
<jeffreylevesque> I tried installing Ubuntu server 14.04, and got the same error as http://ubuntuforums.org/showthread.php?t=1981020
<jeffreylevesque> I couldn't install grub, so I installed LILO during installation
<peetaur2> jeffreylevesque: try putting a UUID in there.... it's stupid to use ambiguous device names
<peetaur2> blkid lists the UUIDs
<peetaur2> put a UUID in fstab and run update-grub, and it will probably do it for you
<peetaur2> (for boot and root)
<peetaur2> sometimes "root" in grub files means /boot
<jeffreylevesque> peetaur2:  What iare UUID?
<peetaur2> universal unique id
<peetaur2> the ones listed by blkid are in the filesystem header stuff
<jeffreylevesque> How so I get those?
<peetaur2> blkid .... already said that
<jeffreylevesque> peetaur2: http://tinypic.com/r/256bbj4/8
<peetaur2> jeffreylevesque: that has no POSIX file systems listed
<peetaur2> eg. ext4
<jeffreylevesque> peetaur2: How do I get that information, sorry I get disconnected on my iPhone (since laptop in inoperable)
<peetaur2> run "blkid" and it prints it on screen
<jeffreylevesque> peetaur2: Got it
<jeffreylevesque> I see the uuid's
<jeffreylevesque> peetaur2: where do I assign these UUID's?
<peetaur2> put them in fstab without the "
<peetaur2> UUID=...    /   ext4  blah blah
<peetaur2> just replace /dev/... with UUID=... without any quotes
<peetaur2> and then run:    update-initramfs -u      and then run    update-grub
<peetaur2> to do that properly, you should be in a chroot or in the root system, not just mounted in /mnt/ or whatever
<jeffreylevesque> peetaur2: The terminal is prefixed with (initramfs).  How do I get I to chroot?
<peetaur2> well you can't chroot from there... but it is possible to get it to finish booting (but not easy) with some manual commands
<peetaur2> you should use a LiveCD or rescue cd
<jeffreylevesque> cd /root?
<peetaur2> the Ubuntu installer rescue mode should offer to chroot for you already
<peetaur2> no... you have to get root mounted, then mount dev, proc, sys in there, then "chroot /whereveryoumountedit/"
<peetaur2> and on initramfs you are missing all the commands to do that
<jeffreylevesque> I put the usb installer in.  Do i go in rescue mode?
<peetaur2> yes
<jeffreylevesque> peetaur2: Where is the fstab file located
<jeffreylevesque> I'm doing the rescue mode
<peetaur2> fstab is /etc/fstab ... and if you have to ask, yo7u should back it up first.    cp /etc/fstab /etc/fstab.bak
<peetaur2> what I do when there's no mouse copy & paste is to run:      blkid >> /etc/fstab       (>> not > or you delete the file)
<peetaur2> and then edit it with vim, and remove the unwanted lines, and copy and paste
<peetaur2> and if you don't know vim, use another editor
<jeffreylevesque> peetaur2: I can cd into '/etc' without doing any unmounting in 'initramfs'. But, there is no fstab
<peetaur2> /etc and everything in your initramfs are inside the initramfs archive... not the real root
<jeffreylevesque> peetaur2: I booted from USB and I did ls, I can see the file now fstab.  But, if I try to use pico or vim, it says /bin/sh: vim: not found
<peetaur2> okay so use nano or vi
<peetaur2> or get in the proper rescue that does the chroot... if you get that one, it'll have whatever your broken OS had installed (and it should come with vi even if not vim and nano and pico)
<jeffreylevesque> That worked
<jeffreylevesque> Nano
<peetaur2> also your chroot should probably have apt-get working... you can even install things
<jeffreylevesque> Im at a library.  So i dont have internet access with their firewall thing
<jeffreylevesque> peetaur2: I hope fstab changes will work, otherwise I have to go home
<peetaur2> jeffreylevesque: you also ran these, right?    pdate-initramfs -u  ;  update-grub
<peetaur2> first puts the info in the initramfs, and 2nd puts it in grub.cfg
<jeffreylevesque> In the shell before modifying fstab?
<peetaur2> after
<peetaur2> those commands read fstab
<jeffreylevesque> Fstab has no defined UUID's
<jeffreylevesque> peetaur2: There are four lines the first column for each is "none"
<jeffreylevesque> My phone is about to die
<jeffreylevesque> Have to go home
<jeffreylevesque> I took notes of what you said
<jeffreylevesque> Second column reads /dev/pts, /run, /proc, /sys
<jeffreylevesque> Third column: devpts, tmpfs, proc, sysfs
<jeffreylevesque> Fourth, defaults;  nosuid,size=10%,mode=755;  0;  0
<jeffreylevesque> The rest of the columns are 0s or blank
<peetaur2> only modify the / and /boot lines
<peetaur2> just change the first column, nothing more
<peetaur2> and back up the files
<peetaur2> if you are unsure, always back up anything you edit, especially things required for booting
<stmiller> The EC2 apt repositories for 12.10 were pulled down immediately when 12.10 went EOL. Does anyone know if 13.10 EC2 repos will remain online? Right now they are (which is a good thing for me at the moment).
<stmiller> ex: http://us-east-1.ec2.archive.ubuntu.com   repositories used by EC2 images
<jeffreylevesque> Ok, created a backup
<cfhowlett> stmiller don't plan on it.  end of life = end of support.  suggest you upgrade to long term support version : 14.04
<stmiller> cfhowlett I know - upgrade is in the works. I am looking for any dates or indications for 13.10 status and those repositories. Otherwise, EC2 automation with 13.10 images is out of luck.
<zartoosh> HI we are developing linux boxes which should have identical system configuration and Os (ubuntu 14.04).  This boxes will boot in UEFI mode. I like to know whether the grub file /boot/efi/EFI/ubuntu/grubx86.efi will be identical for all system, or has some dependencies to installed system?  thx
<TJ-> zartoosh: identical on all, the boot images are secure-boot compatible and therefore using signing just-in-case Secure Boot is enabled
<jeffreylevesque> I found IRC as a webservice
<jeffreylevesque> peetaur2, https://github.com/jeff1evesque/audio-analyzer/issues/351#issuecomment-49870612
<peetaur2> jeffreylevesque: ooookay that makes no sense.  I said to enter the UUIDs for boot and root, but you did it for /dev/pts. And you set it to an exfat partition ... which won't work. And blkid doesn't list any POSIX file systems, so I don't think you have any bootable Linux system there.
<zetheroo1> service networking restart doesn't seem to work for me ... this is what it reports: stop: Job failed while stopping & start: Job is already running: networking
<peetaur2> maybe when you edited fstab, it was not you root, but the live system. Check that with "df" and see which device is mounted on /
<jeffreylevesque> peetaur2, what should the partition be, ntfs?
<peetaur2> jeffreylevesque: you need to find your Linux install .... and it shoudl be a POSIX system:   ext4, ext3, reiserfs, xfs, btrfs (don't use that), etc.
<zetheroo1> I used to be able to use /etc/init.d/networking restart successfully in Ubuntu, but now that too doesn't work
<peetaur2> not exfat, vfat, fat32, ntfs
<peetaur2> and don't break your old ntfs partitions unless you know what you are doing
<peetaur2> back them up
<peetaur2> make sure to format something that Linux can install to (I suggest ext4, the default choice)
<jeffreylevesque> peetaur2, i created the exfat partition yesterday so i could tell which partition i was going to use (stand out against the current ntfs).  I thought ubuntu installer would allow me to erase the exfat partition, and use it accordingly for the Ubuntu Server
<peetaur2> zetheroo1: in 14.04, that script is disabled without telling you. It's a feature. You have to use "ifdown $device" and "ifup $device" now
<jeffreylevesque> How do I remove the partition entirely?
<zetheroo1> so if I change something in /etc/network/interfaces how do I get all the changes applied in one go?
<peetaur2> zetheroo1: ifdown is a stupid non-equivalent though.. for example it won't take down an interface that you removed from /etc/network/interfaces ... for that use:    ip a del ipgoeshere/bits dev $device     (CIDR notation)
<zetheroo1> peetaur2: that is extremely annoying
<peetaur2> it is almost sane.... but makes no sense to just make the script return 0 and print no warnings.  yes... extremely annoying.
<peetaur2> jeffreylevesque: select one in that partition editor you showed me in a screenshot earlier, and say to remove it
<zetheroo1> peetaur2: I am configuring bonding and bridging in the interfaces file and I want it all implemented like in 12.04 ... :P
<peetaur2> jeffreylevesque: but make sure! if you delete your windows partitino, it won't be a dual boot.... it'll be Linux only
<jeffreylevesque> peetaur2, my windows partition is important.  I can't delete that
<zetheroo1> so the command "service networking restart" is also useless!?
<jeffreylevesque> peetaur2, I'm going to record the results of "df"
<zetheroo1> restarting the machine is almost simpler then using this ifdown/up stuff :P
<jeffreylevesque> peetaur2, https://github.com/jeff1evesque/audio-analyzer/issues/351#issuecomment-49877903
<peetaur2> jeffreylevesque: make sure you back it up ... if you're not very familiar with this stuff, it is at risk if you continue without a backup
<jeffreylevesque> peetaur, I cant' access either partitions at the moment
<peetaur2> jeffreylevesque: okay so from that df, I'd say you don't have your linux filesystem mounted.
<peetaur2> jeffreylevesque: well you should find some way to back it up ... one way is to use dd and copy the image to another equal sized disk (in this case the other disk will even boot windows)
<peetaur2> if it's a different sized disk, it will still copy but it is harder to restore and won't boot
<jeffreylevesque> peetaur2, how can you tell that linux is not mounted, and how do I remove the exfat partition.  I guess I'd like the laptop to be able to boot into windows again.  Then, I will try to setup this ubuntu installation again
<peetaur2> if it was mounted, it should show a real disk in the leftmost column, like /dev/sda3 and on the mountpoint column, it would say /
<peetaur2> seeing nothing mounted on / means it's some weird hack like a rescue with some weird root that isn't mounted normally
<peetaur2> maybe you would be best with a gparted live cd for removing the exfat partition
<peetaur2> there are lots of ways, but the gparted gui would be easiest
<peetaur2> gparted can also work in any GUI LiveCD; don't need a special CD
<peetaur2> but the installer has no GUI
<jeffreylevesque> peetaur2, is the best way to remove this phantom ubuntu so my machine boots back up to windows 7, is to use gpart?  Or can I restore my machine another way?
<peetaur2> to make windows boot, you need a proper GRUB installation or some other bootloader. The easiest would be to use the windows cd to reinstall the windows bootloader maybe. I don't know the details on that, but you can ask in ##windows
<peetaur2> I think you should (1) back up everything (2) plan your partitioning.... reserve some space for windows, and for linux, and try to use fewer partitions (3) change your partitions and leave an empty one for Linux (4) install Linux there
<peetaur2> and for dual boot there are more details that I'm not to familar with ...
<micmac> hi
<micmac> so I have an outdated server running ubuntu 11.10, and I'm willing to do an upgrade to 12.04 LTS. the server is in production, so i wish i could do this upgrade at night unattended.
<micmac> I have read about the DistUpgradeViewNonInteractive flag which should agree to every default prompt
<micmac> I have many services, like dovecot, postfix, and so on with custom configuration (virtual aliases...), how can I know the upgrade will not break everything ?
<micmac> where can I read about the changes of every packages/services ?
<micmac> do I really have to read all the changes? or should it work right away (backward compatibility in the /etc config?)
<peetaur2> micmac: the update will break everything... back it up
<peetaur2> micmac: ... is a good assumption to keep you safe. ;)
<micmac> I do backups regularly
<peetaur2> micmac: ubuntu release update deleted my /etc/openvpn once, including private keys. In such cases, only the backup will save you.
<cfhowlett> micmac assume breakage.  have plans to restore and reconfigure your system and pull the trigger
<micmac> ok
<micmac> hmm I could try to clone the server into a VM, then launch the do-release-upgrade, and then check if the services are ok
<micmac> then apply to the original
<micmac> (still with backups)
<micmac> I guess some of the services could have major changes, others would not, depends on the ones I'm using
<peetaur2> testing like that can be good. Might take some time, but might save you a headache.
<micmac> might be better than reading all the doc too..
<cfhowlett> micmac actually, peetaur2 brings up an excellent suggestion.  As you have a production server and need to minimized downtime, you might consider mirroring your present setup on a different box.  then upgrade that and see how it behaves before you go to working box
<micmac> will do that
<micmac> thanks
<micmac> bye
<zartoosh> TJ-, thank you so much you did understand me main reason I was asking this question, it is of Secure Boot. Many thanks again for your answer.
<lordievader> Good afternoon.
<CooLBALL1> what is a chroot?
<CooLBALL1> is it a template for clients on a server?
<TJ-> CooLBALL1: see https://help.ubuntu.com/community/BasicChroot
<patdk-wk> neither
<CooLBALL1> i want to set up a server that runs applications that fat clients can use
<CooLBALL1> are openSSH LAMP and postgreSQL required for this type of server?
<patdk-wk> how should we know?
<patdk-wk> that would depend on what the *applications* are
<patdk-wk> and how you configure them
<DeltaHeavy> I'm getting the following error when running a test on my config for SSL, and through Googling as far as I can tell everything seems to be in line. Anybody have any idea what's wrong, or anything I should be looking into?
<DeltaHeavy> Error: http://p.ngx.cc/c7 - Config: http://p.ngx.cc/d8
<sarnold> DeltaHeavy: why are you trying to use a certificate signing request instead of a certificate or a keyfile?
<DeltaHeavy> sarnold: Yeah, I just realized I can download a set of certs. I forgot I needed one signed. Thanks
<sarnold> hallyn: http://www.openwall.com/lists/oss-security/2014/07/23/10
<hallyn> sigh, every time you post a link from there i have to worry
<sarnold> hallyn: sorry :)
<hallyn> sarnold: that shoulda been easy to spot.  hope i didn't review the patch that went in through
<hallyn> sarnold: what about this one specially interests you?
<hallyn> suppose this coudl explain why rootfs sometiems doesnt' cleanly umount
<sarnold> hallyn: heh, that's always my fear too, "please don't let this one be one I've overlooked'
<hallyn> heck this could explain why the installer hasn't been cleanly umounting for psivaa and plars.  maybe :)
<sarnold> hallyn: mostly that root-in-container seems to be enough to able to trigger it
<hallyn> do you need that?
<hallyn> i thought it said an unpriv user can do it
<sarnold> that -might- just be an artifact of how it affected RHEL?
<hallyn> yeah
<DeltaHeavy> I put these lines at the bottom of /etc/ssh/sshd_config and now I can't connect via my SFTP client. I have this identical config on another server so I'm unsure why it's doing this. Users NOT in the group 'sftp' work though - https://www.refheap.com/88518
<sarnold> DeltaHeavy: check error messages in the logs?
<DeltaHeavy> Bah, true.
<DeltaHeavy> sarnold: Got it working, home directory of the SFTP account had to be owned by root
<jeffreylevesque> could someone assist me.  I messed up by ubuntu server installation
<sarnold> DeltaHeavy: nice. :)
<DeltaHeavy> jeffreylevesque: What's wrong?
<jeffreylevesque> I decreased my C: drive to allow a large enough partition for a dualboot into Ubuntu.  I couldn't decifer which partition I created for ubuntu during install.  So I booted back in windows 7, and made the extra space exFat partition, this way i could tell when I attempted to install ubuntu, hoping ubuntu would reformat the partition as needed.
<sarnold> jeffreylevesque: irc tends to work best if you just ask questions :) see DeltaHeavy's question for a good example :)
<jeffreylevesque> After install, ubuntu starts first, but doesn't load properly, and I can't boot into windows now
<sarnold> jeffreylevesque: in what way does ubuntu not load properly?
<jeffreylevesque> sarnold, https://github.com/jeff1evesque/audio-analyzer/issues/351#issuecomment-49867492
<sarnold> LILO??
<jeffreylevesque> grub wouldn't install
<jeffreylevesque> gave me an error
<sarnold> jeffreylevesque: sorry, this one is way beyond me; it looks like you've got the four primary partitions filled (sda1, sda2, sda3, sda4) then the extended partition (sda5), which seems wrong to me.. and using unetbootin, something I've never tried before, and using LILO on top of everything else...
<DeltaHeavy> jeffreylevesque: Why did you post an issue on a totally unrelated peice of software?
<DeltaHeavy> That's not what that's for :p
<sarnold> jeffreylevesque: you may have better luck in #ubuntu. I know it's a madhouse in there but this channel is mostly populated with folks who have simple server systems that boot ubuntu and only ubuntu. :)
<DeltaHeavy> They're for legitimate bugs, not misuse.
<jeffreylevesque> sarnold, thank you!
<toyotapie> hello. I am updating the IPs on my servers in /etc/network/interfaces. Is there a command to get Ubuntu to update all the interfaces so that it is the same as that which is in /etc/network/interfaces ( like service networking restart, but doesn't horribly break the server ) ?
<Patrickdk> toyotapie, reboot?
<Patrickdk> the correct way is to ifdown, edit interfaces, then ifup
<jeffreylevesque> anyone here know about dual boot with ubuntu server?
#ubuntu-server 2014-07-24
<msx> hi all, sorry to bother here but I'm unable to find the answer anywhere else: i'm looking for a clean way to close the session (logout) from the command line. gnome-session-quit wont work, nor the dbus method shown here: http://askubuntu.com/questions/15795/how-can-you-log-out-via-the-terminal. Also, I don't want to just 'sudo reboot' but a nicier, more polite method so all running application can
<msx> safely end it's ongoing stuff and then end. Any idea?
<sarnold> msx: terminal applications should do something sane when they receive a SIGHUP signal
<sarnold> msx: since HUP doesn't necessarily make sense to guis, they are less likely to do something sane when receiving it.
<sarnold> I've never tried logging out while applications are 'open' -- can linux apps pause or stop a gui-initiated logout or shutdown process? no idea...
<msx> sarnold: ahh, I didn't kno GUI apps didn't follow SIGHUP :P good to know!
<sarnold> msx: one hopes they either handle it or block it, but a great many programmers go out of their way to avoid learning about signals altogether. (I can't say I blame em. :)
<msx> but, i.e. with Unity, when you close a session and there are GUI apps active (like a web browser) they will cleanly shutdown, if you just quit the X server they will most likely crash. So me thinks that there should be a clean, polite way to ask the apps to close and then quit the X session - I could be totally wrong oc!
<msx> sarnold: humm, okay, wasn't aware of that, thank you very much for the heads-up :)
<sarnold> msx: hrm, that dbus answer looked promising
<msx> sarnold: already checked it out but won't work on 14.04 :S
<msx> sarnold: at first i think it didn't work because i called the method from within tmux but I have the same error from a plain bash shell
<sarnold> msx: hey, I think I found something worth trying
<msx> sarnold: weee! Tell me!
<msx> :D
<sarnold> msx: install the d-feet package, run d-feet, and poke aroud in the org.freedesktop.login1 namespace
<msx> roger that, on my way
<sarnold> msx: there's an /org/freedesktop/login1/seat/seat0 path in there, with a Terminate() method
<msx> great, sounds promising
<ruben23> hi guys i have installed vsftpd on my ubuntu server and add user but when i access by ftp client i get login incorrect...i sepcified all teh details on the user i added already- any idea guys..?
<sarnold> msx: and under the org.freedesktop.login1.Session interface, there's a Kill() method.. wonder what that does :)
<msx> sarnold: haha :D
<sarnold> msx: I hope that does the trick :)
<msx> i'm on that, i'll keep you informed!
<sarnold> thanks :D
<msx> sarnold: thank YOU! However this will take a while as I recently started to learn dbus once and for all... as recently as 6 minutos ago =_=
<sarnold> msx: hehe, similarly, I've done my best to ignore dbus, too. hahahaha. :)
<msx> and indeed this D-Feet browser is very useful
<sarnold> yeah, dbus was 100% baffling before someone pointed me to d-feet. now it's just 70% baffling. :)
<msx> xD well, seems we all do the same thing until the tides finally catch us, lol
<sarnold> next up: systemd
<msx> sarnold: well, i have already a foot on it, i've been using arch for a while - and fedora at work - until i returned to my first love (yep, ubuntu)
<msx> sarnold: you will eaither hate it or love it, but for sure there's no space for any other feeling between ;)
<msx> s/eaither/either/g
<sarnold> msx: makes sense. I've wanted a real service manager for ages and cgroups feels less ghetto than ptrace, but i'm not loving how it consumes everything else.. ntp? network configuration? sigh :)
<msx> sarnold: that's my *exact* same gripe on systemd: it started as a much needed upgrade for the PID 1 but since then it has been taking over so much that in a beginning was out of its scope. I don't know if this is a real thing or not but someone told me Poettering want an OS fully based on systemd as its core, most fundamental part and 'sane' API...
<sarnold> msx: hehe, I don't know his intentions, but it sure has grown significantly..
<msx> *wants
<msx> absolutely
<radbasa> Hi, is this a good place to ask for help about UVTool?
<sarnold> radbasa: yeah, but might be a bit late (or early, depending upon your timezone :) -- anyway, can't hurt to try
<socketguru> hi all, can anyone suggest regarding my problem... I have installed ubuntu server 14.04 and want to run systemd for init services...is systemd stable enough for this? I was using archlinux before and systemd was great.. but now we have to use production server which is ubuntu
<sarnold> socketguru: http://www.piware.de/2014/04/booting-ubuntu-with-systemd-now-in-utopic/
<socketguru> thanks :)
<socketguru> so you saying systemd will work without any problem?
<sarnold> no :)
<socketguru> has anyone here used systemd on ubuntu server?
<socketguru> sarnold:  no ?
<sarnold> it looks like it'd be difficult to get it to go on 14.04; and on the devel release, might be decent enough to try
<socketguru> but for production server, we have to give a product which should be stable ...So, what is safe way?
<sarnold> stick with upstart
<socketguru> Do you think upstart is a safe choice?
<socketguru> yeah... okay
<sarnold> systemd may be ready for 14.10 or 15.04, but not yet
<socketguru> the thing is i haven't used upstart.. and I dont know if upstart will smooth journalctl log service
<sarnold> it might be fine for you to play with, but I wouldn't want to run a business on it yet
<socketguru> thanks a lot sarnold
<radbasa> I have successfully create a VM using uvt-kvm with the default usermode networking. I am trying to create a VM with bridged networking. â¦ wait a minuteâ¦ sarnold, in the process of collecting everything (command-line commands and results, config files, and log files) for posting at pastebin, I discovered that the bridged network VM is up and working, but uvt-kvm wait and uvt-kvm ip isn't seeing it. http://pastebin.com/ZkRKDFta
<sarnold> radbasa: yikes, that's way beyond my experiences with it :/ sorry
<radbasa> it's ok. maybe i'll just post it at launchpad
<sebas5384> talking about network
<sebas5384> let's say you are using vagrant using virtualbox as a provider, and into the vm, you have some lxc containers with private ip addresses
<sebas5384> but i want to access from the guest directly to the linux container private address (which is into the vm)
<sarnold> sebas5384: I think you've got two options; (a) set up the guest to do IP forwarding and run it as a router/gateway (b) use brctl to add an ethernet bridge in the guest, bind it to the NIC, and bind the lxc containers' IPs to the bridge.
<sarnold> sebas5384: I don't know either approach well enough to actually do it myself :) but I hope it gives you some reading..
<sarnold> time to bail :) good luck
<sebas5384> sarnold: thanks man!
<sebas5384> sarnold: really helped :)
<radbasa> i used brctl to create an ethernet bridge on the host OS and bound the guest OS to it
<sebas5384> radbasa: thanks
<sebas5384> radbasa: did you sow it in some article? i'm lookin for something for guiding me
<radbasa> sebas5384, I followed step three of this http://xmodulo.com/2014/02/use-kvm-command-line-debian-ubuntu.html
<sebas5384> radbasa: awesome!!
<zetheroo1> I have a KVM host with 7 Windows VM's running inside ... the reachability of the VM's inside using ping is pretty unstable whereas to the host via either hostname or IP address is fine. The Host is configured with a bond and a bridge ... any ideas what could be causing this behavior?
<henkjan> zetheroo1: ubuntu 14.04?
<zetheroo1> yes
<henkjan> zetheroo1: check the conversations on https://lists.ubuntu.com/archives/ubuntu-server/2014-July/thread.html
<henkjan> zetheroo1: disabling KSM might help you
<henkjan> or upgrading to a newer kernel. 3.13 which comes with 14.04 hase some troubles
<zetheroo1> Host is completely upgraded
<henkjan> zetheroo1: check the archives on ubuntu-server maillinglist. url above
<henkjan> there are some serious problems with 3.13 kernel
<henkjan> try installing 3.15
<zetheroo1> this is a productive system ... I cannot be shutting it off and on again or trying to install kernels etc ...
<zetheroo1> :(
<henkjan> 10 to 15% packetloss on production systems is also bad
<bekks> henkjan: Then I'm lucky I'm not affected. :)
<henkjan> zetheroo1: https://lists.ubuntu.com/archives/ubuntu-server/2014-July/006940.html
<zetheroo1> I have to get the VM's migrated then
<zetheroo1> what is the downside of disabling KSM?
<rbasak> zetheroo1: google points me to http://www.linux-kvm.org/page/KSM, http://en.wikipedia.org/wiki/Kernel_SamePage_Merging_%28KSM%29 and https://www.kernel.org/doc/Documentation/vm/ksm.txt
<rbasak> zetheroo1: so I don't know, but I guess it just costs you some more memory.
<xnox> smoser: fixed up https://code.launchpad.net/~xnox/cloud-init/fix-systemd-install-paths/+merge/227918 to be truly generic
<xnox> smoser: and all tests pass now in the modernised debian packaging https://code.launchpad.net/~xnox/cloud-init/fix-packaging/+merge/227931
<codex> I started getting this recently on one ubuntu system (12.04 LTS) [via the daily cron email] "run-parts: /etc/cron.daily/mlocate exited with return code 1". There is nothing else (about a lock), and there is no lock. There are no stale NFS shares or out of space mounts.  I've even purged the DB and re-created it. Also, if I run it manually, it works without any problems. I can't figure out what's causing this for the life of me. Anyone run into anyth
<Patrickdk> I normally just uninstall mlocate
<Patrickdk> see no point in letting it abuse my server every night
<Patrickdk> if you don't use the locate command, that would be a fine thing to do
<codex> It's convenient for when you want to lookup a file, but then again, I guess you grind the entire system for the benefit of not grinding it once when you actually need it
<codex> that's the thing - i do use it every once in a while
<codex> what's strange is I don't see anything about a lock in the cron email. And what's even more strange, it works when I run it by hand. I did a dump of the process table at the time it runs by the cron.daily, and there is nothing else running at the same time/blocking it
<smoser> xnox, thanks. i'll list
<smoser> list ==  look
<fidel_> hi - anyone used to apt-cacher-ng? I am running a virtual server here which acts as apt-proxy for all our ubuntu-servers. this works great so far. now i am realizing that apt-cacher-ng might be as well able to serve other distributions. is that true? experiences are welcome
<peetaur2> fidel_: I use apt-cacher-ng. I like it. And without any new config, it handles debian too.
<peetaur2> fidel_: I haven't tried it with openSUSE, CentOS, etc.
<peetaur2> apt-cacher-ng brings the install of the cluster down to under 15 min :)
<fidel_> hi peetaur2
<fidel_> so you are handling with 1 apt-cacher-ng install both ubuntu and debian?
<patdk-wk> I doubt apt-cacher-ng will work for yum
<fidel_> do i understand that right? no issues cause of simular filenames etc as it has a proper folder-structure in its cache-folder i assume
<patdk-wk> why would simular filenames matter?
<fidel_> well i am unsure. i could imagine it could be critical if packages of ubuntu and debian would be mixes. example: debian client gets paket MC - so its stored in the apt-cacher cache. now an ubuntu client is asking for that package aswell
<patdk-wk> fidel, please think
<patdk-wk> they exist on DIFFERENT SERVERS
<patdk-wk> ubuntu packages are not on the same servers as debian ones
<patdk-wk> and if they where, well, wouldn't be an issue
<fidel_> i do know - but we are talking about the apt-proxy apt-cacher-ng offers to both clients in that case
<patdk-wk> the url for each is different
<patdk-wk> yes, it STORES the hostname too
<patdk-wk> or did you think it should strip it?
<fidel_> as mentioned above - i am/was unsure
<peetaur2> fidel_: yes, one Ubuntu apt-cacher-ng handles any random version of Debian or Ubuntu.
<fidel_> for me it looks like it crates a clean folder-structure inside its cache folder-  like that it shouldnt be critical at all
<fidel_> *creates*
<fidel_> k
<peetaur2> apt-cacher-ng uses some convention where the client tells the server which hostname to use, so it can go anywhere without server side config ...
<peetaur2> if that convention was "http proxy" or "socks5" then it would work on any distro that uses those standards.
<peetaur2> but if it is some debian-only thing, then nope
<patdk-wk> in my apt-cacher-ng folder, the first item is the server name
<patdk-wk> now, to help the cacher work better, it has some regex you can define, that will merge multible server names into one
<patdk-wk> like for sourceforge
<peetaur2> aptproxy is junk and needs config. apt-cacher and -ng just work out of the box, with any urls.
<patdk-wk> the real issue wouldn't be ubuntu vs debian, but using ppa's and 3rd party sources though
<peetaur2> any apt ones that is
<peetaur2> ppas work fine too...
<fidel_> thanks to both of you
<patdk-wk> peetaur2, even if it didn't store the hostname/paths?
<peetaur2> I have several machines using apt-cacher-ng with zfs ZoL PPA for example
<jeffreylevesque> peetaur2, are you familiar with 'UNetbootin'?
<peetaur2> yes no config.... just "apt-get install apt-cacher-ng" and assuming firewall, etc. are set up, it'll work
<peetaur2> jeffreylevesque: that hack to make usb sticks boot CDROM isos? only aware of its existence, and have not used it.
<jeffreylevesque> ok, thank you!
<peetaur2> in fact, every debian and ubuntu machine I know of in the office uses my apt-cacher-ng (excluding private VMs on people's windows that I don't control),
<peetaur2> and it's nearly flawless. apt-cacher would crash often and needed a watchdog. apt-cacher-ng works great, and only once ever was not responding and a simple restart fixed it.
<peetaur2> so..... I tested urls like http://aptproxy:3142/startpage.com/ and tried by setting my proxy in the proxy settings, but it just gives me an error page saying to use the apt setup.
<peetaur2> so my guess is it won't work for yum, zypper, etc.
<peetaur2> now to try removing such filters in the config ;)
<gnuoy> rbasak, I have raised a bug with debdiffs for merging upstream nagios-nrpe (Bug#1348142) but it's not clear to me who I should subscribe as the sponsor.
<rbasak> Looking
<gnuoy> thanks
<rbasak> gnuoy: normally you need to subscribe ~ubuntu-sponsors. That gets it into the sponsoring queue at http://reqorts.qa.ubuntu.com/reports/sponsoring/index.html.
<rbasak> gnuoy: but I'll stick this on my todo to review/sponsor so no need.
<gnuoy> rbasak, perfect, thank you
<zul> jamespage:  newer pycadf is needed according to the requirements.txt for now
<zul> for nvoa
<jamespage> zul, +1
<jamespage> zul, sqlalchemy +1
<jamespage> zul, I think that general if a minor version bump is involved (rather than patch) its probably worth updating for Juno CA
<zul> jamespage:  ack...i think new depencies we should agree on automatic +1
<multihunter> hi
<multihunter> I'm trying to use winscp to login as admin then change session to root. I changed sftp serer to "sudo su -c /usr/lib/openssh/sftp-server" When I have this line in visudo everything works fine: admin ALL=(ALL) NOPASSWD: ALL
<multihunter> but I want to limit that NOPASSWD so I tried using admin ALL=(ALL) NOPASSWD: /usr/lib/openssh/sftp-server
<multihunter> and now winscp cant connect. how to solve this?
<rbasak> sudo isn't calling sftp-server. It's calling su.
<rbasak> Why are you calling su anyway?
<Tzunamii> Create a dedicated user, give it a specific group and assign the group the necessary permissions. Never use root for such tasks
<multihunter> what if I need to work on some files in /root (via winscp)?
<Tzunamii> Maybe you should reconsider how you have set up your workflow and the access to it
<multihunter> well there's nothing in /root yet, I was just looking for a general way. Thanks
<patrick_M> having trouble on trusty with vnc server - can anyone confirm this as a problem: https://bugs.launchpad.net/ubuntu/+source/gnome-session/+bug/1274013
<uvirtbot> Launchpad bug 1274013 in gnome-session "gnome-session is broken without 3d acceleration, breaking gnome-flashback on non-3D H/W and cloud environments (Forwarded-X, VNC and NX/X2GO) (dup-of: 1251281)" [Critical,Confirmed]
<uvirtbot> Launchpad bug 1251281 in gnome-session "xrdp from gnome-session-fallback shows static gray screen via remmina or vinagre" [High,Triaged]
<Pici> patrick_M: You'll probably have better luck asking in #ubuntu, as ubuntu-server does not ship with a GUI.
<patrick_M> ok, I'll try there also - but just as an fyi, this is on server
<lordievader> Good evening.
<zartoosh> hi I am looking for refind package, any one knows where I can download it from? thx
<ToAruShiroiNeko> I am trying to install and configure rsnapshot. I am a bit overhwlmed by certain parts though. Any help?
<bitbyte> do any of you guys know how to switch sessions on ubuntu server. I was doing an update and my laptop died and it got stuck mid update and now the dpkg resource is busy being used.
<bitbyte> I wanna try connect to the session and finish the update I think its stuck at a prompt
<matt2000> bitbyte, I dont know how to do it after the fact, but I generally use the screen utility to run such things, since it does allow reconnecting.
<blaaa> I am building apparmor profiles for an ubuntu 14.04 server, I wonder if I should expect 'usr.lib.postfix.master' to pop up in future revisions of the apparmor-profiles package
<bitbyte> hey guys im trying to rename alot fo files and they all are like âOP-41 L@mBerTâ im trying to remove the L@mBerT any ideas where I can start on getting this achived theres around 800 files to renmae
<tgm4883> The backup/restore guide for LDAP on the server guide doesn't appear to work  https://help.ubuntu.com/lts/serverguide/openldap-server.html#ldap-backup
<tgm4883> I'm failing at the first slapadd for config.ldif
<tgm4883> slapadd: could not add entry dn="cn=config" (line=1)
<tokata> .
<byte> .Â²
<thumper> hallyn, stgraber: have tracked down a juju lxc issue to the change of meaning of the "-c" flag on lxc-start in 0.9 to mean device instead of filename
<thumper> any suggestion on the best way to support 0.8 and newer versions?
<thumper> does 0.8 barf if we give it -L (or --console-log) ?
<mnaser> so after hours of debugging, i finally found the bug which was causing a lot of issues i was getting
<mnaser> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1346917 -- it looks like it was commited but how do i know if it was built with it?
<uvirtbot> Launchpad bug 1346917 in linux "Using KSM on NUMA capable machines can cause KVM guest performance and stability issues" [High,Fix committed]
<mnaser> or rather, how do i know if/when a kernel comes out with that updated
<sarnold> mnaser: when it's published, a notice will be appended to that bug with the changelog entry; subscribe to that bug for an email
<mnaser> sarnold: ah okay, is there any usual "timeframe" or "schedule" for kernel compiles?
<hallyn> yeah that was a hellofabug
<hallyn> thumper: that change has caused some problems...  I'll (or the list will) have to think through it.  Could you please post an email to lxc-devel, or open a bug?
<sarnold> mnaser: I think they happen every three weeks...
<mnaser> ah i see
<hallyn> phew, think i've uncovered another annoying bug in libnih-dbus-assumptions...  converted cgm from a dbus-send wrapper script to a c program;  now the GetTasks method on an empty cgroup claims to return an error.  Sigh.
<thumper> hallyn: opened this bug for juju https://bugs.launchpad.net/juju-core/+bug/1348386
<uvirtbot> Launchpad bug 1348386 in juju-core/1.20 "lxc template fails to stop" [High,Triaged]
<hallyn> thumper: stuck it in my list to look at tomorrow.  disappearing shortly - ttyl
<thumper> hallyn: ack
<hallyn> (i think stgraber will be back tomorrow, he may actually remember something about this other than that others have brought it up :)
<hallyn> thumper: so to be clear, waht you want is what is now the "-L" option?
<hallyn> I think having lxc detect that the console device is not a device, and falling back to -L, would be reasonable
<thumper> hallyn: what I want is really just a way to be able to determine which flags to pass
<thumper> since we want to support centos, can't even use dpkg to figure out version
<thumper> actually, that would be reasonable...
<thumper> the fallback that is
<thumper> problem is, that supporting a fallback option for lxc is a big problem, as you have many version to tweak
<thumper> if juju could work it out, it would be easier for us
<hallyn> you say 0.8 was when this happened?
<thumper> the docs for 0.8 say -c is a filename, 0.9 -c is a device
<hallyn> oh i think that was commit 596a818d4b8b55586d36af518b745cd96b24c67a
<thumper> just looking at docs to determine this
<hallyn> "separate console device from console log"
<thumper> sounds like that could be it
<hallyn> so you do have a simple way to detect then,
<hallyn> try "-L", if it fails, you can use -c for -L
<thumper> we could
<thumper> if using -L on 0.8 fails in a way we can detect
<thumper> it's kinda icky, but would work
<hallyn> it should fail giving you usage output
<hallyn> or i can do the fallback for -c, but that wont' help with all the version already out there
<thumper> right
<hallyn> I must dash - if the bad-args-detect works for you, pls comment in the bug?  I'll check it tonight.
 * hallyn out
<thumper> kk
#ubuntu-server 2014-07-25
<superdave321> does anyone know anything about ajenti?
<tash> is there some way to tell if I'm actually vulnerable to this? http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0118.html
<uvirtbot> tash: The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118)
<tash> aside from checking to see if the mod is enabled or not. I definitely see that the mod is enabled, but is there some way to look inside the module code to see if said function is there?
<TJ-> tash: That CVE lists the package versions that contain the fix
<tash> TJ-, I understand that. But how can I find out the actual function is being used.  Is it possible that it is commented out? That's what I'm getting at.
<tash> Would I have to talk to the developers of the site/app to determine if the vuln affects my stuff?
<TJ-> tash: which release/apache version are you using?
<gambol> hey guys, which d-i option will skip asking me the "hostname" in preseed cfg file
<TJ-> tash: You can see the patches in the debian/patches/ directory of the source diff file published from the security team
<TJ-> tash: e.g. for Trusty, https://launchpad.net/ubuntu/trusty/+source/apache2/2.4.7-1ubuntu4.1 and the "apache2_2.4.7-1ubuntu4.1.debian.tar.gz" file
<gambol> right now the pxe installation stops at the "hostname" setting pharse, waiting my press enter.
<gambol> I just want to acceput the hostname which getting from dhcp/dns automatically
<TJ-> gambol: I'm not sure, almost guessing here, but have you considered "d-i netcfg/get_hostname seen true"
 * gambol tries on TJ- 's tip...
<gambol> TJ-, Thanks a lot
<gambol> I finally figure it out, but it is not "seen true" issue for me
<gambol> it is "priority=critical" in kernel boot
<gambol> thanks a  lot
<TJ-> gambol: I did wonder about that :)
<arrrghhh> Hi all.  Hoping to upgrade LTS-to-LTS, and waiting for the .1 release... do-release-upgrade still tells me nothing is available.  .1 was released yesterday I thought?
<sarnold> arrrghhhAWAY: "a few hours ago" would probably be more accurate..
<heftig-z> has anyone had any success suspending a ubuntu VM to disk? (not using the hypervisor's pause feature)
<zetheroo> seems like disabling KSM in qemu-kvm is not working after all !! :(
<zetheroo> Look like I am going to revert back to 12.04 - this is rubbish!
<jamespage> zetheroo, yes there is a problem in the 3.13 kernel - its being investigated now; for now the workaround is to disable KSM
<jamespage> zetheroo, that should be OK - let me find out the details
<zetheroo> I disabled KSM yesterday ... it seemed to have solved the networking issue but then today it's starting again ... :P
<zetheroo> jamespage: basically the guests are no longer pingable - 40% - 90% packet loss
<jamespage> zetheroo, that's inline with what other people have seen
<zetheroo> and then a couple minutes later they are pingable again
<jamespage> zetheroo, normally this starts to happen after XXX period of time
<zetheroo> right - for us it's happening a day after disabling KSM
<jamespage> zetheroo, https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1346917
<uvirtbot> Launchpad bug 1346917 in linux "Using KSM on NUMA capable machines can cause KVM guest performance and stability issues" [High,Fix committed]
<zetheroo> is there anything I can do to keep things running? - Even if I have to pass a command to restart a service ever few hours - ...
<jamespage> zetheroo, still pinging folks - people have definately been able to workaround this problem and disable KSM completely
<ujjain> i need the cloud, how do i install it?
<zetheroo> jamespage: is it enough to disable KSM in qemu-kvm ?
<jamespage> zetheroo, https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1338277/comments/1
<uvirtbot> Launchpad bug 1338277 in linux "Ubuntu 14.04 + QEmu 2.0 + KSM = 1, makes Windows 2008 R2 guests to crash (BSOD) (dup-of: 1346917)" [Undecided,Confirmed]
<uvirtbot> Launchpad bug 1346917 in linux "Using KSM on NUMA capable machines can cause KVM guest performance and stability issues" [High,Fix committed]
<zetheroo> Will restarting the qemu-kvm service and libvirt-bin service every so often help?
<zetheroo> jamespage: I have already disabled KSM in the qemu-kvm file ... shutdown all the guests and rebooted the host. But that was yesterday, and it seems to have worked until this morning.
<jamespage> zetheroo, you probably want todo it at the system level as well
<zetheroo> jamespage: This morning I restarted both the libvirt-bin and qemu-kvm services and things are holding for the last 15 min ...
<zetheroo> jamespage: At "system level"?
<jamespage> zetheroo, echo 0 | sudo tee /sys/kernel/mm/ksm/run
<zetheroo> output = 0
<jamespage> zetheroo, that's good - if cat /sys/kernel/mm/ksm/run returns "0" its disable in the kernel itself
<zetheroo> yes, it returns 0
<jamespage> zetheroo, so even if qemu tried to use KSM, the kernel won't do it now I think
<jamespage> zetheroo, see how that goes; it looks like the kernel team have a fix in the pipeline for the next kernel update which is good
<zetheroo> but I turned KSM off yesterday ... and the networking issues reoccurred today
<zetheroo> how long do you think before the fix update hits the mainstream repos? Days/weeks/months?
<zetheroo> And it's happening again :P
<jamespage> zetheroo, gah
<jamespage> zetheroo, arges will be around later (he's US based) he would know the timescale better that I do
<jamespage> zetheroo, I appreciate that this is less than ideal
<zetheroo> :) only slightly
<jamespage> rbasak, any thoughts on https://launchpadlibrarian.net/180674038/buildlog_ubuntu-utopic-arm64.mysql-5.6_5.6.19-1~exp1_FAILEDTOBUILD.txt.gz ?
<jamespage> I'm assuming that's some sort of compiler bug
<jamespage> zul, hallyn: I raised this - https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1348551
<uvirtbot> Launchpad bug 1348551 in qemu "qemu-kvm upstart configuration from qemu-system-x86 relies on binary from qemu-kvm" [Undecided,New]
<jamespage> it seem to so obvious that I must be doing something wrong.
<jamespage> but utopic is the same
<rbasak> jamespage: I agree - compiler bug.
<rbasak> I'm not sure who could take that on. doko? Linaro?
<rbasak> jamespage: shall we hit the rebuild button and see if it reproduces?
<jamespage> rbasak, already did that
<jamespage> rbasak, raised https://bugs.launchpad.net/ubuntu/+source/gcc-4.9/+bug/1348560
<uvirtbot> Launchpad bug 1348560 in gcc-4.9 "/build/buildd/mysql-5.6-5.6.19/storage/perfschema/pfs_host.cc:289:1: internal compiler error: in final_scan_insn, at final.c:2897" [Undecided,New]
<rbasak> Subscribed, thanks!
<sonne> 14.04.1 is out right?
<sonne> i'm still getting 'No new release found' on my precise servers...
<heftig-z> has anyone had any success suspending a ubuntu VM to disk? (not using the hypervisor's pause feature)
<rbasak> mdeslaur: uploaded apache2 2.4.10-1ubuntu1
<mdeslaur> rbasak: thanks! :)
<gnuoy> rbasak, It looks remarkably like the nagios-nrpe merge is done \o/ Thank you for all the help
<rbasak> gnuoy: I ahdn't got to that yet! Looks like dholbach sponsored it for you. Nice one!
<gnuoy> rbasak, how do I see who sponsored it ?
<rbasak> gnuoy: https://launchpad.net/ubuntu/+source/nagios-nrpe/2.15-1ubuntu1
<gnuoy> ah, I was lookking on the bug. thanks
<rbasak> You can construct that URL for any source package, or click through from https://launchpad.net/ubuntu/+source/nagios-nrpe
<hallyn> jamespage: You don't say in the bug what went wrong and what you expected;  i have no idea what bug 1348551 is asking for
<uvirtbot> Launchpad bug 1348551 in qemu "qemu-kvm upstart configuration from qemu-system-x86 relies on binary from qemu-kvm" [Undecided,New] https://launchpad.net/bugs/1348551
<hallyn> oh
<jamespage> hallyn, the check at the start of the pre-start script exits if /usr/bin/kvm does not exists
<jamespage> so none of the rest of the script executes
<jamespage> unless you have qemu-kvm installed
<hallyn> feh, i think this happened with one of hte recent pkg reorgs in debian
<hallyn> jamespage: any downside to using /dev/kvm?
<hallyn> oh yeah, won't work with old systems where kvm isn't autoloaded
<hallyn> but qemu-kvm is not a transitional package
<hallyn> apw: smb: does having kvm mounted at boot depend on a newer kernel, or a newer udev?
<smb> hallyn, you mean the kvm modules loaded automatically, that is kernel
<hallyn> smb: are there any support kernels left where that does not happen?
<smb> hallyn, Lucid probably
<hallyn> smb: i'mthinking for cloud archives,
<hallyn> do we still support any precise with 3.2 kernel?
<smb> hallyn, Let me check to make sure, but I think Precise already was having the alias setting
<hallyn> smb: that woudl be great
<smb> hallyn, Hm, no. I remembered that wrong
<hallyn> jamespage: do we support cloud archive with 3.2 kernel, or does cloud archive force a newer kernel?
<smb> So Precise would be the one which does not auto-load the kvm modules
<hallyn> smb: ok, so we could have qemu-system-common.postinst modprobe kvm i suppose.  that's kind of ugly
<hallyn> or, we can make the check "if [ ! -c /dev/kvm -a ! -f /usr/bin/kvm ]; then { stop; exit 0; } fi;"
<hallyn> then we say that in precise you have to have qemu-kvm installed;  minimize the problem at least
<hallyn> jamespage: ^ preference?
<jamespage> hallyn, 3.2 is supported with the cloud archive
<jamespage> hallyn, I'm not sure that device presense is the right thing todo here; the check is really to deal with when the package is removed but not purged
<jamespage> you want the upstart configuration to just no-op in this case
<jamespage> so checking for a binary provided by qemu-system-x86 would make sense IMHO
<hallyn> it's not only for qemu-system-x86
<jamespage> hallyn, but its provided by that package
<hallyn> arm, arm64, ppc,
<hallyn> hm, maybe it should be provided by qemu-kvm
<hallyn> and made avaialble on the other arches
<jamespage> hallyn, is qemu-kvm not transitional then?
<hallyn> jamespage: all right, fine.  I think it's ugly, but I'll change it to that.  thanks.
<hallyn> no
<hallyn> mjt had wanted it to be :)
<hallyn> So, this means we never have ksm enabled by default on arm64 systems?
<hallyn> That's a shame
<jamespage> hallyn, qemu-system-common might be a better place?
<hallyn> I think so
<hallyn> script will need updating then to load the right modules for other arches;  but that's worth doing.
<jamespage> hallyn, its depended on by all of the arch specific packages
<hallyn> what is
<jamespage> qemu-system-common
<hallyn> oh, yes.  that's the point of it :)
<jamespage> indeed
<jamespage> hallyn, so right now the way the charms deploy nova-compute means that qemu-kvm upstart configuration never applies any changes AFAICT
<jamespage> hallyn, result is that KSM never gets enabled :-) which is why we did not see this issue on serverstack
<jamespage> this issue == KSM issue
<hallyn> "you're welcome"    (j/k)
<jamespage> lol
<hallyn> yeah unfortunately this stuff got moved around quite a bit the last cycle or two, as debian is wanting to change things;  i apparently lost track ofthat part
<hallyn> jamespage: fixed in git://anonscm.debian.org/pkg-qemu/qemu.git #ubuntu-dev
<jamespage> hallyn, +1
<hallyn> looking to see if there are any other fixes i should push in along with it...
<cipher__> Can anyone recommend an alternative to dovecot?
<cipher__> I can't manage to set it up properly
<rbasak> zul, coreycb, matsubara, jamespage, gnuoy, gaughen, kickinz1, beisner-afk, rharper, lutostag-away, smoser, hallyn: ready for another merge sprint?
<gnuoy> yes!
<rharper> rbasak: \o
<rbasak> Everyone else: my team are going to do some virtual sprinting for the next couple of hours to get a bunch of server packages merged and sponsored.
<kickinz1> Ready!
<jamespage> rbasak, yes
<rbasak> Feel free to watch, or join in, etc. There are sponsors here to try and help and get packages and other server fixes landed.
<matsubara> o/
<rbasak> http://reqorts.qa.ubuntu.com/reports/ubuntu-server/merges.html is a list of ~ubuntu-server subscribed packages that may need a merge
<rbasak> https://merges.ubuntu.com/ has the full list
<rbasak> https://wiki.ubuntu.com/UbuntuDevelopment/Merging is a helpful guide
<rbasak> Shall we refresh the list of packages that everyone was working on?
<rbasak> How about a pad, actually?
<gnuoy> I'll take pacemaker unless anyone has that already
<rharper> rbasak: sure
<rbasak> http://pad.ubuntu.com/server-team-merges
<kickinz1> was on keepalive, needed to finish discuss about, and maybe uploading.
<rharper> rbasak: I left off with vgabios, confused because it appeared that all of the patches were already applied  but quilt didn't think so.
<gnuoy> rharper, my patch says "It looks like this package is maintained in revision control: ... You almost certainly don't want to continue without investigating". You had that last week right ?
 * gnuoy goes to the irc logs
<rbasak> gnuoy: yes, that's common.
<rharper> gnuoy:   yeah; though that's not a big deal, just means we need to look at the patches
<gnuoy> ok, sounds good. thanks
<rbasak> Some packaging is maintained in VCS. Openstack packaging, for example (I think?)
<rbasak> Most of the Ubuntu desktop packages are as well I think.
<rbasak> The VCS-* fields in debian/control are supposed to point to the VCS
<hallyn> jamespage: <phew> ok, finally fixed in all places I hope, thanks for raising that.
<rbasak> But we end up with those fields in packages with an Ubuntu delta, where strictly speaking it isn't the Debian VCS since we have diverged.
<rbasak> So what I'd like to try today is:
<rbasak> 1) Everyone pick a package, update the pad so we know what everyone is working on, and work on it.
<rbasak> 2) When blocked, please ask, and if I'm behind, put a note on the pad, so that I don't forget to get to you.
<rbasak> 3) I'll answer questions here on IRC, review and sponsor, etc, and work on  clearing the "blocked" list.
<rbasak> 4) Anybody else who can mentor or sponsor, please do the same.
<rharper> rbasak: I run grab-merge vgabios; the vgabios-0.7a-5ubuntu1/  already has the patches applied;  to confirm this, I unpacked vgabios_0.7a.orig.tar.gz; copied in the debian/patches, then ran quilt push -a; and they all cleanly apply
<rbasak> Any suggestions, feedback, questions, comments on that process?
<jamespage> grabbing erlang
<kickinz1> seems good to me
<rbasak> OK, so I'll try to go in order. kickinz1 first with keepalived.
<kickinz1> ok
<rbasak> Meanwhile if anybody else can help rharper please do, otherwise I'll get to you asap.
<rbasak> kickinz1: so where are you with keepalived?
<rharper> rbasak: sounds good
<jamespage> rharper, what do you have?
<rharper> jamespage: vgabios
<kickinz1> we end up with an old patch that was not applied any more, for a libnl3 compatibility
<rharper> jamespage: there's a trivial conflict in the debian/control file (orig maintainer update)
<jamespage> rharper, OK
 * beisner looks at asterisk
<rharper> after resolving, the package builds fine as-is; but rbasak suggested that I try to apply the patches; but the odd thing was that all of the patches are applied in the -1ubuntu5 dir -- but not .pc dir
<rharper> so quilt doesn't think they are
<kickinz1> and a upstart modification that came with edgy release, was asking if those patches still need to be out of sync with debian.
<hallyn> rharper: ok lemme take a look over ehre
<kickinz1> -end of memory-
<rbasak> kickinz1: OK, looking and trying to remind myself now
<rbasak> rharper: if it builds, then that suggests to me that the patches applied OK.
<lutostag> rbasak: same problem as rharper -- my autofs_5.0.8.orig.tar.bz2 already has debian/patches/* applied
<rbasak> rharper: I tend to ignore .pc - that's just quilt's internal state. I tend to "quilt pop -a" and rm -Rf .pc if in doubt
<rharper> rbasak: they do actually, if I unpack the orig.tgz, and copy over the debian dir, quilt will appliy them all
<jamespage> rharper, I think there is a bug in the grab-merge tool or the bit serverside that generates one of the tarballs
<cipher__> dovecot is the only mail server for smtp?
<rbasak> cipher__: dovecot is primarily IMAP. postfix or exim for SMTP
 * rbasak focuses on kickstartd
<rbasak> Uh, keepalived.
<lutostag> rbasak: nvm, my orig.tar is clean; I think I can move forward
<jamespage> rharper, I just hit the same thing with erlang
<rharper> jamespage: yeah -- I tried with the grab-merges.sh versus the one in the dev tools; they do the same thing w.r.t patch appling
<rharper> applying
<rharper> so, what;s the next step then since it builds OK ?
<jamespage> rharper, generate a debdiff and give it to me for sponsorship
 * beisner keeps picking doozies.  grab merging asterisk sends a scary message
<rharper> jamespage: ok, so debdiff between the debian version and the 1ubuntu5 version ?
<rharper> using the .dsc files?
<jamespage> rharper, yep
<rharper> ok
<beisner> ie.  *** WARNING ***  It looks like this package is maintained in revision control ... You almost certainly don't want to continue without investigating.
<jamespage> beisner, don't worry to much - if the Vcs fields are debian ones thats fine
 * jamespage listens to the fan spin up as erlang builds
<rbasak> kickinz1: AFAICT, the previous ubuntu_libnl3.patch was never applied because it didn't appear in debian/patches/series
<matsubara> rbasak, Does it take some time to update http://reqorts.qa.ubuntu.com/reports/ubuntu-server/merges.html? For python-flake8 it says the zul uploaded the last version (2.1.0-1ubuntu2) quite recently but when I run grab-merge on it, I get 2.1.0-1ubuntu1 instead
<rbasak> kickinz1: looking at the actual diff
<zul> matsubara:  yeah i did it this morning
<rbasak> matsubara: yes - both the report and grab-merge are processed only periodically.
<matsubara> zul, rbasak: ah, ok. I'll pick another one then.
<rbasak> kickinz1: also, my diff doesn't show the build-depends line changing either.
<kickinz1> the only diff I saw was in the upstart.
<rbasak> kickinz1: I only see the postinst change, and the init script
<kickinz1> don'tknow if it worth keeping a difference.
<rbasak> ANd update-maintainer.
<rbasak> And the patch file, but no change to the series file.
<rbasak> kickinz1: so it looks like other changes were dropped previously, and the changelog message was inaccurate.
<rbasak> kickinz1: I see no need to keep the patch file around unless it was actually used. Launchpad archives old source packages anyway, so they will always be available to anyone investigating.
<rbasak> kickinz1: so, it looks to me like the merge before was correct, except for the changelog message and an unneeded patch file.
<rbasak> kickinz1: do you want to prepare a debdiff against 1.2.13-1 for sponsoring, with only those changes, dropping the unneeded patch file, and with a changelog message that reflects only the changes in that new debdiff only?
<kickinz1> Ok I'll do
<kickinz1> I'll keep you informed if I'm blocked, thanks
<rbasak> Thanks.
<rbasak> I think nobody is blocked right now, right?
<rbasak> I'll work on exim4, then.
<rbasak> jamespage: yeah I agree that merge-o-matic is buggy
<rbasak> I see it for exim4 too
<rbasak> exim4_4.82.1-2ubuntu1.src.tar.gz contains patches already applied, but no .pc directory
<thegoat> is there a way to bind nfs to a certain IP?
<hallyn> rharper: hey,
<beisner> rbasak, first pkg merge, still taking in the pieces.  not necessarily blocked, other than by familiarization
<hallyn> rharper: so regarding vgabios, I woudl ignore grab-merges
<rharper> hallyn: here
<hallyn> rharper: pull-debian-source and pull-ubuntu-source, and look at the ubuntu changelog - the only ubuntu delta was the last patch
<rbasak> beisner: sure, no problem. There's a ton of stuff to take in when you first start.
<rbasak> beisner: let me know if I can help
<hallyn> rharper: so, look at the contents of that patch, and see that it is all applied in the source tree now
<hallyn> rharper: if it is, then you can do a simple sync
<rharper> hallyn: yeah, it looks like it should be a sync
<rharper> so, how does one do the sync ?
<hallyn> rharper: agreed, so you can run 'syncpackage'
<hallyn> hm, i'm not sure how to do that in a sponsored way.
<hallyn> zul: ^ do you know how someone can do syncpackage in a way that someone can sponsor it?
<rharper> sounds like I need to find a different package and let a sponser, like jamespage  do it ?
<rbasak> hallyn: yes - you run syncpackage. There's a flag, hold on.
<zul> hallyn:  not off the top of my head
<hallyn> i do see '-s', but that would be for me to use, not him, i assume :)
<rbasak> hallyn: -s <launchpad_id> to sponsor.
<rbasak> hallyn: right. You have to run syncpackage. rharper would technically file a sync bug to explain and request, but you could just do it for him and sponsor with -s.
<rbasak> I think that's how it's supposed to work.
<hallyn> surely we don't need a sycn bug
<rbasak> Right
<rbasak> I think it's fine to request and explain on IRC, and if you're satisfied, for you to JFDI with -s
<hallyn> ok - rharper your lp id is raharper right?
<hallyn> i'll do try that, thx
<rharper> hallyn: raharper
<hallyn> rharper: you can meanwhile go on to a ne wpackage :)  ipxe or seabios? :)
<rharper> hallyn: hehe
<hallyn> ipxe could be a doozie
<rharper> neither of those are on merges
<hallyn> someday we need to reconsile the symlinks between debian and ubuntu between ipxe and qemu :(
<hallyn> ok
<superboo1> Hi all. I've got a raid 10 through mdadm that just had a hiccup (now in the process of resyncing). This array holds the company files and webserver files. After/because-of the hiccup, the system fully locked up. I can't see any relevent info in syslog. Two questions: first, where can I check to deturman the reason for the full system lockup, and for the array problem? And seccond, can a raid10 mdadm array be used/access
<hallyn> rharper: so what i did was "syncpackage --force -s raharper vgabios"
<hallyn> rharper: in dpoing so, i noticed the debian package is orphaned
<hallyn> you might want to consider adopting it :)
<hallyn> you can join us on oftc#debian-qemu and tell mjt how much you'd love to do so
<rharper> hallyn: hehe
<bitfury> !info bind
<ubottu> Package bind does not exist in trusty
<bitfury> !info bind9
<ubottu> bind9 (source: bind9): Internet Domain Name Server. In component main, is optional. Version 1:9.9.5.dfsg-3 (trusty), package size 273 kB, installed size 931 kB
<rharper> hallyn: don't you have to be a debian/ubuntu dev to adopt a package ?
<matsubara> rbanffy, so, I took pep8 package instead, did grab-merge.sh and it has a ton of conflicts. I sorted all of them but one in pep8.py which seems that the ubuntu package introduce more code than there's in the debian package.
<matsubara> rbasak, ^
<rbanffy> :-)
<rbanffy> matsubara, I just went through a WTF moment ;-)
<matsubara> rbanffy, sorry, tab completion failure
<rbasak> matsubara: OK, I'll take a look.
<rbasak> BTW, I'm told that merge-o-matic is broken with respect to the .src tarball when there is a conflict, with quilt patches applied but no .pc directory
<hallyn> rharper: no, I maintain netcf, i'm not a dm or dd.
<rbasak> http://people.canonical.com/~cjwatson/dpkg-quilt-setup is a workaround to fix that up
<hallyn> rbasak: you just need someone to sponsor every upload
<rbanffy> matsubara, no problem.
<hallyn> i bet rharper could get mjt to sign on as his sponsor
<rharper> hallyn: ok, I'll give it some thought;  would be interested in going through the process a few times
<hallyn> rharper: cool
<matsubara> rbasak, this is the conflict I'm not sure how to sort out: http://pastebin.ubuntu.com/7856600/
<rbasak> matsubara: OK so you have a special case here.
<rbasak> matsubara: first, look for the reason that Ubuntu diverged.
<rbasak> This probably applies to all merges.
<rbasak> In this case, it wasn't because we had some additional patches or anything.
<rbasak> It's because we needed a new upstream version ahead of Debian.
<rbasak> https://launchpad.net/ubuntu/+source/pep8/1.5.6-0ubuntu1 is the evidence of that.
<rbasak> The 0 in -0ubuntu1 is the standard for a version in Ubuntu that is not packaged in Debian.
<rbasak> matsubara: so that's why grab-merge is giving you strange results.
<rbasak> matsubara: the goal here is to resync with Debian, so to upload a new package to Utopic that has only the minimal changes that Ubuntu needs.
<rbasak> matsubara: as Debian now has a more recent upstream version that Ubuntu, we can probably just sync that package.
<rbasak> matsubara: all we have to look out for is that we're not going to regress anything in Ubuntu - is there anything in the current Utopic package that would be lost if we synced?
<rbasak> matsubara: if the answer is that there would be no regression, then we can sync.
<rbasak> matsubara: does that make sense?
<matsubara> rbasak, It doesn't look like we're going to regress anything by using debian 1.5.7, which is basically what I did sorting out the conflicts pointed out by grab-merge (that is, I kept the debian changes and deleted the ubuntu conflict markers)
<matsubara> rbasak, so how do I sync it?
<rbasak> matsubara: right. But we probably don't even need to examine the detail. At a high level, Ubuntu didn't introduce any change diverging from either Debian or upstream, so now that Debian has caught up, we don't need to examine conflicts manually.
<rbasak> matsubara: so https://wiki.ubuntu.com/SyncRequestProcess is the normal process, but that's just to request a sponsor, and we have sponsors available here.
<matsubara> rbasak, I see
<rbasak> Looks like I can't upload pep8, so we need to ask someone who can. hallyn, maybe please?
<rbasak> Or zul, as he last uploaded pep8?
<zul> sure just gimme the place where i can get it
<rbasak> zul: it's a sync :)
<kickinz1> rbasak, I'm blocked...
<rbasak> kickinz1: OK. What's up?
<kickinz1> I don't have a good process for debuild...
<kickinz1> http://paste.ubuntu.com/7856653/
<kickinz1> sorry in french
<kickinz1> too much dch -i think... (ubuntu4)
<rharper> jamespage: swichted to etckeeper;  grab-merge looks good, one conflict it couldn't merge, README file,  kept the .UBUNTU version of the file;  the REPORT says to run: dpkg-genchanges -S -v1.11ubuntu1 -- when I do, it complains that it can't find ../etckeeper_1.12ubuntu1.dsc -- as that's not there;  what's the right next step then ?
<rbasak> kickinz1: looks like your quilt patches aren't applying cleanly.
<rbasak> kickinz1: before you build the package, "quilt pop -a" and "quilt push -a" should work without errors.
<rbasak> Also with no fuzz, but that doesn't seem to be the problem here.
<rbasak> rharper: "debuild -S -nc -S -sa -v1.11ubuntu1" or similar
<kickinz1> ok, right now I've done quilt new upstart.patch, quilt shell , mod, then 'exit', quilt refresh debuild -S, not ok?
<kickinz1> ok auilt pop -a & push -a working...
<rbasak> I think the problem is that grab-merge gives you an unpacked tree with patches applied, but no .pc directory, so quilt is lost from that point.
<kickinz1> rbasak, I didn't used grab-merge....
<rbasak> Oh, OK.
<rbasak> kickinz1: does "quilt pop -a" and "quilt push -a" work correctly in your source tree?
<kickinz1> just pull-lp-source, and pull-debian-source
<rbasak> I'm not familiar with quilt shell.
<kickinz1> rbasak: yes seems so, pop -a removes patch, push -a apply it
<rbasak> kickinz1: oh.
<rbasak> kickinz1: sorry I didn't notice before.
<rbasak> We don't use quilt for the debian/ directory.
<rharper> rbanffy: ok -- I guess I missed the step where I should have built it before running that genchange
<kickinz1> I use debuild -S -uc -us, not ok?
<kickinz1> ok so I pop  the patch
<rbasak> Instead of using quilt, change what you need in debian/ directly.
<kickinz1> ok
<rbasak> I'm not sure if that's related to your problem or not.
<kickinz1> so I restart.
<kickinz1> I take the control directly from old ubuntu package, or I merge both of them?, newer entries only?
<kickinz1> rbask ^^
<rbasak> kickinz1: the debian/control file?
<rbasak> kickinz1: you need to take the Debian one, and re-apply the logical changes that still need to remain in the Ubuntu delta.
<kickinz1> no was thinking of changelog, sorry
<rbasak> Oh
<rbasak> There's a tool to merge the changelogs
<rbasak> dpkg-mergechangelogs
<kickinz1> dch ?
<kickinz1> ok
<rbasak> It does a 3-way merge.
<kickinz1> ok
<rbasak> Give it the Debian version before the last merge, the latest Debian version, and the latest Ubuntu version.
<rbasak> Then from the generated changelog, add a new changelog entry on top using dch.
<rbasak> grab-merge/merge-o-matic does this automatically, but you have to do it by hand if doing the merge by hand.
<kickinz1> ok
<kickinz1> I can't get original debian 1.2.7-1
<kickinz1> ok got it
<kickinz1> forgot "1:"
<rharper> rbasak: I'm trying to generate the debdiffs,  the guide asks for one between the debian version and the one I've modified;  I've built the package, so I have my updated deb, where do I get the debian version deb to feed to debdiff ?
<rbasak> rharper: how did you get the other sources? You're looking for .dsc files.
<rbasak> rharper: "pull-debian-source -d <package> <version>" can be used to download Debian source packages.
<rharper> rbasak: right, I have .dsc files ...
<rbasak> rharper: run debdiff against .dsc files
<rharper> bah, my fault;
<rharper> that worked
<rharper> missed a redirection for the output
<kickinz1> rbasak: I'll send you the debdiff?
<rbasak> kickinz1: you can, but I have to run to a mysql call now. You can hold on to it until next week, or file a merge request bug if you like.
<rbasak> kickinz1: https://wiki.ubuntu.com/UbuntuDevelopment/Merging#File_a_merge_bug
<kickinz1> ok np.
<kickinz1> thx
<rbasak> I need to run now. I hope the session was useful!
<kickinz1> yes, thx again
<paco1> hi folks!
<kickinz1> o/
<paco1> i have an issue with isc-dhcp-server on 14.04 lts. It doens't start at boot start. I need to start manualy the service to work.
<paco1> do you know this issue? thanks!
<jamespage> rharper, ../merge-debuild
<smoser> someone able to tell me what i'm doing wrong:
<smoser> http://paste.ubuntu.com/7857020/
<smoser> i'm sure i'm doing something stupid.
<cfhowlett> !ubuntu+1|smoser utopic is supported in the other channel
<ubottu> smoser utopic is supported in the other channel: Utopic Unicorn is the codename for Ubuntu 14.10 - Support only in #ubuntu+1
<smoser> cfhowlett, not really. this is a development channel too.
<beisner> ha!
<rharper> jamespage: thanks!
<smoser> rbasak, i know you're not here, but see http://paste.ubuntu.com/7857020/ for my failure.
<rharper> jamespage: should I file the merge bug now, or maybe share the two debdiffs with you first ? (I'm looking at etckeeper now)
<jamespage> just ping me the debdiffs
<rharper> k
<hallyn> smoser: sorry i've not yet used adt with lxc.  pitti and stgraber are probably your best bet
<rharper> jamespage: debian_1.12_to_1.12ubuntu1.debdiff -> http://paste.ubuntu.com/7857095/  ; ubuntu_1.11ubuntu1_to_ubuntu_1.12ubuntu1.debdiff -> http://paste.ubuntu.com/7857097/
<jamespage> rharper, so....
<jamespage> when merging I normally start with the previous merge changelog and figure out which bits can be dropped, if any
<jamespage> the changelog should detail what the delta is and why its required, so that the next merger can read that and re-check
<xibalba> hey folks, i'm trying to remember the name of a linux app that would generator a sequenece of letters for oyu based on some parameters you provide to it
<xibalba> like all a00 - a99
<xibalba> crunch!
<jamespage> zul, can you take a look at https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1219658 ?
<uvirtbot> Launchpad bug 1219658 in nova "Wrong image size using rbd backend for libvirt" [Undecided,In progress]
<jamespage> I'm nearly eod and can't face it right now
<jamespage> :-)
<zul> jamespage:  can't face it? ;)
<jamespage> zul, its hot and I need a beer
<zul> jamespage:  you need air conditioning
<zul> then you can have a beer and look at the bug
<jamespage> zul, not worth it for the 2 weeks of hot weather we get a year
<zul> jamespage:  its totally worth it for us
<jamespage> zul, is a sponsorshup request
<zul> jamespage:  ack
<zul> jamespage:  uploaded that already hasnt been acked by the SRU team
<jamespage> zul, ah - OK
<zul> jamespage:  just put a little more meat on it...go enjoy your beer
<jamespage> ta
<rharper> jamespage: I take it those debdiffs are too big then?
<tsrk> Does ufw by default limit the number of connections in some way? It looks like it based on this iptables rule: -A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
<RoyK> jamespage: where?
<tsrk> But I'm no iptables expert (hence me using ufw) so I don't really know what's going on
<RoyK> tsrk: that just limits logging
<tsrk> RoyK: Oh ok, that makes more sense, thanks!
<RoyK> tsrk: so that ufw doesn't flood the logs in case someone (or a lot) nmaps you :P
<tsrk> RoyK: Makes sense, thank you!
<jdstrand> tsrk: it will limit logging (controllable via ufw logging). you can use the 'limit' command in place of 'allow' to have rudimentary limiting (see man ufw for details)
<RoyK> it'd be nice to get ULOG support in ufw...
<tsrk> All I've done on a server is "ufw default reject; ufw allow 22; ufw allow 443; ufw enable". There shouldn't be any reason that ufw is restricting some incoming ssh connections is there? I'm intermittently seeing SSH connections be rejected, but it might be a network issue.
<jdstrand> unfortunatelthere is no ULOG support for ipv6
<jdstrand> and they won't add it cause all effort is on nftables
<jdstrand> tsrk: that shouldn't block ssh. you could try sudo /usr/share/ufw/check-requirements if you are running a non-ubuntu kernel
<jdstrand> if anything fails, then need to update the kernel configuration for it
<tsrk> jdstrand: I'm running a Linode kernel, so I ran those tests but they all passed
<jdstrand> ok, well, that is good :)
<jdstrand> maybe there is something you need to do with security groups or something to make sure that traffic passes
<jdstrand> but if you disable ufw and can login, that wouldn't be it
<RoyK> tsrk: never seen ufw drop ssh traffic, really
<jdstrand> if it is, you should see something in /var/log/ufw.log
<smoser> hallyn, https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1348749
<uvirtbot> Launchpad bug 1348749 in autopkgtest "autopkgtest fails sometimes with adt-virt-lxc" [Undecided,New]
<hallyn> smoser: any useful logs under /var/log/lxc ?
<smoser> hallyn, no.
<smoser> i really think i'ms eeing overlayfs race :-(
<hallyn> smoser: very possible.  Can you do it without --ephemeral?
<hallyn> or is that baked into adt?
<smoser> i pass '--ephemeral'
<hallyn> right, and what happens if you don't
<bitfury> !info bind9
<ubottu> bind9 (source: bind9): Internet Domain Name Server. In component main, is optional. Version 1:9.9.5.dfsg-3 (trusty), package size 273 kB, installed size 931 kB
<lordievader> Good evening.
<RoyK> any idea how to mount partition 1 in this thing? Can't figure out the correct losetup -o data... http://paste.ubuntu.com/7858237/
<smoser> RoyK, i might try mount-image-callback
<smoser> but if you want to try with '--offset'
<smoser> you should :
<smoser>  sfdisk -uS -l Windows.iso
<smoser> sectors.
<smoser> then, whatever it puts in that start is *512
<RoyK> what is mount-image-callback?
<smoser> from cloud-utils.
<smoser> mount-image-callback Windows.iso /bin/bash
<smoser> err.. with sudo
<smoser> then
<smoser> echo $MOUNTPOINT
<smoser> do whatever you want, exit and it will tear down.
<smoser> or:
<smoser>  mount-image-callback Windows.iso -- tar -C _MOUNTPOINT_ -cvzf contents.tar.gz
<samba35> i am facing proble with 2 nic on 12.04 and 14.04.1 when i install two nic with dhcp internet become very slow ,but if i disble 1 card then it work as expect what could be aproblem
<RoyK> samba35: both NICs on the same subnet?
<samba35> no
<samba35> it should be on same sabnet ?
<RoyK> no
<RoyK> both using dhcp?
<samba35> yes
<RoyK> pastebin "ip addr list", please, when both NICs are connected
<samba35> ok later /may be today its 1 am in india now i am planning to go to bed now
<samba35> sorry ,i have line up some download and update with 1 nic
<samba35> i will get back to you today only later
<RoyK> it's rather hard to help you debugging something when you can't give us data ;)
<RoyK> anyway
<samba35> yes true but its night  here i have open chassic and connect card then other member @home will should @me
<RoyK> if both NICs are on dhcp, the dhcp servers may give you default route on both nics, which may mess things up a bit
<TJ-> samba35: both interfaces are in the same subnet?
<samba35> please ..understand ,if you are married i hope you undersrand
<samba35> no
<TJ-> samba35: maybe the wrong interface is the default route?
<RoyK> anyway - with two default gateways, if that's what you end up with, it'll be a mess
<TJ-> samba35: If interface A is supposed to route to the internet, but starts before interface B, then A's default route will be replaced by one from B if DHCP is handing out a gateway
<samba35> i was trying to setup openvswitch with 1 card and 1 card for standalone system
<RoyK> if you want something like load balancing or failover, go to http://www.lartc.org/
<samba35> ok ,royk ,tj i will get back to you today later ,if 1 am here in india
<RoyK> ok
<RoyK> nite ;)
<samba35> sorry ...
<RoyK> np
<samba35> if you are married you will better understand :)
<RoyK> I'm not, but I have been living with partners, so I know, even though I don't have children
<samba35> again sorry RoyK
<samba35> again sorry TJ-
<samba35> bye
<Stern> Any idea where to find the MD5 sum of the Ubuntu Server 14.04.1 release? Or any Ubuntu 14.04.1 release for that matter?
<TJ-> Stern: http://releases.ubuntu.com/trusty/
<Stern> Thanks
<Stern> Integrity check of USB stick seems to fail. Just want to be sure the download is ok.
<Stern> Download is ok. Second USB stick has the same problem.
<jeffreylevesque> I have a windows machine.  I want to do dual boot (Ubuntu server 14.04).  I messed up the first time.  So, I'm wiping out the entire disk.  Might as well do things properly now.  Should I set up two disks?
#ubuntu-server 2014-07-26
<zartoosh> HI I have mirrored ubuntu 14.04 trusty (main, universe,restricted, multiverse) locally. In my server sources.list I see: trusty-update and security what are those repos? thx
<zartoosh> and where I can find them to mirror?
<zartoosh> never mind I find them thanks
<lordievader> Good morning.
<blaaa> I have noticed a lot of available apparmor profiles are incomplete, currently I am looking at restricting managesieve
<blaaa> unfortunately the profiling scripts for 14.04 are not working, so I need to do a lot manually
<blaaa> the thing which I had never done is allow&restict a service to  create/use a socket, in the case of managesieve that is on port 4190
<blaaa> should I just allow all inet stuff?
<samba35> RoyK,hi
<samba35> the problem which we discuss yeterday is fix ,there was a  problem with nic
<RoyK> samba35: ah
<DevDaemon> Hi Team, I am using ubuntu dekstop 12.04. Every thing is working fine but samba works in a sluggish way.
<ikonia> then why are you not asking in #ubuntu
<ikonia> instead of #ubuntu-server
<samba35> hi
<DevDaemon> fine, thanks
<jrwren_> i'll bet since it is samba, they send him back here :]
<samba35> i am faceing another problem with newly installed lt 14.04.1 ,i download iso and from 12.04 i use usb bootable and installed on new system but after installing system i have to keep usb on drive to boot i can boot if i remove usb stick , so how do i fix this issuse ?
<cfhowlett> samba35 boot computer, change bios so your start from HDD, not USB
<samba35> yes ,if i tryed to but even boot pri 1st to hdd it fail then it try to boot from network
<TJ-> samba35: sounds as if then installation but the boot-loader on the USB, not the hard-disk
<samba35> hi TJ- , strange but how do i fix this issuse
<cfhowlett> !grub2|samba35 boot the USB and install grub2 to the HDD
<ubottu> samba35 boot the USB and install grub2 to the HDD: GRUB2 is the default Ubuntu boot manager. Lost GRUB after installing Windows? See https://help.ubuntu.com/community/RestoreGrub - For more information and troubleshooting for GRUB2 please refer to https://help.ubuntu.com/community/Grub2
<samba35> thank , i am looking at
<samba35> brb
<samba35> rebooting but it give error grub-install: warning: File system `ext2' doesn't support embedding.   _____next line grub-install: warning: Embedding is not possible.  GRUB can only be installed in this setup by using blocklists.  However, blocklists are UNRELIABLE and their use is discouraged.. ____grub-install: error: will not proceed with blocklists.
<saizai> Any ETA on when http://changelogs.ubuntu.com/meta-release-lts will get updated for 14.04.1?
<sai> Hi, I am using https://github.com/ignited/laravel-pdf. However, I am getting error that says "Permission Denied". I am using ubuntu server
<Pinkamena_D> Hey guys, having quite the issue today. I did a do-release-upgrade from 11 to 12.04 and now my server cant boot  with the 'gave up waiting for root device' error
<Pinkamena_D> any suggestions to try first?
<ikonia> look at what device it's starting to boot from
<ikonia> that would be a good starter
<Pinkamena_D> it uses UUID by default which means next to nothing to me
<Pinkamena_D> I know it was a /dev/sda device
<Pinkamena_D> so I tried putting the three there which I found in a list from the liveCD boot, but they all failed too
<WACOMalt> Hey folks. I have an old outdated server, which unforunately is use for quite a few things (web host with EHCP, bittorrent sync box, ZNC bouncer, seedbox). It is running 10.04. I need to upgrade, preferably without breaking anything...
<WACOMalt> What do you think the chance is that after a release upgrade that everything would work?
<Pinkamena_D> seemingly not good from what just happened to me, but other people are likely more knowledgeable then I am.
<ikonia> Pinkamena_D: so looking at what that UUID is would be a start
<WACOMalt> what happened in your case Pinkamena_D ?
<WACOMalt> oh sorry, I see
<Pinkamena_D> wont boot past initramfs
<ikonia> WACOMalt: it depends on a lot of things
<ikonia> Pinkamena_D: I've old you what to check
<ikonia> WACOMalt: do you have any PPA's or 3rd party repos ?
<WACOMalt> very likely yes
<Pinkamena_D> very well, I am not used to looking by UUID, how can I get to a non-busybox terminal from the liveCD?
<ikonia> WACOMalt: have you checked the software you are using exiss has an upgrade in 12.04
<ikonia> WACOMalt: then I think you will hit problems
<ikonia> Pinkamena_D: check it within busybox
<ikonia> Pinkamena_D: or boot from live media
<WACOMalt> looks like EHCP has support for 14.04, but I dont know if there's an upgrade path
<WACOMalt> I'm about to tell my partner to pull his stuff off and I'll start fresh
<ikonia> you're not going to go from 10.04 -> 14.04
<Pinkamena_D> live cd boots to gui setup, then alt+F1,2,3,4 goes to busybox. Busybox in the server from grub does not show and hard drives in /dev
<Pinkamena_D> any*
<ikonia> LongCatTH: why ar eyou doing alt+f1 ?
<ikonia> oopps
<ikonia> Pinkamena_D: why ar eyou doing alt+f1 ?
<Pinkamena_D> because the server disk does not have a simple "drop to terminal" option
<ikonia> Pinkamena_D: you just said it boots to a gui
<Pinkamena_D> gui setup
<ikonia> gui setup ???
<ikonia> what gui setup
<Pinkamena_D> the "resque system" option is also a setup, which I dont understand
<ikonia> Pinkamena_D: if you don't know how to use the rescue shell - then you're probably out of your league
<Pinkamena_D> not "gui" I guess, nots like ncurses, but you know what I mean
<ikonia> Pinkamena_D: a.) use a desktop install going forward b.) boot a desktop CD - backup your data c.) re-install with the version you want
<Pinkamena_D> when I choose "resque system" I get a "gui" setup step by step thing
<Pinkamena_D> I WANT a shell
<ikonia> Pinkamena_D: so go through the rescue setup
<Pinkamena_D> I feel like that would erase most of the settings I have
<ikonia> why do you feel that - it's live media
<Pinkamena_D> its asking me to choose a partition
<ikonia> it's not doing anything on your system
<ikonia> yes, to launch a rescue shell in
<Pinkamena_D> I will reboot and try to go further
<jeffreylevesque_> Trying to install ubuntu server 14.04 do i select "Install", or "Install Ubuntu Server".  Which do i select?
<miceiken> how do you scroll in screens?
<RoyK> ctrl+a and then ctrl+u or ctrl+d
<RoyK> miceiken: sorry - ctrl+a - <esc> - and then ctrl+u/ctrl+d
<MrQuist> Hiya guys, terrible noob question here - my ISP has blocked outgoing port 25. (very usefull). i need to port forward my mailserver. Its currently listening on port 25, but can i make a "tunnel" from 225 to 25, whilst keeping 25 alive? This way i can use 225 from home and the rest of the world can just use 25.
<Jeffrey_f> rsyslog question?  How to force past events, prior to setting up rsyslog?
<Jeffrey_f> can someone answer an rsyslog question?
<qman> MrQuist: you cannot host a public mail server without bidirectional port 25. You can submit mail to a mail server on the internet using an alternate port, like 587 which is specifically meant for mail submission.
<MrQuist> qman, im not disabling port 25
<MrQuist> i mean, locally, my own private home use ISP blocks port 25
<MrQuist> my server has a working port 25
<MrQuist> ofcourse
<MrQuist> its bonkers to block port 25
<MrQuist> but OK
<qman> That prevents the possibility of hosting a public mail server.
<MrQuist> so on my server i redirect port 225 to 25
<MrQuist> and 25 will still work ofcourse
<qman> And no, it isn't, that's common practice to prevent spambots
<MrQuist> qman, indeed.
<MrQuist> and i think its bonkers
<MrQuist> i connect to my mail server using port 25.
<qman> If you want to host mail, you have to pay for a business account where it isn't blocked
<MrQuist> I not can't. I think its bonkers. At least let me have an option to disable the blocking
<MrQuist> im paying for internet
<MrQuist> im not paying for certain ports on the internet :P
<qman> Actually you are, should read your contract
<MrQuist> yes, it states they block certain ports to prevent bots / spam / all kinds of crap
<MrQuist> but
<MrQuist> *wait for it*
<MrQuist> i think its bonkers
<qman> 25 is meant for server to server mail delivery, 587 is meant for mail submission by clients
<MrQuist> meh
<qman> Hosting a mail server isn't normal end user activity, so its blocked on residential accounts to prevent abuse
<MrQuist> Okay
<qman> Your isp should offer a plan where it isn't, usually for more money and with other benefits like static ips
<MrQuist> i have a static IP
<MrQuist> but its just annoying
<MrQuist> its the only ISP in the netherlands that blocks port 25.
<qman> ISPs also usually block netbios and SMB for similar reasons
<MrQuist> i get it that they block _incoming_ port 25 stuff
<MrQuist> its just crappy
<MrQuist> as i use port 25 for MSA
<MrQuist> instead of 587
<qman> Outgoing is the problem, not incoming
<qman> People pick up viruses and become spambots, unknowingly
<MrQuist> you mean they have a service running connecting to PCÅ around the world on port 25 and spamming them with HELO i got dem messages
<qman> So they set a bar where you should know better or are at least financially committed to know better, before unblocking it
<MrQuist> My thunderbird uses port 225 now.
<MrQuist> It works
<MrQuist> iptables -t nat -A PREROUTING -p tcp --dport 225 -j REDIRECT --to-port 25
<MrQuist> on my mailserver
<qman> No, PCs around the world get infected, then connect to public mail servers on 25, sending spam
<MrQuist> thats what i said right
<MrQuist> nevermind i used the word PC instead of server
<qman> That's why outgoing 25 is blocked, they don't want your pc connecting to public mail servers on 25
<qman> Public mail services normally accept client mail (thunderbird) on 587
<qman> The reason for this is, 25 is usually anonymous, while 587 usually requires a login
<qman> You can use any port you want for mail submission (587) as long as your clients know what it is, but for public mail delivery, only 25 will work because that's the standard and what everyone else uses
<Jeffrey_f> I have rsyslog running to a syslog server, setup today.  I want previous logs (syslog.1 for example) to get into the server too.........How can I do that?
#ubuntu-server 2014-07-27
<pmatulis> scp?
<rww> Anyone know why http://www.ubuntu.com/download/server only offers 64-bit when there's a 32-bit version of Ubuntu Server?
<jakesyl> hello i want to have an ssh server with multiple users, who have different keys that give them a different level of access on the server
<arrrghhh> sarnold, hello.  You responded to my question so I'm picking on you :)
<arrrghhh> is 14.04.1 released?  I see the .ISO's available for download, but I can't seem to update still?
<Nivex> arrrghhh: I was just going to ask about that too.
<Nivex> do-release-upgrade polls this file  http://changelogs.ubuntu.com/meta-release-lts
<Nivex> not sure why it isn't updated yet
<arrrghhh> oic
<arrrghhh> I mean I could just -d it, but I'm not sure how that would work since I'm on 12.04
<Nivex> I -d'd a test vm some time ago and it was OK, but it's a much more limited package set.
<arrrghhh> ya I should probably build a vm for staging.  all I have is the one -server
<arrrghhh> Nivex, so I've only had to go from lts-to-lts once before... do we just wait until that file is updated?  haha
<Nivex> I wish I knew. It's been 3 days since release. This situation is kind of unusual.
<cfhowlett> Nivex I tested earlier today: sudo apt-get do-release-upgrade -p               worked
<arrrghhh> -p?
<Nivex> proposed
<arrrghhh> oh
<arrrghhh> cfhowlett, we could just do "sudo do-release-upgrade -d", but that's not really a proper solution
<cfhowlett> arrrghhh -d would pull 14.10 if I'm not mistaken.  but you're correct - this aint' working as advertised
<arrrghhh> oh you're probably right, .10 is now "out" haha
<Nivex> -c -d shows 14.04
<Nivex> as does -c -p
<Nivex> so either will work
<arrrghhh> ok
<Kheeper> Hello everyone. Can someone help me with pptp configuration ... I can't get it work on server
<arrrghhh> Nivex, think I should make a bug report on launchpad?  I don't see anything similar for 14.04.1 already on the LP
<Nivex> I've had less than stellar luck with timely responses on launchpad. I think we might have to wait until folk come back into the office on Monday and inquire then.
<arrrghhh> ah ok.  Just wasn't sure what the "best" method was to alert the ubuntu-server team
<Nivex> arrrghhh: I think this about covers it https://www.youtube.com/watch?v=y0Y7ScfaVHs :)
<kaop1> Anyone using external media for /boot and /boot/efi?
<Zunair> hello all!  i need some help :D... any one used OpenOlat? ... i m stuck at tomcat... it says its 'tomcat is started' but i dont see it in netstat... ubuntu server x86 on virtualbox with bridge adapter
#ubuntu-server 2015-07-20
<lordievader> Good morning.
<rbasak> jamespage: bug 1475910 looks like it would be relevant to you
<ubottu> bug 1475910 in ceph (Ubuntu) "package ceph 0.94.1-0ubuntu1 failed to install/upgrade: trying to overwrite '/usr/share/man/man8/ceph-deploy.8.gz', which is also in package ceph-deploy 1.5.20-0ubuntu1" [Undecided,New] https://launchpad.net/bugs/1475910
<uvirtbot> Launchpad bug 1475910 in ceph "package ceph 0.94.1-0ubuntu1 failed to install/upgrade: trying to overwrite '/usr/share/man/man8/ceph-deploy.8.gz', which is also in package ceph-deploy 1.5.20-0ubuntu1" [Undecided,New] https://launchpad.net/bugs/1475910
<uvirtbot> Launchpad bug 1475910 in ceph "package ceph 0.94.1-0ubuntu1 failed to install/upgrade: trying to overwrite '/usr/share/man/man8/ceph-deploy.8.gz', which is also in package ceph-deploy 1.5.20-0ubuntu1" [Undecided,New]
<rbasak> Argh. Now we have two bots?
<jamespage> rbasak, yuck
<Daviey> testing bug 1475992
<ubottu> bug 1475992 in bind9 (Ubuntu) "Sync bind9 1:9.9.5.dfsg-10 (main) from Debian unstable (main)" [Wishlist,Fix released] https://launchpad.net/bugs/1475992
<Daviey> rbasak / jamespage: fix0rd
<uvirtbot> Launchpad bug 1475992 in bind9 "Sync bind9 1:9.9.5.dfsg-10 (main) from Debian unstable (main)" [Wishlist,Fix released] https://launchpad.net/bugs/1475992
<uvirtbot> Launchpad bug 1475992 in bind9 "Sync bind9 1:9.9.5.dfsg-10 (main) from Debian unstable (main)" [Wishlist,Fix released]
<Daviey> Damn.
<rbasak> Daviey: thanks
<whollyjordan_> I'm learning the basics of running a linux server (ubuntu.) I want to get feedback on whether it would be considered irresponsible of me to setup and manage websites on a linode.com VPS? No email server. Just a web server. I have a tech background but not in servers. No idea if this is considered a big no no or not for beginners?
<fcefan> whollyjordan_: "Just a webserver" is not that easy. You need to choose the webserver (Apache, Lighttpd, Nginx) and configure it accordingly for HTTPS, PHP and the like
<mojtaba> Does anybody know how can I print specific emails from command line? (and also check for new emails all the time?) basically I have a gmail account and I want to be able to print automatically all receiving emails with specific subject.
<jerto> mojtaba: I don't see how your question is related to ubuntu server
<ogra_> jerto, it is a printserver :)
<jerto> ogra_: I don't know anything about print servers ;-). I guess it's a simple Cron task to set up though.
<ogra_> :)
<obi12341> hello ppl, is there any reason why there is only unbound 1.4.22 in the repos and no 1.5?
<teward> anyone know what the minimum specs are to run a Landscape Dedicated Server (personal license)
<Luke> I'm trying to run "systemd --user" commands but everything fails because the user dbus isn't running. Is this correct or should there be a dbus already running for the user?
<Luke> what's the proper way to start the dbus user instance?
<mrtee> my server has two network cards and i assigned openvpn to the secondary one. How can i see what itâs outside ip address is?
<enleeten> /sbin/ifconfig
<enleeten> or if you're behind a nat, google for whats my ip address
<mrtee> i am behind a natâ¦ i tried curl ifconfig.co but it only shows me the one of my primary interface
<enleeten> you could try using links2
<enleeten> cli browser :)
<enleeten> I was thinking traceroute
<sarnold> mrtee: you can use curl --interface to select which local addrfess to use as a source
<mrtee> the syntax would be curl âinterface em1 ifconfig.co ???
<sarnold> --interface
<sarnold> and if you've configured your openvpn to use a tunnel, and you want to test the other peer's address, you'd use whatever tunnel you configured
<mrtee> i signed up for a VPN, all i did was download their config and then load openvpn with âlocal
<enleeten> if you're the client you don't need to know your external ip
<enleeten> unless they require it (e.g. for opening a port)
<mrtee> well itâs more out of couriosity really
<linuxgec1o> hey guys.  i tried this question in #ubuntu, and they seemed to think you guys would be better suited to help. I'm trying start a pxe install of ubuntu from a non-ubuntu pxe server. i have ubuntu iso's, and i have files in what i think are the right places.    but i get kernel panics on pxe boot. anyone able to help me get the files/options right to get a working install?
<Luke> Guys i think i've run into a ubuntu specific systemd error: http://askubuntu.com/questions/650665/how-to-use-systemd-user-instance
<Luke> my suspicion is that ubuntu isn't set up properly
<sarnold> Luke: please file a bug in launchpad if you  think you've found a bug
<sarnold> Luke: ubuntu-bug systemd   ought to do the  right thing
<Luke> sarnold: ok thank you
<Luke> i'm not 100% certain it's a bug yet. i'm not sure exactly what the proper behavior is. but gentoo, for example. does it differently
<Luke> i'm looking for confirmation it's a bug basically
<sarnold> Luke: systemd is new enough to us that there's probalby only a few people who could say, and the easiest way to get their feedback is a bug report ;) if it's a bug, they'll deal with it there, if it is n't a bug, hopefully they'll explain why before closing :)
<Luke> yeah
<Luke> ty
<Luke> doing it now
<Luke> sarnold: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1476364
<ubottu> Launchpad bug 1476364 in systemd (Ubuntu) "âsystemd --userâ instance can't find d-bus" [Undecided,New]
<sarnold> Luke: very nice
<Luke> sarnold: seems like a big oversight if it is a bug though... lots of people use user-level upstart for example and systemd is now default
<helo> should rescue mode on the server installer have bash?
<sarnold> probably
<sarnold> dash at a minimum
<jamespage> coreycb, congrats!
<coreycb> jamespage, thanks!
<helo> it apparently does not have dash or bash
<helo> or fsck -.-
<genii> Perhaps you're confusing grub prompt with rescue prompt
<helo> heh, no.
<helo> i'm familiar with the ncurses interface (from which i selected rescue mode without root)
<genii> The /bin/sh should point to dash, yes
<helo> sh may be dash, but there is no dash
<helo> oh well, i was just using the server installer as a bootable custom root installer
<helo> the live desktop works well enough
<FunnyLookinHat> Hey guys - what's the simplest way to get one of these images booted after applying cloud-localds to it?  http://cloud-images.ubuntu.com/trusty/current/
<Luke> FunnyLookinHat: hey man!
<Luke> haven't talked to you in like... 10 years
<YamakasY_> any knows if I can set LANG in puppet.conf ?
<FunnyLookinHat> Luke, yo!
<FunnyLookinHat> Sorry - doing like - a dozen things at once...
<FunnyLookinHat> lhoerste ?
<Tzunamii> YamakasY_: LC_ALL=<change me> LANG=<change me> service puppet start
<YamakasY_> Tzunamii: doesn't work
<YamakasY_> Tzunamii: I need to set it in the init.d file
<Tzunamii> YamakasY_: What did you substitute <change me> with?
<YamakasY_> en_US.UTF-8
<YamakasY_> Tzunamii: it's a known issue
<YamakasY_> Tzunamii: https://tickets.puppetlabs.com/browse/SERVER-779
<sarnold> ewww. gross.
<YamakasY_> sarnold: wazzup ?
<sarnold> hey YamakasY_ :)
<sarnold> YamakasY_: that's some ugly looking errors..
<YamakasY_> sarnold: yes and I already know it for months and everyone thought I was nuts
<YamakasY_> now you see this error popping up everywhere
<FunnyLookinHat> OK - So it looks like uvtool is the best way to test cloud images... but it seems to require root to do everything.
<FunnyLookinHat> And it's a big buggy - like it wouldn't attach my ssh keys correctly.
<YamakasY_> sarnold: and it seems I can only set the lang in /etc/init.d/puppet
<sarnold> FunnyLookinHat: I'd hope being in the libvirtd group would suffice
<sarnold> YamakasY_: yeah, the environment variable needs to be set before the program starts
<YamakasY_> sarnold: yap, so ALL doesn't do shit ?
<sarnold> YamakasY_: you may also have some success if you use locale-gen to create the locales that your system is missing
<YamakasY_> sarnold: yeah tried that, doesn't work out
<sarnold> dang
<YamakasY_> or did I need to restart puppet ?
<sarnold> no idea about LC_ALL
<FunnyLookinHat> sarnold, sudo usermod -a -G libvirtd funnylookinhat && uvt-kvm create test
<sarnold> YamakasY_: yeah, you would need to restart it
<FunnyLookinHat> That yields: uvt-kvm: error: libvirt: Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied
<YamakasY_> sarnold: you shitty person, why didn't you told me that earlier ? :P
<sarnold> FunnyLookinHat: you don't automatically get added to the group; use newgrp libvirtd to spawn a new shell with the new group
<sarnold> YamakasY_: lol :)
<YamakasY_> sarnold: ok, let's hug and share the feeling
<FunnyLookinHat> sarnold, ah duh - yes, thank you.
<YamakasY_> sarnold: you!
<YamakasY_> sarnold: ok fixed
<YamakasY_> but the gen and so on doesn't work
<sarnold> YamakasY_: I wonder why :/
<YamakasY_> sarnold: me also
<YamakasY_> I know my gender tho
<YamakasY_> gen/gender
<YamakasY_> sarnold: what about env in the puppet.conf ?
<sarnold> YamakasY_: that's unlikely to work; most programs try to initialize the locale immediately so error messages are properly localized
<sarnold> YamakasY_: maybe they added some support for it, but I would be surprised
<YamakasY_> sarnold: also the PATH is set in init.d for puppet
<YamakasY_> sarnold: this is weird, I remove LANG from environments and restart puppet and it still works :S
<sarnold> YamakasY_: how did you remove LANG from the environment, and how did you restart puppet?
<YamakasY_> sarnold: just removed the line and did a puppet restart
<sarnold> does puppet restart use the init script to restart puppet? or does it just re-exec puppet?
<YamakasY_> I just stopped and started it again.. testing now
<YamakasY_> sarnold: same, doing a reboot
<YamakasY_> sarnold: ok, than it happens again
<YamakasY_> where does export place the export ?
<sarnold> YamakasY_: 'export' in the current shell? or in an init.d script?
<YamakasY_> sarnold: no it's temp in current sheel
<YamakasY_> shell
<YamakasY_> shall I puppetize it or not ?
<sarnold> YamakasY_: then it gets set into the envirnment of the processes spawned by that shell
<YamakasY_> yap
<YamakasY_> ok, so option... puppetize it I think ?
<sarnold> .. do you mean, try to write a puppet recipe to fix the /etc/init.d/puppet on all your systems to set them to e.g. LANG=C?
<YamakasY_> sarnold: yes but than in /etc/environment
<YamakasY_> I think that is most wise
<YamakasY_> most if UTF-8
<sarnold> YamakasY_: /etc/environment is only used by PAM services with pam_env -- it shouldn't have any effect on services started via sysvinit scripts
<YamakasY_> sarnold: I restart puppet after it ;)
<YamakasY_> sarnold: oh btw it does
<YamakasY_> for puppet
<sarnold> it does? that's odd.
<YamakasY_> is it ?
<h0mer_> Hopefully im in the right place, but is this the right channel to ask questions about openstack/ubuntu/landscape?
<h0mer_> i guess not
#ubuntu-server 2015-07-21
<sarnold> h0mer_: sure, it's just after the end of day for most of europe and america..
<h0mer_> I understand that.  I just figured people would be able to help after as well.  I guess I'll try again tomorrow
<sarnold> folks come and go, you might as well ask now, and see if anyone who's around now knows
<h0mer_> understood
<h0mer_> Alright so I'm trying to install the cannonical openstack/ubuntu distribution using the Maas/Landscape/openstack instructions on the Ubuntu website.  Problem is, I can't seem to get the networking to work correctly.  I have two networks (192.168.20.x and 192.168.30.x), the first one has DHCP enabled and the second one doesn't
<h0mer_> Problem is when I install everything (landscape/openstack), it seems like the metadata service doesn't start up correctly and connect ping out to the internet
<h0mer_> I'm not sure how to start debugging this.  So I was wondering if anyone had any tips?
<h0mer_> And just as a side note, anytime I start up a VM instance in the Ubuntu Openstack dashboard, I get an issue on the VM startup where the networking config says something to the effect of "waiting 120 seconds for network config"  Could anyone point me in the right direction to start debugging this issue?
<sarnold> h0mer_: that second network.. is that for second NICs in all the systems? or is that for guests?
<h0mer_> for the second nics in all the systems.  (which would be for the guest vm's subsequently)
<h0mer_> the first nic is connected to the .20 network and the second nic is connected to the .30 network
<sarnold> aha
<sarnold> does keystone catalog show you anything useful?
<h0mer_> nope
<h0mer_> juju debug shows nothing either
<h0mer_> just out of curiousity, should the second netowkr (the .30 network on which all the vm's get their IP's from) have DHCP setup in MAAS?  Should Maas be managing the DHCP/DNS for that network as well?
<sarnold> I don't think so, I think maas should only know about the physical machines
<h0mer_> Right, but in the Maas network web page it shows both networks and I set up maas to only manage the first one (192.168.20.x) which seems to work fine as Openstack thinks it's the internal management network.  The second network is also listed in the Maas network's page, but is not managed by Maas, but is used as the ip allocations for the guest VM's in openstack
<h0mer_> i can ping the VM's, but I cannot log into the machines using putty because the meta data service cannot seem to ping out to the internet.  I'm thinking it's because the JUJU instance on the machine where nova is installed doesn't have both ETH0 and ETH1 set up correctly?
<sarnold> h0mer_: I _think_ guest addresses ought to be managed via neutron?
<h0mer_> yea thats why I didn't let Maas manage the .30 network
<h0mer_> figured it would be setup by neutron (DHCP)
<h0mer_> and I set it to use the gateway 192.168.30.1 (which can ping out to the internet)
<sarnold> .. in the sense that e.g. every individual tenant ought to be able to have their own e.g. 192.168.1.1 ...
<sarnold> gah. just when I thought I was starting to get the hang of all these pieces. :/
<h0mer_> problem is the first machine that the Landscape installer bootstraps JUJU onto has two NIC's, but if I juju ssh into that node and do a "ifconfig" I don't see the set up for the second NIC, only one network is setup
<h0mer_> iface eth1 inet dhcp  # Primary interface (defining the default route) iface eth0 inet manual  # Bridge to use for LXC/KVM containers auto juju-br0 iface juju-br0 inet dhcp     bridge_ports eth0
<h0mer_> crap that didn't come out the way I wanted it to
<h0mer_> guess I can't just copy paste from the terminal
<h0mer_> just let me know if you get any ideas.  I'll be chilling here trying to debug this.  Thanks for your help btw.
<sarnold> h0mer_: there's also a #maas and a #juju that might be helpful, but I don't know which would be a better fit..
<h0mer_> cool let me go check those out.  THanks.
<jak2000> hi all, exist a ubuntu server 32 bits?
<sarnold> jak2000: see e.g. http://www.ubuntu.com/download/alternative-downloads
<jak2000> thanks
<Abhijit> Hi.
<Abhijit> I have setup postfix only. I have not setup dovecot yet. will do that later. right now I can send email from my ubuntu 15.04 postfix to my real gmail and it works. however when I send email from my real gmail to this ubuntu postfox i do not get it in postfix. gmail do not give any send error. my domain is test.com its TX mail.test.com points to mailtest.cloupapp.net and in that i have this ubunt postfix
<Abhijit> how to troubleshoot this?
<sarnold> check your logs?
<sarnold> make sure you can connect to your mail server from other machines off your network?
<sarnold> can you send mail to your system by hand?
<Abhijit> its not in my LAN. its on azure.
<Abhijit> hence I used gmail to send email. which is not working.
<sarnold> does azure have anything like amazon's security groups? do you need to open network ports?
<Abhijit> I will check that.
<Abhijit> sarnold, so on godaddy in my test.com dns settingsn i only changex mail @ record to mailtest.cloudapp.net. which is a azure ubuntu vps. thats all I need for it to work right?
<Abhijit> dig shows that MX record for test.com is mailtest.cloudapp.net
<Abhijit> priority as 0
<sarnold> Abhijit: one thing at a time.. can you nc to your MX and send mail by hand?
<Abhijit> I dont know what is nc. My postfix can send email to my gmail.
<sarnold> Abhijit: nc is netcat; it's like telnet, but doesn't try to interpret the data the same way telnet does
<sarnold> Abhijit: that's sending; you're trying to troubleshoot receiving, right?
<Abhijit> right.
<sarnold> Abhijit: so nc mailtest.cloupapp.net 25 and try to send an email by hand
<Abhijit> trying...
<Abhijit> NCat Connection Timed out.
<Abhijit> sarnold, ^
<sarnold> hey, there we go :) connection timed out usually means that there's a firewall DROPping packets, rather than REJECTing or ACCEPTing packets
<sarnold> Abhijit: so, you've got to figure out if it's a firewall on the host, or a firewall run by azure, that's blocking your packets
<Abhijit> ok. I will talk to my azure sysadmin regarding this.
<Abhijit> sarnold, sure. Thanks for help.
<sarnold> amazon calls them security groups (stupid name, I know..) -- hopefully azure's docs will help you find the similar thing with the name..
<sarnold> have fun Abhijit :)
<Abhijit> yeah.
<neonixcoder> Hi team, I am trying to upgrade my machine with do-release-upgrade -f DistUpgradeViewNonInteractive, I am curious to know what other arguments I can pass with -f option?
<neonixcoder> When search online some other day I see many arguments with -f, but unable to find it now..
<neonixcoder> Any thoughts on this?
<lordievader> Good morning.
<ObrienDave> waves
<killall> Hello my /etc/hosts freaks out when i insert some ips
<killall> 17X.221.34.139 my.domain.com
<killall> and
<killall> #17x.221.34.171 my.domain.com does not work
<ewook> 17X.221.34.139 isn't an ip.
<killall> yes i now the X is a number ;)
<ewook> and #something is a comment.
<killall> but the weird is some ips work and others dont
<ewook> what are you editing with?
<killall> ewook, ok
<killall> 176.221.34.171  www.domain.pt domain.pt
<killall> this one does not work
<ewook> IP_address canonical_hostname [aliases...]
<ewook> 192.168.1.10    foo.mydomain.org       foo
<ewook> do a man hosts
<ewook> and look at the examples. your IP www.domain.pt domain.pt is not correct.
<killall> ewook,  why does the  "176.221.34.171  www.domain.pt domain.pt" does not work and " 176.221.34.139  www.domain.pt domain.pt" works
<ewook> first come first serve.
<ewook> would be my guess.
<killall> that is the only ip there
<killall> no more ocurrencys of it
<ewook> separate them into two lines.
<ewook> IP www.domain.pt
<ewook> IP domain.pt
<lamont> killall: how does it "freak out"?
<lamont> ewook: multiple names on the same line with one IP is just fine
<killall> lamont, ** server can't find domain.pt: NXDOMAIN
<ewook> lamont: second argument is supposed to be an alias.
<ewook> lamont: so yes, it should work- but duplicate aliases?
<lamont> NXDOMAIN never comes from /etc/hosts that I've ever seen, always from the DNS... what cmmand is telling you that?
<killall>  nslookup cnt.calmetric.pt
<killall> that is the domain i want to resolve
<lamont> nslookup (on linux, at least, last I looked) says 'please ignore /etc/hosts and query the DNS, kthx"
<lamont> and should never be confused with gethostbyname(3)
<killall> when it has in hosts the ip ending in 171 it hgives nxdomain but when it has the 139 ending ip it works nice
<lamont> strace the nslookup and see if it even opens /etc/hosts?
<jamespage> rbasak, hey - can you point me at the dpdk stuff again
<lamont> killall: that's... strange
<killall> lamont,  yes it is
<lamont> ** server can't find cnt.calmetric.pt: NXDOMAIN
<rbasak> jamespage: you mean the work in progress? https://launchpad.net/~smb/+archive/ubuntu/dpdk
<jamespage> rbasak, thanks
<jamespage> that's what I was after
<lamont> killall: nslookup on my 15.04 system never opens /etc/hosts
<killall> lamont, on mine either
 * lamont tends to use ping when he wants to see address resolution involving /etc/hosts
<lordievader> How about 'host domain.pt'?
<killall> but the strange is works with one ip and not with other, the same happens in firefox the one that nslookup resolvs opens ncie
<lamont> if it was me, I'd be looking at the differences in strace in the working and non-working cases
<killall> *nice
 * lamont has to run
<killall> Host cnt.calmetric.pt not found: 3(NXDOMAIN)
<killall> the same i will change the ip
<lordievader> cnt.calmetric.pt != domain.pt?
<killall> yes the domain.pt was a test the one in hosts is cnt.calmetric.pt
<killall> and should resolve but no :(
<killall> i dont get it one ip works and other no
<killall> thanks :)
<killall> ill try to reboot pc and crack this down ;)
<jamespage> rbasak, smb: urgh - all of the include header files for dpdk assume  they are in the root of /usr/include (not the subdirectory)
<jamespage> rbasak, smb: ovs patched to deal with that
<jamespage> rbasak, smb: are you targetting a specific CPU feature baseline for dpdk?
<blob_> I'm trying to setup a kiosk PC based on Ubuntu server with nodm, openbox and network manager. I'm having trouble with network manager permissions to allow the logged in user to manage connections using nm-applet. I've been searching and I think the problem is caused by polkit or dbus permissions. If run nm-applet with sudo it works. With a normal user it does not work. If I just try to use nmcli from the terminal I get the foll
<blob_> If I copy the contents of <policy at_console="true"> to <policy context="default"> in /etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf I can run "nmcli nm", so maybe something is wrong with my session? Even with the modification I can't still configure any interfaces, but at least it may give someone an idea where I should try to look into next?
<rbasak> jamespage: the plan is for SSE3 only although we want to talk to upstream about runtime detection
<jamespage> rbasak, the ovs configuration assumes SSE3
<rbasak> OK. AIUI we can't even build without SSE3
<jamespage> rbasak, does that break any cpu compat baseline generally in the archive?
<rbasak> jamespage: yes. There exist amd64 CPUs without SSE3 AIUI.
<ivoks> hey guys, do you know where is sentiment analysis charm?
<rbasak> But currently the build requires SSE3 due to inline assembly I believe, so we have no choice (without taking on the porting)
<jamespage> ivoks, ask samuel in #juju
<ivoks> jamespage: thanks!
 * jamespage ponders about how we enabled this effectively in ubuntu
<jamespage> rbasak, well I have it building
 * jamespage ships it
<jamespage> lol
<jamespage> anyway - a start
<jamespage> https://launchpad.net/~james-page/+archive/ubuntu/ovs-dpdk/
<jamespage> rbasak, do you think the runtime detection will happen in the near term?
<rbasak> jamespage: seems unlikely
<smb> jamespage, You can work around the headers issue by having a -I that points to your headers top. So they can be in /usr/include/dpdk. We build for default machine type which is sse3 only
<smb> jamespage, are you using the lib from my package?
<rbasak> jpds: do you have any plans to update strongswan?
<teward> rbasak: ping, i have a question for you, any idea if the TB is meeting today or should I just lurk both meeting channels?
<rbasak> teward: they're meeting today
<teward> about the same time as the server team?
<rbasak> teward: add the nginx item to https://wiki.ubuntu.com/TechnicalBoardAgenda I guess?
<rbasak> teward: yeah, same time.
<rbasak> teward: #ubuntu-meeting-2
<teward> rbasak: i'll lurk the channel, my guess is they may bring it up, and if not i'll poke someone on the TB for next meeting - i don't like last-minute agenda items and i bet they don't either
<teward> since they have a "scan the ML for things they missed" item
<YamakasY_> I have a serious issue with puppet, anyone knows this ? https://tickets.puppetlabs.com/browse/PUP-3501
<rbasak> YamakasY_: not seen it before. I don't think Puppet should be reading system configuration files assuming an encoding set by the locale defined in the environment. That doesn't make sense. It should use what encoding the file is defined to have.
<rbasak> In the case of upstart jobs, it doesn't seem to be specified, but UTF-8 would be a reasonable assumption.
<YamakasY_> rbasak: yes indeed, I have this bug already for months and everyone thought I was nuts
<YamakasY_> rbasak: so, /etc/environment should be ok and for shell in the init script ?
<jamespage> smb, I am yes
<smb> jamespage, Ah, ok. I put some help for getting builds without their environment into README.debian though I guess that is too late now
<YamakasY_> rbasak: ?
<rbasak> YamakasY_: setting a UTF-8 locale in /etc/environment is a sensible thing to do anyway, and might work around that bug making it a low priority in terms of actual user impact.
<rbasak> YamakasY_: but I think it's a bug that puppet assumes that system configuration files are encoded in the user's environment locale encoding. Instead it would use the encoding defined for the file its reading
<rbasak> it's
<YamakasY_> rbasak: ok, weird thing is, when I reboot the machine it gets the error, but when I restart it from shell with LANG in my init script it works again
<YamakasY_> rbasak: so what would you set ? the puppet guys say it's always someone else his problem ;)
<rbasak> YamakasY_: if it were me? Given it's puppet, I'd just modify the configuration file to be US-ASCII to work around the problem, and make the point in the bug that it is really a bug since the file encoding is not defined to be the same as the environment defined locale encoding.
<YamakasY_> rbasak: I agree, bunch of morons they are :P
<rbasak> The chef bug they refer to is a little different since it's a chef template so chef get to define the expected encoding.
<YamakasY_> yap!
<YamakasY_> but they don't say that ;)
<YamakasY_> puppet guys always think they are right
<rbasak> YamakasY_: mind your conduct please. http://www.ubuntu.com/about/about-ubuntu/conduct
<YamakasY_> rbasak: no but this is known for months and they don't admit it
<rbasak> I think they deserve the benefit of the doubt. At least put the argument to them clearly in the bug.
<YamakasY_> it's annoying as all kinds of fixe's don't fix it
<YamakasY_> no matter what I do, every reboot gives the same issue
<YamakasY_> I need to restart puppet manually to get UTF-8
<FunnyLookinHat> Are any of you familiar with uvt-kvm?  I can't figure out how to restart a kvm that I shutdown.
<YamakasY_> rbasak: it seems undoable
<rbasak> FunnyLookinHat: virsh start <name>
<FunnyLookinHat> rbasak, thank you!
<FunnyLookinHat> Was trying to find a uvt-kvm command and none seemed to exist  :)
<jamespage> smb, meh - it was pretty easy to figure out - tiny patch to ovs to make it work
<jamespage> smb, I'll probably work on some sort of auto-detection as well
<jamespage> so --with-dpdk just works
<smb> jamespage, Yeah, ideally there would be a pkg-config info file... though not (yet) from upstream
<YamakasY_> rbasak: any other options ?
<rbasak> YamakasY_: can you not just modify the file to be US-ASCII?
<YamakasY_> rsalveti: which file, the pp ?
<rbasak> YamakasY_: /etc/init/php-fpm.conf or whatever file is causing the issue
<YamakasY_> rbasak: the php5-fpm restart
<YamakasY_> rbasak: would not be nice
<teward> rbasak: sarnold: in other news, *actually usable debug data in nginx bugs now!*  https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1476656, https://launchpadlibrarian.net/212180277/SystemctlStatusFull_Nginx.txt.txt, E:NotABug
<ubottu> Launchpad bug 1476656 in nginx (Ubuntu) "package nginx-core 1.6.2-5ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New]
<rbasak> teward: \o/ good job!
<ws2k3> i have setup an ldap server. but when my ldap server is offline i cannot login in my ubuntu servers anymore how can i resolve this issue?
<teward> rbasak: I'm going to Invalid the -5ubuntu3 ones, and say to file a new bug if an upgrade or install to -5ubuntu3.1 triggers the issue
<teward> rbasak: but we NOW KNOW that 1476656 is user/server config error - look at that bug's DpkgHistoryLog
<teward> rbasak: they installed Apache first, and probably didn't shut it off
<teward> but seriously, USABLE DEBUG DATA!  *dances a happy dance, before deciding he needs coffee and goes off to find some*
<teward> rbasak: pretty certain we as the server team may need to issue a notice in Release Notes that the default Apache and default Nginx configurations can't be run side-by-side because they are designed to 'just work' out of the box without any additional configuration.
<thebwt> howdy guys, I do a small repo of custom deb packages, and I'm having a rough time getting unattended upgrades to update our repo. Anyone got a good article on repos, their metadata andhow that interacts with everything? we've poured over man pages but I was hoping there was a good flat article out there that someone may know of.
<iliv> Does do-release-upgrade select the right mode automatically?
<teward> so, general question, anyone got any insights on https://bugs.launchpad.net/nginx/+bug/1476296 per chance and what init file should be in place?
<Daviey> teward: Nicely done, RE: TB /Nginx
<teward> Daviey: thank you!
<teward> rbasak had a hand in it, i lagged briefly and he was able to chime in as well
<Daviey> :)
<teward> Daviey: initially looked like they were "Why is this here" but I did refer to your suggestion referring it to TB
<teward> I honestly didn't expect a decision today, i just wanted it to be looked at as soon as possible because of the Wily impact
<teward> given the vote and the conditions set forth i'm fairly comfortable doing a merge of 1.9.x to Wily, following through up to Feature Freeze, and leaving it, merging again the moment X is open.
<teward> provided that's still the general agreed-upon track
<teward> which it should be based on rbasak, jcastro, yourself, and sarnold
<teward> and me :)
<Daviey> teward: If you need a hand with sponsorship, let me know.
<teward> Daviey: i have upload rights, so sponsorship isn't a huge concern anymore
<Daviey> (I'm sure rbasak will be happy to aswell)
<jcastro> o/ awesome work fellas
<teward> Daviey: i'd be glad for a sanity check though
<Daviey> Oh! I forgot that.. nice
<teward> if you're offering :)
<teward> jcastro: thank you!
<jcastro> did we send you an ubuntu server team shirt or something yet?
<rbasak> Daviey: we'll still need review from the release team before executing the FFe during X development if you'll be around to help with that please :)
<teward> ^ that
<teward> jcastro: not yet, i never translated the US shirt size I wear to UK shirt sizes for that to be sent my way
<teward> got a tad busy with school, work, and other things :)
<jcastro> ok, lmk. It's easy to translate, just go up one size or two.
<jcastro> though it can seem that a UK Small is a US XXXXXL.
<teward> heheheheh
 * rbasak still has a XXL Heroku shirt or something that doesn't fit him
<rbasak> I never really understood what's going on there
<teward> heh
<teward> jcastro: if you want to do the conversion, I wear US sized XL due to being taller than average so large shirts don't fit me xD
<jcastro> ok, just mail me your shipping adress and I'll sort it for you, jorge@ubuntu.com
<teward> will do, that'll be coming in now
<teward> jcastro: the confusing part will be the estimated date of arrival - if you estimate it to arrive after August 7 I have to have you mail to one address, or another if before August 7
<teward> :/
<teward> i hate complex schedules
<teward> shoudl be in your inbox now
<teward> I'm going to get something to eat, then rebase the merge diff
<sarnold> teward: yes! that's awesome :)
<teward> sarnold: indeed!  This is definitely a plus, and thanks to the TB.  The apport hooks in there WORKING for postinstallation failed bugs though is ALSO a plus
<teward> because now we know that some people fail at configurations
<teward> or fail to understand that both Apache and nginx have 'just works' defaults
<teward> rather than
<teward> 'designed to run side by side and not cause a multitude of infinite other problems'
 * teward shrugs
<sarnold> teward: now you just need to keep that text handy for easy copy-n-paste :)
<teward> sarnold: heh
<med_> smoser, your ears should be burning
<med_> how does LXD get config drive data?
<med_> and does cloud-init handle a "pre-mounted" filesystem
<med_> ^ utlemming
<smoser> well the second bit is not reallycloud-init. its systemd or upstart. and that is just part of booting in lxc (or lxd). so thats worked for quite a while.
<med_> nod thanks
<smoser> the first part is new, and is in the works.
<smoser> currently, lxd will seed the nocloudnet datasource
<med_> nova would like to NOT support XFS mounted drive
<med_> (that parallels pushed)
<smoser> (this is how lxc-clone does in old lxc also)
<smoser> in the hopefully not distant future, cloud-init will read data from /dev/lxd
<med_> nod.
<smoser> parllels pushed to nova-what ?
<med_> apparently s/xfs/ext43
<med_> sorry, using ext4 instead of iso9660
<med_> for cloud-init data
<smoser> as they want the libvirt driver to do it ?
<med_> bindmount is being proposed
<smoser> ah. i see.
<smoser> for config drive.
<smoser> right. ok.
<med_> not sure libvirt even comes into it.... and very sorry I conflated xfs/ext4...
<smoser> so yeah, we talked about this for lxc also
<med_> yes, config drive
<smoser> er.. for lxd.
<med_> that's kind of why I poked you... we heard lxd was interested in the same ext4 approach
<med_> s/we/openstack nova mid cycle/
<smoser> whatnova should do is jus create the data and prior to start put it in a well known path
<med_> perfect, that's what's proposed now
<med_> mikal ^
<smoser> it could attach a disk, and then cloud-init would actually try to work
<smoser> but the kernel wouul (hopefully) NACK its attempt to mount the /dev/XXX device
<smoser> ubuntu is looking to make mounting of some filesystems in a user namespace actually safe
<med_> ah.
<med_> that's good too.
<smoser> that would allow you to actually attach a block device and safely mount it
<smoser> from inside the container (cinder)
<smoser> as without that, you're stuck inside the container with fuse.
<smoser> and iirc thats even only on ubuntu kernel
<med_> nod
<mikal> Hi, coming to this late because I was being ragey in person
<mikal> So, parallels merged support for a loop mounted ext4 config drive into the libvirt driver
<mikal> Which we didn't love
<mikal> So we're reverting it
<mikal> The new plan is to allow the ocnfig drive code to generate to a specified path, which can then be added into the contianer
<mikal> i.e. no loop mount required
<Luke> is there an ubuntu dev channel?
<TurBoss> Hi
<TurBoss> I have a headless server running 14.04.01
<TurBoss> today it refuses to boot network so i put a livecd and chrooted into
<TurBoss> can't ping can't ssh
<TurBoss> server is on remote place
<TurBoss> i can only use a livecd to troubleshot
<TurBoss> /etc/netowork is fine /etc/hosts is fine /etc/hostname etc...
<TurBoss> i can ping the internet on the chrooted enviroment but when i boot from hdd ir refuses to give netowerk acces
<TurBoss> what i can do to solve my problem
<TurBoss> so i'm on chroot via ssh
<TurBoss> that works
<TurBoss> :)
<TechIsCool_> I have a question about net-snmp-config I can't seem to find it on ubuntu
<TechIsCool_> where is it located
<tarpman> TechIsCool_: the search tool on packages.ubuntu.com suggests it's in libsnmp-dev
<TechIsCool_> tarpman: Awseome thank you
<teward> Luke: if you're still looking for the Ubuntu Devel channel, visit #ubuntu-devel
<teward> because i'm tired, would anyone like to sanity-check an nginx merge debdiff for me before I bother uploading it, please?  Sanity checks are nice...
<teward> might ask in -devel if no response here :)
<Daviey> teward: Would rather look at it with fresh eyes tomorrow...
<teward> Daviey: works for me
<teward> i don't plan on uploading tonight anyways :0
<teward> Daviey: For the record, https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1476811 is the bug
<ubottu> Launchpad bug 1476811 in nginx (Ubuntu) "Please merge nginx 1.9.3-1 (main) from Debian unstable (main)" [Medium,In progress]
<teward> there's two debdiffs there - one's the actual merge, one's the 'compare to debian' sanity-check :P
<teward> which looked sane to me, but eh
<teward> we're both tired so meh :P
<teward> rather have it be sane than fail
<teward> i've done that before too, fail with uploads
<Daviey> teward: Yeah, having both makes sense... as a reviewer, i tend to prefer debian->ubuntu or ubuntu->ubuntu if it is smaller.
<teward> Daviey: i always include both when it's a merge from Debian
<Daviey> Had a quick look, source_nginx.py seems missing from declared remaining changes?
<teward> Daviey: already in?
<teward> changelog 1.6.3-5ubuntu4
<teward> already uploaded to wily :)
<teward> don't forget - it's not in Debian
<teward> oo shit right i forgot in remaining chagnes
<teward> i'm tired
<teward> :)
 * teward respins for the changelog
<teward> i keep copies of my merge dir lol
<teward> Daviey: thanks for that, i almost forogt o.O
<Daviey> teward: The rest of it looks tidy, but i'd rather look with non-sleepy eyes
<Daviey> And on that note, nn.
<teward> good night, i'll update.
<jak2000> why i cant install ubuntu64 on a vmware ? i gave to this pc: 40gb hdd and 2 gb ram,  and say:  http://postimg.org/image/miqvfxcoz/
<teward> jak2000: you have to turn on virtualization in the host's BIOS
<teward> you should read the numbers it specifically says there
<sarnold> jak2000: reboot your computer; smack f1 and del keys to try to get into the bios. look around for "Virtualization extensions" or "VT" support, and turn that to "Enabled", save, and reboot
<teward> ^ that
<jak2000> need upgrade the vios of the pc?
<teward> jak2000: not usually
<sarnold> probably not
<teward> jak2000: usually you just have to "Enable" a feature that's present already but 'disabled' in the bios
<teward> it's a configuration value
<teward> not an update/upgrade/bios reflash
<jak2000> ups i am remotely
<teward> then you're stuck
<bekks> jak2000: So use the remote interface of your server.
<teward> ^ that though is an option :P
<jak2000> its a normal pc
<jak2000> with 8gb ram
<sarnold> you can probably change it with lights-out or ipmi or whatever
<teward> except if it's a plain old desktop
<teward> (might not be present)
<sarnold> oh. call your hoster?
<jak2000> no no old desktop it have win8
<sarnold> they may have a "remote hands" service
<jak2000> :)
<jak2000> mmm no way
<jak2000> not know about pcs,
<teward> jak2000: 'plain old' is a phrase - it means it's a standard desktop that most end users have
<jak2000> thanks
<teward> rather than 'old desktop'
<teward> it's not an actual indicator of the age
<jak2000> :)
<teward> now, me saying "This old-as-sin POFS server is evil.", well...
<sarnold> jak2000: "turn on VT" ought to be within their skills, regardless of hardware..
<jak2000> ok
<jak2000> i am on  my laptop
<jak2000> restarting
<bekks> jak2000: How would that help you? :)
<sarnold> wait..
<sarnold> is your vm host remote or local?
<teward> jak2000: we don't mena on your laptop we mean on your desktop
<teward> jak2000: you need to make the change at the DESKTOP that's running VMware Player
<teward> NOT on your Laptop
<teward> ... i bet he quit
<teward> and we'll have to wait
<jak2000> teward yes i understand
<jak2000> but for test, and see the option
<teward> jak2000: so which syste are you restarting
<sarnold> different bios vendors will put it in different locations
<teward> ^ that
<teward> and different manufacturers do so to
<teward> and can rename it to something similar but different
<teward> (Dell called it "Enable virtualization extensions" in the Latitude E6500's BIOS, it's different in the latest BIOS versions and such)
<jak2000> i have a laptop and see this option disabled:
<bekks> The option on your laptop is irrelevant.
<teward> ^ that
<teward> jak2000: it's IRRELEVANT what it's set to on your laptop
<bekks> The option on your desktop pc is important.
<jak2000> Intel Virtual Technologiy
<teward> jak2000: you need to look at the BIOS on the DESKTOP
<jak2000> ok
<sarnold> jak2000: it's usually disabled by default: https://en.wikipedia.org/wiki/Blue_Pill_(software)
<teward> and it's USUALLY disabled by default
<teward> (most end users aren't doing virtualization, and the ones that are know how to power-user the BIOS to make it work)
<jak2000> oki
#ubuntu-server 2015-07-22
<jak2000> what happend if is a old pc/desktop, and havent the VT?
<sarnold> jak2000: vmware (used to?) have virtualization tools that worked on systems before VT extensions were added
<sarnold> jak2000: xen paravirtualization was also invented before vt extensions
<sarnold> jak2000: .. though I don't know if modern xen still supports paravirt or not, the virtualization extensions have been around long enough to completely supplant the previous tools
<patdk-lap> all of them support without vt
<patdk-lap> the issue is, your stuck with emulated 32bit mode
<patdk-lap> and it's painfully slow
<patdk-lap> vmware dropped all support for paravirt
<patdk-lap> dunno about xen
<jak2000> hi all,
<jak2000> anyone know a client for update my ip ? similar to dyndons and/or noip?
<jak2000> anyone know a client for update my ip ? similar to dyndons and/or noip? i want to know other if exists
<lordievader> Good morning.
<jamespage> smb, one comment on your dpdk packages - you might want to unversion the dev package
<jamespage> means that a transition at later date is just  a rebuild for rbd's
<smb> jamespage, ah right. yeah I should do that
<smb> jamespage, Ok, I changed that for the next rc. Thanks.
<shafox> I have a schell script in jenkins server that tries to connect to another server using pem files in aws ec2 instance, but while doing ssh -i  pem ubuntu@ip it gives Permission denied (publickey). or Host key verification failed .
<shafox> What would be the resolve.
<shafox> /s/schell/shell
<Repox> Hi. I wanted to google this, but I'm unsure what to Google for, so I hope you can give some input. I have an ubuntu server at a hostingprovider which currently recieves a single webhook. I'd like to forward this HTTP post to a server which is only reachable via a VPN connection. Is this possible?
<patdk-lap> yes
<patdk-lap> atleast 200 ways to do it
<patdk-lap> probably the best, easy, way, would be haproxy
<rbasak> I would implementation some kind of shim web service, to minimise risk to the VPN. But like patdk says, there are many ways of doing it.
<YamakasY> are most people running 14.04 or still 12.04 ?
<YamakasY> I wonder if I should upgrade some old boxes form 12.04
<beisner> hi rbasak, can you have a look at bug 1476904 ?
<ubottu> bug 1476904 in percona-xtradb-cluster-5.6 (Ubuntu) "Vivid needs percona-xtradb-cluster-client-5.6" [Undecided,New] https://launchpad.net/bugs/1476904
<rbasak> beisner: need to ask Percona. I asked georgelorch #debian-mysql on OFTC earlier, but it's still quite early for him I think.
<rbasak> beisner: I think it might be because the client is the same so we should just use the mysql client, but best to check with him.
<rbasak> (I might have been present when we said that but I don't recall)
<YamakasY> anyone some clue about 12.04 ?
<patdk-wk> YamakasY, you have like 2years to upgrade 12.04
<ogra_> that will definitely help with slow download speed :)
<YamakasY> patdk-wk: but what about the apache versions, they kinda differ it seems
<YamakasY> for an example
<patdk-wk> so?
<patdk-wk> that is your problem
<YamakasY> patdk-wk: thanks mate :P
<YamakasY> no I mean.. would 14.04 be an advanatge
<patdk-wk> still, your problem
<patdk-wk> 2years of support left
<patdk-wk> you can upgrade, not upgrade, upgrade in 2years
<patdk-wk> it is your system, do as you will
<patdk-wk> but if you want to remain getting security updates, 2years you must upgrade
<YamakasY> yes, but I ask... is it an advantage ?
<patdk-wk> how do we know?
<YamakasY> patdk-wk: speeds, newer packages ?
<patdk-wk> only you know what you do wit hit, how you use it, if it will benifit you
<patdk-wk> newer just means newer bugs
<YamakasY> also true
<YamakasY> never had an issue with 14.04 on my production cluster tho
<patdk-wk> I have had many issues
<YamakasY> patdk-wk: like ?
<patdk-wk> and have pushed out many patches to fix them
<YamakasY> which is nice :)
<patdk-wk> some ubuntu have finally fixed, many others, not yet
<YamakasY> ok
<YamakasY> but 12.04 feels kinda old
<YamakasY> I mean will they upgrade to the new apache version ?
<YamakasY> which used conf etc ?
<Luke> teward: thanks re: #ubuntu-devel
<rbasak> patdk-wk: can you point me to your patches please? I'd like to make sure they're on my radar to try and get them landed.
<rbasak> (the outstanding ones)
<patdk-wk> I'll have to review them
<patdk-wk> I did file a few bugs
<patdk-wk> atleast I try to for the most annoying ones
<patdk-wk> but as nothing comes of them for years now, since I filed them before 14.04 was released
<patdk-wk> gets very unmotivated to do anything about them
<rbasak> Bug reports are also appreciated, though patches are better. I try to make sure good patches get landed as I don't want contributors to get demotivated.
<rbasak> Bug reports without patches are much harder, because the majority of bug reports are poor quality and time consuming to resolve :-/
<patdk-wk> no, I normally always attempt to file a bug report with a patch
<patdk-wk> the issue normally is, if it gets looked at ever
<rbasak> Are you aware of debdiffs and the sponsorship queue?
<patdk-wk> pushback for me to do a detailed regression test and reporting
<patdk-wk> not sure
<rbasak> Unfortunately that work is unavoidable because often we'll have more users screaming at us about regressions than screaming at us about the bug itself.
<rbasak> So we have to be careful, and that takes work.
<rbasak> OTOH landing a fix before release is easier (but I appreciate that in the time it takes to get looked at, release might happen)
<rbasak> Anyway, if there's anything specific you have a patch for that you think is OK to land, feel free to ping me.
<rbasak> And I'll try and help.
<patdk-wk> ah, ya, the pacemaker one did finally get released
<patdk-wk> https://bugs.launchpad.net/ubuntu/trusty/+source/xtables-addons/+bug/1414482
<ubottu> Launchpad bug 1414482 in xtables-addons (Ubuntu Trusty) "Backport xtables-addons 2.6-1 to trusty" [Undecided,New]
<patdk-wk> would solve issues
<patdk-wk> but as I am not a ubuntu employee, and don't care too much about politics
<patdk-wk> I can only understand that document some
<patdk-wk> too many terms I don't know, or even steps I can follow to do that
<patdk-wk> so yes, it deadends after the work I attempted to do
<patdk-wk> not sure how, completely kernel-panics system, to, doesn't kernel-panic, can cause a regression though
<patdk-wk> due to people not paying attention that the version of xtables shipped with that version of ubuntu is not supported by the kernel shipped
<rbasak> So that's a process issue. Normally we do not automatically backport a newer version to a stable release to avoid a regression.
<rbasak> So to do so requires additional justification.
<patdk-wk> well, this is the 3rd attempt to fix it
<patdk-wk> or 3rd bugreport that I am attached to on it
<rbasak> It simply won't be considered without a suitable justification.
<rbasak> I can help you work through this but we need to go into some detail to figure out if it is appropriate.
<patdk-wk> bug#1286911
<patdk-wk> bug #1286911
<ubottu> bug 1286911 in xtables-addons (Ubuntu) "Kernel Panic using 14.04" [Undecided,Confirmed] https://launchpad.net/bugs/1286911
<rbasak> OK so that looks like it probably is a perfectly valid bug, but the proposed fix (bump the version) is not acceptable for a stable release in Ubuntu without additional justification.
<rbasak> The normal fix we look for is to backport a patch that fixes that specific issue.
<patdk-wk> the patch is to remove the module
<rbasak> Where is that patch please?
<patdk-wk> there isn't one
<patdk-wk> no one bothered cause it's too debian specific
<patdk-wk> and debian just bumped the version
<patdk-wk> so it's only a ubuntu issue
<patdk-wk> it's a packaging patch that is needed
<rbasak> You have to appreciate that the primary concern here is to ensure that no existing users who are happily using the package are regressed.
<rbasak> We will not upload a fix that is recommended to existing users without consideration for them.
<rbasak> That is what keeps a stable release stable.
<patdk-wk> this isn't part of the stable release
<patdk-wk> it's in universe
<rbasak> That doesn't matter.
<rbasak> The same policy applies to universe.
<patdk-wk> so that is why universe never gets any fixes then
<rbasak> Universe does get fixes when someone provides them in a way that doesn't regress existing users.
<patdk-wk> only 3rd party are allowed to develop the patches, and ubuntu won't work on them
<patdk-wk> but it must go by these stable rules still
<rbasak> but it must go by these stable rules still> right
<rbasak> Note that there is a distinction between Canonical and Ubuntu here.
<rbasak> Canonical generally doesn't maintain packages in universe, except in certain cases (generally packages that can't be in main but we'd eventually like to see in main).
<Daviey> No, it means that Canonical doesn't make the same commitments to support universe that it does to main.  Whilst Canonical does work on Universe packages aswell, there is not the guarantee.
<rbasak> Daviey: I fail to see the distinction with what I said :-/
<Daviey> rbasak: Sorry, i was saying No to patdk-wk.. not you.. You type faster :)
<rbasak> Anyway, my point is that there isn't anything special about universe that prevents anyone from working on them.
<rbasak> Oh, OK :)
<patdk-wk> I can gladly stop suppling my insights in these bug reports
<Daviey> patdk-wk: You seem terse, why do you think you input isn't wanted?
<rbasak> Additionally, Canoncial engineers (who are Ubuntu developers) will generally be happy try to help anyone who is trying to look after a package in universe.
<patdk-wk> as both of you said
<patdk-wk> it was not done in a ubuntu friendly way, therefor wasted effort
<rbasak> Note also the Ubuntu code of conduct: "We invite anybody, from any company, to participate in any aspect of the project. Our community is open, and any responsibility can be carried by any contributor who demonstrates the required capacity and competence."
<Daviey> patdk-wk: I'm not Canonical.. :)
<patdk-wk> I don't remember saying canonical
<rbasak> So there is no special thing that you can't do here. If you want to look after universe packages, you are welcome to do so, including getting upload rights yourself for the packages you care about.
<Daviey> patdk-wk: Did either of us say something to upset you?
<YamakasY> strange eth0:1 is not up but it says eht0 is already configured/up/whatever
<rbasak> You just need to follow the same SRU policy as it applies equally to main and universe. In short, don't regress existing users.
<patdk-wk> both said, that the bug is basically invalid, won't be looked at, and doesn't matter
<patdk-wk> cause unless the solution proposed by the bug includes a backported patch and regession testing, it doesn't matter
<YamakasY> so why is my IP not up
<rbasak> No, I said that the bug is valid, but we need to figure out how to fix it in a way that doesn't risk regressing existing users.
<rbasak> Bumping a version may be the best way to do this, but it is exceptional and must be justified.
<patdk-wk> my limited time I have to attempt to document and report these issues don't go anywhere, so is there really any point in bringing them up?
<rbasak> Alternatively backporting a patch may be the best way to do this.
<Daviey> patdk-wk: Yeah, that isn't what I meant - I think what we were trying to say is the same barrier for quality exists for both Universe as it does Main.
<patdk-wk> yes, and it's not well documented
<patdk-wk> atleast I have found so many sru documents that counterdict each other
<patdk-wk> and after I followed one to make that sru request
<patdk-wk> and it didn't get anywhere, and the responder posted more conflicting info to what I was following
<Daviey> patdk-wk: The problem is, Ubuntu - specifically server, has a manpower problem in that there are not enough people working on Triage, Fixing and Testing..
<Daviey> patdk-wk: Do you have an example that got wedged?
<rbasak> The SRU policy doesn't distinguish between main and universe because SRU policy applies equally to both. I'm not sure the non-existence of a distinction makes sense to document.
<rbasak> If you can point out a contradition, please point it out and I'll fix it.
<patdk-wk> my issue is the contradiction between the different SRU procedure documentation
<rbasak> Where?
<patdk-wk> in my searching on attempting to figure out how to do it
<patdk-wk> no idea :)
<patdk-wk> as the bug report states, that was a long time ago
<patdk-wk> and way too long for my browser history
<erkburgles> how do you dual boot another linux disto on UBUNTU 15.04
<Daviey> patdk-wk: There are prior examples where blunter methods have been done for less maintained packages than would happen in main.
<patdk-wk> who is talking about main?
<rbasak> He's talking about universe.
<patdk-wk> Daviey, have you been following at all here?
<rbasak> He's talking about universe by comparing to main.
<Daviey> patdk-wk: I have a call now.. can we fnished this in 15 mins?
 * rbasak has a call in 15 minutes!
<rbasak> But anyway, as I said, I'm happy to help drive things through. But if they don't comply with existing policies (which I am happy to justify), or you can't point to anything specific, then obviously there's not really anything anyone can do to help.
<rbasak> Ubuntu is quite pragmatic about deviating from policy where it is justified too, and has a well-defined process for doing so (eg. we just did it for nginx), but we do expect a clear and documented justification.
<patdk-wk> I don't remember requesting anyone change policy
<patdk-wk> the bug report, doesn't have a patch, cause none exists, but I documented the problem
<rbasak> No, but you do seem to be throwing patches "over the wall" that appear to violate policy, and so don't make any progress, and then get frustrated over the lack of progress.
<patdk-wk> nothing happened, I looked into it one day, and looked up doing an sru
<Daviey> patdk-wk: You still seem terse, not quite sure what more you want from us?  rbasak is a core-dev, I am core-dev and on the SRU team.. we are both offering to help.. what can we do?
<Abhijit> hi
<Abhijit> i have index.html and phpinfo.php in /var/www/html i get index.html when i go to localhost as well as test.com but i get 403 forbidden if i do localhost/phpinfo.php or test.com/phpinfo.php
<Abhijit> what am I doing wrong?
<Abhijit> on 15.04
<rbasak> Abhijit: I can't remember the details, but you want to make sure that script execution is permitted in that path
<Abhijit> ok
<erkburgles> what an awful place to go for advice
<pieter>                reducing the size of the block device (in hindsight a very very stupig thing to do). The array continued to 'work' afterwards (no idea on how many data was lost at that point) however after doing an actual resize
<pieter>                 of the FS (following the rest of the guide) messed up everything. The device won't mount anymore and running fsck gives lots of errors (an endless list so far, which I'm not sure I should respond 'yes' to). Is
<pieter>                 tehre any hope left to recover any of my files?
<pieter> Hi there. I'm kinda in panic mode right now. I tried following a blogpost on shrinking my software raid to use one device less, however I didn't follow it properly. What I failed to do was resizing the FS before reducing the size of the block device (in hindsight a very very stupig thing to do). The array continued to 'work' afterwards (no idea on how many data was lost at that point) however after doing an actual resize of the FS (follow
<Abhijit> what just happend?
<pieter> did a resize of the block device (md0)
<pieter> Afterwards did a resize2fs, and it wouldn't mount anymore
<pieter> tried some chkfs answering 'yes' to some 'could not read block xxxx' questions
<pieter> and now I can't mount anymore. And mount -f gives no more files on the device
<rbasak> pieter: first, back up what you have. Take images using dd of both your raid device and the underlying disk, so you can't make the situation worse.
<rbasak> pieter: then I'd try increasing the block device size again, followed by an e2fsck, and recover what you can.
<pieter> I'm a bit scared I already messed up the FS by saying 'rewrite' to a lot of fsck questions
<patdk-wk> you did it backwards
<patdk-wk> you have to resize2fs first, when shrinking
<pieter> I know...
<Abhijit> how to know which process is using my port 80?
<rbasak> pieter: already messed up> Yeah, that does seem likely
<patdk-wk> think only thing you can do
<rbasak> Abhijit: probably Apache? "sudo netstat --inet -nlp" will tell you.
<patdk-wk> is throw it into readonly mode
<patdk-wk> and start coping it
<pieter> as a binary blob to a secondary array?
<patdk-wk> hmm?
<pieter> how do you mean start copying it?
<Abhijit> rbasak, thanks. not apache.
<pieter> Because I can't access any files right now
<patdk-wk> depends on your skill level, you going need some good skills to do it rbasak's way
<patdk-wk> oh, your already beyond that heh
<patdk-wk> only then left is yep, make a binary copy of the disks
<patdk-wk> and attempt low level raid/filesystem fixing
<pieter> Any hints on tools that might help in doing just that?
<patdk-wk> no, I have never killed a filesystem without a backup
<patdk-wk> I have done many raids, but those are easier to solve
<pieter> xD
<pieter> Found something on 'restor backup superblock'
<pieter> does that make sense?
<patdk-wk> it does, but not likely your issue
<pieter> You mean that's not what is broken?
<pieter> If I could somehow get back to before I did the resize I could still access the files
<patdk-wk> it might be, but not where I would place my bet
<patdk-wk> that won't happen
<patdk-wk> you did way too many things
<teward> Daviey: ping - you still willing to do a sanity check on the merge diff?
<teward> AFAICT it's "sane" but a second set of eyes does help.
<Daviey> teward: unless rbasak is more motivated? :)
 * teward looks at rbasak
<teward> indeed, that's a valid question :)
<Daviey> teward: looking
<teward> god i need more coffee... this morning's traffic delayed me... what, an hour?
<teward> so i didn't get coffee >.<
<Daviey> teward: did you test if this is still needed? debian/rules: Drop from -O3 to -O2 to work around a build failure ?
<teward> Daviey: i'm curious why it was introduced, but i'll rebuild local and see if it FTBFS
 * genii makes a fresh pot of coffee and slides teward a mug
<teward> genii: seriously though i need a lot of coffee >.<
<genii> Unfortunately I can only provide the virtual kind, although in limitless amounts
<Abhijit> once i setup dovecot ssl do i need to setup seperate ssl for apache so that apache must use squirrelmail on https only?
<teward> Daviey: running the local builds in sbuild now without the ubuntu specific change for the build flags, if it fails we know it's still needed
<Daviey> teward: right
<teward> if it doesn't fail, i have the separate copy without that flags change :P
<teward> i should probably clean up my computer i have a lot of stuff lying around XD
<med_> jamespage, zul: normal UCA kilo-proposed to kilo-updates time lag? Two weeks?
<med_> ref: oslo.messaging
<jamespage> med_, about to shove that out of the door today
<med_> looks like it's been in proposed since July 8
<med_> win!
<jamespage> med_, yeah - sounds about right
<jamespage> the vivid SRU released this morning - I tend to follow that
<jamespage> med_, and done - should publish ou tin the next hour or so
<med_> danke! danke! thanks.
<med_> cool.
<med_> we were following that SRU so, again, thanks.
<Luke> anyone know if there's a lightweight ubuntu image packaged for vagrant?
<Luke> the default vagrant ubuntu image has tons of stuff running that's not part of a normal ubuntu server image
<FunnyLookinHat> Yo again Luke
<FunnyLookinHat> Luke, have you tried this one? https://cloud-images.ubuntu.com/vagrant/trusty/current/
<Luke> no. thanks =)
<teward> Daviey: hmm, it looks like maybe something's... off... if only because without the sed it drops to -O2 anyways o.O
<teward> Daviey: i *do* know that the no-changes-from-debian 1.9.3 built in the PPA without any problems at all, and it doesn't drop to -O2
<Daviey> teward: Well, the rest of it looks good.  If you can drop that O3 -> O2, it would be better.. but don't block on it.  Also, the dep8/autopkgtest tests are supposed to have "test: $name" fields for each one, but that isn't something you introduced and they still work without.
<teward> Daviey: I would be glad to tell Debian to get off their failures and fix it, or submit a diff to them XD
<teward> i'm trying to get them to accept the apport hooks diff too but they're pushing back
<teward> Daviey: AFAICT, without the 'sed', it's working as -O2 anyways
<Daviey> teward: Have a bug number?
<teward> https://launchpadlibrarian.net/212234770/buildlog_ubuntu-wily-amd64.nginx_1.9.3-1%2Bwily0_BUILDING.txt.gz is my evidence of that, as is my sbuild instance showing that.
<teward> Daviey: bug number for...?
<teward> the apport hooks diff for Debian?
<Daviey> Yeah
<teward> none, direct discussion with maintainers
<teward> [2015-07-22 10:33:00] <teward> none, direct discussion with maintainers
<Daviey> There is a drive to get apport support to Debian, so it would be nice to reduce the delta where possible.
<teward> mhm
<Daviey> I'm guessing the ubuntu banner flag was also NAK'd? :)
<teward> heh
<teward> it helps when we have corresponding bugs in both places, then they accept fixes, the -fPIE stuff was infinity and myself working in tandem I think
<teward> because of the Perl flags :/
<teward> Daviey: i'd like taht delta reduced too.  But the -core package delta is permanent - they NAK'd that proposal
<teward> so the delta's going to be substantial in either case
<Daviey> meh
 * Daviey has to go. good luck teward o/
<teward> thanks
 * teward yawns
<teward> I should have stayed in bed >><
<teward> >.<
<rbasak> teward, Daviey: sorry, was otp. Looks like you're done though? Thanks!
<rbasak> beisner: from Percona, the answer is that we expect users to use mysql-client-5.6.
<teward> rbasak: it'll be done when i decide to push the upload, gotta redo the diffs for one last change
<rbasak> beisner: since they're identical.
<rbasak> (no source changes to the client from the Percona side)
<beisner> rbasak, ack, thank you.
<teward> rbasak: granted though i might push it off until i've had coffee - tired devs are slightly less attentive devs :/
<rbasak> beisner: let me know if you find any problems with doing that please. georgelorch in #debian-mysql (OFTC) would probably like to know too.
<beisner> rbasak, thanks, will do
<squisher> rbasak, jamespage, any of you by chance at debconf next month?
<jamespage> squisher, sorry - on holiday so can't make it
<rbasak> Not me, sorry.
<squisher> ah too bad :)
<squisher> jamespage, would you be willing to sponsor another package? It's a little program of mine with fairly low activity: https://de.mcbf.net/david/grubchoosedefault/ | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768221
<ubottu> Debian bug 768221 in wnpp "ITA: grub-choose-default -- Control Grub Default through a GUI" [Normal,Open]
<PryMar56> anyone built xen from source on Vivid? with systemd & ocamltools?
<cucumber_> Hi everyone
<cucumber_> I'm compiling fw1-loggrabber that needs libelf-dev. I have it installed (sudo apt-get install libelf-dev), but when I run "make" I get this message: "/usr/bin/ld: cannot find -lelf". Does anybody know where could be the problem?
<cucumber_> I'm using 14.04.
<cucumber_> Accordine with https://github.com/certego/fw1-loggrabber/blob/master/README.md, in 12.02 you've to install "libelf-dev:i386"
<cucumber_> libelf-dev:i386 doesn't exist in 14.04, but exists libelf-dev. That's what I installed.
<teward> !info libelf-dev trusty
<ubottu> libelf-dev (source: elfutils): libelf1 development libraries and header files. In component main, is optional. Version 0.158-0ubuntu5.2 (trusty), package size 48 kB, installed size 286 kB
<tarpman> cucumber_: libelf-dev:i386 certainly does exist in 14.04
<teward> ^ that
<tarpman> cucumber_: and indeed, you probably need that one specifically, as the fw1-loggrabber Makefile (for whatever reason) explicitly builds in 32-bit mode
<cucumber_> tarpman: oh.. and how can I install it?
<cucumber_> tarpman: because I get "E: Unable to locate package libelf-dev"
<cucumber_> when try to install the i368 one
<cucumber_> a special repository?
<teward> make sure you're updated - sudo apt-get update
<teward> and it's in the standard repos
<tarpman> cucumber_: dpkg --add-architecture i386 && apt-get update
<teward> ah forgot that xD
<tarpman> cucumber_: more info â https://wiki.debian.org/Multiarch/HOWTO
<tarpman> teward: server ;)
<teward> i think i need coffee :)
<teward> tarpman: nope, tired
<teward> tarpman: 3 hours sleep helps nobody
<tarpman> indeed
<cucumber_> tarpman: there you go. Thx
<tarpman> cheers
<tarpman> (I don't really see why -m32 should be necessary, though...)
<sarnold> I'm worried about needing 32 bit libraries when you're compiling something from source
<sarnold> it feels like somethings gone wrong somewhere
<tarpman> yeah exactly
<teward> sarnold: it sounds like it's Windows software then
<teward> since most is still 32bit o.O
<sarnold> "building on WIN32 or SOLARIS is no longer supported" h3h3
<teward> lolol
<cucumber_> sarnold: yeah!
<cucumber_> tarpman: done. It worked. Thx"
<sarnold> ugh, staticly linking the world; that's a lot of libraries to follow for security issues
<cluelessperson> Hey guys, I'm trying to setup some CIFS mounts, and I've almost got it, everything works peachy under root, however, when I go back to zachary who's part of the group mediashare, and the dir_mode=0770   it tells me permission denied
<cluelessperson> on all the mounts
<cluelessperson> http://paste.ubuntu.com/11922616/
<cluelessperson> http://paste.ubuntu.com/11922620/   The shares themselves and their ownership+permissions
<cluelessperson> :/'
<sarnold> cluelessperson: I think you also need to add 'user' to the fstab flags for mount to let you mount them as s user
<cluelessperson> sarnold, already mounted.  root can read contents, nonroot cannot
<sarnold> cluelessperson: ah, I see
<cluelessperson> sarnold, here's my fstab  http://paste.ubuntu.com/11922616/
<cluelessperson> the mounts (while mounted) http://paste.ubuntu.com/11922620/
<sarnold> cluelessperson: does id show that shell has mediashare supplementary group?
<cluelessperson> sarnold, you mean is zachary in the mediashare group? nad subsonic?  yes.
<sarnold> cluelessperson: I just wanted to make sure tha tyou hadn't added zachary to the mediashare group recently
<sarnold> .. since group ownership is passed down from parent ot child processes, rather than any inherent property of user accounts
<cluelessperson> sarnold, ... hm  I did  id   and mediashare doesn't appear to be in the list of groups... ?
<sarnold> cluelessperson: run 'newgrp mediashare' and try again..
<cluelessperson> sarnold, but I do adduser zachary mediashare   and it says "the user zachary is already" .. okay
<sarnold> that will start a new shell with the new group membership
<sarnold> you can either restart sessions or use newgrp to give you a new shell with the new group permissions
<cluelessperson> sarnold, hm, it works now
<sarnold> woot :)
<cluelessperson> sarnold, the zachary does
<cluelessperson> reconnecting as zachary to confrim it sticks
<cluelessperson> sarnold, back.  I'm at work and it reset my tunnel lol
<sarnold> if you're going to use a gui filemanager thing, you'll need to make sure it's started with the proper groups as well -- either via logging out and back in again, or starting it from the newgrp shell
<cluelessperson> sarnold,   id subsonic   DOES show it's part of the mediashare group
<cluelessperson> however I'm not sure subsonic can read the mounts. checking
<cluelessperson> sarnold, yeah, it seems subsonic is failing to read.
<cluelessperson> I don't get it
<cluelessperson> sarnold, zachary works though, odd
<sarnold> cluelessperson: check a simple 'id' in whatever shell subsonic is using
<cluelessperson> sarnold, I do "id subsonic" and mediashare is in there.
<sarnold> cluelessperson: 'id username' looks up the information out of /etc/passwd or whatever usermanagement system you're using, rather than telling you the specific details of a given process
<cluelessperson> sarnold, okay, I'm unsure how to check the id of the shell subsonic is using
<sarnold> cluelessperson: what process are you trying to use as user subsonic?
<cluelessperson> sarnold, the application subsonic (media sharing) should be a part of the "mediashare" group.  the cifs mount should be allowing dir_mode/file_mode=0770 and gid=mediashare/1003
<sarnold> cluelessperson: find that process's pid, and then look in /proc/<pid>/status -- you're looking for a line like this: Groups:	4 24 27 30 46 109 124 127 128 1000
<cluelessperson> sarnold, looks lik 7627
<sarnold> cluelessperson: alright, grep Groups /proc/7627/status
<sarnold> cluelessperson: and see if the mediascanner group number is in there
<cluelessperson> sarnold, groups: 998
<cluelessperson> mediashare is 1003 I believe.
<cluelessperson> (and there is no 1003 there) in the result
<cluelessperson> zachary@web:/media/zac$ grep Groups /proc/7627/status
<cluelessperson> Groups: 998
<sarnold> cluelessperson: what does getent group 998 report?
<cluelessperson> subsonic:x:998:
<sarnold> cluelessperson: okay, how does the subsonic application start?
<cluelessperson> sarnold, system daemon I believe.   init.d ?
<cluelessperson> rc.d ?
<cluelessperson> no clue what I'm talking about.
<mgolisch> did you restart that after adding the user to the group?
<sarnold> cluelessperson: alright, look for it in /etc/init.d/*subsonic*, that seems likely
<cluelessperson> sarnold, it is there.
 * cluelessperson is a 5 year old again, gets to relive life.
<sarnold> cluelessperson: alright, try sudo /etc/init.d/subsonic restart
<cluelessperson> sarnold, Groups: 998 1003 now
<cluelessperson> sarnold, subsonic still erroring some reason
<cluelessperson> well, no errors, checking
<sarnold> cluelessperson: hooray, progress
<cluelessperson> sarnold, how do I test manually, as a subsonic user?
<cluelessperson> the application is failing to scan the directories still, but it does show subsonic is part of those groups for that process. :)
<sarnold> cluelessperson: hmm, probably sudo -s -i subsonic   would be my first starting point
<cluelessperson> sarnold, nope
<sarnold> it's a bit tricky since this is a different mechanism for starting the process than the service actually uses
<cluelessperson> sarnold, maybe I can just restart the server. :P
<cluelessperson> sarnold, I actually need to leave work right now, I appreciate all your help, but I have to disappear.
<cluelessperson> I'll be back on in about 30 minutes
<cluelessperson> but thank you so much so far.
#ubuntu-server 2015-07-23
<lordievader> Good morning.
<rbasak> teward: I would "Won't Fix" bug 1194074, but up to you.
<ubottu> bug 1194074 in nginx (Ubuntu) "Default index.html blindly overwritten" [Medium,Triaged] https://launchpad.net/bugs/1194074
<cluelessperson> hey all
<RoyK> rbasak: a package overwriting user files doesn't seem like a sane Won't Fix to me :P
<cluelessperson> So I'm trying to allow a user to access CIFS mounts.  This is my FSTAB  http://paste.ubuntu.com/11922616/   these are the mounts http://paste.ubuntu.com/11922620/
<cluelessperson> the user zachary who is part of the "mediashare" group CAN read and acess the mounts, good
<cluelessperson> however, the service/application subsonic, using "subsonic" user, ALSO part of the "mediashare" group, CANNOT access the mounts for some reason with permission denied.
<rbasak> RoyK: packages *own* files in /usr/share. They are supposed to overwrite them on update. Users are not supposed to change package-shipped system files in /usr and expect them to not be overwritten on update.
<rbasak> RoyK: nginx shouldn't default to using /usr/share/nginx/www/index.html IMHO, but that's a Won't Fix in Debian. So either we should decide to diverge in Ubuntu, or decide not to, but either way make a decision.
<RoyK> rbasak: IC
<cluelessperson> hello?
<TheEagerPadawan> hi anyone around here that could explain metro-ethernet and MPLS to me?
<cluelessperson> sarnold, yo
<patdk-lap> metro-ethernet is just that, they just handoff ethernet uplink to you
<patdk-lap> mpls is a vpn type service, normally used for faster switching to get from one location to another
<TheEagerPadawan> could you explain a bit more patdk?
<patdk-lap> but you don't want to pay for a private dark fiber
<patdk-lap> you want me to explain what ethernet is? 802.3?
<TheEagerPadawan> i do knowwhat etherent is, i just wondered if you could eloborate more on metro-ethernet and MPLS
<patdk-lap> well, if you know what ethernet is
<patdk-lap> you know what metro-ethernet is
<patdk-lap> it just means they give you an ethernet cable to plug into
<patdk-lap> not dsl, cable, t1, ...
<TheEagerPadawan> well if whoulmed know that i wouldn't have ask, i presu
<patdk-lap> I guess more accurately, mpls is more like a vlan on the telephone network
<lordievader> The wikipedia page says metro-ethernet is ethernet for a MAN.
<lordievader> Whereas ethernet is used for a WAN or LAN.
<patdk-lap> yes?
<patdk-lap> I don't see why people need to bring up wan/lan/man/... into it
<patdk-lap> does it matter if your network is in your house/lan, or outside it/wan
<patdk-lap> it's still ethernet
<patdk-lap> metro-ethernet is just that, ethernet is provided as your upstream
<patdk-lap> vs dsl, that is not ethernet
<patdk-lap> and you need a device to convert and use it
<TJ-> "Metro-Ethernet" is more a branding label; the CPE delivery is Ethernet but the underlying network technology can be almost anything, including Ethernet over MPLS over Ethernet
<patdk-lap> and since it's not directly ethernet, you have no possibility to directly connect multible locations as a single l2 zone
<patdk-lap> like pure ethernet would be able to do
<rbasak> kickinz1|afk: any news yet on whether the docker 1.7 backport to trusty will need a golang toolchain backport?
<kickinz1> rbasak, on the Dockerfile used to build docker it is till using go-1.4.2
<rbasak> kickinz1: so does that mean that it looks like we'll be OK, or that we have a problem?
<kickinz1> rbasak, but there is an upstream bug that can be problematic for now, so I post-poned it for now. This bug fixed I would say we should be OK.
<rbasak> kickinz1: OK. What's the bug reference please?
<kickinz1> rbasak, https://github.com/docker/docker/issues/14160, I encountered it on snappy, and apparently other people on trusty, I didn't had it on vivid. But seems not an easy one.
<rbasak> Thanks
<Fyr> can Ubuntu Server for ARM be installed on Banana Pi?
<ogra_> Fyr, why not
<Fyr> ok, where do I find the review?
<ogra_> review ?
<Fyr> google doesn't show anything about it.
<Fyr> yes, I want to read the manual and see screenshots.
<Fyr> the Internet is full of Fedora ARM and Bananian, but there is no entry for Ubuntu Server for ARM on Banana Pi.
<ogra_> well, you install it like any arm board ... set up bootloader and kernel yourself, use debootstrap to bootstrap a rootfs and put it in place on SD/USB/whatever
<Fyr> ogra_, where do I read the manual?
<jrtappers> Is there a good way to see which runlevel starts apache?
<ogra_> i think there are pre-made ubuntu snappy images for the bananapi as well
<Fyr> for Fedora ARM I use just fedora-arm-installer and an SD card.
<ogra_> jrtappers, debian based systems do nt use runlevels
<ogra_> *not
<ogra_> (well, they do, but all of them are identical)
<jrtappers> ogra_, Is there a best way to guarantee running a command before a service starts each boot?
<ogra_> jrtappers, depends on your version ... with upstart based releases you can just create an upstart job with somethin like: "start on starting apache" ... that will exec whatever you put in it before apache is started
<ogra_> for systemd you need to likely do it differently
<jrtappers> DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS"
<ogra_> thats upstart then ... take a look at the upstart cookbook
<jrtappers> Ah,
<jrtappers> Thanks
<teward> looking for some suggested approaches to this: hips://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1194074  Debian believes that this is "Won't Fix", I'm not sure how to approach it, this has always been a problem, where users just expect things to 'work' and don't take the time to protect their data
<teward> s/users/endusers and novice sysadmins/
<rbasak> I think we need to either diverge in Ubuntu or decide not to diverge and mark it Won't Fix in Ubuntu. I can't think of any other solution that'll be effective.
<teward> rbasak: nor can I.  I hate to say "Hey, Sysadmins, learn proper administration of your servers, for once" but I can't see a method to approach/fix that
<rbasak> What Apache does seems to work much better IMHO
<teward> rbasak: i was about to say, what does Apache do lol
<rbasak> Are you asking?
<teward> mhm
<rbasak> It creates /var/www/html/index.html (formerly /var/www) and sets the default path to that
<rbasak> Users change stuff in /var/www/html. Package upgrades leave it alone.
<rbasak> This mirrors what for example MySQL does with /var/lib/mysql
<teward> perhaps we should take a page from Apache and diverge, then
<rbasak> The only difference being that the sysadmin arranges to change /var/www directly, rather than going via the app like changing /var/lib/mysql
<rbasak> I think diverging would be reasonable here, but maintaining the delta could be a pain, as it involves upgrade path considerations for the future
<teward> mmm
<rbasak> (as well as a conffile change, so maybe even upgrade path from the past)
<rbasak> So it's quite a bit to take on in a delta, so I think it's also reasonable to say that we can't take it on.
<teward> mmm
<rbasak> Separately, you could push in Debian, but that'd mean being involved in a long debate.
<teward> rbasak: i think we're at the point where we may need to take it up to Debian, but we're going to get pushback again.  I can try and go over the last maintainer's head to comment on this, take it to nginx upstream and have them chastise Debian
<teward> 'cause I know they won't like it if nginx upstream ends up saying "Listen, you're doing it wrong, fix it"
<rbasak> teward: if it were me then I'd try and openly re-open the debate in Debian, but with more clarity and evidence.
<rbasak> teward: but it's not me, so up to you :)
<rbasak> teward: I still think just leaving it "Won't Fix", even if for the moment, is fine.
<rbasak> teward: leaving the bug open does set an expectation of "patches accepted, may be fixed soon", which is false here I think.
<teward> rbasak: i just tried this - i'll PM you the response I got
<teward> rbasak: i'm making a decision on this - we're going to diverge this for Wily, or at least X
<teward> rbasak: whos an Apache maintainer I can reach out to to ask them why they did it that way?  To get a Debian answer on this
<teward> or not, we'll discuss this further
<Guest80797> hello I have a multipath device , I am unable to issue  pvcreate command to mpath5 device
<Guest80797> what is mpath5p1 in my /dev/mapper  ?
<Guest80797> mpath5 is multipath device I know
<jrwren> security.ubuntu.com at 2001:67c:1562::16 is unresponsive for me. Anyone else?
<Sling> jrwren: Get:1 http://security.ubuntu.com trusty-security Release.gpg [933 B]
<Sling> oh wait, lemme check if its going over ipv6
<jrwren> Sling: http://security.ubuntu.com started working here.  I think it had to timeout and try again on a different address. 2001:67c:1562::16 is still iin the DNS and unresponsive, but I'm not blocked.
<Sling> seems to work on port 80 at least for me
<Sling> dunno if this is anycast dns, probably not
<brotoes> Hello All!
<brotoes> I was setting up vlan virtual NICs on an ESXi virtual host running ubuntu 14.04. when I try to get it an IP through DHCP, it never gets past DCHPDISCOVER. Note that the interface Iâm cloning is physically connected directly to a modem, not a router. If I do the same procedure with an interface connected to a router, it works fine. Anyone know what the problem is, or how to fix it?
<patdk-wk> brotoes, use a modem that works :)
<brotoes> patdk-wk, is it a modem problem, then?
<patdk-wk> modems lock to the first mac address they see
<patdk-wk> and will NOT talk to any other mac address
<patdk-wk> the first mac address it will see, is esxi
<patdk-wk> then your vm
<brotoes> Ah yes, that. Iâve gone through all these shenanigans some time ago. Iâve gotten a good number of virtual hosts working on the modem. this is one of five virtual hosts on the same modem, all of which work
<patdk-wk> configure esxi/switch/... to not send lldp, stp, monintor packets, status reports, ....
<patdk-wk> and it will work
<patdk-wk> and how many mac addresses are you allowed?
<patdk-wk> if you asked for 5, and esxi takes one
<patdk-wk> that leaves 4 working vm's
<brotoes> sorry, one of four on the modem, the virtual NIC being the fifth mac address. Iâve configured the mac addresses on the modem directly.
<patdk-wk> I have never seen a modem that lets you assign mac addresses on it
<brotoes> Itâs a business modem
<patdk-wk> so it's not a modem, but a router?
<brotoes> itâs very much a modem. 3v.A2010tel Telus DSL Modem
<brotoes> Sorry, I donât set the mac addresses directly on the modem. the mac addresses are set through a settings portal Telus gives you. My guess is that the modem interfaces with a Telus backend to get the MACs is supposed to talk to.
<patdk-wk> no idea, they are doing something strange
<JaguarDown> If I just added a new sudo user on my server is a new set of keys required for SSH login?
<brotoes> JaguarDown: no, but depending on the situation they may be prudent.
<JaguarDown> Well when I try to do "ssh 192.168.0.110 -l <username>" it says permission denied public key
<JaguarDown> the username is allowed in sshd_config
<JaguarDown> I am sure there is a simple solution but I am just a newbie.
<cloudman> ah you finally fixed the grub time out -1 30 is a bit much tho, 5 or 10 would have been fine
<brotoes> whenever something like that happens, I find itâs always permissions
<brotoes> JaguarDown: check to make sure the new user owns .ssh and its contents.
<JaguarDown> thanks
<JaguarDown> well...root owns it and the user is has sudo privileges
<cloudman> 30 secs is a lot of time when booting 50 server individual, so I still need to edit grub
<JaguarDown> just like my main user.
<brotoes> chmod 750 .ssh and chmod 600 .ssh/*
<brotoes> the world should not be able to write to your keys or read the private ones
<cloudman> why still the grub time out when set to less than zero tho?
<cloudman> warning
<cloudman> because it aint, its now 30 and not -1
<JaguarDown> it's set that way already
<JaguarDown> is it because the new user doesn't have an .ssh directory?
<brotoes> change the owner to the new user. if thatâs a problem, see what /var/log/auth.log says
<brotoes> if thereâs no .ssh directory, whereâs the authorized_keys file going?
<brotoes> yep, you need one ;)
<cloudman> any chance of less reboots Ubuntu?
<JaguarDown> good point
<cloudman> ;)
<JaguarDown> so I assume I will just copy the .ssh directory from the other sudoer to this new one
<brotoes> if you only want to be able to log IN from the same users as you can to the other one, just copy authorized_keys
<brotoes> if you want the new user to be able to log in to all of the same stuff as your old sudoer can, then copy id_rsa. however, keep in mind that everyone who can use the new user will have complete access to everything the old user does because theyâve got your old private key.
<JaguarDown> Well this more of a for fun experiment for expanding my knowledge and I have no concern for access because I will be using both accounts.
<JaguarDown> so to reiterate, the new sudo user is a user on the server and I want to login to the server as this new sudo user
<JaguarDown> so all it needs is the private key?
<JaguarDown> er
<JaguarDown> the public key I mean
<brotoes> yes. the private key you log in with needs its corresponding public key to be in the authorized_keys file in the users home directory youâre logging in to
<brotoes> and for future reference, I find 90% of ssh problems are due to bad permissions/file ownerships somewhere
<brotoes> when diagnosing this yourself, /var/log/auth.log is your friend.
<JaguarDown> ah
<JaguarDown> thanks.
<cloudman> guys lower the grub timepout to 5 or 10
<cloudman> timeout
<cloudman> 30 is over the op
<cloudman> top
<JaguarDown> my /var/log/auth.log just says failed public key and gives the fingerprint
<JaguarDown> along with username, LAN ip, ports, etc
<JaguarDown> brotoes: Thanks for the help sir I finally got it working and you were right it was file permission problems. I just had to use the -a option to preserve read/write/user permissions then I just chown to the new sudoer and it works perfectly.
<JaguarDown> While copying the .ssh directory, that is.
<brotoes> wonderful! glad I could help
<gdi2k> I have a server that refuses to boot. After the boot agent, nothing appears, it just halts. No grub menu, nothing. I have tried reinstalling grub from a live CD (by chrooting in, then doing grub-install /dev/sda) but it doesn't change anything. what can I try next?
<cloudman> no answers here as usual
<Pupp3tm4st3r> hi there, is anyone here who can help me with building and configuring apache2 and php5?
<teward> why do you say 'building'
<teward> what do you need to 'build' those for
<Pupp3tm4st3r> i have to make a server with several php versions
<Pupp3tm4st3r> its for testing purposes
<teward> they'll all conflict with each other
<teward> so you can't sanely have 'multiple versions' available, AFAIK
<teward> not without multiple testing platforms
<Pupp3tm4st3r> mhm, how does phpbrew handle that?
<Pupp3tm4st3r> I mean, it seems to do the same..
<teward> it uses userspace
<Pupp3tm4st3r> so it runs as normal user, right?
<teward> that's also third party software.
<Pupp3tm4st3r> yeah I know, just read about that..
<teward> doing the same with a pure Ubuntu server builidng everything from source...
<teward> that's a lot trickier
<Pupp3tm4st3r> okay, let me go a bit deeper
<Pupp3tm4st3r> building apache2 and php5 (one version) is just for me, learning a bit about compiling from sources and setting the right parameters
<Pupp3tm4st3r> the server with the multiple versions will be a jenkins server
<Pupp3tm4st3r> jenkins needs the php version for tests
<teward> Pupp3tm4st3r: well, IDK how jenkins does that.
<teward> but building form source is just "read the documentation as it explains it"
<teward> for the most part
 * teward disappears to a meeting
<teward> (MAYBE someone knows better than I do on this...)
<Pupp3tm4st3r> thanks teward
<Pupp3tm4st3r> whats the real difference between fcgid and php-fpm?
<Pupp3tm4st3r> so many questions :( all I read was not that much helpfull
<tonyyarusso> This is probably a good use case for LXC and/or Docker, I think.
<tonyyarusso> One or the other of those would let you have separate environments with different PHP versions.
<teward> tonyyarusso: that doesnt fix Jenkins though?
<sarnold> Pupp3tm4st3r: uncanny timing! I just found out about this http://3v4l.org/
<tonyyarusso> teward: No idea how that works.
<Pupp3tm4st3r> Our developers already use a Jenkins machine with 3 php versions in /opt/php/...
<Pupp3tm4st3r> these were self compiled, but the one who built this machine has gone now
<Pupp3tm4st3r> and I want to understand more...
<Pupp3tm4st3r> so it generally works
<Pupp3tm4st3r> think that jenkins only uses the path to binarys for testing purposes
<Pupp3tm4st3r> *binaries
<mailserver> can someone help me set up a mail server that sends emails from users on a local network
<sarnold> mailserver: https://help.ubuntu.com/14.04/serverguide/email-services.html
<teward> sarnold: Utopic Is Dead, now i can free up a few hundred gigs of disk space xD
<sarnold> a few hundred gigs?? ouch :)
<teward> yeah i have a few VMs sitting around
<teward> not my fault
<teward> AND I can close 3 Ubuntu Bug Tasks against NGINX now that the announce went out and it's been marked Obsolete!
<teward> can't do that for utopic-backports but bleh
<sarnold> heh
<genii> Isn't Utopic EOL now anyways?
<teward> genii: just died today, officially as of about what 20 minutes ago?
<teward> https://lists.ubuntu.com/archives/ubuntu-announce/2015-July/000198.html
<teward> that went out...
<teward> wow about 30 minutes ago
<teward> 20-30 minutes ago
<genii> Ah, I need to check my email more often
<teward> yup
<OerHeks> :-)
#ubuntu-server 2015-07-24
<homecable> whats the best way to raid 1 mirror with linux
<teward> i feel dirty... i'm setting up a centos 7 VM >.<
<teward> i feel like i'm betraying Ubuntu :
<teward> :? *
<sarkis> hmm is there soemthign wrong with the libc package?
<sarkis> STDERR: E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_3.13.0-57.95_amd64.deb  404  Not Found
<sarkis> anyone know if theres something up with linux-libc-dev_3.13.0-57.95_amd64.deb
<sarkis> seems to be throwing errors on multiple mirrors?
<teward> sarkis: sure it wasn't superseded?
<sarkis> hmmm i see what this is
<teward> because it doesn't show up there when you navigate to the mirror itself in a web browser
<sarkis> ya need an apt-get update
<sarkis> fuck
<teward> !language
<ubottu> The main Ubuntu channels require that you speak in calm, polite English. For other languages, please visit https://wiki.ubuntu.com/IRC/ChannelList
<patdk-lap>  it's a normal part of human behavior
<teward> CurrentToleranceLevel() = 0.0004
<teward> i think ineed sleep
<tgm4883> Trying to enable pci passthrough to one of my libvirt vm's on my 14.04 host, I'm getting this error when I try to start the machine "Error starting domain: unsupported configuration: host doesn't support passthrough of host PCI devices"
<qman> Unless its some obscure bug, its exactly what it says
<tgm4883> I've added intel_iommu=on to my grub line and kvm-ok says that kvm acceleration can be used, which IIRC means that I've got the vt-d extensions
<tgm4883> qman: what else is needed?
<qman> If you expect your hardware to have this capability, check the bios settings to make sure its enabled for the device you're trying to use
<tarpman> tgm4883: kvm just needs vt, vt-d is an additional feature and usually a separate bios setting
<tgm4883> ah
<tgm4883> any way to verify I have that without going into the bios? The box is in a closet and I'd have to hook up a keyboard and monitor
<qman> Manufacturer documentation to check if it has that feature
<qman> No way to enable it without doing that, though
<tgm4883> fair enough, i'll look though documentation
<qman> Beyond just trying it of course, which isn't working
<tarpman> tgm4883: dmesg | grep -i dmar might be a clue, based on http://www.linux-kvm.org/page/How_to_assign_devices_with_VT-d_in_KVM
<tarpman> tgm4883: my laptop which has VT-d prints a dmar: line (even though it's disabled in bios), while a server that lacks it does not
<tgm4883> tarpman: I'm thinking mine does not. I don't see it listed on the ARK page for my processor
<tarpman> too bad
<tgm4883> yep, looks it was added in teh Nahalem family, which my processor is 2 behind that :(
<tgm4883> So plan B I guess. See if I can segregate a NIC to only be used by a particular guest
<tarpman> easy, just make a(nother) bridge backed by only that if, point the guest at it
<tgm4883> tarpman: that makes sense, I've got to lock it down a bit from the host to, as I was planning on connecting this NIC directly to my cable modem
<tgm4883> then running pfsense in the VM
<tarpman> interesting
<tarpman> not sure how to go about that, tbh :)
<tgm4883> Which is why I wanted to do the PCI passthrough :/
<tgm4883> the host itself doesn't do much. It runs 1 VM (pfsense) and a few LXC containers
<tgm4883> tarpman: some quick searching indicates that the way to do it is leave it unconfigured in the host and use macvtap passthrough
<tarpman> tgm4883: same applies for bridging, AFAIK
<tarpman> (to be clear, I don't have a particular preference for bridging over macvtap; just all my experience is with the former)
<tgm4883> tarpman: yea I've got a bridge setup for the lxc containers.
<tarpman> right. so 'iface br1 inet manual', with nics assigned as usual, would probably do as you expect
<tarpman> bearing in mind there's nothing preventing a root process in the host configuring it
<tgm4883> true, but I wouldn't suspect that since it's only providing those two services and running a puppet agent and check_mk agent
<tgm4883> I suppose I could write a check_mk check to verify it stays unconfigured
<qman> openvswitch might offer some options here, too, but I'm far from an expert on it
<roracle> Hey guys, i'm still on 14.10, noticed it expired today, but i can't get mod_rewrite working on subdomains.  could i please get some help
<roracle> i'll be upgrading to a newer version soon
<Abhijit> Hi
<Abhijit> my potfix+dovecot works well without ssl. when I enable ssl in 10-ssl.conf of dovecot I get ERROR: Connection dropped by IMAP server. I am using squirrelmail to login.
<Abhijit> if I add imaps to /usr/share/dovecot/protocols.d/imapd.protocol like protocols = $protocols imap imaps i get syntax error and dovecot fails to restart
<lordievader> Good morning.
<sarnold> Abhijit: do you have any errors or warnings in the dovecot logs on the server?
<Abhijit> sarnold, the previous issue is now solved. not i disabled imap and only enabled imaps. now i get error 111 : Connection refused
<Abhijit> it was working when i had both of them enabled imap and imaps
<Abhijit> sarnold, the reason for previous issue was ubuntu was using non standard syntax for ssl_cert without <
<Pupp3tm4st3r> hi there
<Pupp3tm4st3r> I have one question: Is it possible to create a user - ssh access AND this user has to push data into several directories
<Pupp3tm4st3r> example: the user has to push files for webprojects into some vhost directories
<Pupp3tm4st3r> but - the rights must fit
<Pupp3tm4st3r> that the files will be accessible for www-data
<sarnold> the usual approach is to put the user into a group like 'www' or 'web' or something, set the group owner on the directories to 'www' (or whatever you pick), and set the bsdgroups mount property on the filesystem (so the user doesn't have to think to change the groups..)
<Pupp3tm4st3r> okay, thank you sarnold
<gdi2k> what is the correct way to install grub on a degraded raid1 array?
<Pupp3tm4st3r> so I created a user and put it into the right group for the directory - primary group - but the user cannot write
<Pupp3tm4st3r> permission denied
<Pupp3tm4st3r> so it seams, that the folder is only writable for the user, not the group, right?
<Pupp3tm4st3r> *seems
<murcha> does anyone now any clue about Vulnerability in NTP (ntpd)
<bekks> Can you be just a bit more precise? :)
<murcha> The vulnerability is related to the handling of NTP control messages. An attacker could cause a denial of service condition in the ntpd service by sending it a specially crafted configuration message. Remote configuration is disabled by default in ntpd.
<bekks> murcha: And do you have a CVE entry, too?
<murcha> yes
<murcha> bekks: ^
<bekks> Cool.
<bekks> Whats the price if we guess it?
<ObrienDave> prize?
<bekks> Or that, yes :)
<murcha> bekks: the company has here....so they know about it
<bekks> murcha: So what "clue" do you want, if you dont even want to tell us the CVE you are talking about?
<murcha> bekks: im a holiday worker
<murcha> bekks: what to do if my server is got DoS targeted ntpd?
<bekks> You tell us the CVE you are talking about, we tell you wether there is a patch/update, you apply it.
<murcha> bekks: i checked ubuntu has released an update for the security issue.
<bekks> "the issue".
<bekks> Since there is an update, the CVE is plublically released, and it would have been no big deal to tell it.
<murcha> i don't have ntpd in my system instead have this /etc/network/if-up.d/ntpdate
<Daviey> smoser: Why wasn't the cloudstack/cloud-init password issue treated as a sec upload?
<AppAraat> hello, I want to "integrate" my /home partition into the root directory. I chose to encrypt the home of my main user on the machine, but now I want to have it always unencrypted and turn that partition (not the user though!) into just a directory in /
<AppAraat> do I have to chroot in to do that?
<smoser> Daviey, i dont know. i guess it should have been.
<Daviey> smoser: It sounds potentially CVE worthy IMO.
<Amillo> Hey guys, would anyone be able to point what I'm missing in here my zone file?
<Amillo> My syslog says I'm missing a ;
<Amillo> but I can't for the life of my see it
<teward> "zone file"?
<teward> and you haven't provided the file either
<Amillo> working on that now
<Amillo> just uploading a screenshot
<Amillo> and named.conf.local file
<teward> oh
<teward> i can probably help with that
<teward> screenshots aren't as useful as pastebins, but meh
<Amillo> I'm not sure how to paste out of the vm
<teward> cat zonefile | pastebinit
<Amillo> http://imgur.com/2fbmjVb
<teward> gives you a link for the paste :)
<teward> yeah use a pastebin instead
<Amillo> thats the file
<Amillo> Right
<Amillo> I'll give that a go :)
<teward> you may have to install pastebinit but meh
<teward> point not withstanding, you also haven't provided the full error message you get
<teward> which also will help
<teward> oh
<Amillo> yeah was gonna do a pastebin
<teward> Amillo: company.co.uk
<Amillo> instead of a screenshot
<teward> file line
<teward> Amillo: you have mismatched quotes
<teward> file "/etc/bind/db.company.co.uk;
<teward> ^ you need a closing quote
<Amillo> I've been stairing at it...
<teward> just like the other zones have
<Amillo> for about
<Amillo> 45 minutes
<Amillo> and I didn't notice that....
<teward> Amillo: it's always the tiniest things
<teward> :P
<Amillo> That solved all my errors aha :)
<teward> :P
<Amillo> when restarting bind9 I get connect failed: 127.0.0.1#953: connection refused [OK]
<Amillo> is this bad?
<teward> well... does bind9 still respond?
<teward> to queries i mean
<teward> (I don't have all your configs so I can't say whether it is or isn't)
<Amillo> Haven't checked yet
<Amillo> Just that it says binding9 starts ok
<Amillo> but also connection refused
<Amillo> How do I check if I've set my DNS up correctly
<Amillo> pinging company.co.uk, returns from the actual site I think
 * CiPi fucks teward in /dev/null
<teward> Amillo: dig @ip.of.dns.server SOA one.of.the.zones
<Pici> CiPi: Mind your language and conduct in #ubuntu channels please. See http://ubottu.com/y/gl/
<Amillo> I've set my computer to look at my primary DNS first and done an nslookup company.co.uk
<Amillo> and it still returns the actual one
<Amillo> http://imgur.com/ZNX6QW0 - not all too sure what I'm looking at here, but it looks to me as though it worked?
<CiPi> yeah pici
<CiPi> What kind of name is this
<hd_chro321> hello,everyone
<hd_chro321> Today, I updated my ubuntu 14.04 use cli apt-get update && apt-get -y upgrade
<hd_chro321> but after I update done, I found when I reboot my ubuntu 14.04 server, my golang application cannot start
<hd_chro321> my golang application start command and package have not change, it is alike "sudo /usr/bin/mtunneld &"
<hd_chro321> but whatever I modify start script /etc/rc.local, these golang application cannot automatic start again after I reboot my ubuntu VPS
<hd_chro321> but I login to ubuntu 14.04 ssh console, manually run these golang application, it run ok
<hd_chro321> I googled found none related to the problem
<hd_chro321> I checked ubuntu 14.04 boot log, but found none error
<pmatulis> hd_chro321: does it start when you invoke it manually?
<hd_chro321> pmatulis:yes when ubuntu 14.04 boot ok, I ssh login terminal, I invoke the golang application, it start ok
<patdk-wk> somehting with his env variables or shell path then
<hd_chro321> what evn variables ? these cannot automatic start application is golang application
<hd_chro321> my rc.local golang scripts all use absolute path
<patdk-wk> and everything used by that program uses absolute path?
<pmatulis> hd_chro321: i don't think it will help but i would first try a proper upgrade. 'apt-get dist-upgrade' will get you new packages that might need to be pulled in. 'apt-get upgrade' only upgrades existing packages
<hd_chro321> pmatulis: sorry my ubuntu 14.04 is VPS, resource is limited, if I update use ci apt-get dist-upgrade, if it will install many newly package, so make my limit VPS too large to run
<patdk-wk> that should never happen
<hd_chro321> ok, I will try update use apt-get dist-upgrade, I will back a while
<cluelessperson> hey guys, how safe is a user account that you set to tunnel only?
<hd_chro321> my problem is still exist, after I run the apt-get dist-upgrade, I run very fast, summary report only download 24M, now I have finish upgrade and reboot, my these golang application still have not automatic start
<cluelessperson> or is it possible to setup a user account so the only thing they can possibly do is connect a tunnel?
<pmatulis> hd_chro321: you will now need to enter into the troubleshooting phase. i recommend the tool 'strace'. to start: https://goo.gl/Ryo3i9
<hd_chro321> pmatulis:I will read it
<Guest60715> What is the correct way to allow dns port in ufw? Will it slow down the DNS performance?
<pmatulis> hd_chro321: good luck. please report back and let us know what you discovered
<Guest60715> I have used this rule: ufw allow 53 and had problems.  Could this be the correct command: ufw allow in 53 and ufw allow out 53 ? What else port I need to open for a Standanone production DNS cache Server?
<hd_chro321> pmatulis:I need confirm a point, after ubuntu 14.04 boot ok, I ssh login to terminal, I run the golang application, it is run ok, if I still need debug use strace, when ubuntu 14.04 PC boot ok, the application is can run
<Guest60715> And how do I check whether UFW loggin is enabled?
<Guest60715> Where does it log?
<patdk-wk> why would ufw log?
<cluelessperson> Guest60715, ufw status numbered
<cluelessperson> Guest60715, /var/log/ufw.log
<Guest60715> cluelessperson: Could this be the correct command: ufw allow in 53 and ufw allow out 53 ? What else port I need to open for a Standanone production DNS cache Server?
<pmatulis> hd_chro321: the idea is to use strace wherever the program does not run properly. in your case it will be from /etc/rc.local
<Guest60715> I've enabled UFW Logging. Now Ufw is logging something like this : Jul 24 21:10:02 dns kernel: [ 2341.934090] [UFW BLOCK] IN=eth0 OUT= MAC=33:33:00:00:00:01:4c:5e:0c:54:a7:3f:86:dd SRC=fe80:0000:0000:0000:4e5e:0cff:fe54:a73f DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=171 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=UDP SPT=5678 DPT=5678 LEN=131
<hd_chro321> pmatulis: ok I will try
<Guest60715> Why it logging something like that^ ?
<pmatulis> hd_chro321: it would be good to get an strace output for both cases however. a comparison may illuminate
<pmatulis> (both cases: working and not-working)
<hd_chro321> pmatulis: ok I got it
<Guest60715> Do you suggest that removing ufw and using plaing iptables to create rules is a good idea?
<patdk-wk> that is just the kernel logging, ufw doesn't log
<patdk-wk> ufw is a *tool* to load up rules into iptables
<patdk-wk> if you want to log differently, use like, ulog
<patdk-wk> no idea how to use ulog in ufw though
<Guest60715> patdk-wk: So, when i run: ufw logging off, Im actually telling the kernel to stop logging?
<patdk-wk> no
<patdk-wk> your telling iptables to stop logging
<patdk-wk> and iptables log module uses the kernel
<patdk-wk> unless you override it with nlog or ulog
<Guest60715> ok.
<jdstrand> ufw doesn't support ulog
<jdstrand> because ulog doesn't exist for ipv6
<ogra_> cant be, they both start with u
<Guest60715> patdk-wk: is shorewall a frontend of Iptables too? Or it directly communicates with Netfilter?
<patdk-wk> everything is a frontend
<patdk-wk> ufw is directly iptables
<patdk-wk> shorewall is a generator though
<Guest60715> What is a Generator? Is it like Firewall Builder?
<Guest60715> Which used to create firewall rules?
<patdk-wk> kindof, but firewallbuilder is simple
<patdk-wk> shorewall will take what you want, and compile results, depending on what you want, rules, nat, masq, traffic shaping, and what firewall modules are installed
<Guest60715> oh. If iptables is that important why Im able to remove it? If I remove it, will the server go broke?
<patdk-wk> no, you just won't have a firewall
<jrwren> you won't have the iptables userspace command. iptables is still a feature in the kernel.
<patdk-wk> I assumed he was removing the modules :)
<Guest60715> Ok, the netfilter module which actually does the filtering will stop working theb.
<jrwren> oh, right, sorry.
<patdk-wk> it just won't filter
<patdk-wk> I have many servers without netfilter loaded on them
<Guest60715> Do you needed to compile the kernel to remove the netfilter from those?
<patdk-wk> if it's compiled in, you would
<Guest60715> In default Ubuntu Server its precompiled I think. Will removing the netfilter enhance the resposiveness of the processes like Bind9?
<patdk-wk> it would
<patdk-wk> but it would be unmeasurable compared to bind itself
<patdk-wk> or you have a really really horrible ruleset loaded
<Guest60715> what are the attack surface that I should remove in a DNS server to run it without a firewall.
<Guest60715> First one I guess is ssh.
<patdk-wk> how many gigabits of dns traffic are you planning on doing?
<Guest60715> not GB/s, only 500 pps at max.
<patdk-wk> why are you worried about 500pps?
<Guest60715> I will be back later patdk-wk , this is the screen name- Capprentice. Right now I have to go.
<Guest60715> I will be back with that Screen name.
<Amillo> hey guys, is there any obvious reasons why my nslookup would return the IP address - but also the server as a loopback
<patdk-wk> shouldn't it?
<Amillo> it does work
<hd_chro321> pmatulis:I found my question root cause, it is caused by rc2.d a new installed proxy application havenot add & background running, result in all rc2.d process stop running, so also include all the golang application
<Amillo> It's just not saying that it came from my server
<hd_chro321> pmatulis:now my all application start ok, include all golang application
<pmatulis> hd_chro321: there you go. did strace help?
<hd_chro321> pmatulis: I added strace script, but the script havenot redirect output, so I find deeper, I find the root cause
<hd_chro321> pmatulis:the rc.local script havenot run
<hd_chro321> pmatulis: thank you and others, give me important tips, my question resolved, thanks
<pcleon> hello everyone
<pmatulis> hello
<mailserver> does anyone know of any serveces out there that will walk me through setting up a mail server
<mailserver> services
<mgz> mailserver: you already appear to be one
<mailserver> a not very good one
<genii> mailserver: You mean for instance a web hosting company that has decent documentation for such things?
<mailserver> ive been walking myself through the various different tutorials on the web and havent had any success yet so a support center or something of that nature that can help me figure out what im doing wrong
<patdk-wk> a mail server is one of the most complex things to setup
<genii> If just for a home server with Ubuntu Server, the normal documentation is usually pretty good. https://help.ubuntu.com/lts/serverguide/postfix.html  for the Postfix install walkthrough, for instance
<mailserver> its for a business trying to transfer mail to an encryption service and their email provider doesnt offer a smart host so they need a mail server to send their outgoing mail to the third party
<mailserver> and im currently in the middle of the normal documentation i got linked that last night
<JanC> if you only need it for outgoing mail, that's like the easiest possible configuration for Postfix?
<pmatulis> mailserver: i don't understand "business wants to send email to an encryption service". explain that
<mailserver> instead of smtp to their mail provider they want to smtp to a third party which encrypts their mail.
<mailserver> i might just be making a silly mistake i don't know
<patdk-wk> janc, easiest to configure in *postfix* yes
<genii> They can't just chane the mail entry of their dns records to point to the third party machine?
<patdk-wk> but hardest to make work
<patdk-wk> due to dns, naming, dkim, spf, ....
<mailserver> their mail provider doesnt provide a smart host so no
<patdk-wk> what is a smart host?
<JanC> "smart host" refers to receiving mail normally?
<patdk-wk> dunno
<JanC> well, both
<patdk-wk> normally smarthost is a sendmail config option to redirect to an msa
<JanC> it goes back to dial-up times
<patdk-wk> instead of doing direct delievery
<JanC> so incoming mail got received by your ISP until you dialled in
<patdk-wk> but really, dont understand the issue
<patdk-wk> you don't direct mail provider to use other mail provider
 * genii sips his coffee and thinks about putting .forward files in the skel directory
<patdk-wk> you just change youself to not use provider1, and to use provider2
<mailserver> the mail provider we are using wont allow mail to go to a different server even if the dns record are changed the host destination needs to be changed and they wont let that happen on their server
<patdk-wk> so we are not talking about smarthost or outgoing mail at all
<mailserver> no we are
<patdk-wk> no
<patdk-wk> dns has nothing to do with outgoing or smarthost
<patdk-wk> only incoming
<mailserver> any records wont effect it
<mailserver> mx
<patdk-wk> mx is ONLY used for incoming
<patdk-wk> not smarthost or outgoing
<mailserver> well i mean to be talking about outgoing
<patdk-wk> yes, and mx doesn't matter
<patdk-wk> and what either provider does, doesn't matter
<patdk-wk> so your issue, is not an issue
<patdk-wk> if you are talking about mx, (incoming), then yes, it is an issue
<mailserver> it is an issue because it doesnt work
<patdk-wk> and the only solution is to get a mail provider that actually does email correctly
<patdk-wk> the issue currently is, you don't understand enough about email to explain what doesn't work though
<mailserver> thats also true
<patdk-wk> first thing you need to do
<patdk-wk> is map the path an email takes
<JanC> maybe the issue is that their mail provider1 uses DKIM/SPF/etc. and sending mail through (encryption) provider2 gets blocked?
<patdk-wk> that is having the issue
<patdk-wk> that is a simple dns config change
<patdk-wk> nothing to do with the mail provider
<JanC> unless mail provider "owns" their DNS  :P
<patdk-wk> if provider won't *update* those dns entries
<patdk-wk> then you have big issues with provider
<patdk-wk> but so far, is sounds like, don't know what we want, to asking provider to do random things
<patdk-wk> and provider properly responds with, but that won't work
<mailserver> the provider doesnt allow us to put in a relay host
<patdk-wk> they shouldn't
<patdk-wk> that is the wrong solution to whatever it is your attempting
<mailserver> im just explaining it wrong but that is what i need
<patdk-wk> no, that is not what is needed
<patdk-wk> that is what is needed if you handled email inhouse
<patdk-wk> and you owned the servers
<patdk-wk> it would be the most simple way to solve the issue
<patdk-wk> but since you don't
<mailserver> thats what im trying to do
<patdk-wk> it won't work
<mailserver> why wont it work
<patdk-wk> the solution to bring email inside and do it yourself, or to make the changes needed
<patdk-wk> are the same
<patdk-wk> every single thing that *sends* email, will need to be changed
<patdk-wk> currently they point to provider1, and now need to point to provider2
<patdk-wk> if you had email setup inhouse, then just setting relayhost to provider2 would do the same result
<patdk-wk> assuming everything was configured to send email to the inhouse mail server
<mailserver> right
<patdk-wk> so not only do you have to setup a mail relay (msa)
<patdk-wk> you also have to set it up to do encryption
<patdk-wk> and handle user logins, and actully supply it with a user/password database to check those users against
<mailserver> right
<patdk-wk> hopefully that can be done, considering it exists at provider1 currently
<mailserver> provider 1 doesnt allow us to point to provider 2 so it has to be done inhouse to work around provider 1
<mailserver> and like you pointed out earlier i am not knowledgable enough to figure out the probably simple mistakes im making and am wondering if there is a service somewhere on the Internet where i can pay some support people and get some help setting it up
<JanC> mailserver: your local IT company?
<mailserver> i am the local IT company I don't do mail servers very often
<teward> with postfix, i have virtual mail aliases set up so i can have email@somedomain.tld forward to one address, and email2@otherdomain.tld to forward to another address.  Is there any way to set up SSL/Secure communication on both incoming to the postfix server and outgoing to the destinations
<teward> or is that just insane with the type of configuraiton i'm trying to achieve
<tarpman> teward: sounds doable. for the server cert (incoming), if people call your server by different names (mail.somedomain.tld and mail.otherdomain.tld), then you need (AFAIK) a single cert with all the names in subjectAltNames
<teward> that'll be painful :/
<teward> that's 8 domains, i'd need a multidomain cert
<tarpman> teward: but if the MX for otherdomain.tld is just mail.somedomain.tld then easy
<teward> tarpman: which isn't the case here, the first statement is the current case
<tarpman> right
<teward> can easily change it if i have to though, the lovely thing about running my own DNS
<tarpman> as far as I understand, your options are a multi-domain cert, or an nginx proxy
 * teward shivers
<tarpman> (and hope all the clients support SNI)
<teward> tarpman: what about the other side, the mail server -> other mailservers
<teward> handled by the same set of certs?
<tarpman> I think that's fairly straightforward. I have it working, but didn't really have to do it myself -- zimbra configures my postfix for me :)
<tarpman> but all the servers I talk to have certs the system trusts, so no special setup
<tonyyarusso> teward: Yup, you need a multi-domain certain - have fun forking oer some cash.
<teward> tonyyarusso: yeah blargh i think i'll just leave it unencrypted and PGP-encrypt messages that need securesent
<tonyyarusso> teward: I'm waiting to see what SAN capabilities Let's Encrypt has in September.
<clueless> if i setup a server following the help tutorial step by step and when i telnet it times out what could be my issues
<clueless> ive changed the default port to 80 in stead of 25 since 25 tends to be blocked
<genii> router port forwarding, firewall
<clueless> disabled my firewall completely
<genii> If you have access to the physical machine see if telnet to localhost or 127.0.0.1 works first
<clueless> refused
<genii> clueless: Are you using telnet as a diagnostic tool for your email setup, or are you just using it as telnet but on 25 or 80,
<clueless> diagnostic
<genii> Check in /var/log/mail.log
<genii> clueless: Find anything enlightening in the log?
<clueless> yeah im getting a dovecot fatal error missing file
<clueless> dovecot: master: Fatal: service(auth) access(/usr/lib/dovecot/dovecot-auth) failed: No such file or directory
<clueless> can you test a relay host with any isp?
<clueless> that i have access to
<sarnold> email doesn't work like it used to -- you can't realistically expect any mail server to relay your mail for you like you could 25 years ago
<clueless> its an inhouse server
<sarnold> relays are typically used within one organization, and their working details are mostly not important to senders ...
<sarnold> ah, good
<patdk-lap> teward, you know, requiring and enforcing smtp to be ssl/tls while sounds like a good idea
<patdk-lap> doesn't solve ANY of the issues pgp email protects
<genii> clueless: sudo touch /usr/lib/dovecot/dovecot-auth && sudo chmod 755 /usr/lib/dovecot/dovecot-auth & sudo chown dovecot:dovecot /usr/lib/dovecot/dovecot-auth
<genii> Apologies on lag, work required me for an extended period
<patdk-lap> heh?
<patdk-lap> why would you do all of that?
<patdk-lap> I really don't understand how an empty file will replace a program
<sarnold> what exactly is an empty executable going to do? :)
<patdk-lap> heh, what do we know
<sarnold> I'm constantly amazed at what I don't know :)
<tarpman> probably equivalent to /bin/true
<patdk-lap> no
<patdk-lap> it's not parsable
<tarpman> hmm?
<patdk-lap> hmm, looks like bash treats it that way atleast
<tarpman> http://stackoverflow.com/questions/7268437/bash-script-execution-with-and-without-shebang-in-linux-and-bsd
<tarpman> may or may not be applicable in the dovecot case above, depending on whether there's a shell involved
<teward> patdk-lap: oh, indeed, but given my current setup i'mma need a multidomain cert
<teward> unless i repoint MX to one domain
<patdk-lap> ya, they should always be pointed to one hostname in the mx
<patdk-lap> even if pointed to different names and using different certs or a multicert
<patdk-lap> it will be impossible to know what helo name you should be responding with
<teward> mhm
<patdk-lap> but pretty much, any server that cares, is misconfigured, but they do exist
<alexandercogneau> \quit
#ubuntu-server 2015-07-25
<momomo> hi folks ..
<momomo> i ran sudo apt-get dist-upgrade
<momomo> then I am asked to configure fucking grub
<momomo> I selected keep local one ( because it has been modified probably by server company, i don't know )
<momomo> but then I am asked what disc I should install grup on
<momomo> if I choose wrong, then server might no start .. this is why I don't ever fucking upgrade!
<momomo> fucking stinks!
<momomo> thanks ubunut!
<momomo> it's better to just leave fucking shit as is,
<momomo> http://s1.postimg.org/4e42r6gni/Screenshot_from_2015_07_25_13_01_01.jpg
<patdk-lap> that is a failure of your server company
<patdk-lap> as once that setting is selected, it is saved
<patdk-lap> it's only asking you, cause it wasn't ever set
<patdk-lap> normally the answer is sda
<jelly> right, the whole disk.  better yet, first two whole disks in case of soft raid usage
<momomo> so not the boot partion ?
<momomo> i am not suing raid
<jelly> no, use just sda
<patdk-lap> jelly, if they where, I would have expected to see boot also on sdb
<jelly> the boot loader goes into the master boot sector, that means the whole disk
<momomo> but seriously, should I ever have to be faced with shit like this? I just wanted the fucking security updates ... ubuntu doesn't even offer a simple fucking way to do that.
<jelly> patdk-lap: and probably some partitions on sdb, but I didn't take a good look
<jelly> momomo: because you're pretending to be a sysadmin.
<jelly> if you don't want to deal with shit like that, hire someone to do it for you
<momomo> another choice I don't want to have toe take: http://s16.postimg.org/a2v5u5oys/Screenshot_from_2015_07_25_13_12_30.jpg
<momomo> seriously, ubuntu is retarded
<jelly> this isn't ubuntu's fault really
<momomo> look there isn't even a good answer to this questioN: http://askubuntu.com/questions/194/how-can-i-install-just-security-updates-from-the-command-line
<momomo> not one
<momomo> seriously, should one have to face shit like that?
<momomo> if you upgrade, you computer might not work
<momomo> lets gamble, yes or no .. 50 50
<jelly> do you want to fix the issue and move on, or do you want some cheese with that whine?
<momomo> i don't have any other choice now than to hit yes, right
<jelly> let grub install on sda, and just sda
<momomo> i did
<momomo> rebooting
<momomo> apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {'print $2'} | xargs apt-get install ... little hacky
<momomo> one would imagine that ubuntu-server would come with such a command by default
<roracle> hey guys, trying to get a cms set up on my site via a subdomain, but I no matter what CMS i try out, they all tell me it has some write errors for the directory
<norbin> hi
<norbin> right, issue resolved
<norbin> dns server didn't respond correctly, changed resolv.conf to defaults and now it's ok
<norbin> i've initially changed the ip of the name server in resolv.conf to the actual nameserver ^_^
<norbin> back to the loopback ip + localdomain
<norbin> works
<TheEagerPadawan> if i would like to study for lpic-1, what would be good source to start
<teward> their training
<teward> you can buy a testing bundle from them, both exam vouchers + study materials through LInux academy
<teward> interactive videos, test environments, etc.
<teward> or, try and find in-person training, but that gets pricey
<teward> TheEagerPadawan: note that's the method I took to get my LPIC-1 recently
<TheEagerPadawan> thanks for the heads up
<TheEagerPadawan> doing comptia network + right now
<TheEagerPadawan> if you want more info pm me, since it's not linux related
<teward> TheEagerPadawan: don't think anyone cares much about it really
<teward> but meh
<TheEagerPadawan> about being offtopic or about networking
<teward> in this case, neither, since it's not related to any topic currently in discussion here.
<TheEagerPadawan> hah well i've been studying for comptia networking with cbtnuggets
<TheEagerPadawan> but i can't seems to find anything else then examcompass with examquestions
<teward> pretty certain 'certification' studying is offtopic here.
<teward> but i also think CompTIA has study materials they publish
<lordievader> Do employers actually care about certification?
<bekks> Yes, they do.
<lordievader> Ok, good to know.
<patdk-lap> really depends
<patdk-lap> the larger the bussiness, normally the more they care
<clueless> doesn anyone know a good tutorial for a postfix conf that is used to send mail from a local network it doesnt need to receive
#ubuntu-server 2015-07-26
<jetsaredim> is there a way to upgrade a 14.04 ubuntu-server install to the latest ubuntu release?
<jetsaredim> I tried do-release-upgrade but that reports nothing to update
<patdk-lap> that is cause it won't, till 16.04 is released
<patdk-lap> assuming 16.04 is the next lts
<jetsaredim> I thought that's what the -d option was for
<teward> patdk-lap: thought it was?
<patdk-lap> hmm?
<teward> [2015-07-25 22:18:39] <patdk-lap> assuming 16.04 is the next lts
<jetsaredim>        -d, --devel-release
<jetsaredim>               Check if upgrading to the latest devel release is possible
<patdk-lap> it's was made official?
<patdk-lap> it's *assumed*, but
<teward> if they changed that policy then we all missed the announcement from the sabdfl
<patdk-lap> jetsaredim, 14.10 is no longer supported
<patdk-lap> so there is no devel release to upgrade to
<teward> ^ that though is valid
<jetsaredim> is 15.04 not a devel release?
<patdk-lap> the last time I looked at the policy it sait lts releases, but defined no confirmed timetable, just a proposed
<patdk-lap> 14.04 -> 15.04 is not supported
<jetsaredim> why?
<patdk-lap> cause, it never was
<patdk-lap> lts -> lts, and dev -> dev
<patdk-lap> no skipping allowed
<teward> stop ninjaing me
 * teward glares
<teward> probably the 'adapting apache postinst to another package' is messing my speed XD
<jetsaredim> that seems an arbitrary restriction
<teward> anyways...
<patdk-lap> jetsaredim, since when?
<OerHeks> There is one way, a bit ugly, to use old-releases trick > https://help.ubuntu.com/community/EOLUpgrades#Upgrading
<patdk-lap> packages in 16.04 will upgrade packages from 14.04
<patdk-lap> but 15.10 will assume you have all upgrades and settings from 15.04
<patdk-lap> not from however 14.04 left them
<jetsaredim> is that only a restriction for server?
<patdk-lap> no
<teward> jetsaredim: it affects all releases
<teward> desktop, server, and i think the other supported variants
<jetsaredim> it just happened that I picked 14.04 to install my server because that was the latest that was out
<teward> jetsaredim: i'd stick to the LTS (14.04) then, that's my recommendation when it comes to servers
<jetsaredim> I just want to keep it current with the latest release and not have to reinstall
<teward> unless you NEED the latest release's features
<patdk-lap> you do know dev releases have a 9month shelf life, or is it longer?
<teward> patdk-lap: i think it's 9months
<patdk-lap> if you don't upgrade, your be in this position yet again
 * teward checks the 14.10 timeperiod
<jetsaredim> right i was hoping to upgrade it to 15.04
<teward> jetsaredim: do you need any of the new features in software versions in 15.04?
<patdk-lap> I mean, you only have till 16.01 to upgrade to 15.10
<teward> do you need any of the hardware support?
<patdk-lap> if you don't, this all happens again
<jetsaredim> i mean - not specifically
<jetsaredim> i just like to keep things current
 * teward facedesks
<teward> jetsaredim: 'keeping things current' in your case can lead to long term problems.
<jetsaredim> i guess coming from gentoo background skews my perspective a little
<teward> not ONLY is 14.10 no longer supported, and the oldreleases upgrade will be tricky and ugly...
<patdk-lap> gentoo has packages?
<teward> ... but with every release upgrade the chance of torpedoing everything increases
<teward> substantially
<jetsaredim> teward: who said anything about 14.10
<teward> jetsaredim: the Upgrade Path
<teward> jetsaredim: 14.04 -> 14.10 -> 15.04
<jetsaredim> ah
<teward> and later, -> 15.10 -> 16.04 -> 16.10 -> ...
<jetsaredim> no skipping ahead then?
<teward> jetsaredim: that's what patdk-lap said
<teward> jetsaredim: no skipping
<teward> jetsaredim: the only 'skipping' happens with LTS releases
<jetsaredim> must've missed that
<teward> going backwards in time:
<teward> and assuming 12.04 as a start point
 * patdk-lap would perfer the big bang, or creation, personally
<teward> 12.04 LTS -> 12.10 -> 13.04 -> 13.10 -> 14.04 LTS -> 14.10 LTS -> 15.04 -> 15.10 -> 16.04 (Assumed LTS) -> 16.10 -> ...
<teward> patdk-lap: lol
<teward> jetsaredim: above is the release 'chain' so to speak
<jetsaredim> yea
<jetsaredim> that's ugly
<teward> jetsaredim: LTS to LTS is the only way to 'skip'
<jetsaredim> got it
<teward> jetsaredim: such that 12.04 LTS -> 14.04 LTS -> 16.04 (Assumed LTS) -> 18.04 (Assumed LTS), etc.
<teward> jetsaredim: to go from 14.04 to 15.04, you have to first go through 14.10, and given that that EOL'd you have the headache of going the 'old-releases' upgrade route, which is a headache
<jetsaredim> so had I installed this from the start with 14.10, I'd be free to upgrade it to 15.04
<teward> jetsaredim: so unless you have an *absolute need* for the newer software versions in 15.04 or newer hardware support, stick to the LTS
<teward> jetsaredim: no, if you had asked this question a month ago you'd be able to go 14.04 -> 14.10, and up until Thursday you would've been easily able to go 14.04 -> 14.10 -> 15.04
<teward> if by 'easily' i mean under ideal, 'this will not nuke everything', conditions
<teward> in a production environment such upgrade 'chaining' can result in a LOT of mini explosions
<jetsaredim> indeed
<teward> which ultimately end up with you needing to back up your data and reinstall anyways
<teward> which is why LTS -> LTS is supported since that's a viable LTS upgrade path
<jetsaredim> this is just a home file server that's not super mission-critical
<teward> jetsaredim: back up your files anyways
<jetsaredim> yea i do
<teward> and if you REALLY want to do that, upgrade to 14.10 with the old-releases trick (https://help.ubuntu.com/community/EOLUpgrades#Upgrading)
<jetsaredim> have my main shares on a raid 5 array too
<teward> then to 15.04
<teward> um
<jetsaredim> no its fine
<teward> jetsaredim: RAID5 won't help you
<teward> not if your OS takes a crap on you during the upgrade
<teward> :P
<jetsaredim> true but its easily rebuildable
<teward> (RAID is also NOT a backup solution)
<jetsaredim> no
<jetsaredim> i didn't say it was
<teward> your statement could've been interpreted in that way
<jetsaredim> Â¯\_(ã)_/Â¯
<teward> oops my earlier chain failed i had LTS next to 14.10
<teward> i need more coffee...
 * teward goes to brew more
<jetsaredim> message was understood
<teward> right, that was key
<teward> but still :)
<teward> (coffee's brewing, wait time :/)
<AppAraat> HI
<AppAraat> http://apaste.info/WkM - This is my .bashrc - can anyone please comment on why my bash completion is broken on 14.04? When I do ll .tmux for example, it doesn't complete (there is .tmux.conf and .tmux/) also when I try to ll /etc/ it doesn't complete the files and dirs there.
<DonRichie> Is the usenet centralized like IRC or do I get the same newsgroups regardless of the provider I choose except of the possibility to access binary newsgroups?
<bekks> DonRichie: The Usenet is decentralized.
<DonRichie> Okay, usenet is decentralized. But it is not like irc and the commonly used freenode right? Every user has the same full list of newsgroups regardless of its provider (except binary file newsgroups). But then I ask myself: If I would set up a usenet server. Which server would I ask to give me a list of all newsgroups
<AppAraat> IRC is federated IIRC.
<No_one_at_all> Hi, got a Compleat Noob question. My server allegedly has an IPv6 set of /64 addresses, but only responds to pings of the first address. Is this expected behavior, or have I misconfigured something? (My obvious guess is #2.) If I've misconfigured something, what should I look for? First things first, this is the case whether there are any IPv6 iptables rules or none.
<No_one_at_all> so the firewall ain't the issue
<bekks> No_one_at_all: So how many IPv6 addresses are configured on that server?
<No_one_at_all> bekks: ip a show eth0 shows /64, so ... however many that is, I guess? ("A bunch.")
<bekks> That /64 is the subnet mask.
<bekks> How many IP addresses are configured?
<No_one_at_all> bekks: hey would you believe I have no idea how to check that? :D
<bekks> No_one_at_all: How many address dows "ip show eth0" list?
<No_one_at_all> bekks: inet6 2001:XXXX:X:XXX::/64 scope global     valid_lft forever preferred_lft forever
<bekks> No_one_at_all: Thats one IP.
<No_one_at_all> so /64 refers to...?
<bekks> No_one_at_all: Does that command list IPv4 addresses on your eth0 interface?
<No_one_at_all> yeah.
<bekks> No_one_at_all: "0726 125111 < bekks> That /64 is the subnet mask."
<No_one_at_all> ohhhh, ok.
<bekks> No_one_at_all: Is the last digit of that IPv6 address ":1"?
<No_one_at_all> nope.
<No_one_at_all> ::, so it ends in "0000:0000:0000:0000"
<No_one_at_all> bekks: ^
<No_one_at_all> bekks: one of the reasons I'm confused is that we allegedly have 16+ IPv6 addresses. The second reason is that I'm an idiot.
<bekks> You have only 1 IP configured.
<No_one_at_all> 'k.
<bekks> Thats what you said :)
<No_one_at_all> bekks: yeah, I'm just not yet familiar with IPv6 stuff, so I wasn't aware how 16 different addresses would show up. I would know with IPv4, because there'd be one per line. the CIDR confoozled me.
<AppAraat> hi, I want to download and install a package on an offline computer. The machine with Internet is 12.04 but the offline machine is 14.04 - what is the best method to go about doing this, can I use apt / aptitude?
<teward> AppAraat: that will only download the 12.04 packages - you'll need the 14.04 packages so you may unfortunately have to do manual downloading and package searching
<teward> there may be other options but i"m not aware of them personally (so you may want to still wait a bit)
<AppAraat> teward: yeah I just plugged it in the ethernet jack to download rfkill (to turn on wifi block). The only thing I found which didn't have a GUI was apt-offline... but you have to install apt-offline on the offline computer first :p
<teward> :P
<WaqAssss> sarthor, Hello
<sarthor> WaqAssss, what OS you are using...
<kaligne> hello I just set my public_html folder, I can access it but only with LAN. I would like to access it from the internet but does not work.  type in my browser "my.ip.add.ress/~me" but i fail to connet to it. Do yuo know why:
<kaligne> ?
<kaligne> oops let me do t again please :)
<kaligne> Hello I am trying to access my public_html folder, I can access it but only on my LAN. I would like to access it from the internet but it does not work.  When I type in my browser "my.ip.add.ress/~me" it fails to   connect to it. Do you know why?
<kaligne> also my iptables are set to accept everything
<lordievader> kaligne: Is there a router in between the internet and your server?
<kaligne> lordievader depends, is my livebox a router? Sorry I am trying to get my hands on networking and I still cannot fully grasp some concepts
 * lordievader is not familiar with a livebox
<lordievader> kaligne: Is port forwarding set up?
<kaligne> Its a box that stands between my internet provider and my compputer. I mostly communicate with it using wifi
<kaligne> lordievader: is port forwarding something I set up on my computer?
<lordievader> No, on your router.
<kaligne> lordievader: I found ssme documentation on the net about port forwarding. It appears my box is he router and some manipulations need to be done. Ill give it a try
<kaligne> I would like to know in advance, someone told me I should not forward my port 80, is there a reason for this?
<lordievader> kaligne: Exactly, the router needs to know that incoming connections to port 80 need to be forwarded towards your server.
<lordievader> kaligne: Not that I can think of.
<kaligne> Then I wonder.. Do I need to forward the specified port to access my computer with ssh? Or is it totally unrelated?
<lordievader> kaligne: The router does the port forwarding.
<skylite_> If I have eth0, eth1, and eth2 configured in /etc/network/interfaces why can I have only one gateway entry?
<lordievader> Because else you have a packet that goes in three directions.
<maxb> Fundamentally a gateway is a property of your computer's routing table, not of any one interface
<maxb> It will be related to an interface, but something needs to control which interface is used
<skylite_> I dont get it... say I have eth0 as 192.168.1.5, and eth1 as 192.168.2.5, eth2 as 192.168.3.5, if a request comes from 192.168.3.9 to 192.168.3.5 how it gets its answer?
<skylite_> if only eth0 has a gateway like 192.168.1.2
<lordievader> skylite_: Look at your routing table, 192.168.3.0/24 is defined.
<lordievader> The default gateway is used if your routing table cannot resolve it.
<skylite_> I see.. it is there indeed but how did it know that?
<lordievader> skylite_: You likely told it to add that route ;)
<skylite_> lordievader I did not o_O
<skylite_> did I?
<lordievader> skylite_: Could you pastebin your /etc/network/interfaces?
<skylite_> sure one sec
<skylite_> http://pastebin.com/7pfttNvc
<lordievader> It likely gets it from your netmask setting.
<skylite_> hm
<skylite_> but the gateway to 192.168.2.5 should be 192.168.2.2 how does it know that?
<lordievader> I was talking about the 192.168.2.0/24 route, not the gateway ;)
<lordievader> skylite_: It doesn't, even better it doesn't even use it.
<skylite_> o_O why?
<lordievader> skylite_: Anything that it cannot resolve to its local network gets send to 192.168.1.2.
<kaligne> OK I set up a new NAT/PAT rule on my router: service=web server; internal port=80; external port=80; protocole=TCP; device=myDevice.
<kaligne> Hw should I connect? I tried: "http://my.router.ip.add", "http://my.router.ip.add:80", "http://my.router.ip.add:8080".. Doesnt seem to work. Am I doing it wrong?
<skylite_> lordievader Its still a bit strange but Im starting to accept it:) thx
<lordievader> kaligne: Your public ip address.
<lordievader> skylite_: It is pretty simple, 'is this destination in my local network?', no, 'let someone else bother with it ;)'
<skylite_> lordievader but if you have multiple local network...
<lordievader> Then you check all of them.
<kaligne> lordievader: I tried "http://my.publi.c.ip", "http://my.publi.c.ip/myDevice", "http://my.publi.c.ip:80", "http://my.publi.c.ip:8080". It stll does not work, I get his message "No route to host"
<bekks> kaligne: And you are at a remote location now?
<bekks> kaligne: If not, you will not be able to connect.
<kaligne> bekks: I am testing by connecting my mobile phone to the 3G network. Is that ok?
<kaligne> And my laptop is no connected to my router via wifi
<kaligne> *is NOW connected
<lordievader> kaligne: Your http://my.router.ip.add is an actual ip address?
<kaligne> I googled "my ip" and it returned "86.217.107.32 Your public ip address"
<kaligne> so what I typed "http://86.217.107.32" in the address bar
<kaligne> should this be enough?
<kaligne> lordievader: also as I told bekks, I am testing the connection with my mobile phone, through the 3G network.
<lordievader> kaligne: The port aint (fully) open: 80/tcp filtered http
<bekks> kaligne: So you typed that in the address bar on your mobile?
<kaligne> bekks: yes I typed "http://86.217.107.32" in the address bar on my mobile. That's correct right?
<kaligne> lordivader: how did you check that? WIth a ping maybe?
<lordievader> kaligne: nmap
<bekks> kaligne: Yeah. And you configured your router to respond on port 80, 8080, etc.?
<kaligne> bekks: I set up a new NAT/PAT rule on my router: service=web server; internal port=80; external port=80; protocole=TCP; device=myDevice
<kaligne> lordievader: do you think the router's firewall might be involved? I selected the lowest security rule that says that all internet connections will be rejected unless the right NAT/PAT rule has been defined. Which I believe I did?
<lordievader> kaligne: It could be, yes.
<kaligne> (see my previous message)
<lordievader> kaligne: I know you set up the forward rule, and usually that is enough, but it might be a different implementation.
<TJ-> kaligne: "nmap -Pn -p 80  86.217.107.32" ==> "80/tcp filtered http"
 * lordievader goes to bed
#ubuntu-server 2016-07-25
<m4xx> evening all
<m4xx> every time i reboot my 16.04 server my raid needs to resync
<m4xx> i found on google people have had success adding "mdadm --wait-clean --scan" to their shutdown script but i don't know where to add it
<cncr04s> how is the raid setup?
<cncr04s> is gour grub bootfile up to date?
<m4xx> to tell the truth i'm not sure. i set up the raid in the post conf setup before i installed the OS
<m4xx> it asked me if i wanted to activate it during the install
<m4xx> @cncr04s -^
<cncr04s> so,
<cncr04s> you did not manully setup software raid in ubuntu installation?
<cncr04s> is it via a raid card or motherboard? is it intel?
<m4xx> yes, via motherboard
<m4xx> it is intel
<cncr04s> then you are likley running into the intel fake raid issue
<cncr04s> an issue i faced
<cncr04s> i solved it by running software raid, setup via the installation
<m4xx> i did run update-initramfs -k all -u
<cncr04s> what particular motherboard is it
<m4xx> not sure, i got the box from a friend. it's a zotac of some sort
<cncr04s> 99% chance its fake raid if its a desktop pc motherboard
<cncr04s> unless 16.04 included some changes to support it, it won't work
<m4xx> would it be possible to re-create with out having to kill my data?
<cncr04s> you can't recreate it without trashing what already exists on the disk
<cncr04s> If you don't have a dedicated raid chip via a addon card or on the mobo, then its going to be os software managed any how. You might as well just go with the ubuntu softraid without dealing with the extra interaction with the mobo isw raid stuff.
<cncr04s> that's my opinion, it worked for me. up to you though
<m4xx> does the server install walk you through it? i'm kind of a noob
<cncr04s> I don't know if a noob can do it. It has options for you to set it up in the installation. the part where it asks you to partition. there is an option to configure raid
<cncr04s> searching gooogle/youtube for how to setup raid in ubuntu setup may yeild results, try that.
<antony7777> i need help to clean up a server /boot ... using apt-get autoremove show this error msg: linux-image-extra-4.2.0-38-generic : Depends: linux-image-4.2.0-38-generic but it is not installed
<antony7777> using: apt-get remove linux-image-extra-4.2.0-38-generic .. shows message: linux-image-extra-4.2.0-42-generic : Depends: linux-image-4.2.0-42-generic but it is not going to be installed  linux-image-generic : Depends: linux-image-4.2.0-42-generic but it is not going to be installed                        Recommends: thermald but it is not going to be installed
<antony7777> the /boot is full, but I can't (don't know how) to free it
<antony7777> my uname-r is: 4.2.0-16-generic
<antony7777> so I'm guessing that I had a linux kernel update failed..?
<antony7777> can I just go to /boot and delete the folders of newer kernels .. newer than the one I'm using, ie 4.2.0-16-generic .. will that be safe?
<Ben64> don't delete newer ones
<antony7777> the problem is I'm actually using older kernel.. 4.2.0-16 .. all other kernels in /boot are newer than 4.2.0-16, eg 4.2.0-27, 4.2.0-30 .. etc
<Ben64> ew
<Ben64> so do some "sudo dpkg --force-all -P <package>" and then run update and dist-upgrade and autoremove
<antony7777> like: sudo dpkg --force-all -P linux-headers-4.2.0-42  ?
<Ben64> don't do the newest one
<ubuntu_> I am wondering where plymonth come into the linux boot loading ? I know bios runs code, which runs bootloader like grub ,lilo,..etc, which then load kernel , init.d... But whats the point of plymonth if its running after the kernel is loaded an operational?
<ubuntu_> what i want to know is where plymonth falls in i know it has to be before the gdm login but after the bootloader code
<ubuntu_> And with grub2 you can have the grub menu and graphics screens so its like an in between graphic to the grub and the gdb login page. But is there anything useful happening between that time or is it just for eye candy
<Ben64> head -n5 /etc/init/plymouth.conf
<ubuntu_> so is this before or after init starts?
<Ben64> everything is after init
<ubuntu_> Ok then whats happening between plymonth and  gdm login ?
<Ben64> everything
<ubuntu_> but if init starts all the programs then plymonth is just wasting time to go directly to gdm
<ubuntu_> I guess i am wondering on what is being set up or running when plymonth is running
<Ben64> what are you trying to get at
<ubuntu_> Like if init already has all the programs mostly running when plymonth , usplash,..etc  is then run  one wouldn't see a lag if he went directly to gdm login
<Ben64> no
<ubuntu_> if init is just running plymonth as a process if plymonth is the last process before gdm login is kicked off then there really isn't to much point in having it . If its the starting process init kicks off i can see the nice screen while other process are getting started
<Ben64> whats your point
<ubuntu_> is it the former or the latter i suppose one can configure init to start the process in  different order to some extent but never looked into that much indepth yet
<ubuntu_> My point is if its at the begining of init you looking at eye candy that actually is there because your still waiting for process to be started/configurations to be set. If it is at the end right at the point of gdm login then the eye candy is  just there wasting time
<ubuntu_> to get to gdm
<ubuntu_> login
<Ben64> ok?
<Ben64> i feel like you're leading to an actual question
<ubuntu_> Well can you have a splash screen like plymonth at the grub level before one boots a kernel. Between the grub menu and the loading of the kernel/initramfs stuff
<ubuntu_> ?
<ubuntu_> I guess the grub menu is the splash screen because the rest of kernel loading and ramdisk would take  to get to init to plymonth neglatible time
<ubuntu_> so i guess never mind kind of thought thru this one
<ubuntu_> On an unrelated question is about installers like ubiquity , debian-installer , Anaconda  to name a few how are these set to only run  on an install cd and not on a live-cd by default is it part of init.d process folder the one adds the installer to boot up from
<ubuntu_> because why i am at my live-cd or a computer on ubuntu does matter live or not ... i can  issue ubiquity at the command prompt and get the installer to start
<ubuntu_> So i am just trying to figure out what the best way is to have it always start on boot another words make this a install cd or usb... i was thinking just to add it to the init.d process that init starts or one of its subprocess start but not sure on the best place to put it or what order it should start on ... probably towards the end of init spawning
<ubuntu_> More i think about it .. it will need x11 so it has to be a last process kind of thing
<ubuntu_> Note i could do a text based install or preseed but either way i know how this all works it just where to place these programs when booting
<InnerCode> Hi, I've a strange problem on an Ubuntu 16.04.1 host with lxc/d 2. I've created a bridge on my eth0 connection and ran lxd init to select the bridge as default connection. After that I launched an Ubuntu 16.04 container and it gets his IP address from my DHCP server. I changed the /etc/network/interfaces file from the container to set it a fixed IP address. After stopping starting the container
<InnerCode> it have 2 IP addresses. The DHCP one and the fixed one. I turned my DHCP server off on my network and after a reboot from the container the virtual interface won't go up. So, how do I set the IP address of a container correctly or how to remove the DHCP one?
<negev> hi, i'm having issues with the dovecot apparmor profiles, specifically:    apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/log" name="run/systemd/journal/dev-log" pid=2603 comm="log" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
<negev> writes to run/systemd/journal/dev-log are allowed in the base abstraction which is included in the /usr/lib/dovecot/log profile
<negev> but for some reason it doesn't work
<InnerCode> I found it! I had to comment out the line 'source /etc/network/interfaces.d/*.cfg' in the interface file in the container. It had a cfg file that enables the DHCP for the eth0 interface. Mystery solved.
<m4xx> so i've rebuilt my raid using this guide: http://www.howtogeek.com/51873/how-to-setup-software-raid-for-a-simple-file-server-on-ubuntu/
<m4xx> but it wont come up after boot
<cpaelzer> smb: puah - if it is a good one would you like to make some advertisement for the AC I sometimes see in your office so I can buy one ... :-) ?
<smb> cpaelzer, its okayish. the main problem is to get the heat blown to the outside ... and having insect nets there makes that hard. plus its loud
<cpaelzer> smb: hmm I have space incl windows in the basement below me for "loud" and "air out" - I need to properly investigate that
<cpaelzer> smb: ignoring my favor of light I might also just work down there in the few hot days we get - if I would not need to move sceens and all that ...
<smb> cpaelzer, yeah. I kind of get along by letting it run while I am not in the room and try to keep it dark the rest of the time
<negev> hi, is there anyone around who knows apparmor really well?
<patdk-wk> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<negev> appreciated, but i've done that several times over a few days and didn't get an answer so :P
<patdk-wk> what makes you think anything will improve by asking like you just did?
<patdk-wk> if they didn't know then, why would they know know and have enough time to stick around for you to respond that they did?
<negev> 1) why does the base abstraction that grants write access to systemd dev-log not work?    2) is there a way to handle wrapper scripts that doesn't involve granting execute of /bin/bash to all child processes?
<negev> patdk-wk: someone told me one of the apparmor devs hangs here sometimes
<patdk-wk> so? I don't see what that has to do with any of the above
<patdk-wk> you are wasting his and your time, if he responds, just by asking that question, without asking what you wanted to know
<negev> see above, i asked two specific questions
<Phrygian> I've just purchased an ubuntu server to run a server for a game, but I'm having some issues. I have to run one node js program followed by another, but the first program takes up the console so when i run a command it goes straight into the first program instead of the terminal. How do i avoid this?
<andol> Phrygian: The quick-fix is probably to use something like screen or tmux, and give each program its own terminal. Also, by using screen/tmux it also becomes possible to detach from those terminals, and have the programs continue running in the background.
<andol> Phrygian: Yet, the real solution is probably to setup init scripts (systemd units) and threat them as long running background services, assuming that that is what they are?
<Phrygian> Yeah, I think i'm just going to combine the programs though, that seems like a more appropriate solution
<negev> part
<negev> hi, if i run the same application with different configs, is there a way to have a different apparmor profile for each config?
<jaguardown> Hi all, do-release-upgrade on 14.04.2 says there's no new release found even after updating repos.
<jaguardown> Did 16.04.1 not get released on the 21st?
<negev> jaguardown: it did, but you have to update the metafile manually because it's not been updated yet
<negev> i dunno why
<jaguardown> oh okay, thanks
<teward> jaguardown: they didn't open the release path yet
<teward> negev: ^
<teward> negev: bug squishing and other things need to happen first
<teward> which is why it's not open yet
<teward> at least, last i heard
<negev> makes sense
<negev> i've filed an apparmor bug already :P
<negev> is there a way to customise apparmor profiles with environment variables when an application starts up?
<negev> manpage for apparmor on ubuntu.com is a 404: http://manpages.ubuntu.com/manpages/xenia/en/man7/apparmor.7.html
<negev> linked from: https://wiki.ubuntu.com/AppArmor
<rbasak> negev: thanks, fixed.
<rbasak> negev: also it's a wiki, so please do feel free to fix any other mistakes!
<negev> maybe when i learn how to use apparmor properly, at the moment i'm having trouble working out if my issues are bad config or bugs
<jaguardown> teward: Thank you, I was just about to ask how to manually update that metafile.
<jaguardown> But I'll just wiat
<jaguardown> wait*
<negev> the upgrade went pretty much fine for me
<teward> negev: YMMV
<teward> so :P
<teward> jaguardown: yeah I'd just wait until it's opened up
<negev> if it's still buggy why was it released?
<ubuntu_> installers like ubiquity , debian-installer , Anaconda  to name a few how are these set to only run  on an install cd and not on a live-cd by default is it part of init.d process folder the one adds the installer to boot up from ??? ..... and i am trying to figure out if you can have grub directly boot the x11 /graphics services , and the installer program without first booting into an OS or ramdisk. I know x11 is userspace
<ubuntu_> program
<ubuntu_>   so there would have to be an equivalent grub mod for that which supports what the installer program needs....
<sarnold> ubuntu_: booting straight into graphics is slightly difficult; the plymouth program can give a better illusion that the system is running graphically earlier than X11 really starts.. (I think. at least that used to be the case.)
<ubuntu_> plymonth still needs x11 /Xorg to run
<ubuntu_> And not talking about a splash screen now i am talking about where to place the installer gui programs  when creating an install distro from a live one
<JanC> Ubuntu disc images are both
<ubuntu_> are you talking about the media the distro will be in like iso9660 cd/dvd as opposed to usb or floppy img  i don't get you
<ubuntu_> why would that even matter
<JanC> and it happens in init configuration/scripts and/or in xinit/xsession and/or in similar places; grub (or other bootloaders) can add options to the kernel commandline (which the script can read from /proc/cmdline )
<ubuntu_> I can run  a splash screen like plymonth ,usplash or any other and i can run any gui or text based installer in userspace at a terminal what i want to know is where typically you place these programs to startup
<ubuntu_> Order matters so should i uses the runlevel /etc folders
<ubuntu_> Or is there a better way to most people do it
<JanC> that's going to be different for every distro, right?  but for sure an init script/config (sysvinit/upstart/systemd/...) will be needed
<JanC> best is to look at some distros & see how they all do it?
<JanC> (nowadays one could also write an installer that runs under UEFI instead, I guess)
<ubuntu_> Ok so its going to be dependent on what the system is using systemd or other things and looking up how to start process in a certain order ok. Is there any way if one is doing a text based install to just have grub , the installer programs it uses , and the installer on an iso image /usb img  with no OS or kernel. Because in theory if your doing text based you don't need user land only the mounting programs , making file sys
<ubuntu_> tem programs  , and the grub drivers i would image
<ubuntu_> And if you throw in a grub network PXE boot i would imagine you only need grub for your install usb or cd/dve nothing else on the media other then the boot/grub folder
<JanC> ubuntu_: like I said, nowadays you don't even need GRUB, you could implement it as an EFI/UEFI application
<ubuntu_> How does that work you still need a bootloader with PXE boot unless your talking about a built in bios PXE boot option that one can set where the tftp site is on the network
<JanC> UEFI has (or can have) network drivers, graphics drivers, etc.
<JanC> it's a basic OS on itself
<ubuntu_> at the bios level
<JanC> you can even run Python on UEFI
<ubuntu_> if its at the bios level then the bios has become a mini os itself
<ubuntu_> in the firmware
<JanC> "BIOS" was the name of the old firmwares based on the original IBM PC, UEFI replaces it
<JanC> but yes, it's sort of a mini OS
<JanC> the UEFI firmware in my desktop has a GUI for configuration, can update itself over the network/internet, etc.
<ubuntu_> got it so kind of just wondering if i didn't want to uses UEFI and wanted to uses some type of physical media to give a person like a cd/dvd or a usb  what would be the minimal stuff i need could i do it with just a bootloader accessing a network resource i.e just have /boot/grub
<ubuntu_> I think that was possible but never tried it
<trippeh_> on apple computers with UEFI you can even restore your computer from icloud from the UEFI/BIOS
<JanC> UEFI can boot from CD?
<ubuntu_> Can grub do PXE
<ubuntu_> Its for an old computer that doesn't have UEFI or support it
<ubuntu_> I could make the traditional install or live cd/dvd/usb but was curious on if i could have the iso , img on the network and just give him a cd/dvd/usb that has grub on it thats it that does the PXE boot to install the image from the network. Its to bad that UEFI is not supported
<ubuntu_> I just wanted to save space and not but it on the cd/dvd/usb and the fact that he has 10 old computers that don't have UEFI this is just an example not the really thing just a made up example.
<JanC> you can use PXE from UEFI/BIOS or from GRUB, I think
<JanC> (not sure if GRUB2 has PXE support, but GRUB certainly did)
<JanC> http://wiki.osdev.org/Diskless_Booting#The_gPXE_.2B_GRUB_Way
<ubuntu_> Ok cool so then in that case all one would need on his media is a /boot/grub folder or whatever folder he wants to call it for grub but essentially just grub access a network image
<JanC> that osdev site might have more useful info for whatever you are trying to do  :)
<ubuntu_> about the network image for old computers i would imagine it would have to be in a folder form not a cd/dvd iso9660 600MB to 4GB because one would need the ramdisk space to store it in?
<ubuntu_> How typically is PXE booting done when one has limited memory does it like temporarilly copy to an external hdd by default or something?
<ubuntu_> I mean i get if the iso or img file can fit completely in memory then one can uses PXE from grub to install retrieve it into memory and install it from there but if one doesn't have the ramdisk space i would imagine you cann't do the PXE boot unless it can be specified to uses a swap partition on some secondary harddrive for temporary storage when installing
<ubuntu_> Typically now a days everybody has enough memory not to have to worry about not fitting in memory the image but back in the day when one only had say 128 or 256 MB how could the image fit.
<ubuntu_> I would imagine since your installing the os one would always have available a secondary storage that did have enough room but then PXE grub program would have to uses some tmp space for it
<ubuntu_> to store the iso image and load only the subset of files
<ubuntu_> Or maybe the tftp site only has the essential files of the iso placed on the network for older computers... and for newer ones they can just uses full iso or img images from the network... curious how this uses to work from how it works today
<patdk-wk> heh
<patdk-wk> I just iscsi boot
<ubuntu_> Ok cool iscsi for the initator connection to the target by the IQN number . I get it but what devices can the target uses for the initator that show up in device is it just a virtual disk on the target  or can it be the actual part or whole physical HDD connected to the target like a usb drive or a slave HDD
<ubuntu_> Because i just say stuff on the target using a virtual disk to provide the initator
<ubuntu_> so can it also uses non virtual HDD , cd rw , usb ..etc device or do most people uses a virtual HDD on the target for the initator iscsi machine?
<ubuntu_> I get the difference between using iscsi SAN technology as opposed to using NAS storage technology. But typically what does the iscsi media uses for providing storage for the initator?
<sarnold> iscsi initiator may be booted via pxe or a sata DOM mini-ssd or USB mass storage device
<ubuntu_> Ok at that point its just like having the network harddrive or cluster locally to you when booting ( kind of affect)
<ubuntu_> Is that currently the best way for providing network booting/installs for large companies?
<patdk-wk> it depends on the needs
<patdk-wk> after all that, still no idea what your needs are
<patdk-wk> my needs where simple
<patdk-wk> one iscsi volume
<patdk-wk> the iscsi volume is cloned for each workstation at boot
<patdk-wk> and destroyed on shutdown
<ubuntu_> iscsi can uses any type of physical storage device right like cd/dvd/usb/floppy/nas/....etc device or is it just fix to hardware that uses the scsi commands so maybe not ATAPI cd/dvd not sure
<ubuntu_> ?
<patdk-wk> heh?
<patdk-wk> iscsi is limited to scsi
<patdk-wk> not sure why that wouldn't include cd/dvd/usb/floppy
<ubuntu_> so what device now a days are not scsi based
<patdk-wk> yes, you cannot run nas over iscsi
<patdk-wk> well, usb isn't scsi normally
<ubuntu_> just trying to figure out what hardware it won't work on
<patdk-wk> my first cd was scsi
<patdk-wk> but not sure what any of this has to do with anything
<ubuntu_> O so no usb device darn  you have to uses NAS in that case for the usb devices
<patdk-wk> why?
<patdk-wk> but then, if your using usb, you did something seriously wrong
<ubuntu_> because how else would you have a computer access a usb HDD on another computer  thru then network
<patdk-wk> you don't
<patdk-wk> doing so is foolish and unreiable
<patdk-wk> usb it not known for it's stability
<patdk-wk> but who said you cannot use usb disks over iscsi?
<ubuntu_> Also can iscsi uses virtual HDD or virtual cd/dvd drives instead like if one  has vmware  HDD files on his iscsi target device instead of physical devices
<ubuntu_> i.e virtual scsi device instead of physical scsi devices
<ubuntu_> Because if it can that would be a really good way for business to have many peoples computers just have a different virtual scsi HDD on the network i.e share space on the target scsi  as virtual files that are shown to the initator as really physical devices
<JanC> that would depend on the iSCSI target (NAS/SAN/server) you use, I guess
<JanC> iSCSI itself is just a protocol
<ubuntu_> Humm curious partitioning the physical device like one partition for each person with 1000 people then setting quotas seems impratical but using 1000 virtual HDD files  that each of the client initator machines uses seems more practical
<ubuntu_> I guess one could do the traditional way and have there local laptop or desktop HDD just for there files and the NAS or SAN as having there os partition but your still going to need partitions for each of the 1000 if your not using virtual HDD
<ubuntu_> Or one could uses Active directories instead
<ubuntu_> Just thinking out loud since if one had one iscsi with windows 10 os on it and all the clients just PXE boot to the iscsi with there whole local hard drive as  just file and there program storage then would the performance halt for 10000 people using this same iscsi target to log in
<ubuntu_> seems it would so kind of wondering the best way to set up pxe / UEFI booting   to iscsi target when it comes to 1000 s of computer users... i would think you would have to increase the different iscsi targets which would kind of increase the number of computers or at least scsi devices
<ubuntu_> Also sinces iscsi is a SAN i would imagine you could set this up with a cluster of scsi devices manybe thats how they do it not sure
<ubuntu_> This wouldn't seem like it would help in different os's images only in performance , load balanceing , and failover raid backup,..etc stuff so kind of still confused
#ubuntu-server 2016-07-26
<i-> I'm running Server 16.04, so I figured to ask here.
<i-> I have kswapd0 running at 100% (almost) CPJ
<i-> Dunno what I could do to fix this :P
<sarnold> i-: is there anything interesting in dmesg output?
<sarnold> i-: what does smartctl status look like on your drives?
<i-> smartctl apparently gets an 'invalid argument'
<i-> dmesg looks like normal
<cpaelzer> i-: kswapd at 100% likely means you are staying below some watermarks
<cpaelzer> i-: depending on numa setup you have one or more kswap kernel threads but that aside
<cpaelzer> i-: usually I'd expect you now want to find where your memory is:
<i-> this is actually an EC2 instance, btw
<cpaelzer> good to know
<cpaelzer> i-: a) spent with tools like smem or even just /proc/memofino and /proc/slabinfo
<cpaelzer> i-: b) track a bit how much is going on in terms of discarding pages and vm effort on it
<cpaelzer> for b there might be more modern things, but I still like systat for that
<cpaelzer> http://www-05.ibm.com/de/events/linux-on-system-z/downloads/Tools-MK2-V7-Web.pdf pages 72/73 and 149 would be where I'd start
<cpaelzer> i-: feel free to post the syststat and smem data somewhere to try to jointly interpreting them :-)
<cpaelzer> i-: an output of /proc/meminfo /proc/slabinfo  /proc/zoneinfo and /proc/pagetypeinfo along the other data can also help to shed some light
<cpaelzer> rbasak: I realized that it might be reasonable to spend at least a bit of time when doing a merge to check for outstanding bugs
<cpaelzer> rbasak: most of the time this is just 30 minutes of cleanup, but sometimes one can find something important and add it right when merging anyway
<cpaelzer> rbasak: as well as trying to push remaining delta to debian
<cpaelzer> rbasak:  I was wondering if we should add the two (pushing delta to debian + reviewing open bugs) to https://wiki.ubuntu.com/UbuntuDevelopment/Merging/GitWorkflow between step 6/7 or if you consider that "too much"
<negev> hi, say i have rails installed and i want to configure a different apparmor profile for each rails app, is there a way to do that?
<rbasak> cpaelzer: I think that's a good idea.
<cpaelzer> rbasak: thanks I'll add a very short statement as soon as the wiki lets me in
<cpaelzer> rbasak: fyi picking the exim4 merge - ok ?
<cpaelzer> that is the next on my list, but you touched last so I wanted to hear an ack
<rbasak> cpaelzer: sure, thanks. I'm reviewing your ntp merge right now.
<cpaelzer> mdeslaur: you also uploaded exim4 recently - is it ok for you too that I take the work on the merge?
<mdeslaur> cpaelzer: please take it, thanks
<ktt9> Hello. I have a problem with preseeding Ubuntu 16.04 server amd64. Patched boot command line seems to ignore preseed/early_command string. Am I missing something?
<ktt9> Same procedure works perfectly for e.g. 15.10 and earlier versions.
<rbasak> ktt9: I'm not aware of anything that should have changed with that. I suggest you provide exact steps to reproduce in a bug report.
<ktt9> Okay, understood.
<b3h3m0th> I opted for home folder encryption on ubuntu server 16.04 during installation. Now I want to be able to login as a different user and access my files. How do I do that ?
<bekks> b3h3m0th: You dont. Because your home folder is encrypted per user.
<bekks> b3h3m0th: you need to login two users then.
<b3h3m0th> I did not get that
<JanC> well, you could still mount it AFAIK
<b3h3m0th> yeah, that's what I want to do
<bekks> the home of user A is decrypted when user A logs in. So login user A to get that home decrypted, and switch users, and login user B.
<b3h3m0th> I want to do that without logging in to user A
<b3h3m0th> technically speaking, I want to figure out the decryption passhrase and the decryption command for /home/A/ (given I know the unix password for user A) from user B's shell
<bekks> b3h3m0th: https://help.ubuntu.com/community/EncryptedPrivateDirectory
<JanC> it's using ecryptfs
<bekks> b3h3m0th: There is no way to guess the passphrase for the encryption from the known user password.
<bekks> There is entirely no relationship between them, technically. You MIGHT set the same passphrases, but thats not a requirement at all.
<bekks> b3h3m0th: Instead of trying to crack, just ask user A.
<JanC> https://help.ubuntu.com/community/EncryptedPrivateDirectory#Recovering_Your_Mount_Passphrase
<Zardoz84> I need help with a nearly catastrophic problem with Ubuntu Server (14.04) on a Intel FakeRAID
<Zardoz84> We replaced a failing hard drive by another, and looks that the rebuild process instead of copying the data of the good disk to the new disk, has doing opossite! Now I have a raid volumen that is empty !
<bekks> Zardoz84: No it is time to restore your backup.
<JanC> b3h3m0th: see there how you can get the mount passphrase
<Zardoz84> But lucky, we had a separate raid 1 to store the data
<Zardoz84> that have a BTRFS filesystem. I boot from the Ubuntu server cdrom on rescue mode, to check the data volumen, and I can't mount the partition
<bekks> So you dont have a backup?
<Zardoz84> fdisk says that there is a single partition of GPT type, and when I try to list the partitions using -t gpt, I get an error
<Zardoz84> bekks: Yes, but I'm trying to restore the data hard disks
<bekks> Zardoz84: Can you please anwer my questions?
<bekks> Zardoz84: Do you have a backup?
<Zardoz84> bekks: Yes, I have backups of the data but I'm trying to restore the data hard disks
<bekks> Zardoz84: they were overwritten. Restore your backup.
<Zardoz84> I know that I would need to reisntall the OS, but I need to know why this happen, so the next time that we replace a hard disk, we not get a server down for a entire day
<JanC> don't use fake raid
<Zardoz84> bekks: As I said, I know that the SO volumen is lost and I need to reinstall it. What I'm worried, is about the data volume that looks that is Ok, but I can mount the partition
<bekks> Zardoz84: USe a hardware raid controller.
<JanC> and I wouldn't use btrfs either
<Zardoz84> JanC: Sadly, I can't choose the hardware
<bekks> Zardoz84: Do you have a BACKUP on SEPARATE drives?
<Zardoz84> We have a backup on a network drive, so YES
<JanC> you can ignore intel fake raid and use linux software raid
<bekks> Zardoz84: So reinstall that thing, forget about whatever is on those disks, and restore. your. backup.
<Zardoz84> :( My kingdom for a real RAID....
<RoyK> bekks: I'd use mdraid over hwraid any day
<RoyK> s/use/choose/
<b3h3m0th> bekks:  no need of asking user A
<b3h3m0th> I am user A
<b3h3m0th> :)
<b3h3m0th> I did not set the passphrase
<b3h3m0th> it was set up during installation
<b3h3m0th> of ubuntu server
<bekks> Then you are logged in as user A :P
<b3h3m0th> but there is a catch
<b3h3m0th> my ultimate intention is to set up (home folder encryption) and (key based ssh)
<b3h3m0th> so, if home folder encryption is there, the ssh keys in home folder cannot be verified
<b3h3m0th> so I am using https://stephen.rees-carter.net/thought/encrypted-home-directories-ssh-key-authentication
<b3h3m0th> in that, I can login using my keys of user A
<b3h3m0th> but then I have to unlock using my password
<bekks> You could have asked that about an hour earlier.
<b3h3m0th> but I want my decryption passhrase to be different from my unix password
<b3h3m0th> for security reasons
<bekks> Your initial question was totally different from your ssh issue.
<b3h3m0th> yeah, I did not want to be off topic
<b3h3m0th> brb. logging on. dinner
<JanC> why would an ssh question be offtopic and an ecryptfs question not?
<patdk-wk> I think he means offtopic to the problem at hand, he was attempting to solve
<JanC> well, even more reason to describe the exact same problem instead of something unrelated?
<b3h3m0th> back
<b3h3m0th> so the command mentioned in https://stephen.rees-carter.net/thought/encrypted-home-directories-ssh-key-authentication is not present in ubuntu server 16.04
<bekks> Which command...?
<b3h3m0th> ecryptfs-mount-private
<b3h3m0th> I'm wondering how it is mounted by ubuntu when I login normally
<bekks> Check wether the package ecryptfs-utils is installed.
<b3h3m0th> what was the command ?
<b3h3m0th> something with --policy
<b3h3m0th> nm
<b3h3m0th> yes it is
<b3h3m0th> oh
<b3h3m0th> that command did work
<b3h3m0th> path issues
<b3h3m0th> and the passphrase is my unix password
<b3h3m0th> how insecure of ubuntu server it did not even ask me for passphrase while setup :(
<bekks> You could always change that.
<b3h3m0th> hmm
<genii> The Server meeting seems sparsely attended today
<teward> happens
<teward> some of us were delayed due to other things (read: workplace requirements)
<teward> probably
<teward> (that was me)
<Pinkamena_D> Hello all, I am looking for the best solution to allow usernames / passwords from an active directory server to be used to log in with SSH to ubuntu server. This is the only feature I am looking for, no mountings/printers/user info, etc. Can anyone recommend a good guide?
<sypher> Pinkamena_D: Simple LDAP might work, but you could also check out Centrify. It has a free version, if you don't require zoning.
<sypher> Pinkamena_D: Install the agent, join the domain, done. One of my largest clients uses it extensively, it's very good.
<Pinkamena_D> This is a commercial organization so I am not sure if that would work
<sypher> Pinkamena_D: So is Centrify.
<Pinkamena_D> Meaning, I don't need to worry about licensing.
<sypher> Pinkamena_D: It's free version isn't a trial or anything like that. It's ONLY AD authentication. The paid version has a lot more features, if you require them.
<Pinkamena_D> hmm, well I will look into it
<sypher> Pinkamena_D: The free version has a 200-system limit in terms of licensing.
<Pinkamena_D> In case this idea does not end up going over well, do you have any info on the pure LDAP solution you mentioned before?
<sypher> Pinkamena_D: https://help.ubuntu.com/community/ActiveDirectoryHowto - Which, incidentally, mentions Centrify.
<sypher> Pinkamena_D: Oh, I didn't know this. Centrify is in the Ubuntu partner repo.
<sypher> Pinkamena_D: So you'd only have to enable the repo and install the package.
<Pinkamena_D> nice
<sypher> Pinkamena_D: Or, well, it was for precise.
<harsh410> hi
<harsh410> in need of some guidance for cloud
<harsh410> hi in need of some guidance for cloud
<bekks> harsh410: you're in need of asking a support question then. :)
<harsh410> ok and is this the forum
<harsh410> ??
<bekks> This is an IRC channel.
<harsh410> and it is for helping right
<harsh410> if u cant better say no
<harsh410> let others do that
<bekks> If you dont want help, better say it.
<bekks> Or ask your actual support question.
<harsh410> ofcourse i need it
<sypher> Then ask your question.
<genii> harsh410: A specific question is easier to answer than a generalized one
<harsh410> u should have said so right away ......I want to set up a local cloud based system for 30  users of my office .i want a file sharing server and most importantly office softwares . i have been able to perform file sharing on virtual m/c i want to perform services as a service
<harsh410> for office softwares like libre  write
<bekks> 0726 191122 < bekks> harsh410: you're in need of asking a support question then. :)
<bekks> I did. It was my first comment. You preferred to chitchat instead.
<harsh410> help me . if u can please..i may not know the protocols of discussion but my intentions are clear
<bekks> You want to setup a fileserver.
<bekks> As a VM, as you told us.
<harsh410> yes
<harsh410> yes
<bekks> So whats the issue with that?
<harsh410> i was able to set up a file server and perform file sharing.next thing i want is to provide office applications as service
<harsh410> to users
<bekks> Install an Ubuntu VM, install the file server services you need/want, and there you ho.
<sypher> s/ho/go/
<bekks> If you want to provide office applications to users, you would have to provide a desktop for each user.
<harsh410> can the services be shared to them
<harsh410> if they dont install the softwares
<harsh410> if thin clients are given to them?
<RoyK> !ltsp
<ubottu> LTSP is the Linux Terminal Server Project, which adds thin-client support to Linux servers. See chapter 3 of the !edubuntuhandbook, http://www.ltsp.org and/or http://en.wikipedia.org/wiki/Linux_Terminal_Server_Project
<bekks> Thats "giving a desktop to the users".
<harsh410> okay sounds useful  and how are softwares like libre installed and managed?
<RoyK> harsh410: read up on ltsp
<n2deep> Has anyone here been able to get cloud-init to execute a /sbin/modprobe command in the past?
#ubuntu-server 2016-07-27
<negev> hi, i'm getting this with apparmor:
<negev> [299732.820845] audit: type=1400 audit(1469605230.425:31340): apparmor="ALLOWED" operation="getattr" info="Failed name lookup - deleted entry" error=-2 profile="/usr/sbin/dovecot" name="/var/lib/dovecot/.temp.a.rkw.io.25454.9d807e6e42bbe568" pid=25454 comm="dovecot" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
<negev> but the usr.sbin.dovecot profile explicitly allows access to files in that path:
<negev> /var/lib/dovecot/* rwkl,
<rbasak> negev: are you sure apparmor is/would actually be denying that?
<rbasak> Sounds like it will fail anyway.
<negev> rbasak: my assumption is that complain mode would only log events that were denied by the policy
<negev> why would that not be the case?
<rbasak> I don't know. But the message suggests to me that it's pointing out that it's allowing something that would fail anyway.
<negev> requested_mask="r" denied_mask="r"
<negev> doesn't that imply denied by policy?
<rbasak> Possibly it needs to resolve symlinks before it can check against policy maybe? In that case, it cannot match against a rule.
<rbasak> "Failed name lookup - deleted entry"
<rbasak> Tell me how that would be expected to work even without any AppArmor interference.
<negev> rbasak: i don't know what that message means so i can't comment
<rbasak> It means that the file dovecot tried to access does not exist.
<negev> ok but why does apparmor report on that?
<rbasak> I'm not certain, but that's how I interpret it anyway.
<negev> i asked the mailing list, hopefully seth will get back to me soon
<rbasak> I'm speculating that it's because it matches a rule but cannot dereference any symlink.
<Luther> hi guys, i have a question for nagios.  if i want to use notifications i have to install a plugin to do this like https://github.com/jasonhancock/nagios-html-email/blob/master/README.md or i can set up an email server. Is this correct?  i am new to nagios so please do not tear me in pieces if i oversee something obvious :P
<negev> Luther: the local MTA is fine for sending email alerts
<andol> Luther: Yes, and no :) Pretty much any action Nagios takes happens by running a plugin. That said, when you install Nagios you usually get a bunch of standard plugins preinstalled and preconfigured; email notifications included.
<andol> Luther: But yeah, as negev says, the default email-notification does assume the existance of a local MTA.
<Luther> okay, i have not found a plugin yet which send the mail. I mean the local MTA should be fine , but i still have to configure commands.cfg to implement the MTA right?
<Luther> allright, forget my last question i was stupid again. Nagios still confuses me sometimes
<Luther> thx @negev and @andol
<andol> Luther: Yeah, getting into the right Nagios mindset is a bit of an uphill battle, but once you have crossed that hill, it all starts to make perfect sense.
<andol> ...even if you might want to consider taking a look at Icinga instead, which is kind of the same, but a bit more modern.
<andol> Well, there is classic Icinga, which is almost the same as classic Nagios, just a bit smoother.
<andol> Then there is the new Icinga 2, which has a slightly more dynamic config language, etc.
<Luther> yeah i have found a lot about Icinga as well, but our professor told us to use nagios ^^ Still i have the feeling that nagios is kind of dead... :O
<Luther> i mean the nagios developer conference for this year was canceled, you can hardly find any post about nagios newer than 2014.....
<andol> Luther: Ah, part of a school assignment? In that I wouldn't worry about it, because pretty much everything you learn about Nagios will also be applicable to Icinga.
<andol> Yes, there will be details which differ, but a lot of the concepts are the same and will translate fine.
<Luther> @Luther kind of. I study IT and my professor told me to monitor some servers for him. But the next year i have an internship where i will also have to monitor servers so i am happy to get a little bit more experience. Well thats good to hear if i want to switch to icinga
<Luther> @andol kind of. I study IT and my professor told me to monitor some servers for him. But the next year i have an internship where i will also have to monitor servers so i am happy to get a little bit more experience. Well thats good to hear if i want to switch to icinga
<andol> Luther: Sounds like a good experience!
<andol> Luther: Also, with IRC you really don't need to use the @nickname syntax. Most IRC clients will highlight just fine even without the prefixing @.
<Luther> allright will remember that andol :)
<Luther> see ya later guys
<Luther> bye
<jonah> Hi is anyone here any good with High Availability and IP Failover on Ubuntu? I'm looking for a solution that just uses two servers if it's possible, with the main web server and a second server to provide the failover/sync and ha solution. I realise most people use more servers and load balancers etc but I just wanted to keep the hardware to a minimum for both for cost and admin. I found this solution but it's a pretty old link: http://
<jonah> mfarrukhsiddique.blogspot.co.uk/2010/01/highly-available-webservice-by-using.html
<rbasak> jonah: corosync/pacemaker maybe?
<jonah> rbasak: I've seen those mentioned on guide online but they usually need more than 2 servers...
<patdk-lap> heh?
<patdk-lap> jonah, it never needs more than 2 servers
<jonah> patdk-lap: really? I found guides such as this, but the diagram shows 2 load balancers before the the two servers: https://www.digitalocean.com/community/tutorials/how-to-create-a-high-availability-setup-with-corosync-pacemaker-and-floating-ips-on-ubuntu-14-04
<jonah> patdk-lap: would be great if you could still set all this up using just the two servers including the load balancing too if possible...
<patdk-wk> jonah, that guide is insane
<patdk-wk> disable stonith cause it's two nodes?
<patdk-wk> stonith is always required
<jonah> patdk-wk: So with corosync/pacemaker does it work at block level/partition level or does it just sync higher up as I have different partitions etc
<hallyn> kirkland: hey, i have a concern, and not sure who to ping.  on landscape, it seems hit or miss as to whether security updates are marked as such.  mysql updates for 12.04 today were not markedas such but changelog lists cves
<hallyn> that seems like a dangerous thing for customers who might say "oh, no security updates, i'll wait"
<sdexter> I am installing Ubuntu 14.04 LTS Server onto a RAID1 software raid (not fake). When I get to the step where it does grub-install /dev/sdj it fails. I have tried setting this up a number of ways and it fails this same way every time.
<jonah> sdexter: i had similar issues. I got it working by setting new partion layout in mbr/msdos rather than GPT
<patdk-wk> jonah, what are you talking about?
<patdk-wk> corocync/pacemaker have nothing to do with levels or partitions
<jonah> patdk-wk: ah that's great then! perfect
<patdk-wk> it does HA, it doesn't do whatever your attempting to ha
<jonah> patdk-wk: sorry I don't know much about them
<patdk-wk> you have to write/design whatever to manage ha for your filesystem, ip, ...
<patdk-wk> HA just manages those in an HA way
<patdk-wk> pacemaker just manages
<jonah> sdexter: When i tried to use GPT it wouldn't have it, even with the EFI boot partition etc
<patdk-wk> it does come with a lot of premade scripts, to handle ip's and stuff though
<jonah> patdk-wk: ok cool, is there any nice getting started guides etc for me to try follow?
<patdk-wk> if you want HA filesystem, generally your talking about using drbd
<patdk-wk> then having pacemaker manage whatever runs on those filesystems
<patdk-wk> reaqlly all your looking for is running a webserver and load balancer on each node
<patdk-wk> then having something move an ip to the active node
<patdk-wk> moving that ip is your hard part
<patdk-wk> pacemaker can do that, heatbeat can do that, maybe a few other things
<patdk-wk> but with two nodes, you need to figure out how to do that sucessfully
<patdk-wk> how do you know the other one failed
<patdk-wk> there are no real guides for this, cause it's different for everyone
<jonah> patdk-wk: ok thanks
<sdexter> jonah: I think I had seen something about that in my research but I wasn't sure how to switch it to msdos
<jonah> sdexter: basically when you first partition and format the drive in gparted or some partition program you can choose between mbr/msdos or GPT. Then when you partition the drive set the MBR/MSDOS boot partition or whole partition if you just have one to be bootable by setting the bootflag to be on
<jonah> sdexter: it's probably a case of starting fresh and partitioning the drive with a live linux cd or something and setting up a new partition table in msdos. Then let the partitioner in the ubuntu setup thing set the partitions you want from there or use guided install
<sdexter> Yeah, I didn't see options for msdos in the installer itself. So i am going to boot from a desktop CD and try what you mentioned.
<jonah> sdexter: ok good luck
<sdexter> jonah: thanks
<rbasak> smoser: do you think bug 1206164 is worth an Ubuntu delta? I'm concerned about how diverged Ubuntu is becoming on ntp.
<ubottu> bug 1206164 in ntp (Ubuntu) "/etc/network/if-up.d/ntpdate does not detach correctly" [Medium,Triaged] https://launchpad.net/bugs/1206164
<smoser> rbasak, is debian not willing to take it?
<smoser> it looked like a clear bug
<smoser> rbasak, wow. i read that bug and had no idea that i wrote it ;)
<smoser> well, i think christians' suggestion is good.
<rbasak> smoser: Debian's ntp doesn't seem to have an active maintainer. So we'll be maintaining any delta for a long itme.
<rbasak> smoser: I agree with Christian's patch. I just don't like adding stuff like new configuration options in Ubuntu deltas. Makes for future pain. So how important is it to us?
<smoser> i dont know. have to think about it more.
<smoser> backgrounding is a pita too
<smoser> the only reason it backgrounds (as i understand it) is so that it does not block if the ntp server is not available
<smoser> but backgrounding that on boot means that at some indeterminable point in boot clock jumps
<rbasak> Perhaps we should stop seeding ntpdate (assuming we are)
<rbasak> Do VMs start from the epoch or from the host's date?
<smoser> hosts date
<rbasak> Then can we rely on curtin to use ntpdate, not seed ntpdate or ntp, leave systemd-timesyncd by default to slew time?
<rbasak> If the user installs ntpdate then the user accepts the time jump.
<smoser> yes.
<smoser> and it even make sense that they accept it on ifup of some device
<smoser> but accepting it at an arbitrary point in boot is more sucky
<smoser> with no way to control it
<rbasak> Christian's patch is fine to help solve that, but I think it should be in Debian first.
<rbasak> If we don't seed ntpdate, I don't think it's worth an Ubuntu delta.
<smoser> rbasak, maas is i belive wanting to use it.
<smoser> so there is a bug... i'd have to find it.
<smoser> but basically if you are firewalled off the internet and have ntpdate installed
<smoser> and you have loads of interfaces
<smoser> then ifup -a really sucks
<rbasak> In that situation, why do you have ntpdate installed?
<smoser> for no reason
<smoser> i dont knwo.
<smoser> i think this was an openstack
<smoser> actually, i do know
<smoser> because you can't really use ntp without ntpdate right?
<smoser> unless you are sure your clock will never get busted to the poitn that ntp will refuse to jump ?
<smoser> or is that handled elsewhere
<rbasak> IIRC, ntp has an option to allow it to jump nowadays
<rbasak> Yes - "-g"
<rbasak> ntp upstream deprecated ntpdate
<smoser> in that cae, running ntpdate on ifup seems pointless.
<rbasak> ntpd -qg is equivalent to ntpdate
<smoser> and yeah, installing it seems pointless
<rbasak> dovecot-core recommends ntpdate for some reason. That's all I can see (http://people.canonical.com/~ubuntu-archive/germinate-output/ubuntu.yakkety/rdepends/ntp/ntpdate)
<patdk-wk> dovecot hates it when time jumps
<patdk-wk> it causes all kinds of problems
<kirkland> hallyn: chat with tyhicks and jdstrand, for a start;  maybe also sync with sparkiegeek (dpb is on holiday this week)
<jdstrand> tyhicks (cc kirkland and hallyn): if it is in landscape I suspect ratliff might be able to talk to someone at the sprint directly
 * jdstrand isn't sure if landscape is at that sprint, but I thought so)
<rbasak> That sounds familiar. Nagios' check_apt behaves in a similarly broken way. It relies on apt-get -s and looks at which pocket a download would come from. But security updates are copied to the -updates pocket as well, so this is unreliable.
<hallyn> thanks guys.  ratliff: is that something you can push on?
<tyhicks> ratliff: if you have someone in landscape to talk to in person there, mysql-server-5.7 was correctly uploaded to xenial-security but, as rbasak pointed out, it is copied to xenial-updates shortly after
<tyhicks> ratliff: they could possibly look at the destination pocket specified in the changelog ('xenial-security' can be seen in the first line of https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.13-0ubuntu0.16.04.2)
<tyhicks> ratliff: I'm sure there's probably more reliable means available via launchpad apis but I don't know about them off the top of my head
<rbasak> bug 1031680 is the nagios-plugins issue. It's only speculation - Landscape might be doing something completely different.
<ubottu> bug 1031680 in nagios-plugins (Ubuntu) "check_apt always report 0 critical updates" [High,Triaged] https://launchpad.net/bugs/1031680
<setuid> Anyone about good with iscsi? I've tripped on something that I don't think should behave like it is...
<setuid> Clean install of 14.04.4 server, installed iscsi components, set up a single, 50GB sparse file on the target, then on the client, I used:
<setuid> iscsiadm -m discovery -t st -p trustyS-iscsitarget
<setuid> and it finds -two- paths to that target, one on each NIC (different subnets)
<setuid> on the client, I then did: iscsiadm -m node --login
<setuid> which finds -two- 50GB volumes, /dev/sdb and /dev/sdc respectively
<setuid> I can format /dev/sdb1, drop a file there, mount /dev/sdc1 and the file is not there. I mount /dev/sdc1, drop a file there, then unmount. Mounting up /dev/sdc1 again, I see the -first- file (the one I put on /dev/sdb1)
<setuid> 1.) Why does iscsiadm see -two- 50GB volumes, when there's only one physical volume? 2.) Why does it treat them as if they were independent, but they're obviously the same volume.
<sarnold> setuid: simple questions with insanely complicated answers..
<setuid> sarnold, I'm following this blog post, step by step: http://caribou.kamikamamak.com/2014/09/30/iscsi-and-device-mapper-multipath-test-setup/
<sarnold> setuid: if there's actually two networks worth of bandwidth to the thing you may wish to set up multipathing on the client, so it'll issue commands down both, either for bandwidth or for reliability
<setuid> but I'm dead right where I have to format the partition. If I have multipath-tools installed (which I need), the moment I use iscsiadm to log in, BOTH volumes are in use, and I can't format them.
<sarnold> setuid: if there's only one network worth of bandwidth between the two it's probably best to pretend the second name for it doesn't exist
<setuid> How does it automatically set up multipathing, when I removed that package?
<setuid> They're VMs on the same physical host, but two separate networks coming into each VM
<setuid> so each VM (2 total) has 2 NICs, NIC1 is net1, NIC2 is net2
<setuid> I specifically named the host different names (in /etc/hosts) based on each network, so it would not overlap subnets
<setuid> 172.16.38.139   trustyS-iscsitarget
<setuid> 172.16.181.128  trustyS-iscsitarget2
<setuid> for examplel
<setuid> I'm trying to debug a multipath issue, but tripped on this well before I even started configuring multipathing
<setuid> sarnold, this is what I see: http://paste.debian.net/785642/
<sarnold> setuid: I suspect that performing operations on the individual /dev/sdb* and /dev/sdc* names has probably corrupted that file irreparably; you may wish to start over from the step of 'create new sparse file'
<setuid> odd... if I create a partition on /dev/sdc, so I now have /dev/sdc1, I can see it in fdisk on /dev/sdb, but there is no /dev/sdb1, until I go into fdisk on /dev/sdb, do nothing, and use 'w' to write the "changes" to that, then /dev/sdb1 appears.
<patdk-lap> heh?
<patdk-lap> sarnold those are simple questions with simple answers
<setuid> sarnold, Fair enough, I'll try that
<patdk-lap> what filesystem are you using?
<sarnold> setuid: then -never- work with tehe individual devices but only the dm-multipath device..
<setuid> sarnold, multipath is not installed
<setuid> I *can't* install it
<sarnold> patdk-lap: heh explaining why you can't just use ext4 or zfs on two paths to the same device takes some time and effort, and understanding why e.g. ocfs2 can work inthe same situation is yet another huge ball of wax :)
<setuid> because I then can't format the device
<patdk-lap> sarnold, it's easy, they are TWO different devices :)
<sarnold> setuid: but you're in luck, patdk-lap's around :) I was hoping he'd spot the question..
<patdk-lap> with different caches
<patdk-lap> you must not use both at once, ever
<patdk-lap> that is what the multipath package is for
<setuid> sarnold, http://paste.debian.net/785644/
<setuid> patdk-lap, I'm not trying to use both at once
<setuid> I just happened to notice the oddity
<setuid> I log in, and it creates /dev/sdb and /dev/sdc
<patdk-lap> it's not odd
<setuid> but no dm-X device
<patdk-lap> you have two paths, so it makes two devices
<sarnold> setuid: why can't you install the multipath tools?
<setuid> How can I possibly have two paths, without configuring the iscsi initiator to do so?
<patdk-lap> heh?
<patdk-lap> you don't configure the initiator
<setuid> sarnold, With multipath installed, I can't format the vols, once I've used --login
<patdk-lap> you configure the target to only have one path
<setuid> sarnold, with multipath removed, I can
<setuid> patdk-lap, the target only has one path
<setuid> Target iqn.2014-09.trustyS-iscsitarget:storage.sys0
<setuid>         Lun 0 Path=/home/ubuntu/iscsi_disk.img,Type=fileio,ScsiId=lun0,ScsiSN=lun0
<setuid> that is the *ONLY* entry in /etc/iet/ietd.conf
<patdk-lap> that says you have one lun
<patdk-lap> nothing about paths
<setuid> http://caribou.kamikamamak.com/2014/09/30/iscsi-and-device-mapper-multipath-test-setup/
<setuid> ^ following that blog
<sarnold> setuid: so you run e.g. cfdisk /dev/mapper/mpath0 ... and then what happens/
<setuid> http://paste.debian.net/785646/
<setuid> that's all that's in there, as expected... root fs and swap
<patdk-lap> oh ya, that is right
<setuid> But /dev/sdb and /dev/sdc represent the single, 50GB vol on the target
<sarnold> did the multipath -ll show anything?
<patdk-lap> I answered this last week
<patdk-lap> iet does not support LIMITING multipathing
<setuid> There is no multipath on the host
<setuid> Not yet anyway, I have to remove the package to format the vol, then install it
<setuid> Once I install multipath, /dev/sdb and /dev/sdc become locked, in-use, and I can't partition or format them
<patdk-lap> why would you want to?
<sarnold> that's probably for the best
<sarnold> you need to then access them with the multipath-consutrcted "single" view of the thing
<sarnold> and if multipath -ll didn't construct one for you, that's probably the place to start debugging
<setuid> http://paste.debian.net/785648/
<sarnold> aha once you've modified the /dev/sdb directly it's probably time to throw away the sparse file again :)
<sarnold> oh line #3 :)
<setuid> http://paste.debian.net/785649/
<setuid> Right, so now I format /dev/mapper/{long-grok-path}-part1
<setuid> So that blog post is completely incorrect in these steps referring to /dev/sda
<sarnold> well
<setuid> And the commands and output they show, are missing quite a few options
<sarnold> they are indicating that the iscsi layer works
<sarnold> but not recommendations on how to actually use the thing
<setuid> There's no way to get the output they claim, out of the commands they show being used
<setuid> patdk-lap, Ok, after some small hoops and translation, it works. I'm trying to debug why /etc/multipath/wwids wouldn't get generated on boot, but does work when using 'multipath -W'
<setuid> That's why I modeled these VMs to replicate that reported issue
 * setuid loves the good problemsm 
<patdk-lap> :)
 * setuid spies 'peers' in the channel too ;) 
<cncr04s> Unrecognized mount option "umask=000" or missing value
<CodeMouse92> Greetings, all. Is it possible to limit access to some web directory (the way .htaccess does), but using credentials from an OAuth2 server?
<sarnold> CodeMouse92: does this do what you want? https://github.com/pingidentity/mod_auth_openidc
<CodeMouse92> sarnold: That might work. I'm a fairly novice IT, so I'm totally out of my element, here.
<CodeMouse92> sarnold: I need to connect to this puppy: http://standards.mousepawgames.com/csi.html
<sarnold> CodeMouse92: I've never had to worry about more complicated apache authentication and authorization.. even the basics are annoying :) .. but I saw a few references to that module on stack overflow answers and a quick skim of the page looked sane
<sarnold> "The CSI (Commenting Showing Intent) Commenting Standards refers to a style of code commenting which allows for the complete rewriting of a program in any language, given only the comments"
<sarnold> holy cow, that's ambitious
<CodeMouse92> sarnold: Yeah, it looks pretty sane. My only reasoning is that I don't want to set up an employee account on *yet one more subsite* in our network
<CodeMouse92> sarnold: OH! Wrong link!!!
<CodeMouse92> sarnold: HERE is what I meant: https://secure.phabricator.com/book/phabcontrib/article/using_oauthserver/
<CodeMouse92> I hate when copy doesn't actually copy >.<
<CodeMouse92> (You're welcome to read that other one, though. it's a work in progress, but it works pretty well for us so far)
<Guest16595> some one help meeeee
<Guest16595> http://askubuntu.com/questions/803276/ufw-block-syslog-tcp-ip-is-blocked-and-this-is-allowed-in-ufw/803307#803307
<Guest16595> with this mdfk ufw, simple config, only allow port 80,22,12300:12400 tcp and udp
<sypher> Guest16595: I suppose my first question would be: Why are you trying to limit outbound connections?
<Guest16595> well i am new in this...
<sypher> Guest16595: Which makes my question all the more important. Do you know why you're trying to limit outbound connections?
<Guest16595> i have been trying to allow that range of ports
<sypher> Guest16595: You're not answering my question. WHY are you trying to limit outbound connections at all?
<sypher> Guest16595: Let's step back. The system in question, whose firewall you're managing. What is this system doing? Is it a webserver, etc?
<Guest16595> Because i am new and i didn't know what i was doing
<Guest16595> yes it is a webserver
<sypher> Guest16595: That's alright. I was just making sure there wasn't a specific purpose in mind.
<Guest16595> of tracking
<sypher> Guest16595: What ports does this server need to accept connections on from the outside? 80, 443, what else?
<Guest16595> gps conect to the server, a lot of gps..
<Guest16595> only port 80 for website, 22 for ssh, and range 12300 yo 12400 for gps...
<Guest16595> "gps trackers"
<sypher> Guest16595: Excellent. Do you have console access to the server, not through SSH?
<Guest16595> well i connect via ssh
<Guest16595> but i am not in front of server
<sypher> Guest16595: I ask because any firewall work can potentially disrupt your access to the system.
<sypher> Guest16595: I would suggest disabling ufw (sudo ufw disable), then resetting it entirely (sudo ufw reset).
<Guest16595> i disable the ufw, because if i enable it, it block some ports of the range
<sypher> Guest16595: Then skip the disable portion and fully reset it.
<sypher> sudo ufw reset
<Guest16595> i did it a lot of time and try with differents configuration
<Guest16595> and iptables, directly
<Guest16595> lik
<Guest16595> like iptables -A INPUT -p tcp -m tcp --dport 12340:12400 -j ACCEPT
<sypher> Guest16595: But none of them have worked, so let's just start from a known good starting point. Please reset ufw.
<Guest16595> yep
<Guest16595> i dit
<Guest16595> i did it.
<sypher> These GPS devices - do they communicate over TCP or UDP?
<Guest16595> with 2
<Guest16595> udp and tcp
<sypher> Guest16595: You should only require the following three rules: http://paste.ubuntu.com/21200464/
<sypher> Those three commands will allow SSH and HTTP inbound, as well as the ports you listed for the GPS devices. You don't need any manual iptables rules or outbound filtering.
<genii> most GPS use TCP, some can be set for either or both
<sypher> I don't have a clue of how they communicate. :P
<Guest16595> but when i type         ufw allow 12340:12400              it say           ERROR: Must specify 'tcp' or 'udp' with multiple ports
<sypher> Guest16595: Oh, fair enough.
<sypher> Guest16595: http://paste.ubuntu.com/21200626/
<Guest16595> and i need to specify protocol like,  ufw allow 12340:12400/tcp              and         ufw allow 12340:12400/udp
<sypher> Make that four commands, then.
<Guest16595> men, how i create a note like yours...
<sypher> Guest16595: http://paste.ubuntu.com/
<Guest16595> http://paste.ubuntu.com/21200858/
<sypher> Guest16595: That should be all you need.
<Guest16595> i show you what rules are in ufw
<Guest16595> well
<Guest16595> i run it and show you the logs erros, wait a minute
<sarnold> Guest16595: btw, the "pastebinit" tool in the "pastebinit" package makes creating pastebin links from a terminal really easy
 * sypher goes to install that...
<sypher> Guest16595: One more thing, actually. Could you pastebin the contents of /etc/default/ufw?
<Guest16595> sypher : http://paste.ubuntu.com/21201733/
<sypher> Guest16595: Your firewall functions as designed.
<sypher> Guest16595: Oh, wait, I see what's going on.
<sypher> Guest16595: Can you pastebin the output of 'iptable -L' for me?
<Guest16595> what?? it's the port source?
<Guest16595> yes
<sypher> err...
<sypher> iptables -L
<Guest16595> http://paste.ubuntu.com/21202041/
<Guest16595> and iptables -S
<Guest16595> http://paste.ubuntu.com/21202142/
<sypher> Guest16595: Huh. Can I also get 'ufw status verbose'?
<Guest16595> yep
<Guest16595> http://paste.ubuntu.com/21202879/
<sypher> Guest16595: And you're still seeing that traffic blocked?
<Guest16595> yes
<Guest16595> i see some ips blocked
<Guest16595> maybe it would be the time of connections?, like this "ufw supports connection rate limiting, which is useful for protecting against brute-force login attacks. When a limit rule is used, ufw will  nor-        mally  allow  the  connection  but  will  deny  connections  if  an  IP  address attempts to initiate 6 or more connections within 30 seconds. See        http://www.debian-administration.org/articles/187 for details.
<sypher> Guest16595: My theory? When you reenabled ufw, it likely reset its connection tracking. TCP packets coming in with the ACK flag set imply that it's a response to something the server set, but iptables doesn't have a record of the connection, so it drops it.
<sypher> Guest16595: You might try port-scanning your server to confirm that the ports are, in fact, open from the outside, if you're familiar with the process on how to do so.
<Guest16595> http://paste.ubuntu.com/21203533/
<sypher> Guest16595: You can't portscan yourself locally. :P That doesn't hit the firewall at all.
<Guest16595> jejeje wait a second
<Guest16595> this is from my computer to server, server has ufw enable
<Guest16595> http://paste.ubuntu.com/21204076/
<Guest16595> i have a virtual machin with linux mint xD
<sypher> Guest16595: You'
<sypher> Guest16595: You're being rate-limited. :) I can tell because of the gaps in the port numbers.
<sypher> Guest16595: Which is odd, because ufw doesn't rate-limit by default, last I checked.
<sypher> Guest16595: Actually, no, you're not. The list of listening ports from the outside matches what you got locally. You're just not listening on that whole range. So, yeah. Your firewall is functioning properly for new connections.
<Guest16595> And if my firewall is functioning properly, what i can do, ?
<Guest16595> enable, and wait for the gps tracker reconnect again?
<sypher> Guest16595: Correct.
<Guest16595> i'm going to check this, the things and learn jajajajaj, well linux is a world to learn
<Guest16595> sorry i try to say that things that i learned to config a simple options for range port
<Guest16595> sorry i forgot to thank you <sypher>, thanks for your time and for all help, i will check the logs
<CodeMouse92> I have an HTTPS site configured in Apache2, and I've enabled it and reloaded Apache. I also have the port open on the firewall
<CodeMouse92> However, no dice. It's 404ing me.
<CodeMouse92> here's the site conf. I've replaced the actual website with example.com: https://bpaste.net/show/71dc8232431e
<powersj> CodeMouse92, check apache logs and see if it just can't find the index.* file or whatever you are trying to pull up.
<CodeMouse92> powersj: Unfortunately, no dice. Unless I need to specify loglevel in that .conf...?
<powersj> no dice as in no logs at all or can't find them?
<CodeMouse92> As in, nothing odd in /var/log/apache2/error.log
<powersj> check access.log as well to see what was trying to be pulled up by apache
<CodeMouse92> powersj: Absolutely nothing for this domain at all
<CodeMouse92> For this site, sorry
<CodeMouse92> Other sites, yes, but I just refreshed this page, got 404 still, but nothing appears in access.log or error.log to that effect
<CodeMouse92> I'm clearing logs and refreshing
<CodeMouse92> Restarting apache2, sry
<CodeMouse92> powersj: After clearing logs and restarting, and then attempting to go to the site in question, access.log is empty. error.log is https://bpaste.net/show/b877a0537b0b
<CodeMouse92> All other sites operating normally
<powersj> Any other site using SSL?
<CodeMouse92> Yes, all but one
<powersj> ok so it is enabled correctly
<CodeMouse92> Same cert, too.
<CodeMouse92> Validated location of document root, and it has www-data ownership
<powersj> the only other thing is the ServerName, does your version actually have www.*.com:8442 (note the www)
<CodeMouse92> I'm not sure I understand. Another valid SSL site is using 'example.com:8446'
<powersj> then that isn't it
<CodeMouse92> I've even tried moving my working directory to /var/www/protected
<CodeMouse92> And pointing to that. No dice
<CodeMouse92> powersj: Problem solved. didn't add the port to /etc/apache2/ports.conf
<CodeMouse92> It's now working
<powersj> grats :)
<CodeMouse92> Anyone familiar with mod_auth_openidc? I need to get it working with this: https://secure.phabricator.com/book/phabcontrib/article/using_oauthserver/
<ubuntu_> Is there anything for linux machines that one can uses thats equivalent to hyper-v in the repos i see type 2 virtual software but not to much type 1 software in the repo's
<ubuntu_> I know vmware , ...etc are options i would imagine but there is really not much apt-get install based stuff
<sarnold> ubuntu_: I haven't got a clue what you mean by "type 1" and "type 2" but there's qemu/kvm and xen and virtualbox; most people use qemu/kvm with the libvirt wrappers
<sarnold> ubuntu_: there's also kvmtool but that's used less frequently than qemu/kvm
<ubuntu_> type one based hyper visors that work at bare hardware level as opposed to a vbox on the OS itself. I know i am not explaining this well
<ubuntu_> Is there any type 2 software that would allow one to setup virtual remote desktop to 1000 client computers
<ubuntu_> like having 1000 client linux machines boot up into a virtual machine hosted on the ubuntu server
#ubuntu-server 2016-07-28
<sarnold> ubuntu_: that sounds a bit like LTSP
<ubuntu_> whats LTSP
<sarnold> linux terminal server project http://www.ltsp.org/
<ubuntu_> O is that going to support vnc or rdp or both
<ubuntu_> because thats kind of cool
<sarnold> a quick skim of http://wiki.ltsp.org/wiki/Concepts gives me the impression that it's native X11
<cncr04s> Is there any comprenehsive guide on using kvm/qemu/libvirt on ubuntu. I specifically use virsh to start stop and edit all my virtual machines, I suppose that is all that is really needed but just wondering if there are any additional commands that do other usefull stuff, like adding a new disk while the vm is running, etc.
<ubuntu_> Also curious for GPT partitioning what is the prefered file system for a linux partition is it  ext4 or is it like LVM  or some virtual level file system that one can cuse
<ubuntu_> I guess what i am getting at is the best filesystem for large data centers with expandable racks or Loading more HDD drives / expansions
<sarnold> I'm a fan of ext4 for OS storage and openzfs for your data
<ubuntu_> GPT covers pretty much infinity size partitions but for a file system on  that partition kind of wondering what linux file system
<sarnold> some people do like to pu their ext4 filesystems on top of lvm but i'm too lazy to figure that out
<ubuntu_> zfs and ufs is more for *bsd  file systems
<ubuntu_> but ya i guess you could uses the zfs for linux
<cncr04s> i just format them as ext4
<cncr04s> and mount them
<ubuntu_> I am wondering what linux file system is good for expansion of data like a server in the data center that one can add HDD
<sarnold> zfs
<ubuntu_> zfs on top of ext4 or just zfs on the bare partition
<sarnold> zfs on bare drives
<sarnold> don't partition the drives, the zpool tool takes care of everything
<ubuntu_> gotcha for windows ntfs supports zfs type expansion?
<ubuntu_> or is windows using a different file system
<sarnold> I haven't used ntfs in 16 years, I suspect it's changed a bit :)
<cncr04s> you can extend a partition across drives in windows
<cncr04s> otherwise, raid
<ubuntu_> for data centers i know ntfs is enough for any small business or  most HDD drive but more interesting in the data center
<cncr04s> in my datacenter, I put in a drive, format it as ext4, mount it in whatever folder I want
<cncr04s> depends on what your doing
<ubuntu_> Yes but can you extend the file system accrosss drives or do you have to reformat the ntfs after you expand the drive
<ubuntu_> when your spreading it over more then one drive
<cncr04s> in windows: just initilze the drive, and extend the partition onto it
<ubuntu_> It would have to have some LVM virtual software on top of the bare file system i would imagine
<cncr04s> windows has its own stuff, not compatible with linux
<cncr04s> otherthan just a ntfs partition
<ubuntu_> O ok ya never tried it only expanded and shrink HDD partitions on the same HDD drive
<ubuntu_> curious is there any  drive that can go do both zfs and ntfs
<cncr04s> zfs is a filesystem
<sarnold> drives just hold bits, you can put whatever filesystem you want on them
<ubuntu_> I guess would be nice to know that a driver is out there for windows and mac to support zfs
<sarnold> I understand the OS X openzfs port has been revived. I haven't heard of anyone working on a windows openzfs port.
<cncr04s> I don't know and I doubt it. so count windows out. if the drive goes into a linux server is stays in a linux server
<ubuntu_> Because how else if you uses zfs and now not have linux anymore are you going to beable to get the data off the zfs you would have to have a means to install a zfs driver .sys .dll onto the windows machine
<cncr04s> boot into a linux live cd
<sarnold> you can also run one of the illumos-derived distributions, such as smartos or omnios
<ubuntu_> though linux has ntfs don't you think windows should have zfs driver made?
<sarnold> dunno. I worry about linux and let microsoft worry about windows.
<sarnold> if they think their users would like zfs they're free to try to port it
<ubuntu_> But you think since file on a file system is really what people life for when it comes to computers you think you want portablity between major filesystems
<ubuntu_> without storage or files/filesystem you just got computer memory which is nice but then you don't have persistant storage or any kind of information systems other then at an instance in memory
<JanC> seems like there used to be a read-only ZFS for Windows, but it can't even read recent versions
<sarnold> there was a fuse-based zfs a while ago but I think it's .. quite stale
<sarnold> I certainly wouldn't trust any data I cared about to fuse
<JanC> dokan-based
<sarnold> so the idea of zfs-fuse strikes me as funny :)
<JanC> the one I saw
<JanC> fuse is useful to rescue data off a disk if there is no other driver though
<sarnold> yeah
<sarnold> or a convience vs sftp or scp all the time :)
<sarnold> convenience
<JanC> I rescued data from disks that came out of a ReadyNAS NV+ with it some time ago (apparently they use or used a patched ext3 in some of their NAS systems, which can be read with one of the fuse-based implementations of ext2/3/4)
<sarnold> that's ... odd :)
<sarnold> hooray for the patched versions being available though
<sarnold> that'd be a frustrating way to lose data if it were stuck in their silo
<CodeMouse92> How do I find my LDAP URL and port (preferably via phpLDAPadmin?)
<JanC> sarnold: you can mount those filesystems in Ubuntu with the implementation in 'fuseext2' (there is info about how to do it on the internet)
<sarnold> JanC: neat
<CodeMouse92> Nevermind, I think I have it figured out.
<CodeMouse92> How do I configure phpldapadmin to ONLY be available over localhost>
<CodeMouse92> (Solved that too. Sorry!)
<Alpha> Hi
<MASM> There are some expert in firewall(ufw) ubuntu??
<MASM> how i create a note? to share hereÂ¿?
<sarnold> MASM: the pastebinit package has a pastebinit tool that makes it easy to create and share links to pastebin contents
<MASM> thanks, and how to put before name and then texÂ¿? it is automatic?
<MASM> sarnold:  <-----?
<sarnold> MASM: most irc clients let you type a few characters of the nickname and then hit tab to complete the rest of it
<sarnold> I just type m<tab> and get MASM: automatically :)
<MASM> thanks, i'm new in this...
<sarnold> welcome aboard :)
<MASM> sarnold: if i want to write in pastebin, code like terminal, what option from "Syntax Highlighting" i need to choose ?
<sarnold> MASM: probably you can keep it 'plain text' or something similar; the syntax highlighting is if you're pasting part of a program
<sarnold> MASM: but shell interactions don't usually improve with syntax highlighting :)
<MASM> sarnold: thanks a lot
<MASM> There are a limit for connection to a socket in ubuntu server ????
<sarnold> there are many limits
<sarnold> you have to have the right privileges to bind to a tcp or udp port <1024 ; there are a maximum number of file descriptors available to a process ; uhhh, I'm sure there's more, but that's all I could think of quickly :)
<MASM> i have ubuntu server, i config ufw to allow some range of ports, but in syslog, appear the tag "[UFW BLOCK]" ipsource, ipserver, portsource, portdestiny, and i allow that port, i think, maybe it would be the limit of socket connection with tcp
<sarnold> MASM: if it has a tag like that, then it was probably blocked by ufw
<MASM> you know about ufw?,
<sarnold> a little
<sarnold> I'm sadly vastly uneducated about linux firewalling .. twenty years ago I was awesome at it but then everything changed :)
<MASM> sarnold: Everything Changed When The Fire Nation Attacked
<bindi> can anyone shed light on why my iptables rules werent loaded after a reboot? i had been running my ass wide open for a few days.. had to do iptables-restore and it loaded the rules from /etc/network/iptables.up.rules
<MASM> i need help with ubuntu server with ufw and iptables e.e
<tsimonq2> !help | MASM
<ubottu> MASM: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<MASM> ubottu: Thanks for the tips, i am new in this chat
<ubottu> MASM: I am only a bot, please don't think I'm intelligent :)
<lordievader> MASM: What is your actual problem?
<MASM> beffore all: ubuntu-server, with services apache,ssh, and it receive information from gps trackers, that reports every time, and are constantly,
<MASM> I have a problem with ufw, and connections tcp incoming, I allowed port 80, 22, 12300:12400/tcp and udp,    the problem is when i see tail -f /var/log/syslogs | grep "UFW BLOCK", i saw a ips blocked that ips are destiny to port 80 and 12363 <- this is in range that i allow, and i see in iptables, that are a limit of 3/min, i changed this to 1/s , i think i solved this, but not, in this morning i saw some ips blocked in port 80 
<MASM> http://paste.ubuntu.com/21287991/
<lordievader> MASM: What does nmap say?
<lordievader> And jeez what a mess does ufw make of iptable rules.
<MASM> nmap from local or from external machine?
<lordievader> External
<MASM> ok wait a minut
<jdstrand> MASM: those drops might have been from something else. eg, when an existing or new connection is coming in at the time you do 'sudo ufw reload'
<jdstrand> MASM: your policy looks fine. I suggest tailing the log while trying to make a new connection. it should be fine. I might also point out 'sudo ufw show raw' which gives a full dump of everything
<jdstrand> also, not sure how this is a 'mess'. it is actually quite organized so it won't stomp on other applications that add rules
<MASM> nmap from linux mint : http://paste.ubuntu.com/21289724/
<MASM> Jul 28 10:31:05 u2139 kernel: [73766.1808] [UFW BLOCK] IN=eth0 OUT= MAC=08:00 SRC=187.210.150.xx DST=74.208.x.x LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=45020 DF PROTO=TCP SPT=46420 DPT=80 WINDOW=1414 RES=0x00 ACK FIN URGP=0
<MASM> i still get some messages from syslog, with this rules
<MASM> if i undertend this, all are right, and i only need to wait for the gps reconnect again?,
<jdstrand> MASM: nmap is sending an invalid packet. See: 'ACK FIN' is not valid. 'SYN ACK' or 'FIN' are
<jdstrand> MASM: and ufw blocks invalid packets by default:
<jdstrand> # drop INVALID packets (logs these in loglevel medium and higher)
<jdstrand> -A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
<jdstrand> -A ufw-before-input -m conntrack --ctstate INVALID -j DROP
<jdstrand> MASM: use your browser to reach the destination on port 80 and you shouldn't see a denial
<MASM> yes the web site show perfectly
<MASM> jdstrand: you say that that packets that ufw block are invalids?
<jdstrand> MASM: tools like nmap are super flexible and send weird stuff to see if they can illicit information out of the firewall, sometimes for OS fingerprinting and the like. the denial is expected and fine. your rules are fine
<jdstrand> MASM: that log entry you gave shows 'ACK FIN' for the tcp flags. that is an invalid combination, yes
<jdstrand> s/illicit/elicit/ (not sure why I typoed that :)
<MASM> jdstrand: and this logs are normal, this have "ACK" only
<MASM> http://paste.ubuntu.com/21292299/
 * jdstrand notes ACK and FIN can be legitimate under certain circumstances as part of connection tracking, but my point was an nmap-generated packet the sends an ACK/FIN is snot
<jdstrand> is not
<jdstrand> MASM: how are you generating those? with nmap?
<jdstrand> this seems like possibly a problem with connection tracking if not
<MASM> that are reals gps tracking
<jdstrand> MASM: what is the output of: sudo /usr/share/ufw/check-requirements (feel free to paste it to paste.ubuntu.com)
<MASM> jdstrand: this is the output - http://paste.ubuntu.com/21293215/
<jdstrand> MASM: no, you need to run: sudo /usr/share/ufw/check-requirements
<MASM> ha sorry jejjeej
<jdstrand> MASM: on the system that has the firewall
<MASM> jdstrand: http://paste.ubuntu.com/21293437/
<jdstrand> ok, that's good. your kernel has everything it needs
<jdstrand> MASM: can you paste the output of 'sudo ufw show raw'?
<MASM> ok
<MASM> jdstrand: http://paste.ubuntu.com/21293970/
<jdstrand> MASM: ok, I don't see any rules that would interfere with ufw. your firewall looks fine. this seems like a problem with connection tracking. I suggest googling: netfilter connection tracking dropped packets (the first entry is good)
<jdstrand> MASM: that said, depending on how you are reloading the firewall, you can get invalid packets since they aren't part of an established connection. those should start to die down very soon after the firewall/machine restart though
<rbasak> smoser: do you have a reference to ivoks' ntpdate bug please? I can't find any that he reported.
<jdstrand> MASM: if they don't, look at the connection tracking stuff
<jdstrand> MASM: one final question: did you modify /etc/ufw/*rules by hand? I'm seeing very few packets counted in ufw-user-input chain
<smoser> rbasak, will look.
<jdstrand> MASM: ie, an excerpt from your last paste: http://paste.ubuntu.com/21294738/
<MASM> i only add directly iptables rules and ufw, and not in files,
<jdstrand> MASM: what do you mean by 'i only add directly iptables rules'?
<jdstrand> MASM: you are adding rules outside of ufw?
<MASM> but i reset all, and put rules via ufw like allow 200, 80 and range ports 12300:12400
<jdstrand> MASM: what version of Ubuntu is this on?
<MASM> i did but i reset iptables and ufw, and begin again only with allow that ports that i mentioned
<smoser> rbasak, its a private bug.
<MASM> 14.04 stable
<MASM> and ufw 0.34~rc-0ubuntu2
<jdstrand> MASM: can you paste the output of: sudo sha256sum /etc/ufw/*
<MASM> jdstrand: i reset ufw a lot, jejejej http://paste.ubuntu.com/21295261/
<jdstrand> MASM: can you paste /etc/ufw/ufw.conf ?
<MASM> jdstrand: http://paste.ubuntu.com/21295548/
<devster31> is there any way to give ssh process the maximum priority over the available bandwidth?
<jdstrand> ok, all your files look fine. please run this series of commands:
<jdstrand> sudo ufw disable
<jdstrand> sudo /lib/ufw/ufw-init flush-all
<jdstrand> sudo ufw enable
<jdstrand> MASM: if there are errors with the above ^, please paste them
<MASM> i didn't get any errors, it was ok
<jdstrand> ok, then everything should be fine
<jdstrand> tail the log and you'll hopefully not see any more logged denials after now (check the timestamps! :)
<jdstrand> MASM: ^ if you do, check the connection tracking stuff I mentioned
<MASM> I'm cheking my syslog, and i get some block ports, http://paste.ubuntu.com/21297086/
<jdstrand> MASM: many of those aren't in the range you specified (it would be easiest if you pasted only the new ones). look into the search on the connection tracking and see if that is affecting you. another thing to investigate is whatever is running on 12363 if it is perhaps sending weird packets. tcpdump/wireshark/etc would help there
<MASM> jdstrand:  I have a nodejs runned with "forever start myscript.js" this open a specific ports that gps tracker, connect to port via tcp or udp and they (gps) give to server the information about imei,status,position,etc,
<jdstrand> if it isn't connection tracking related, then I think you need to look more deeply at the packets. alternatively, you could add rules to /etc/ufw/before[6].rules that don't care about connection tracking
<Shambles> I'm trying to remove ACL's that I accidently placed on a folder from a Windows machine.  I'm trying to use setfacl by typing 'setfacl -x /folder/path' but it responds with "setfacl: Option -x: Invalid argument near character 1"
<Shambles> I don't see what other arguments I would need besides the folder path
<teward> Shambles: it's expecting an ACL spec for -x
<teward> from the man page:
<teward>        Removing a named group entry from a file's ACL
<teward>               setfacl -x g:staff file
<teward> you're not giving it an ACL to 'clean' and it expects one
<teward> s/an ACL/an ACL pattern or spec/
<Shambles> Ah ok thanks teward.  Was just expecting it to purge all ACLs and leave basic permissions
<teward> Shambles: yeah, apparently not (if you look at the man page you'll see a little more about the -x argument flag, and see what it expects.
<teward> Shambles: -x without anything doesn't appear to be the equivalent of 'flushing out the acl' :P
<sarnold> would -b do what you want?
<teward> i was about to say that
<teward> stop reading my brain
<sarnold> or maybe -k
<teward> Shambles: you can try -b
<sarnold> tough to tell :)
<teward> sarnold: erm
<teward> Shambles: do you want to leave the basic UNIX style permissions in place (owner, group, other)?
<teward> 'cause -k removes the default, and not the extended.  -b removes the extended, and not the defaults
<teward> combine, and ACL is nuked, maybe
<teward> sarnold: I think -b is what they need...
<teward> or want...
<teward>        -b, --remove-all
<teward>            Remove all extended ACL entries. The base ACL entries of the owner,
<teward>            group and others are retained.
<teward> i should *really* stop pasting here
<teward> *goes to disable paste*
<CodeMouse92> I have a bit of a puzzle. On a leased server, my "root" domain name points to /public_html, as it should. However, I want to put all of the *pages* that appear on that site in a separate folder. I've already got a rather complex .htaccess...
<CodeMouse92> ...actually, I just answered my own question.
<CodeMouse92> Is it possible to configure an .htaccess to treat contents of a subfolder as if they were in the root folder?
#ubuntu-server 2016-07-29
<masuberu> I am deploying a software that runs on ubuntu 12.04 and I need to install git
<masuberu> however apt-get can't find neither git nor git-core
<masuberu> what can I do?
<sarnold> masuberu: run "apt-cache policy git" .. it should show which repository it would install which version of the git package from
<masuberu> sarnold: N: Unable to locate package git
<sarnold> masuberu: strange. how about "apt-cache policy bash"? you've probably got that installed anyway, i wonder how it got there.. :)
<masuberu> http://pastebin.com/raw/WwgZe90A
<sarnold> masuberu: check your /etc/apt/sources.list file -- is the mirror there still valid?
<masuberu> sarnold: I doubt, it doesn't even do apt-get update
<ubuntu_> curious in the newer versions of ubuntu server i have come across when installing  MAAS install region or rack . I read about the hardware requirements i  know i don't have enough for those or openstack  more for large data centers then for small home networks. But curious what is the difference between region or rack installs?
<ubuntu_> When would one do a region over a rack visa-versa
<ubuntu_> As i understand it these are all cloud based computing technologies
<masuberu> http://pastebin.com/raw/FQrFCnev
<sarnold> masuberu: owwwww. I have to admit I wasn't expecting this one ;)
<ubuntu_> try using a different repo location
<sarnold> masuberu: are there nameservers in /etc/resolv.conf ? do they work?
<tarpman> is the VM in question even connected to a network...? :)
<ubuntu_> /etc/apt/source.list or uses the system control center or aptitude,...etc
<masuberu> ups
<sarnold> ubuntu_: there's some description of the rack controller vs region controller here https://maas.ubuntu.com/docs/install.html
<masuberu> it is not resolving names ...
<sarnold> tarpman: ha :) good question
<masuberu> damn
<masuberu> sorry my bad
<ubuntu_> curious i know this is stupid but cloud computing seems to me like a virtual remote desktop  session to many different servers. Like a hyper-v on many different servers
<sarnold> ubuntu_: most 'cloud' computers never have a desktop of any sort
<ubuntu_> I know there is like paas, saas ,...etc distinctions of different clould services at different layers but seems as its all like a remote app , or rdp virtual session to different servers
<ubuntu_> Right the cloud computer doesn't need a desktop just some hyper-v service base thing that clients with desktops connect to
<sarnold> most of the time they don't have clients with desktops connecting to them either :)
<ubuntu_> How is virtual remote desktop , remote apps,..etc anything different then what cloud is ... just cloud is using more computers but same prinicpals
<sarnold> they run databases or webservers or fileservers or firewalls or streaming radio stations or antivirus scanners or irc bouncers or mathematica or openmpi or ... :)
<ubuntu_> ya but at this level cloud is just like it was back in mainframe times just services on a remote computer that people could remote into uses... I get cloud makes it look pretty i guess thru web interfaces other stuff but non the less its not anything really new
<sarnold> the basic "gist" of "cloud" is that there's an API that you can use to get new virtual machines or new storage devices or new IP addresses and attach them around
<sarnold> ubuntu_: yes :)
<sarnold> we've returned to the days of the "computing center", hehe
<sarnold> except instead of a shell account on the university mainframe, it's an API endpoint that can spawn machines as users used to spawn processes...
<ubuntu_> that would be like remote desktop into a virtual machine
<sarnold> if that's a useful analogy for you, that's fine, but just be sure you know that most machines never run graphical programs and most never have any user interaction at all -- programs are installed and configured using tools like juju or chef or ansible, they run servers, and almost nothing ever actually interacts with humans...
<ubuntu_> I get that
<ubuntu_> What would you say grid computing and cloud computing differ... because i always confuse myself with the distinction of computing in the cloud as opposed to grid
<ubuntu_> I would say they could be pretty much the same or over lap a lot
<sarnold> 'grid' always feels like it runs a single program that handles jobs; jobs are distributed, run, and then collected; cloud usually installs services on virtual machines
<Shambles> teward, sarnold -b worked with setfacl.  Everything looks clean again
<Shambles> Really it wasn't super important but I didn't want some random ACL to remain on the root of my wifes share
<ubuntu_> ya but what is cluster computing isn
<ubuntu_> t
<Shambles> I need to train myself to use the man command instead of --help.  Thanks for the assistance
<ubuntu_> cluster nodes just mirror images of each other for load balancing and fail over
<ubuntu_> because if thats the case cluster computing is just  load balancing computing not  computing different services on different nodes
<ubuntu_> what i mean is to do different computing on different nodes one would have to uses more then one cluster
<ubuntu_> if i am understanding cluster computing correct... i have never need clusters all that much and the computing part never understood the term... i do understand the  point to clustering for redundancy , and load balancing but for COMPUTING?
<sarnold> Shambles: great :)
<sarnold> ubuntu_: clustering is very rarely used for mirroring entire machines
<ubuntu_> wait so a node is only  take pieces of software and mirroring them and the other part of the nodes can be very different
<ubuntu_> I am looking at clustering as some kind of network raid between servers called nodes
<ubuntu_> But if it can be pieces of servers that are mirror images with the rest distinct sections of server
<ubuntu_> I would think they have to be mirror nodes since how else would fail over work... if a system goes down you need a mirror node to take over?
<ubuntu_> For NLB clusters  i could see  nodes being not mirrors just the application being mirrored that are part of the NLB cluster ... just not sure
<ubuntu_> Unless fail over clusters can be just setup as well to just mirror sections of the whole server like a database, web server,applicaton server,..etc. But to me when i think of a cluster it is  network raid for redundancy /backup and load balancing performance
<sarnold> you can do both; database sharding is quite common, failover is less common
<ubuntu_> fail over is like when they do network raid  / mirroring the server through out the different nodes in the cluster for  redundancy and uptime protection right?
<ubuntu_> And NLB is more for just mirroring sections of servers like , application ,database,..etc
<ubuntu_> if i understand you correct
<ubuntu_> and thats the most common way's data centers uses them
<temmi_hoo> clustering to solve computing problems is often done with splitting the problem to blocks handed out to large numbers of nodes
<temmi_hoo> seti@home is a very large geographically distributed approach in clustering
<ubuntu_> ok but then cluster computing is just say i was accessing data from a data base it may uses  node1 and node2 so its just computing that splits up the same task
<sarnold> NLB?
<ubuntu_> network load balancing
<temmi_hoo> a database cluster is usually not a computational cluster
<temmi_hoo> the database cluster might have a frontend machine or any node might act as a frontend, then the data is stored in a distributed fashion but the db user doesn't need to know where, upon making a db query the db cluster finds the data and hands it to the user
<ubuntu_> what are these computational clusters your talking about .... because i can only see this type of computing between  different clusters not really different computations between nodes in a particular cluster
<temmi_hoo> computational clusters such as any modern supercomputer in the last oh forty or so years
<sarnold> check out this computational cluster :)  http://www.netlib.org/utk/people/JackDongarra/PAPERS/sunway-report-2016.pdf
<temmi_hoo> also seti@home and the like
<temmi_hoo> anytime you see weather report the forecast is computed on a clustered machine
<ubuntu_> And curious is it possible to do iscsi  clusters like SAN clustering
<temmi_hoo> it is
<temmi_hoo> storage clustering can use iscsi or even nfs over ip as its communication media but in real performance oriented datacenters sas is used with specialized sas switching fabrics
<ubuntu_> ok
<ubuntu_> so cluster computing is just a form of distributive computing or splitting the database files pieces on seperate servers if its NLB based cluster... but if its fail over cluster you have to kind of have mirror images on nodes
<temmi_hoo> not just database
<ubuntu_> for your example
<ubuntu_> Similar for other applications
<temmi_hoo> it can be block storage or filesystem level storage or .... or raw number crunching
<ubuntu_> So then how is this different then grid computing
<temmi_hoo> they're not dissimilar :)
<ubuntu_> Ok just one larger then the other i guess :)
<temmi_hoo> you can build your own virtual datacenter out of virtual servers that run somewhere in them clouds
<ubuntu_> And cloud computing is this just virtualized cluster computing
<temmi_hoo> vagrant is one very cool tool to manage these kinds of systems
<temmi_hoo> it allows you to build your system in very low performance model running on your laptop and then provision exactly similar cluster running in a paid cloud service such as amazon ec2 or azure cloud or googles services or somewhere else
<ubuntu_> nice thank you so much for clearing up my confusion on those things. I still don't get the MAAS , openstack stuff yet its supposed to be for cloud /grid but it looks similar like it could be used for clustering for the new ubuntu server installs
<temmi_hoo> vagrant can also be used to distribute your software and configuration as something called "immutable servers" so that every time you make a new version of anything, you're building a brand spanking new fresh and shiny cluster
<temmi_hoo> now this might not be the solution most often recommended in this channel, i'm not always following what is being said in here :)
<ubuntu_> For me when i was going thru windows 2012 r2 i got alot of the settings/how to configure stuff but  me being on such a small network  didn't get alot of the purpose so now i see the light with clustering / data center huge things
<temmi_hoo> anyway vagrant is really cool and you can manage a system of virtual windows/linux/bsd/whatever machines with it
<ubuntu_> like a hyper-v
<temmi_hoo> hyper-v is the virtual machine hypervisor much like virtualbox or xen
<temmi_hoo> vagrant is the thing that lets you control hypervisors and the virtual machines in them with programmatical configuration scripts
<cazorla19> Does anyone know how to run service upstart job from unprivileged user withous sudo?
<cazorla19> The issue: if I even run upstart job from unprivileged user but with sudo - the daemon process is going to be run with UID 0 which means root
<cazorla19> It may be OK, but the issue in security: is it secure to run daemons as a root?
<cazorla19> And how to reconfigure upstart to permit service launched as a trivial user with no sudo?
<cazorla19> Upstart cookbook doesn't give any sense to solution: I tried to run "exec start-stop-daemon --start -u myapp --exec /usr/bin/myapp start"
<cazorla19> But I still have upstart permission denied and also kicked out from SSH connection which looks such funny
<cazorla19> Please if someone had this issue - help me
<rbasak> tyhicks: I'm reviewing a merge for cpaelzer and the Ubuntu->Ubuntu diff includes this: http://paste.ubuntu.com/21398245/
<rbasak> tyhicks: do you know if this is OK please? Does apparmor/dh-apparmor require the package to drop in these directories?
<rbasak> I suspect it's fine, but I thought I'd check.
<jdstrand> I can answer that
<jdstrand> unless someone changed dh_apparmor very recently without us knowing, ntp.dirs should not have dropped those entries
<jdstrand> tyhicks: ^ (I answered rbasak)
<tyhicks> thanks!
<rbasak> jdstrand: thanks!
<ctjctj> We have a number of users that have laptops.  Those laptops are running a VM with 14.04LTS server for development purposes.  We are having an issue where the user is moving from one network to another and the VM is not picking up this change "fast enough".  What is the best way to detect that the network has changed and that we should get a new lease from the dhcp servers?
<rbasak> ctjctj: how are the VM NICs configured? Is the host doing NAT, or are you bridging through, or something else?
<rbasak> You could perhaps arrange to tell the VM that the cable is disconnected when the laptop is disconnected, and vice versa.
<ctjctj> rbasak, the NICs are setup as bridged running under virtualbox for most of them (I use kvm but they don't).  So all of the VMs are true internet entities within their little lan (Or if they get IPv6, so much the better)
<rbasak> ctjctj: my feeling is that this is best addressed at host level - by making the VM appear to have a disconnected cable at the appropriate times. I don't know to what extent virtualbox has an API-driven capability to do that though.
<rbasak> ctjctj: together with something like ifplugd in the guest assuming you're not using network manager.
<rbasak> ctjctj: alternatively using host-based NAT solves it too.
<ctjctj> rbasak, *nods* I hear you and understand.  I'm not a VB expert so I don't want to go down that path.  I might just run a script every 5 minutes to do a network test to the defined router.  If it fails over 5 seconds perform an ifdown eth0; sleep 15; ifup eth0 to fetch the new configurations.
<rbasak> ctjctj: I wonder if dhclient can be configured to attempt very frequent renewals.
<ctjctj> That was my first hope.  I can tell it, via configuration, the data at which to renew/rebind but not a "no more than 1 hour between rebinds"
<hackeron> Hi there, I have Ubuntu 16.04 installed on a raspberry pi, the ethernet shows up as enxb827ebd24e19. I try to create a network alias with ifconfig enxb827ebd24e19:0 192.168.88.100 but it just changes the interface IP rather than creating a second virtual interface-- any ideas?
<compdoc> pastebin ifconfig -a
<hackeron> compdoc: https://gist.github.com/xanview/5820c20c3500457be9754dfe7d3ae1e2
<thenewone> hi
<thenewone> i get this error message
<thenewone> when i try to install something
<thenewone> dpkg: unrecoverable fatal erro, aborting:
<thenewone> files list file for package 'linux-headers-4.4.0-32-generic' is missing final newline
<thenewone> E: Sub-process /usr/bin/dpkg returned an erro code (2)
<thenewone> can how can fix this and thanks
<RoyK> thenewone: try apt-get update again
<thenewone> i did it 3 times
<thenewone> with upgrade and dist-upgrade
<thenewone> with reboot
<sarnold> check dmesg; do you have any IO errors?
<RoyK> and perhaps apt-get clean first
<thenewone> i made a script with clean autoclean remove and autoremove
<thenewone> sarnold, about that no error
<thenewone> actualy i was trying to install docker-engine and i inturpted the installation
<thenewone> i followed the wiki
<thenewone> when i tryed to install it agian
<thenewone> again*
<thenewone> didn't work
<thenewone> start giving this error
<thenewone> i think i should reinstall linux-headers ?
<van777> hi! i've got ipv6 only address now. i've made port forwarding on the router for the ip webcam. How do i access it from ipv4 address??
<sarnold> and maybe delete the package from /var/cache/apt/....
<RoyK> van777: nat64
<van777> RoyK: let me google it..
<thenewone> y
<thenewone> sorry miss window :)
<van777> RoyK: omg. nat64 is too hard to configure. it's built-in in cisco routers, i doubt about mine
<sarnold> van777: you might be able to get a VPS somewhere that's dual-stacked and do some nc -l port forwarding kinds of things..
<van777> a vps is too expensive ( i've been trying digital ocean for 4 months
<van777> i might have luck with https://tunnelbroker.net
<RoyK> van777: crowncloud.com is rather cheap
<van777> RoyK: Thanks!
<van777> Wouldn't it be easier for me to change the ISP!!
<van777> but crownclowd cheapest plan is $4/month . not bad
<sarnold> a tiny little instance for $15/year too. neat.
<van777> sarnold: wow
<van777> sarnold: heh, that offer doesn't support ipv6
<sarnold> awwww
<RoyK> they have ipv6 all the way
<sarnold> RoyK: not on this one https://crowncloud.net/clients/cart.php?gid=23
<RoyK> oh
<RoyK> bad
<RoyK> bad boy buddy
<sarnold> pity, it seemed perfect :)
<RoyK> sarnold: I have ipv6 on my vms
<RoyK> from them
<sarnold> yeah most of their offers do, I think that's the only one that doesn't have at least an /80
<RoyK> I have /80
<RoyK> anyway - it's a vm, so it's ok
<RoyK> I just asked on #crowncloud - they are pretty good at answering there
<RoyK> you get good support on irc from them
<sarnold> that's worth its weight in gold :) heh
<RoyK> the weight of those bits? :D
<sarnold> :D
<sarnold> RoyK: oh while you're there, "Temproary" on https://crowncloud.net/dedicated_servers.php
<RoyK> oh - I only use their services for a mail server - I have a dedicated at bitraf.no that work well, albeit old
<sarnold> looks cool :) but perhaps not universally useful :)
#ubuntu-server 2016-07-30
<lucas_ai> What's a very fast browser for linux that I can use really fast with keyboard shortcuts, not much with the mouse? I wanna increase productivity.
<sarnold> lucas_ai: a friend told me about this, but I couldn't figure out how to run it http://edbrowse.org/
<sarnold> lucas_ai: I use pentadactly for firefox, but it's chronically not functioning after firefox updates, and you have to run it from git... maybe search for it and then figure out something -else-. I can't, I'm too used to pentadactyl now. some day when I have to switch life is goign to be terrible for a few months.
<hallyn> sarnold: i'm back to using vimperator (which pentadactyl was the new version of)
<hallyn> it has a few downsides, but at least it always works
<lucas_ai> I made a simple service and put it in /etc/init.d/potentialstudio ... why am I getting this error: Failed to start potentialstudio.service: Unit potentialstudio.service not found.
<lucas_ai> I made a simple service and put it in /etc/init.d/potentialstudio ... why am I getting this error: Failed to start potentialstudio.service: Unit potentialstudio.service not found.
<Seveas> lucas_ai: /etc/init.d is obsolete, make a proper systemd unit file.
<lucas_ai_> my systemd unit is working now, but how do I make it start when booting Ubuntu? when I do "sudo service potentialstudio enable", I get "potentialstudio: unrecognized service"
<ikonia> that is not how you manage systemd
<lucas_ai_> ok...
<ikonia> man systemctl
<lucas_ai> I'm on Ubuntu server 16.04 with unity, and I can't log into an XFCE session. There's no option in the login screen!
<lucas_ai> I literally can't find a way online.
<lucas_ai> After installing xubuntu-desktop and rebooting, I have XFCE+Unity as default. I can't find a way to use gnome+Unity again. The settings icon in the login screen doesn't exist. Any ideas?
<lucas_ai> How do I start my script or service when booting up?
<thenewone> hi guys
<thenewone> when i try to install something i get this error
<thenewone> files list file for package 'linux-headers-4.4.0-31-generic' is missing final newline
<alnr> i'm trying to patch openssl on xenial for CVE-2016-2107 (http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2107.html) my system reports openssl 1.0.2g-1ubuntu4.1 as newest,  but the vulnerability remains even that that page purports that 1.0.2g-1ubuntu4.1 should cover it. is there a later version available?
<patdk-lap2> heh?
<patdk-lap2> how did you test that you are affected by cve-2016-2107?
<patdk-lap2> and did you restart your server, or atleast all services that use openssl after you upgraded?
<alnr> patdk-lap2: i did restart the server. i'm using sslabs.com as the test.
<alnr> ssllabls.com*
<alnr> ssllabs.com
<alnr> also https://filippo.io/CVE-2016-2107/
<gbaker> I have a question about SSD's seem slow for buffered disk reads being in a raid0. Anyone have experience with this?
<bekks> Define "seems slow" and elaborate on your benchmarking please. :)
<gbaker> Just used hdparm and cached is 12149.30 MB/sec and buffered is 838.09 MB/sec
<bekks> hahahahahdparm :)
<cncr04s> sounds about right, I get up to 900MB/s reads
<gbaker> yeah, but it's been a few years since I've been on a 1/2 decent machine. I have to leave MS... ugh on my desktop for app specific reasons :(
<bekks> Then why do you use the most useless benchmarking tool ever?
<gbaker> last time I was using linux not in a VM has been a few years...
<cncr04s> you are unlikley to reach full saturation of your two 6G sata channels, mabye get sas drives or get a m.2 slot or pci ssds
<gbaker> It's 4 m.2 drives
<gbaker> I should state this is a laptop.
<gbaker> So I do expect differences
<cncr04s> then u got a problem, as good single m.2 ssd get me 2000mb/s+
<bekks> The DISK, not the controllers in a laptop...
<gbaker> Thats what I figured. It should be faster
<bekks> If you really want to benchmark your disk, use a benchmarking tool, and constraints that result in benchmarking the disk, not your memory.
<bekks> Forget. about. hdparm.
<gbaker> Suggestion on best one to try?
<bekks> dd and testfile sizes larger than your RAM.
<bekks> and a blocksize which is at least your filesystem blocksize.
<gbaker> with dd it's  2.70247 s, 795 MB/s
<bekks> "with dd". Which exact dd command did you use?
<cncr04s> I have a feeling your slots are just using sata channels
<gbaker> "dd if=/dev/zero of=/tmp/test1.img bs=32G count=1 oflag=dsync"
<bekks> Cool, so you benchmarked your CPU.
<bekks> You benchmarked how fast it can generate zeros.
<bekks> and bs=32G is nonsense, since your filesystem does not use 32G blocks.
<bekks> and oflag=dsync is even more nonsense, since you want to benchmark your disk, not synchronous writes.
<cncr04s> dd if=/dev/zero of=/swap bs=1M count=1024 is what I use
<gbaker> Just seeing most sites posting hdparm stuff still... Ill try that
<bekks> You are benchmarking your CPU too.
<bindi> dd bs=1M count=256 if=/dev/zero of=test conv=fdatasync
<bekks> gbaker: millions of flies cant be wrong? :)
<bekks> every benchmark using /dev/zero for reading will benchmark your CPU-
<cncr04s> so what
<gbaker> 268435456 bytes (268 MB, 256 MiB) copied, 0.312221 s, 860 MB/s
<bindi> taken from https://romanrm.net/dd-benchmark
<bekks> Benchmarking your CPU isnt benchmarking your dis.
<cncr04s> but I always max my disk speed
<gbaker> using bindi's command
<bekks> create a file larger than your RAM using dd if=/dev/urandom ... - then benchmark your disk using that file.
<cncr04s> creating random data is even worse then 0's
<bekks> Yeah, and you arent benchmarking that file creation...
<gbaker> Should I use something like double the ram?
<bekks> gbaker: No. Just larger than your RAM is sufficient.
<cncr04s> I never need to do that
<bekks> Because you always benchmarked your RAM.
<cncr04s> lol
<cncr04s> no
<cncr04s> ram speed is 20GBPS
<cncr04s> or more
<bekks> Did you benchmark that, too? :)
<cncr04s> this guy
<cncr04s> don't listen to him
<bekks> Cool, the old strategy to tell people "dont listen to him" when running out of facts.
<cncr04s> whatever file you create it has to end up going through the cpu and ram
<cncr04s> so his points suck
<gbaker> lol, every site has conflicting info. So I'm used to it :)
<bekks> cncr04s: If you have no clue what I am talking about, how do you decide wether my point is wrong? That would be interesting to know
<gbaker> I just felt that it seemed slow for 4 x M.2 drives but at the same time not many people are also doing this on a laptop either.
<cncr04s> you don't have a clue as to what I'm talking about either
<bekks> cncr04s: I do understand what you are talking about, but you are denying facts-
<bekks> So there is no point in trusting you.
<cncr04s> lol
<gbaker> It's ok, I was sent over from #ubuntu because of my setup so it was more confusing over there.
<cncr04s> gbaker: your speeds indicate a bottleneck in either your drives speed, but more likley the interface they are using, probably using sata channels.
<gbaker> cncr04s: I believe that is the issue, but still seemed a bit slow.
<cncr04s> I get around the same speeds with two ssds in raid0, they are sata 6G
<gbaker> I first installed using mdadm as I read on several sites that it is the preferred way. But that seemed to reduce speeds.
<gbaker> One more quick question... every post I've seen is about a year old or older for Nvidia and mobile gpu's for SLI. Has anyone ever heard if they ever plan on adding support for SLI for mobile gpu's?
<cncr04s> what is the seed of one or two
<cncr04s> btw using 4 drives in raid0 is just asking for trouble imho
<gbaker> Yeah, but I use 5th drive for backup of /home and a few other directories.
<gbaker> I did have it in raid 10 for a bit but it was a nightmare getting that set up.\
<cncr04s> raid10 is the best
<gbaker> Yeah, but I was getting so many issues when I set it up. Kept having issues with having to install Nvidia drivers on live disk before I could start install or it would hang and after I figured that out I ran into several other issues. Took a week to get all of the tweaks I needed to do with getting that set up.
<cncr04s> if your booting from it, you would typically set the raid up during installation, any sort of nvidia drivers don't apply to that step, not sure waht you mean
<gbaker> On live disk I had to do it from the desktop installer. Using the desktop installer It took me a bit to figure it out but unless I installed nvidia drivers on the live disk and restart xserver then start install it would hang.
<gbaker> Like I said. Getting this thing set up was an odd one. It's a laptop so I expected a few issues on getting it running and quite new hardware, but I'm fairly persistent.
<cncr04s> mdadm -v --create /dev/md0 --level=raid10 --raid-devices=4 /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1
<gbaker> On MSI's forums for this laptop I've only read a few that said that they were trying to install linux and couldn't find anyone that succeded. :)
<gbaker> Oh I know how to create raid using mdadm.
<cncr04s> your in ubuntu-server so I've never really used it for desktop purposes or with a gfx card
<gbaker> I know but reg chan suggested server because of my setup was confusing to them. Not many laptops with 5 SSD drives
<gbaker> and most couldn't answer raid questions.
<cncr04s> my laptop only has one connector
<cncr04s> its not that old lol
<gbaker> This thing is a big beast.
<gbaker> 18.4 inch screen...
<gbaker> Should have seen me take it on a plane... It didn't fit in the x-ray trays. And TSA gave me some odd looks and made me fully boot it up.
<cncr04s> my laptop was a waste of $
<cncr04s> I never use it
<gbaker> I got a MSI-GT80-Titan-2QE and upgraded it quite a bit.
<gbaker> Seems a bit much for a laptop but I was spending 75% of my time at my grandmas taking care of her because she is 93 and didn't want to feel like I was stuck on a laptop.
<gbaker> I miss my old AIX admin days.
<gbaker> Laptops last years for me, it's cellphones that seem to be a waste for my money. I can't get a year out of them before I do something stupid and break them. 2 months is my shortest time before I destroyed one.
<cncr04s> I <3 servers, phones don't do server stuff, hold no interest with me.
<gbaker> lol. I only use for that emergency call I've been expecting for several years.
<gbaker> Last one I broke I had an audience and it was embarrassing. I accidentally drop kicked it across 2 lanes of traffic into a curb.
<gbaker> Speaking of servers I picked up 40 nice server fans at a thrift store about a month ago for $5. Un used and boxes still sealed.
<cncr04s> what kind of fans
<gbaker> gfb1212vhw delta fan
<cncr04s> i'll buy all 40 for 10$, a nice 100% profit for you.
<gbaker> lol
<gbaker> I want to keep a few and sell the rest. The airflow is great and they are fairly quiet.
<cncr04s> I didnt think about noise when I got my 2u
<cncr04s> the others I have are in server rooms so I don't care, but this one I got in my room
<gbaker> Yeah, I usually don't pay attention until I had the old seagate 10k rpk scsi drives, sounded like an airplane taking off :)
<gbaker> I kinda miss it but it could get loud
<gbaker> *rpm
<bekks> Have you ever heard a Oracle M5000 powering up - or a T7? :)
<gbaker> I remember the IBM S80's winding up. I miss that.
<bekks> The lovely sounds of an entire airport :)
<gbaker> Yes :)
<gbaker> I joked about that with a coworker when I said it sounded a lot like the M1 Abrams starting up back when I was in the Army.
<bekks> Pretty quiet, those Abrams :D
<gbaker> lol
<gbaker> I really wanted to have one as a everyday driver, but they do eat quite a bit of fuel. But I wouldn't worry if people cut me off.
<bekks> you wouldnt even notice :)
<gbaker> After seeing a Humvee take more damage than the honda civic it hit on post I felt less secure about military vehicles.
<bekks> Well, the Humvee is more like a limousine with camouflage.
<gbaker> If that. The way the fan is set up for the radiator if you hit water anything faster than 2 mph the cheap plastic blades would break off.
<bekks> Doesnt sound like a Skunkworks invention :P
<gbaker> One of my best memories was learning how to use the old punch card programming... in the 90's. Only because they still had some operating.
<gbaker> Scariest part was my dad was in some of the training videos, and he was quite a bit older than my mom. (13 years older) It felt like quantum leap.
#ubuntu-server 2016-07-31
<LaserAllan> hey there anyone know what the equivalent of net-snmp-utils is on ubuntu 1404?
<PenguinMan98> I revoked root access to my ubuntu vps and created a user and now I'm not sure which username I picked. I can't get in. What options might I have?
<PenguinMan98> I have the password
<PenguinMan98> Just not the username
<PenguinMan98> please?
<ubuntu_> Does anybody know where the drivers are in the linux kernel for 3g/4g i don't see anything in drivers/net  saying 3g/4g?
<ubuntu_> Does anybody know device drivers for 3g/4g are yet incorportated into the linux kernel source i am still on  versions in the 3.xxx
<PenguinMan98> I can't seem to get a straight answer from the net about the case sensitivity of the username I last picked
<PenguinMan98> If I was connected via SSH and I set the username with a capital, could it be that trying to connect via ssh restricts me to only lowercase and thus I can't get in at all?
<cncr04s> its case sensitive
<cncr04s> though,
<cncr04s> usually only lowercase
<ubuntu_> you think the linux kernel would have support for 3g/4g even though most computers are only now providing it "hardware builtin " i bet. So it has to be in the andriod source code obviously so why didn't they add it to the linux source code. I would imagine driver writers for the 3/4g  arm  andriod phones would make it more arch independent to built to an x64/86
<ubuntu_> Plus you can build the andriod source for x86/64 they have iso versions that you can mount on a loop device and search through for the 3/4g drivers maybe its just my older 3.xxx os's
<ubuntu_> I have to look into eventually
<PenguinMan98> https://s-media-cache-ak0.pinimg.com/736x/fc/84/df/fc84dfb44281c6185b198a9ae93b8320.jpg
<PenguinMan98> I got in!
<PenguinMan98> WOOOOOOOT
<happyBoy> I just upgraded my ubuntu into 16.04
<happyBoy> I just tried to run my local server by typing localhost on my browser it says file not found
<happyBoy> anything that I have done something wrong
<happyBoy> thanks
<bekks> Do you have webserver installed?
<happyBoy> yeah
<happyBoy> sorry for the delayed reply
<happyBoy> I am using codeigniter and I think the apache server works because it is using codeigniter's 404 message as its message saying page not found
<happyBoy> how do I check whether apache is working in ubuntu 16.04
<bekks> Check its logs?
<happyBoy> yup it is working
<happyBoy> thanks
<albech> does anyone know if there is a repository that has dspam in it? i know it is a rather old and unsupported spamfilter, but it is still the best there is. I know it is a rather old filter, but its still the best around
<albech> i can see it was in 14.04 LTS
<patdk-lap> heh?
<albech> heh, what pat? ;)
<i-> !info dspam
<ubottu> Package dspam does not exist in xenial
<andol> albech: Assuming that you are fine with it not being unmaintained, how about just grabbing the trusty package?
<albech> andol: is it possible to install a package from trusty?
<showaz> hi, script "/etc/init.d/samba" not restart "/etc/init.d/winbind"
<showaz> ubuntu very old samba versions 4.3 (4.4/4.5rc1 fixed all bugs (no ned patches bugfix))
<andol> albech: A lot of the time you can, all depending on the dependencies.
<showaz> andol: "dependency hell" technology
<albech> andol: guess i could also compile it on a different vm
<albech> not a fan of having development tools/code on production machines
<showaz> andol: https://i.imgur.com/3W3HSxL.png dpkg-buildpackage / debuild / dh â¦ hell duplicate tools
<SupaYoshi> Hi, im trying to setup a FTP server on my Ubuntu box, however I want to set it up with a usermanager, so I don't want to create local users, on the hsot it self.
<albech> showaz: haha
<SupaYoshi> Does nyone have a suggestion for a program i shhould use?
<albech> SupaYoshi: depends on what you expect from the ftp server
<albech> SupaYoshi: except ftp transfers ofcourse
<SupaYoshi> security tls ssl
<showaz> SupaYoshi: pureftp+(FTP-over_TLS)+sql?
<SupaYoshi> sql?
<albech> SupaYoshi: pureftp is nice with sql for user management
<albech> as showaz said
<showaz> SupaYoshi: /etc/passwd | sql |ldap | etc auth...
<SupaYoshi> cool!!
<SupaYoshi> thanks :D
<albech> if you have lots of users or look for web integration
<SupaYoshi> that's what i needed, sql support ahts great.
<SupaYoshi> :D
<showaz> + optimize limits for pureftpd
<showaz> anti-brute, traffic speed control, etc
<patdk-lap> heh? ftp over tls works?
<showaz> Personally I prefer ssh and the only keyauth.
<patdk-lap> ftps doesn't work with nat
<albech> i dont really like ftp at all ;)
<SupaYoshi> Me neither, but some end users need it for access to their webdirectory on my server :p
<SupaYoshi> lol
<showaz> albech: mass hosting?
<SupaYoshi> i use ssh keys myself, but yeah..
<albech> showaz: what you mean?
<showaz> I think now the most attractive option and ssh authentication public key in the user's home folder, but we must immediately impose strong restrictions on the use of ssh for example only to transfer files and possibly versioning type ".git".
<albech> i dont really have that problems as most of my users have their own VMs
<showaz> new hosting panel can ssh only to transfer data, plesk 17prerelease even .git repository for the site supports
<showaz> kvm + dedup memory?
<patdk-lap> why aren't you limiting ssh to using sftp?
<jonah> hey does anyone here know a good solution to mirroring an ubuntu server and offering failover? I have a server already running and a spare that's the same hardware, it would be great to use the spare to provide mirroring and auto failover - even a bit of load balancing too if possible. i've read about drbd and it seems a bit tricky to set up and also a bit risky at block level... what do others use here?
<bekks> jonah: We are using Veritas StorageFoundation HA or Infoscale Availability for clustering - on supported OS.
<jonah> bekks: StorageFoundation HA eh? hmmm]
<bekks> jonah: SFHA is from Symantec, InfoScale (the successor) is from Veritas.
<SupaYoshi> okay ive got it working.. em, but the file creation is done by the user, i think i want files to be created by www-data
<SupaYoshi> I want proftpd to be able to write files as www-data, so that the permissions are correctly set (755 for dirs, and 644 for fiels)
<albech> SupaYoshi: thought you went with pureftp?
<SupaYoshi> Oh i em, went with ProFTPD... oops
<SupaYoshi> lol.
<SupaYoshi> I'll restart. haha
<KALASH> ubuntu is for niggers. use debian
<KALASH> NIGGER
#ubuntu-server 2017-07-24
<LisaL> hi
<LisaL> I have a problem...
<LisaL> there is this ubuntu server,  and it's relatively fast considering that I am the only user on this server
<LisaL> however, there is a person sitting in Asia, claiming that this server would be extraordinary slow for him
<LisaL> I ran speedtest-cli and the results are OK
<LisaL> what could be the reason?
<ddellav> LisaL latency
<LisaL> ddellav, what is that?
<ddellav> do a trace route from the server to his IP address and you'll see what the issue is
<LisaL> ddellav, okay!
<LisaL> doing this now
<ddellav> LisaL it's the time it takes a packet to travel from your server to his computer
<LisaL> okay testing it - 1 moment please
<LisaL> thank you for the tip!
<ddellav> np
<LisaL> ddellav, can I please show you the output in a private message?   It would feel bad to me to share the person's IP address (and my server's IP address)  in a maybe logged channel publicly
<ddellav> LisaL sure
<RoyK> LisaL: depending on where the server is located, asia or europe or america, the latency issues can be rather bad. if you're using SMB, it can be pretty horrible
<LisaL> RoyK, the server stands in Central Europe
<RoyK> LisaL: just secure the server - the bots will find it anyway ;)
<LisaL> the person in question lives in Cambodia
<LisaL> I could blank out the IP's
<LisaL> one moment please
<RoyK> LisaL: what sort of ping times do you get there?
<RoyK> LisaL: what sort of traffic or protocol is this?
<LisaL> pasting now...
<LisaL> 1 moment pls
<LisaL> https://dpaste.de/Qe71/raw
<RoyK> 200ms is quite a bit
<LisaL> why are there not more points in between?
<RoyK> again, what protocol?
<LisaL> I don't know?!
<RoyK> what sort of service? web?
<LisaL> yes
<LisaL> oh
<LisaL> http then
<RoyK> http is rather resilint to latency, so it shouldn't matter too much
<LisaL> he is downloading huge files (200 MB+)
<LisaL> and also uploading
<LisaL> and he needs 2 hours for a 200 MB upload / download
<RoyK> that shouldn't matter either in terms of latency
<LisaL> but when he up/downloads files to google drive, this takes 2 minutes
<LisaL> so his connection is good
<RoyK> LisaL: what sort of internet connection do you have?
<LisaL> it's not me, it's a server
<LisaL> hosted at a local provider
<LisaL> I guess that's a normal ethernet cable they plug in?
<LisaL> not idea how they connect their servers
<LisaL> I ran a speedtest-cli
<RoyK> what did it say?
<LisaL> Testing download speed........................................
<LisaL> Download: 600.37 Mbit/s
<LisaL> Testing upload speed..................................................
<LisaL> Upload: 282.13 Mbit/s
<RoyK> and what are the speed you client is getting?
<LisaL> I only know that he needs an average of 2 hours to transfer 200 MB
<LisaL> it's a freelancer to be exact
<RoyK> webdav or something?
<LisaL> yes
<LisaL> nextcloud
<RoyK> ok
<RoyK> do you monitor your server's cpu use? and i/o?
<LisaL> no
<LisaL> when I download / upload files myself,  my server is very fast
<RoyK> well, do so - start by installing sysstat, it's an old, but rock solid thing, you need to enable it in /etc/default/sysstat after installing it
<RoyK> just monitor everything you can
<LisaL> okay
<LisaL> thank you RoyK
<RoyK> btw, is your client using a linux machine? if so, you could use iperf to check the network performance between the two, your machine and the client's
<LisaL> he uses windows
<LisaL> I am the client
<LisaL> he is the freelancer
<RoyK> LisaL: I'd recommend using something like munin on top, but that takes a wee bit of configuration compared to sysstat
<LisaL> I will read on this
<RoyK> there's iperf for windows as well https://iperf.fr/iperf-download.php
<LisaL> oh that's good!
<LisaL> and using this, he could see why it's so slow?
<RoyK> keep in mind that iperf2 and iperf3 are not compatible
<RoyK> iperf will only monitor network speed - it may be nextcloud is the bottleneck
<RoyK> perhaps some php tuning needed somewhere
<LisaL> I could try to upload a 200 MB testfile into /var/www  and ask him to download from there
<RoyK> start with the basics
<RoyK> measure network - iperf
<LisaL> okay
<LisaL> I need time to read about it
<RoyK> make sure you have the same version on both sides, and that the server side is open for connection on the port in the firewall
<RoyK> it won't take long ;)
<LisaL> thank you RoyK
<LisaL> usually I only work with graphics / pictures
<LisaL> maybe I should have rented a static webspace rather than a vserver
<RoyK> I see
<RoyK> well, it doesn't take too long to get used to things
<RoyK> and you'll learn a lot from it :D
 * RoyK setup his first linux machine in 1994 and has been using linux (and a lot of other OSes) ever since
<LisaL> I am also using linux as my desktop
<LisaL> since Suse, and later Debian Potato times
<LisaL> but I never got into server administration too much
<RoyK> potato <3
<LisaL> I believe that was the codename
<LisaL> the one before woody
<RoyK> yeah - I remember it - from 2002
<RoyK> no - 2000
<LisaL> omg time passes by
<LisaL> I used to be young, sexy and beautiful
<LisaL> now I am the potato
<RoyK> lol
<LisaL> and Debian is sexy
<RoyK> aren't we all? ;)
<RoyK> (the former)
<LisaL> :))
<LisaL> lol
<RoyK> anyway - any luck with iperf?
<RoyK> and btw, which version of nextcloud and php?
<LisaL> I installed it
<RoyK> the client needs it as well
<LisaL> I believe iperf3 -s   would be the right command
<RoyK> should do - just make sure the firewall is open for that port
<LisaL> yep, it was :)
<LisaL> -----------------------------------------------------------
<LisaL> Server listening on 5201
<LisaL> -----------------------------------------------------------
<RoyK> ufw or iptables or something in the way, it won't work
<LisaL> nah the server is not secured
<LisaL> ^.^
<RoyK> LisaL: pm me the ip address, so I can test
<LisaL> yeah, now that you know it's not secured ;)
<LisaL> :))
<LisaL> I am installing iperf3 on my local ubuntu machine as well
<LisaL> and try it
<RoyK> I know *your* ip address already ;)
<RoyK> LisaL: just secure your machines - giving away ip addresses is safe as long as the machine is safe - not giving away ip addresses won't stop the bots from finding it
<LisaL> well I am connected to IRC, sure you get my IP :)
<LisaL> iperf3 has successfully been installed on my local machine
<RoyK> ok, try iperf -c x.x.x.x
<RoyK> there's a bunch of magpies feasting on something on my balcony
<LisaL> looks similar to a ping
<RoyK> except it measures bandwidth as well
<RoyK> ping usually just sends a 56 byte package - not a megabyte or two
<RoyK> wee difference
<RoyK> I guess that is 'Elster' to you ;)
<LisaL> I don't know Elster?
<RoyK> LisaL: where are you from?
<LisaL> Austria
<LisaL> Vienna
<RoyK> guessed so - by the whois of your ip ;)
<LisaL> ^.^
<RoyK> I was talking about birds https://de.wikipedia.org/wiki/Elster
<RoyK> seems a mÃ¶we (if that is what you call it) is taking over the party http://smilla.karlsbakk.net:8081/
<LisaL> there are birds named that way
<LisaL> but there are no "MÃ¶wen" around in Vienna
<LisaL> and Elster is a bird I've seen twice in my whole life
<LisaL> my freelancers keep messaging me all the time,  I must go back to work
<LisaL> I am sorry
<LisaL> thank you for the nice chat :)
<RoyK> hehe
<RoyK> hope I could help out a bit
<LisaL> sure you could
<LisaL> thank you :)
<android> does system76 still sell ubuntu machines?
<android> can you wakeup from a jackal
<android> or is a jackal permenant comotose
<RoyK> android: why do you need to buy an "ubuntu machine"?
<runelind_q> how can I enable networking in recovery mode?  There is an option in the menu to enable networking, but that mounts filesystems which I don't want to do.
<Ussat> Generally, you dont want networking in recovery, in my experiance anyway
<runelind_q> I need to get some data off a zfs pool.  it won't mount in multi-user mode.
<sbeattie> rbasak: is there any chance we can get upstream interested in maintaining percona-server-5.6 (or moving the ubuntu packages to percona-server-5.7)? Or can we just drop the package?
<sbeattie> Because the publishing history is kind of dire https://launchpad.net/ubuntu/+source/percona-server-5.6/+changelog when compared with the open cves for the package http://people.canonical.com/~ubuntu-security/cve/pkg/percona-server-5.6.html
<rbasak> dpb1, jamespage: ^
<jamespage> rbasak, sbeattie, dpb1: good question - tbh I don't know
<jamespage> I've made some effort to tend percona-xtradb-cluster-5.6 as that's part of our openstack deployment architecture
 * ddellav waves to jamespage 
<jamespage> o/
<keithzg> Hmm, on one of my VMs I had to LSB-ize an old init script to get it to run on 16.04+systemd, but a customer support rep for the program in question has said she didn't have to. Is there some sort of compatibility package *other* than systemd-sysv that my instance could be lacking? Or some other wrinkle that could create this result?
<drab> am I missing something or there's no way to get an apt-listchanges like output in terminal before installation?
<drab> I can do it manually with apt list --upgradable and then looking at the versions and finally apt changelog and look at it for that delta
<drab> but it kind of sucks
<drab> I guess I have to download the pkg first and then it will work with apt-listchanges
<tomreyn> drab: you can have apt-listchanges prompt whether or not to continue with package installation. if you answer no, the packages dont get installed. https://askubuntu.com/questions/272215/seeing-apt-get-changelogs-for-to-be-upgraded-packages
<BenMcLean> My ubuntu server install failed at the "Selecting and installing software" stage. What should I do?
<BenMcLean> it was an amazingly unhelpful error screen in that it did not communicate anything about any reason for the failure. just said it failed.
<BenMcLean> Since I'm just trying to setup a stupid minecraft server in my house, maybe i should just use regular ubuntu ?
<drab> tomreyn: yeah, what I meant was a manual review before install, meaning before the time I actually run the install (which is unattended)
<drab> I have a test box/vm that gets upgraded before anything else and I wanted to review at once all the changes the upgrade would introduce
<drab> which is pretty much what apt-listchanges will send you via email. I just wanted that to be printed (and possible stored somewhere as part of documented the increment of the image)
<drab> on a different note, I'm amazed about how hard it turned out to be to do transparent proxying with another box than the gw
<drab> it seems actually almost impossible without some "heavy" tradeoffs
<drab> like putting the box on a diff network that would route to clients through the same gw or lose the source ip (in case on nat'ing), which isn't really an option
<sarnold> BenMcLean: if you've got a video card and monitor on it, then the desktopversion should probably be fine. the desktop version comes with network manager, and X11, and libreoffice and the like, but the server version doesn't. you can basically get a desktop on the server via 'apt-get install ubuntu-desktop'
<drab> I don't understand how people do this "professionally", it seems a common need/practice, but I couldn't find a blueprint of any sort
<BenMcLean> sarnold, ok i am going with the regular ubuntu i guess
<BenMcLean> still, failing the install is pretty bad
<drab> in #iptables they assured me it was all NAT, but most proxies will do auth or change restrictions based on src ip so NAT seems a no go
<sarnold> BenMcLean: was there any more information on any of the other virtual consoles?
<sarnold> drab: certainly when I did it 20 years back I put the squid proxy right on the NAT box ..
<drab> sarnold: yeah, that's what 99% of the tutorials/docs explain, but how is that scalable if you are a school/largish campus or company?
<BenMcLean> sarnold "other virtual consoles"? sorry I haven't messed with ubuntu server before. Most of my exposure to linux is from screwing around with RetroPie, the debian-based gaming OS for Raspberry PI
<drab> sarnold: it seems you'd want to run a few of those and on their own machine
<sarnold> BenMcLean: control alt f1, control alt f2, etc
<drab> sarnold: but maybe they just have multiple gateways behind "the real" gw
<sarnold> drab: the -big- sites I've seen all force users to customize a proxy in their browser
<drab> oh
<drab> fair enough
<BenMcLean> sarnold oh well i already shut down and am most of the way through downloading regular Ubuntu. think i'll go with that at that point, but thanks for the info cause if this install fails as well, then I can try those key combos to see what's going on
<sarnold> BenMcLean: try f1 through f7 or f8, they might not all have stuff on them but others may
<BenMcLean> sarnold ok, will try that if it happens again
#ubuntu-server 2017-07-25
<drab> sarnold: I think I actually figured out a few ways of doing it that are cleaner, but none of the is exactly straightforward
<drab> the simplest and not that hard is to use squid with eCAP/ICAP
<drab> squid running on the gw I mean
<drab> but at that point that squid does nothing more than taking the request and passing it on with a protocol that include all the necessary info, including src ip
<drab> and you can cluster that easily
<drab> and cluster the actual content filtering by having multiple backends
<drab> the other option seems to run the gw behind something like LVS, but I'm not sure how that'd work
<sarnold> man the icap website makes even less sense than the ecap website :)
<drab> lol, tell me about it...
<drab> it was quite surprising to figure out the state of both, yuo'd think they would be fairly "standard", but it seems in OSS land there's little to nothing
<drab> even tho all commercial implementations work on that basis
<drab> generally speaking the OSS CF ecosystem is pretty weak, it
<drab> 's even hard to find which options you have
<drab> the only easily googlable thing is dansguardian, which is deadware
<drab> I found its fork, e2guardian, almost by accident (great project, active devel)
<station> is there an easy way to keep overview over user access management Samba NFS â¦..
<station> nad usermanagement in generale
<android> !kernel
<ubottu> The core of Ubuntu is the Linux kernel: see https://help.ubuntu.com/community/Kernel - You shouldn't have to compile your own, and if you need to troubleshoot issues, you can try a !Mainline kernel instead, but if you insist, see https://help.ubuntu.com/community/Kernel/Compile (see also !Stages)
<lordievader> Good morning
<jambo> anyone here? need some help
<zioproto> hello, I do I add the tags? https://bugs.launchpad.net/python-novaclient/+bug/1559072
<ubottu> Launchpad bug 1559072 in python-cinderclient (Ubuntu Xenial) "[SRU] exceptions.from_response with webob 1.6.0 results in "AttributeError: 'unicode' object has no attribute 'get'"" [High,Fix committed]
<zioproto> verification-done ?
<zioproto> ok I think I have done it
<rbasak> ahasenack: thought I'd look at some of your pending MPs.
<ahasenack> thx
<ahasenack> rbasak: did you sync cyrus-sasl2?
<rbasak> ahasenack: is everything you have in https://code.launchpad.net/~canonical-server/+activereviews pending review/upload?
<ahasenack> I saw it's up-to-date now
<rbasak> I did fire off cyrus-sasl2 last night.  Didn't see if it finished.
<rbasak> I guess it's done then :)
<ahasenack> it worked, thx
<ahasenack> regarding the mps
<ahasenack> there are some nish grabbed that don't show up there anymore
<rbasak> Can you see what happens if you explicitly request an additional review from ~canonical-server in those MPs now?
<ahasenack> they should come back to the list
<ahasenack> let me see
<rbasak> OK. I'll start with your squid3 SRUs now.
<ahasenack> ok
<ahasenack> rbasak: this one, for example: https://code.launchpad.net/~ahasenack/ubuntu/+source/libpam-ccreds/+git/libpam-ccreds/+merge/327829
<ahasenack> rbasak: going to ask for another review now
<ahasenack> rbasak: done, and now it's in the https://code.launchpad.net/~canonical-server/+activereviews list
<ahasenack> rbasak: going to do the same to the others
<ahasenack> I think that's all
<rbasak> OK. Thanks!
<ahasenack> rbasak: I'm adding test cases to all my MPs now, not just the bug
<ahasenack> rbasak: in the squid one, since the MP is older, I only added the test cases to the bug
<ahasenack> to form the sru template
<rbasak> Why are you adding test cases to the MPs?
<ahasenack> to help reviewers, in the case it's just an artful upload for example, and not an sru
<rbasak> I see, OK.
<rbasak> ahasenack: sorry about the wasted work for Yakkety because of review delay.
<ahasenack> it's experience :)
<rbasak> ahasenack: https://code.launchpad.net/~ahasenack/ubuntu/+source/squid3/+git/squid3/+merge/326860 looks good to upload, thanks! Let me know if you'd like to take my suggestions or not, and I'll sponsor that now.
<ahasenack> let me check
<ahasenack> hm, I have this in my .quiltrc
<ahasenack> QUILT_DIFF_ARGS="--no-timestamps --no-index -pab"
<ahasenack> QUILT_REFRESH_ARGS="--no-timestamps --no-index -pab"
<ahasenack> maybe I added the patch manually
<rbasak> Yeah that could be it.
<rbasak> In that case one quilt refresh after you add it would normalise the patch. I don't usually suggest quilt refreshes, but when adding a patch for the first time it makes sense :)
<ahasenack> rbasak: I see
<ahasenack> that's fine
<ahasenack> rbasak: about the other change, DEP3, since now it's a backport
<ahasenack> rbasak: should we remove my comment about having had to fix a conflict?
<rbasak> I don't mind if it's there or not. It's certainly more informative than the metadata on its own, and I appreciate that.
<ahasenack> ok then
<rbasak> Your choice :)
<ahasenack> I got the opposite comment from nish in another mp :)
<rbasak> Hmm.
<ahasenack> just checking :)
<rbasak> I guess that'll always happen to some extent :-/
<ahasenack> it's fine
<ahasenack> rbasak: so I pull your changes in and push again?
<ahasenack> or you upload your branch? What's the usual?
<rbasak> No need. I can just upload my branch and tag i t.
<ahasenack> please do then, thanks
<rbasak> ack
<rbasak> ahasenack: same quilt -pab thing in https://code.launchpad.net/~ahasenack/ubuntu/+source/rsyslog/+git/rsyslog/+merge/327718. I can just fix up as I upload if you wish?
<ahasenack> yes please
<rbasak> OK
<ahasenack> rbasak: so even when taking the patch as-is from upstream, we prefer that refresh?
<ahasenack> I don't recall if this was the case here
<ahasenack> just wondering in general
<rbasak> That's a fair question.
<rbasak> I prefer it as I don't see any downsides. But other opinions welcome.
<ahasenack> ok
<rbasak> ahasenack: I usually try to credit everyone, so when cherry-picking from git, grabbing the commit author into an Author or From dep3 header is usually trivial.
<ahasenack> rbasak: sometimes there are so many authors
<ahasenack> someone sends a patch to a list (author1), then someone else commits with a slight change (author2), and a distribution grabs it for an older version and fixes conflicts (author3)
<rbasak> Multiple Author fields are permitted in dep3. But upstream need to pick one for the git commit, so we might as well copy that one at a minimum. That needs little thought.
<Guma> I am trying to setup "hosting" of my own deb package on my own ubuntu server 16.04 so I can add my server other machines to be able to install them with apt-get. I will do x64 and arm packages.
<Guma> Can someone point me to some info/online doc to read what and how it needs to be setup on my server.
<rbasak> ahasenack: can you check you're happy with https://code.launchpad.net/~racb/ubuntu/+source/rsyslog/+git/rsyslog/+ref/artful-rsyslog-permitnonkernelfacility-1703987 please?
<Guma> Thank you
<ahasenack> rbasak: checking
<rbasak> Guma: look up "reprepro"
<ahasenack> patch refresh ok,
<ahasenack> checking dep3
<Guma> rbasak: Thank you for quick reply :)(
<rbasak> Guma: you're welcome. "apt-ftparchive" is quicker, but I'm not sure it can do repositories that support multiple architectures.
<ahasenack> rbasak: good thing on the Author, the git commit didn't credit him specifically
<ahasenack> how did you find his email?
<ahasenack> Trent's
<rbasak> ahasenack: this is a hidden Github feature.
<rbasak> Start from https://github.com/PascalWithopf/rsyslog/commit/5c35619385bbe50979fa417e6f1b14df531b2a4a which you have.
<ahasenack> aha
<rbasak> Append .patch
<rbasak> https://github.com/PascalWithopf/rsyslog/commit/5c35619385bbe50979fa417e6f1b14df531b2a4a.patch
<ahasenack> there you go
<rbasak> If you look that up, you see the "git format-patch" output.
<rbasak> Very useful for cherry-picking etc.
<ahasenack> indeed
<ahasenack> rbasak: so +1 for your changes, thanks
<rbasak> ack
<Guma> rbasak: but reprepro does supports multiple arch?
<rbasak> Guma: IIRC, yes. But I could be wrong - please double check.
<drab> anybody familiar with openssl and knows what this error is about: http://dpaste.com/1J452JM
<drab> this is the pvt key for a local CA. I did not create it and someone else passed it to me
<drab> the password seems to be right because if I write something random I get an error about decrypt failed
<drab> digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529:
<ahasenack> drab: what command did you use? Maybe the file is in a different format
<drab> the last two lines about PKCS12 and PEM are the same tho
<drab> ahasenack: I was trying t ouse it with e2guardian, which is when I realized I had a problem. right now I'm simply doing: openssl rsa -inform pem -in cakey.pem -check
<drab> or with -text -noout
<drab> just to test that I can read the key
<drab> I don't know how the key was created and that person is now on vacation for 3 weeks...
<ahasenack> drab: sorry, was in a meeting
<ahasenack> drab: so just checking, cakey.pem has ascii content, and a header like BEGIN STUFF HERE and below it a line saying it's encrypted?/
<ahasenack> and for the love of God, don't paste its contents :)
<drab> np, in the meantime I think I found out how the key was created : openssl genrsa -des3 4096 > key.pem
<drab> ahasenack: :)
<drab> yeah it's ascii so it's pem, not der
<ahasenack> the pkcs12 output was weird
<drab> -----BEGIN ENCRYPTED PRIVATE KEY----- etc
<ahasenack> have you tried "openssl pkcs12" commands?
<drab> I have, couldn't get that to work, but I've never used those before so I might be doing something wrong
<drab> will try again
<ahasenack> iirc pkcs12 has an export password, different than the encryption key
<drab> ahasenack: doesn't matter what pkcs12 cmd I try I get the same format/encoding errors
<drab> per above key was created with openssl genrsa -des3 4096 if that means anything to you
<drab> there doesn't seem to be anything strange in the gen process
<ahasenack> if you create another one like that, can you read it back with openssl rsa?
<drab> good question, trying
<drab> ahasenack: yep it works
<drab> interestingly enough if I typo the password the first two lines of the errors are about the decrypt
<ahasenack> but the file genrsa produced in your test looks just like the cakey.pem one you have? Same headers?
<drab> but there's no second two sets of line about format errors
<ahasenack> yeah, so I think it's decrypting the key, and then trying to parse it
<ahasenack> and it encounters an unexpected structure when trying to parse it
<drab> oh, you're right, no, it's not the same, it's missing two lines after the ----- ... Proc-Type: 4,ENCRYPTED \n DEK-Info: DES-EDE3-CBC,1D80xxxxxxxx
<drab> I wonder what that number after DEK-Info is and how do I get it/if it's diff per key
 * drab tries to gen another key
<drab> yep, diff number, so can't copy it over, looks like some kind of hash
<drab> I don't get how those lines are missing from the key, I doubt the guy edited them out, it makes no sense
<drab> and also he used that key to gen the CA which works fine... mystery
<drab> the header is actually also diff, the one I just regenerated reads "-----BEGIN RSA PRIVATE KEY-----" and then has that metadata above
<drab> the one I have that's not working says -----BEGIN ENCRYPTED PRIVATE KEY-----
<ahasenack> so cakey.pem does not have this under the header?
<ahasenack> Proc-Type: 4,ENCRYPTED
<ahasenack> DEK-Info: DES-EDE3-CBC,DE3423A9DC4700D0
<ahasenack> (random key I just created)
<ahasenack> if you just have
<ahasenack> -----BEGIN RSA PRIVATE KEY-----
<ahasenack> and then a blob
<ahasenack> then it's not encrypted
<ahasenack> ah, yours is BEGIN ENCRYPTED ...
<ahasenack> interesting
<ahasenack> it's a different header
<drab> yeah
<drab> I googled around a bit earlier and fgound this: https://wiki.openssl.org/index.php/Manual:Rsa(1)
<drab> wrong one
<drab> I found a link that had that header BEGIN ENCRYPTED
<drab> https://serverpilot.io/community/articles/how-to-fix-an-encrypted-ssl-private-key.html
<drab> which seems to suggest both are accepted formats
<ahasenack> drab: it could be pkcs8
<ahasenack> I just managed to convert a cakey.pem to pkcs8
<ahasenack> and it has the -----BEGIN ENCRYPTED PRIVATE KEY----- header
<ahasenack> drab: http://pastebin.ubuntu.com/25170678/ try to reverse that then
<ahasenack> man pkcs8
<ahasenack> sorry, another meeting :)
<ahasenack> could depend on openssl version
<ahasenack> drab: I can read that cakey.p8 file I created with openssl rsa -in
<ahasenack> drab: but I have to provide the password that was given when it was converted to pkcs8
<ahasenack> not the password given when it was created with openssl genrsa
<drab> k, thanks for your help, will keep prodding
<ahasenack> if I give the original genrsa password, I get an error output like yours
<ahasenack> so you need the new pkcs8 password
<ahasenack> that's my take
<drab> that makes sense, however if I try to decrypt with pkcs8 I think I can see I have the right pwd and still getting the error
<drab> openssl pkcs8 -in cakey.pem -inform pem
<drab> agreed that the output looks in pkcs8 as it matches the man page
<drab> if I give the wrong pwd I get a decrypt error, if I use the one I think is right, I once again get the format error
<drab> so I'm not sure why the pwd would be wrong
<drab> but it may be, trying to get hold of the guy to confirm...
<drab> ahasenack: http://dpaste.com/2R68MW1
<drab> notice how the errors in the case of "right password" are the same, pkcs8 or rsa
<drab> if I try from the beginning, gen'ing a new pem key, then converting to pkcs8 I can't repro the problem
<drab> if I give the wrong password I get the decrypt error
<drab> if I give the right one, even with openssl rsa -in test.p8 -check , it works
<drab> test.p8 being the -----BEGIN ENCRYPTED...
<drab> which is what my non working key looks like
<drab> so I can't repro a case where I don't get the decrypt error, meaning pwd seems correct, but the key still cannot be read
<drab> something is corrupted or different about this file... I've just tried gen'ing a few pems and p8s and they are all of them same lenght (according to wc -l)
<drab> my non woring key has more lines
<drab> which I can't explain
<drab> but might be a redherring
<tomreyn> doesn't GNU file tell what file format it is? maybe it's actually pkcs #5 or #12 encrypted
<drab> tomreyn: cakey.pem: ASCII text :)
<tomreyn> https://www.cryptopp.com/wiki/Keys_and_Formats#Dumping_PKCS_.238_and_X.509_Keys
<drab> for the pkcs8 files, for the pem straight from genrsa it says PEM RSA private key
<drab> mmmh, dumpasn1 breaks, Error: IA5String contains illegal character(s) etc, 4 errors
<drab> but these are test keys I just gen'ed
<drab> and that I can read just fine
<drab> so for whatever reason doesn't seem reliable to use to test, unless I'm misusing it somehow
<tomreyn> hmm i lack experience myself there, sorry for the bad pointer then.
<tomreyn> asn1 == death
<drab> no worries, appreciate chipping in, at this point I'm just throwing pieces of the puzzle on the table to see if anything catches the eye
<tomreyn> maybe sum it up on a pastebin and try asking in ##crypto - they can be resourceful even if it's a bit OT (as it would be here)
<drab> thanks for the tip, might do that
<tomreyn> there is also openssl asn1parse
<hdon> hi all :) is logrotate responsible for rotating /var/log/syslog?
<ahasenack> drab: I wonder if that's a text file generated by windows perhaps? Check the line ending with "cat -vet cakey.pem"
<sdeziel> hdon: yes, more specifically /etc/logrotate.d/rsyslog is the config snippet managing /var/log/syslog
<hdon> thanks sdeziel
<ice9> does ubuntu allows root login through ssh by default?
<sarnold> no
<sarnold> ubuntu by default makes the root account very difficult to use, but sudo is very easy
<ice9> sarnold, are you familiar with ansible, chef etc..?
<Pici> By default it allows it, but not by password authentication.
<ice9> great, i have added ssh key to root but i'm unable to ssh
<sarnold> ice9: not really
<Pici> I'd just verify that /etc/ssh/sshd_config has PermitRootLogin set to prohibit-password
<ice9> Pici, actually the it's set to 'yes'
<Pici> ice9: in older releases that was the default. Since Ubuntu has a locked password for root by default, its pretty much the same thing as prohibit-password... as long as key based auth is enabled, which it is by default.
<ice9> anyway i'm still unable to ssh with key for the root
<sarnold> check logs on client and server?
<sarnold> keep adding -v to the ssh command until it spits out something useful? :)
<thebwt> may not have a shell set either. Ubuntu really locks it down.
<tomreyn> or AllowUsers
<RoyK> icey: probably wrong permissions for /root/.ssh/authorized_keys
<BugeyeD> hi all. looking for a virtualization box ... ubuntu+zfs+docker+kvm+lxd ... can anyone recommend something with similar form factor to the freenas-mini? as in, you've used it and it works well?
<RoyK> BugeyeD: freenas is based on freebsd, not linux
<BugeyeD> RoyK: ya think?
<BugeyeD> i'm asking about harware
<BugeyeD> hardware, even
<RoyK> BugeyeD: no idea about the hardware
<BugeyeD> mini-itx form factor, 4-8 hot-swap drives, IPMI for remote management, enough ram and cpu to do the requested (ubuntu+zfs+docker+kvm+lxd)
<RoyK> should do
<sarnold> poke around https://www.servethehome.com/ I think I've seenthem do reviews of cute little things before
<hehehe> is sarnold a new dude here? the one who was asking how to install server with gui? :)
<hehehe> hehe
<hehehe> how are you ubuntu server people? :)
<fluvvell> I boot /dev/md0, but just noticed - [_U] - an element missing, tried to re-add with    mdadm --manage --re-add /dev/sdb2 and it said    "... is not possible"   - given that its my boot drive, is it because it is mounted?
<fluvvell> will I need to boot to a rescue and do it unmounted or is there something I'm missing (other than a drive!)
<fluvvell> I always thought you could manage raid live, thing is, these fail so seldomly, I don't get lots of practice
<tomreyn> no, it's not because it's mounted
<tomreyn> it should work nevertheless
<tomreyn> so it must be somethign else.
<fluvvell> tomreyn, thoughts on what to look for?
<fluvvell> smartctl reports it fine
<tomreyn> is this a RAID-1?
<hashwagon> What's the proper useradd line to create a system user?
<tomreyn> hashwagon: adduser --system is the preferred approach on ubuntu, i think
<tomreyn> fluvvell: does 'mdadm --detail /dev/md0' actually suggest that /dev/sdb2 is the device that's missing?
<tomreyn> what's its state?
<tomreyn> if you just 'mdadm -A /dev/md0', does that work?
<fluvvell> Raid1
<tomreyn> i mean 'mdadm -A --scan /dev/md0' (missed the --scan)
<fluvvell> tomreyn, yes /dev/sdb2 is clean, not active
<fluvvell> tomreyn, md0 is already in use
<fluvvell> tomreyn,          State : clean, degraded
<fluvvell>  Active Devices : 1
<fluvvell> Working Devices : 1
<fluvvell>  Failed Devices : 0
<fluvvell>   Spare Devices : 0
<fluvvell> tomreyn,    Raid Devices : 2
<fluvvell>   Total Devices : 1
<tomreyn> please use a pastebin
<fluvvell> tomreyn, sure, just 4 lines - Ok 6, yeah sorry
<fluvvell> tomreyn, any thoughts?
<fluvvell> tomreyn, actually /dev/sdc2 is the missing device, sorry sdb2 is working, but it won't let me add /dev/sdc2   - my checking is accurate, I'm just reporting it to you backward
<fluvvell> tomreyn, I just look stupid, I  try not to act that way.  mdadm: --re-add for /dev/sdc2 to /dev/md0 is not possible
<arooni> question:  how come when i logged into my vps that i havent been to in awhile i had 86 packages to upgrade.  i thought i already set up unattended packages correctly
<sarnold> arooni: I think the unattended-upgrades package just does packages from -security and not from -updates
<sarnold> arooni: .. but I think that as packages are mirrored from -security to -updates that might mean that the unattended-upgrades doesn't notice them
#ubuntu-server 2017-07-26
<hehehe> sarnold: is mongodb some crap?
<hehehe> :D
<hehehe> I just started to use it and it seems interface initially is cumbersome
<sarnold> hehehe: I've gotten the impression that mongo is brittle and takes way more resources than one might think
<hehehe> well what to do
<hehehe> :D
<sarnold> and I'm slightly terrified of its eventual consistency thing
<sarnold> and apparently you ought to consider using numactl when starting it to ensure that it gets memory and lots of it
<hehehe> is there a quick way there to make admin user?
<hehehe> :D
<hehehe> anyway good news new chat coming soon :)
<hehehe> so i can at last move to chat where most people come to talk
<hehehe> :)
<hehehe> not just iddle
<tomreyn> fluvvell: with the (limited, no output, just summaries) information you provided, i provided all the suggestions i could. i then went afk. i'll head to bed now. if you would like more suggestions, i would suggest you put the actual output of some informational commands (such as 'mdadm --detail /dev/md0', 'cat /proc/mdstat' and the (in- and) output of the command that does not result in the expected result) on a pastebin and ask your
<tomreyn> question again.
<lwizardl> what is a good media backend server to use so kodi and read the media over the network
<lordievader> Good morning
<lwizardl> morning
<lordievader> Hey lwizardl
<lwizardl> whats up
<lordievader> First coffee of the day. With you?
<lwizardl> nice, I'm just trying to figure out what would be the best backend server setup to use for kodi media files
<zioproto> hello
<zioproto> coreycb, jamespage on Newton Xenial I am working on a problem were snapshotting a instance with a LVM backend fails. In the log files I see apparmor complaining. I never had problems with apparmor so far... so I am not sure this is a maybe a false positive. So everything I try to snapshot an instance I see this in the kernel log: https://pastebin.com/JTiiSNRz
<zioproto> this virt-aa-helper that cant read a couple of config files could block the all thing ?
<zioproto> I get a nice stacktrace in nova-compute.log that ends with libvirtError: internal error: unable to execute QEMU command 'migrate': Migration disabled: failed to allocate shared memory
<jamespage> zioproto: I don't think so - the virt-aa-helper is used on instance creation to create an apparmor profile for the instance
<zioproto> but why this pops up when creating to snapshot ?
<jamespage> zioproto: hmm
<jamespage> zioproto: anything in the libvirt or qemu log files
<jamespage> ?
<zioproto> jamespage: https://pastebin.com/HbckXxvf
<zioproto> wait I check libvirt log file
<zioproto> libvirt.log also complains about apparmor
<zioproto> https://pastebin.com/wBZJyrJ0
<zioproto> all seems related
<zioproto> do you think it makes sense to dig into this virt-aa-helper to solve the snapshotting issue ?
<zioproto> jamespage: still there ?
<jamespage> zioproto: yeah sorry - been having internet trouble - just replaced a socket for one with an in-built microfilter
<zioproto> jamespage: no problem, when you a chance to look into this apparmor thing tell me your opinion about it.
<jamespage> zioproto: tbh I'm a bit flummoxed - newton has the version of libvirt and qemu from xenial
<jamespage> zioproto: did this work with previous versions?
<jamespage> zioproto: looks similar to https://bugs.launchpad.net/fuel/+bug/1638269
<ubottu> Launchpad bug 1638269 in Fuel for OpenStack "OSTF Launch instance, create snapshot, launch instance from snapshot failed" [Critical,Fix released]
<zioproto> I have no idea if it worked before. Probably not. Usually we use the ceph backend. But for some users we force the lvm backend. We do this using a property in a private flavor. Then with host aggregates we make those flavor land on specific hypervisors where nova.conf has 'lvm' in the [libvirt] section. Now one of our users tried to make a snapshot. I was expecting a LVM snapshot to be created, but actually
<zioproto> nothing happens
<zioproto> jamespage: but this looks like a patch for trusty https://review.fuel-infra.org/#/c/28086/2/debian/apparmor/libvirt-qemu
<zioproto> please forgive me ! I just found out that this hypervisor is actually still on trusty
<zioproto> jamespage: upgrading libvirt-bin from 1.3.1-1ubuntu10.5~cloud0 to 1.3.1-1ubuntu10.9~cloud0 upgraded the apparmor files and fixed all the problems. Now I can do snapshots ! not sure if it was apparmor or libvirt internals
<jamespage> zioproto: \o/
<zioproto> jamespage: I reproduced it on another Hypervisor. There is a second thing. Not only upgrade libvirt. Also in /etc/apparmor.dabstractions/libvirt-qemu this patch is required: https://review.fuel-infra.org/#/c/28086/2/debian/apparmor/libvirt-qemu
<zioproto> jamespage: what about this patch ? Is this something that should be included in a package ? the file /etc/apparmor.d/abstractions/libvirt-qemu belongs to the package libvirt-bin that I just upgraded at the latest version 1.3.1-1ubuntu10.9~cloud0
<zioproto> should I submit a patch for that package ?
<jamespage> zioproto: raise a bug - I'll ask christian to look next week (he's the libvirt maintainer in the server team)
<smoser> rbasak, can you help me out ?
<smoser>  https://code.launchpad.net/~logan/ubuntu/+source/scim-chewing/+git/scim-chewing/+merge/327575
<smoser> i think i just confused things.
<rbasak> smoser: done
<smoser> thanks
<jbicha> hi, should LP: #1618188 be added to Trello as something to watch, help out with or whatever?
<ubottu> Launchpad bug 1618188 in ubuntu-meta (Ubuntu) "systemd journal should be persistent by default: /var/log/journal should be created; remove rsyslog from default installs" [Wishlist,Triaged] https://launchpad.net/bugs/1618188
<rbasak> jbicha: that feels like a feature request to me and not a regression or bug?
<rbasak> AIUI, rsyslog behaviour remains unaffected.
<rbasak> And by feature request, I mean one where a decision has not been made. So there's no action on it currently, so I'm not sure what a Trello card would do.
<rbasak> Or are you asking us to drive it in some particular direction, and if so, which?
<jbicha> I think Ubuntu should consider enabling a persistent systemd journal by default before 18.04 LTS
<jbicha> it's a complicated issue: maybe we don't need both a persistent systemd journal and rsyslog
<jbicha> so I'm suggesting that y'all add it to your backlog of things to look into
<rbasak> OK, thanks.
<rbasak> I guess it's an open question as to what we actually want to do here.
<rbasak> dpb1, kirkland: ^
<rbasak> rharper and smoser also maybe? ^
<jbicha> the bug points out that there was some discussion on ubuntu-devel back in February
<bipul> What is MASS Regional controller?
<dpb1> maas region controller in theory can have multiple rack level controllers registered to it
<dpb1> bipul: https://docs.ubuntu.com/maas/2.1/en/intro-concepts#controllers <-- see for more
<bipul> Can we control my vm with mass?
<dpb1> yes
<dpb1> look over the docs, there are some good tips about vm usage in there
<smoser> rbasak, i kind of think we shoudl be logging to a file, and i'm pretty sure rharper agrees.
<rbasak> nacc: how about http://paste.ubuntu.com/25177407/
<rbasak> Prints the directory from top level subcommand code if --no-clean is in use.
<nacc> rbasak: i would rather we didn't change any functionality first, then decide on whether it makes sense to always print it
<nacc> rbasak: that is, just do it unconditionally, then file a bug saying you want `git ubuntu clone` to be less verbose
<nacc> rbasak: but note, you need to change all the callers for GitUbuntuRepository(), not just clone
<cyphermox> nacc: rbasak: could I please have an import of shim-signed?
<rbasak> nacc: can we just decide that now?
<cyphermox> (looks missing to me, or maybe I don't know where to look)
<rbasak> nacc: I don't think library code should _ever_ output to stdout/stderr.
<nacc> rbasak: this isn't about library code
<rbasak> I also think that commands should in general be silent.
<nacc> rbasak: i'm saying right now `git ubuntu clone` always prints where it clones to
<rbasak> TAOUP principle.
<nacc> rbasak: right, those are *two* commits then
<nacc> rbasak: and one is a change in behavior
<rbasak> Sure. I'm requesting a change in behaviour.
<nacc> right, but it's easier to review as two steps
<nacc> and easier to revert :)
<rbasak> I don't think it's worth writing all the code to pull out the printing of stuff up one level only to then remove it.
<nacc> I fundamentally disagree :)
<rbasak> It will be easier to revert, but only as much easier as it is to write the code in the first place.
<rbasak> It doesn't save anything overall whether we decide to revert or not.
<rbasak> should _ever_ output> except on caller request, of course.
<nacc> so you're saying that `git ubuntu clone`, which uses a tempdir by default, shouldn't tell the user what the tempdir is, unless they pass --verbose?
<nacc> taht's asinine to me
<nacc> the user doesn't *know* that they need to pass that flag, until it's possibly too late
<nacc> rbasak: the no-clean thing was an example, not the rule, sorry
<nacc> rbasak: the rule is, if the user wouldn't know what the directory we are using is, emit it
<rbasak> git ubuntu clone uses a tempdir by default?
<nacc> rbasak: yes
<nacc> rbasak: err, not clone, import, sorry
<rbasak> I thought it mirrored "git clone".
<nacc> rbasak: the thing you just pastebinned :)
<nacc> rbasak: also, `git ubuntu clone` should be *more* verbose, tbh. it should show the `git fetch` output
<nacc> right now it's silent for *way* too long
<nacc> and i think a regular user will ^C it every time
<nacc> thinking it's hung
<rbasak> I agree with commands that take time showing progress.
<rbasak> In this case I think it should mirror "git clone", though I appreciate that since it doesn't do that exactly this may be difficult and we'll have to compromise with some other status output.
<nacc> +1 on that
<nacc> i want `git ubuntu import` to emit the directory used unconditionally (or at least whenever a tempdir is used)
<nacc> i guess for the remainder of the submcommands, it doesn't matter. `git ubuntu review` will also need to follow that pattern
<rbasak> I don't think either should be necessary. But I'll concede whenever --no-clean is used, as I see that as mainly a debug option.
<nacc> rbasak: hrm? what do you mean by "either"?
<rbasak> 1) emit unconditionally; 2) only when --no-clean is used and a directory wasn't given.
<nacc> rbasak: i'm suggesting consolidating those to 1) if no directory is given, emit the directory used
<nacc> rbasak: otherwise that information is *not* available to the user
<rbasak> I agree that not having it available to the user is bad.
<rbasak> I think this is a symptom of a poor CLI option though, rather than a lack of output.
<nacc> rbasak: not sure i follow?
<nacc> rbasak: what option are you referring to?
<rbasak> Perhaps we shouldn't permit --no-clean when a directory name isn't given for example.
<nacc> rbasak: the directory option, period, is optional, regardless of other flags
<nacc> rbasak: e.g., if you ^C the importer, you can go look at where it is
<nacc> rbasak: but if you don't emit the tempdir used, you can't
<rbasak> And I'm arguing that --no-clean makes no sense if a directory is not given. Because how would the user know where it is? Printing it is a hack.
<nacc> ... the user knows where it is because we tell them?
<nacc> if you're suggesting a separate change in functionality, just do that
<rbasak> Right, and I'm saying that's a poor show.
<nacc> I don't see anything poor about it, but in the end, I really don't care
<rbasak> I'm trying to hammer out our differences so we can agree on a path across all three interacting pieces :)
<nacc> I think having to pass a directory when I do offline imports will make me actively use the importer less
<nacc> :)
<rbasak> Perhaps we should default to the package name then, like "git clone"?
<nacc> or require a directory
<rbasak> nacc: I only tacked this on in there because I was under the impression that you already agreed.
<nacc> rbasak: my point was with the current functionality, you need not pass a directry
<rbasak> nacc: I can just drop it from this MP and we can work this out later?
<nacc> rbasak: if you think the user should always pass a directory, or default to using the srcpkg name, then do that, but as a clear functional change
<nacc> rbasak: which needs to be propogated to all wiki pages, the manpage, etc.
<nacc> rbasak: and the bash completion script :)
<rbasak> I never thought that you considered the logging info printout as part of the CLI definition :)
 * rbasak has always seen it as noise
 * nacc thinks you haven't debugged the importer quite as much as I have :)
<nacc> rbasak: i think the idea of dropping logging.info from internal library code is +100. I think the idea of changing user-facing functionality in the same commit is -100.
<nacc> rbasak: I think you can change the user-facing functionality in a second commit and it goes to at least a positive value :)
<rbasak> nacc: I agree with what you're saying. But I also think that if the conclusion is to drop user-facing functionality, then we can do that in one commit. This commit :)
<rbasak> Though I admit the commit message should be different then.
<nacc> that's fair, then. I guess my point was that what you had (commit message wise), did not match the effect (to me) and thus I had to pay closer attention to the review and think if it's ok.
<kirkland> rbasak: ack, thanks
<bipul> i have installed mass on my VM , but what will be the next step ?
<nacc> rbasak: do you want to do a HO today in prep for tmrw?
<rbasak> nacc: I was thinking about suggesting that :)
<rbasak> nacc: was just checking my schedule. I'm free now.
<nacc> rbasak: ok, give me one sec to resolve dpb1's upload :)
<rbasak> ack
<nacc> rbasak: use the standup HO?
<rbasak> omw
<rbasak> nacc: I'm there.
<nacc> rbasak: actually, do you want me to land your branches since we agreed?
<rbasak> nacc: sure. Though I think both MPs need minor modifications?
<rbasak> nacc: IIRC a comment about using Version as an interface, and the moving of logging.info to everything that calls the GitUbuntuRepository constructor?
<nacc> rbasak: ack, i'm stacking that on top
<nacc> rbasak: if you're ok with that
<rbasak> nacc: yeah that's fine thanks!
<nacc> rbasak: fyi, just pushed a new branch and requested review for a fixed SRU versioning test
<drab> hi, dumb networking question that's eluding me..
<drab> if I add an ip alias to an interface, say eth0:1
<drab> connections inbound for that ip will be routed out from the main ip associated to eth0
<drab> I'm guessing because that's default route for the main table and both ips belong to the same network so that can't be used to pick the alias one
<drab> is there some way with policy routing or something else that I can force outgoing connections to use the same interface/ip they came in through?
<sarnold> drab: take a look at http://lartc.org/howto/lartc.rpdb.multiple-links.html
<drab> sarnold: oh, yeah, I've done that on the gw, but I thought there was something "simpler" here given it's an alias interface
<drab> guess not
<sarnold> drab: alias interfaces are wonky
<drab> (the gw has two uplinks)
<sarnold> best forget those as quick as you can :)
<drab> yeah, it's just for a migration, maybe I shuold have asked that question instead
<sarnold> just add multiple addresses to the nic as needed..
<drab> need to move a service from one box to another that eventually will be on a diff ip
<drab> so wanted to add the old/current ip as an alias until settings propagate throuhgout the network
<drab> (it's the dns server and the lease if 48hrs)
<rbasak> nacc: here are a couple of additional cases that fail. The second is a little debatable but I think core devs/SRU would agree that it is what they expect should that situation arise. The first one is surely common though.
<rbasak> http://paste.ubuntu.com/25180158/
<rbasak> nacc: but your MP objectively improves things, so I wouldn't want to hold that up. I just wonder (without having looked at your code) whether we're headed in the right direction, or there's something fundamental about our approach we need to change.
<nacc> rbasak: line 9 of your paste, that version doesn't look right? 1.01-ubuntu1.17.10.1 is definitely not right? should be 1.0-1ubuntu1.17.10.1 ?
<nacc> rbasak: similar on line 10?
<nacc> rbasak: not sure if that changes the result :)
<rbasak> Sorry, yes. Checking.
<nacc> rbasak: i made the exact same typos and thought i had broken things when i was working on the change :)
<rbasak> Still fails I think
<rbasak> I don't like going >80 cols, but I'm not sure how to make that better :-/
<nacc> rbasak: ack, failure reproduced, let me see if i can see why
<rbasak> I get all passed now!
<nacc> rbasak: what's the diff? :)
<rbasak> I added a further test, now one failure
<rbasak> http://paste.ubuntu.com/25180232/
<hashwagon> What's the correct method of adding a Windows shared printer to an ubuntu server via Samba? Is it added through smbclient?
<rbasak> nacc: my current failure is that if the series part is set in the past or the future, for the same base and major version, then I think the series form must be used
<nacc> rbasak: cool, let me see if i can figure that out, it appears to not see the same base version, if i had to guess
<nacc> rbasak: yeah
<nacc> rbasak: something with versioning.py l.132 i think
<nacc> rbasak: http://paste.ubuntu.com/25180252/
<nacc> rbasak: that passes here
<rbasak> OK, give me a few minutes to catch up
<nacc> rbasak: basically, if our current version is a prefix of any prior or future version, we should use the series-version. Although that's not quite right, as it will false match ubuntu1 to ubuntu11 ..
<nacc> rbasak: http://paste.ubuntu.com/25180277/ specifically fails
#ubuntu-server 2017-07-27
<rbasak> nacc: we should add that to the list of tests then.
<rbasak> nacc: I reviewed the MP. I'm happy to take further changes on if you like.
<rbasak> nacc: in the meantime, it's probably good that we've both touched this code now :)
<nacc> rbasak: yep, just was an fyi on that particular case :)
<nacc> rbasak: i'll work on fixing up my patchset and getting those tests to all pass
<nacc> rbasak: i agree with your sentiments in the MP
<nacc> rbasak: i'm EOD -- i'll work on it tmrw, and then i'm going to pivot to documentation
<rbasak> nacc: thanks.
<rbasak> nacc: ack. For your startswith fix, without looking at it in too much detail, can we use an exact match against a decomposed bit instead?
<rbasak> That would fix your problem case I think?
<nacc> rbasak: yeah, probably an exact match is better, good call
<nacc> rbasak: i forgot we have that in this context :)
<rbasak> :)
<nacc> rbasak: it feels like we really want to decompose the before/after series versions, and then see if a) any of them have the same decomposed prefix as we do
<nacc> rbasak: and we probably should do some sort of internal check that our ordering stays correct (that a proposed new version is not before or after anything in before/after respectively
<nacc> (sanity check)
<nacc> rbasak: in any case, will work on it tmrw
<rbasak> nacc: agreed
<rbasak> nacc: might be an idea to reduce before and after to the max before going this deep though.
<nacc> rbasak: true, that's a good point, we just need the 'nearest' neighbors, really, right?
<rbasak> Now I'm not so sure!
<rbasak> I was only thinking about one series in each direction, and taking the max of all of the pockets.
<rbasak> But of course there are multiple series in each direction. I hadn't considered that.
<nacc> rbasak: and once one goes EOL, it might not get updates, but another one might :)
<nacc> so you need nearest active series, i think
<nacc> or something :)
<rbasak> I'll think about it. Or we'll see when we hit an edge case :)
<fluvvell> I boot /dev/md0, but just noticed - [_U] - an element missing, tried to re-add with    mdadm --manage --re-add /dev/sdc2 and it said    "... is not possible"   - given that its my boot drive, is it because it is mounted?
<fluvvell> https://paste.ubuntu.com/25173905/
<sarnold> is there anything in dmesg that says why it was kicked out or not allowed back in?
<fluvvell> it hasn't been part of the raid array since may, so I don't have logs from then
<fluvvell> sarnold, https://paste.ubuntu.com/25180682/
<fluvvell> IS anybody around or is it sleepy time where you are... ?
<sarnold> it's been long enough tha it probably doesn't hurt to reask your question
<lordievader> Good morning
<zioproto> jamespage: I raised the bug against the libvirt package that we have been talking about yesterday: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1706875
<ubottu> Launchpad bug 1706875 in libvirt (Ubuntu) "libvirt's apparmor profile denies access to /tmp and snapshots failed" [Undecided,New]
<jamespage> zioproto: ok
<BigBangUDR> Hello all need help regarding kernel panic in 14.04 issue - http://imgur.com/a/3oKAQ
<jamespage> zioproto: is you libvirt issue on trusty via Mitaka UCA resolved by the version in -proposed (1.3.1-1ubuntu10.11~cloud0)
<jamespage> zioproto: actually https://bugs.launchpad.net/qemu/+bug/1626972 is pertinent here
<ubottu> Launchpad bug 1626972 in Ubuntu Cloud Archive mitaka "QEMU memfd_create fallback mechanism change for security drivers" [Undecided,Fix committed]
<microwaved> is there a way to work around apt-get install -f without installing new kernel versions?
<jamespage> zioproto: see comments - I've just released the qemu fixes to the mitaka uca -updates pocket
<zioproto> jamespage: I will try 1.3.1-1ubuntu10.11~cloud0 and give you feedback, thanks !
<jamespage> zioproto: make sure you pickup qemu as well - that's where the actual fix is
<mzaza> I have followed the following article https://www.howtoforge.com/restricting-users-to-sftp-plus-setting-up-chrooted-ssh-sftp-debian-squeeze, in creating a jailed SSH user. The user should be able to login to shell to run some php commands, the account is intended to be handed over to the developer. However I have an AWS server which logs in using a key file, I have followed the instructions and
<mzaza> created the user hazem, however I'm unable to login using that user because login because I get public key denied. Any ideas?
<hehehe> hi
<hehehe> who here knows  mongo?
<hehehe> I am stuck with it :D
<hehehe> some silly mistakes hehe
<hehehe> while trying yo initiate replica set
<tomreyn> they most likely have their own irc channel
<tomreyn> hehehe: ^
<hehehe> only 1 dude there knows stuff
<hehehe> and he is busy :D
<tomreyn> mzaza: did you place the (AWS server) users' public SSH key in ~/.ssh/authorized_keys on the home directory of the user that will be authenticated against?
<tomreyn> mzaza: also check /var/log/auth.log on the server that authentication takes place on.
<mzaza> tomreyn: Jul 27 15:15:23 ip-172-31-30-64 sshd[9417]: Connection closed by 41.128.168.145 port 49374 [preauth]
<tomreyn> mzaza: meaning?
<mzaza> tomreyn: I don't know :D that what I get when trying to connect using the new jailed user :D
<mzaza> After adding the public key in the authorized_keys file
<tomreyn> and the client says what?
<mzaza> permission denied (public key)
<tomreyn> maybe you placed the authorized key file outside the jail?
<tomreyn> maybe when you jailed the user you also changed its home directory.
<tomreyn> show 'getent passwd hazem' and 'ls -la $(getent passwd hazem | cut -d: -f6)/.ssh'
<semiosis> since upgrading imagick-common from 6.8.9.9-7ubuntu5.7 to 8:6.8.9.9-7ubuntu5.8 on july 25, the php imagick composite functions stopped working, they are effectively no-op (no error or exception, they just do nothing)
<semiosis> anyone interested in discussing this, or should I just go straight to opening a bug report?
<semiosis> this only affects php-imagick, not the command line
<nacc> semiosis: it would be good to file a bug, please subscribe me (nacc)
<semiosis> will do. thanks nacc
<nacc> semiosis: this on 16.04?
<semiosis> yes
<nacc> semiosis: is it something taht works again if you go back to 5.7?
<semiosis> the archive didn't have ubuntu5.7, only ubuntu5.  i downgraded to that and we're back in business
<nacc> semiosis: ok, so file the bug against imagemagick (not php-imagick)
<nacc> semiosis: do you have a testcase?
<nacc> semiosis: if possible, put that in the bug too
<semiosis> but our users started complaining on the 25th, and the dpkg log showed an automatic upgrade from 5.7 to 5.8 on that day
<semiosis> i will make a testcase for the bug report
<nacc> semiosis: thanks
<semiosis> nacc: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1707015
<ubottu> Launchpad bug 1707015 in imagemagick (Ubuntu) "image composite functions not working in php" [Undecided,New]
<nacc> semiosis: thanks
<Guest33158> ls
<Guest33158> wops
<Guest33158> wops
<Guest33158> hops
<Guest33158> thanks for ever until a day you will guys
<tomreyn> ?
<dpb1> ahasenack: bug updated
 * ahasenack reloads
<dpb1> ahasenack: you think I should tag it?
<ahasenack> dpb1: we need to make a release in github, right? It's a debian native package (i.e., it has debian/ in it)
<dpb1> ok
<ahasenack> ah, changelog is 2 already
<dpb1> I'll just tag it v2~pre1, since I'm a bit tired of deleting tags. :)
<ahasenack> dpb1: I haven't read the whole bug yet, so version 2 will be in trusty, what will the > trusty versions be?
<ahasenack> i guess they will follow the conventions
 * ahasenack bring up the versioning cheat sheet
<ahasenack> 2.0                           2.0ubuntu0.1
<dpb1> ahasenack: in this case, you need to read the bug
<ahasenack> so 2ubuntu0.16.04.1 for xenial I suppose
<ahasenack> since the same version will be in all of them
<ahasenack> ok
<dpb1> ahasenack: an AA is being requested to do a "pocket copy" from trusty forward
<ahasenack> whatever that means
<dpb1> right
<fluvvell> I'll re-ask, I have a machine that is booting fine, runs raid 1, but the / array is only coming up with one of its two elements.
<fluvvell> https://paste.ubuntu.com/25173905/
<fluvvell> https://paste.ubuntu.com/25180682
<ahasenack> fluvvell: if you add it back post-reboot with mdadm (I presume it's md0), that works?
<ahasenack> but on reboot it's gone again?
<fluvvell> I've tried to re-add, which responds with not possible
<fluvvell> or should I add it as if it never    (as in --re-add)
<fluvvell> OK, this may sound a dumb question, but I've not had to play with any of my servers raid arrays for a couple of years because they are so reliable. If its the md0 array, mounted on /, and the fact that its mounted, thats not whats causing the trouble ?  I've not rebooted as its high demand
<tomreyn> fluvvell: now that you actually provided output, answering your questions should be a lot easier. :)
<tomreyn> i assume sdc2 is the missing raid device in md0?
<tomreyn> *only* if so, try this: mdadm /dev/md0 --add /dev/sdc2
<tomreyn> if this won't work, do this first: mdadm --zero-superblock /dev/sdc2
<tomreyn> ... then add it again
<nacc> rbasak: fyi, there is a nice launchpad API 'isSourceUploadAllowed' for a per-series query of person/srcpkg upload permissons
<rbasak> Nice
<fluvvell> sorry, left the office to  a callout. tomreyn, yes sdc2 is the missing one
<tomreyn> fluvvell: that's fine, so you know how to proceed ;)
<fluvvell> yes, thanks - I had been leaning towards the --add, but I've not considered the zero-superblock before.
<tomreyn> this can be necessary when things get out of sync / configurations have changed.
<tomreyn> --re-add only works when there is a chance / it makes any sense to update a previous raid member device to the latest data. i.e. this only makes sense when the numbers provided in --examine output (for a given raid) are close
<tomreyn> if they are not, --add is the way to go
<tomreyn> * 'Events:' numbers
<nacc> rbasak: we should sync tmrw. I think the abstraction in versioning.py is incorrect for doing the SRU checks we want
<nacc> rbasak: i just pusehd a new branch, i don't love it, but it does pass tests, please take a look if you can
#ubuntu-server 2017-07-28
<fluvvell> tomreyn,  thanks for all the help, its recovering now, looks like completing within an hour or so.  Time to take a lunch break methinks.
<tomreyn> welcome, enoy lunch
<drab> anybody using ldirectord or some other load balancer that can redirect queries based on src ip?
<drab> load balancing seems the correct answer to my question from the other day re: running CF on a different box than the GW
<drab> at this stage I'd like to run 2 CF boxes especially for upgrades
<drab> so that I can upgrade one, and redirect some traffic to it, make sure stuff works, and then upgrade the other
<drab> however I can't see a lb that will allow me to choose which traffic to route to a real server based on src ip
<drab> they all seem to pick the destination based on weight or availability, which isn't helpful
<drab> I guess I could use REDIRECT on the gw and redirect to a different service based on src ip with iptables
<drab> that'd work
<tomreyn> normally you'd add a custom cookie or request header to deviate from default traffic flow for testing / debugging purposes.
<zul> jamespage:  when you get a chance https://review.openstack.org/#/c/488254/
<tomreyn> i'm not sure which open source LBs support this, but i would assume most L7 do.
<drab> tomreyn: good point, will take another look at the config files/man pages, altho most of these LBs are advertised as L4, not L7
<drab> oh, LVS has KTCPVS which is L7
<drab> nope, all those solutions seem way more work to setup and maintain than the iptables trick with multiple virtual services
<drab> there are some new L7 balancers like one from lyft, but they aren't even packaged
<ah-donny> Hey all, Is there any cloud storage software for Ubuntu Servers that can used on my home network to communicate with Android, iOS, Linux and Windows machines
<lordievader> Good morning
<zul> icey: I think you got more breakage in the nova-lxd tree, its missing wsgi-intercept as a build dependency now
<zul> in the test-requirements.txt
<icey> zul saw that test failure :-/
<ivoks> zul ! :)
<zul> ivoks: heylo
<ivoks> how are you?
<zul> I'm good how are you
<icey> zul: this one is piled on behind your tracebnack fix: https://review.openstack.org/#/c/488403/1
<zul> icey:  yeah I think you are going to have more problems though but it could be just me I think
<icey> zul at least it passes tox with your commit and mine ;-)
<zul> icey: coolio
<xpistos> Hi all. I am currently running Ubuntu 16.04.02. How do I upgrade my server to the most current rev? I thought apt-get dist-upgrade would take care of that
<rbasak> xpistos: what do you want to upgrade to?
<xpistos> rbasak: isn't 16.04.04 out ?
<rbasak> No, it's not.
<rbasak> https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule
<ogra_> https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule
<ogra_> *snap*
<xpistos> ok. Thanks
<ogra_> funny ... .4 isnt even on there
<xpistos> I thought i saw it was out but thanks for that page!
<xpistos> So when a point rev gets released then am I correct that dist-upgrade will install that?
<ogra_> yes
<rbasak> Point releases are just roll ups of all updates released up to that point, together with some installer changes.
<rbasak> If you're installing updates regularly, then upgrading to a point release is effectively a no-op for you anyway.
<rbasak> (installer defaults can change though, such as the hardware enablement stack, which you need to opt in to if upgrading; but there's no point usually if everything works since by definition you don't need hardware enablement updates then)
<zul> icey: you have problems with the wsgi-intercept fix
<icey> zul and we're running a tempest test for dvsm that isn't passing :-/
<zul> icey: *sigh*
<DammitJim> oh man, I'm about to get bashed... I've been asked to set up an Ubuntu Server 16.04 with Unity
<DammitJim> however, stubborn me doesn't want to install everything that comes with ubuntu-desktop
<DammitJim> so, I did the no-install-recommends
<DammitJim> however, I am having a very hard time configuring rdp to this desktop
<DammitJim> do you guys have any pointers as to how to configure rdp for unity? I got it to work with xfce
<android> how to install held packages
<android> held because no verification gpg key
<genii> Add the key.
<android> I don't have it.
<android> where can the propesed key be found in the package info?
<android> it is going to call for a key id such as 0xFFFFFF right?
<android> --ignore-hold didn't work
<android> apt-get info <package>?
<android> where can the proposed key be found in the package info?
<nacc> android: the key is from the repository that hosts the package (if I understand what you are saying)
<android> this is an old version
<android> does old-versions have a signer key?
<android> is the release upgrade going to need a new key?
<android> this is planned for upgrade to system76
<android> nacc the virtex shader graphics need to go
<android> the website says the old version can be upgraded using do release upgrade
<android> nacc you did well with an on target observation however support is taking too long
<android> you just dont have enough energy to be support
<android> find a new job
<android> it doesnt need to take hours to formulate a response
<android> do something like production line sorter
<android> sort beans or somethinb
<android> ok nacc
<android> ok nacc?
<hashwagon> Help meh, Ubuntu 16.04 system most commands result in Segmentation fault. How do I reboot this system? sudo doesn't seem to work either. Logged in as sudo user now.
<hashwagon> It's a remote system so Ctrl+Alt+Delete isn't very accessible.
<sarnold> you may be able to use echo something > /proc/sysrq-trigger
<sarnold> of course the defaults for what can be done via the sysrq-trigger are pretty limited; I can't recall off-hand what is allowed vs not allowed
<sarnold> the sysrq-trigger file takes the same commands as the sysrq key on the keyboard
<sarnold> so u to umount, s to sync, b to boot, etc. I always used sync sync umount boot when doing a sysrq shutdown..
<sdeziel> sound advise but IIRC, writting to sysrq-trigger requires root
<sarnold> oh sigh I thought that was a sudo shell :/ not just sudo user. uh. that's not ideal.
<hashwagon> Permission denied on echo to proc
<hashwagon> cannot sudo echo
<sdeziel> last time I ran into such situation was when I was wiping the root fs ... I hope you are no facing a similar situation
<hashwagon> There's some keyboard command I thought could be used to reboot, not sure if that works remotely though..
<sarnold> it might; that'd be the sysrq key; I think I heard some systems can let you send a break command to trigger it
<sdeziel> hashwagon: for a remote system that's what the sysrq-trigger file is for but as you noticed, you need to be root to use it
<sdeziel> hashwagon: I'd probably take a look at dmesg (if that works) just to know what's up with the machine. Regarding the reboot, there is AFAIK no way for a regular user to trigger one remotely
<JanC> otherwise would be disastrous on any shared system  :)
<gunix> hey guys. where was i supposed to open ticket to get the packagers to add an openstack cinder version to the package list?
<ahasenack> nacc: hey, am I using git ubuntu lint correctly here: http://pastebin.ubuntu.com/25192910/ ?
<ahasenack> nacc: $(pwd) is a clone of https://git.launchpad.net/~powersj/ubuntu/+source/mongodb branch fix-1584431-xenial
<nacc> ahasenack: let me check
<gunix> there is a big bug currently within openstack horizon on ubuntu server. when cinder is available, it doesn't allow any actions related to volumes. but it should. this was corrected with the latest dashboard patch. but it's not available. where can i open a ticket for this?
<ahasenack> I did git remote add to add the pkg remote, then used that
<ahasenack> before a git fetch pkg
<ahasenack> er, after
<ahasenack> anyway
<ahasenack> gunix: against horizon itself perhaps?
<ahasenack> the openstack-dashboard package in this case
<nacc> ahasenack: fwiw, you shouldn't need to pass -d $(pwd), that's the default
<ahasenack> ok
<nacc> ahasenack: but still reproducing the issue (sorry network is a bit slow today for some reason)
<ahasenack> it's Friday :)
<nacc> ahasenack: hrm, locally (on a slightly differnet branch), i got all of them passed, let me recheck with master (need to stash some changes)
<ahasenack> nacc: hm, they all passed now too
<ahasenack> with or without -d
<nacc> ahasenack: there were some fixes that went out, did the snap possibly refresh locally?
<ahasenack> that would have been an amazing coincidence
<nacc> ahasenack: yeah, it passes with master too
<ahasenack> let me check the logs
<nacc> ahasenack: :)
<nacc> ahasenack: the linter isn't stateful, so i'm not sure why it would have changed the result otherwise
<ahasenack> I see this from a couple of minutes ago
<ahasenack> Jul 28 17:50:51 nsn7 git-ubuntu[7671]: cmd.go:118: DEBUG: restarting into "/snap/core/current/usr/bin/snap"
<ahasenack> Jul 28 17:51:41 nsn7 git-ubuntu[7777]: cmd.go:118: DEBUG: restarting into "/snap/core/current/usr/bin/snap"
<ahasenack> not sure yet what it means
<ahasenack> but there is "git-ubuntu" in it :)
<ahasenack> snap info has an old timestamp (many hours ago) for "refreshed"
<ahasenack> well, it's working
<nacc> ahasenack: yeah, i'm really not sure on that
<nacc> ahasenack: but yeah, all i can say is the linter seems to be passing in my testing
<ahasenack> even the hash in the last "git checkout" line is still the same
<ahasenack> so yeah
<ahasenack> let's ignore this
<nacc> :)
<gunix> ahasenack no, they already released the package. ubuntu has to add it to the repos
<ahasenack> gunix: you mean they made a new source tarball release, and ubuntu has to grab it, or just backport the fix
<gunix> yes, 11.0.3 was released but we still have 11.0.2: https://paste.gnome.org/psldpujzk
<drab> urm, I'm trying to implement that return address thing with policy routing and it seems ip route default doesn
<drab> 't like eth0:1
<drab> anybody has seen that before?
<sarnold> I don't know if the iproute2 utilities handle aliases well
<sarnold> afterall not needing aliases any more was one of their advertising points :)
<drab> mmmh, how would I be assigning a new ip to the same interface then?
<drab> it seems you can do it with the ip utilities, however in network/interfaces the only supported syntax seems ethX:X kind of thing
<sarnold> ip addr add 1.2.3.4 dev eth0 kind of thing
<sarnold> true /etc/network/interfaces is twenty year old cruft :( gotta use up and down scripts there to use ip or add ipv6 to nics or whaetever
<drab> yeah that worked (the ip addr, retrying the policy routing bit now)
<sarnold> thankfully something better is coming https://lists.ubuntu.com/archives/ubuntu-devel-announce/2017-June/001215.html
<drab> is that systemd-networkd? :P
<sarnold> netplan
<drab> oh, never heard of netplan, thanks for sharing
<drab> yeah , just clicked the link
<drab> will read up, thanks
<drab> nope, still not working
<drab> I'm trying to dig as a test and it complains that "reply from unexpected source"
<drab> which is the ip of eth0
<drab> maybe I'm messing up the PR part...
<sarnold> drab: hrm, that reminds me a bit of
<sarnold> arp_filter from https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
<drab> sarnold: good idea, but still having the same problem :/
<drab> net.ipv4.conf.all.arp_filter = 1
<sarnold> drab: and the source routing, I've never needed to know owto do that, did you set that up as the lartc guide recommended?
<drab> yeah, and then also found this: https://unix.stackexchange.com/questions/4420/reply-on-same-interface-as-incoming/23345#comment476516_23345
<drab> which is basically confirming the same thing
<sarnold> wow cool
<sarnold> so that's what the separate routing tables are for :) not only containers
<drab> what about containers?
<drab> btw I'm in a container... I guess I should test this on the bare host just in case
<sarnold> I've seen the multiple routing tables used with containers before but knew they long predated containers..
<drab> I actually use that very lartc stuff on the gateway
<drab> to balance 2 upstreams
<drab> and works just fine
<android> what junk are you making now?
<android> --ignore-hold doesn't work
<drab> I'm building a bed, a table and a shelf unit out of 2by4 and plywood
<drab> oh, maybe wrong channel?
<android> drab now that isnt junk
<drab> you should see my table saw :P
<drab> and what the output is :...(
<drab> but it works and it's cheap
<drab> plus hacking and hammering stuff together is the only way I can preserve sanity from working with computers... :)
<drab> woodworking as therapy ftw
<sarnold> sounds like you could use a lathe
<sarnold> doesn't matter if you actually want any lathed output. but it's hypnotic and makes a mess and smells good.
<drab> a lathe would be nice. and a jointer
<drab> lol
<sarnold> jointer would be more useful perhaps
<drab> msot of the 2by4 I get are just about ready to build arches...
<android> cover it with paint
<drab> I still don't quite get how a jointer is going to fix that tho, if a piece of wood is bent and you pass it through a jointer at most you get uneven thickness
<android> clear paint
<drab> which doesn't seem useful even if it "looks
<drab> " flat
<drab> anyway, need to figure out this ip route thing first :/
<android> ip route?
<android> what of it?
<drab> I'm migrating services from some old hw into containers
<drab> and during the transition I need the container to have its new and final ip + the current hw's ip
<drab> so that clients still using the old ip will work during transition
<android> containers?
<nacc> drab: won't they see two hosts responding to the same IP?
<drab> however if I just add the hw's ip to the container replies will come through the container's primary ip and the client will discard them
<android> amazon junk?
<drab> nacc: the hw will go down as soon as I have this working
<nacc> drab: i'm assuming there are more details being glossed :)
<nacc> drab: ah sure
<drab> so I flip the rule on and unplug the cable to the hw
<nacc> drab: yep, that makes sense
<drab> but right now I'm testing on a box and can't get it to work
<drab> testbox*
<drab> android: lxc containers
<drab> they have a bunch of old hw (desktops) which fail a lot so I've been migrating all their stuff into a server grade piece of hw running lxc
<android> drab where do you work?
<android> it looks like I am being targetes by the app devels
<android> when I install an app they start updating
<android> I have plans on pulling source code for apps
<android> when they update they change the code
<drab> mmmh this is both interesting, useful and annoying
 * drab scratches head
<drab> so now unbound works
<drab> but none of the policy routing stuff was needed
<drab> all the examples I'm finding were using multiple nics/interfaces so I'm wondering if just one and a secondary address that just doesn't work for some reason
<drab> what I had to change was the ip unbound listened on... using 0.0.0.0 created the routing/src ip issue
<drab> but if I explicitly set it to listen on primary and secondary ip then it works just fine
<drab> which makes sense I guess...
<sarnold> drab: curious. very curious.
<drab> on the other hand for example ssh does not seem to have a problem whatsover... set to listen on 0.0.0.0 but connections through the secondary ip work just fine
<sarnold> 0.0.0.0 is probably not ideal for a dns server anyway
<nacc> heh
<drab> it's internal only with all wan traffic fw'ed so not a big of a deal and it saves me having more config tasks to handle, but I hear you
<drab> fw'ed in hindsight was probably the wrong way to shorten firewalled :)
<drab> anyway, all done and working \o/
<drab> thanks all for the support, as usual nothing beats bouncing ideas around
<sarnold> drab: sweer! :D
<sarnold> sweet too.
<sarnold> heh
<nacc> sweer!
<nacc> sarnold: i like it
<drab> sweer... sweet beer! lol
#ubuntu-server 2017-07-29
<drab> damnit, sweer.com is taken... cybersquatters :/
<drab> maybe an ubuntu codename for the future :)
<sarnold> sweering sweerkat?
 * nacc ponders how far into the future we have to be for version sw sw
<nacc> I guess it all depends on what 18.04 ends up being
<nacc> ab or bb ? :)
<drab> nacc: you just need to shorten the release cycle to weekly :P
<nacc> heh
<drab> diff question, any tools/processes somebody here is familiar with to migrate openldap?
<drab> back in the days it was a pretty simple dump with slapcat and stuff, but it seems things got more complicated now
<android> can you get me out of here
<android> hellooooooooooooo
<android> how to remove virtex shader?
<android> hello YankDownUnder
<YankDownUnder> android, Chur? Chur.
<android> YankDownUnder what are you doing tonight? Do you have a telephone number?
<YankDownUnder> If I was healthy, I'd get out somewhere - however, that is not the case, and I shall nurse my health :)
<android> with what mold and dust?
<YankDownUnder> Mold, dust, cancer, cobwebs...the usual :)
<android> have a cigarette to dull the nose from the smell of mold
<android> do you have a telephone number, sounds like you can use some coaching
<YankDownUnder> android, Yeah - smokes and incense kill the mould...I'm slightly radioactive at the moment... (not a joke)
<android> the machine take your soul?
<YankDownUnder> android, hehehehehehehe yeah...linux treats me vastly better than chemo does...way way way better...
<android> chemo?
<YankDownUnder> android, "Chemo" - short for "chemotherapy" - where they give a person an I.V. full of sucrose and radioactive iodine to kill off cancer cells in the body...
<android> misnomer isn't it?
<android> I wrote a line about your cells phasing, it deapeared
<YankDownUnder> android, Hehehehehe...yeah, I'll make sure to tell them that next week on the next injection :)
<android> where are you at?
<android> if your body was hashed with accuracy the supposed cancer can be wiped out quickly
<android> nearly a snap of the fingers
<android> is there anything you want me to do for you yankdownunder?
<YankDownUnder> android, Prayers ALWAYS help - but the best thing you could do is to donate some money to whatever cancer fund you see. Doesn't matter. Cancer is cancer. Donations help, bigtime. For patients, for families, for nurses...
<android> do you accept paypal?
<YankDownUnder> android, Check out: lymphoma.org.au => they accept donations. That's the type of cancer I have. Specifically, it's called "Hodgkin's Lymphoma" - very "elite" name for cancer, eh? :)
<android> wnhy do you call it 'elite'?
<YankDownUnder> android, Cuz most other cancers have very plain generic names, scientific names...so mine has a UNIQUE name! Not that it makes it any better, but you have to have a sense of humour about it...or at least I do...certainly don't want to walk around being all morbid and down and depressed...like a mortician on downers :)
<android> I'd rather donate directly to your fund.
<android> yank
<android> Do you care if I push you off into deep thought?
<YankDownUnder> android, Sorry - fixing a VM at the moment - have to get this client up and running - back in a while
<notdaniel> YankDownUnder, best of luck. you seem to be on the right path so far. in my experience it's those who can handle the pressure and stay positive and keep joking that tend to win these battles
<YankDownUnder> notdaniel, Thanks, bro...that's what all my docs/nurses say. I make the other patients smile, too. Especially the kids. I'm still waiting for my tour of the morgue...they keep denying me that... :)
<android> YankDownUnder
<android> why did you disconnect?
<YankDownUnder> android, Me? Disconnect? Not that I"m aware of. I"m balancing between four different machines and two remote VM's...haven't noticed any disconnects...
<android> YankDownUnder did you part and rejoin?
<YankDownUnder> android, Not sure, and since it's not in the way of my work, don't care.
<android> YankDownUnder your account disconnected and soon after my phone reboot
<drab> it turns out that just copying /etc/ldap and /var/lib/
<drab> and the relevant certs for tls was enough to migrate everything
<drab> (domain hadn't changed)
<drab> to close the loop with yesterday's question
<android> pangs pre dysonsphere
<android> the equilibrium
<android> he didn't want to accept donation
<android> where can you be positioned
<gunix> android how can i run android apps on arch linux ? stuff like skype for business preferably :D
<hehehe> use emulator
#ubuntu-server 2017-07-30
<android> how to allow a release upgrage
#ubuntu-server 2018-07-23
<Zahovay> I just saw that after i upgraded my server through ssh i still have 2.6 kernel. Is it possible to update the kernel through ssh ?
<blackflow> Zahovay: what's the output of   uname -a   ?
<Zahovay> 2.6.32
<blackflow> that's not output of uname -a
<Zahovay> 2.6.32-042stab130.1 #1 SMP Tue May 22 09:19:34 MSK 2018 x86_64 x86_64 x86_64 GNU/Linux
<blackflow> Zahovay: is that OpenVZ VPS? if yes, then no, you can't touch the kernel. I'd leave that hoster before I could finish this sentence.
<Zahovay> Not quite sure about it. The tarhely(dot)eu does provide openVZ vps, could be
<blackflow> that 'stab' kernel is OpenVZ signature
<Zahovay> lol
<Zahovay> your knowledge is amazing (to me atleast)
<Zahovay> do you suggest any "cheap" but not horrible provider?
<blackflow> in EU I'd recommend Hetzner. Digital Ocean is otherwise not too bad.
<Zahovay> Thanks for your advice, hetzner is a bit messy to me but digital ocean looks good
<blackflow> messy how?
<Zahovay> most of the time I find vps server on the site and its clear what it is. On hetzner there are too much options I cant see vps keyword so I should read the whole site which one I m looking for
<Zahovay> if it is at the managed server section it costs way too much
<Zahovay> to us yet
<blackflow> oh they call it Cloud now. but it's a regular VPS with some "cloudy" features like floating IP.
<Zahovay> oh
<blackflow> (and they separate storage from compute nodes, so that's another "cloudy" feature)
<Zahovay> I've made pictures of these prices with a little description of why openvz s...ks, thanks for your help and suggestions
<Zahovay> so back to server, I cant change kernel?
<blackflow> no. that's not really a VM. openvz is a form of OS level "virtualization". a container on steroids if you will. not unlike LXC. so that's just an advanced namespace on the host, with all the limitations of it.
<Zahovay> lol
<Zahovay> you must be kidding me
<Zahovay> blackflow: I am really thankful for your help, you saved me a few days of research and also helped me to get to the right direction. Thank you!
<blackflow> you're welcome.
<blackflow> Zahovay: btw, all this is on the assumption that it _is_ OpenVZ, based on that uname. Given what I've seen people do, it's not theoretically impossible this really is a VM, some franken something with gods know what kernel. :)
<Zahovay> I asked the guy, he told me that yes it is openVZ
<blackflow> mkay.
<Zahovay> anyway I will use this server to host a webpage for now.. (without input field so only information could be read)
<Ussat> Did the command to purge old kernels change ?
<Ussat> sudo purge-old-kernels --keep  2 -qy is now throwing errors. : Command line option --keep is not understood in combination with the other options
<Ussat> Dont remember seeing that before today, this is on 18.04
<Ussat> seems to work fine on 16.04
<Ussat> and works fine on 17.X
<rbasak> Ussat: "sudo apt autoremove" (possibly with --purge) should be sufficient now.
<Ussat> OK, but how does it know how many to keep ?
<RoyK> Ussat: https://help.ubuntu.com/community/RemoveOldKernels perhaps
<Ussat> the old purge-old-kernels -y --keep 2 was working fine , untill 18.04lts
<ogra_> Ussat, autoremove will never remove the currently running kernel and the one the linux-generic package depends on
<rbasak> Ussat: the logic is in /etc/kernel/postinst.d/apt-auto-removal
<rbasak> I'm not sure you can tweak the set of kept kernels any more. But enhancing that with options is a reasonable feature request I think.
<rbasak> Some details at bug 1686138
<ubottu> bug 1686138 in byobu (Ubuntu) "purge-old-kernels is superseded by "apt autoremove"" [Medium,Fix released] https://launchpad.net/bugs/1686138
<Ussat> OK, so safe to assume then that sudo apt autoremove --purge will keep a "extra" kernel to boot from in case of oh shit
<Ussat> OK, ya
<rbasak> Ussat: that's the idea, yes. If it doesn't work for you, please tell us :)
<Ussat> :) count on it.....running it on my test system now :)
<Ussat> sudo apt-get -y autoremove --purge be viable for 16.04 and 17.X also ?
<rbasak> I think it works on 16.04 too.
<rbasak> It's been around for a while.
<rbasak> Since apt 0.9.9.1 according to https://git.launchpad.net/ubuntu/+source/apt/log/debian/apt.auto-removal.sh
<rbasak> That includes Trusty
<rbasak> So it might also work on 14.04 unless there are other moving parts I've not accounted for.
<Ussat> ok, will see. I understand the reasoning, but I like to keep 1 running, a "gneric" and my last known good or N, n-1 and a generic
<ogra_> definitely works on 16.04, i use it regulary on all my classic deb based installs
<rbasak> Ussat: I think if you want to keep extra ones present, you can mark them as manually installed using apt-mark. Then apt won't suggest removing them.
<Ussat> which is what sudo purge-old-kernels -y --keep 2 allowed
<Ussat> rbasak, sure, but I need to do that every time a new kernel is installed. with sudo purge-old-kernels -y --keep 2 it always kept N, N-1 and the generic
<rbasak> Ussat: or tweak the script in /etc. It should be preserved on package upgrades (since it's in /etc).
<rbasak> Ussat: /etc/kernel/postinst.d/ scripts run every time a new kernel is installed :)
<Ussat> OK, but I guess I dont understand the reasoning not allowing to flag how many to keep ?
<ogra_> you dont need to re-set the apt-mark mark if noew kernels are installed ... that is persistent
<ogra_> *new
<rbasak> ogra_: only on the metapackages presumably though?
<ogra_> it should work on the -image packages too ... autoremove ignores manually installed packages
<rbasak> Ussat: I think it'd be perfectly reasonable to add a feature to /etc/kernel/postinst.d/apt-auto-removal to support configurability of how many kernels to keep.
<Ussat> How would I request that ?
<rbasak> Ussat: the only difficulty is in implementation since ideally it'd be stateless, and "how many to keep" is difficult to define (in terms of order of installs, or order of versions, orders of boot, or what?)
<ogra_> you could go a step further and make that an auto-setting feature that simply sets it self up based on available space in boot ;)
<rbasak> Ussat: file a wishlist bug against apt please, noting apt-auto-removal in the subject.
<ogra_> tiny /boot -> keep two ... large /boot automatically keep a few more
<rbasak> (since the apt package ships that script)
<Ussat> ogra_, um.... not sure I would want that auto set, and if was be able to change it
<rbasak> Ussat: if you can provide a patch for the script, even better :)
<ogra_> (plus a manual override on top allowing you to set a fixed number)
<Ussat> rbasak, will work on it in all my free time :)
<Ussat> thanks
<rbasak> No problem. Note that I'm not apt upstream and so I can't make the final decision. But if the patch is reasonable then I see no reason why it can't be done.
<Ussat> noted, I appreciate the help on this...
 * ogra_ hopes eventually we'll simply shop all kernels as snap packages ... that would solve the issue once and for all ;)
<ogra_> *ship
<rbasak> ahasenack: o/
<ahasenack> hi rbasak
<rbasak> ahasenack: I think Monday is cpaezler today, but since he's out, shall we bump to the next person (you)?
<ahasenack> I'm fine with that
<rbasak> Then he can do yours next week I guess.
<rbasak> Thanks
<ahasenack> hm, is it expected that subiquity only enables the main repo in the installed system?
<ahasenack> no restricted, universe or multiverse
<ahasenack> I don't recall if the old server install was also like this
<rbasak> That doesn't sound right
<coreycb> jamespage: for nova i don't think we can move all config to nova-common. there are all of the nova-compute-*.conf files for example.
<Forty-3> how do I restart networking on 18.04?
<Forty-3> I've looked through https://askubuntu.com/questions/230698/how-to-restart-the-networking-service but it doesn't seem to have anything past 16.04
<Ussat> netplan
<Ussat> sudo  systemctl restart NetworkManager.service
<Forty-3> I'm on server, there is no NetworkManager
<Ussat> or
<Ussat> sudo service network-manager restart
<Ussat> I am also on servers and that works
<Forty-3> not for me :l
<Forty-3> network-manager and NetworkManager are both not found
<Forty-3> I really just need to get a new dhcp lease
<Forty-3> I was hoping for something like `systemctl restart dhcpcd` like on other distros
<tomreyn> are there changes in 18.04 server compared to 16.04 as to how ssh key authentication works? i just setup an amd64 server using the classic / alternative server installer and while password autherntication by ssh works fine, i can't seem to make pubkey authentication work, not with RSA keys, not with ed25519 keys.
<sarnold> tomreyn: rsa keys have to be > 1024 bits, that seems to be the most common stumbling block
<tomreyn> it's 2048
<tomreyn> hmm there is a lot more commented out than in earlier versions apparently
<teward> 18.04 the commented out sections are because those are now the 'defaults'
<teward> if you want to be sure though uncomment SSHKeyAuthentication and set it to "yes", then restart the SSH process, to make sure it accepts pubkey auth as a valid method
<tomreyn> http://paste.ubuntu.com/p/3PhWxDM9p8/ is what i have after enabling and also changing a little
<tomreyn> E486: Pattern not found: SSHKeyAuthentication                                                                                                                       20,19         Top
<teward> hang on I forget the specific argument 1 moment
<tomreyn> ignore the 2nd line please
<tomreyn> PubKeyAuthentication is yes
<teward> tomreyn: did you put the public key of your SSH key into the ~/.ssh/authorized_keys file for the user in question?
<teward> (if the user was foobarbaz, that'd be /home/foobarbaz/.ssh/authorized_keys, if it's root it's /root/.ssh/authorized_keys)
<tomreyn> yes i did. i dont know what i changed, but it works now.
<tomreyn> actually i know what i changed. i uncommented these lines
<tomreyn> #HostKey /etc/ssh/ssh_host_rsa_key
<tomreyn> #HostKey /etc/ssh/ssh_host_ecdsa_key
<tomreyn> #HostKey /etc/ssh/ssh_host_ed25519_key
<tomreyn> restarted sshd, could log in
<tomreyn> then commented the lines again, restarted sshd, could still log in
<tomreyn> my guess is the ssh host keys were not created initially
<tomreyn> hmm no, the timestamps on them are old.
<tomreyn> okay, i'm clueless. thanks for helping me out, though.
<dlloyd> whats in /var/log/auth.log for the failed login?
<tomreyn> error: maximum authentication attempts exceeded for root from 123.123.123.123 port 12345 ssh2 [preauth]
<tomreyn> Disconnecting authenticating user root 123.123.123.123 port 12345: Too many authentication failures [preauth]
<tomreyn> just those lines. i still get those when trying to do pubkey auth against root using an ed25519 key
<tomreyn> rsa works
<ahasenack> does anybody have an example (package, project, etc) that uses libapache2-mod-perl2?
<ahasenack> I'm trying to verify https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-perl2/+bug/1779400 so make sure the rebuild didn't introduce some unknown breakage
<ubottu> Launchpad bug 1779400 in libapache2-mod-perl2 (Ubuntu Xenial) "DEP8 fixes for xenial" [Undecided,Fix committed]
<ahasenack> I'm going over apt-cache rdepends libapache2-mod-perl2, but so far I couldn't get anything useful
<ahasenack> webgui doesn't work (that's a package)
<ahasenack> nor does octopussy
 * ahasenack tries otrs2
#ubuntu-server 2018-07-24
<tomreyn> how would you setup and manage networking on a single KVM based HV (no HA) with an IPv4 /28 and IPv6 /64 which you'll manage via CLI (libvirt-bin or similar) only?
<mnms_> Hi.. looking for solid guide about hardening fresh ubuntu server, could you recommend something?
<blackflow> mnms_: https://wiki.ubuntu.com/Security/Features    and    https://gist.github.com/ageis/f5595e59b1cddb1513d1b425a323db04    and employ AppArmor wherever possible. The second links a bit old, those aren't all security features available through systemd, so check its docs too.
<mnms_> blackflow thx
<ahasenack> rbasak: hi, is the importer stuck by any chance?
<ahasenack> rbasak: https://git.launchpad.net/~usd-import-team/ubuntu/+source/autofs/tree/debian/changelog is at 5.1.2-3ubuntu2, rmadison shows cosmic at 5.1.2-4ubuntu1
<rbasak> Looking
<rbasak> Yes, the host was rebooted a week ago
<rbasak> Looking into why
<rbasak> The logs have rotated out :(
<rbasak> Restarted
<ahasenack> jamespage: hi, isn't crmsh used quite a log in openstack xenial deployments?
<ahasenack> I came across https://bugs.launchpad.net/ubuntu/+source/crmsh/+bug/1687095 and "crm cluster health" just can't work in xenial because of the missing dep, and I also added the uca for a bunch of versions and the bug remains
<ubottu> Launchpad bug 1687095 in crmsh (Ubuntu) "crm cluster health: NameError: global name 'parallax' is not defined" [High,Confirmed]
<jamespage> ahasenack: we do but I don't think I have ever used 'crm cluster health'
<jamespage> we don't hold crmsh in the UCA, so I'm not surprised that made no difference
<ahasenack> jamespage: ok, thanks
<ahasenack> rbasak: are you aware of known issues doing release upgrades from trusty to xenial with a mysql server installed?
<nacc> iirc, there were a bunch of bugs filed when xenial came out
<nacc> because the config changed dramatically (again, iirc)
<ahasenack> let me paste something
<ahasenack> see if it rings a bell
<ahasenack> https://pastebin.ubuntu.com/p/M2RVQdv56P/
<ahasenack> that bit about the version, looks like not all packages were upgraded yet
<ahasenack> there are some apparmor denied messages, but they look like the usual to me, that I have seen in other bugs already
<nacc> ahasenack: trusty has 5.5.60
<nacc> ahasenack: and precise as 5.5.54
<nacc> ahasenack: i guess maybe the upgraded at some point in the past? dunno, hard to say
<nacc> i *think* that's the postinst from mysql-server?
<nacc> ahasenack: which implies that it didn't stop the old one?
<nacc> stop/remove
<tomreyn> 5.5 to 5.7 involves innodb + utf-8 collation by default (for new DBs), and strict mode on by default, IIRC.
<ahasenack> yeah, something like that
<nacc> ahasenack: it feels faimilar, but i'm not 100%, i tihnk you'd need rbasak
<rbasak> I've not seen that before
<rbasak> The postinst is running mysql_upgrade as expected, but the server daemon appears not to have restarted
<rbasak> "start: Job is already running: mysql"
<rbasak> Did it fail to stop previously?
<rbasak> Need reproduction steps I think. Given I've not seen it before, I'd want to rule out user misconfiguration first.
<nacc> ahasenack: fwiw, per publishing history of mysql-5.5, that version was superseded in trusty around april 2017
<nacc> actually january!@
<nacc> so i'd be likely to suspect pebkac
<ahasenack> yeah, I got 5.5.60 when I created my test container
<rbasak> Some customisation of the service locally perhaps, which prevents the maintainer scripts from being able to affect it.
<ahasenack> rbasak: I don't see any messages about stopping mysql, or restarting
<rbasak> I'd expect that to be earlier in the log
<ahasenack> there is this, though
<ahasenack> 180723 11:46:14 [ERROR] /usr/sbin/mysqld: Table './asterisk/freepbx_settings' is marked as crashed and should be repaired
<ahasenack> 180723 11:46:14 [Warning] Checking table:   './asterisk/freepbx_settings'
<rbasak> At least to see that the preinst i running, et
<ahasenack> don't know if that was just before the upgrade, or during
<ahasenack> https://launchpadlibrarian.net/379751877/DpkgTerminalLog.txt dpkg terminal log
<rbasak> I think it's fine to mark as Incomplete with our standard template.
<rbasak> If the user thinks it's a bug, they can provide reproduction steps
<ahasenack> that's usually hard with release-upgrade bugs
<rbasak> lxd helps with that
<ahasenack> "Restart services during package upgrades without asking?" <-- I wonder what he answered
<rbasak> I think that relates only to libc6. Not sure though.
<rbasak> (as in libc6's maintainer scripts)
<ahasenack> oops
<v0lksman> hello all! installing apache2 on 18.04 but it seems I
<v0lksman> 'm missing something cause php7 doesn't want to execute when hitting index.php
<v0lksman> any hints?  seems apache2 comes pretty bare bones now and you have to manually enable all the mods
<v0lksman> ahh poop....libapache2-mod-php...thought that was already in
<tomreyn> neither is php only a web scripting language nor can apache httpd be only used with php (and scripting/programming language enabling modules are generally not part of the apache httpd core), so no, it's not.
<sarnold> v0lksman: did you a2enmod php or whatever?
<v0lksman> I was just missing the mod...thought I had already installed it
<nacc> v0lksman: it depends on the version of ubuntu you're on, but on 18.04 it should do what you said
<DammitJim> is there such a thing as a tomcat repo for ubuntu 18.04 ?
<nacc> DammitJim: probalby a ppa
<DammitJim> I've been googling but can't find one
<DammitJim> all the tutorials I see online now use wget to download the gz
<sarnold> if you're going to that much trouble you might as well maintain the one inthe archive :)
<DammitJim> which trouble and what archive?
<nacc> !info tomcat8
<ubottu> tomcat8 (source: tomcat8): Apache Tomcat 8 - Servlet and JSP engine. In component universe, is optional. Version 8.5.30-1ubuntu1.2 (bionic), package size 43 kB, installed size 314 kB
<DammitJim> I was looking for a ppa... and was trying to make sure I wasn't missing something since I can't find it
<nacc> that one :)
<nacc> archive = Ubuntu archive
<DammitJim> oh, so there is no ppa
<sarnold> dunno, I never looked ;)
<sarnold> there is a package in the archive, but it's commuynity maintained
<nacc> DammitJim: i mean there can be PPAs of archive pacakges
<nacc> !ppa
<ubottu> A Personal Package Archive (PPA) can provide alternate software not normally available in the offical Ubuntu repositories - Looking for a PPA? See https://launchpad.net/ubuntu/+ppas - WARNING: PPAs are unsupported third-party packages, and you use them at your own risk. See also !addppa and !ppa-purge
<sarnold> which might mean, in practice, no one maintains it.
<nacc> you can search there --^
<sarnold> and if you have to build one yourself, it'd probably be less effort to maintain the one inthe archive, and let everyone benefit from your work :)
<tomreyn> DammitJim: so why are yuo looking for a ppa? is the version in ubuntu too old / new for your needs?
<DammitJim> actually, you guys are right... man, the mind can screw you up if you don't learn how to control it
<DammitJim> I have been googling how to install tomcat on ubuntu 18 and all I find are tutorials to install from source
<DammitJim> I assumed that there is no way to say: apt-get install tomcat
<DammitJim> whoa
<tomreyn> you can even choose from major upstream versions
<genii> !info tomcat 9
<ubottu> '9' is not a valid distribution: artful, artful-backports, artful-proposed, bionic, bionic-backports, bionic-proposed, cosmic, cosmic-backports, cosmic-proposed, kubuntu-backports, kubuntu-experimental, kubuntu-updates, partner, precise, precise-backports, precise-proposed, stable, testing, trusty, trusty-backports, trusty-proposed, unstable, utopic, utopic-backports, utopic-proposed, vivid, vivid-backports, vivid-proposed, wily, wily-backports, wi
<genii> !info tomcat9
<ubottu> Package tomcat9 does not exist in bionic
<genii> OK so 8 and 7 still currently
<DammitJim> I think it's 8.5
<DammitJim> https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1712645
<ubottu> Launchpad bug 1662654 in tomcat8 (Ubuntu) "duplicate for #1712645 Please remove resteasy (3.1.0) from zesty-proposed" [Undecided,Fix released]
<DammitJim> weird
<DammitJim> tomcat 8 is end of life
<DammitJim> oh, interesting.. the package is called tomcat8, but it's acually 8.5.30
<ScottE> Tomcat 8.0 and 8.5 are not completely compatible, either - just to make things more fun
 * RoyK thinks tomcat and other java stuff should be left untouched
<DammitJim> RoyK, I'm with you; however, I'm forced to touch it since our company uses it... it's truly a mess... to keep Ubuntu Version + Tomcat Version + Java Version + Grails Version compatible and supported (not EOL)
<ScottE> If that's not all bad enough, soon to use Java in a production environment will require either using openjdk or paying oracle for a commercial license.
<teward> state your source?
<DammitJim> +1 teward
<ScottE> http://www.oracle.com/technetwork/java/eol-135779.html - "Beginning with Oracle Java SE 11 (18.9 LTS), the Oracle JDK will continue to be available royalty-free for development, testing, prototyping or demonstrating purposes."
<RoyK> DammitJim: my condolences
<DammitJim> lol
<DammitJim> ty
#ubuntu-server 2018-07-25
<Fizzik> Hello I am using openvpn server. Everytime my server restarts it seems I have to enable then disable the ufw in order to pass traffic. I have it set to disabled on boot. I then have to enable then disable again. It will not pass traffic till that disable
<tomreyn> Fizzik: i'm not sure whether it would do this, but a good thing a application like this would do is to block any newly emerging interfaces (like a tun/tap) until you whitelisted them. maybe that's what's happening? this is a very rough guess.
<Olivier[m]> Good morning
<whislock> Fizzik: Fix your OpenVPN issue? If not, I can take a look.
<whislock> tomreyn: And no, ufw doesnt function in this way.
<coreycb> jamespage: i'm dropping neutron-fwaas.json from vmware-nsx since neutron-fwaas installs it already. that'll fix up the dep8 failure.
<andirc5089> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<andirc5089> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<andirc5089> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<andirc5089> Voice your opinions at https://webchat.freenode.net/?channels=#freenode
<drot|> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<drot|> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<drot|> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<drot|> Voice your opinions at https://webchat.freenode.net/?channels=#freenode
<blackflow> if anything, this repeated trolling is doing the OPPOSITE.
<blackflow> it clearly shows trolling. nobody cares, just be gone.
<whislock> I suspect it's all a botnet or something.
<blackflow> whislock: THAT or someone has a LOT of free time on their hands. :)
<HarryS|> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<HarryS|> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<HarryS|> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<HarryS|> Voice your opinions at https://webchat.freenode.net/?channels=#freenode
<LadyElusive|> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<LadyElusive|> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<LadyElusive|> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<LadyElusive|> Voice your opinions at https://webchat.freenode.net/?channels=#freenode
<NyanCat_> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<NyanCat_> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<NyanCat_> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<NyanCat_> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<NyanCat_> This message was brought to you by Private Internet Access
<rud0lf6> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<rud0lf6> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<rud0lf6> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<rxy_26> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<rxy_26> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<rud0lf6> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<rud0lf6> This message was brought to you by Private Internet Access
<rxy_26> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<rxy_26> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<rxy_26> This message was brought to you by Private Internet Access
<Raccoon8> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<Raccoon8> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<Raccoon8> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<Raccoon8> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<Raccoon8> This message was brought to you by Private Internet Access
<orliesaurus25> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<orliesaurus25> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<orliesaurus25> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<orliesaurus25> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<orliesaurus25> This message was brought to you by Private Internet Access
<Levex12> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<Levex12> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<Levex12> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<Levex12> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<Levex12> This message was brought to you by Private Internet Access
<matze6> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<matze6> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<matze6> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<matze6> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<matze6> This message was brought to you by Private Internet Access
<diz26> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<diz26> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<diz26> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<diz26> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<diz26> This message was brought to you by Private Internet Access
<tomreyn> how would you setup and manage networking on a single KVM based HV (no HA) with an IPv4 /28 and IPv6 /64 which you'll manage via CLI (libvirt-bin or similar) only?
<compdoc> I like to use a dedicated nic when possible, and create a bridge for it so the guests can attach to it
<tomreyn> compdoc: thanks. but this rules out ip address management by libvirt, right?
<tomreyn> other than that it's mya preferred route so far, too.
<compdoc> I dont use libvirt, and dont assign ip addresses that way, but dont see why a bridge would cause problems
<compdoc> I use virsh and virt-manager. I always install a minimal desktop on my servers so I remote
<tomreyn> compdoc: i don't mean to say it causes problems, just means you can't benefit from existing automation and will need to come up with your own for ip address assignment. so you do routing betwee the pyhsical NIC(s) and the bridghe then?
<tomreyn> oh, no, i wont run a desktop there.
<compdoc> I use dhcp or static ip addresses
<compdoc> your guests will be isolated?
<tomreyn> compdoc: isolated from what?
<compdoc> the lan
<tomreyn> most wont share a LAN
<tomreyn> but some might
<tomreyn> can you say which dhcp daemon you'd recommend?
<JanC> virsh & virt-manager are libvirt frontends, so you _do_ use libvirt...
<ChmEarl> JanC, +1
<nacc> compdoc: --^ indeed
<tomreyn> #metooo
<todevil> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<todevil> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<todevil> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<todevil> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<todevil> This message was brought to you by Private Internet Access
<wols> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<wols> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<wols> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<Hobbyboy160> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<Hobbyboy160> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<Hobbyboy160> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<Hobbyboy160> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<Hobbyboy160> This message was brought to you by Private Internet Access
<Welcome> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<npgm> if I have a unit that BindsTo networking, if I restart networking, will it first stop the unit before restarting networking? Thats what I want to happen
<connection> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<connection> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<connection> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<connection> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<connection> This message was brought to you by Private Internet Access
<PuppyKun12> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<PuppyKun12> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<PuppyKun12> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<PuppyKun12> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<PuppyKun12> This message was brought to you by Private Internet Access
<darkengine1027> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<darkengine1027> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<darkengine1027> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<darkengine1027> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<darkengine1027> This message was brought to you by Private Internet Access
<rando-mang10> hello there. I setup LVM and partitioned my drive already inside a ubuntu liveboot in the terminal+gparted. how would i go about installing the system onto those lvms? or maybe an installer that does it automatically?
<rando-mang10> as well, I don't see the partitions i created on the drive inside the installer.
<rando-mang10> better question might be: what alt-installer do i need to use for full disk encryption? I'm having trouble finding that... http://cdimage.ubuntu.com/releases/18.04/release/
<blackflow> rando-mang10: if you know how to partition stuff like that, why do you need the installer? just use debootstrap, and install ubuntu-server package, + whatever else you might need.
<cloe23> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<cloe23> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<rando-mang10> backflow: thanks for the info. i'll check it out
<martyn_h> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<compdoc> u da devil
<nickoe2> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<nickoe2> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<nickoe2> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<ynyounuo8> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<ynyounuo8> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<ynyounuo8> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<nickoe2> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<bleepy2> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<bleepy2> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<bleepy2> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<ynyounuo8> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<nickoe2> This message was brought to you by Private Internet Access
<bleepy2> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<ynyounuo8> This message was brought to you by Private Internet Access
<bleepy2> This message was brought to you by Private Internet Access
<Peetz0r24> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<Peetz0r24> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<Peetz0r24> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<Peetz0r24> <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
<Peetz0r24> This message was brought to you by Private Internet Access
<Looking> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<Looking> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<RoyK> spam alert!
<RoyK> {Looking,Peetz0r24,bleepy2,nickoe2} posted this 'Hey, I thought you guys might be interested in this blog by freenode staff member Bryanâ¦'
<DalekSec> RoyK: Don't repeat spam, you risk getting hit by antispam easures.
<RoyK> DalekSec: I didn't repeat the url
<nacc> RoyK: also, everyone knows about the spam... it's been going on all day :)
<rando-mang10> if I were to install regular 18.04 ubuntu onto my server, is it possible to just edit the sources.list to point to the Ubuntu Server repo's and that work okay or no?
<RoyK> nacc: it'd be nice to have some filter to stop these repetetive messages, though
<nacc> RoyK: ok
<RoyK> rando-mang10: what are you running now?
<nacc> rando-mang10: ... server and desktop are package sets, not different repositories.
<rando-mang10> RoyK: nothing at the moment.
<DalekSec> RoyK: FWIW, if you use Irssi, you can use trigger.pl to ignore by message.
<RoyK> DalekSec: normally it's not a big issue
<RoyK> rando-mang10: then what do you want to run?
<rando-mang10> RoyK: postfix, dovecot
<RoyK> just install the regular server and the rest
<RoyK> should work well
<rando-mang10> RoyK: right, but it doesn't support encryption in the installer
<RoyK> why do you need encryption?
<rando-mang10> I've actually partitioned my drive and setup LVM with two LV's: boot and root (essentially)
<rando-mang10> To protect my data
<RoyK> if the filesystems are mounted, they're available to anyone with onlone access anyway
<nacc> rando-mang10: why did you partition your disk outside of the installer?
<RoyK> no need for a separate boot anymore
<rando-mang10> nacc: I started off with the installer, but then found no options for disk encryption
<nacc> rando-mang10: in which installer?
<rando-mang10> nacc: the regular ubuntu server installer. used an ubuntu desktop liveboot usb to partition
<rando-mang10> I've read that you have to use an alternate installer, but I couldn't find that anywhere. That's why I went down a rabbit hole xD
<rando-mang10> RoyK: online access is one thing, but if the physical drives were taken it'd be paramount for me to protect that data.
<nacc> rando-mang10: yes, use the alternate installer
<nacc> rando-mang10: it's in the same place as the regular server installer, iirc
<rando-mang10> nacc: whaaaaat
<rando-mang10> nacc: i gotta check this out HAHAHAHA
<nacc> at least, afaik
<rando-mang10> nacc: which link would it be? the first is the usual installer, while the other 3 are not mentioned with LVM, etc
<rando-mang10> http://cdimage.ubuntu.com/releases/18.04/release/
<nacc> rando-mang10: iirc, if your iso has the word 'live' in it, it's the new installer, if it doesn't it's the old installer
<Nizumzen> does anyone know what time today Ubuntu 18.04.1 is going to be released?
<rando-mang10> nacc: hmm. no luck finding it. no iso's with 'live' or mention of LVM. maybe the ubuntu server installer just doesn't support it :o
<nacc> rando-mang10: which iso did you use?
<nacc> http://cdimages.ubuntu.com/ubuntu/releases/bionic/release/ is the 'alternate', afaict; and http://releases.ubuntu.com/bionic/ is the new
<nacc> the latter is the 'default' choice
<sushichef18> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<rando-mang10> nacc: oh derp! i just checked my downloads folder and the one i'm using is 'live.' i'll try the non-live.
<nacc> rando-mang10: :)
<rando-mang10> nacc: appreciate it! :D
<rando-mang10> nacc: totally know a lot more about partitioning and LVM now tho :)
<nacc> rando-mang10: heh
#ubuntu-server 2018-07-26
<blackflow> Nizumzen: you should be able to upgrade already.
<Nizumzen> awesome thanks - been waiting for this so I can upgrade my 16.04 servers
<blackflow> Nizumzen: test it thoroughly, there are some significant changes.
<Nizumzen> hmm I guess I could spin up a clone VPS to test
<blackflow> why guess, that should be, like, the first thing you do. unless those servers aren't really important? ;)
<Nizumzen> normally I just take a full system backup - do the upgrade and roll back if there any problems
<Nizumzen> an hour or so downtime is acceptable
<drakythe3> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<drakythe3> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<drakythe3> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<A_D9> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<A_D9> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<moonlight22> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<No14> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<No14> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<No14> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<MillerBoss17> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<IntPtr14> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<IntPtr14> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<IntPtr14> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<Guest55025> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<Yes_ma`am10> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<zgrepc15> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<zgrepc15> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<CGML28> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<CGML28> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<steveeJ18> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<steveeJ18> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<limbo24> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<CC6617> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<WikiPuppies2> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<bambams24> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<yaymuffins2> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<weaksauce17> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<SuperSeriousCat1> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<SuperSeriousCat1> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<averell15> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<averell15> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<kaniini_> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<kaniini_> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<ZLSA21> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<ZLSA21> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<bobe10> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<alphor6> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<precise2> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<precise2> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<deltam20> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<ollien29> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<Freejack23> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<MalReynolds15> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<zul> icey/tinwood: mind +2ing https://review.openstack.org/#/c/584352/
<Nakato27> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<tinwood> zul, yup, that looks great.  doing it now.
<zul> thanks
<pztrick> was discussing `do-release-upgrade` for 18.04.1 LTS in #ubuntu channel, evidently not working as yet because there is no record for the LTS release at this URL: http://changelogs.ubuntu.com/meta-release-lts
<sarnold> aye, that'll happen probably after 18.04.1 is released
<sarnold> I can't promise when
<pztrick> OK! I saw ISOs were available for .1 release so was eager to upgrade a running server
<arooni> so 22 packages can be updated. .. i see that on my server;  i think i set up security updates but is there a reason i wouldnt want normal updates auto installed
<arooni> 16.04
<nacc> arooni: depends on how much you trust the ubuntu devlopers
<Ussat> I always update my servers, not just security, but I also have test systems I do first
<arooni> thats how i should be doing it
<Ussat> I actually have a script I use to update my systems, that covers everuthing
<arooni> what up with this : some packages held back
<Ussat> I have scheduled downtimes, week1, test, 2 weeks later prod
<nacc> arooni: you need to use a dist-upgrade/full-upgrade; some packages need to be removed presumably for the upgrade to proceed.
<arooni> i always thought doing that upgraded me to next version of ubunt
<arooni> u
<Ussat> this is my upgrade script for 16.06
<Ussat> sudo apt install -y byobu
<Ussat> sudo purge-old-kernels -y --keep 2
<Ussat> sudo apt-get -y autoremove --purge
<Ussat> sudo apt-get update
<Ussat> sudo apt-get upgrade
<arooni> thats useful
<whislock> arooni: man apt explains what full-upgrade does.
<arooni> i need to make a git repo for scripts like that
<Ussat> when I migrate my 16.04's to 18.04, it will chamge
<nacc> arooni: it never has, tbh
#ubuntu-server 2018-07-27
<berglh> anyone noticed a delay with "bringing up network interfaces" in 18.04 after upgrading a 17.10 install?
<berglh> i've been noticing it take around ~5 mintues to get past this boot initialisation process
<sarnold> which kernel are you on?
<sarnold> I wonder if you hit the issue fixed in this USN https://usn.ubuntu.com/3718-1/
<berglh> 4.15.0-29-generic #31-Ubuntu SMP
<berglh> looks like i'm up to date
<berglh> so.. i had always configured my interfaces with /etc/network/interfaces
<berglh> it's looking like this has changed to netplan ?
<berglh> i think i'm fighting a few problems; my system has been entering a weird state overnight
<berglh> https://paste.ubuntu.com/p/Hq7yjqgxt5/
<berglh> really weird behaivour; not sure why it's doing this shutdown/reboot
<berglh> no errors in syslog before hand
<berglh> i'm suspecting a potential problem with the PSU or simialr
<berglh> https://paste.ubuntu.com/p/scfKrQTg33/ That's the networking.service failure
<berglh> one the machine boots; netowrk is working fine
<sarnold> berglh: could you file a bug against netplan.io for that? I haven't got a clue :(
<havenstance> berglh: have you noticed it shutting down/rebooting at the same time every night?
<havenstance> or similar times maybe?
<havenstance> cuz you might be on the right track, you could be having a PSU issue, however it seems if that were the case, it would do irregular things at various times not really able to be predicted.
<berglh> havenstance: no, it's different
<berglh> but it's in the morning
<berglh> i.e. as the temperature is cooling
<havenstance> then runs fine the rest of the day?
<berglh> yes
<havenstance> now that's odd
<havenstance> even for a PSU going out but it's not farfetched, I've seen them make systems do some really strange things
<havenstance> but this started immediately after the update?
<berglh> i'm going to take the PSU out over the weekend and check teh caps
<havenstance> the thing to look at is was it doing it before the update or not
<berglh> i can't mention on the raising the interface bug
<berglh> because it's a headless server
<berglh> i only attached the display when i noticed it wasn't up
<berglh> it's doing dhcp and dns for my network
<berglh> so it's not great when it itsn't working
<havenstance> hm, so you don't really know for sure if it was happening before you updated to 18.04?
<berglh> all i know is that before hand it rebooted a lot faster
<berglh> i.e. i'd applyg a new kernel and restart
<berglh> then it'd be back up quite quickly
<berglh> lately i've noticed it's seeming to take longer
<berglh> i run smartd and scan my drives for errors etc
<berglh> get emails if i'm having storage issues
<havenstance> tbh, I might try a clean install as annoying as that may be, I know people have ran into issues in the past updating from a .10 to a .04 lts release.
<havenstance> before I did that though I would check the PSU as your original plan was
<havenstance> not sure what else to really have you try that others haven't already tbh
<berglh> https://paste.ubuntu.com/p/Y6FyWSjWx8/
<berglh> so that's the interesting thing
<berglh> you'll see it's shutting down services before the kernel starts on the reboot
<wr> on a ubuntu server if i set up some sites, is it possible seeing them via browser?
<sarnold> wr: yes, a huge portion of the internet works exactly that way :)
<wr> sarnold, what about core servers?
<wr> sarnold, on a ubuntu server if i set up some sites, is it possible seeing them via browser on a core server?
<sarnold> wr: do you mean one of these things? https://www.ubuntu.com/core
<sarnold> wr: if so, I'd expect "yes", but you'd either have to find or create a *snap* to do the hosting
<sarnold> ah here we are, the snap store https://snapcraft.io/store
<wr> sarnold, in this case http://releases.ubuntu.com/16.04.4/ubuntu-16.04.4-server-amd64.iso after install dont have a browser or GUI, so i need a GUI to see sites? right?
<sarnold> wr: I use w3m all the time, no gui required.. but .. most people would indeed rather use a gui web browser
<wr> sarnold, i mean if this is the only way or there are some alternatives
<sarnold> wr: what exactly are you trying to do?
<wr> sarnold, i had a work here to do but it says to use a ubuntu server 16.4.4 but my teacher told to open sites and some use ssl etc
<sarnold> wr: aha, I think I understand better
<sarnold> wr: you can certainly start from the ubuntu-server iso and add packages with apt-get install to get to a functioning desktop computer
<sarnold> but you might be better served to start with one of the desktop images instead, since they'll have selected a bunch of packages useful on desktops
<wr> sarnold, im in doubt if he did any mistake, because at start we used a regular ubuntu then this work asks for a server
<sarnold> wr: you can always install the server software on desktop, that works great. the only slight oddity is that "servers" don't normally use network-manager, but that's the most convenient way to use desktops and laptops..
<wr> sarnold, yes i know, but only way is to add a GUI right?
<sarnold> sure, if you want; apt-get install ubuntu-desktop     would get you most of the way there
<wr> sarnold, what i mean is that nobody tests sites on a ubuntu server core via browser i guess
<sarnold> wr: I don't know about "nobody"
<sarnold> but it's surely more common to have two computers or a computer and a VM instance somewhere
<sarnold> wr: it's time for me to bail.. I hope you have fun :)
<wr> sarnold, basically i have apache2 php libapache2-mod-php
<wr> sarnold, normally how do you test installed sites on this iso?
<sarnold> like normal..
<sarnold> firefox https://whatever/
<sarnold> w3m https://whatever/
<wr> sarnold, but gotta have a GUI right?
<sarnold> wr: no
<sarnold> w3m doesn't require a gui
<sarnold> try it, w3m https://www.google.com
<wr> sarnold, from shell i just firefox &
<wr> sarnold, w3m i know it works, and links etc
<sarnold> there ya go :D no gui required
<wr> but if it is firefox
<wr> sarnold, on ff gotta have GUI?
<Haris> hello all
<Haris> guys, is there a way to make ruid2 work with apache on 14.x ?
<Haris> DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"
<sixsix> I'm trying to install 18.04 on a bios (non-uefi) system. It installs just fine, creates a 1mb bios_boot partition, and the rest of the FS. The problem is, the disk will not boot - the system insists the disk is not bootable
<sixsix> even if I boot from the installed and tell it to 'boot first disk' it won't boot
<sixsix> s/installed/installer
<sdeziel> sixsix: are you able to use the live environment to inspect the not bootable drive?
<sdeziel> sixsix: if yes, I'd be curious to see the output of "fdisk -l /dev/sda" (assuming the drive is sda)
<sixsix> I can use the installer's live environment, it addresses disks by /dev/disk/by-<whatever>/ etc - I don't have a console I can easily copy/paste on it but effectively it creates 2 partitions
<sixsix> the first is 1mb and type is Bios boot
<sixsix> the 2nd is the remaining disk and is type Linux Filesystem
<sixsix> actually, I can copy/paste
<blackflow> sixsix: you can pipe output of commands to termbin.com if you have network tehre.    eg, fdisk -l /dev/sda | nc termbin.com 9999   then paste here the URL you get
<blackflow> so first question is, are you 100% sure that's a BIOS (legacy) boot and not EFI?
<sixsix> /dev/disk/by-id/ata-ST3500418AS_5VM7J0XC-part1 2048 4095 2048 1M BIOS boot
<sixsix> /dev/disk/by-id/ata-ST3500418AS_5VM7J0XC-part2 4096 976771071 976766976 465.8G Linux filesystem
<sixsix> quite certain - checking the dmesg on the usb installer has no mention of efi
<sixsix> it's an intel 965 chipset
<blackflow> and you're sure the correct drive is selected for boot?
<sixsix> it's the only drive in the system
<blackflow> can you confirm the partitioning is GPT?
<sixsix> parted says it is
<sixsix> oh and fdisk which says Disklabel type: gpt
<blackflow> sixsix: and this was installed by ubuntu installer?
<sixsix> yes, default 'use entire disk' option on the new 18.04 server installer
<Olivier[m]> The output of `sudo parted /dev/sda print` may help here.
<blackflow> sixsix: do you know how to chroot into installed root? Wanted to suggest you try re-run   grub-install /dev/sda      -- assuming it's /dev/sda   , from the chroot of installed root.
<sixsix> I can chroot in to the 2nd partition, but /dev isn't mounted when I do as that's not what booted
<sixsix> parted's output is: https://gist.github.com/iamsix/178a4c584610c7bbb82a4f492d3fea17
<Olivier[m]> sixsix: You need to rbind that mount `sudo mount -rbind /dev/ /<path-to-chroot>/dev`.
<Olivier[m]> Same for `/sys`
<blackflow> sixsix: so you don't know how to chroot. :)   you have to bind mount some dirs from the "host" side.    assuming you've mounted the installed root to /mnt    =>    mount -t proc proc /mnt/proc ; mount -R /dev /mnt/dev ; mount -R /sys /mnt/sys
<blackflow> then you can     chroot /mnt
<sixsix> ok, grub install seems to have worked
<sixsix> let's see if it will boot that though...
<sixsix> npoe, still no bootable device found :/
<blackflow> sixsix: how old is that machine?
<sixsix> board is from around 2008 as far as I can find
<blackflow> Well, yeah. I'm thinking that machine is so old, it has no idea how to boot from GPT
<sixsix> I figured as much too.. I'm not sure why the installer would have installed it with gpt though
<sixsix> and the default usb installer boots perfectly (just dd the iso to a usb key) but it looks like that uses some kind of active MBR partition
<blackflow> sixsix: perhaps you can pre-partition the disk from the live env using MBR based table, and then the installer might be able to re-use thos partitions. or you can debootstrap the installation for fully manual installation.    I don't see in the new subiquity menus where to select GPT vs MBR, so I don't know what else to suggest.
<Yoyoyoooo> Hi, I know this channel isn't about LTSP, however I am trying to set up LTSP on Ubuntu Server 18.04, however I am struggling to find support anywhere, your "more reliable" wiki is no longer maintained and just points me to the LTSP wiki for instructions on how to install LTSP onto Ubuntu 18.04, however, despite LTSP claiming their guide is more stable, I've found it more troublesome than it's worth, especially considering I'
<Yoyoyoooo> "Connection Refused" from nbd-client on the thin clients and then dropped to a BusyBox shell. I really don't know what to do, and don't know how to explain what I've tried as I am struggling to understand the architecture.
<sdeziel> Yoyoyoooo: I don't know nbd-client much but if you get a connection refused message it could indicate that there is no server listening at the destination
<Haris> I think I have mor ruid2 for apache working on another 14.x install. Why is it not working her e?
<sdeziel> Yoyoyoooo: on the server end, could you try running "sudo ss -nltp" and pastebin the output?
<Haris> Do the desktop and server version(s) have different maintainer(s) for mod ruid2 for apache2 ?
<sdeziel> Haris: I'd say no
<Haris> mod ruid2 is not working on one 14.x install
<blackflow> Haris: define "not working"?
<Haris> when code writes file to disk, it doesn't get ownership of the u/g its process should be running as
<blackflow> Haris: are you sure the config is correct? Maybe that question is better suited to #apache. Have you consulted the documentation? https://github.com/mind04/mod-ruid2
<Haris> yes, my config is standard, working normally on other distributions(s) as well
<blackflow> Haris: pastebin it please?
<Haris> will do
<Haris> is php 7.2 available on xenial ?
<Haris> for production
<blackflow> Haris: there's a PPA, with all the caveats of that.   https://launchpad.net/~ondrej/+archive/ubuntu/php
<Haris> https://pastebin.com/raw/EfrS59j0
<Haris> this is for mod ruid2 issue
<RoyK> blackflow: PPAs for production? ;)
<Haris> PPAs are going into produciton all over the world. nothing new about it
<Haris> guys, any feedback on the paste for mod ruid2 ?
<ahasenack> never heard of this module before, sorry
<Haris> its a mod to make sure the apache2 process serving a runs with the ownership + perms of that u/g
<Haris> %s/serving a runs/serving requests runs/
<Haris> with this I can segregate each vhost with a separate u/g on a linux machine
<Haris> %s/with/using/
<Haris> https://pastebin.com/raw/gvC1hZBg
<Haris> fresh paste
<Haris> does apache2 mod ruid2 work on 14.x ?
<Haris> its not working for me
<Haris> guys, anyone around at this hour
<Ussat> I dont see any reason it would not, its more an apache thing than Ubuntu thing
<Haris> but its not working on this one instance of 14.x
<Haris> file being saved from php code is getting saved with root privileges
<yeats> Haris: nothing in the apache2 logs about it?
<Haris> nope
<yeats> I've never used that mod, but you might do better asking in an apache channel/forum (or contacting the devs? https://github.com/mind04/mod-ruid2).  Project looks dead to me though.
<ahasenack> when a bug is filed against a package in xenial, for example. We verify it's indeed a bug there, but it's fixed already in later releases
<ahasenack> should we mark the main task as fix released, and add a task for xenial? Or only do the later if we are committing to an sru?
<rbasak> IMHO, add a task for Xenial if it's a verified bug (ie. can be Triaged).
<rbasak> If not committing to an SRU, that can be made clear in a comment. If definitely refusing an SRU, it can always be changed to Won't Fix.
<rbasak> I'm also in favour of setting Won't Fix even if it's just "for now" to set user expectations. The nuances can be made clear in a comment.
<ahasenack> turns out bionic and cosmic are also affected by this bug I'm triaging, I though they would not be. But the question was worth it
<ahasenack> thought*
<mmerlone> Hi, greetings from Brazil!
<ahasenack> hi mmerlone, bom dia
<mmerlone> Is there something wrong with ubuntu repos? I am unable to apt install ntp traceroute, "No candidate version found for traceroute"
<mmerlone> Tryied http://br.archive.ubuntu.com/ubuntu and http://archive.ubuntu.com/ubuntu
<ahasenack> mmerlone: I had trouble with that mirror yesterday and removed it for the time being
<ahasenack> the br one, I mean
<ahasenack> the main one (archive.u.c) should be fine
<mmerlone> just tryied "us.archive.ubuntu.com and got the same
<ahasenack> mmerlone: that bein said, traceroute is in universe
<ahasenack> mmerlone: maybe you don't have universe enabled in your /etc/apt/sources.list?
<mmerlone> I did
<mmerlone> OOpps
<ahasenack> and did "apt update" succeed before that?
<mmerlone> just got the latest 18.04.1 iso, seems is a little different
<ahasenack> did you use the new installer?
<ahasenack> if yes, it sounds like https://bugs.launchpad.net/subiquity/+bug/1783129
<ubottu> Launchpad bug 1783129 in subiquity "Only "main" component enabled after install" [High,Confirmed]
<mmerlone> http://pasted.co/4f2881b4
<mmerlone> yes, new installer
<ahasenack> ok, so it's the bug I linked above
<sdeziel> mmerlone: I like mtr-tiny as traceroute client personally, it's in main :)
<ahasenack> feel free to click on "Does this bug affect you?" bit there :)
<mmerlone> just did. Will get sources.list from another server
<mmerlone> ahasenack: thank you!
<ahasenack> mmerlone: sorry about the bug, at least it's easy to fix
<ahasenack> or rather, easy to apply a fix
<ahasenack> rbasak: do you remember if protobuf-c was ever discussed for a MIR?
<nacc> ahasenack: LP: #801735
<ubottu> Launchpad bug 801735 in protobuf-c (Ubuntu) "[MIR] protobuf-c" [Undecided,Fix released] https://launchpad.net/bugs/801735
<nacc> :)
<Ussat> 18.04.1 out ?
<ahasenack> hm, I searched
<nacc> ahasenack: you have to advanced search -> change the states
<nacc> !isitoutyet
<ubottu> Yes, it's out! Party in #ubuntu-release-party :)
<nacc> Ussat: -^ :)
<nacc> Ussat: not sure if the ISOs are spun
<ahasenack> but it's in universe right now
<ahasenack> I guess whatever required it is no longer there, and it was demoted?
<ahasenack> collectd perhaps, which was the motivation for that particular mir back then
<nacc> it was in main in oneiric, then in universe in oneiric
<nacc> (per publishing history)
<nacc> https://launchpad.net/ubuntu/+source/protobuf-c/0.14-1build1
<nacc> same srcpkg/version, too
<ahasenack> it briefly touched main
<ahasenack> well, that is making the bind9 delta grow now
<ahasenack> yet another build-depends we have to drop because it's in universe
<Ussat> nacc, I am more interested in testing a 16 --> 18 upgrade
<oerheks> yes, the server isos are published http://torrent.ubuntu.com:6969/
<nacc> Ussat: ah yes, then you should be fine
<nacc> Ussat: i'm not sure if the upgrade path is 'enabled' or not yet
<Ussat> nacc, ya will wait on that
<Ussat> I have 6 test systems with apps on em primed and ready
<dpb1> popey: is there a discourse bot that could echo new posts into here?
<popey> I'm not aware of one
<popey> you could use rss? https://discourse.ubuntu.com/c/server.rss
<dpb1> hm
<popey> dunno if there's a generic rss to irc bot (probably is, the venn diagram of "people who use irc" and "people who use rss" probably overlaps closely) :)
<dpb1> yes, gotta think so
<dpb1> https://github.com/meigrafd/feedie
<popey> i can take a look next week
<popey> but feel free to ping if you need help setting something up
<dpb1> thanks, I might play around with it
<popey> (I imagine you don't need my help to spin up a mini aws and put that code on though) :D
<dpb1> heh
<popey> have a great weekend
<popey> o/
<dpb1> cya
<beowuff> Woah... The 18.04.1 /etc/apt/sources.list is almost empty!
<beowuff> Oh, I see the bug linked above.
<Ussat> Gonna be updating a few 18 test servers tomorrow I think, and a few 16->18 tests soon(ish)
<tomreyn> then i'll do it after 'soon(ish)' ;)
<Ussat> so shoult a dist-upgrade get get to to latest 18.04.1 ?
<Ussat> should
<ahasenack> if you are on 18.04, yes
<Ussat> ok, gonne do a test run on personal VM
<Ussat> thanks
<saint_> hi - can someone tell me what are the requirements to instsall openstack using conjure , regarding web server ? I followed the documentation at https://www.ubuntu.com/download/cloud/try-openstack but it looks like conjure does not intall a web server ..
<sarnold> saint_: conjure-up is normally used for *complicated* installations, like openstack or kubernetes; the kinds of things that require a dozen different interacting services on dozens or thousands of computers..
<sarnold> saint_: if you just want to automate creating a webserver VM instance on an openstack cloud, juju might be a better fit for that
<saint_> sarnold i used conjure to actually install openstack
<saint_> it s just that now open stack GUI is using Horizon on a web server, and I thought conjure-up would have installed it (the web server)
<sarnold> saint_: aha!
<sarnold> saint_: yes, I'd expect a horizon somewhere on a brand new cloud..
<saint_> and i tried to install apache , but it is still not working . i guess i have to install apache first, horizon, then open stack ?
<sarnold> I *really* hope not
<sarnold> that would not be convenient
<saint_> i tried 2 times just in case i screwed up. and every time there is no WWW server installed..
<sarnold> the guide here suggests that it should just be accessible at http://some.ip.address/horizon https://www.ubuntu.com/download/cloud/try-openstack
<saint_> that s the guide i followed.
<saint_> and it is not accessible, since there is no www server installed
<sarnold> did you install it into lxd instances on your machine? or multiple machines? or a public cloud..?
<saint_> ldx on the same machine
<saint_> i m just trying it out for now
<nacc> then wouldn't it be one of the lxd's IPs?
<sarnold> saint_: does lxd list show you the new lxd guests?
<sarnold> does it show any issues?
<saint_> no issue
<sarnold> does it show an IP address for seomthing that looks like it probably hosts horizon?
<saint_> lxd show the list of vm i have
<saint_> yes, and it is the ip address i am trying to access without success
<saint_> netstat -nap|grep 80 shows that no service is listening on port 80
<nacc> saint_: that's run *in* the horizon lxd?
<saint_> no clue. i am restoring my previous image, and trying again. stand by
<saint_> it s going to take a while actually.
<nacc> saint_: ... you should have a clue
<nacc> as in, you ran that commadn *somewhere*
<nacc> where did you run it? hint, pastebins are helpful for this kind of thing
<saint_> i mean yes. lxc list shows the machines i tried from the cloud
<saint_> but NOT the horizon
<nacc> what?
<nacc> saint_: i feel like that sentence didn't make sense
<nacc> if you don't have a horizon lxd, then I don't know where you ran netstat
<saint_> in the host os (ubuntu itself)
<sarnold> ah!
<nacc> then that weas ... i think, wrong
<nacc> https://tutorials.ubuntu.com/tutorial/install-openstack-with-conjure-up#2
<saint_> i restored my old image . reinstalling now to see what went wrong where ..
<nacc> says at the end it gives you the explicit url
<sarnold> you have to execute the netstat or ss command within the lxd instance that is hosting horizon
<saint_> dang it !
<saint_> i bypassed the last screen !
<nacc> don't know why you'd do that, but ok  :)
<nacc> you can still find it from the lxd containers deployed, i think
<sarnold> lxd list should show the IP address, iirc
<nacc> lxc list, and see if
<saint_> nacc this tutorial is way better than the other one i followed
<saint_> i ll try now.
<nacc> sarnold: lxc, right, not lxd?
<saint_> i mean. now that i restored an old image, it s going to take a while. i ll be back in a little
<saint_> yes, lxc
<nacc> sarnold: just making sure i didn't miss a cli change! :)
<sarnold> nacc: argh. right. I *hate* the 'lxc' command name to use the lxd service. so confusing.
<nacc> sarnold: :)
<nacc> https://github.com/conjure-up/conjure-up/issues/725
<nacc> indicates you can use juju status to find the openstack-dashboard machine id and then that correlates to a lxd ip
<nacc> or even just the unit directly, i guess
<sarnold> nacc: aha, good find. I'm .. saddened, but not shocked, that lxc list doesn't know the purpose of each container :(
<nacc> sarnold: it might name them usefully, but that feels like an implementation detail
<skylite> how can I determine if a package is virtual and how can I find it's non-virtual versions?
<nacc> skylite: iirc, virtual means it's in the provides: line of a package
<nacc> skylite: context?
<skylite> yes
<skylite> The following package(s) are "virtual package" names: pure-ftpd
<skylite> and I cant find which package should be the non-virtual(s)
<skylite> to avoid this
<nacc> skylite: i think you need grep-status (from dctrl-tools) to do it; at least that's one way
<nacc> skylite: wht version of ubuntu?
<nacc> skylite: on 18.04, pure-ftpd is a real pakcage, and afaict, in all releases
<skylite> according to salt it isn't
<skylite> not sure where it gets that
<nacc> skylite: sorry, not sure what salt is in this context
<skylite> saltstack
<skylite> but it does not have a problem with pure-ftpd-common
<nacc> skylite: is that an ubuntu package? `apt-cache policy pure-ftpd` ?
<nacc> skylite: you still haven't said what version of ubuntu, btw
<skylite> sry 18
<nacc> skylite: ok, 18.04?
<nacc> skylite: 18 isn't a version :)
<nacc> !info pure-ftpd bionic
<ubottu> pure-ftpd (source: pure-ftpd): Secure and efficient FTP server. In component universe, is optional. Version 1.0.46-1build1 (bionic), package size 124 kB, installed size 530 kB
<nacc> real, not virtual package --^
<skylite> strange
<nacc> skylite: if you can verify the policy output,  you should be able to see what's going on better
<skylite> policy output?
<nacc> skylite: asked for above, `apt-cache policy pure-ftpd`
<skylite> yes
<nacc> skylite: fyi, https://askubuntu.com/questions/366135/how-to-search-for-packages-that-provides-a-virtual-package may be useful in the future
<skylite> I tried it and it gives back 3 packages for pure-ftpd
<skylite> pure-ftpd-ldap pure-ftpd-mysql and pure-ftpd-postgresql
<skylite> nacc: how is it not a virtual package then?
<nacc> skylite: do you not have universe enabled?
<nacc> skylite: can you pastebin the output?
<skylite> https://pastebin.com/pXGCUBNK
<nacc> skylite: that's your sources.list
<skylite> sorry what did you want
<nacc> skylite: `apt-cache policy pure-ftpd`
<skylite> https://pastebin.com/GL6d4dV6
<nacc> ...
<nacc> that clearly shows it's installable
<nacc> skylite: i feel like you're trolling, maybe?
<skylite> not really
<skylite> if its a virtual package
<skylite> what would be different? is a virtual package not installable?
<nacc> it's *not* virtua.
<nacc> you can install it, as that output shows
<nacc> a virtual package is like a symbol a bunch of packages provide
<nacc> you need to tell apt which provider you wantto use, you can't install a virtual package
<nacc> but pure-ftpd is *not* a virtual package
<skylite> ok it just never says that its a virtual
<skylite> so if it was virtual it should show multiple packages?
<skylite> ah ok
<skylite> so for example
<skylite> apt show awk | grep "not a real package"
<skylite> ok sorry I missed that line
<nacc> skylite: you can't search for virtual packages easily
<nacc> skylite: yes, ok, awk is a virtual package
<nacc> use the link i pasted above, or grep-status to figure out what provides it
<nacc> i'm eod, but you kind of went in a big circle, which is why i said trolling :)
<skylite> it's just wierd that only the virtual packages are identified clearly by apt
<skylite> and the ones are not I just have to know that they are not virtual
<nacc> skylite: i'm not sure why this is a problem in general
<nacc> on 18.04, as well, apt will tell you what provides it
<skylite> maybe its just me then
<nacc> i just tested with awk
<nacc> https://paste.ubuntu.com/p/8hZTxWSyw6/
<nacc> skylite: in any case, i think you should do some more testing/reading, this isn't a general problem for most users, afaict
<nacc> have a nice evening
<skylite> salt mislead me
<skylite> thx:)
<cryptodan> Why do I keep getting this error on ubuntu server 16.04 Jan  6 20:29:15 server kernel: [ 5493.523309] aacraid: Host adapter abort request (4,0,0,0)
<cryptodan> Dell PowerEdge 4600 the error never happened on Ubuntu 14.04
<tomreyn> http://ask.microsemi.com/app/answers/detail/a_id/15357/~/error%3A-aacraid%3A-host-adapter-abort-request
<sarnold> nice find
<cryptodan_mobile> donest work
<tomreyn> but very old, not a good explanation
<cryptodan_mobile> doesnt*
<tomreyn> there is also https://bugzilla.redhat.com/show_bug.cgi?id=1557659
<ubottu> bugzilla.redhat.com bug 1557659 in kernel "aacraid: Host adapter abort request" [Unspecified,New]
<sarnold> dang. that makes me think it'll be kernel bisect time
<tomreyn> sounds like it. also i dont seem to spot the workaround discussed there
<tomreyn> comment 19 i guess
<cryptodan_mobile> im going back to ubuntu 14.04 its obvious there is an issue in newer distros
#ubuntu-server 2018-07-28
<tomreyn> cryptodan_mobile: your system boots, though, right?
<cryptodan_mobile> my system boots but once the drives have activity it hangs then filesystem is corrupt
<tomreyn> hmm ugly
<cryptodan_mobile> and the flush journal systemd service fails
<cryptodan_mobile> reboot and now no boot and the drives are offlined
<tomreyn> can you try to get your firmware version for bios + controller + disks (also disk models)
<tomreyn> not so much for me but for anyone who might be going to triage it
<tomreyn> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1653162 looks related, too
<ubottu> Launchpad bug 1653162 in linux (Ubuntu Xenial) "System won't boot after upgrade to 16.04 with 4.4.0 kernel" [Critical,Incomplete]
<cryptodan_mobile> funny how 4.4 on 14.04 never had this
<tomreyn> this was hwe?
<cryptodan_mobile> and yeah ill get a pic of my bios and firmware and drive info
<cryptodan_mobile> it didnt have hwe in the kernel file name
<tomreyn> 14.04 comes with linux 3.13
<tomreyn> linux 4.4.0 is xenial's default kernel image
<cryptodan_mobile> yup
<tomreyn> so it's unclear how you had linux 4.4 on 15.04
<tomreyn> *14.04
<tomreyn> https://packages.ubuntu.com/trusty/linux-image-generic-lts-xenial would give you 4.4.0 on 14.04 though
<tomreyn> maybe just add "cat /proc/version" and "cat /proc/cmdline"
<cryptodan_mobile> it was available via apt-get
<oerheks> via HWE most likely?
<tomreyn> sure, the linux-image-generic-lts-xenial package would be available via apt
<tomreyn> !hwe
<ubottu> The Ubuntu LTS enablement stacks provide newer kernel and X support for existing LTS releases, see https://wiki.ubuntu.com/Kernel/LTSEnablementStack
<oerheks> hwe-support-status --verbose
<cryptodan_mobile> i cant even login to it via console
<oerheks> boot a live iso and fix the partitions
<tomreyn> oerheks: i dont have this command on 16.04, is this something one has on 14.04?
<oerheks> from https://wiki.ubuntu.com/Kernel/LTSEnablementStack#Check_your_support_status
<tomreyn> cryptodan_mobile: i guess it's best not to touch those disks too much for now if you intend to keep the data
<tomreyn> must be 12.04, file does not exist on trusty https://packages.ubuntu.com/search?searchon=contents&keywords=hwe-support-status&mode=exactfilename&suite=trusty&arch=any
<oerheks> oh, i c
<tomreyn> there is ubuntu-support-status, though
<oerheks> i was hoping it was a smart check, silly me
<tomreyn> ...which gives correct output if you're on 14.04.5
<cryptodan> RAID Firmware: Controller BIOS V2.8-0 [build 6082] Raid BIOS Version: 25704 AIC-7890 Seagate ST3300007LC
<blackflow> RoyK: can it be worse than PHP in production? :)
<null_r3f> I am able to access the web server on an ubuntu server with an IPv4 address. When I look at netstat for listening sockets I see apache listening on â:::80â and the protocol is tcp6. Does that make sense?
<sarnold> null_r3f: what addresses did you configure apache to listen to?
<cryptodan> wouldnt that indicate its listening on all since 0's are removed in IPV6 addressing
<whislock> Yes.
<whislock> [::]:80 is the typical binding notation for ss -l when a process is listening on all interfaces.
<whislock> cryptodan: More to the point, :: is the "unspecified" address in IPv6, similar to 0.0.0.0 in IPv4.
<cryptodan> yes
<cryptodan> the :: means there are 0's there instead of bits
<sarnold> but does :: *also* mean 0.0.0.0?
<cryptodan> yes
<whislock> sarnold: Technically, no.
<sarnold> I recall reading an openbsd rant about how stupid it was that linux did that
<sarnold> or did NOT that
<sarnold> I can't recall
<cryptodan> it does
<sarnold> but I've got a huge list of :::22 and 0.0.0.0:22 and :::80 and 0.0.0.0:80 and on and on on my lapto...
<cryptodan> https://www.tutorialspoint.com/ipv6/ipv6_special_addresses.htm
<whislock> sarnold: Correctly speaking, a process bound to :: is not bound to an IPv4 address space. It may still receive IPv4 traffic due to IPv6-mapped IPv4 addresses.
<whislock> These will appear as ::ffff:x.x.x.x in logs.
<whislock> Functionally, it's a distinction without a difference.
<hashwagon> How much RAM would you suggest I give residential NFS/SMB fileserver for three intermittent users?
<sarnold> depends what those users are doing.. video editing would probably benefit from a lot more than just streaming videos would
<hashwagon> saving text files, documents, lite picture storage.
<sarnold> if that's al lthis machine does I'd wild-guess two to four gigs would suffice
<hashwagon> Thanks
 * cryptodan thinks his server is needing a new motherboard
<cryptodan> thank you all for helping me, but I think my servers motherboard is dead / dying.  It is now doing it in Ubuntu 14.04
<johnlage7> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<X-Seti> spambots... grrr
<X-Seti> I have a number of server related questions. as I have followed a tutorial on how to install the perfect server for 18.04, mysql doesnt stop and apache doesn't even error on .php, not sure what the problem is..
<compdoc> the tutorial was based on 18.04?
<tomreyn> 'perfect server' sounds like a falko timme tutorial
<tomreyn> X-Seti: you should probably discuss which tutorial you're using
<TJ-> Do we have any vagrant ERB template experts about?
<compdoc> you really want to insult them first?
<tomreyn> the vagrant ERB template experts?
<TJ-> There aren't many about; been in the #vagrant channel for hours there's not even a mouse in there!
<tomreyn> maybe they prefer trackballs
<whislock> Or trackpoints, if they're deviants.
<compdoc> my bad, I guess 'vagrant' means something other than a homeless person - lol
<TJ-> compdoc: LoL! just seen how you could misinterpret what I typed
<tomreyn> doh, i didnt get this either
<tomreyn> https://en.wikipedia.org/wiki/Vagrant_(software) is what i was thinking of, and apparently TJ-, too.
<TJ-> I've got a weird issue where the resulting Vagrantfile doesn't expand the template @box_name variable
<TJ-> seems to be no documentation on templating, only a blog article announcing templates for 2.02
<tomreyn> in case it's an ERB temlplate syntax issue, this should be the same as for puppet: https://puppet.com/docs/puppet/latest/lang_template_erb.html
<tomreyn> https://github.com/Shopify/erb-lint
<TJ-> it doesn't seem to be, it just doesn't expand the <%= @box_name %> - just gives an empty string
<TJ-> I stuck a debiug print in there and it reports the value correctly
<tomreyn> that's weird, after all it's a language  (ruby), not application, specific parser, which should handle these templates.
<TJ-> yeah, I've /finally/ solved it. The blog example shows using " config.vm.box = "<%= @box_name %>" " which fails, but removing the @ prefix works. My first dive into Ruby and specifically ERB (Embedded RuBy) and the obtuse cryptic syntax is ridiculous
<TJ-> The template was also failing to 'see' shell env-vars but that seems to be solved now as well... only taken 5 hours  :)
<tomreyn> :-/ not a fun task
<TJ-> no, and it's one of those things where it hits a major issue at every step. Now the network config doesn't appear to be read correctly!
<Tux|> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/
<Tux|> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/
<Tux|> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate
<DWSR> Anyone know if you can use MaaS to deploy VMs to the same machine as is running the rackd?
<DWSR> Hey all, I'm trying to get the Ubuntu cloud images via uvtool on 18.04 as described in the Wiki, but `uvt-simplestreams-libvirt sync` is hanging indefinitely and `uvt-simplestreams-libvirt query arch=amd64` returns nothing. Is this broken on 18.04 or did I miss something?
<cryptodan_mobile> Regarding my server issue. I think I found the culprit a drive that had older firmware then the others
<SlowJimmy> rsync -avcr --filter='- /media/hddrand/backup/home/' /media/hddrand/backup/ /media/targethdd
<SlowJimmy> this is my restoration commmand to bring back my ubuntu server....running ubuntu18.04 is this filter for somereason not working?
<SlowJimmy> because it always copies over all files and folders i exclude with filters
#ubuntu-server 2018-07-29
<havenstance> is there a viable open-source alternative to ntopng other than darkstat that runs on ubuntu-server?
<MartesZibellina> Interested in reasonably priced GLOBAL IRC ADVERTISING? Contact me on twitter https://twitter.com/nenolod or linkedin https://www.linkedin.com/in/nenolod
<whislock> That's a new one.
<allaga> hey
<Bert_2> Hi, we're updating our webworkers from 16.04 to 18.04 and noticed there's a bit of a problem in 18.04 with libcurl. Both libcurl3 and libcurl4 actually supply .so files for libcurl4 (so that's weird for sure), on top of that some packages depends on the 3 package and others on the 4 package, so that leaves it difficult to keep everything installed (php-curl requires 4, shibboleth requires 3)
<Bert_2> So, is that a mistake or what's the idea behind that?
<TJ-> Bert_2: read the changelog for curl (7.58.0-2ubuntu2): "* Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
<TJ->     CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
<TJ->     openssl 1.0 and openssl 1.1.
<Bert_2> TJ-: shouldn't the dependencies of shibboleth (namely libxmltooling7) then have been edited?
<TJ-> Bert_2: I have no idea - the transition to openssl 1.1 has been extremely complicated. Your best source is Marc Deslauriers in #ubuntu-hardened, part of the security team
<TJ-> Bert_2: there should be some discussion of it in the ubuntu-devel mailing list too, from around the start of the 18.04 cycle in October 2017
<TJ-> Bert_2: I think the initial discussion started at https://lists.ubuntu.com/archives/ubuntu-devel/2017-December/040087.html
<Bert_2> TJ-: thx, I've also posted in hardened, let me look at the list now
<TJ-> Yeah, I noticed, but it being Sunday you may need to wait until weekdays to get a reply
<Bert_2> I'm afraid so
<Bert_2> which would mean more downtime than expected because someone accidentally started all webworkers at the same time :/
<Bert_2> We're getting more and more convinced it's just a mistake in the dependencies of libxmltooling and it should just be 4
<TJ-> is it shibboleth-sp2 you're using?
<Bert_2> libapache2-mod-shib2 and the like, yes
<Bert_2> (that includes common and utils of shibboleth-sp2)
<Bert_2> oh, wait, it's more complicated
<Bert_2> libxmltooling does not support the new openssl stuff
<Bert_2> so libcurl3 is the dependency since it's compiled with the older openssl
<Bert_2> but you can't have 3 and 4 installed side by side
<TJ-> Bert_2: according to the upstream wiki "The OpenSAML 2 software has reached its End of Life and is no longer supported." so that might be to do with it https://wiki.shibboleth.net/confluence/display/OpenSAML/XMLTooling-C
<Bert_2> even though that would fix things
<Bert_2> yeah, well I must admit I was really surprised that 18.04 does not feature shib3
<TJ-> It's in Universe so it depends on having an interested maintainer. Generally Ubuntu syncs from Debian at the start of each development cycle
<Bert_2> Yeah, debian is still on the old ssl and uses 2.6.1
<Bert_2> and well, 2.6.1 does make sense with the release schedule
<Bert_2> TJ-: seems like 1 other person also has this issue and the only solution I can only describe as disgusting and shameful: https://depts.washington.edu/bitblog/2018/06/libcurl3-libcurl4-shibboleth-php-curl-ubuntu-18-04/
<TJ-> Bert_2: I've not looked in detail at your scenario but I'm wondering if there's a way to use an LXD container to put the libcurl3/xmltooling in and still be able to call into it (via TCP socket) from the host? That would prevent messing with packaging in any way. Won't work of course if it is all library calls
<Bert_2> Seems like libcurl3 and 4 should both be installable (so no conflict) and then have some packages specifically linked to 3
<Bert_2> TJ-: we wouldn't want to isolate shib, since it integrated into an apache mod
<Bert_2> we can't isolate php and shib from each other but they specifically cause the problem (3 vs4)
<Bert_2> we are following up on https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1776489
<ubottu> Launchpad bug 1776489 in xmltooling (Ubuntu) "libxmltooling7 depends on libcurl3, which has been replaced by libcurl4 in Bionic" [Undecided,Confirmed]
<tempest> Hey anyone know how I could completely purge all custom ACL's set recursively in a directory?
<TJ-> tempest: see "man setfacl"
<TJ-> tempest: "setfacl --recursive --remove-all" I suspect
<mivance> looks like 18.04.1 came out three days ago; are we still in the intermediate period where distribution upgrade isn't yet supported?
<cryptodan_mobile> im sick and tired ubuntu no longer supports my dell poweredge server
<cryptodan_mobile> noting but hassel and quite frusterated
<cryptodan_mobile> its rather frusterating to see aacraid hung error then all of a suddent rjecting i/o due to offline device errors  the drives are all fine and error free and are running perfect and optimly per the raid controller.  only after boot does this issue happen. happens in kernel 4.4 and 4.15 it is frustrating.
<cryptodan_mobile> and now my server wont even boot up properly and will just hang with rejecting i/o errors with fake file system corruption errors.
<cryptodan_mobile> it boots fine 2 times then does this
<TJ-> cryptodan_mobile: is it related to Bug #1770095
<ubottu> bug 1770095 in linux (Ubuntu Cosmic) "Need fix to aacraid driver to prevent panic" [Critical,Fix committed] https://launchpad.net/bugs/1770095
<cryptodan_mobile> and I am quite sure and confident that if any drive was having issues the raid controller would me know if its running in degraded mode and needed replacing.  But that is not the case.  All drives are green and optimal
<cryptodan_mobile> i needs to be fixed faster and new iso's respun to propagate the fix
<cryptodan_mobile> I cant even download and test those kernels onto the machine as it will not boot at all now and this is a 1 day fresh install
<cryptodan_mobile> 14.04 fails and 16.04 fails
<TJ-> cryptodan_mobile: boot from a rescue USB/CDROM with 12.04 on maybe?
<TJ-> cryptodan_mobile: that'd allow you to chroot mount and install additional kernels
<TJ-> cryptodan_mobile: presumably GRUB is fine, its when linux takes over it drops the ball?
<cryptodan_mobile> pe4600 has no usb boot option and for some reason installtion of ubuntu took my cdrom and ide port offline
<cryptodan_mobile> yup it quits mounting all together
<cryptodan_mobile> so if this bug is in newer kernels and effects adaptec raid controllers of all types then there will be a lot of servers not booting
<TJ-> I used to have a PE with similar PERC controller. The issue seems to be with a subset of aacraid hardware
<TJ-> Here's another current Bug #1777586
<ubottu> bug 1777586 in linux (Ubuntu Bionic) "Ubuntu Server 18.04 LTS aacraid error" [High,Confirmed] https://launchpad.net/bugs/1777586
<cryptodan_mobile> add 14.04 and 16.04 to it
<TJ-> that first bug seems to have the fix published in  bionic-proposed
<cryptodan_mobile> it goes back to 4.4 kernel in 14.04
<cryptodan_mobile> bionic has no i386 so i cant run it on my pe4600
<TJ-> what do you mean? there aren't i386 ISOs but there are i386 packages
<cryptodan_mobile> I386 isos on ubuntu 18.04 I only saw 64bit available to download
<TJ-> what about using an original 14.04 ISO from old-releases that has the 3.13 kernel?
<TJ-> as in http://old-releases.ubuntu.com/releases/trusty/
<TJ-> use a desktop LiveISO from there, then you can do "Try Ubuntu" (hopefully, if the DVD drive is recognised!) and a chroot into the installed system to add additional kernels
<TJ-> Does it have a DVD, or is it only a CD-ROM drive? Could be a capacity issue if so
<cryptodan_mobile> it has a dvd drive
<TJ-> so that's good, you can use one of those 907MB ISO images
<cryptodan_mobile> Here is a video I made of it booting https://youtu.be/jDVOKubgG6s
#ubuntu-server 2019-07-22
<lordievader> Good morning
<mnms_> Hi guys. Do you think Pentium n4200 can candle 1Gb link?
<sdeziel> mnms_: I would think so
<tomreyn> https://pcengines.ch/apu2.htm comes with https://www.amd.com/en/product/7426 and they can do gigabit fine. your https://ark.intel.com/content/www/us/en/ark/products/95592/intel-pentium-processor-n4200-2m-cache-up-to-2-5-ghz.html looks more powerful in all aspects which would affect network data transfer.
<tomreyn> (not counting performance degradation due to microcode updates / CPU bug counter measures)
<mnms_> tomreyn: Im also worried little about nic chipsets Realtek 8111G
<tomreyn> that's a better reason to be worried
<mnms_> tomreyn: I see I can buy apu2c2, what workloads do you have?
<mnms_> cpu is heavily loaded? Do you use it as a router :)?
<tomreyn> mnms_: i don't have such hardware now, just used to play with it a little.
<tomreyn> but they can be used as routers, yes.
<patdk-lap> if it won't be doing tcp offload (routing) you need 1ghz per 1gbit
<patdk-lap> if it's bidirection, that is 2gbit traffic per a 1gbit port
<patdk-lap> that is only a 1.1ghz cpu
<mnms_> yee its not much
<patdk-lap> I would go with something with less cores and more ghz
<mnms_> hard to find this kind of sbc
<patdk-lap> cause drivers don't always irq balance between cores good
<mnms_> understand
<mnms_> up squared has realtek chipsets but Pentium n4200
<friendlyguy> hi there! i am wondering if somebody has an idea: how could i "temporarily" extend the space of my /boot partition? i managed to maneuver myself in some unfortunate situation where i believe can get only out if i manage to increase the size of /boot
<rbasak> friendlyguy: you could copy everything to somewhere bigger and bind mount that bigger place back to /boot
<rbasak> friendlyguy: but perhaps easier to just move one probably-won't-be-touched thing out temporarily?
<friendlyguy> nah, i think apt wants to install dozens of old kernels, that wont fit in the 250mb partition
<rbasak> Why would apt want to do that?
<friendlyguy> good question :) i managed to screw it up badly i guess
<friendlyguy> i manually had to remove old kernels a bunch of times. i guess i just made an error
<friendlyguy> okay, lets c if that works :) i attached another vhdx, created a partition and mounted that. ran rsync, unmounted /boot, mounted the temporary /boot and now running apt-get install -f
<friendlyguy> might have been a good idea to create a snapshot first... but... already past that point#
<friendlyguy> okay, i think that worked. now i am wondering why apt-get autoremove didnt remove the old kernels from there?
<friendlyguy> okay... somehow things are screwed up even more: cant boot any more
<friendlyguy> grub is entering rescue mode
<friendlyguy> i think it "might" have used the uuid from the temporary disk or something
<rbasak> Yes you'll need to run update-initramfs manually etc.
<friendlyguy> ls in grub rescue only gives hd0, but no partitions?
<rbasak> You seem to have inferred far more than just my suggestion.
<friendlyguy> i moved the content of boot to another disk and mounted that as boot, isnt that what you suggested?
<friendlyguy> cant i just tell grub to use /dev/sda1?
<friendlyguy> because the content is there
<muhaha> Is there a kickstart file for cloud-init ubuntu image?
<friendlyguy> what a pain
<friendlyguy> okay, ls in rescue mode gives me only hd0. if i try to ls hd0 i get unknown filesystem
<friendlyguy> whats going wrong here?
<friendlyguy> sda1 only has two partitions: boot and root
<friendlyguy> so shouldnt grub display it as hd0,[1,2]?
<friendlyguy> hello?
<tomreyn> friendlyguy: hello.
<tomreyn> did you mean to say "sda only has two partitions: boot and root" (not sda1)?
<friendlyguy> :) thanks tomreyn, at least now i know my messages still go through.
<friendlyguy> sda has two partitions, yes. sda1 and sda2. sda1 is /boot
<friendlyguy> thats why i was trying to tell grub to use sda1
<tomreyn> can you sum up what you're trying to do overall, and what has already been done?
<friendlyguy> right now i try to unfuck it
<friendlyguy> i had space issues with /boot (seperate partition, 250mb total). so i asked if somebody knows a good way to "temporarly" increase the size of /boot
<tomreyn> so you have a system which does not boot; grub loads but cannot find its configuration file and thus does not show the menu
<tomreyn> ok, go on
<friendlyguy> its trying to boot of a disk with a uuid that is wrong... i guess
<RoyK> friendlyguy: generally, you can't do that, since the boot partition is generally sandwiched between the start of the disk or EFI partition and the rest
<friendlyguy> okay, going on...
<friendlyguy> its legacy boto
<friendlyguy> boot
<friendlyguy> no efi partition
<RoyK> friendlyguy: next time, don't use a dedicated boot partition ;)
<friendlyguy> nevertheless its sandwitched
<RoyK> ot was needed earlier, but that's quite some time ago
<friendlyguy> so rbasak came up with the idea to copy the content somewhere else and mount it as /boot
<friendlyguy> thats what i did: attached a second vhdx file to the vm, created partition and created fs on it, rsynced the content of boot to the temporary disk, mounted that disk
<friendlyguy> than ran a apt-get install -f to fix the "initial" problem
<RoyK> friendlyguy: just copy it to the rootfs and remove the boot partition - should work - some grub meddling may be needed, though
<RoyK> modern versions of grub can boot from large partitions - earlier it couldn't
<friendlyguy> i didnt want to move /boot permanently only temporary
<RoyK> you don't need it
<RoyK> really
<friendlyguy> what do i dont need?
<rbasak> friendlyguy: I did assume that you would put /boot back and weren't going to immediately reboot.
<rbasak> Then it would fix itself on the next update.
<RoyK> friendlyguy: a separate boot partition. I never use it anymore. it really isn't needed
<rbasak> You can run (IIRC, check the manpage) "update-initramfs -u" to fix up the initramfs images in /boot when you have restored /boot to the real one that matches everything
<friendlyguy> ah, yeah. but thats an very old system. so its in there, and it was done with setup defaults back then
<nacc> -u -k all, iirc
<friendlyguy> so i guess there was a time it was a good idea
<tomreyn> i think /boot still goes to a separate partition with default paritioning on every current ubuntu installer
<friendlyguy> okay, i now booted into the rescue system of some 16.04 iso
<friendlyguy> mounted the root, mounted the boot partition
<friendlyguy> so, only run "update-initramfs -u" now?
<tomreyn> which ubuntu version do you have installed there?
<friendlyguy> 16.04.5
<tomreyn> you also need to mount virtual file systems
<tomreyn> proc sys dev ...
<friendlyguy> isnt that being taken from root?
<tomreyn> hmm, i don't understand what you mean
<friendlyguy> forget it. how do i mount the virtual file systems?
<tomreyn> i'm saying that if you're going to run "update-initramfs" to update the initrd on your existing on-disk installation, you'll need to chroot into this installation and make sure the environment is similar enough to that of the booted system.
<friendlyguy> i thought thats what the rescue-system did
<friendlyguy> i took an 16.04.3 ios, booted it and selected repair a broken system (or something like that)
<friendlyguy> i then told it which is my root partition and mounted /boot
<friendlyguy> so i "guess" the rescue system chrooted me in there?
<tomreyn> oh i see. i'm not sure how to work with this, always did it manually.
<friendlyguy> jup, same here
<friendlyguy> first try with the rescue system
<tomreyn> https://help.ubuntu.com/community/LiveCdRecovery#Update_Failure is roughly the manal approach
<tomreyn> so you'd mount / and any required fie systems of the standard system somewhere, say /target , then bind mount /proc /sys /dev /dev/pts onto the respective directories there and then chroot /target /bin/bash
<friendlyguy> i think i found the issue: during the replacement of /boot with the temporary location my grub.cfg was modified
<friendlyguy> the new grub config is pointing to the temporary disks uuid
<friendlyguy> so i need to fix the grub config to point to the old disk again
<friendlyguy> jup, that did the trick: the system is booting again
<friendlyguy> it would be awesome if somebody could help me to figure out why there are still so many old kernels in boot
<friendlyguy> kernel 4.4.0-154 is currently used. but there are still kernels in /boot ... 4.4.0-93, or an initrd.img... 3.13.0-70
<friendlyguy> would be nice to remove those
<friendlyguy> i *could* remove it manually, but i`d prefer that apt cleans it
<rbasak> friendlyguy: try "apt --purge autoremove" - but check carefully when it prompts you
<friendlyguy> didnt do anything
<rbasak> I would remove them manually then.
<rbasak> Be careful to avoid your currently booted kernel and also the latest kernel of course
<friendlyguy> what i dont get: i have different number of files for abi, config, initrd and vmlinuz
<friendlyguy> like there are two files starting with abi, 8 or nine files starting with initrd, 3 vmlinuz,3 system.map
<rbasak> use "dpkg -S file" to see what package file comes from
<friendlyguy> that doesnt work for those files
<rbasak> Some may be generated
<tomreyn> then they're not part of a package (or were generated during installation of a package and are not tracked)
<rbasak> Yes one of those two
<rbasak> Usually I "dpkg -l|grep linux" and manually return the ones I don't need.
<rbasak> Anything that's obviously a kernel version that I don't need.
<friendlyguy> wow
<friendlyguy> i think thats the main problem
<tomreyn> to make auto-removal of kernel images (all but the latest two and the currently active one) work, you'll need to ensure that linux-generic and linux-image-generic are installed and that all the packages which contain a kernel version number as returned by    dpkg -l linux-\* | awk '/^i/ {print $2}'    are automatically, not manually installed.
<friendlyguy> let me show you something :)
<friendlyguy> https://pastebin.com/LJ4vicss
<friendlyguy> rbasak: i assume that command normally doesnt give you 240 lines back
<tomreyn> the /etc/kernel/postinst.d/apt-auto-removal  hook script runs whenever you install a kernel image and tracks (in /etc/apt/apt.conf.d/01autoremove-kernels) which kernel images (and initrds, headers) should be kept / removed
<tomreyn> those 3.13 packages must be remainders from before your release upgrade to 16.04
<friendlyguy> entirely possible
<friendlyguy> shall i just purge linux-image-extra-3*?
<rbasak> Yeah that's rather large
<friendlyguy> as well as linux-image-3*
<tomreyn> i guess you can     sudo apt purge '^linux.*-3\.13\.0-.*'    but make sure you check the output before you confirm
<friendlyguy> uuh:) down to 127
<tomreyn> is this system booted from disk now, or still chrooted in recovery?
<friendlyguy> booted from disk
<tomreyn> which kernel is now running?
<tomreyn> cat /proc/version or uname -r
<friendlyguy> 4.4.0-154
<tomreyn> good, that's not too far behind
<tomreyn> so you can then purge all linux-* 4.4.0 packages which have a 2 digit patch level
<friendlyguy> i`m horrible with regex
<friendlyguy> :)
<tomreyn> sudo apt purge '^linux.*-4\.4\.0-[0-9][0-9]-.*'
<tomreyn> again, make sure you check the output before you confirm
<friendlyguy> sure
<nacc> bryce: how's it going?
<friendlyguy> looking good to me, lets remove them
<rbasak> I usually process the dpkg -l output by hand in an editor and then feed that to dpkg -P
<rbasak> Saves doing regexes for a one off task and I get to confirm it's right
<friendlyguy> interesting: errors occured with linux-image-extra-4.4.0-93-generic
<tomreyn> probably some leftover files?
<tomreyn> ah no that'd been a warning
<friendlyguy> depmod: ERROR: could not open directory /lib/modules/4.4.0-93-generic: No such file or directory
<friendlyguy> so i guess i can ignore that
<tomreyn> if it prevents purging the package then you probably can't ignore it
<friendlyguy> did it a second time: worked now
<friendlyguy> thats how it looks now: https://pastebin.com/1Atr59u3
<tomreyn> so you may want to get a fresh list of reamining installed (or leftover configuration files) linux-* packages and sort out which ones you want to keep / remove, or just mark all of them as automatically installed.
<tomreyn> all of the versioned ones, that is.
<friendlyguy> can you take a look at the link i posted, thats what is currently installed
<tomreyn> i did :)
<friendlyguy> looking much better to me :)
<friendlyguy> thanks for your help so far!
<friendlyguy> do you have an idea why it kept linux-headers-4.4.0-89 and 93?
<friendlyguy> manually removing them worked
<bryce> nacc, heya, was away on vacation friday; will pick back up on php this afternoon or tomorrow I think
<friendlyguy> anyhow. need to get home. ill try to join back later
<friendlyguy> thanks for the help of all of you!
<friendlyguy> very kind
<tomreyn> friendlyguy: i don't know why it kept these packages, no
<friendlyguy> i was just wondering why they were not catched by your regex
<tomreyn> friendlyguy: you haven't prevented this issue from occurring again, yet
<friendlyguy> thought that they should have been catched
<friendlyguy> tomreyn: exactly!!! i would love to though
<friendlyguy> but i have to go home now
<nacc> bryce: sounds good, thanks!
<tomreyn> oh my regex had a dash behind those numbers
<tomreyn> friendlyguy: see you
<friendlyguy> aaah, i c
<friendlyguy> :)
<smoser> ahasenack: what is the process or is there one..
<smoser> for me to request a push of a tag for merge of https://code.launchpad.net/~rafaeldtinoco/ubuntu/+source/cloud-utils/+git/cloud-utils/+merge/370194
<smoser> i just uploaded rafael's b26a5aa7736d4e64c19f66fa563a12808b1c4ebd
<smoser> as upload/0.31-0ubuntu1.1
<smoser> but i can't push there.
<smoser> (pinging you because you're the only member of usd-import-team that is in current timezone normal working hours)
<Odd_Bloke> smoser: Andreas is at Debconf this week, so he may not be around.
<smoser> fair enough
<rafaeldtinoco> smoser: hey
 * rafaeldtinoco reading
<rafaeldtinoco> ahh its for andreas, ok, ill warn him (in front of me)
<smoser> rafaeldtinoco: well, i think the ansewr is "there is no answer"
<rafaeldtinoco> he is coming
<rafaeldtinoco> =)
<ahasenack> smoser: hi
<ahasenack> smoser: there is none, let me look at that and push it for you, if there is still time to win the race
<smoser> yeah, i'd guess you can win the race
<smoser> as it is stuck waiting for approval
<smoser> so i think you're racing a human
<smoser> and they're slow
<ahasenack> sru
<ahasenack> ok
<ahasenack> smoser: done
<ahasenack> added info to the mp as well
<catbadger> hi. i have a 55GB database dump i need to move. I'm aware that compressing it might not be an option. should I just rsync it to the other server?
<lotuspsychje> !crosspost | catbadger
<ubottu> catbadger: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.
#ubuntu-server 2019-07-23
<lordievader> Good morning
<friendlyguy> morning
<friendlyguy> is somebody willing to work with me to get old kernels automatically removed?
<friendlyguy> i have an old system where this isnt working
<friendlyguy> i worked with tomreyn and rbasak yesterday on this: removed most of the old kernels manually
<Skyrider> Greetings all
<Skyrider> Was wondering if someone could help me with a tiny problem. I noticed today that php curl was no longer functioning.. I checked it out and saw that I can't install curl at all: "php7.2-curl : Depends: libcurl4 (>= 7.44.0) but it is not going to be installed" --> But if I install libcurl4, it'll erase my mongodb 4.x server installation.
<Skyrider> Any suggestions?
<tomreyn> friendlyguy: i could help there if you like? if so, post the http address returned by 'dpkg -l | grep ^....linux | nc termbin.com 9999' to get started.
<friendlyguy> morning!
<friendlyguy> cool, sure
<friendlyguy> but i guess ill need to open that port first
<friendlyguy> gimme a sec
<friendlyguy> https://termbin.com/j4j7
<friendlyguy> opening that port did help :)
<tomreyn> friendlyguy: welcome back. be sure to type "tomreyn" here to raise my attention. what does "uname -r" say is the kernel version currently running?
<friendlyguy> tomreyn: its 4.4.0-154-generic
<tomreyn> friendlyguy: sudo /bin/true && ( sudo apt-get update && sudo apt-mark auto linux-image-4.4.0-154-generic linux-headers-4.4.0-154-generic && sudo apt-get install linux-generic ) > /tmp/tomreyn && cat /tmp/tomreyn | nc termbin.com 9999
<tomreyn> please pass the url and tell me if it prints anything on screen other than the url, too.
<friendlyguy> https://termbin.com/95ei
<friendlyguy> no errors were shown
<tomreyn> friendlyguy: please keep highlighting me (putting my name in front of what you say). the output looks fine (despite it being in german, but then i personally understand that; you could run "export LANG=C" to get output in english). now: sudo apt-mark manual linux-generic
<friendlyguy> tomreyn: thats done
<friendlyguy> "has already been marked manual..."
<tomreyn> friendlyguy: sudo apt-mark auto '^linux-(image(-extra)?|(cloud-)?tools|headers)-4.*' | grep -v 'not installed.' | nc termbin.com 9999
<friendlyguy> tomreyn: https://termbin.com/reu6
<friendlyguy> oh, damn. i should have changed "not installed." to its german equivalent
<friendlyguy> sorry
<tomreyn> friendlyguy: just run   export LANG=C      - it will only last for this ssh session
<friendlyguy> i created a new one: https://termbin.com/a02g
<friendlyguy> did the export also now
<tomreyn> friendlyguy: and no worries. ;)  as a reminder, this tells you what your currently running kernel is:  uname -r      run it to remind yourself. then:   sudo apt-get update && sudo apt --purge autoremove       and make sure you read the list of software it wants to uninstall. it should not include the currently running kernel. if it does, cancel removal.
<friendlyguy> tomreyn: it does not want to uninstall anything
<tomreyn> okay, that's fine, too
<tomreyn> friendlyguy: now:   nc termbin.com 9999 < /etc/apt/apt.conf.d/01autoremove-kernels
<friendlyguy> tomreyn: https://termbin.com/4k7l
<tomreyn> friendlyguy: hmm this linux-image-extra-4.4.0-142-generic package is not in a good state. let's try to fix this:  sudo apt purge linux-image-extra-4.4.0-142-generic     and post the output to https://paste.ubuntu.com
<friendlyguy> tomreyn: how do you know? i couldn`t see that its in a bad state
<tomreyn> friendlyguy: on what you just posted, there was this line: pH  linux-image-extra-4.4.0-142-generic   4.4.0-142.168                                amd64        Linux kernel extra modules for version 4.4.0 on 64 bit x86 SMP
<tomreyn> you can produce this line using this command:   dpkg -l linux-image-extra-4.4.0-142-generic
<friendlyguy> pkg-query: no packages found matching linux-image-extra-4.4.0-142-generic
<friendlyguy> tomreyn: thats interesting
<tomreyn> the 'pH' it starts with says this package is in a state where it is to be (p)urged but it is also (H)alf-installed. the p isn't an issue but the H should not be there.
<tomreyn> you could read up on this after installing the manuals
<tomreyn> !man
<ubottu> The "man" command brings up the Linux manual pages for the command you're interested in. Try "man intro" at the  command line, or see https://help.ubuntu.com/community/UsingTheTerminal | Manpages online: http://manpages.ubuntu.com/
<tomreyn> and running:   man dpkg-query
<tomreyn> (to quit this viewer when you finished reading, press 'q')
<friendlyguy> tomreyn: Package 'linux-image-extra-4.4.0-142-generic' is not installed, so not removed
<friendlyguy> i wonder which output you are looking at?
<tomreyn> right, i'm puzzled as to why it's saying this now.
<tomreyn> i'm looking at https://termbin.com/4k7l
<tomreyn> maybe     dpkg -l | grep ^.H     will produce this output
<friendlyguy> tomreyn: nope
<friendlyguy> didnt return anything
<tomreyn> ok, another explanation is that this package was only in this state at the time because it was just being worked on by an automatic background process at the time
<tomreyn> so since it's just uninstalled now we don't need to worry about it
<tomreyn> is rebooting this system an option currently?
<tomreyn> (don't do it, yet)
<tomreyn> friendlyguy: ^
<friendlyguy> yes, sure
<friendlyguy> no problem
<friendlyguy> tomreyn: i can reboot it anytime
<tomreyn> friendlyguy: okay, let's make sure all the latest software is installed:  sudo apt full-upgrade
<friendlyguy> tomreyn: it is
<tomreyn> hmm weird, i have a newer kernel version installed. can i see    dpkg -l | grep ^....linux | nc termbin.com 9999   again?
<friendlyguy> tomreyn: sure, https://termbin.com/bagv
<tomreyn> oh, my bad, i have an extra repository enabled which provides newer versions which are still undergoing testing.
<friendlyguy> ah, alright. thats clear then :)
<tomreyn> okay, so just reboot, and then run   sudo apt update && sudo apt --purge autoremove     and tell me whether it wants to remove anything
<tomreyn> or rather if it wants to remove anything there, please show the full output on the pastebin.
<friendlyguy> tomreyn: nothing
<tomreyn> friendlyguy: okay, then run this to hopefully remove the outdated packages:   sudo apt purge '^linux-(cloud-tools|headers|image|image-extra|tools)-4\.4\.0-1[0-4][0-9](-generic)?$'
<tomreyn> friendlyguy: if it prompts, don't confirm, yet
<tomreyn> just show the output
<tomreyn> friendlyguy: oh and please also show    uname -r    once more
<tomreyn> friendlyguy: got busy?
<tomreyn> friendlyguy: i'm gone for ~ 1 hour. in case you'll return in the meantime, make sure no package containing your current kernel version (as reported by "uname -r") is listed by the "apt purge ..." command. if so, confirm it. that should be all that's left to be done.
<rbasak> tomreyn: you don't know about pastebinit?
<rbasak> It's a package ;)
<friendlyguy> tomreyn: ah, sorry. went for lunch
<friendlyguy> tomreyn: https://paste.ubuntu.com/p/2G9vyB9JVP/
<tomreyn> rbasak: i know ;) but it's not installed by default, and throws warnings which irritate people on 19.04. thanks for the hint, though.
<tomreyn> friendlyguy: welcome back. you can confirm this prompt.
<rbasak> https://bugs.launchpad.net/ubuntu/+source/pastebinit/+bug/1812232
<ubottu> Launchpad bug 1812232 in pastebinit (Ubuntu Eoan) "Deprecation warnings" [Medium,Fix released]
<rbasak> Disco isn't really Won't FIx - it just needs someone to drive it.
<tomreyn> i agree. :)
<friendlyguy> tomreyn: i am done with that, all removed
<tomreyn> friendlyguy: okay, then we're done. you could duble check that there are no old leftover files in /usr/src/ and /boot/ if you like. i expect that older kernels will be automatically marked for removal from now on. if you like to, review the comands we ran and ask about them if you have any questions.
<friendlyguy> i understood the commands, but i didnt get the "big picture" totally i think
<friendlyguy> we basically removed old kernels, and made sure the current kernel is flagged as automatic, ist this correct?
<tomreyn> friendlyguy: yes, that's really all we did i think
<friendlyguy> can you guess what i screwed up to get in this situation?
<tomreyn> friendlyguy: flagging those versioned kernel images as automatic, and, moreover, making sure the non versioned 'tracking' packages (linux-generic, linux-image-generic) are installed should make the automatism defined in /etc/apt/apt.conf.d/01autoremove-kernels work so that older kernel packages will get flagged to be removed by apt autoremove
<tomreyn> this is a not only an issue on your very system but was a more common issue on 14.04 and earlier (but not on 18.04, and i think not on 16.04 fresh installations - so unless it was upgraded to).
<tomreyn> friendlyguy: so i assume you upgraded this system from an earlier release at some point. but i may also be wrong in that it did actually still happen on earlier 16.04 point releases.
<friendlyguy> yeah, the vm is about 10 years old
<friendlyguy> i run a bunch of websites on it
<friendlyguy> nothing critical
<tomreyn> oh, so it went thruogh several upgrades. then i recommend you run https://github.com/tomreyn/scripts#foreign_packages
<tomreyn> also deborphan
<friendlyguy> tomreyn: ill do that, thanks
<friendlyguy> i was thinking about to do another release upgrade
<friendlyguy> 16.04 to 18.04
<tomreyn> friendlyguy: you'd get TLS1.3, which is nice - faster web browsing on sites you host.
<tomreyn> !releasenotes
<ubottu> For release notes of a given Ubuntu release, please refer to the 'Docs' column on the 'List of releases' table at https://wiki.ubuntu.com/Releases
<friendlyguy> tomreyn: thanks a lot for you help again!
<tomreyn> you're welcome, friendlyguy
<supaman> I have a webserver that is accessed by some finnish people that use the Ã¤ letter (hex e4) is some filenames that are uploaded to the server
<supaman> when I look in the folder I see $344 instead of the letter
<supaman> and most importantly I have problems backing up the folders using rsync to a smb mounted NTFS filesystem, it gives an error
<supaman> why is this happening? using find, printf and xxd to see the hex values in the filenames it gives the correct hex value
<supaman> so my system (ubuntu 18.04 on ext4) is not displaying the character correctly
<supaman> and then rsync, smb, or something else in the stack is crapping out moving those files to the smb mount
<rbasak> Everything needs to be set up to use the same encoding, or be able to determine the encoding correctly
<rbasak> That includes your locale, etc.
<supaman> locale is en_US.UTF-8
<supaman> interesting, if I do a "touch tÃ¤st" on the server, and check the hex value of Ã¤ I get a different value
<supaman> if I type it I get hex value c3, but in the filenames its e4
<RoyK> it's probably russian cyber-terrorists trying to get in :D
<supaman> hehe :-)
<supaman> nah, finnish environmentalists ... even worse ;-)
<tomreyn> 0xc3 would by Ã
<supaman> in en_US.UTF-8?
<tomreyn> yes. echo -e '\uc3 \ue4'
<supaman> even more interesting, I created an empty file with Ã¤ (not Ã) in the name, ran it through find . -maxdepth 1 -type f -exec sh -c 'printf "%-10s %s\n" "$1" "$(printf "$1" | xxd -pu )"' None {} \; and that shows 0xc3 for Ã¤
<supaman> hmmm ... a bit more convoluted, ./tÃ¤st gives me 2e2f74c3a47374 ... so its c3a4 that represents the Ã¤
<tomreyn> AKA "LATIN SMALL LETTER A WITH DIAERESIS"
<supaman> never got used to the names of all those commas and umlauts over letters
<supaman> could be the difference is since I have an icelandic keyboard layout and need to press two keys (one dead key) to get the Ã¤
<tomreyn> it's the (web searchable) description of this character from the unicode standard
<tomreyn> http://www.ltg.ed.ac.uk/~richard/utf-8.cgi?input=%C3%A4&mode=char
<supaman> c3a4 is the utf-8 computer encoding, e4 is the iso-8859 encoding (according to https://en.wikipedia.org/wiki/%C3%84)
<tomreyn> so if you see Ã somewhere then it's due to LATIN-1 (i.e. non utf-8) encoding
<tomreyn> meaning you have a character conversion to non utf-8 in place, which is your 'bottleneck' there.
<tomreyn> well, not conversion, lack of conversion really
<supaman> yeah, seems that when the files where uploaded to the server the filenames got stored as iso-8859 but now the system is in utf-8 mode and then it doesn't know what to do with the character
<hallyn> ubuntuserver.wordpress.com deleted?
<coreycb> jamespage: python3-ceilometerclient BDs have been removed except for vitrage: https://storyboard.openstack.org/#!/story/2006269
<coreycb> jamespage: mistral's dependency on python-glareclient may be difficult since glare is at least somewhat maintained still
<jamespage> coreycb: thanks
 * jamespage ponders glareclient
<jamespage> I guess we can leave the client package in place for the time being...
<coreycb> jamespage: alright i'll take a look at updating glare packages to py3 only
#ubuntu-server 2019-07-24
<mmercer> lo folks -- im using a preseed.cfg with no user creation (set to false),  root login set to true, and root passwd crypted (used a working machine to generate the hash, and have verified it numerous times)....  yet i still cannot login on the machine with the expected password...  is root login disabled by default in the sshd?  even if it is, i would have expected the root login true to have
<mmercer> changed/over-ridden that setting?
<mmercer> dunno if anyone else has ever seen similar issues
<patdk-lap> pretty sure root is disabled always except for key logins
<mmercer> patdk-lap: then whats the point of setting root login to enable in a preseed and why even bother having the option ?
<mmercer> it is entirely possible that this is the issue im hitting, but im not positive
<sarnold> preseed comes from redhat land and kinda works in the debian installer, which ubuntu has kept in some form..
<sarnold> so not all options that preseed offers necessarily make the most sense on ubuntu installs
<patdk-lap> hmm, it clearly says in the preseed file, root login is for setting a local root user
<patdk-lap> not giving it ssh access
<mmercer> sarnold: preseed comes from the debian side of things, redhat uses kickstart?
<sarnold> dude. can I start the weekend yet?
<mmercer> xD
<sarnold> it's gonna be  along week
<mmercer> lol
<mmercer> that much fun already, eh ?
<mmercer> patdk-lap: got it, will use the 'post' equivalent to sed change the ssh login option,  going to laugh if thats the problem
<patdk-lap> https://askubuntu.com/questions/935565/install-openssh-server-package-from-preseed-file
<mmercer> heh,  duckduckgo is great for privacy, but misses a TON of results to things that google seems to nail xD
<mmercer> :|
<patdk-lap> ya, but root-login only creates the root user in /etc/passwd and shadow
<patdk-lap> nothing to do with ssh
<mmercer> ahh,  id have thought it would have been paired together, honestly
<patdk-lap> I normally use it, but only login to root using console with password, and keys over ssh if I need to for something
<patdk-lap> mainly for syncs and backup or something like that I need root and sudo just isn't cutting it
<lordievader> Good morning
<friendlyguy> tomreyn: Hi there! How are you?
<friendlyguy> i am continueing where i stopped yesterday: with your "foreign_packages" section
<friendlyguy> tomreyn: i ran the script and found a number of packages that are "No available version in archive"
<friendlyguy> so i guess that mean orphaned?
<friendlyguy> shall i just remove them?
<friendlyguy> https://paste.ubuntu.com/p/2D6GVsK8s5/
<lordievader> Pick one of those packages, could you give the output of `apt-cache policy <pkg-name>`?
<friendlyguy> https://paste.ubuntu.com/p/pVwS2kKJ7v/
<lordievader> Right, looks like left over from several dist-upgrades. `apt-get autoremove` does not mark it for deletion?
<friendlyguy> nope, does not
<friendlyguy> yeah, its a "VERY" old vm
<friendlyguy> i am about to perform the next release upgrade
<friendlyguy> ^^
<lordievader> Well, if nothing depends on them they can be removed.
<friendlyguy> looks like
<lordievader> You might want to run `apt` with the `-n` flag first, to see what it wants to remove.
<lordievader> If the set is larger than what you expect.
<friendlyguy> whats the -n flag?
<friendlyguy> i didnt find it in "man apt"
<friendlyguy> -s for simulate?
<lordievader> Ah, that is the one.
<lordievader> Haven't used it in a while...
<friendlyguy> no problem
<friendlyguy> well, it tells me that its about to remove the single package that i entered
<friendlyguy> so no dependencies
<lordievader> Go for it ð
<friendlyguy> just created a snapshot to be on the safe side :)
<friendlyguy> ah, found one that would remove more than i want to get removed
<friendlyguy> how do i handle that case, apart from not removing
<lordievader> Do you need that other package?
<lordievader> As in, is it a program you use?
<friendlyguy> yes
<lordievader> In that case you want to see if there is an update for that package available which depends on a newer version (one that is in the repo).
<friendlyguy> its the icinga2 agent and it needs to be on the same version as the server... as far as i got it
<friendlyguy> ah, no. just figured out its from an old icinga2 deployment
<friendlyguy> so... lets remove that
<lordievader> That is the easier route ð
<emOne> is ubuntu LTS a good distro for servers?
<lordievader> 'Good' is very subjective. Does it work? Yes.
<emOne> does it break too often because of updates?
<emOne> lordievader: apparently it is more 'unstable'
<lordievader> Back when I used it, rarely.
<lordievader> LTS more unstable? LTS is meant to be stable.
<emOne> I dont see anything wrong with ubuntu, many people say it is better to run debian as the server os though
<emOne> they say it is more stable, the OS doesn't undergo huge unexpected changes
<emOne> I am not sure how true that is
<lordievader> Ubuntu and Debian are largely the same. Ubuntu comes with more packages preinstalled. Which is why I typically prefer Debian.
<emOne> i am looking to install ISPconfig as my web panel
<emOne> it doesn't however install on the newswet debian 10 for whatever reason
<emOne> at least not with nginx
<emOne> there is one guy in ##ispconfig that uses debian 10 with apache and ISPconfig
<emOne> I don't understand how someone picks debian as the OS of choice and apache as the server
<emOne> that got me thinking that maybe choosing ubuntu is not that strange
<lordievader> What is wrong with that choice?
<emOne> nothing
<emOne> lordievader: apache is not the fastest
<lordievader> Apache can be quite fast if properly configured.
<emOne> https://w3techs.com/blog/entry/ubuntu_became_the_most_popular_linux_distribution_for_web_servers
<tomreyn> friendlyguy: i think all of these packages can probably be removed. no harm if you snapshotted it.
<emOne> I don't know if ubuntu was the most popular server distro in 2016
<tomreyn> friendlyguy: be sure to run    apt update && apt full-upgrade    afterwards since those installations *could* have help newer packages back.
<friendlyguy> tomreyn: i did that went all fine
<friendlyguy> i am currently performing a release upgrade
<friendlyguy> that didnt went too well
<emOne> Does the machine need to be restarted after a distro upgrade? (From one LTS to the next one?)
<friendlyguy> yes
<friendlyguy> at least from 16.04 to 18.04
<tomreyn> friendlyguy: "didn't went to well" how? did it fail? did you have PPAs?
<friendlyguy> i had problems with systemd-shim (or whatever it was called)
<friendlyguy> but i fixed that by manually renaming a file
<tomreyn> there's bug 1773859
<ubottu> bug 1773859 in systemd (Ubuntu Bionic) "upgrades to 18.04 fail" [Undecided,Triaged] https://launchpad.net/bugs/1773859
<friendlyguy> hmmm. most websites still work
<friendlyguy> i didnt expect that :)
<friendlyguy> interesting, it still tells me to perform a release upgrade to 18.04
<friendlyguy> but lsb_release tells me i am on 18.04 ^^
<emOne> Debian Server vs Ubuntu Server
<emOne> ROUND 1
<emOne> FIGHT
<andol> emOne: I think you will be perfectly fine with either pick.
<emOne> me too
<emOne> I will stick with Ubuntu
<friendlyguy> depends on what u r running. debian packages are often very old
<emOne> debian 1 : ubuntu 1
<emOne> ROUND 2
<emOne> FIGHT
<andol> Nah.
<analogist> I'm trying to setup RFC7217-style ipv6.addr-gen-mode stable_privacy addresses, and setting the stable_secret in sysctl doesn't seem to be working. I'm wondering if this is netplan/cloud_init interference, or is there another standard way of doing that?
<analogist> I'm trying to have both RFC4862 style SLAAC privacy addresses, and have my stable address be RFC7217-style non-MAC-based (non-eui64)
<emOne> what does it mean that I have a bunch of established connections from random locations around the world on sshd
<emOne> one of them is me
<tomreyn> you reached the internet.
<sarnold> emOne: check your auth logs; there's probably hundreds or thousands of failures in there
<sarnold> emOne: you can expect a huge number of brute force scans
<emOne> what has me worried is that it says ESTABLISHED
<sarnold> emOne: some probably from the irc networks you connect to, to try a handful of usernames/passwords to try to guess if your connection is from a compromised machine or not
<tomreyn> CP to #ubuntu
<sarnold> ta
<emOne> ha yes
<emOne> theyre not recommending 2fa
<emOne> is that bad?
<JanC> emOne: I assume by ESTABLISHED you mean in a tool like netstat; that means there is a TCP/IP connection, and you need that before you can send a password or a key, so it's not unusual
<emOne> netstat -tupn
<emOne> yes
<JanC> these are people trying to hack into badly protected SSH setups
<emOne> http://www.linuxscrew.com/2008/01/18/fun-windows-vs-linux-for-toasters/
<emOne> oops wrong chan lol
<emOne> that was supposed to go into #ubuntu
<JanC> you might want to disable password authentication after checking key authentication works properly
<emOne> JanC is key authentication the default way how big companies log into ssh these days?
<JanC> that or some sort of single-sign-on, I suppose
<JanC> which probably also uses some sort of keys  :)
<JanC> if you use keys, make sure the key is encrypted (needs a password to use it) and make sure to have backups of it  :)
<analogist> bigger enterprises use an ssh CA with one time signed certs
<emOne> wow
<analogist> but using that for one or a handful of servers is... probably overkill, except for education
<emOne> I feel like private/public keys for ssh is already overkill
<analogist> for personal use, use a yubikey-based ssh key
 * emOne goes back to his telnet 
 * emOne types his username admin an password ... admin
<emOne> no one is going to guess that O.O
<JanC> analogist: I think some also use Kerberos
<sarnold> funny enough I shared this link just an hour ago in another channel https://github.com/cloudtools/ssh-cert-authority
<analogist> emOne: always use a keyfile whenever possible
<analogist> emOne: https://infosec.mozilla.org/guidelines/openssh
<emOne> JanC analogist thanks
#ubuntu-server 2019-07-25
<auggies> Hello
<auggies> o/
<sarnold> hello auggies
<auggies> I have always wondered, when installing postfix, what the hell should I put for the host name? I have read all kinds of tutorials and they all say the same exact things that are way to vague
<auggies> Hi sarnold
<sarnold> man ain't that the truth
<auggies> haha
<sarnold> if your machine has a real routable dns name, probably that
<sarnold> if not, well, uh, I get fuzzy :)
<auggies> It is a VPS on Azure free
<auggies> I suppose I can just try mydomain.com and see if it will send mail. if now I should keep a backup of the detected name
<auggies> not*
<sarnold> if it's only ever going to *send* mail then it likely doesn't matter
<sarnold> but if you intend to receive mail it might require more thinking
<auggies> Only send mail
<sarnold> (note that my mail server knowledge is a good 20 years out of date, I don't know how modern antispam things work)
<auggies> G Suite has a good thing going on where you can have it only receive mail from your server IP plus spf=mydomain (close to that) and dkim which I haven't learned yet
<auggies> For DNS records of course
<sarnold> how much does azure charge for ip addresses? if it's a problem that's solved by three bucks a month or something it might be worth it
<auggies> It has a free plan that I am currently using and it comes with an IP
<sarnold> nice
<auggies> It is called Azure free VPS I think
<auggies> Yeah and I installed their Ubuntu 16.04 but upgraded to 18.04
<auggies> To do this you sign into portal.azure.com and search the marketplace for "Free account virtual machine"
<lordievader> Good morning
<sahid> coreycb, jamespage I will start new point stable updates for queens
<sahid> hum we actually have bug/1830341 not yet in 'updates'
<sahid> coreycb: cinder did not passed autopkgbuild for some reason
<sahid> looks like a dns issue, perhps we could just trigger an other attempt?
<sahid> ^ jamespage http://autopkgtest.ubuntu.com/packages/n/nova/bionic/armhf
<caribou> Hello everyone, who looks after the QEMU bugs nowadays ? it used to be cpaelzer but I don't see him around
<john3voltas[m]> hello.
<john3voltas[m]> i'm looking into using 'ubuntu core' on a raspberry pi.
<john3voltas[m]> is this the best channel to talk about 'ubuntu core'?
<compdoc> best to use the versions already made for pi
<compdoc> unless youre planning to develop and program ubuntu to make it run
 * john3voltas[m] sent a long message:  < https://matrix.org/_matrix/media/v1/download/matrix.org/tRqsWyWaeHReQTWTFwxKQTCE >
<john3voltas[m]> googling i found a version for the compute module 3, but i want the latest for the full RPi 3B+
<john3voltas[m]> ok, i've found it
<john3voltas[m]> https://ubuntu.com/download/iot/raspberry-pi-2-3-core
<john3voltas[m]> thanks though
<lotuspsychje> re-ask your issues here haiiokarin
<haiiokarin> hey guys
<haiiokarin> lotuspsychje: yes one sec :)
<haiiokarin> so basically i have droplet on the digitalocean on which iinstall only one dependency - LibreTime ( it's made for hosting radio station using icecast as server ) . So i want this IP that i received with droplet to make SSL secure, is there any easy way implementing that in the digitalocean with let's encrypt? Do i have to install any more depedency like Apache ( this i saw on some blog )
<lotuspsychje>  Ubuntu 16.04.6 x64 ,  4.4.0-154-generic server ^
<haiiokarin> lotuspsychje: ty
<haiiokarin> hmmm but as i am looking around this is more like digitalocean type of question
<haiiokarin> there is not much up to ubuntu - Let's Encrypt doesn't provide ssl certificates for IP adresses so far
<avu> haiiokarin: you can use certbot in standalone mode
<avu> no need for a dedicated webserver
<haiiokarin> avu: yes? i just want to make ip adress secure not domain
<haiiokarin> avu: this ip adress doesn't need to have for example "www.domain.com" but i need to stay it as ip but ssl secure
<haiiokarin> this is what i found - https://www.digitalocean.com/community/questions/ssl-for-ip-address
<avu> yes, don't think that work with letsencrypt
<haiiokarin> avu: yeah :/
<avu> doesn't but doesn't icecast stream using HTTP?
<haiiokarin> avu: hmmm yes it does
<avu> then using a letsencrypt domain certificate should work?
<haiiokarin> i'm new into this so let me understand - will Let's Encrypt let encrypt over ip adress?
<haiiokarin> or it does look for the actually domain?
<supaman> its dependent on a domain name, doesn't provide certificates for IP addresses
<haiiokarin> ooor maybe i'm not googlin to much and right asking you ( my bad ) - https://libretime.org/manual/secure-login-with-ssl/ this is what i found now
<avu> not sure what you mean by "encrypt over ip address", letsencrypt will issue certificates for a domain, you can then use that domain in your icecast server to encrypt the traffic between it and its clients
<haiiokarin> avu: yes my bad with typing
<supaman> haiiokarin: that link at libretime, these directions also depend on you having a domain name
<lordievader> If you don't care about certificate validation you can just use a self-signed cert, that way you can encrypt your connections with SSL without the need for a domain (for LE).
<haiiokarin> supaman: right, that is just settings after i acquire domain.
<supaman> haiiokarin: what is usually meant with a certificate is to provide the https capability, but a certificate can be used for a bit more then just that (it can be used to encrypt all traffic, be it through a webbrowser or some other internet service)
<supaman> haiiokarin: when you say you want to get a certificate for an IP address, that has no meaning, what you need to ask yourself is "how do I encrypt the service that I am providing"
<supaman> haiiokarin: in your case your setting up icecast right?
<supaman> haiiokarin: so you need to figure out how to encrypt that, and how to let users know what a valid certificate is
<haiiokarin> supaman: right, ty for brief explanation. Yes, not exactly icecast but LibreTime which is mix of icecast and liqudisoap ( it's web managment for radio station )
<haiiokarin> supaman: yes
<supaman> haiiokarin: well, I don't have an answer unfortunately, but that is the problem that you are having and since you don't have a domain name then letsencrypt and other services like that are of no help since they all depend on domain name.
<supaman> haiiokarin: but self signed certificates can do this I think, then its the problem of letting users know what is the correct certificate and that is not easy
<haiiokarin> yes i guess i'll have to buy domain and encrypt service as provided up there in the guideline of libretime
<supaman> haiiokarin: that is the best solution yes
<supaman> haiiokarin: you don't own any domains at the moment? you could put this as a subdomain then (if you own example.com, then you could use radio.example.com)
<haiiokarin> i have domain on which my website for the radio is - radio itself is hosted on this droplet since i wanted them separated
<supaman> haiiokarin: a subdomain doesn't have to be on the same IP address
<haiiokarin> because for musicians and developers to not cross each other ( that's just my way of seeing it )
<supaman> you can have domain at x.y.z.k and radio.example.com at a.b.c.d
<supaman> then you don't have to buy a new domain
<haiiokarin> oh right
<haiiokarin> so i can put that on the subdomain
<supaman> haiiokarin: yes, you can put the icecast/liquidsoap on the subdomain
<haiiokarin> supaman: just by following that exact path on guide libretime?
<supaman> haiiokarin: well, that one is using a self signed certificate, but since you will be having a URL for the service then its best to use certbot for it since other computers trust certificates from them
<haiiokarin> oh right, thank you for clarifying things
<haiiokarin> i'm learning every day by asking this type of questions but i have to :D
<supaman> haiiokarin: no problem :-)
<coreycb> sahid: sounds good. I re-ran the cinder test.
<sahid> coreycb: i'm on https://bugs.launchpad.net/cloud-archive/+bug/1837866
<ubottu> Launchpad bug 1837866 in Ubuntu Cloud Archive " [SRU] rocky stable releases" [Undecided,New]
<coreycb> sahid: sounds good, that can go straight to rocky uca (cosmic is EOL)
<coreycb> sahid: anything new for stein should get done first though
<sahid> coreycb: for stein i can only see cinder
<coreycb> sahid: ok. we might as well get that prepped and in the queue.
<m_tadeu> hi...I'm trying to change the hostname (sudo hostnamectl set-hostname newhostname), but it won't persist after boot...how to persist it?
<tomreyn> m_tadeu: this rings a bell, but i don't know whether that's still an issue currently. which ubuntu server version are you asking about?
<m_tadeu> I'm using 18.04.2
<tomreyn> and you installed fresh using the default server installer (the 'new' one)?
<tomreyn> have a look at /var/log.cloud-init.log (if it exists), see if there are hints on it changing the hostname perpetually.
<tomreyn> check whether the desired hostname is set in one or both of /etc/hosts and /etc/hostname
<tomreyn> https://bugs.launchpad.net/ubuntu/+source/cloud-init?field.searchtext=hostname or https://bugs.launchpad.net/cloud-init?field.searchtext=hostname might have relevant bug reports.
<m_tadeu> tomreyn: thanks...seems setting the preserve_hostname in /etc/cloud/cloud.cfg did the job
<tomreyn> m_tadeu: could you please file a bug on this?
<teward> tomreyn: that's a known issue, because cloud-init defaults to locking the hostname, editing the cloud.cfg as m_tadeu did (or just removing cloud-init) solves the issue
<teward> tomreyn: i remember filing such a bug let me dig it up
<teward> i think https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1780867 was where it was filed, invalid for cloud-init but valid against Subiquity and 'fixed' but not sure that's leaked its way into LTS installers
<ubottu> Launchpad bug 1780867 in subiquity "hostname unchangeable / some daemon changes and resets /etc/hostname" [Critical,Fix released]
<teward> will be present in .3 though I think
<teward> tomreyn: so "Fixed" for .3, but they'd need to respin the ISOs to fix it for .2
<teward> with the easy workaroudns identified here already until .3 is spun
<teward> m_tadeu:
<teward> see above
<tomreyn> preserve_hostname is not mentioned in there
<tomreyn> thanks for digging it up, though
<teward> tomreyn: no, it isn't, but it's in my other bug
<teward> https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1809155 <-- the dupe I filed
<ubottu> Launchpad bug 1780867 in subiquity "duplicate for #1809155 hostname unchangeable / some daemon changes and resets /etc/hostname" [Critical,Fix released]
<teward> copied that bit over
<tomreyn> oh i see. i should have set the search to show dupes
<teward> so now the workaround is mentioned
<teward> yeppers.
<tomreyn> it's only a few more weeks to 18.04.3 thankfully
<teward> but the issue *was* known and *is* fixed going forward and will be picked up in 18.04.3 ISOs
<teward> yep
<tomreyn> actually les than a week
<tomreyn> or exactly 1 week. ;) aug 1st
<teward> assuming nothing bad happens, yes :P
<teward> you never know because of kernel issues or last minute crit patches
 * tomreyn crosses fingers
<Ussat> gonna drop this here just in case anyone is interested: https://uiowa.referrals.selectminds.com/jobs/linux-senior-systems-administrator-4273
<Greyztar> hello,if i drop all traffick to my server and then allow only ssh the sshd service refuse to start and just hangs if i do systemctl start sshd,if i run /usr/sbin/sshd manually its starts without a problem though,how can i find out whats stopping me from starting the service?In syslog theres no information of it also so im kind of at a loss journcalctl -ue sshd is empty aswell ,when i run sshd manually it uses the same config /etc/ssh/sshd_co
<Greyztar> t it either,maybe its some dependency of the service?
<Greyztar> or it has to be with the blocking of traffick,it starts when i open all traffick again,how come it starts manually though
<tomreyn> did you only block inbound or also outbound traffic?
<Greyztar> tomreyn: only inbound,though it completely works if i start it manually when i block all other traffick than ssh
<tomreyn> you can strace the service, i guess. but i'm not sure whether sshd or apparmor has counter measures to try and prevent this
<tomreyn> or try the same configuration on a newly configured VM, see if it behaves the same there.
<Greyztar> ok ill try an strace and see what comes up,just find it really weird it works when started manually though
<tomreyn> newly *installed*, i mean
<seven-eleven> i found this in preseed.cfg:  tasksel tasksel/first multiselect ubuntu-desktop
<seven-eleven> i want to install ubuntu server so i replace ubuntu-desktop with ubuntu-server right?
<tomreyn> seven-eleven: there's no "ubuntu-server" task in bionic (18.04 LTS), but there is "server", and several other server related tasks.
<seven-eleven> tomreyn, ah thanks! then i will just use "server"
<tomreyn> https://termbin.com/of0b
<tomreyn> ^  tasksel --list-tasks | grep server | nc termbin.com 9999
<OerHeks> #tasksel tasksel/first multiselect lamp-server, print-server  ...
<OerHeks> and tons of other services
<seven-eleven> yeah, basic ubuntu server just what i need :-)
<seven-eleven> i need openssh though
<seven-eleven> but later in the preseed there's d-i pkgsel/include string openssh-server
<seven-eleven> so it's kind of in two places
<seven-eleven> i wonder if I can feed the preseed with my public ssh key
<seven-eleven> or i simply login from ansible with the password and let ansible do the job
<tomreyn> "apt-get -s install server^ | grep ssh" has no output, making me think that the "server" task does no install an openssh server (nor client)
<seven-eleven> nope i think server doesn't
<tomreyn> you can do late_command
<seven-eleven> but I think you can install it later on via d-i pgsel/include
<seven-eleven> yeah, late_command is an option
<tomreyn> keep in mind the installer is not a standard server environment, ansible might run into issues.
<tomreyn> seven-eleven: also consider commenting on https://community.ubuntu.com/t/please-review-design-for-automated-server-installs/11923
<seven-eleven> ok
<mmercer> does apt have something akin to yums 'history' ?
<mmercer> that allows you to review each of the transacted invocations?
<tomreyn> there are logs, two types
<mmercer> yeap, just found the apt log :)
<tomreyn> history lists requested actions, term lists what actually happened as a result (but less readable)
<seven-eleven> i've created my preseed.cfg, now I have two options: remaster an ISO with the preseed or use netinstaller, by using netinstaller i simply point to ubuntu's netinstaller package on ubuntu.com?
<seven-eleven> oh seems remastered ISO is much easier, net install over internet requires grub preinstalled and booted
<seven-eleven> https://help.ubuntu.com/community/Installation#Server_and_network_installations
<Greyztar> tomreyn: first of thanks for help,i just found out,all my other servers are working fine with same setup so coudlnt figure it out,it seems my vps provider runs a script to import ssh keys from managment page and it cant fetch it unless appropriate port is open and somehow the ssh server depends on that script to run successfully else it wont start who would know,it was really weird i didnt find an dependency for no script in unit file or so,
<Greyztar> file
<tomreyn> glad you solved it
<tomreyn> seven-eleven: are you aware of https://help.ubuntu.com/lts/installation-guide/amd64/apb.html (especially step B.2.5.)
<seven-eleven> tomreyn, didn't know about dhcp preseeding
<seven-eleven> which way should I choose?
<seven-eleven> I would have go for remastered iso, but if dhcp preseeding is recommended; I'd go for that
<tomreyn> seven-eleven: there are multiple options, you choose based on your needs and preferences. if you need to install a lot of systems or need to install often, PXE booting is probably the best approach (most of the time).
<seven-eleven> hm, I don't need to install often, but if PXE is used most of the time I think I'd go for it
<seven-eleven> i worry about PXE security concerns https://security.stackexchange.com/questions/64915/what-are-the-biggest-security-concerns-on-pxe
<seven-eleven> what's the #2 alternative to PXE?
<sarnold> if your network isn't secure from MITM attacks, then your best bet is to walk a USB stick from machine to machine
<seven-eleven> i think i can avoid PXE and still have a convenient auto install, because in my case I install not on physicial computers, but auto install vms with a preseed
<sarnold> oh in that case you probably want to use the cloud images and cloud-init scripts instead
<seven-eleven> sarnold, guess then I dont need a preseed.cfg anymore :-)
<seven-eleven> i found this script for QEMU https://github.com/giovtorres/kvm-install-vm
<seven-eleven> it uses cloud-init - i think here it creates an ISO with the cloud-init config data, not the whole distro iso https://github.com/giovtorres/kvm-install-vm/blob/master/kvm-install-vm#L501
<sarnold> seven-eleven: hmm, look around a bit, I have a feeling virt-install's no longer the new hotness; it may or may not still exist in newer releases
<sarnold> seven-eleven: I've heard good things about https://multipass.run/ but haven't tried it yet
<seven-eleven> sarnold, oh, maybe with multipass I don't need that intermediate github script anymore, because it takes care of all that
<sarnold> right
<sarnold> I'm sure it has new restrictions of its own of course
<seven-eleven> i'll check it out, thanks!
<seven-eleven> yeah
<sarnold> but I once said aloud "I wish there was a user interface like lxd for kvm" and someone replied "check out multipass" :) heh
<seven-eleven> hehe :-)
<sarnold> (I might have also said some naughty words in the general direction of libvirt, I just wanted something simpler to run qemu directly without the N layers of abstraction libvirt gives.. and multipass adds yet another layer of abstraction.. but still, it sounds like a nice wrapper :)
<seven-eleven> i wonder if I can run libvirt and multipass at the same time
<seven-eleven> if you run virtualbox and libvirt together it doesn't work without a workaround
<sarnold> libvirt and multipass should work together
<sarnold> multipass and virtualbox probably won't
<seven-eleven> mhm
<sarnold> and I'm even surprised to hear there's a workaround available to let vbox and libvirt play nice
<sarnold> I thought those were just using different kernel modules and that's that
<seven-eleven> it's cli looks so easy, so I can easily give it a try on my libvirt host
<seven-eleven> hm, i found an article last week how to run them together, but it looked too hackerish that i didnt try
<sarnold> "buy a second computer" would be my starting point :)
<sarnold> lunch time here, have fun seven-eleven :)
<seven-eleven> thanks! have a nice lunch :-)
<ezio> I'm having a problem with installing server.  I can install desktop.  I've done that.  Here's the error.  I see other people with this error and no resolution. https://imgur.com/jO3SCIC
<lordcirth> ezio, is this when  loading the installer, or after rebooting? What ISO?
<zyga> hello, who can I talk to about potential issue with xenial amazon images?
<ezio> zyga, just ask
<zyga> we got an IRC report about xenial based aws instance using lots of CPU and disk for 30 minutes until it was killed
<zyga> it was a fresh instance, derived from xenial,
<zyga> it is presumed that the source of the resource usage was snapd
<zyga> I didn't attempt to reproduce the issue, all the information we got was: "eu-west-1a, t2.large, xenial-based image"
<zyga> I was wondering if anyone could check if the vanilla image has similar problems
<zyga> it had two snaps seeded: core and amazon agent
<sarnold> zyga: interesting, someone reported snapd chewing cpu a few hours ago in #ubuntu: https://irclogs.ubuntu.com/2019/07/25/%23ubuntu.html#t19:20
<sarnold> zyga: ahhh, I see, he mentions aws, it might be the same guy
#ubuntu-server 2019-07-26
<m_tadeu> I have a huge file (~400GB) which I need to compress daily...this file is appended every day. compressing takes a lot of time, so I'd like to ask if there is a way to do something similar to rsync in a compressed file?
<sarnold> m_tadeu: what is this file? what are the rules for working with it?
<sarnold> how is it generated and what happens to it?
<m_tadeu> sarnold: it's a binary database and new data is appended at the end...so changes are always added at the end
<sarnold> m_tadeu: can you get just those changes all on their own?
<m_tadeu> sarnold: not easily...I mean, I'm rsync'ing the database file from the production system to a backup system, where I can take cpu/disk that I need without messing up with the production one
<m_tadeu> only then I'll be able to compress it
<sarnold> m_tadeu: if you could get a hold of those changes -- like, if they are *strictly* appended, you could take advantage of this neat little trick in gzip:
<sarnold> http://paste.ubuntu.com/p/ntPXYnqCVx/
<m_tadeu> that would be cool...do you know a way to do it? I do have the "old" file and the "new" file...but how to make a diff on that?
<sarnold> m_tadeu: oh nice
<sarnold> m_tadeu: hmm; if you've got both an old and new file in one place, even better, ignore everything I just said :D take a look at xdelta3
<m_tadeu> sarnold: this tools seems pretty cool...how to use it to output the diff only? it seems that it wants to write on the second file
<m_tadeu> ah -c
<sarnold> hmm.. let me give it another look :)
<sarnold> aha let me skip that ;L)
<m_tadeu> sarnold: doesn't seem to be doing what I want...the diff size is ~90MB...but the tool is outputing a lot more
<sarnold> does cmp file1 file2  report an EOF on the shorter file? or does it report a different byte?
<m_tadeu> checking...
<m_tadeu> I think this will take for ever :P
<sarnold> oh no :(
<sarnold> I mean reading 400 gigs is going to be a while..
<sarnold> if you're reading at 100MB/s probably about an hour. dang. I shoulda done the math first ;)
<m_tadeu> well rsync works just fine, so it should get the EOF
<sarnold> er, that'd be an hour for one file. if you're getting 100MB/s total... two hours to read them both from start to finish
<m_tadeu> maybe using dd, let me see if it can be done
<sarnold> heh, that was going to be my suggestion before xdelta3 .. if you're confident that the data is being appended, you can use dd's skip_bytes to start reading at a specific byte offset
<sarnold> but now that I think through the fact that you've got 400 gigs of stuff, using dd to read just the end of the file, then compress that, and send that blob over, is probably the better approach
<sarnold> that'd save reading 800 gigs of data just to find the difference at the end. but that depends 100% on it being a real append
<m_tadeu> sarnold: ok...I think I managed to create the diff....now I'll compress the first time
<m_tadeu> tomorrow I'll try to append to the gzip'ed file
<m_tadeu> hope it works :)
<m_tadeu> sarnold: thanks a bunch for the tips
<sarnold> m_tadeu: cool :) time for me to bail too
<sarnold> m_tadeu: have fun :)
<zyga> sarnold: that's the same person
<shubjero> coreycb & jamespage: Good day! I am testing Octavia in my lab as it's something we want to eventually roll out in production. We are running Ubuntu 18.04 with Rocky ubuntu packages. One thing I am struggling with is getting the octavia-dashboard-plugin to work (show up!) in Horizon. I noticed that it is based on python3 and I also noticed that our heat and trove dashboard plugins are python2 and that
<shubjero> our horizon is also running under python2. Could this mix of python versions be my problem with the load balancers UI showing up on horizon? I hastily uninstalled the py2 heat and trove plugins in lieu of the py3 packages and then broke our lab horizon terribly.. lol. Just wondering if I am barking up the right tree here.
<shubjero> *with the load balancers UI NOT showing up in horizon, rather...
<coreycb> shubjero: o/ yes you'll want them all to be the same python version. what release are you running?
<ezio> I'm having a problem with installing server.  I can install desktop.  I've done that.  Here's the error.  I see other people with this error and no resolution. https://imgur.com/jO3SCIC
<coreycb> shubjero: rocky+ should be good to go with py3
<ezio> lordcirth, loading from USB, right at the start of the installation, just after the disk-settings screen.  It starts running the installation and asks you for information like Your Name
<shubjero> Yeah, we're running rocky on 18.04.. I am just figuring out how octavia works in the lab first.. so that I am better prepared to tackle prod obviously
<ezio> on that screen I have about 5 seconds before the error
<shubjero> coreycb: thanks for that. Do you know how to make the switch for the openstack-dashboard to run under py3? Am I just pointing to a different python binary somewhere?
<shubjero> coreycb: i did find your post to openstack-discuss on Sep 7, 2018 about the rocky release useful, so thanks for that
<coreycb> shubjero: you'll need libapache2-mod-wsgi-py3 and python3-django-horizon installed and if you're upgrading you'll need to remove unused python2 packages after upgrading
<shubjero> coreycb: ok, thats my goal for today :) thanks again
<coreycb> shubjero: np good luck are you upgrading?
<shubjero> coreycb: no, we've been on 1804 & rocky for a few months now but we are looking to add new features to our cloud such as octavia, barbican, and magnum
<coreycb> shubjero: ok well if upgrading from py2->py3, after installing py3 packages you'll want to apt purge <py2-packages> && apt autoremove --purge
<shubjero> coreycb: ok
<shubjero> coreycb: btw, i dont see a post on the openstack-discuss mailing list for stein like I do for Rocky. I find those posts have important information about the release. Any plans for that?
<coreycb> shubjero: we may have missed it. i was out of office at the time.  this may help. https://javacruft.wordpress.com/
<shubjero> coreycb: nice, that works
<shubjero> coreycb: everything works now :thumbsup:
<coreycb> shubjero: nice \o/
<Fulgen> I'm trying to setup nginx on an Ubuntu 18.04 LTS server. I removed /etc/nginx/sites-{available,enabled}/default and added my own config snippet, however, it's still showing the default welcome page. Am I missing something?
<tds> Fulgen: did you reload nginx, and what was the config snippet you added?
<Fulgen> tds: yes, using both nginx -s reload and systemctl reload nginx
<Fulgen> https://termbin.com/2fr6 (saved as sites-enabled/parry)
<tds> Fulgen: what are you expecting to happen for requests to anything at / other than /parry?
<tds> it's probably falling back to the default docroot which contains the example page, you could change that to another directory if you like
<Fulgen> tds: I'd expect it to give me a 502 (the same it currently does for /parry (which tells me my config is somehow borked too, but I don't get why I still get welcomed))
<tds> 502 just means that it can't connect to another webserver on 8080
<tds> if you want that to apply to the root, you need location / rather than location /parry
<Fulgen> I want it to apply just to /parry as / will be populated later on, but I misinterpreted that 502 as a 500 (I'm still new to server stuff...). thank you!
<tds> if you only want /parry reverse proxied, you might want config to return a 403 for / or something
<teward> Fulgen: FYI if you don't add a / handler it'll autoattempt whatever location you specify.  So you need to add a separate { } block for it, such that you end up with this: https://p.ngx.cc/abcc189d93476683
<teward> a separate location block*
<Fulgen> ah, thank you both
<teward> Fulgen: (FYI I'm the semi-official/semi-unofficial NGINX maintainer in Ubuntu so i'm fairly fluent in nginx xD)
<Fulgen> oi, nice :D
<Fulgen> hm, for some reason, proxy_pass works with one URL, but gives me a blank window with another app on another port (a Quasar app). it works with return 301 though
<teward> `return 301` is a redirect, you are telling it where to actually look to get your stuff
<teward> not everything works with proxy_pass
<teward> because proxy_pass passes the request URI as well
<Fulgen> ah, thanks!
<teward> and if the requested URI is *not* present at the backend webserver where it interprets that URI and returns the corresponding data, then it will fail
<teward> so if you are requesting /parry but the backend will look in /var/appdata/ as its root and /var/appdata/parry$request_uri isn't present in the backend it'll fail
<teward> and that's a backend issue
<Fulgen> oh
<teward> whenever implementing proxy_pass ***ALWAYS*** remember the requested URI is passed to the backend as well
<Fulgen> why does it work for <ip>:9621 and not for <ip>:8080 though?
<teward> so you'd have to rewrite the request first.
<teward> that'd be dependent on other factors
<teward> check what `netstat -tulpn | grep :8080` shows for output of what's listening where.
<teward> if it's only listening on 127.0.0.1:8080 that's your problem
<teward> if it's listening on 0.0.0.0:8080 then you need to look at the backend app and determine why it's not functioning as expected (which means you'd have to debug the Quasar app/environment)
<Fulgen> it's listening on <ip>:8080 which is what I had specified for proxy_pass
<teward> Fulgen: actually you specified 127.0.0.1 in your proxy_pass
<teward> not your actual server IP
<teward> if it's listening on the actual IP on port 8080 and is reachable but not functioning right then you need to focus on that app and figure out why that application doesn't like serving the content
<teward> (which I can't actually help with sorry!)
<Fulgen> teward: oh...fail :x
<Fulgen> no problem, you've helped me more than enough, thanks!
<teward> yep.  (I don't know enough about Quasar to debug sorry!)
<robertparkerx> I don't know why but a server reboot and the services are down such as apache
<robertparkerx> How can I start apache, mysql, mongo and these
<sarnold> robertparkerx: what's in the logs?
<robertparkerx> SSH isn't even working either
<robertparkerx> sarnold, what logs
<sarnold> robertparkerx: dmesg, journalctl, /var/log/, etc
<robertparkerx> nothing in apache error log
<robertparkerx> I cannot even access the internet
#ubuntu-server 2019-07-27
<seven-eleven> how can you do snapshots with multipass?
<seven-eleven> why does multipass start qemu-system-x86-64 with format=raw although the supplied image is obviously qcow2? `8 /usr/bin/qemu-system-x86_64 -name guest=exemplary-needlefish,debug-threads=on -S -object secret,id=masterKey0,format=raw,fil.....`
<seven-eleven> this is the source of all problems https://github.com/CanonicalLtd/multipass/blob/8b98a769462d08949a526008c5a8a9863c1e3a6b/src/platform/backends/libvirt/libvirt_virtual_machine.cpp#L156
<seven-eleven> hardcoded libvirt xml config ...
#ubuntu-server 2019-07-28
<samba35> i have using ubungu 18.04 on macbook pro 6 ,2  i want to check whether vt-d is enable in bios or no how do i check that
#ubuntu-server 2020-07-20
<exalted_shmo> the network adapter being used looks like this in ifconfig: https://paste.ubuntu.com/p/dNTQZFZSzx/
<RoyK> is 20.04 still using ufw or has it moved to firewalld? I read debian is moving that way
<oerheks> ufw for now, an LTS does not make such huge change
<RoyK> debian rarely make large changes either
<RoyK> but IIRC ufw doesn't use nft, which is the new thing now
<oerheks> true, i would expect such change in minor releases
<oerheks> we do have Wireguard
<RoyK> I haven't tested 20.04 yet - setting up a vm to look around now :)
<oerheks> :-)
<oerheks> have fun!
 * RoyK usually sticks to debian
<quadrathoch2> the move should happen at the latest with the 22.04 lts release ;)
<RoyK> I'll test on 20.04 anyway - seems it's in the repos
<mybalzitch> so how come ubuntu seems to really want to apply fq_codel limiters to my network interfaces
<RoyK> mybalzitch: can you pastebin 'tc -s qdisc show', please?
<mybalzitch> it's all noqueue now, but if I delete the root queue after a minute or two it'll go back to a bunch of fq_codel interfaces
<mybalzitch> just a sec
<mybalzitch> https://paste.ubuntu.com/p/BT9Hk2jMkY/
<mybalzitch> is this because of macvlan ?
<RoyK> dunno - sorry :)
<icey> hey jamespage - thoughts on https://bugs.launchpad.net/ubuntu/+source/python-pylxd/+bug/1887805 ?
<ubottu> Launchpad bug 1887805 in python-pylxd (Ubuntu) "[RM] python-pylxd" [Undecided,Incomplete]
<jamespage> icey: reasonable push-back - we're not maintaining it and it has wider use than just nova-lxd (which has gone)
<jamespage> its just synced from Debian
<icey> jamespage: well, I don't know how much wider use it has, at least from a package peprspective
<icey> but fair enough
<jamespage> icey: its also in universe so no promise of support etc..
<icey> jamespage: ah, fair enough - I thought it was in main :)
<jamespage> rmadison python-pylxd says otherwise
<icey> jamespage: yeah - I went and looked when you said
<littlebit> hi people, i have installed ubuntu-server along with nextcloud with the help of snap. Now my server will be running only in my local network where I have my custom domain running and I'd like to generate my own certificates and place them accordingly.
<littlebit> now, I have googled around a bit and found this site: https://frankindev.com/2019/12/05/setting-up-snap-nextcloud-on-ubuntu/
<littlebit> and is it that simple that i place generated files in /var/snap/nextcloud/current ?
<littlebit> and then run nextcloud.enable-https custom ./cert.pem ./privkey.pem ./chain.pem
<oerheks> yes, browse to that folder, execute command
<littlebit> ok
<oerheks> but you want certbot, as your certs will expire some day
<littlebit> oerheks: since it is my own domain name that only exists at my home, certbot should have a problem with it or?
<oerheks> no, but your url shows a possible complication, when those ports are already in use
<oerheks> then you would need to do this manually
<oerheks> set a cron job with an email as reminder, something.
<littlebit> thought of using ansible
<Ussat> to do what ?
<smoser> paride: around ?
#ubuntu-server 2020-07-21
<makara> hi. On 18.04, why can i only set the nfs mount options rsize, wsize, and timeo to the default values? I get invalid argument if they differ
<RoyK> makara1: I don't think those are needed anymore - not for years
<makara1> i see, so its just had concrete poured over it
<smoser> paride: https://github.com/canonical/cloud-utils/pull/11
<smoser> and just fyi... i'm not sure why, but I can't even request a review on that. (add a reviewer)
<paride> smoser, I assigned myself, but rick_h just updated the repo permissions so you should be able to request or pick reviews now
<smoser> ack
<Ussat> https://github.com/microsoft/ProcMon-for-Linux
<dontlook> hello, is here a good place to ask a subiquity autoinstall question?
<dontlook> I'm looking to build a config that assumes the device has only one active ethernet link and assigns it an IP, but I don't want to have to enumerate the interface name for every machine.
<dontlook> used to be you could pretty much count on eth0, but I know that is changed and my understanding is the names now have something to do with the mac address?  Is there a virtual name that is more generic like eth0?
<ahasenack> someone here might know, but another good place to ask this is in the forum, let me get you a link
<ahasenack> there is an autoinstall topic
<ahasenack> dontlook: https://discourse.ubuntu.com/t/please-test-autoinstalls-for-20-04/
<ahasenack> also this maybe: https://discourse.ubuntu.com/t/automated-server-install-quickstart/
<dontlook> ahhhh it looks like this is covered in netplan with match and set-name
<dontlook> that is pretty cool
<evit> Were there kernel patches yesterday?
<evit> Not seeming them here https://ubuntu.com/security/notices
<sbeattie> evit: yes, well, partially published yesterday, landing in the security pockets a couple of hours ago, at most. I'm working on publishing the notices now.
<evit> sbeattie, Great, I was hoping I wasn't hallucinating again. =P
<evit> Or getting 'imaginary' updates no one else is getting =()
#ubuntu-server 2020-07-22
<ratrace> Hello. Can anyone do me a favor? If you have nginx installed, can you check its logrotate hook, how is it signaling nginx to reopen logs? using   invoke-rc.d rotate nginx     or pidfile directly, or some other way?
<icey> ratrace: https://pastebin.ubuntu.com/p/6QkrggQz98/
<ratrace> icey: so it does the same dumb thing like debian. thanks for your assistance.
<icey> ratrace: looks like the post-rotate ends up doing "start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME"
<ratrace> yes, I know what the "rotate" command in init script does. my problem here is that it's using the init script at all, even though systemd is the _only_ supported init on Ubuntu
<ratrace> because invoke-rc.d is subject to policy-rc.d and I've had certain unexpected fallout with cases like this one, trying to block service (re)starts upon installation or upgrade
<Peanut> Is ZFS install not available on the server installer yet? (Focal)
<mwhudson> Peanut: correct
<Peanut> Bummer - and the desktop iso is not a live iso, and the netboot.tar.gz / netboot.iso also doesn't contain the ZFS installer.
<Peanut> So basically there is no way to netboot and get ZFS boot installed. Somewhat of a dissapointment, it's been decades since I've done the whole booting from a stick thingy.
<littlebit> hi people, I have created a self signed certificate and wanted to enable https with snap with : nextcloud-enable-https custom , and that command wants a chain
<littlebit> can someone help me
<icey> hey jamespage - I think that https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1878419 was initially your request, any chance you could update it with what you're hoping to see with it?
<ubottu> Launchpad bug 1878419 in neutron (Ubuntu) "clean up breaks/replaces and packages that are no longer needed" [Undecided,New]
<jamespage> icey: its about upgrade paths and whether we need to maintain the breaks/replaces fields - they get used when files move between packages
<jamespage> so for example - in groovy, we only have to worry about upgrades from focal - so its likely we can drop a whole load of breaks/replaces stanza's
<jamespage> as the file moves pre-date the focal package versions
<mdeslaur> rbasak: hi! Looks like the new mysql is FTBFS on riscv64, and it's preventing me from releasing my security update. Would you be the proper person to take a look, or should I ping someone else?
<rbasak> mdeslaur: someone on my squad will need to take it. I'm trying to increase the bus factor on MySQL and have others look at it more rather than it just being me. I can ask for volunteers in standup tomorrow, or we need it sooner we can ask around now I guess?
<mdeslaur> rbasak: it's blocking the security update, it can wait until the standup if nobody volunteers before then
<mdeslaur> unless I can regress riscv64 on focal? I'm not sure if we support it on focal or not
 * rbasak doesn't know
<Soni> how do I force a systemd unit to not run even tho another unit wants it to run?
<sarnold> Soni: mask the unit, systemctl mask ...
<Soni> huh, thanks
<Soni> yeah I should just switch my quassel core to use postgres tbh but eh I don't wanna .-. so thanks!
#ubuntu-server 2020-07-23
<icey> jamespage: would you be around to take a look at https://code.launchpad.net/~chris.macnaughton/ubuntu/+source/openvswitch/+git/openvswitch/+merge/387852 ?
<Peanut> I've logged in to my 20.04 Focal desktop, and logged out again. Now, 15 minutes later, there are still 33 processes running as this user: /usr/lib/bluetooth/obexd, lots of Evolution processes (I don't use Evolution), geoclue (no clue what that is), telepathy/mission-control (???), gnome-tweak-tool-lib-inhibitor (this is a desktop) etc. Why don't these disappear once I've logged out?
<Peanut> Ah, sorry, wrong channel.
<Towser> (Towser) I have a question. Would it be worth converting an old laptop into a DHCP/PBX server? If so what edition of ubuntu server would work best (and cheapest) or would I be better off using an alternative platform?
<Orcs53> Hi there! I have Docker (installed the snap) on a Raspberry Pi running Ubuntu 20.04 server. I have done a few power cycles, and now when I reboot, the Docker daemon no longer starts.
<Orcs53> Here is a portion of the output of journalctl https://paste.ubuntu.com/p/nVNkpWGQCD/
<Orcs53> Any ideas on how to solve this issue?
<jamespage> icey: sorry was ooo for this morning
<icey> no worries :)
<NTQ> I've got a problem with a stuck cifs mount which is not available anymore on an Ubuntu 18.04. Every two second it logs this: https://paste.ubuntu.com/p/Z9K643qBWr/
<NTQ> I can not modprobe -rf cifs and I can not remount again (because the remote is gone) and I can not umount because it was already unmounted.
<NTQ> What can I do except restarting the system? It is production server with a lot of running services.
<Orcs53> Oh FYI, I solved the issue, the docker.pid was not deleted on power off. Deleting this file and restarting the snap solved the issue.
<NTQ> I seems also to be the reason why I can not upgade virtualbox. It gets stuck at "Preparing to unpack ..."
<rbasak> mdeslaur: sergiodj and kanashiro will work on MySQL riscv64 for you
<mdeslaur> rbasak: awesome, thanks sergiodj, kanashiro
<sergiodj> mdeslaur: hey, np :)
<keithzg[m]> Still baffled by the eventual slow to a crawl of file i/o on the BTRFS storage pool at my work; started happening a few weeks back now, only solution seems to be rebooting, nothing logged other than stuff like Dovecot complaining about timing out trying to write files to storage or other servers complaining their NFS mounts are down, lots of evidence of symptoms but no evidence of any cause :(
<sarnold> keithzg[m]: any luck with perf top?
<keithzg[m]> sarnold: Alas, it seemed to report "naw not much going on here!" when I tried that during one of these flareups.
<sarnold> :(
<keithzg[m]> Moving the /home from the BTRFS pool to the root SSD on the server seems to have saved email delivery from stalling out any more, so it's definitely not the server overall and just the RAID 1+0 pool of 4x4TB drives somehow. But I already very strongly suspected as much.
<sarnold> smartctl?
<sarnold> dmesg?
<keithzg[m]> If only! `smartctl` reports all fine, barring a mere 2 bad blocks on one of the drives. Nothing seems relevant in `dmesg` but I should make a note to read through dmesg's output thoroughly next time. Mostly I've been relying on looking at the systemd journal, which has similarly only seemed to show some evidence of the problems of i/o timeouts and nothing pointing towards any cause.
<keithzg[m]> I'm kindof wondering if it's just a matter of getting overloaded, these are only 5400rpm drives, maybe the write queue is just getting untenably long? But I would think some sort of warning about that would be logged somewhere I've looked . . . hmm. Adding `iostat -x` to my list of outputs I need to peer closely at next time this happens too.
<sarnold> are they SMR drives? SMR drives kinda suck at sustained writes
#ubuntu-server 2020-07-24
<keithzg[m]> sarnold: Pretty sure these are not SMR drives, these are older Western Digital Reds (4TB) from long before that brief period a year or two ago where they were selling SMR drives without telling anyone. Specifically, all four are WDC WD40EFRX-68WT0N0.
<keithzg[m]> Of course, doesn't necessarily mean that they don't suck enough at sustained writes that such performance is nonetheless the fundamental problem here!
<shibboleth> https://www.techspot.com/news/84973-wd-publishes-complete-list-smr-drives-following-user.html
<shibboleth> https://nascompares.com/answer/list-of-wd-cmr-and-smr-hard-drives-hdd/
<shibboleth> cmr
<sarnold> keithzg[m], shibboleth, good news for keithzg[m], but it's a bit of a bummer to be wrong so many times. heh.
<shibboleth> indeed
<shibboleth> don't buy wd drives
<shibboleth> get a toshiba n300
<shibboleth> cheaper, 7200rpm, better
<keithzg[m]> Err, Toshiba has also without documentation used SMR . . . the real problem here is the market of HDD manufacturers is very small and they're all a bit sketchy :P
<keithzg[m]> For ages this array wasn't a problem though, often limited more by networking and i/o on the other end than on the storage server end, so it's particularly baffling to me that it's suddenly seemingly a problem as of this month :(
<smoser> rbasak: it looks like https://code.launchpad.net/ubuntu/+source/sshuttle is not being updated.
<smoser> i understood that that should happen magically, is that not true ?
 * rbasak looks
<smoser> groovy-devel and focal-devel are out of date (focal should have a -proposed entry 0.78.5-1ubuntu1  i thought)
<rbasak> I agree. I wonder if the whitelist is being ignored.
<rbasak> Yes there is something wrong here.
<rbasak> Let me kick sshuttle manually for you, and I'll look into why that happened
<rbasak> OK that's running
<rbasak> smoser: updated. Sorry about that. I'll chase down the actual bug.
<rbasak> It seems like quite a few packages are affected, but not all.
<smoser> rbasak: thanks
<sergiodj> mdeslaur: hey, I found the problem with mysql on risc-v and have a patch for it (not very pretty, but it works).  I'm recompiling to see if everything works, but it'll take a few hours
<sergiodj> just a heads up :)
<mdeslaur> sergiodj: oh, sweet :)
<gregor3000> hello,
<gregor3000> can anyone point me to a good SSH guide. i created a new user on server and i can't get it to connect. i moved the pub to server, i added the authorised key filed and copied in the string, but it gives me wrogn key verification
<gregor3000> host key verification failed.
<gregor3000> i can connetc to server using current user and key, but not using new user. the new user is just on server.
<gregor3000> most guides tlak abotu setting firts user with password, then keys,then disabling password.
<RoyK> gregor3000: check the logs
<RoyK> gregor3000: /var/log/auth.log is a good start
<gregor3000> do i need to call specific port when connecting?
<keithzg[m]> gregor3000: Only if you did something special with the config in the first place, ssh should be serving on port 22 by default and client programs will assume the same.
<gregor3000> ok so i messed up something with keys (maybe permissions or something). i think i will need to call my bro to help me out.
<keithzg[m]> sarnold: Tried checking `dmesg` when the i/o lockups were happening today, alas the only lines were ones generated by me running `perf top`. The mystery continues . . .
<rangergord> keithzg[m], could you use atop to record active resource consumption, and replay the history file afterwards?
<keithzg[m]> rangergord: Can't say I'm too familiar with `atop` but I'm certainly willing to give it a try! Will a straight-up invocation of it, left running in a screen session, be sufficient? Or are there some options I should be using?
<rangergord> I can't remember if it records to a file by default or not
<rangergord> probably not. But I do remember replaying a recorded file using 'atop -someflag oldfile' and browsing the past interactively
<keithzg[m]> rangergord: Looks like it's automatically logging to `/var/log/atop`
<rangergord> cool, sorted then :)  it logs any process that used resources (CPU, disk...network but you need to set that up), so once the issue happens, you use the keyboard shortcuts to navigate in time to see what went wrong hopefully
<rangergord> I haven't used it more than once, but I plan on using it on my systems when I have some free time to read the doc
<keithzg[m]> Yeah I've always just made do with `top` and maybe `iotop`, with checking normal system logs to introspect in time instead of just the present moment. But my current problem sure seems to call for further measures! Thanks for the suggestion, rangergord :)
<rangergord> yw
#ubuntu-server 2020-07-25
<RoyK> keithzg[m]: install sysstat and check with "sar", either historically or realtime. It reports tons of info.
<RoyK> keithzg[m]: if you want it to record historical data, just enable it in /etc/default/sysstat
<keithzg[m]> RoyK: Noted, and done, thanks!
<RoyK> keithzg[m]: np :)
#ubuntu-server 2020-07-26
<geosmile> I've a 20 machines that i want to pull a docker image from registry and deploy. My registry is one machine. Currently that becomes a bottleneck in deployment. IS there a way to do this distributed?
<koheleth> Hi, my home server is not headless but the screen sleeps after 5 mins what file do I need to edit to make it stay alive?
<koheleth> Nothing in monitor software
<RoyK> koheleth: https://askubuntu.com/questions/138918/how-do-i-disable-the-blank-console-screensaver-on-ubuntu-server
<koheleth> RoyK: thanks dude
<koheleth> will try it
<koheleth> I just like htop to be always there
<RoyK> koheleth: I see
<koheleth> yeah real nerd here can watch htop all day
<RoyK> it's practical, though, if you just want to take a look to see how it's going :)
<RoyK> I use zabbix
 * koheleth googles
<koheleth> RoyK: that free?
<koheleth> looks prety cool
<RoyK> koheleth: it's a bit hard to learn, but once learned it's very nice
<RoyK> koheleth: we have some 5-600 servers plus a lot of other stuff being monitored by it at work
<koheleth> but its a gui
<koheleth> so it accesses remotes yeah
<RoyK> yes, but it includes trending and alerts and so on, which is nice
<koheleth> does look nice, just setup my first home server
<koheleth> feel like einstien
<RoyK> :)
<RoyK> contrats
<koheleth> :)
<Intelo> Hi
<Intelo> running startx on ubuntu server, https://imgur.com/7sDlvX8.png any clues why I can't?
<quadrathoch2> so what does the log file say?
<Intelo> quadrathoch2: its a long log file, how do I copy?
<Intelo> I am on virtual box
<Intelo> can't use mouse
<Intelo> quadrathoch2: found a solution: Heres the logs https://termbin.com/65qhc
<quadrathoch2> how did you install xserver? Intelo
<Intelo> quadrathoch2: yes, xserver-xorg, xinit, x11-common
<Intelo> quadrathoch2: more logs: https://termbin.com/au5y
<quadrathoch2> did you install a WM/DE?
<Intelo> quadrathoch2: no. Don't want to either
<quadrathoch2> Intelo welp, "/home/user1/.Xsession" file, no session managers, no window managers, and no
<quadrathoch2> terminal emulators found; aborting.
<Intelo> quadrathoch2: yes, so what do I need? ( do not want window manager or desktop env)
<quadrathoch2> idk, never tried that
<Intelo> I thought I don't need WM but just xorg/x11?
<quadrathoch2> as I said, as I never tried it, I don't know how I would even try to figure out what xorg wants
